Header Ads

The Big Brother you don't know about.

Most people are familiar with the Big Brother reality show in which contestants live in a house that is constantly monitored whilst they compete for cash. What most people don’t know is that their activities online are being monitored just like Big Brother. Governments are actively carrying out surveillance on their citizens, and there exists cross border mass surveillance operations. A notable example of this is program ECHELON. This is a global network of electronic spy stations that can eavesdrop on telephones, faxes and computers. The information collected is stored in Echelon computers which can keep millions of records on individuals. Government agencies are not the only folks trying to monitor our activities online, there are online ad companies, Black Hat Hackers and people that know us. Of the aforementioned, online advertising companies are the most persistent trackers. They use numerous techniques to acquire data on people to serve them customized adverts. The pertinent question any conscientious internet user should ask is how are they able to do this?

How online tracking works

  • Using IP addresses
One method of online user tracking works via monitoring the user’s IP address. Any website you visit will have your current connection’s IP address, the date and time of visit, and how many pages you opened. By knowing your IP address, your current location including your country and city can be determined. By matching your IP address to any of your online profiles (social media accounts) you could be tracked across the internet.

  • Cookies

These are small text files usually stored in the client computer’s browser. Cookies are composed of cookie website name, user id and the expiration date. They are downloaded into your browser when you visit a website for the first time. There are two main types of cookies; session cookies and persistent cookies. Session cookies are not a privacy concern because they are stored in a temporary location in the client web browser and erased when the user closes the web browser. Persistent cookies are much more intrusive and include flash cookies and Evercookies. Flash cookies are a collection of cookie like data that is found on websites running Adobe Flash. Unlike normal cookies which are stored in the web browser, flash cookies can find a home in your hard drive without your permission. They have a default size of 100KB which allows them to store more tracking information. But more worrisome is their ability to re-create session cookies after a user deletes them and to access multiple browsers on the same computer, allowing them to monitor all your online activities. To check if you have flash cookies you can use the FlashCookiesView created by Nirsoft, it also enables you to delete them. Evercookies are cookies written in the JavaScript programming language. It is more difficult to get rid of than Flash cookies because it stores its data in several locations in the client browser/machine. Luckily most web browsers and anti-malware can detect and block Evercookies.

  • Etags

Etag is short for “entity tag.” It is part of the HTTP mechanism that provides web cache validation and is intended to control how long a particular file is cached on the client side. When a browser requests for a web page from a web server, certain resources can be tagged with the entity tag before they are cached. This will prevent the same resources being loaded again when the user visits the website the next time. This process can be exploited and used to track the user when a web server continually sends Etags to a client browser thereby maintaining a session with the client machine that persists indefinitely. To get rid of Etags clear the browser cache content.

  • Device Fingerprinting

Just as your fingerprint can be used to identify you, so also can your digital fingerprint be used to identify you online. Your digital fingerprint is a collection of technical information such as your browser type, OS, screen size, time zone, language setting etc. There are two main types of device fingerprinting: script based and canvas. Script based fingerprinting works by loading a script (mostly written in JavaScript) into the browser so that when executed it will extract information about your browser and system configurations. A hash is then made of that information. The hash can help identify and track your computer like an IP address. Canvas fingerprinting works by drawing an invisible image on the user’s client browser. The image drawn is different for each user, and once on the client’s browser, it will collect different technical information about the user’s PC. A hash is generated from the data collected, this hash will be consistent across all sites the user visits thereby effectively recording a user’s browsing history.

  •  Search Engines

Most search engines have the ability to track and store your searches. For example, Google records all the stuff you search for especially when you are logged into your Gmail account. Even if you are not logged into Gmail, Google can still monitor what you searched for by your IP address or any of the other tracking techniques already mentioned.

  • Social Networking sites

Most websites and blogs have social media share buttons in their content. For example, if after reading this article, you click the Facebook like button it will appear on your Facebook newsfeed. So far so good. The problem begins when you visit a site with the Facebook like or share button, Facebook will know you visited this site even without clicking the button. Thus, Facebook can track you across multiple sites. Twitter does the same thing and so does Google+.

These are some of the popular methods that can be used to track your activity online, I will go into how you can protect yourself from these methods in future posts, so keep an eye on this blog.

No comments

Powered by Blogger.