We are being watched. Our movements and activity tracked. Our data is being traded behind the scenes, changing hands many times without our knowledge.
While it sounds like a sinister and illegal intrusion from a sci-fi film, it’s actually a downside of our own ill-informed readiness to carry out online transactions without reading the small print in the terms and conditions.
Having collected data on hundreds of the most popular websites across the world, spanning different languages and regions, our research has revealed the extent of this privacy-intrusive practice on today’s Internet. And it’s shockingly pervasive.
More than 2,000 third-party web services, household names such as Google, Facebook, Amazon’s CloudFront, are persistently collecting our personal information in a bid to bring us personalised, targeted advertising.
Third-party websites advertising products and services are most prevalent, with the top applications being for news, sport, and unsurprisingly pornography.
Again, it’s no shock that Google products such as Analytics used by many organisations to monitor how many people are reading their websites, is in global pole position.
In addition to the usual suspects, we find a rich ecosystem of local third-party websites that are country and language dependent.
This highlights, I think, the fact that there are many faceless agencies and brokers out there, trading our information without our knowledge. Who are they and why should they profit in this murky ‘data stock exchange’?
The regulators, governments, and privacy advocates such as the Electronic Frontier Foundation have long been calling for methods of limiting third-party tracking.
However solutions such as Do-Not-Track – a mechanism for protecting online privacy - have not been successful because they ignore the demands of the advertising and marketing industry.
Our findings flag the need for better regulation. We are all vulnerable to this kind of data plundering so should have more automatic control over our own information.
But how does an individual make sense of their place in the global cybersphere?
New technologies have a huge impact on our ability to connect with our families and loved ones but bring with them unparalleled assaults on our privacy.
There is a need for solutions which put the individuals at the heart of personal data ecosystem, while protecting our personal details from misuse by industry.
The Human-Data Interaction (HDI) framework, which I contribute to, proposes placing the human at the centre of personal data flows, and providing mechanisms for citizens to interact with these systems explicitly.
Our research on HDI is concerned with the increasingly pervasive data collection our lives are subject to, and the way this is opaque to most people.
These data, collected about people and often generated by them, are analysed and businesses can use the date to draw inferences about our personalities and behaviour, like Amazon’s powerful product recommendations based on recent searches and purchases, or Facebook’s targeted ads relating to change in our profile details.
The plan is make this process more transparent to the user by combining data management strategies, visualization techniques, and engagement with privacy advocates, and regulators for enabling easier access of individuals to their personal data.
While the HDI framework is in its infancy - we don’t know at this stage what the interventions might look like. The first step is to understand the scale of the intrusion so we can identify who is watching us in the first place.
Dr Hamed Haddadi, Lecturer in Digital Media, School of Electronic Engineering and Computer Science.
Dr Haddadi’s study ‘The Rise of Panopticons: Examining Region-Specific Third-Party Web Tracking’ will appear at Sixth Workshop on Traffic Monitoring and Analysis, to be held at Queen Mary University of London in April 2014.