Know Privacy Report: Google Web Bugs on 88% of Websites

I’m very proud of the Know Privacy team, a group of three students who performed a broad analysis of online privacy issues for their master’s project at UC Berkeley’s School of Information. The study is featured today on the New York Times Bits blog. Several findings are notable:

They found: “From our analysis, it is apparent that Google is the dominant player in the tracking market. Among the top 100 websites this project focused on, Google Analytics appeared on 81 of them. When combined with the other trackers it operates, such as DoubleClick, Google can track 92 of the top 100 websites. Furthermore, a Google-operated tracker appeared on 348,059 of 393,829 distinct domains tracked by Ghostery in March 2009 (over 88%).”

Also, under the Bush administration, the Federal Trade Commission has framed privacy as one of “consumer harms.” That is, they claimed (without any evidence), that consumers really cared about privacy issues that caused harm. However, in an analysis of the FTC’s own consumer complaint data, the group found that American consumers were most frequently complaining about a lack of control over personal information.

The team investigated web site affiliate sharing too. The public policy debate around information sale generally is limited to third parties. There is a growing consensus, driven by international privacy rules, that companies should not sell personal information to third parties without affirmative consent from consumers. However, affiliate networks are very large, and US privacy law generally does not allow consumers to restrict the flow of personal information among affiliated companies. In looking at the top websites, the average had almost 300 affiliates. Newscorp, the company that owns myspace, has 1,500 affiliates. Identifying affiliates was very difficult: “We sent each company a request via email or an online web form for a list of each affiliate they may share data with. We received 14 replies, but none included the lists we asked for.”

Finally, it’s worth checking out the team’s findings on third party tracking: “…36 of the [top 50] websites affirmatively acknowledged the presence of third-party tracking. However, each of these policies also stated that the data collection practices of these third parties were outside the coverage of the privacy policy. This appears to be a critical loophole in privacy protection on the Internet.” Regulators should rethink this practice. Websites claim that they do not sell personal information to third parties, but then they allow third parties to follow you on their site. This seems to me to be outside consumers’ expectations.


Comments

10 responses to “Know Privacy Report: Google Web Bugs on 88% of Websites”

  1. chezjake

    And this blog has both Google Analytics and Double-Click tracking it.

    Now the real question: Does blocking these tracking sites with the NoScript add on to Firefox really keep them from tracking you?

  2. Matthew Platte

    Live HTTP Headers plugin for Firefox should show whether the Googlebugs are communicating with the mother site(s).

  3. I block googlebugs. Not because of privacy concerns – just because I operate a policy of blocking anything that isn’t really needed. Combined with agressive cacheing. A response to my tendency to saturate my connection for hours at a time transfering large files.

  4. @Chezjake, I’m going to be looking at that question this summer.

    @Matthew, thanks for that pointer; I hadn’t heard of that plugin!

    @Suricou, how do you block them? Do you use a proxy like Privoxy or some plugin?

  5. I do use privoxy, yes. But that’s only one layer. The google ad blocker is handled by Squid – I have it configured with a regex blacklist I can use to add custom exclusions.

    I also have iptables rules set to block some particually troublesome hosts and suspicious packets. My router is not exactly standard consumer gear.

  6. Lambert

    Science today has changed, I hope you used the right way, because there are medications such as vicodin, oxycodone, Lortab, etc, are anxiolytic and although much help to soothe the pain, can be double-edged weapon to control pain, so indicate in findrxonline to be confident that this discovery is beneficial to all.

  7. genewitch

    Suricou Raven sounds like me.

    I doubt there’s much tracking of my web habits going on.

    Aggressive caching is a godsend when popular sites tend to run slowly at night.

    are most of these “tracking bugs” just single pixel jpeg files on sites?

  8. The file I keep seeing appear in the proxy logs is http://www.google-analytics.com/ga.js

    I have no idea what it does. The code is written in the compact but incomprehenseable ‘All names are one character’ style.

  9. brolin1911a1

    How ironic that this site (according to the Ghostery Firefox extension) has eight web bugs on it; Google Analytics, Quantcast, SiteMeter, Amazon Associates, Doubleclick, ShareThis, ChartBeat, and Technorati Widget.

    Now, what would be useful would be some information on how to block these insidious spyware bugs. Some of us value our privacy.

  10. Thank you really good…

Leave a Reply

Your email address will not be published. Required fields are marked *