Watching You Online

The headline is creepy. I know it. That’s why I wrote it.

If you’re reading this online right now, I want you to stop and think about all of the websites you’ve visited in the last 24 hours.

If that’s too long a list, focus on the last few hours.

Have your list?

Okay. Now here’s the hard question. How many of those sites are tracking your every move?

Whether your list includes Amazon, Facebook, or even the trusted, award-winning journalism at Vindy.com (little plug for the newspaper in which this column appears every Wednesday), chances are you’re giving up some personal information and you don’t even know it.

Some data you give willingly. You want to be connected with friends on social media, so there’s a bit of privacy you give up to do so. You want deeper, richer information on a particular site, so you willingly share your name, an email address and maybe a birthdate to gain access.

However, it’s the other data that you’re not sacrificing willingly that is of concern to many consumers. A new report reveals the depths to which some companies are going to track your every move online.

In an article posted last week to Princeton University’s Center for Information Technology Policy site Freedom To Tinker, Steven Englehardt and his colleagues exposed the extraordinary lengths some retailers will go to track your data.

“More and more sites use session replay scripts,” Englehardt said. “These scripts record your keystrokes, mouse movements and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers.”

Scripts sit behind the pictures you see on retailer websites. While the collection of that data might not surprise you, the storage of that information on third-party computers is alarming.

“These scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder,” Englehardt said.

Some of us are already giving up information, so why worry about this?

Their team uncovered several vulnerabilities recorded during these sessions including the tracking of passwords and using keystrokes or inputs to collect sensitive date (data that should have been removed).

Englehardt noted that collecting this content could lead to other information (i.e., credit-card numbers, medical reports) being leaked to the third-party, which could lead to consumer fraud.

“This may expose users to identity theft, online scams and other unwanted behavior,” Englehardt said. “The same is true for the collection of user inputs during checkout and registration processes.”

Ad-blocking list EasyList will help stop some of these activities, but it’s not a fool-proof protection measure.

Want to learn more about how these retailers are tracking you online? Check out Princeton’s Freedom To Tinker site at www.freedom-to-tinker.com. They make difficult concepts easy to comprehend, and in ways most of us can use.

---