Internet surveillance and you: how to fight browser fingerprinting and other invasive tech online
Corporate surveillance works to track your web browsing to sell you ads. How does the lone privacy user fight such a behemoth?
There is — just beyond the veil of visible user-level interactions with the web — an entire ecosystem of invasive third party technologies that seek to track, profile, and target you for the purpose of (their) profit. Little in life is truly free, and browsing the web is no exception. While we have little against advertising business models, we do have a bone to pick with the multi-billion dollar surveillance/advertising industry that profits solely from (often unwitting) users of the internet when browsing.
We’ve covered some of the dangers of corporate surveillance (in the context of smartphone location data) before, but today seek to explore how this surveillance applies to our browsing habits and internet usage as well.
So here’s our hot take on the latest evolution of web surveillance and what we can do about it.
Targeted ads: driving evolution of the surveillance system
For our privacy purposes here, we generally know and refer to this largely unregulated, for-profit surveillance ecosystem simply as “targeted advertising”, or as Google refers to it, “interest-based advertising”. The internet is the place to make a buck, and targeting internet users with ads is the way to do it.
For decades, this targeted advertising was mostly accomplished through the use of third party cookies, the means by which companies would track an internet user’s specific online behavior — including what was clicked, their search history, details of their device, their shopping preferences, and more. It was specific individual-level fidelity (or “analytics”) that formed the basis of marketing campaigns that targeted consumers and internet users.
But as with all technologies, third party cookies as a means for mass surveillance was destined to evolve. As cookie blockers emerged, the targeted ad industry developed methods to conduct surveillance of users even when cookie tracking was disabled. Known now as “browser fingerprinting”, the surveillance ecosystem came to rely on other similarly invasive means to obtain individual-level data, thereby driving further ad revenue even when cookies are disabled.
From cookies to fingerprinting
What is browser fingerprinting? It’s the hidden-from-plain-view capture and tracking of all the stuff that runs in the background of every website you visit — the scripts and code that make up the internet and how it works. Different from cookies (but with the same endstate and purpose), browser fingerprinting is the ability for a website (or data broker) to collect a visitor’s personal information such as the user’s device specifications, operating system, browser settings, plug-ins used, user agents, audio and video capabilities, timezone, and more.
All of that sound innocuous and inconsequential on its own? It would be, unless someone correlated this personal information across websites and collected the data en masse to build, over time, a user’s pattern of life and behavioral profile. And as laborious or complicated as that may sound, that is exactly how browser fingerprinting has evolved into the latest generation of invasive technologies that comprise the present corporate surveillance ecosystem.
Thankfully, privacy protections have again evolved to counter browser fingerprinting as well, several resources for which we listed in the footnotes.1 But even then, widespread knowledge of browser fingerprinting is not readily accessible or obvious to the average internet user, and the game of cat and mouse between targeted advertisers and users can seem complicated, confusing, and hardly worth our time and energy to figure out.
But do not despair — that’s why we exist here at SMU: to make sense of the things that infringe on your privacy, security, and safety.
FLoC: the next generation of web surveillance
If browser fingerprinting were not enough, Google recently announced the testing and limited fielding of a new technology that would reportedly maintain user privacy (we’re skeptical) while maintaining the ability of corporations to continue targeting users with personalized content.
Google’s name for this technology is the “Federated Learning of Cohorts” (FLoC), which assigns internet users a FLoC ID based on their browsing history and behavior, from which large advertisers could then infer user demographics, interests, or past behavior. How is FLoC conceptually different from browser fingerprinting or other tracking technologies? That remains to be seen. Suffice to say we do not support the continued ability of corporate surveillance tools to conduct behavioral analytics of our browsing history.
More on FLoC will no doubt be forthcoming as Google tests the technology and scales deployment across its Chrome browser, but we must emphasize it can be countered (at least right now) by simply not using Google’s Chrome browser. Read more about FLoC from the Electronic Frontier Foundation, who established a specific site educating internet users on the technology, how it impacts user privacy, and what to do about it.
Remain calm and up your plug-ins game
We’ve covered a lot of ground today. Corporate surveillance is a behemoth, but there are tools and resources available to counter it. If we were to summarize your immediate actions to minimize web/browser-based surveillance, we’d do the following:
Stop using Google Chrome, and download Mozilla Firefox
Install the plug-ins/add-ons here, the uBlock Origin plug-in here, and a user agent switcher here2
Learn more about corporate surveillance from the EFF here
Defense against browser fingerprinting
What specifically do we need to be concerned with for fingerprinting? For starters, accepting the fact that your user agent (your browser and operating system), audio settings, font, web graphics, and other settings will be used to track you — unless you employ plug-ins to counter it.
Learn more about corporate surveillance here (thanks, EFF): https://www.eff.org/wp/behind-the-one-way-mirror
List of browser fingerprinting protections (Firefox-specific…please don’t be using Chrome): https://addons.mozilla.org/en-US/firefox/user/11791768/
Are you a Chrome user? Sad, but not unfixable. Check out the EFF’s FLoC page here: https://amifloced.org/
There are many other plug-ins that contribute to user privacy during browsing, but we can’t list them all today