Web Bugs | WSJ’s What They Know | Persistent Tracking | Congressional Testimony
KnowPrivacy: Web Bugs
![]() |
In June 2009, I published a landmark paper with two colleagues at the UC Berkeley School of Information examining the common practices among website operators of collecting, sharing and analyzing users’ data. We compared industry practices with users’ expectations of privacy, identified points of divergence, and made recommendations for changes in industry practice and government regulation. We also built a website that illustrated the prevalence of web tracking software among the most visited websites. Read more |
The Wall Street Journal’s What They Know Series
The age of computing has created a new economy, in which data on people’s habits, activities and interests is collected, sold and traded, often without their knowledge. In July 2010, The Wall Street Journal launched the What They Know series to document new, cutting edge uses of tracking technology and what the rise of ubiquitous surveillance means for consumers and society. I served as the technology consultant for the series. The reporting team was a finalist for a Pulitzer Prize in Explanatory Reporting in 2012. Read more
Some examples from the series:
![]() |
The web’s new goldmine: your secrets: The Wall Street Journal‘s What They Know series began in July 2010 with this article, which outlined the broad array of cookies and other surveillance technology that companies are deploying on internet users. It revealed that the tracking of consumers has grown both far more pervasive and far more intrusive than is realized by all but a handful of people in the vanguard of the industry. Read more (behind paywall) or view interactive graphic |
![]() |
Tracking children online: In 2010, the Wall Street Journal team examined 50 sites popular with U.S. teens and children to see what tracking tools they installed on a test computer. As a group, the sites placed 4,123 “cookies,” “beacons” and other pieces of tracking technology. We found that marketers are spying more on young Internet users than on their parents, building detailed profiles of their activities and interests. Read more or view interactive graphic. |
![]() |
How Google tracked Safari users: In 2012, I found that Google and other advertising companies had been following iPhone and Apple users as they browse the Web, even though Apple’s Safari Web browser is set to block such tracking by default. Google was using cookies to trick the Safari web browser into letting them monitor many users. Read more or view interactive graphic. |
![]() |
Websites Vary Prices, Deals Based on Users’ Information: In December 2012, the Journal identified several companies that were consistently adjusting prices and displaying different product offers based on a range of characteristics that could be discovered about the user. Read more or view interactive graphic. |
![]() |
They Know What You’re Shopping For: Companies are increasingly tying people’s real-life identities to their online browsing habits. For this Journal story, I found that Dataium was collecting the email addresses of individuals browsing auto websites and using that to profile people when they walked into dealerships to shop for a car. Read more about the technical details or view interactive graphic. |
Persistent Tracking
I have done significant technical research and writing regarding the privacy problems in the use of cookies, which advertisers commonly use to track a user’s behavior on the internet.
![]() |
Flash Cookies and Privacy: In 2009, I published a paper with two colleagues at the UC Berkeley School of Information called Flash Cookies and Privacy. The paper examined of the use of ‘Flash cookies’ by popular websites. Read more |
![]() |
Flash Cookies and Privacy II: In July 2011, we published a follow up study called Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning that reassessed the flash cookies landscape and examined a new tracking vector, HTML5 local storage and cache cookies via eTags to enable persistent tracking. Read more |
![]() |
Respawn Redux: In August 2011, I also published a technical paper – Respawn Redux – detailing the mechanisms behind Hulu/KISSmetrics’ respawning practice detailed in Flash Cookies and Privacy II. Read more |
![]() |
Cookies from Nowhere: In February 2012, I published a technical writeup that described Google’s ability to track Safari users everywhere there is a +1 button on the web, even when users have 3rd party cookies blocked. Read more |
![]() |
Behavioral Advertising: The Offer You Cannot Refuse: I worked with other researchers to investigate changes in online tracking tools from 2009 to 2011. Our work demonstrates that advertisers use new, relatively unknown technologies to track people, specifically because consumers have not heard of these techniques. Furthermore, these technologies obviate choice mechanisms that consumers exercise. This paper won the Computers, Privacy & Data Protection 2014 Multidisciplinary Privacy Research Award, which is given to the paper that best “describes new ideas in privacy and data protection in a multidisciplinary setting.” Read more |
Testimony on State of Consumer Privacy
I regularly appear as an expert witness on policy matters related to consumer privacy. #testimony
|
On March 16, 2011, I testified at the Senate Commerce Committee’s hearing on consumer privacy. Other hearing witnesses included representatives from the Federal Trade Commission, the US Department of Commerce, Microsoft, Intuit, Group M Interaction, and the ACLU. Read more |
Other Projects
Installation art projects can help consumers visualize how their data stream is connected to their physical person.
![]() |
In 2008, I collaborated on a project called Digital Shadow, which created an interface to help users explore the record of our online actions and identities by extending the metaphor of the digital shadow into the physical world. We created an interactive floor projection to display a “shadow” of personal information around users in the interaction space. Read more |