Social Networks like Facebook, LinkedIn, FriendFeed, MySpace and Twitter all hope to create a feeling of loyal warmth and human companionship — but is something more nefarious lurking just out of sight beneath the surface intimacy?


The EEF reports how Social Networks are working hand-in-glove with online advertisers to leak your identity and then sell you junque you don’t really want and things you know you don’t need:

Let’s start with an example of 3rd party tracking: when we went to CareerBuilder.com, which is the largest online jobs site in the United States, and searched for a job, CareerBuilder included JavaScript code from 10 (!) different tracking domains: Rubicon Project, AdSonar, Advertising.com, Tacoda.net (all three are divisions of AOL advertising), Quantcast, Pulse 360, Undertone, AdBureau (part of Microsoft Advertising), Traffic Marketplace, and DoubleClick (which is owned by Google). On other visits we’ve also seen CareerBuilder include tracking scripts and non-JavaScript web bugs from several other domains. There are pretty sound reasons to hope that when you search for a job online, that fact isn’t broadcast to dozens of companies you’ve never heard of — but that’s precisely what’s happening here.

Each of these tracking companies can track you over multiple different websites, effectively following you as you browse the web. They use either cookies, or hard-to-delete “super cookies”, or other means, to link their records of each new page they see you visit to their records of all the pages you’ve visited in the previous minutes, months and years. The widespread presence of 3rd party web bugs and tracking scripts on a large proportion of the sites on the Web means that these companies can build up a long term profile of most of the things we do with our web browsers.

Given how much tracking firms know about our browsing history, it’s worth asking whether these companies also know who we are. The answer, unfortunately, appears to be “yes”, at least for those of us who use social networking sites.

A recent research paper by Balachander Krishnamurthy and Craig Wills shows that social networking sites like Facebook, LinkedIn and MySpace are giving the hungry cloud of tracking companies an easy way to add your name, lists of friends, and other profile information to the records they already keep on you.

The main theme of the paper is that when you log in to a social networking site, the social network includes advertising and tracking code in such a way that the 3rd party can see which account on the social network is yours. They can then just go to your profile page, record its contents, and add them to their file. Of the 12 social networks surveyed in the paper, only one (Orkut) didn’t leak any personally identifying information to 3rd parties.

There are some interesting technical details in how the social networking sites leak this data. In some cases, the leakage may be unintentional, but in others, there is clever and surreptitious anti-privacy engineering at work.

It’s just a little terrifying how discretely and earnestly we’re being attacked and tracked and moderated and “database-ized” for the purity of profit from people we don’t know and will never meet.

We need to have a way to turn off all of these tracking directives without losing any functionality or features.  
Why should we be punished with the convenient loss of browser cookies just because third parties are using them for nefarious purposes?  
Punish the unseemly and leave the saintly alone.

4 Comments

  1. It seems sad that we have to think about saying things like “Do you remember when web sites were there to serve you, not the other way around? For job seeking, Craig’s List seems to be free of such predatory practices.

This site uses Akismet to reduce spam. Learn how your comment data is processed.