Tracking the trackers on college and university web sites is surprisingly easy and something every CIO, CMO and compliance officer should be able to do. Here I will offer another layer of insights into how users are tracked on your websites and share with you some tools so you can begin tracking the trackers yourself on your university web site and any others that you visit, including mine.
How Online User Tracking Works
To keep this simple I thought I would showcase the brilliant work of Franziska Roesner, Tadayoshi Kohno, and David Wetherall of the University of Washington in their paper Detecting and Defending Against Third-Party Tracking on the Web. The following examples are excerpts from this paper which everyone should read for an even deeper understanding.
Websites commonly use third-party analytics engines like Google Analytics (GA) to track visitors. This process involves (1) the website embedding the GA script, which, after (2) loading in the user’s browser, (3) sets a site-owned cookie. This cookie is (4) communicated back to GA along with other tracking information.
When a website (1) includes a third-party ad from an entity like Doubleclick (acquired by Google), Doubleclick (2-3) sets a tracker-owned cookie on the user’s browser. Subsequent requests to Doubleclick from any website will include that cookie, allowing it to track the user across those sites.
Third-Party Advertising Networks
As in the ordinary third-party advertising case, a website (1-2) embeds an ad from Admeld, which (3) sets a tracker-owned cookie. Admeld then (4) makes a request to another third-party advertiser, Turn, and passes its own tracker-owned cookie value and other tracking information to it. This allows Turn to track the user across sites on which Admeld makes this request, without needed to set its own tracker-owned state.
Social Media Widgets and Social Icons
Social sites like Facebook, which users visit directly in other circumstances—allowing them to (1) set a cookie identifying the user—expose social media widgets such as the “Like” button. When another website embeds such a button, the request to Facebook to render the button (2-3) includes Facebook’s tracker-owned cookie. This allows Facebook to track the user across any site that embeds such a button. This illustrates how the Facebook Like Button violates most privacy policies.
Tracking the Trackers TED
Gary Kovacs, CEO of the Mozilla Corporation, appeared at TED Long Beach in March 2012 and unveiled the hidden world of online trackers. If online trackers is a new world for you then this will be eye opening.
Tracking the Trackers Collusion
Collusion is the browser add-on available for Firefox and Chrome that was featured in the Tracking the Trackers TED presentation above. It’s free and something I find incredibly valuable – and not just to write articles on.
This particular Collusion graph is from my own browser after visiting just a handful of media sites and some IT blogs I read. What the Collusion graph shows is that I only visited 13 sites shown with the blue halos but over 65 other sites were notified of my visits 30 of which are known tracker sites shown with the red halos.
Tracking the Trackers Ghostery
I also run Ghostery which is another browser add-on for all popular browsers. Just like Collusion it displays the trackers being communicated with when accessing a web page using a database of 900+ tracker fingerprints. This is ghostery list just from visiting ABCNews.com.
What Ghostery does that I find very useful is it provides link to their database where you can find vendor provided and other information on the data practices and privacy policies.
For me, I find that using both Collusion and Ghostery is very beneficial. So I imagine most site administrators, marketing directors and social media folks would also find them useful in examining their sites from tie to time just as the privacy and compliance officers.
To help you with those activities I have some other tools to show you as part of some case studies and deeper illustrations. So stay tuned, and if you are so inclined, share your Collusion or Ghostery experiences in the Comments below.