Online tracking is worse than ever, says Berkeley Privacy Census


Written by:

Personal information collectionWe collaborated with UC Berkeley on a new report that shows that online tracking is everywhere. It’s not just on sketchy websites you’ve never heard of. It’s on all of the 100 most popular websites in one form or another, sites that people know and trust.

What is online tracking, anyway?

For those of you who don’t know what I’m talking about when I say “online tracking,” here’s a quick primer. Every time you browse the web, hundreds of advertising companies are watching everything you do: what you click and buy, the things you “Like” on Facebook, the stories you read, your IP address, & more.Big Brother graffiti

Based on your online activities, advertisers create profiles of unprecedented detail that reveal personal aspects of your life, like your religious and political beliefs, sexual orientation, creditworthiness, medical status, and reading habits. It’s like you have a second Facebook profile, only this one’s way more detailed and you can’t change anything in it. You can’t even access it. 

One of the many ways that this second profile is used is to target you with personalized ads based on what the advertisers think you’ll respond to. Your digital data trail is increasingly being used for more harmful things, like hiring processes, insurance rates, credit limits, and price discrimination (like Orbitz charging Mac users more for hotels than PC users).

Tracking takes place through several methods, including HTTP cookies, Flash cookies, calls to HTML5 local storage, browser fingerprinting, and Javascript requests.

Computer cookieNow that you know what tracking is, let’s get back to the census. We developed an internal system for our tracker-blocking tool, DoNotTrackMe, that crawls the web detecting tracking code and analyzes tracking types, trends, and changes over time, including techniques that advertisers use to avoid detection. We teamed with Berkeley and crawled the top 100, 1k, and 25k websites, analyzing the types and quantities of tracking used on each site.

The findings

The takeaways: first, there’s an alarming increase in the volume of tracking on the most popular websites. They’re far more aggressive in their desire to monetize consumer data. Second, tracking technology follows web technology. We’re seeing advertisers abandoning things like Flash that have gotten a bad rap and moving to new techniques like HTML5 local storage that no one’s gotten in trouble for using yet. Third, the Internet is so saturated with tracking that you simply cannot avoid it if you aren’t using a privacy tool like DoNotTrackPlus.

Advertisers are relentlessly circumventing the only ways consumers know how to protect their privacy. It’s an arms race: on 1 side, ad companies invest billions to build ever-changing tracking techniques that neither consumers nor browsers can keep up with. On the other side, we teamed with the researchers at Berkley to hold them accountable. Let’s be clear: advertisers will do anything to get a piece of data about you, down to the last pixel.

Why should you care about all this tracking?

This isn’t about targeted advertising. This is about the collection and use of your personal information in ways you can’t even imagine. Targeted advertising is the strawman that the ad industry puts up to hide the real problem. Your personal information is where the money is, not ads. Even if you think you have nothing to hide (and no one believes that), are you really comfortable with the ad industry knowing this much about you, especially when you don’t know how they’re using it? Let us know in the comments below.

26 Replies to “Online tracking is worse than ever, says Berkeley Privacy Census”

  1. Jack says:

    Thank you for being human, upfront and most importantly sharing the load of vigilance.

  2. Mike says:

    Excellent job explaining this. I am appalled at what these spies are doing to destroy a person’s privacy. Keep up the good work.

  3. David says:

    It seems crazy that we have to sign contracts for up to 18 months for fibre based internet services yet still the large sums of money that are given to isps for such services do not include options to be told what companies that you have NO contract with are doing trying to gather as much information about you as a Census,or interrogation would.
    Information about individuals should be their property,much like a copyright. And companies who want ours should morally have it only on request and agreement to provide it – otherwise it is not really thier information.
    I’d like to see how the law changes over the next few years regarding tracking and profiling internet users without express consent.

    • Michael says:

      well said -I completely agree and thank you for your posting which made me think about things I previously didn’t think about. F ex -we are paying a monthly fee for internet service and our information is sold and exposed all over the place, Legislation to address this issue is needed but will probably not happen in the USA therefore even more important with companies like ABINE developing a defense shield.

      • Sarah Downey says:

        That’s a good point: many of the companies we trust and pay for services, like our Internet Service Providers, are turning around and handing it over to law enforcement. We pay them, and they collect our valuable personal information and resell it to advertising companies. It’s time for consumers to have the power in that relationship: it should be up to regular people to determine with whom and how much they want to share, if at all. We’ll keep working to give you the best protection we can.

    • Mark says:

      Couldn’t agree more. But I’d take it a step further. These companies make billions off information they take from you. In short, your data has a monetary value to them. So, not only should they ask your permission to take your info but should PAY you for it in the same manner they get paid for it. In other words if you are kind enough to let someone borrow your car it’s perfectly acceptable to insist they put gas in it. It’s yours and your doing them a favor by letting them use it. Using YOUR information should be viewed in the same manner.

      Our informati

  4. Tammy says:

    It really p!$$es me off that they can legally do this. I don’t see how they get by with it I mean my wallet and everything in it got destoryed & I had to get a new birth certificate man talk about a task I had to go thru so much red tape BS.NOT EVEN FUNNY! & IT WAS MINE!! ya know & they can get all that & more anytime they want it there should be more we can do to stop this BULLS#!T. IT’S UNAMERICAN LOL WHAT AM I TALKING ABOUT AMERICA ISN’T AMERICAN ANYMORE!!! we are being told what we can & can not do they are now going to limit what size drink we can have IS THIS NOT CRAZY. YOU TELL ME.

  5. irene buttacavoli says:

    Clearly and Simply we are deluged 24/7 with a torrent of PRIVACY PIRACY–from every possible direction! It’s abhorrent, enraging and previously unfathomable, but it’s here to stay. As a former Sales Promotion Director for one of the two biggest retailer enclaves in America–our AMERICA, I’m worried–VERY worried! This country USED TO BE OUR AMERICA–no more!

    S.P. Directors, to the uninitiated, run the gamut of marketing and budgeting strategies for one’s corporate sponsors. Previously (let’s say; prior to the past decade), when one attempted to expand the business of approaching potential/new customers, we used very familiar ‘Demographics’, a customer
    profile based primarily on geographical information plus income, age and sex of the individual, WHICH THE CUSTOMER HAD PROVIDED WHEN APPLYING FOR AN ACCOUNT. ‘Psychographics’ then added the components of one’s psychological spending patterns; including dollar amounts, frequency of purchases, and identified similar zip code residences in the neighborhoods of existing customers. The latter also enabled marketers to ‘expand’ their reach in incremental geographical ‘rings’–usually by 5 or 10 miles further out–around each store’s demographic area. Until the internet, these were extremely comfortable marketing ‘tools’ which, by today’s standards (see Privacy Piracy above) were remarkable in their effectiveness! The former methodology described here did NOT invade one’s privacy–they merely computed for marketers SIMILAR buying characteristics in extended zip code areas, those who might be ‘targets’ or recipients of for direct mail, television, radio and print advertising efforts. BY CONTRACT with direct mail marketers (those generating Psychographic and Demographic lists, by zip code areas) NO INFORMATION could be retained without the’ implied consent/action’–by way of a purchase) could be retained for more than singular use. COULD BE RETAINED WITHOUT THE IMPLIED CONSENT OF THE ‘NEW’ CUSTOMERS. (ONLY CUSTOMERS WHO RESPONDED were then defined as customers of record for any given business. NO e-mail addresses were being used; much less known, at the time.) ‘Lists’ were purged/cleaned regularly, when purchased from direct mailing houses, and were legally allowed to be used only ONCE.) SO, this means that the legislators got it ‘right’! Could anyone have devined such an extensive program of use and abuse as that which is assaulting us now on a 24/7 basis? WHEN is Congress going to pass legislation that will entitle us to and recapture for us SOME SEMBLANCE OF PERSONAL DIGNITY–previously known as PRIVACY?–IN THIS LIFETIME?

    Today’s internet tactics know no such bounds–much less boundaries! The invasion is complete and extracting oneself from any such marketing efforts is near, if not, clearly impossible. By the time one is able to ‘opt out’, the cascading effect of Niagara has poured one’s private information into so many tens of thousands of hands that it would probably be akin to trying to capture a single drop of water coming down from the full effect of the falls! (Think: trying to opt-out of Facebook…have you tried this, yet?)

    • Janie Driver says:


      ” WHEN is Congress going to pass legislation that will entitle us to and recapture for us SOME SEMBLANCE OF PERSONAL DIGNITY–previously known as PRIVACY?–IN THIS LIFETIME?”

      I don’t believe our government wants to pass this sort of legislation. Things would have been in progress long before we knew anything about what is going on. I believe all the information is too important to them.

      • Sarah Downey says:

        Unfortunately, a lot of surveillance is justified by vague security claims. The general argument goes like this: “there’s a hypothetical threat of terrorism; therefore, let’s monitor everyone to make sure we find every threat that could exist.” The end result is widespread infringement on innocent people’s civil liberties, especially their right to privacy. Although national security threats are a valid and important concern, so is privacy and our free way of life. We can’t accept privacy infringements every time anyone brings up security.

  6. Alan says:

    Realistically we all have lost our privacy. The loss of personal identity security started with the use of SS number for identity and club cards. Since the internet, social media, and homeland security it has become a Pandora’s box of no one having any privacy. Thanks to Albine I feel like I can have some claim to a small portion of my personal information. I agree with the article, marketing is just the tip of the iceberg as to what your information will be used for. Worst case scenario is the ultimate paper reduction act of every citizen required to have an RFID implant with all your private info from health, education, employment, spending, etc., readily available to any one authorized to read and update. Will Albine be around then?

  7. Bruce says:

    We can always just stop using the internet, life goes on. If you want things like this to change we have to stop providing it for free, when it’s free, it will be used (like DNT!), so instead of fighting it let’s charge for it, we need to be able to manage the information like we manage our money (some of us manage it poorly!) and software ware vendors should create a way for us to get “micro-payments” for use of our data. I think we would see a change very quickly.

    Right now it’s like the old west gold rush, poachers, land grabs, phony deeds, imposters and posers galore. Eventually we will demand from software providers that they work on our behalf (like our friends at Abine) and include a means for us to sell/not sell the data we produce. If they don’t, no sale. Most software companies are in ca-hoots with the advertisers as are ISP’s. So don’t expect things to change there, it’s money and that’s what drives these companies not good will or privacy, when it becomes unprofitable it will change.

    Most politico’s are in bed with the advertisers (ruppert, are you there?) and know where there campaign money and bling comes from, so I would not count on change coming down to the digital peasants from there either.

    So it has to start with us. We need to define/determine and implement the change.

    We could invent a different type of internet, why not. It’s been done before, the current internet is completely compromised and coopted by the main players. Why not get together and start something new, something more secure and resilient. Look at what’s happened now, the ‘Net started as a very distributed system as a result of that it could take a lickin’ and keep on tickin’ now it’s a bunch of gatekeepers who’s services and commitment to it’s users are questionable at best.

    I feel better now.

    • Janie Driver says:

      Thanks Bruce. This is one of the first things I’ve read that attempts to aim things in a positive direction and offers a do-able solution.

    • Michael says:

      one can only agree with Bruce and the idea of starting a new internet is excellent. michael

  8. ROBERT KUSH says:

    I know that there are scam artists, con men, and ‘so-called” charities out on the Internet scamming hard-working ordinary Americans everyday! Thanks to DO NOT TRACK PLUS I, finally, feel better! Keep up the good work you are doing!!

    • Sarah Downey says:

      Thank you so much! Your support means a lot to us. There are a lot of people out there trying to get your information, but we’re fighting to give YOU the control.

  9. Robert Morrissey says:

    Mark Zuckerberg owns the info I give him. I’m ready to drop FB like a hot potato. Can Abine prevent my “Like(s)” from being collected?

    Quotes from Eric Schmidt:

    “Every young person one day will be entitled automatically to change his or her name on reaching adulthood in order to disown youthful hijinks stored on their friends’ social media sites.”

    “I ACTUALLY think most people don’t want Google to answer their questions, they want Google to tell them what they should be doing next.

    “You can trust us with your data”

    • Sarah Downey says:

      Unfortunately, we can’t. You have a few options to make the situation better, though: 1, stop using Facebook; 2, stop Liking things on Facebook; 3, go back and unlike things you’ve already liked by using your Facebook Activity Log; and 4, use DoNotTrackPlus to stop social buttons from tracking you on sites besides Facebook. The reality of Facebook is that it makes 85% of its money from advertising, so it’s critical to them to collect and monetize your data. It’s virtually impossible to use Facebook in a private way, although you can certainly be smarter and more careful with your use and posts. The unfortunate drawback of that is self-censorship: for example, you probably won’t post everything you’re thinking out of fear of later repercussions, or you won’t like certain pages because you don’t want to see ads from those pages later.

      Nice quotes, too. It’s pretty scary stuff. At least you have us on your side!

      • Nathanael says:

        Self-censoship is the ultimate problem. Remember the infamous Google quote, when they pulled out of the S. Korean market because of a SK “real names” law? Anonymity, Google believed back then, was the bedrock on which freedom of speech was built. Strip away anonymity — the right to express your thoughts, ideas, opinions without fear of reprisal — and you’ve taken a large step toward a totalitarian state in which open, free expression is stifled out of fear of who may be listening. And yet within two years Google itself abandoned its own principles in favor of a real-names policy on Google+, even while SK, realizing the error of its ways, was rescinding its own real-names law. Ironically, free speech is protected better in South Korea than it is on Google.

        I’ve been using the Internet for nearly 30 years, and, with one exception, I *never* use my real name online. Not here, not on FB, not on G+. Now I’m not foolish enough to believe a determined investigator couldn’t track down my wallet name without too much sweat, but at least I feel a bit less naked in front of the peering eyes of the professional voyeurs — everyone from AddThis to Zuckerberg.

        Over at FB, I maintain two accounts, both under pseudonyms. I do fill out my profiles — but always with random junk. On my activities and interests page I “Like” a bunch of random stuff, then every two or three months go through and change it all up for new randomness. Of course, it goes without saying that I never post a picture of myself, never click on Like buttons when I’m out on the web, never install FB apps that want to access my info, never respond to friends’ invitations to join this app or that community, never sign into any site that wants me to use my FB account, and frequently accept friend requests from absolute strangers. And when your profile page is gunked up with a whole bunch of “likes” that you really don’t, you’d be amazing at what an eclectic bunch of friend requests you get.

        Of course, I’m probably being naive. But the idea is not just to hide my life from FB, but to actively gunk up their dossier of me with lies, damn lies and made-up stuff so that if FB should think it knows me, hopefully I can laugh in Z’s face.

        Oh, and I *always* surf from behind an anonymous proxy. It’s amazing how many targeted ads I get for businesses in the San Francisco area (I’m not telling, of course, but it’s safe to say I don’t live within a thousand miles of the place). I just smile and say, “Gotcha”.

  10. Ray Taylor says:

    Finally a program that really works; I am so happy this is a reality at this point in our life time. With all the political trash, smut hounds and the scam artist now days we do need protection such as Abine has offered us.

    Thank you Abine your program works to a “T”

    • Sarah Downey says:

      It’s definitely an arms race: the companies and people who want to know everything about you versus you. We’re trying to help the little guy, so we really appreciate comments like yours. That’s what motivates us every day.

  11. Pete Culotta says:

    This is some very serious s**t. Whatever y’all can do to stop this is worth any price that y’all may charge.
    Keep watching these dogs! And tell us what we can do to help!

    • Sarah Downey says:

      Thanks! DNT+ will always be free, but we’re putting out a new online privacy tool in the next few months that will cover a lot more privacy and will have premium upgrades. How can you help? Try it out when we release it, tell people you know about online privacy issues, and do any of the things on this page:

      Thank you so much!

  12. Nathanael says:

    Oh, and this:

    “go back and unlike things you’ve already liked by using your Facebook Activity Log”

    The cows are already out; it’s too late to shut up the barn. The problem is, your Likes are permanently recorded in FB’s database. When you unLike something, FB doesn’t delete your Like from its records, it simply records the unLike. Rather than simply unLiking things, go back and Like a bunch of randomness so that FB can’t tell the genuine Likes from the smokescreen.

  13. Nathanael says:

    One further comment:

    We are fast approaching the day when social media is so prevalent and universal, merely opting out will have consequential negative impact. FB and Google are in a heated race to capture the nascent identity brokerage industry; hence Google’s sudden about-face on the issue of online anonymity. Today logging into a site with your FB account is a convenience; tomorrow it well be a necessity. Today, employers screen applicants’ social media profiles. Soon they will begin to grow suspicious of those without one and think twice about hiring you. Eventually it will become difficult to get a job without a FB or G+ identity – one that’ easily tied to your real name.

    As suspicion of those who opt out grows, credit companies will lower your credit-worthiness. Banks will deny loans. Insurance companies will jack your rates, then drop you altogether. (Not that they’ll tell you why.) A reduced or non-existent trackable online presence will become a red flag warning for providers of more and more essential services. One day, someone, somewhere will die in an emergency room because hospitals have forgotten how to access offline medical records. The government response will be to require that all medical records be placed online, and the privacy retreat will turn into a rout.

    Today opting out of an online profile is an inconvenience. Tomorrow, an impossibility.

Leave a Reply