Transcript Web Privacy

Behavior Tracking
Dhaval Patel
Objective
• Ad Network
• Behavior Tracking
–
–
–
–
Browser Cookies
Flash Cookies
Web Beacons
Fingerprinting Devices
• Privacy Issues
• Solutions
• Conclusions
3
Online Advertising
• Plays a critically important role in the internet
world
• Major playing factor for profiting from the
internet
• Developed alongside the growth of the
medium itself
4
Online Advertising
5
Web History
• 1993 GNN (Global Network Navigator) was the first commercial
website to sell a clickable ad
• 1994 First internet banner, AT&T
• 1994 First commercial spam, a “Green Card Lottery”
• 1995 Advertiser like MC and Zima were paying GNN $110 to
$11,000 per week for ad spots
• 1995 First Ad Server developed by FocaLink Media Services
• 1996 DoubleClick, online ad-related services providing agency,
created a way to track banner ads and consumer behavior and help
track the ROI
• 2008 Google acquired DoubleClick for US$3.1 Billion
6
What is behavior tracking?
• Refers to the practice of tracking users across
web sites in order to learn user interests and
preferences
• Benefits
– Advertisers targets a more focused audience
which increases the effectively
– Consumer is “bothered” by more relevant and
interesting ads
7
Factors of Behavior Tracking
•
•
•
•
•
•
•
Number of days since last visit
Speed of behavior
Number of products viewed during last visit
Number of pages viewed
Supplying personal information
Number of days since last purchase
Number of past purchases
8
Web Tracking
• Track user behavior as they move from site to
site
• types of tracking method:
– Browser Cookies
– Flash Cookies
– Beacons
– Apps
– IP Address Tracking
9
Browser Cookies
• What is a cookie?
– Information that a site saves to your computer
using your web browser
– Record your browsing activities
•
•
•
•
Pages and content you looked at
When you visited
What you searched
You clicked on an ad
10
Browser Cookies
• First Party vs Third Party Cookies
• First party cookies
– Place by a site when you visit it
– Make your experience on the web more efficient
– For example:
•
•
•
•
•
Items in your shopping cart
Log-in name
Preference
Game scores
Sessions
• Third party cookies
– Place by someone other than the site you are on
– Include an advertising network or a company that helps deliver the
ads you see
– Deliver ads tailored to your interests
11
Browser Cookies
• Transient vs. Persistent Cookies
• Transient Cookies
– Jobs is to help “sessionize” your experience on a website
– “set” when we visit the site, it disappears when we leave
• Persistent Cookies
– Set the first time we visit the website
– It will remain there for the duration that the website determines
– Example
• Analytics cookies are typically 18 months
• Other can be 18 months to 18 years
– Help identify a unique browser to our website, closest thing to
tracking a “person”/”unique visitor”
– Contain not always a Personally Identifiable Information (PII) data.
• Random string of numbers or alphabets that only the company who set the
cookie can read.
12
13
14
DoubleClick Tracking
15
Adchoice Example
•
•
•
•
•
Cleared all cookies
Visit USPS.com
Visit AARP.com
Visit Allstate.com
Three website that are used to track user
preference by Adchoice
16
Adchoice Example
• Visit website that have banner hosted for
Adchoice including
– Yahoo.com
– msn.com
17
18
Flash Cookies
• Tougher version of tracking cookie
• Also called super cookie or Evercookie
• It respawn regular cookies that were deleted
and recreate user profile.
• Supercookies are harder to locate and delete
– Stored in different location then regular cookie
– Browser does not know the location
• Since it is a plug-in
19
Web Beacons
• reported by Colorado-based Privacy Foundation for
monitoring Internet users
– Used by advertising circles, but not publicized to internet
users
• small graphic image placed in web pages or email
messages
– Facilitate third party tracking of users and collection of
statistics
– 1-pixel x 1-pixel transparent GIF
• Invisible
– To see the web beacon, we view the source of HTML page
or email message
20
Web Beacons
• Single 1x1 image fetched from DoubleClick
• Bugs alerts Doubleclick to each individuals that
view the website quicken.com
• Double click has systems for monitoring
individuals who view DoubleClick advertisements
• This web beacon allow Intuit to use DoubleClick
monitoring system without the need to first show
a banner advertisement
21
Web Beacons
• This beacon fetches image from
media.preferences.com server
• Sends unique user identification
• Similar to what is found in a cookie
22
Web Beacons
• Does not need to a 1x1 pixel graphics.
• Can be any other content that is pulled from a
third-party we server
– Can be used to monitor its user
• Impact privacy by introducing a third party
into a consumer web site relationship
23
24
Uses of Web Bugs
• According to Privacy Foundataion, companies use web bugs to accomplish
the following tasks:
–
–
–
–
–
–
–
–
–
Gather viewing and usage statistics for a particular page.
Correlate usage statistics between multiple web sites.
Profile users of a web site by gender, age, Zip code, and other demographics.
Transfer personally identifiable information from the web site directly to an
Internet marketing company. This transfer would be accomplished with a web
bug URL that contains the personal information that the company wishes to
transfer.
Transfer search strings from a search engine to a marketing company.
Verify the statistics reported by a banner advertising company, to gauge the
effectiveness of different banner advertisements.
Have third-party providers prepare web usage statistics for web sites that do
not have the technical capability to prepare their own statistics.
Check if email messages are actually read, and, if they are read, to see if they
are forwarded.
Detect copyright infrignement
25
Fingerprinting Devices
• Take combinations of unique properties of the
computer
– Browser
– Operating system
– Screen resolution
– Plug-ins installed
• Create an algorithm to make the best possible guess
about the user without ever installing anything on the
computer
• BlueCava are currently implementing this
algorithm
26
ISP Tracking
• All information must first pass through the
providers computers
• ISP can determine the web sites that user
frequent or articles that were viewed
• By tracking this information, Internet provider
can tell if its users are intereseted in boats or
car, care about fashion or medical illness
27