HOW CAN MY SURFING BE TRACKED?

Home

Identity Theft

What Is Identity Theft?

How Identity Is Stolen?

Is Some Theft Worse?

Taking Action

Tracking and Hacking

Online Surfing Tracked

Safe Online Shopping

Tracking E-mail

About

Identity Theft Tips

Add free tips to your site

PAGE TOPICS > HOW CAN MY SURFING BE TRACKED? › Cookies › Spyware › IP ADDRESSES

HOW CAN MY SURFING BE TRACKED?

Tracking technology is always changing, but for now, the basic tools of the trade are cookies and spyware.

Cookies

Cookies are tiny online files written to your hard drive by the server of a web site that you visit. They often include some kind of ID unique to you, so that the next time you visit the site the web geezer can check your cookie and figure out that you've been there before. If you've never given any personally identifying information to a web site, the ID can only help a company track what your computer does no matter who is at the keyboard.

If you register with a site, you start to provide personally identifying information that can now be tied to the ID assigned you in your cookie. Besides helping a web site developer understand, more about who is using their site tying your information to a cookie ID can be good for you, too. Cookies will often store preferences that you ask a web site to remember for you; like your shipping address or a log-in ID. Many web sites won't work properly without cookies, because they are used by the software that generates each page to keep track of what should appear on the next page-information that has very little to do with you or your personal information.

Most of the time cookies are created by the actual web sites that you visit. They are limited in what they can know about you, and really aren't worth a lot of concern. There's even a bit of built-in security. Cookies can be read only by the same web site that wrote them to your disk. A cookie written by one web site-say, for example, your bank's web site-can't be read by any other web site such as that of an online book seller.

The one time that you might want to consider cookies intrusive is when they are created by ad networks. Many web sites that display ads don't actually sell or serve up the ads themselves. They contract this work out to agencies that specialize in finding advertisers and delivering ad content to individual sites. The largest of these networks, called DoubleClick, served over 669 billion ads on countless Web sites last year. Because a visit to any one of those sites also triggers a connection to DoubleClick's web server, the cookie that DoubleClick writes to your hard drive can collect information about your broader surfing habits, not just what you do on one particular site.

In reality DoubleClick is less interested in playing Big Brother than in showing an ad for something that you might want to buy. This means that there are two very real pragmatic limitations on their information gathering. First, they aren't going to pay to store information that they don't really have to. Second, they need a way to crunch their data really fast. No Web company in the world is going to hire DoubleClick to serve ads for them if their site slows to a crawl because DoubleClick is taking too long to process your profile info.

The result is that DoubleClick doesn't track the name of each particular site you visit in its cookie. It tracks the type of site you visit. Each time you visit a site or search using a term that falls into a category it tracks, a counter for that category in your cookie is incremented.

The information in the cookie is used to deter-mine that the time is right to show you ads about wedding stuff. The information is also used to predict a little bit about you. since the vast majority of people who are interested in fashion and wedding stuff are women, DoubleClick will guess that you're a woman. Consequently, you might also see ads for products that appeal to women in general. DoubleClick specifically does not track categories that are too personal or inflammatory like health, financial status, sexual orientation or behavior, race or ethnic origin, or opinions about politics or religion. They just want to sell video cameras and shoes.

Really pretty benign, don't you think? Okay, there is one catch. Individual Web sites that you've given your name to can access a suing profile from DoubleClick. These companies may also share customer information with other companies that will see that you are a customer of both Web sites. Furthermore, DoubleClick bought Abacus, a large-catalogue direct marketing company, a few years back. That company, which knows your name, address, and purchase history (although mostly from catalogues), can compare notes with the Web sites and pretty soon what you do online can be tied to what you do in the real world.

But even this isn't the huge problem we might have feared. DoubleClick is actually fairly careful about its use of cookies and its sharing of information. It needs to be since some disgruntled Web surfers sued them, alleging that they were not so careful. Up to now, companies like DoubleClick and Web-trends have only found it useful to paint a general picture of your actions. They are limited by technology so that they can only gather information from Web sites that have entered into an agreement with them.

And there are a number of ways that you can remove yourself from the whole process, which we'll explore in the Taking Action section.

Spyware

The other big tool for tracking is called, provocatively, spyware. Spyware comes in three flavors: monitoring programs, diagnostic programs, and adware. In each case, a program that reports on your activity is placed on your computer, frequently without your knowledge.

Monitoring programs are designed to track what keys you type, what ills or applications you open, what clicks you make, and what is contained in everything you store on your computer. They are often used by employers to watch over employees, and by parents who want to know what their kids are up to. They are also the spying method of choice for people with less-than-honest intentions.

Common wisdom is that physical access to your computer is required to install monitoring programs, but hackers have found security holes in certain types of servers that allow them to sneak this kind of software onto your Internet-connected machine without a being anywhere near it. Once installed monitoring programs capture a steady stream of descriptive data that chronicles your actions at the computer. This data is sent back to a central server on a regular basis, using your own Internet connection.

Software manufacturers create diagnostic programs. They are designed primarily to aid developers in determining what went wrong in the event the software crashes on your computer, so that they can fix the problem in a future release. Details of how you use their product can be transmitted automatically over the Internet. While it is also possible to misuse this data, most software companies don't appear to have stepped over this line. Each time you install a new program, it is quite possible that you are adding this kind of diagnostic software as well. The fact that you are is probably disclosed in some fine print in the license agreement.

Adware is a supercharged version of the cookie tracking we talked about earlier. It monitors your Web surfing and download activities to choose which pop-up ads it should and will show you. Some programs have been designed to transmit information about you back to prowling companies. One, for example, addresses the question of who signs up for certain set-vices, what motivates them to sign up, and how long they stay a customer of the melamine once they do sign up. The software collects the information it deems relevant to these questions and sells that data to anyone who wants to buy it. Clearly, this type of monitoring is the most aggressive and intrusive. Adware is commonly included in free programs that you download. File-sharing programs that are so popular for downloading music rely on adware as their source of income. There really is no such thing as a free lunch after all, is there?

IP ADDRESSES

Whenever you type in a URL or click a link to request a Web page, the Web server needs to know how to deliver that page back to you-in other words, how to find your computer out of all the millions of other computers that are also out there on the Net. It can find your computer because every computer connected to the Internet has a unique address called an IP address (short for Internet Protocol address).

Whenever you're online your computer transmits its IP address to every server it encounters. And every server keeps track of the up address of every visitor in a log file.

Inevitably unless you use special software to hide your IP address, it is possible to trace a visit to a Web page back to an individual person. When you connect to the Internet, your Internet Service Provider (lSP) assigns your computer an IP address. Since your ISP knows who you are (you pay the bill) when you connect, and it knows what IP address it assigned to you, it's not too difficult to make the connection from an entry in a Web log of an IP address back to the person to whom it belongs. This is how the Recording Industry Association of America (RIAA) tracked down all those people who it claims were sharing music files illegally in order to sue them. It simply noted the IP address of computers that were requesting music files, and then subpoenaed the records of ISPS to determine the name of the person to whom the IP address was assigned.