Silicon Valley’s biggest companies are always watching you — even when you’re browsing pornography websites in incognito mode.
Trackers from tech companies like Google and Facebook are logging your most personal browsing details, according to a forthcoming New Media & Society paper, which scanned 22,484 pornography websites. Where that data ultimately goes is not always clear.
“These porn sites need to think more about the data that they hold and how it’s just as sensitive as something like health information,” said Elena Maris, a postdoctoral researcher at Microsoft and the study’s lead author. “Protecting this data is crucial to the safety of its visitors. And what we’ve seen suggests that these websites and platforms might not have thought all of this through like they should have.”
The study’s other authors — Jennifer Henrichsen, doctoral candidate at the University of Pennsylvania, and Tim Libert, a Carnegie Mellon computer science instructor — found that 93 percent of the pornography websites they scanned sent data to an average of seven third-party domains. The authors used webXray, an open-source software tool, which detects and matches third-party data requests to scan sites. Most of that information (79 percent of websites that transmitted user data) was sent via tracking cookies from outside companies.
Web tracking varies around the web. Frequently users are tracked via cookies, which are bits of text downloaded by your web browser when you visit a site. Other times trackers come in the form of invisible embedded pixels on your screen. In most cases, these trackers help sites identify and classify repeat visitors. They can help you stay logged onto a site, record your preferences and help manage your advertising profiles.
The study found that Google (or one of its subsidiary companies like the advertising platform DoubleClick) had trackers on 74 percent of the pornography sites. Trackers from the software company Oracle showed up on 24 percent of sites, and Facebook, which does not permit pornographic content or nudity on any of its platforms, had trackers on 10 percent of the sex websites scanned by the study.
“The fact that the mechanism for adult site tracking is so similar to, say, online retail should be a huge red flag,” Dr. Maris said. “This isn’t picking out a sweater and seeing it follow you across the web. This is so much more specific and deeply personal.”
The study found that only 17 percent of the 22,484 sites scanned were encrypted, suggesting that troves of user data could be vulnerable to hacking or breaches.
Why are the trackers there in the first place? Most of the third-party code embedded in these websites is currently standard practice in the publishing industry. The New York Times embeds similar trackers and collects, uses and shares data about readers as part of its business practices. Some trackers, like those for Google Analytics, provide mundane traffic data to the site. DoubleClick and others provide the infrastructure to run advertising.
In exchange, these third-party companies receive data from the website’s visitors. Advertisers and platforms argue that this data is anonymous. And while some of it is basic (device type), other information (your I.P. address or your phone’s advertising identification number) could be used to reverse engineer your identity and match you with already existing marketing profiles.
What these companies might be doing with pornography-site browsing data is a mystery. Oracle, which owns a number of large data brokers and has been called a “privacy deathstar,” could, for example add data collected by trackers with its current profiles. In the cases of Google and Facebook, which refuse to host pornographic sexual content on a number of their platforms, it’s not always clear why they are collecting such sensitive information, even if unintentionally.
Facebook and Google denied that potential information collected by their trackers on pornography websites was used for creating marketing profiles intended to advertise to individuals.
“We don’t allow Google Ads on websites with adult content and we prohibit personalized advertising and advertising profiles based on a user’s sexual interests or related activities online,” a Google spokeswoman wrote in a statement. “Additionally, tags for our ad services are never allowed to transmit personally identifiable information to Google.”
A Facebook spokesman offered a similar explanation, noting that the company’s community guidelines forbid sex websites to use the company’s tracking tools for business purposes like advertising. Though Facebook’s pixel tracker is open for any third party to install on its website — you don’t need permission to embed it — the company suggested it blocks pornography sites and, in those cases, does not collect information from those properties. The spokesman suggested that when alerted to new sex websites using the tools, the company will enforce against them.
Oracle did not respond to multiple requests for comment.
But even if the data is technically anonymous and not used for targeted ads, some browsing information may still end up in the company logs. And when it comes to pornography websites, the most basic browsing data is intensely personal because it is revealing. As Dr. Libert and Dr. Maris note in the study, nearly 45 percent of pornography site URLs “expose or strongly suggest the site content” and in doing so might reveal a visitor’s sexual identity or orientation, or lead third parties to assume a visitor’s sexual interests. “It can be very sensitive,” Dr. Maris said, citing URLs for specific interests like bestiality, and teenage and incest content.
[If you’re online — and, well, you are — chances are someone is using your information. We’ll tell you what you can do about it. Sign up for our limited-run newsletter.]
The researchers found that visitors to most sex sites have almost no way of knowing if a major tech company has cookies or trackers embedded in its sites, and they were able to locate privacy policies for only 17 percent of the scanned sites.
Dr. Maris argues that this lack of disclosure is similar to the issue of sexual consent. “As in any sexual interaction, silence must not be mistaken for consent,” she said. “Individuals should have a clear understanding of the power dynamics of the sexual exchange they are entering when visiting porn sites.” Those power dynamics, according to Dr. Maris, are deeply unbalanced. “You have some of the world’s most powerful companies here,” she said, noting that there’s very little redress for the consumer should the data end up in the wrong hands.
Affirmative consent is at the heart of digital privacy. Nearly all tracking is by default and governed by impossible-to-read privacy policies. And in an era that privileges and prioritizes mass collection of personal information, that means gathering information that is not only invasive but also superfluous. The leaky user data of pornographic websites is merely an extreme example of what has become standard practice online.
Like other media companies, The Times collects data on its visitors when they read stories like this one. For more detail please see our privacy policy and our publisher's description of The Times's practices and continued steps to increase transparency and protections.
Follow @privacyproject on Twitter and The New York Times Opinion Section on Facebook and Instagram.
glossary replacer
General Data Protection Regulation personal data
Charlie Warzel, a New York Times Opinion writer at large, covers technology, media, politics and online extremism. He welcomes your tips and feedback: [email protected] | @cwarzel
Source: Read Full Article
Home » Analysis & Comment » Opinion | Google and Facebook Are Quietly Tracking You on Sex Websites
Opinion | Google and Facebook Are Quietly Tracking You on Sex Websites
Silicon Valley’s biggest companies are always watching you — even when you’re browsing pornography websites in incognito mode.
Trackers from tech companies like Google and Facebook are logging your most personal browsing details, according to a forthcoming New Media & Society paper, which scanned 22,484 pornography websites. Where that data ultimately goes is not always clear.
“These porn sites need to think more about the data that they hold and how it’s just as sensitive as something like health information,” said Elena Maris, a postdoctoral researcher at Microsoft and the study’s lead author. “Protecting this data is crucial to the safety of its visitors. And what we’ve seen suggests that these websites and platforms might not have thought all of this through like they should have.”
The study’s other authors — Jennifer Henrichsen, doctoral candidate at the University of Pennsylvania, and Tim Libert, a Carnegie Mellon computer science instructor — found that 93 percent of the pornography websites they scanned sent data to an average of seven third-party domains. The authors used webXray, an open-source software tool, which detects and matches third-party data requests to scan sites. Most of that information (79 percent of websites that transmitted user data) was sent via tracking cookies from outside companies.
Web tracking varies around the web. Frequently users are tracked via cookies, which are bits of text downloaded by your web browser when you visit a site. Other times trackers come in the form of invisible embedded pixels on your screen. In most cases, these trackers help sites identify and classify repeat visitors. They can help you stay logged onto a site, record your preferences and help manage your advertising profiles.
The study found that Google (or one of its subsidiary companies like the advertising platform DoubleClick) had trackers on 74 percent of the pornography sites. Trackers from the software company Oracle showed up on 24 percent of sites, and Facebook, which does not permit pornographic content or nudity on any of its platforms, had trackers on 10 percent of the sex websites scanned by the study.
“The fact that the mechanism for adult site tracking is so similar to, say, online retail should be a huge red flag,” Dr. Maris said. “This isn’t picking out a sweater and seeing it follow you across the web. This is so much more specific and deeply personal.”
The study found that only 17 percent of the 22,484 sites scanned were encrypted, suggesting that troves of user data could be vulnerable to hacking or breaches.
Why are the trackers there in the first place? Most of the third-party code embedded in these websites is currently standard practice in the publishing industry. The New York Times embeds similar trackers and collects, uses and shares data about readers as part of its business practices. Some trackers, like those for Google Analytics, provide mundane traffic data to the site. DoubleClick and others provide the infrastructure to run advertising.
In exchange, these third-party companies receive data from the website’s visitors. Advertisers and platforms argue that this data is anonymous. And while some of it is basic (device type), other information (your I.P. address or your phone’s advertising identification number) could be used to reverse engineer your identity and match you with already existing marketing profiles.
What these companies might be doing with pornography-site browsing data is a mystery. Oracle, which owns a number of large data brokers and has been called a “privacy deathstar,” could, for example add data collected by trackers with its current profiles. In the cases of Google and Facebook, which refuse to host pornographic sexual content on a number of their platforms, it’s not always clear why they are collecting such sensitive information, even if unintentionally.
Facebook and Google denied that potential information collected by their trackers on pornography websites was used for creating marketing profiles intended to advertise to individuals.
“We don’t allow Google Ads on websites with adult content and we prohibit personalized advertising and advertising profiles based on a user’s sexual interests or related activities online,” a Google spokeswoman wrote in a statement. “Additionally, tags for our ad services are never allowed to transmit personally identifiable information to Google.”
A Facebook spokesman offered a similar explanation, noting that the company’s community guidelines forbid sex websites to use the company’s tracking tools for business purposes like advertising. Though Facebook’s pixel tracker is open for any third party to install on its website — you don’t need permission to embed it — the company suggested it blocks pornography sites and, in those cases, does not collect information from those properties. The spokesman suggested that when alerted to new sex websites using the tools, the company will enforce against them.
Oracle did not respond to multiple requests for comment.
But even if the data is technically anonymous and not used for targeted ads, some browsing information may still end up in the company logs. And when it comes to pornography websites, the most basic browsing data is intensely personal because it is revealing. As Dr. Libert and Dr. Maris note in the study, nearly 45 percent of pornography site URLs “expose or strongly suggest the site content” and in doing so might reveal a visitor’s sexual identity or orientation, or lead third parties to assume a visitor’s sexual interests. “It can be very sensitive,” Dr. Maris said, citing URLs for specific interests like bestiality, and teenage and incest content.
[If you’re online — and, well, you are — chances are someone is using your information. We’ll tell you what you can do about it. Sign up for our limited-run newsletter.]
The researchers found that visitors to most sex sites have almost no way of knowing if a major tech company has cookies or trackers embedded in its sites, and they were able to locate privacy policies for only 17 percent of the scanned sites.
Dr. Maris argues that this lack of disclosure is similar to the issue of sexual consent. “As in any sexual interaction, silence must not be mistaken for consent,” she said. “Individuals should have a clear understanding of the power dynamics of the sexual exchange they are entering when visiting porn sites.” Those power dynamics, according to Dr. Maris, are deeply unbalanced. “You have some of the world’s most powerful companies here,” she said, noting that there’s very little redress for the consumer should the data end up in the wrong hands.
Affirmative consent is at the heart of digital privacy. Nearly all tracking is by default and governed by impossible-to-read privacy policies. And in an era that privileges and prioritizes mass collection of personal information, that means gathering information that is not only invasive but also superfluous. The leaky user data of pornographic websites is merely an extreme example of what has become standard practice online.
Like other media companies, The Times collects data on its visitors when they read stories like this one. For more detail please see our privacy policy and our publisher's description of The Times's practices and continued steps to increase transparency and protections.
Follow @privacyproject on Twitter and The New York Times Opinion Section on Facebook and Instagram.
glossary replacer
General Data Protection Regulation personal data
Charlie Warzel, a New York Times Opinion writer at large, covers technology, media, politics and online extremism. He welcomes your tips and feedback: [email protected] | @cwarzel
Source: Read Full Article