Recently, I started noticing a trend that did not initially ring an alarm bell. Whenever I go online to research a particular topic, say “disaster recovery” or “file encryption”, I would get an email from one of the content provider’s “Research Assistant” with links to articles and documents from vendors about data backup, disaster recovery and file encryption. Normally you would say, “great, just what I was looking for”. But I tend to look at it from the other side – how did they know what I was searching for? And more importantly, what else are they tracking other than my search habits? To push it even further, how long has it been going on?

Remember, these are subscription services I signed up for a long time ago. Sure, whenever you download a white-paper (never mind that the piece of crap is only a page long) and you have to fill out a long form asking for every little detail about you, you will get your fair share of spam email. But thanks to recent regulations, you also have the option of putting a stop to the nonsense by opting out. In some stubborn cases as was my recent experience with Preplogic, you simply add them to your block list (yes, I will name this company because of their unethical behavior after I tried to unsubscribe four times and was still getting their “promotions”. I had to block their list address from sending me emails!).

[As an aside, I do hope companies realize that it is not the amount of emails you bombard us with on a daily basis that spurs our purchase (listen up Amazon!); rather, it is our need for specific products at specific times. After all, I came to your website to buy something in the first place. If I need something else, I know how to get to your website. Clogging my Inbox with useless "promotions" just pisses me off and could surely guarantee that I will not buy from you next time].

I had a suspicion that my internet searches were being tracked by this content provider (through IP tracking). IP tracking can be used to track people’s online behavior in a way that eliminates their anonymity online,  and recent tests have shown that IP addresses can perfectly identify about 30% of U.S. households.  That means that from your IP address, it is possible for a site to know or approximate your exact physical or home address).

So I did a little experiment (as a regular day-to-day user) to test my theory. I installed a fresh copy of Mozilla Firefox and set it up to always start in private browsing mode and to clear the cache on exit. I then used Adobe’s Flash Settings Manager to lock down (I thought)  flash cookies. Over a period of three weeks, I went online and searched for three different unique subject areas.

The first was “Identity Theft”. To my surprise (and to be honest, a little alarm), about 15 minutes later, I got an e-mail from the content provider’s “Research Assistant” with the following:

RECOMMENDATIONS:
Linking identity and data loss prevention to avoid damage to brand, reputation and competitiveness

Next, I searched for “Risk Management” and like clockwork, the “Research Assistant” came back with:

RECOMMENDATIONS:
Managing Risk an Integrated Approach

Finally, I searched for “Security Compliance” and got an e-mail from the “Research Assistant” with the following:

RECOMMENDATIONS:
Video Whiteboard: Managing Risk and Compliance Proactively

Were these three case coincidental? Possibly, but I find it really interesting that their email robot would send me messages “To assist you with your IT research”  and recommending “following related content, which other readers have recently requested. I am tempted to believe that despite the steps I had taken to shield myself from invisible “eye-balls” following my every move online, these content providers have found a clever and invasive way of keeping tabs on us all the same. The good thing is they (or some at least), provide an option to “opt out”. Whether that is just a window dressing to cover their butts is the anyone’s guess.

My recommendation is that you should be aware that nothing you do online is anonymous. More and more content providers are sharing subscriber information these days and tracking is the way they fulfill these barter arrangements. The goal is targeted marketing, but the psychological effect on us is a little stressful. There is so much going on in our daily lives that many of us do not have the time to look at the stuff working in the background as we go about our daily “surfness”.

Be careful out there.

How would you like to see a video of the web sites you visited, emails you sent and received, chats and instant messages, keystrokes typed, documents printed etc? There are tools available now that promise to “detail what an employee is doing every step of the way”. These tools are so advanced and detailed that they can answer questions like:

• Which employees are spending the most time surfing web sites?
• Who is spending time on shopping sites, sports sites or adult sites?
• Which employees chat or use anonymous email services like Hotmail and Gmail?
• Who is sending the most emails with attachments?
• Which employees may be leaking company confidential information via removable media like flash drives, CDs and DVDs?
• Which employees are printing sensitive documents?
• Who is arriving to work late and leaving early? Who takes long lunch breaks?
• What are my employees searching for on Google, Yahoo and MSN?

Now the question is, how does this affect employee morale and sense of privacy? I am not sure I would be comfortable working in an environment that actively monitors my every single move throughout a work day. For those working in a high security position, or in environments that mandate strong security compliance (like the federal government’s requirement for keeping records of transactions and communications), there may some justification for this kind of paranoid Big Brother activity. If the end result, however, is to minimize internet abuse, there are moderate software and hardware solutions that do a decent job of keeping time-wasting web sites of your network. I mean, when is it really necessary to know:

• What web sites are being visited most frequently and who is spending the most time browsing the web? Are these web sites work-related?
• Which employees are engaging in chat or instant messaging? Is it work-related?
• Who is using Hotmail, AOL mail, Gmail or Yahoo mail to communicate sensitive documents?
• What are employees searching for on Google, Yahoo, MSN and AOL?
• Who is sending the most email with attachments and where is it going? What is contained in those attachments? Is the employee authorized to send out this information?
• What are the top programs being run and are any of them non-work-related?
• Which employees are playing games like Solitaire at work? How much time are they spending playing games?
• Who is transferring the most files and what exactly are they sending out and to whom are they sending these files?
• Who is saving confidential information to removable media like flash drives or CDs or DVDs?
• Who is printing company sensitive files?
• Who are the top violators of those keywords that indicate abuse (e.g.: sex, guns, gambling)
• Which employees type the most?  Which type the least?
• Which employees use the most network bandwidth and why?
• Who is arriving at work late and leaving to go home early?
• Who takes the most breaks throughout the day?

Internal espionage in corporate environments is nothing new. Many companies put systems in place to help prevent or uncover data loss by tracking users sending sensitive files as attachments or copying them to removable storage devices such as USB keys, iPods, or CDs. So if you work in a major corporation that can afford killer internal employee monitoring software, you may want to be careful about those “business” emails to your massage therapist.