Online Tracking & Spying is No Joke!

You’ve heard about it and read tons of articles about it, but until you actually experience it, you do not realize how unnerving online spying can be. As a Computer Security Consultant, I spend a lot of time on the internet reading, researching and writing. Naturally, I subscribe to a lot of content providers for white-papers, research reports etc.

Recently, I started noticing a trend that did not initially ring an alarm bell. Whenever I go online to research a particular topic, say “disaster recovery” or “file encryption”, I would get an email from one of the content provider’s “Research Assistant” with links to articles and documents from vendors about data backup, disaster recovery and file encryption. Normally you would say, “great, just what I was looking for”. But I tend to look at it from the other side – how did they know what I was searching for? And more importantly, what else are they tracking other than my search habits? To push it even further, how long has it been going on?

Remember, these are subscription services I signed up for a long time ago. Sure, whenever you download a white-paper (never mind that the piece of crap is only a page long) and you have to fill out a long form asking for every little detail about you, you will get your fair share of spam email. But thanks to recent regulations, you also have the option of putting a stop to the nonsense by opting out. In some stubborn cases as was my recent experience with Preplogic, you simply add them to your block list (yes, I will name this company because of their unethical behavior after I tried to unsubscribe four times and was still getting their “promotions”. I had to block their list address from sending me emails!).

[As an aside, I do hope companies realize that it is not the amount of emails you bombard us with on a daily basis that spurs our purchase (listen up Amazon!); rather, it is our need for specific products at specific times. After all, I came to your website to buy something in the first place. If I need something else, I know how to get to your website. Clogging my Inbox with useless “promotions” just pisses me off and could surely guarantee that I will not buy from you next time].

I had a suspicion that my internet searches were being tracked by this content provider (through IP tracking). IP tracking can be used to track people’s online behavior in a way that eliminates their anonymity online,  and recent tests have shown that IP addresses can perfectly identify about 30% of U.S. households.  That means that from your IP address, it is possible for a site to know or approximate your exact physical or home address).

So I did a little experiment (as a regular day-to-day user) to test my theory. I installed a fresh copy of Mozilla Firefox and set it up to always start in private browsing mode and to clear the cache on exit. I then used Adobe’s Flash Settings Manager to lock down (I thought)  flash cookies. Over a period of three weeks, I went online and searched for three different unique subject areas.

The first was “Identity Theft”. To my surprise (and to be honest, a little alarm), about 15 minutes later, I got an e-mail from the content provider’s “Research Assistant” with the following:

Linking identity and data loss prevention to avoid damage to brand, reputation and competitiveness

Next, I searched for “Risk Management” and like clockwork, the “Research Assistant” came back with:

Managing Risk an Integrated Approach

Finally, I searched for “Security Compliance” and got an e-mail from the “Research Assistant” with the following:

Video Whiteboard: Managing Risk and Compliance Proactively

Were these three case coincidental? Possibly, but I find it really interesting that their email robot would send me messages “To assist you with your IT research”  and recommending “following related content, which other readers have recently requested. I am tempted to believe that despite the steps I had taken to shield myself from invisible “eye-balls” following my every move online, these content providers have found a clever and invasive way of keeping tabs on us all the same. The good thing is they (or some at least), provide an option to “opt out”. Whether that is just a window dressing to cover their butts is the anyone’s guess.

My recommendation is that you should be aware that nothing you do online is anonymous. More and more content providers are sharing subscriber information these days and tracking is the way they fulfill these barter arrangements. The goal is targeted marketing, but the psychological effect on us is a little stressful. There is so much going on in our daily lives that many of us do not have the time to look at the stuff working in the background as we go about our daily “surfness”.

Be careful out there.