Follow Slashdot stories on Twitter


Forgot your password?
Privacy Facebook Google The Internet Your Rights Online

Berkeley Law Releases Its First Web Privacy Census 55

New submitter DeeEff writes "The first report in the University of California, Berkeley Law School's quarterly Web Privacy Census was released on Tuesday, and it shows that popular Web sites are far more aggressive in their consumer tracking practices than most people suspect, and that consumers are trapped in an escalating privacy crisis with limited control over their personal information. Most interestingly noted in the article is that twice the amount of sites are using HTML5 storage as opposed to last year, while Flash Cookies are dying down, as we should expect. It also appears that third-party tracking seems to dominate most sites, such as from Google, Facebook, and other large players."
This discussion has been archived. No new comments can be posted.

Berkeley Law Releases Its First Web Privacy Census

Comments Filter:
  • by Johann Lau ( 1040920 ) on Wednesday June 27, 2012 @04:41PM (#40471863) Homepage Journal

    By the way, if anyone here is in advertising or marketing, kill yourself.

    Just a little thought. I'm just trying to plant seeds. Maybe one day, they'll take root. I don't know. You try. You do what you can. Kill yourself.

    Seriously, though. If you are, do. No, really. There's no rationalisation for what you do, and you are Satan's little helpers, okay? Kill yourself. Seriously. You are the ruiner of all things good, seriously. No, this is not a joke, if you're going: "There's going to be a joke coming." There's no fucking joke coming. You are Satan's spawn, filling the world with bile and garbage. You are fucked, and you are fucking us. Kill yourself, it's the only way to save your fucking soul. Kill yourself. Planting seeds.

    I know all the marketing people are going: "He's doing a joke." There's no joke here whatsoever. Suck a tail-pipe, fucking hang yourself, borrow a gun from a Yank friend - I don't care how you do it. Rid the world of your evil fucking machinations.

    I know what all the marketing people are thinking right now, too. "Oh, you know what Bill's doing? He's going for that anti-marketing dollar. That's a good market, he's very smart." Oh man. I am not doing that, you fucking evil scumbags! "Oh, you know what Bill's doing now? He's going for the righteous indignation dollar. That's a big dollar. Lot of people are feeling that indignation, we've done research. Huge market. He's doing a good thing." God damn it, I'm not doing that, you scumbags. Quit putting a goddamn dollar sign on every fucking thing on this planet! "Oh, the anger dollar. Huge. Huge in times of recession. Giant market, Bill's very bright to do that." God, I'm just caught in a fucking web. "Oh, the trapped dollar. Big dollar, huge dollar. Good market, look at our research. We see that many people feel trapped. If we play to that and then separate them into the trapped dollar ..."

    How do you live like that? And I bet you sleep like fucking babies at night, don't you? "What did you do today, honey?" "Oh, we made arsenic childhood food. Now, good night. Yeah, we just said, you know, is your baby really too loud? You know ... yeah, the mums will love it, yeah." Sleep like fucking children, don't you? This is your world, isn't it?

    -- Bill Hicks

  • by betterunixthanunix ( 980855 ) on Wednesday June 27, 2012 @04:48PM (#40471933)
    Yes, I know, someone is going to say, "Use Tor!" -- and I would have said the same thing not so long ago. Yet this is more complicated than just deploying privacy enhancing technologies.

    We are talking about companies that have teams of hackers and computer scientists who are paid to find ways to break technical measures of protecting privacy. Substantial effort is needed to fight back, and most people are not willing to do the sorts of things that would be needed to protect their privacy. Disabling Flash, Silverlight, Java, and Javascript? Disabling cookies? These things make using the web very difficult these days, and as if that were not enough, there are malicious Tor exits that look for passwords and credit card data -- leaving users dependent on the very websites that are violating their privacy to protect it (by enabling TLS).

    So unless someone has figured out a way to compel everyone to stop installing every trendy plugin, to give up on trendy Javascript-heavy websites, and to demand TLS from every website they connect to, we need to put some legal restrictions on data collection in places. Yes, I know, the big bad government interfering with business, but let's put it this way: do you want the big bad government to have access to vast logs of user activity (which is the next step after the corporations collect it -- the government either asks politely, demands it, or covertly acquires it)?

    Which leaves us at the heart of the problem: the only organization in our society with the power needed to stop this has an interest in promoting it.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      These things make using the web very difficult these days

      Do they really though? People keep saying that, but I've never seen it. I don't enable ANY of that shit by default. I whitelist a few sites like yahoo or my local bank, and that's it. Everything seems quite fine honestly, and much, much, much less annoying. When I look at the web on other people's computers who don't do that, it just looks entirely unusable. There's shit popping up over things you're trying to read, shit moving all around the screen to distract you, ... it's unusable.

      I think it's exact

    • Using Opera browser I have disabled Flash, Silverlight, Java, and Javascript. But left cookies active (to login). It makes webpages load about 400% faster and doesn't really break anything, except video sites, but that's an easy fix (just click the play button).

      As for regulation of user data, and limiting its use, just make it part of the corporate license. If companies don't like it they can give-up the license and be free to do whatever (of course google, facebook, and the rest won't do that).

      Oh and the

      • Another Opera user here. I enable cookies from only the site I visit, and they're auto-deleted when I close Opera. Coupled with the Wand and Notes/Personal info only a right-click away, it keeps a lot of the guff out of the system.
    • To get the snark comment out of the way, it's no longer 99-0 against the Tin Foil Hats. They're starting to collect a few victories. So for the Obligatory Tin Foil Hat comment, "the powers that be have no reason to stop their delicious lunch on consumer data."

      Okay, with that out of the way, my suggestion is that if you get a big enough pissed-off-big-pocket on our side, get personal data classified as Copyrighted Data. Then when these companies go to share it with their buddies, all those $375,000 copyright

    • Yeah, I'm starting to enter this group. I'm midline - I run a modified variant of Firefox with AdBlock, Ghostery, Do Not Track, the Collusion plugin, and Private Browsing Mode with history set to zero. And that's about all the energy I have for this stuff.

      If all that is not enough, (and it's not), that's the point of the article.

  • by gestalt_n_pepper ( 991155 ) on Wednesday June 27, 2012 @04:48PM (#40471935)

    Installing ghostery is the first thing I do now when I install a browser. You'll find that you can't interact with a lot of sites, or write comments on them if their tracking software is off, which gives you a good list of sites to stay away from.

    • Which is also why this is not a battle that will be won with technology. Most people do not understand the extent to which their privacy is being violated or the implications of those violations, and only see the technical measures as getting in the way of what they want to do with their computers. The web companies know this, and that is why their websites are designed to fail if you disable technologies that are known to be used for tracking.
    • by Anonymous Coward

      I use ghostery too, but keep in mind browser uniqueness. Test here:

      My results:
      Your browser fingerprint appears to be unique among the 2,262,812 tested so far.

      So despite ghostery, ad-block plus, and custom hosts file ( google, facebook, linkedin et al can all still track my between home, work and on the move once I use their services.

      The only alternative I can thing of is a browser appliance (virtual machine), for each major service.

      • The other alternative is a temporary instance of a VM in a cloud service. Use and toss much like a mobile phone.

      • by Anonymous Coward

        I got:

        "Within our dataset of several million visitors, only one in 5,312 browsers have the same fingerprint as yours."

        I have jasascript turned off, meaning it could not request most of the data it did. It's scary to me that so few people DO have javascript disabled by default. it's one of the biggest security risks AND privacy risks. Turning it off is a huge win, and something that should probably be configured that way out of the box on consumer browsers, since people don't often know enough to disable

      • The only alternative I can thing of is a browser appliance (virtual machine), for each major service.

        I've been thinking along those lines too. What I would like to see is an extension for firefox that spoofs and/or configures all of that stuff based on the URL in the current tab.

        For example, if the URL includes you get one profile and if you are browsing you get another. The profile would include things like:

        unique browser-agent
        unique cookies (of all sorts)
        unique bogus X-Forwarded-For http header
        unique adblock exception list
        unique set of accepted content-types
        etc - basically every

    • Installing ghostery is the first thing I do now when I install a browser. You'll find that you can't interact with a lot of sites, or write comments on them if their tracking software is off, which gives you a good list of sites to stay away from.

      I've bee using ghostery for what feels like forever and I have run across less than 5 sites that would not function without turning ghostery off.

      I can't say for the commenting part though because practically no website allows anonymous comments any more and I refuse to create an account just for a one-off comment and won't even go near facebook for regular use, much less as a global-login.

    • I went searching for Ghostery to install on Opera, and ran across this. Agree or disagree?

      AdBlock, NoScript & Ghostery â" The Trifecta Of Evil [Opinion] []
      "Matt has already written an extensive article on why AdBlock plugin is destroying the Internet..... So when you use NoScript, youâ(TM)re breaking the Internet. Not only do you drag webpages 10 years into the past, but you prevent essential modern page components fro

      • by Hatta ( 162192 )

        Complete misinformation by someone with a vested interest in abusing your privacy. Disregard entirely.

    • by Anonymous Coward

      Do Not Install The Proprietary Ghostery FF Addon!

      Ghostery's true background (Score:3, Interesting)

      "Seems like a lot of people are praising Ghostery, which leads me to believe that you haven't heard the backstory.

      Evidon, which makes Ghostery, is an advertising company. They were originally named Better Advertising, Inc., but changed their name for obvious PR reasons. Despite the name change, let's be clear on one thing: their goal still is building better advertising, not protecting consumer privacy. Evidon

  • Remember the good old days when we complained about those nasty banner ads that would compile lists of what sites in their network you'd visit? When privacy meant not using your real name online? Such simple and naive times...

    • That was back when the government was actively thwarting the deployment of encryption on the Internet. Now we are stuck in a situation where our privacy is even easier to violate because hardly anything is encrypted or authenticated.
      • Face it, the internet was never intended to provide privacy. Any attempt to do so is a bolt-on that will have problems.

        • Actually, the net works very well for privacy. If you have secure websites with encyrption and specific usernames and logins and don't tell anyone about it, it works quite well.

          The problem arises when they want to make THAT public.

          It's my Internet. It wasn't made for you non-techies. You were an afterthought.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      When privacy meant not using your real name online?

      If you go back even further, everyone was using their real names online. In the 1970's and the first part of the 80's on (then) arpanet, the standard was to use your real name, and be "fingerable" to discover even more data about you such as your phone number and such. (I know, because I remember those times). But there weren't entire organizations hell bent on logging everything you did, so in that sense, it was far more private even if your data could be discovered by anyone. It was not yet an "evil"

      • Damn September. []

        The long-term problem with the clueless hordes of newbie sheep wasn't merely that they bleat incessantly, stick their clunky hooves into everything, and crap on the carpets... it's the fact that unshepherded sheep attract predators by the pack. So that's what we have now... an internet of sheep, lured and corralled by wolves with good herding skills.

        Or, if you insist on your metaphors unmixed, the range was wide open before they came. And now there are barbed wire fences and loud flashy town

        • Recently Google Groups went off USENET for about week while they were fiddling with something, and the n00bs didn't even know. It was refreshing. But then Google came back online and all those posts in the queue were dumped on USENET, and it was September deja vu all over again.
  • The worst offenders are the ones that drive me to noscript and adblock plus. The more these fruitcakes at sites like Gawker Media^1 insist on throwing more crud at me, the more I will further fortify my position and flush all ads and tracking.

    And now, if the world was ending, and the only way to save myself was to get a lottery ticket from Gawker Media for the next space ship leaving Earth, I wouldn't, on principle.


    1. Gawker Media is: gawker gizmodo kotaku jezebe deadspin lifehacker jalopnik io9

  • by doas777 ( 1138627 ) on Wednesday June 27, 2012 @05:12PM (#40472179)
    This is exactly why I use noscript. I persistently block,, etc, but I like that Noscripts protects me from the 3rd party listeners by default but in a granular way.
  • Last article I read on SD was about Microsoft enabling tracking protection by default. Most users here claimed MS pro-privacy measure violated the user's rights. But in this thread, the consensus is that tracking is problematic and we are recommended to block certain sites? Odd, Slashdot. Odd. So walk me through this.

    I'm convinced that tracking, data collection and data sharing, among various other obviously unethical privacy violations by hundreds or more large companies on the web is a major concern and
    • by DeeEff ( 2370332 )

      Let me try to explain:

      If Microsoft implements Do-Not-Track as default in IE, then the majority of users will never notice the setting and then leave it on. This means, most ad companies will start losing revenue, and fast. This is a problem for most ad companies. So, since Do-Not-Track is just a flag that says "I don't want you to track me," it can't actually prevent companies from tracking you online (since it doesn't have any technical blocking or filtering) if they decide they want to.

      If ad companies sta

  • by gr8_phk ( 621180 ) on Wednesday June 27, 2012 @10:26PM (#40474677)
    Isn't HTML5 storage that shit where they just dump data in a database on YOUR machine? Fuck figuring out who you are and matching shit up - just store it all on your own machine bit by bit and glurb it all in as needed. The problem is these fucking standards shitbags enabling all this. First it was cookies, now it's a full blown local database. Oh, and they can read enough info to identify the machine (recent Orbitz story?) because MSIE6 and other browsers couldn't implement the standards well enough and webdevs had to have more information about your setup just to make shit work.

    Just to be clear, the web can work with zero client side storage just by giving a site visitor a GUID embedded in every link - yes this requires the server to then inject the GUID dynamically into every page served, but who gives a shit when half the pages are dynamically created anyway? It wasn't easy in 1993, but today it would be trivial. Can someone please build a framework that makes this simple so we can turn off cookies and still have a "session"?

    and no, this is NOT a complete solution to privacy issues by any means - just a start - get peoples machines to stop betraying them.
    • Use Cookie Monster, so some similar cookie disabling app. For most sites disabling cookies means disabling localStorage.

      But cookies are dumb. 99% of the time I don't even want to be seeing what I store in localStorage, it's all user preference gloss, and certainly does not need to be sent between my server and your computer ten million times a day. But right now that's what we use cookies for.

      Writing my own fully AJAX driven software, let me just say, adding 2kb to each and every single AJAX request is simp

"Call immediately. Time is running out. We both need to do something monstrous before we die." -- Message from Ralph Steadman to Hunter Thompson