Welcome to this blog in which I will update the latest News and Information from the Kingdom of Tonga in
which name by Captain Cook is the "Friendly Islands".

Please enjoy and do fill in some comments on what you want
me to add or improve.

tonga - Google News

Tonga Energy Road Map

Thursday, January 13, 2011

That is tracking you online?

Translate Request has too much data
Parameter name: request
Translate Request has too much data
Parameter name: request

Ed Felten, chief technologist, Federal Trade Commission (starting January 2011), director, Center for Information Technology Policy, professor, computer science and public affairs, Princeton University, Princeton, N.J.

Craig Wills, professor, Computer Science Department, Worcester Polytechnic Institute, Worcester, Mass.

Many top websites deposit tracking tools on Internet surfers' computers, in order to help online marketers target ads. Ira Flatow and guests discuss Internet tracking, and the Federal Trade Commission's suggestion that browser makers build in a sort of "do not track" button.

Copyright © 2010 National Public Radio®. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.

IRA FLATOW, host:

This is SCIENCE FRIDAY from NPR. I'm Ira Flatow.

You notice how every time you search for something on Google, ads pop up on the side, trying to whisk you away from the search results? It's obvious how the ads get there: They're based on what you search for. If you Google Miami vacation, you'll get ads for hotels, airlines, maybe mojito mix.

More mysterious, maybe, is how ads that seem tailor-made for you, like the ad for boots you almost bought three weeks ago, how they seem to show up on sites without you typing anything. How do they know?

Well, it's all due to tracking of your moves going on behind the scenes as you search the Web. So if you go to msnbc.com or Google, YouTube, CNN, Dictionary, almost all the top sites, with the exception of Wikipedia, they're depositing little tracking tools on your computer when you visit them, digital breadcrumbs that can trace a path of where you've been.

But just a few weeks ago, the Federal Trade Commission said maybe it's time for a sort of do not track option for your browser, sort of like a do not call registry, that would let you opt out of this tracking and targeted advertising.

Is that something you'd like to see? And if so, how would something like that even work? If you build it into a browser, would online marketers just outsmart the latest privacy tools and find a way around it? Maybe you like those ads. Maybe you'd rather see the ads based on your interest, you like to go to them.

Give us a call. What do you think? 1-800-989-8255, 1-800-989-TALK. And if you're on Twitter, you can tweet us your question, your views @scifri, @-S-C-I-F-R-I, and of course, you can surf over to our website at sciencefriday.com and join the discussion there, also.

Let me introduce my guests. Ed Felten is director of the Center for Information Technology Policy at Princeton University. He's also a professor of computer science and public affairs there. And starting next month, he'll be chief technologist for Federal Trade Commission. He joins us from our studios in D.C. Welcome back to SCIENCE FRIDAY, Dr. Felton.

Dr. ED FELTEN (Center for Information Technology Policy, Princeton University): Thanks, Ira.

FLATOW: You're welcome. Craig Willis(ph) is a professor in the Computer Science Department at Worcester Polytechnic Institute in Worcester, Massachusetts. He joins us by phone. Welcome to SCIENCE FRIDAY.

Professor CRAIG WILLS (Professor, Computer Science Department, Worcester Polytechnic Institute): Thank you, Ira. It is Craig Wills.

FLATOW: What did I say?

Prof. WILLS: You said Willis.

FLATOW: Oh, I'm sorry. I - well, now you're an official member of the SCIENCE FRIDAY crew.

(Soundbite of laughter)

FLATOW: If I don't screw up your name - let me begin with you, Craig Wills. Tell us about what we have to fear. What kinds of things do people find out about us when we go searching, or we go surfing around the Internet?

Prof. WILLS: Well, they find out - so basically we have these - so when you go surfing around the Web, you go to what we would call first-party sites. And in the background, we have these third parties who you typically, as users, don't see. And these third parties are the ones that are actually tracking you.

And what they're doing is they're using some of these cookies that you referred to that build up an anonymous profile about us that if I go to ESPN, I probably like sports; if I go to NASCAR, I'm probably male, or maybe if I go to AARP, that says something about how old I am.

FLATOW: Yeah. But what about all these cookies we used to hear about? Are there still these cookies around?

Prof. WILLS: Oh, they're very much still around.

FLATOW: And is that how the tracking is done?

Prof. WILLS: Well, yes. That is certainly probably the most common and easiest way to do tracking.

FLATOW: And what is exactly in the cookie? What does it tell the, you know, the cookie?

Prof. WILLS: The cookie itself is actually just a unique identifier that back at the advertiser that there's basically a database that that identifier is just a key into the database, and things are being stored in the database about what's being learned about the sites that I visit.

FLATOW: Ed Felten, can't you just turn off the cookies to stop this trafficking?

Dr. FELTEN: Well, you can turn off cookies. You can turn off third-party cookies, and that would stop you from being tracked by cookies. But there are quite a few other ways in which sites can track you even if you do turn off cookies, and you don't have options to turn all of those off as of today.

FLATOW: Such as? What other ways are there?

Dr. FELTEN: There are a bunch of different ways. One way is called Flash cookies that uses a technology called Flash that we often use to do things like look at movies. And that provides another way that a site can place a unique identifier on your computer. And there are several others of that type.

There also is a method called browser fingerprinting, which looks at the unique configuration of your browser, which turns out to really be unique, and uses that to identify you.

FLATOW: And if you go to a shopping cart, does the shopping cart know what you're interested in and then offer you other things?

Dr. FELTEN: Well, certainly that can happen. This is what we call first-party marketing. That is, the first party, the site that you think you're going to, is watching what you do on the site, and that in itself is no surprise. And then it may offer you, the site may offer you other products that you might be interested in.

FLATOW: And why, like I said before, if you're shopping for shoes weeks ago, does it remember? Does it have such a long memory that it will come back?

Dr. FELTEN: Indeed it could. The - what would have happened in that scenario, perhaps, is that when you initially looked at the shoes, a cookie was put on your computer or was there already with some unique identifier.

And then later, say weeks later in your scenario, that cookie is given back to an ad agency, and it recognizes you as the same person who looked at the shoes a few weeks ago, and so it shows you that ad.

FLATOW: Let's talk about this do not track idea compared to the telephone do not call list. You know, you supposedly can tell a central database that you don't want people to give you these phone calls. Would that work on the Internet, that idea?

Dr. FELTEN: Well, the general idea of giving people a way to opt out of this behavior, calling or - commercial calling or tracking is the same, but the way that it would work is different because the Internet is a bit different from the phone system.

FLATOW: And would it be effective?

Dr. FELTEN: I think it would. There are several ways that one could go about building a do not track system. But I'm convinced that it can be done, and it can be effective at protecting people from the harm.

FLATOW: Craig Wills, you have done some work looking at privacy leaks from social networking sites. Can you tell us about what's going on there?

Prof. WILLS: Right, and this kind of adds another interesting twist to this notion that these tracking sites are aggregating information about our behavior, what websites that we're going to.

Back in 2009, with a colleague at AT&T Research, we published a report showing that not only are these tracking servers following our behavior, we can also track and find out who are, our identity, through social networking sites.

FLATOW: And how much information does it need to know who you are?

Prof. WILLS: Well, in many cases, what we found was that a social networking identifier, another identifier gets leaked to the third-party advertiser, and that would be a potential for that advertiser then to go look up that information and say ah, this is Craig Wills that is actually associated with this cookie.

In some cases, we actually saw personal information from the social networking site, such as my name or my company or my college being passed directly to an advertiser.

FLATOW: No kidding, and without your knowledge?

Prof. WILLS: Without my knowledge.

FLATOW: But, you know, when you log onto these sites sometimes, there's 40 pages of agreement there. Is that what you're giving up when you join some of the social network sites, the right to keep that data private?

Prof. WILLS: I don't know. I haven't really tried to understand that 40 pages, and I'm not sure many people have.

(Soundbite of laughter)

FLATOW: Yeah, did you let - Craig, did you let social network sites know what they found so they could fix it, and did they?

Prof. WILLS: We did, and to our knowledge, when we published this in August of 2009, to our knowledge none of the sites took any action.

FLATOW: No kidding? Why do you think that is?

Prof. WILLS: I don't know. I think it's a legitimate question to ask.

FLATOW: Wow, and there have been further articles about it. Wasn't there an article in the Wall Street Journal in January or February, some time back, where they uncovered this?

Prof. WILLS: There was, and then some of them at that point said: Oh, we've never heard of this problem.

FLATOW: Even though you told them about it?

Prof. WILLS: Even though we did notify them, yes.

FLATOW: Wow. Ed Felten, Microsoft said they're going to build tracking protection into Internet Explorer 9. How is that going to work?

Dr. FELTEN: The basic idea is that your browser would have a list of sites that engage in third-party tracking, and your browser would then not go to any of those sites on the list when they would otherwise be accessed as third-party sites. That list would not come from Microsoft, but you could subscribe to lists that are published by anybody.

FLATOW: Now the FTC, according to headlines around the newspapers and the Internet, is going to propose this do not track option for the Internet. Is that going to be enforceable, or are we going to require the cooperation of the companies involved?

Dr. FELTEN: Well, certainly in order to make a do not track system work, you need cooperation from some companies. And there are different ways that could come about.

That could come about by self-regulation, that is a bunch of companies in the industry getting together and agreeing on a code of best practices that they pledge to follow. Or in principle, it could come because Congress passes a law establishing a do not track list or asking the FTC to do so.

FLATOW: So if it's just a code, then there's no punishment because you can say I will or won't follow the code. But if it's a law, it might have more teeth?

Dr. FELTEN: Well, if it is a code, and a company pledges to follow the code and then breaks that pledge, that would have legal consequences, as I understand it.

So even a voluntary pledge, if taken in a formal way, does have legal consequences.

FLATOW: 1-800-989-8255 is our number, if you'd like to call and ask about this. Let's take a phone call before the break. Mary(ph) in Tulsa, hi, Mary.

MARY (Caller): Hi, how are you?

FLATOW: Hi there. Go ahead.

MARY: Hi, yeah. I just wanted to comment on that proposed bill or law about the privacy. I actually like the tracking system. Otherwise, you know, we're going to get non-specific advertising on everybody's computer.

Advertising is not going to go away on the Internet, and I would much rather have things that I'm interested in than, say, embarrassing Viagra ads that might be well-funded but pointed toward a general audience.

FLATOW: Yeah, well, Mary, if you were getting Viagra ads, we'd know the system is not working.

(Soundbite of laughter)

MARY: Well, I'm just...

FLATOW: I understand.

MARY: I'm just more of a proponent of more specialized ads.

FLATOW: Yeah, I understand your point. Let me ask Craig or Ed to comment. Good point, Mary: You'd rather see stuff that you know you might be interested than just spam all over the place.

MARY: Yeah because we're going to get ads one way or the other. That's just how the Internet works. That's how people make money.

FLATOW: Yeah. Good question.

Dr. FELTEN: It is a good point, and that's one of the reasons why the do-not-track proposals are optional. That is, it's your option whether to opt out of tracking or whether, in your case, I guess, you would decide to keep it going.

It's also worth saying, I think, that even if a consumer does opt out of tracking, there are methods that companies can pursue to try to show you options for ads that you might be more interested in.

You might be willing to tell an ad agency or an industry group that you're seeing ads on particular things and not others.

FLATOW: You get them through email; why not get them through your browser? Stay with us. We're going to come back and talk more with Ed Felten and Craig Wills. Our number, 1-800-989-8255. Your Internet privacy we're talking about this hour on SCIENCE FRIDAY. You can also tweet us @scifri, @-S-C-I-F-R-I. Stay right there. We'll be right back.

(Soundbite of music)

FLATOW: You're listening to SCIENCE FRIDAY. I'm Ira Flatow.

We're talking this hour about your privacy on the Internet and advertisers tracking you, with my guest, Edward Felten, director of the Center for Information Technology Policy of Princeton University in New Jersey, also professor of computer science and public affairs there. Starting next month, he'll be chief technologist for the Federal Trade Commission.

Also with us is Craig Wills. He's professor in the Computer Science Department at Worcester Polytechnic Institute in Worcester, Massachusetts.

Our number, 1-800-989-8255. Ed Felten, chief technologist for the FTC. How are you going to read all that stuff? I mean how are you going to keep up with all the technology changes? It must be some challenge, one heck of a challenge.

Dr. FELTEN: Well, sure, there is a lot going on. And that's, I think, one of the reasons why the FTC wanted to have a chief technologist. There are a lot of things going on, but there are a lot of people out there who are watching it and who I hope will be talking to me.

FLATOW: And when does your tenure begin?

Dr. FELTEN: On the first of the year.

FLATOW: On the first of the year. 1-800-989-8255. Let's go to the phones. Abdel(ph) in Orlando, hi there.

ABDEL (Caller): Hi there. Big fan of your show, Ira.

FLATOW: Thank you.

ABDEL: I love it.

FLATOW: Go ahead.

ABDEL: All right. My question was: If we have to pay a monthly fee for the Internet and see all those pop-up ads, and they pour millions of dollars for those ads, why do we have to pay for Internet?

FLATOW: Good question.

ABDEL: It's just like HBO. If I pay a certain amount of money, I don't get to watch commercials. So why do I pay a monthly fee for Internet if I have those ads?

FLATOW: I don't have an answer for that. That's a good - well, let's see if our experts - Craig or Edward, any comment on that?

Prof. WILLS: I guess you're paying - you're paying for the bits to arrive to your to your home, and then I guess the advertising pays for you to see the content of the particular sites.

ABDEL: Oh.

FLATOW: You know, Abdel, what the real answer is, I think? It's because you will pay for them.

ABDEL: Okay, that makes sense.

FLATOW: You know what I mean? You'll get - and if you pay for them, they'll charge you for it, and you - you know, you'll agree or not agree. So if they build it, you will come and pay for it. If not, you have an option not to. So I think they know that you'll pay for it if they charge you for it. That's how business works.

ABDEL: That's right. All right, thank you.

FLATOW: All right. Thanks for calling. 1-800-989-8255. Let's see if we can get another phone call or two. Vincent in Chico, California. Hi, Vincent.

VINCENT (Caller): Hi, how are you?

FLATOW: Hi there.

VINCENT: I use a series of Web browsers that are in the Mozilla family called Firefox, and they have had an add-on for several years called Adblock Plus that has several lists of these type of tracking sites, as well as a whole - options to block ads in general or classes of ads.

And so I don't actually store cookies because of these, and in addition, the ads don't show up, nor do the tracking things get blocked. That's been in existence for now I think about six or seven years. Would this type of tool be applicable to Internet Explorer or be the type of thing that we're talking about?

FLATOW: Craig, what do you think about these add-on tools?

Prof. WILLS: They're good, and, you know, I use Firefox as well. And, you know, part of the problem is that the set of tools that are out there are a bit varied, and it's not - you know, you go from one browser to another, the set of tools or how you use the tools varies. And I think that caused a problem.

Another problem - and I'm certainly familiar with ad blockers - one issue that we found with things like ad blockers is there are some third-party companies that are treated as what we call a hidden third party, that it looks like they belong to the first-party site that you're going to, but they actually - the server and the content actually goes to a third party instead.

VINCENT: So that's like cross-scripting?

Prof. WILLS: Not so much cross-scripting, but it's like, you know, you might have, if I go to, you know, CNN, there would ad.cnn.com that looks like it's a CNN server but actually belongs to a third party.

FLATOW: Wow. Yeah, I've seen some of those. Thanks for calling. 1-800-989-8255. What about these functions on some of the browsers now that say private browsing? Does that help? Does that keep you from getting some sort of - getting tagged by people you do not want to have? Or what about clearing your cache, getting rid of those old places, those temporary files? Do either of those work?

Dr. FELTEN: These methods do provide some protection, but sometimes they're overkill in the sense that you might be throwing out stored information that you'd actually want to keep.

Cookies and other technologies like this are sometimes used for - in a first-party setting for things like remembering your log-in or remembering what's in your shopping cart.

And when you delete all of your cookies, you'll be getting rid of those as well. Similarly with private browsing mode, you get less control than you might perhaps want.

What I think a lot of people will want is to be able to control tracking and some of these technologies without completely shutting off all storage in their browser.

FLATOW: What about we are now heading toward a world of mobility, Craig, where, you know, we're going to be doing everything on our smartphones or our iPads or those tablet sorts of things. Is it a bigger problem than with desktop computers?

Prof. WILLS: Well, it certainly adds in a couple extra kind of pieces of information that are potentially of concern that could get leaked to a third party. One of those is that - your precise location.

So if you - you know, we studied mobile online social networks such as, say, Foursquare. And one of things there, you can actually check in your current location, and that's a very precise location about you, and if that location gets leaked, then that's, you know, potentially concerning from a privacy standpoint.

These devices also have a unique device identifier - that is, something that is particular to that device and only that device, and if somehow that device identifier gets leaked to a third party, and that third party then can link that to your identity, then we have a case that that third party knows exactly who that device belongs to.

FLATOW: Is it possible to create a Web browser - let's say somebody doesn't want to really make any money on ads and wants to just create a third-party Web browser just for the sake of having one - can you make one that will not keep track or, you know, send you all those ads? Is it possible to do that?

Dr. FELTEN: You certainly could make a browser that does not allow tracking, and you could make a browser that blocks a lot of ads. But I actually dont think that's what most consumers want and what's necessarily conducive to having a healthy Internet economy.

I really think that what people want is the ability to control the tracking that goes on, and I think people are willing to see ads, or at least have accepted that ads are a part of the Internet economy. What they - what people I think are more worried about is other uses of tracking.

FLATOW: We only have a few minutes left, but I can't let you go without asking you what your views are going to be on Net neutrality as you become the chief technology up there.

Dr. FELTEN: Well, Net neutrality is a tough issue, and it's not an issue on which the FTC is the lead agency. The FTC's concerns really primarily have to do with consumer protection. Our colleagues over at the Federal Communications Commission have been taking the lead on Net neutrality. And of course that's also been an issue that's been hotly debated in Congress.

FLATOW: Craig, what's your take on it?

Prof. WILLS: You know, it's not something that we've looked at in great detail, and so I'll pass on that one.

FLATOW: Let me see if I can get a call or two in here. Let's go to Daniel in Fayetteville, Arkansas. Hi, Daniel.

DANIEL (Caller): Hi, thank you for taking my call.

FLATOW: Hi there.

DANIEL: I have a couple of comments, actually, and they're linked by the kind of overarching topic we're discussing.

But first off, we talk about privacy as though it were something that actually existed in this particular case. But what we're actually doing is we ask for these customized browsing experiences. We want these targeted ads, as another caller sort of mentioned earlier.

And when a website asks you what is your average income level, it is your obligation to either answer that or not answer that based on what your personal level of acceptable privacy is.

So when you put all this information out there, you're actually saying I give up this level of privacy for this experience, and so that's something that I don't think is being discussed very much, and it's sort of, I thought, a little bit telling that in a discussion about privacy on the Internet, you say Tweet us. And Twitter is a fantastic sort of example of giving up that privacy, and so is Foursquare, as was mentioned a second ago.

The other thing being that I sort of feel like the media, as of late, has gotten hold of this story and has sort of turned it into the next big bad scare. And they use, you know, not necessarily like a soundbite like a politician would use, but they throw things out there like tracking and cookies and all of these things that have been around for years and years and years.

FLATOW: But Daniel - I have to say goodbye. Let me just ask(ph) - most of the callers we've had on this afternoon are not against the tracking.

DANIEL: Right, right.

FLATOW: So I mean, whatever the media is doing, at least the callers have not - you know, they've done their own homework on it.

DANIEL: Yeah, I suppose that's true to an extent, but my point being, you know, I think that a lot of this, you know, the sort of continued discussion of it, it's sort of a non-issue, and we keep bringing it up and keep dredging it up and creating legislation that's probably not going to be very well enforced.

FLATOW: All right. We have to say goodbye because we've run out of - I want to thank you both. I want to wish you luck, Ed Felten...

Dr. FELTEN: Thank you.

FLATOW: ...in your new job as the chief technologist for the Federal Trade Commission. I want to thank you for taking time to be with us today.

Dr. FELTEN: Thanks.

FLATOW: You're welcome.

And Craig Wills, professor in the Computer Science Department at Worcester Polytech Institute in Worcester, Massachusetts, thank you for joining us. I said Worcester Polytechnic Institute, didn't I?

Prof. WILLS: Very good. You got it right, and I appreciate being here.

(Soundbite of laughter)

FLATOW: You're welcome. Have a good weekend.

Mr. WILLS: Okay.

FLATOW: We're going to say - we're going to take a break now and come back and have something else to talk about.

Copyright © 2010 National Public Radio®. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to National Public Radio. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.


View the original article here

No comments:

Post a Comment