Oh, The Horror
Remember the horror movie, “The Ring,” where the scary girl climbs out of the TV and chases the innocent bystander? I’m not easily spooked during horror movies, but that scene really freaked me out.
It doesn’t just happen in movies. It’s happening on the web, and you should be very afraid. Some websites are actually reaching back through your browser to inspect your surfing history without your knowledge or consent. At Krux we maintain a list of nefarious web data collection practices that need to be extinguished, and this one has been at the top for some time.
I’m glad to see Kashmir Hill calling attention to it in a recent post, though I was dismayed to learn that at least one DSP has been using the technique under the cover of ‘data quality testing.’
Let’s not just be afraid – let’s be skeptical. Saying that you’re engaging in a practice like this to ‘test the quality of your third-party data’ is like breaking into someone else’s house and stealing their furniture, all under the auspices of testing their security system. That dog don’t hunt.
If you’re curious, you can test how this works at a site called What The Internet Knows About You – an apt name. Mike Nolet, the CTO/Co-Founder of AppNexus, first wrote about potential abuses of this on his blog in 2008. His demo scans your surfing history to see which sites you’ve visited, compares your list to the Comscore 1000, and guesses your gender based on the sites you visit.
The good news is that the web browser community is treating this as a security hole and working quickly to plug it. Rogue browser history collection doesn’t happen in Safari and Chrome. Mozilla is fixing the problem in Firefox 4. And you can prevent history inspection if you set IE to In Private Browsing – a modest step, though hardly a comprehensive fix.
The sooner websites and browser builders bring this practice to an end, the better our chances are of persuading increasingly skeptical regulators and legislators that our industry is cutting the crap and is genuinely committed to protecting consumer privacy. The FTC has certainly let their voice be heard, and it is abundantly clear that they don’t think we’re moving fast enough. If you doubt it, I recommend spending time with the 122 pages of supporting evidence.