Join 3,512 readers in helping fund MetaFilter (Hide)


Track Record
July 30, 2010 4:32 PM   Subscribe

The Wall Street Journal investigates web snoops. The 50 sites installed a total of 3,180 tracking files on a test computer used to conduct the study. Only one site, the encyclopedia Wikipedia.org, installed none. Twelve sites, including IAC/InterActive Corp.'s Dictionary.com, Comcast Corp.'s Comcast.net and Microsoft Corp.'s MSN.com, installed more than 100 tracking tools apiece in the course of the Journal's test.

More from the WSJ project:

The Web's New Goldmine
How to Avoid the Prying Eyes
What They Know About You
Analyzing What You Have Typed
What They Know: A Glossary
Tracking the Trackers: Our Methodology

Watch what you click though: The Journal also surveyed its own site, WSJ.com, which doesn't rank among the top 50 by visitors. WSJ.com installed 60 tracking files, slightly below the 64 average for the top 50 sites.
posted by chavenet (59 comments total) 24 users marked this as a favorite

 
Metafilter installs 26(!) Tracking files, Matt, you evil bastard!
posted by Mick at 4:35 PM on July 30, 2010 [1 favorite]


c is "tracking tools"
posted by radiosilents at 4:36 PM on July 30, 2010


Can someone break down what this means for the tech-illiterate?
posted by PostIronyIsNotaMyth at 4:37 PM on July 30, 2010 [1 favorite]


well i know i just cleared my cookies
posted by nathancaswell at 4:37 PM on July 30, 2010


Forgot to link to the handy infographic.
posted by chavenet at 4:43 PM on July 30, 2010


I notice they didn't add wsj.com to their survey, would have been nice to see how they stack up against the rest.
posted by bjrn at 4:48 PM on July 30, 2010


The Journal also surveyed its own site, WSJ.com, which doesn't rank among the top 50 by visitors. WSJ.com installed 60 tracking files, slightly below the 64 average for the top 50 sites.

posted by nathancaswell at 4:51 PM on July 30, 2010


The Journal also surveyed its own site, WSJ.com, wh

Sorry about that. Forgot to switch off keylogging.
posted by Smart Dalek at 4:52 PM on July 30, 2010 [4 favorites]


One good reason to stop looking up words on Dictionary.com. Spelling doesn't matter than much on the internet anyway. Right?

The annoying this is - if this is the same thing - my blog was inaccessible to a good number of people including me because of a cookie tracking site that froze the downloading of the site while it gathered info. I don't think there is any way around this technology.
posted by Rashomon at 4:58 PM on July 30, 2010


1. Install Ghostery.
2. Restart FireFox
3. Tools | Ghostery | Manage Options | Blocking
3a. Blocking = On
3b. Select = All
3c. [Save]
4. ???
5. No profit from tracking.
posted by clarknova at 5:00 PM on July 30, 2010 [6 favorites]


Shit, I wonder what Dictionary.com's going to sell me from all the scrabble words I'm looking up to see what they mean.
posted by not_on_display at 5:00 PM on July 30, 2010 [1 favorite]


I don't know about other browsers, but a combination of Greasemonkey, the Autocomplete On script and Firefox's excellent password management means that I can set Firefox to delete all cookies on exit without anything but the most minor inconvenience.
posted by mhoye at 5:05 PM on July 30, 2010


When I delete all my cookies I have to re-log-on to sites such as metafilter, gmail, &c. Is there a way to block all cookies except these logins that would be very convenient to keep?
posted by bukvich at 5:06 PM on July 30, 2010 [1 favorite]


OMG COOKIES EVERYBODY PANIC
posted by GuyZero at 5:07 PM on July 30, 2010 [9 favorites]


1. Install Ghostery.

Thanks. Hopefully this is an equivalent to "Adblock Plus" for trackers.
posted by stbalbach at 5:08 PM on July 30, 2010


I know everyone hates cookies but I've had two jobs that are basically built on the existence of browser cookies and if you people keep deleting them I may be out of a job someday so you, do it for the kids. My kids. Leave those cookies alone.
posted by GuyZero at 5:11 PM on July 30, 2010


"When I delete all my cookies I have to re-log-on to sites such as metafilter, gmail, &c. Is there a way to block all cookies except these logins that would be very convenient to keep?"

All browsers should have some way you can manually inspect and delete cookies. On Opera Tools/Preferences/Cookies/Manage Cookies gets you to the Cookie Manager, where you can scroll through the little buggers and delete everything you don't want, whilst keeping the delicious cookies from sites like Metafilter.
posted by Kevin Street at 5:12 PM on July 30, 2010


Cookie panic in 2010? This retro thing is getting out of hand.
posted by Ian A.T. at 5:18 PM on July 30, 2010 [5 favorites]


Many web sites "track" individuals, either using cookies or web bugs. For some sites, the tracking is necessary, so that sites know who you are after you login. Without this info, sites can't (easily) offer personalization, shopping carts, etc.

Cookies are the official way to do this kind of tracking. Web bugs are usually 1x1 transparent pixels that roughly do the same thing.

Privacy issues come into play when web sites start using various tracking technologies for potentially unsavory purposes. For example, not only can the site you are at set cookies, but so can advertisers and other third-parties. This allows these web advertisers to track your behavior across a number of sites (potentially, depending on how extensive their advertising network is).

One of the biggest risks from these technologies is behavioral advertising. Given that I know what kinds of sites you tend to go to, and what kinds of pages you tend to view, I can serve up more appropriate and relevant ads. But this kind of data collection also (rightfully) scares people, because it can also be correlated and possibly combined with other data sources to give me a richer view of who you are.

One big canard in the articles is that the number of tracking bugs matters. It doesn't really matter, since one kind of tracking is just as effective as 100 if it's from the same site. (This is sort of a subtle argument. Basically, the web site you are at only needs 1 cookie to operate. Each of the third party advertisers only need 1 cookie. Everything else is redundant. In practice, some sites send lots of cookies for their site because their web server is configured that way, but it usually isn't something to get worried about).

So what does this mean? It's actually hard to say because there is little transparency about how this gathered data is used. Advertisers are struggling to define rules and opt-out policies in an attempt to stave off regulation from government. I haven't followed things too closely, so I don't know the current status of these efforts.

How to protect yourself? A good practice is to deny all third party cookies (I've only ever seen one legitimate use of third-party cookies ever), and set your browser to clear out all cookies when closing the browser. Periodically, you should also clear out your Flash cookies (they are stored separately, and is a minor pain to do). I don't know of a good way to prevent 1x1 web bugs, I think there are some addons for that.

The downside is that you'll have to login to some sites more often, but in practice I've found it isn't that bad. I've also seen some sites run a bit slower because they are having a harder time downloading ads (because I'm blocking third-party cookies), but again, I've found this to be an acceptable tradeoff.

Note that my suggestions are somewhat of a tragedy of commons problem too. It's essentially the same as installing AdBlock. If too many people block ads / block cookies, then some advertisers will balk, and some web sites will no longer have a viable business model. Hence, it really is in both everyone's best interests to make it a win-win situation, offering better ads while also offering real privacy to end-users.

Also note that there are some potentially really really big privacy issues with cookies and sites like Facebook, which has been joining forces with sites like Yelp and others. Facebook's goal is to let other sites use their social graph and offer personalization. This essentially means that Facebook becomes a third-party tracker as described above. I don't know enough about how the Facebook system works, what kinds of data are collected, and what kinds of data are shared between FB and affiliates, but I suspect if you aren't logged into Facebook, then they can't track you (but you don't get personalization on other sites). Please correct me if I'm wrong.

So to summarize: these kinds of trackers are necessary for the web to work today, but can also be used in some undesired ways. You can set some basic settings in your browser to block the vast majority of these trackers.
posted by jasonhong at 5:19 PM on July 30, 2010 [19 favorites]


> The Journal also surveyed its own site, WSJ.com

Man, are there egg cookies on my face or what?
posted by bjrn at 5:20 PM on July 30, 2010


It's a byproduct of the world we live in, where most of us have no idea how the tools we use actually work. The more that things just automagically seem to know what we want or need, the less we trust them, because who can tell what's really going on beneath the surface.
posted by Kevin Street at 5:22 PM on July 30, 2010 [1 favorite]


Is there a way to block all cookies except these logins that would be very convenient to keep?

All browsers should have some way you can manually inspect and delete cookies.


If you're going the occasional-manual-deletion route your best bet is installing CCleaner and adding the sites you want to the whitelist. It's under Options | Cookies and is pretty self explanatory after that. Once you have metafilter, gmail, and so on added to the "Cookies to Keep" list, just right click on your recycle bin and choose "Run CCleaner" instead of "Empty Recycle Bin".

But that's not really what he was asking. A cookie whitelist for the browser itself would make a great FF add on.
posted by clarknova at 5:23 PM on July 30, 2010 [2 favorites]


And as it turns out, there are a lot of FF add ons for cookie management.
posted by clarknova at 5:30 PM on July 30, 2010 [1 favorite]


Anything like CCleaner for Macs?
posted by foxy_hedgehog at 5:33 PM on July 30, 2010


Anything like CCleaner for Macs?
posted by foxy_hedgehog at 8:33 PM on July 30


Washing Machine.
posted by four panels at 5:44 PM on July 30, 2010


Haven't seen it mentioned yet, so:
Abine Privacy Manager (with TACO. Not as tasty as it sounds).
posted by Emperor SnooKloze at 5:44 PM on July 30, 2010 [1 favorite]


We need a Cookies for Cookies program.

You sign up for C4Cs, authorising C4C affiliates to leave cookies on your machine and to use web bugs to track you. C4C keeps track of how many cookies you have, how often they're updated, how valuable your data is to particular affiliates, and so on.

And at the end of the month, using an algorithm that makes PageRank look like throwing darts, you receive actual cookies in the mail, or an e-voucher to buy your own cookies.
posted by obiwanwasabi at 5:57 PM on July 30, 2010 [4 favorites]


This essentially means that Facebook becomes a third-party tracker as described above. I don't know enough about how the Facebook system works, what kinds of data are collected, and what kinds of data are shared between FB and affiliates, but I suspect if you aren't logged into Facebook, then they can't track you (but you don't get personalization on other sites). Please correct me if I'm wrong.

I don't have a cite, but I think I remember reading otherwise. There was a thread here recently that provided an adblock entry that would block Facebook on all sites except facebook itself (or something like that):

||*.facebook.*^$domain=~facebook.com|~127.0.0.1
posted by inigo2 at 5:58 PM on July 30, 2010


Cookie party, cookie party!
posted by Artw at 6:08 PM on July 30, 2010 [1 favorite]


I'm not bothered about tracking cookies as an advertising business model. I like getting good stuff for free on the internet, and the more money that content creators are able to get from advertising, the more good content I get. If you are especially concerned about privacy they are easily bypassed.
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 6:12 PM on July 30, 2010


Tracking cookies give you autism.
posted by Artw at 6:14 PM on July 30, 2010 [2 favorites]


Instead of dictionary.com, I've been using google's "define: whatever" thing. (probably this feature is news to no one).
posted by smcameron at 6:16 PM on July 30, 2010 [1 favorite]


I've been using google's "define: whatever" thing. (probably this feature is news to no one).

You can also SMS 46645 (GOOGL) with something like "d whatever" to get the same thing.
posted by clarknova at 6:36 PM on July 30, 2010


Seconding the CCleaner approach, that's what I do to keep things tidy.
posted by arcticseal at 6:52 PM on July 30, 2010


It doesn't matter if you clear you cookies or block them. You ip address and other vectors like your browser version and referrers give you away. Nothing you do online is private. Sadly.
posted by humanfont at 7:13 PM on July 30, 2010


"Tracking cookies give you autism."

I first misread that as "Tracking cookies gives you autism" and it was just as funny.
posted by klangklangston at 7:33 PM on July 30, 2010


When I delete all my cookies I have to re-log-on to sites such as metafilter, gmail, &c. Is there a way to block all cookies except these logins that would be very convenient to keep?

I suggest LastPass for a password manager. Type one password when you first open your browser, and it will auto-login to the sites of your choosing. More secure than Firefox's password manager, for varying values of 'secure'.
posted by komara at 7:48 PM on July 30, 2010


As inigo2 mentioned, here's how to use Adblock to block Facebook's login tracker thingy on non-Facebook sites.
posted by Evilspork at 7:57 PM on July 30, 2010


Haven't seen it mentioned yet, so:
Abine Privacy Manager (with TACO. Not as tasty as it sounds).


I use this. One day last week I stopped 1800 tracking attempts after a days web usage.
posted by a womble is an active kind of sloth at 9:40 PM on July 30, 2010


Is there a way to block all cookies except these logins that would be very convenient to keep?

It's easy as pie in Firefox. I'm no expert, so someone should correct any errors in this comment, but this is what I did:

Go to Tools > Options and unclick "Accept cookies from sites". You can also just unclick "Accept third-party cookies," which come from the real assholes that do most of the obnoxious tracking.

Then click "Show Cookies" and be shocked at how many you see there. I just deleted them all and started over, but if you like you can scroll through for an hour or so and keep just the sites you want (some of them will probably track you, but that's the price you pay for some sites). Then continue your normal browsing with cookies off, and when you get to a site you feel actually has a good reason to place a cookie, go to Tools > Options, click "Exceptions," type in the basic address of that web site and choose either "Allow for Session," which deletes that site's cookies when you close the browser or "Allow," which lets them stick around for as long as they want.

I think that covers it - a fairly simple way to "block all cookies except these logins that would be very convenient to keep."
posted by mediareport at 10:17 PM on July 30, 2010 [1 favorite]


Oh, and I'm never going to dictionary.com again as long as I live.
posted by mediareport at 10:20 PM on July 30, 2010


Hmm. Mac option? Can't seem to find it; assumed under preferences.
posted by klangklangston at 10:31 PM on July 30, 2010


Nothing you do online is private.

Mmm...no. Most IPs don't reveal personally identifiable information. And a browser version, screen resolution, OS, and referrer seldom divulge much about any particular person.

There are exceptions, of course. But, absent cookies, odd network configurations, and unusual nefariousness, the average schmo's online activities are effectively private---unless s/he voluntarily overshares.

Cookies on the other hand, can be traced to a single computer and may exist primarily to invisibly and automatically communicate personally identifiable information. The decision to accept or delete them should be based on this rather unique characteristic.
posted by diorist at 10:56 PM on July 30, 2010


thank you for this and all comments.

i've just spent the last 45 minutes resetting my browser's behavior with all my newly gifted insights.
this justifies the 5 measly bucks i spent to get in this asylum a thousand times over.

who wants cake?
posted by artof.mulata at 2:05 AM on July 31, 2010


It's no excuse and I'm as annoyed as anyone else with all the tracking, but a site that installs 100+ tracking tools is a sign of terrible IT cooperation, not an evil master plan. It's like every fiefdom in their marketing department created an "initiative" to track user data without checking to see if one exists. If you want a silver lining, the one thing those folks are worse at is putting together meaningful metrics. I imagine dictionary.com knows I am an African-American/ Filipino/ Caucasian man-woman between the ages of 74 and -19 with some form of offspring that live in Antarctica.
posted by yerfatma at 7:06 AM on July 31, 2010 [2 favorites]


So, is there any Firefox extension to both whitelist domains and enable/hide these cookies during a browser session?
posted by daksya at 7:42 AM on July 31, 2010


FWIW, Opera has excellent, fine-grained cookie mgmt.
posted by five fresh fish at 7:59 AM on July 31, 2010


What's the best way to manage cookies in Chrome? I've just switched from Firefox, where I could clear them out every time I closed my browser.

I'm on a Mac, if it matters.
posted by misha at 9:47 AM on July 31, 2010


cookies are not the issue --you can easily control those via your browser. it's the out-of-browser tracking devices installed via ADOBE FLASH called LOCATION SHARED OBJECTS (LSO's) that are the real serious problem.

i am on an old mac i have had to undust after my newest 'puter when kaput. on the new 'puter i basically had ramped up privacy via several firefox addons. well, once i installed them on this computer, i got rid of 1757 LSOs that had been residing on this computer's hard drive.

yes people, there were ONE THOUSAND SEVEN HUNDRED AND FIFTY-SEVEN little spying flash-based beacons on this computer that i just zapped to death this morning.

someone upthread suggested GHOSTERY, and of course there's ADBLOCK PLUS, but they will not be able to get rid of all the potential beacons you have residing in your ADOBE FLASH plugin folder. for that you need

BETTER PRIVACY FOR FIREFOX.
posted by liza at 10:40 AM on July 31, 2010


ugh. sorry, wikipedia entry on Local Shared Object.
posted by liza at 10:41 AM on July 31, 2010


Go to Tools > Options and unclick "Accept cookies from sites". You can also just unclick "Accept third-party cookies," which come from the real assholes that do most of the obnoxious tracking.
posted by mediareport at 1:17 AM on July 31


really good advice that should be considered basic privacy 101. just be aware that unless you whitelist sites like YOUTUBE, you won't be able to play their embeded videos (the ones you find on blogs or 3rd party sites, not the videos on their own site).
posted by liza at 10:47 AM on July 31, 2010


I don't think there is any way around this technology.

How about stop using public blogging software and code it yourself? Oh, right. Effort. Sorry.
posted by Civil_Disobedient at 10:51 AM on July 31, 2010


Related to LSO is this handy dandy tool which SHOWS you all the places flash has been: FLASH Control Panel and allows you to change how flash behaves. You can tell it not to allow 3rd party LSO's, you can set the amount allowed to zero globally (second tab) or you can do it on a site by site basis (6th tab).

Adobe keeps track of the browser/LSO history in a number of locations- check wikipedia for the details/list related to LSO files on a system.
posted by zenon at 11:42 AM on July 31, 2010 [1 favorite]


I've got Ghostery, NoScript, AdBlock Plus and RequestPolicy on FireFox. Am I paranoid? I don't know. Is there an add on to find that out?
posted by Splunge at 12:23 PM on July 31, 2010


The Flash control panel was excellent. Thx!
posted by five fresh fish at 10:28 PM on July 31, 2010


I just want to say "thanks" to those who pointed out the LSO wikipedia page and the Flash control panel. I really had no idea. I looked at the directory where the files were stored -- 515 separate folders from god only knows where built up over time.

I tried to use the Flash control panel to audit them, but after 10 minutes of doing something that seemed like processing all that cruft, my computer slowed to a complete crawl.

I rebooted and just deleted everything in that directory. I suspect I will see some amount of boost in performance.

This is a pretty interesting post overall. Great information to have. Creepy, too.
posted by hippybear at 7:04 AM on August 1, 2010


I'd love to see the WSJ test for some porn sites, and some gaming sites. Most would be off the scale, I imagine.
posted by DanCall at 2:00 AM on August 2, 2010


For better privacy, create countermeasures
posted by homunculus at 8:50 AM on August 3, 2010


I like Permit Cookies for Firefox.
posted by Chrysostom at 10:25 AM on August 4, 2010


« Older How to be alone. [SLYT]...  |  "Flower Warfare - Psychedelic ... Newer »


This thread has been archived and is closed to new comments