The other day, a friend and I were talking about how fun it was to check Google Analytics. When I asked her if she knew most of her readers, she said she could figure out who many of them were. Especially if they were outside New York. Especially if they were in some remote location.
Google Analytics, a fantastic tool for optimizing your website, can also be a precise tool for stalking. All you need to do is insert a bit of code in the header and you can know who has visited your website, how they came across your website, how long they visited your site, and whether they have been to your site before. I show on the left a screen shot of analytics on the visitors from Florida for one of my websites*. Since there is only one person accessing the site from each of Gainesville and South Miami, we can figure out how much time each person spent on the site. As my friend Rishabh would say, "Walk the walks, stalk the stalks."
We've recently seen that even if you use tools that supposedly hide you, there are still ways you can be tracked. Last month, Special Agent Thomas Dalton released this document of how he tracked down that the bomb threats to Harvard buildings during exam originated from a Harvard student hoping to avoid exams. To avoid detection, the student had used Tor, software that prevents others from detecting the IP address from which an action originates--akin to anonymizing a phone number before making a prank call. Unfortunately for the student, the Harvard network was able to figure out who was accessing Tor at the time the e-mail was sent, narrowing the suspect pool down to our perpetrator.
There are many ways that you can be exposed if you are among a small handful of people engaging in some behavior. Last month, I attended a fascinating talk by Mike Specter at MIT about how people can track searches of obscure terms. Mike had done a search for "Pentagon SMO code" and discovered there was a gov.cn (Chinese government) website showing up towards the top of the search results. He clicked on this website, he discovered that it showed its own search results for the terms--but not before tracking that he had visited the site**. Upon further investigation, Mike discovered that the site had performed search-engine optimization so that it could show up towards the top of the search results. Because search engines rely on automated algorithms, people can trick the algorithms into thinking their page is more important or more relevant to a given search term. This page used particularly insidious optimization techniques, including putting invisible comments called "pingbacks" on legitimate websites (such as the Yale University homepage) and using the .gov.cn domain so as to show up in all searches and not just searches in China. (Google personalizes results based on search location.) Mike found that this website showed up for many long-tail (obscure) searches, both relevant to the American government and otherwise. While it's not clear what this site is doing with this information (Mike speculates profit motives), what is clear is that people can easily be exposed while performing obscure searches.
While we can hope that researchers like Mike continue to watch out for us, we will also need to learn to watch our for ourselves. As our lives come to depend on increasingly complex technology, it is important for everyone to develop a basic level of technological literacy. It is clear that technology can be quite powerful in reducing and compromising internet privacy. It is up to us to define how much we allow: by raising awareness, by taking precautions, and by protesting when we find something to be unreasonable. As recent legislative decisions have shown, powerful people have been doing a lot of thinking about the future of the internet. It is up to us to make sure the future is not one in which we have no choice but to be exposed!
* Not this blog, guys. Florida readers, you remain anonymous here!
** How much the site can find out about you depends on the level of sophistication of the site and the measures you have taken to hide yourself. The WSJ has a nice widget at the top that tells you what they can find out about you. I show mine below.
Google Analytics, a fantastic tool for optimizing your website, can also be a precise tool for stalking. All you need to do is insert a bit of code in the header and you can know who has visited your website, how they came across your website, how long they visited your site, and whether they have been to your site before. I show on the left a screen shot of analytics on the visitors from Florida for one of my websites*. Since there is only one person accessing the site from each of Gainesville and South Miami, we can figure out how much time each person spent on the site. As my friend Rishabh would say, "Walk the walks, stalk the stalks."
We've recently seen that even if you use tools that supposedly hide you, there are still ways you can be tracked. Last month, Special Agent Thomas Dalton released this document of how he tracked down that the bomb threats to Harvard buildings during exam originated from a Harvard student hoping to avoid exams. To avoid detection, the student had used Tor, software that prevents others from detecting the IP address from which an action originates--akin to anonymizing a phone number before making a prank call. Unfortunately for the student, the Harvard network was able to figure out who was accessing Tor at the time the e-mail was sent, narrowing the suspect pool down to our perpetrator.
There are many ways that you can be exposed if you are among a small handful of people engaging in some behavior. Last month, I attended a fascinating talk by Mike Specter at MIT about how people can track searches of obscure terms. Mike had done a search for "Pentagon SMO code" and discovered there was a gov.cn (Chinese government) website showing up towards the top of the search results. He clicked on this website, he discovered that it showed its own search results for the terms--but not before tracking that he had visited the site**. Upon further investigation, Mike discovered that the site had performed search-engine optimization so that it could show up towards the top of the search results. Because search engines rely on automated algorithms, people can trick the algorithms into thinking their page is more important or more relevant to a given search term. This page used particularly insidious optimization techniques, including putting invisible comments called "pingbacks" on legitimate websites (such as the Yale University homepage) and using the .gov.cn domain so as to show up in all searches and not just searches in China. (Google personalizes results based on search location.) Mike found that this website showed up for many long-tail (obscure) searches, both relevant to the American government and otherwise. While it's not clear what this site is doing with this information (Mike speculates profit motives), what is clear is that people can easily be exposed while performing obscure searches.
While we can hope that researchers like Mike continue to watch out for us, we will also need to learn to watch our for ourselves. As our lives come to depend on increasingly complex technology, it is important for everyone to develop a basic level of technological literacy. It is clear that technology can be quite powerful in reducing and compromising internet privacy. It is up to us to define how much we allow: by raising awareness, by taking precautions, and by protesting when we find something to be unreasonable. As recent legislative decisions have shown, powerful people have been doing a lot of thinking about the future of the internet. It is up to us to make sure the future is not one in which we have no choice but to be exposed!
* Not this blog, guys. Florida readers, you remain anonymous here!
** How much the site can find out about you depends on the level of sophistication of the site and the measures you have taken to hide yourself. The WSJ has a nice widget at the top that tells you what they can find out about you. I show mine below.