Category

Information Security

Permanent Impressions – how what you do online defines you forever

By | Information Security | No Comments

by Fred Kenowski

Imagine strolling through the mall, visiting several stores, trying on some clothes, and reading a magazine that you picked up at Barnes & Noble while you sip your coffee from Starbucks.  Each stop you made and each item you purchased left some impression.  Maybe you had a nice conversation with the sales associate that helped you in the fitting room or the barista that made your drink.  Likely, those encounters won’t leave lasting memories.  The most enduring impression may be the credit card or the Starbucks rewards app you used to make a purchase.  You might also be on a few security cameras.  Maybe also, you have some store apps with location tracking that notify you of a deal when you walk in.  All of these things could leave a lasting impression with a store.  Each of these impressions or encounters leaves a trail or fingerprint.

Now, think of the mall as the internet and each store as a website.  Each store is a business trying to sell you as much as they can.  They want to remember what items you look at and what you buy.  All of this is much easier to do through the internet than in a mall.  Some stores are owned by the same corporate conglomerates and some are independent.  Some data is easily shared between stores helping to create a better profile of your shopping behavior.  However, when you visit a website, you are anonymous unless you create an account and make a purchase, right?

Actually, you’re not as anonymous as you might think to that website you are visiting.  Your browser shares a wealth of information about the computer you are using.  It doesn’t share your name but, it does provide information about the resolution of your monitor(s) or handheld device, the operating system you are using, the specific browser version you are using, and even what fonts you have installed.  It also shares many more seemingly mundane details.  All these details add up to make your unique, digital fingerprint (See for yourself).  Unlike with a real fingerprint, nobody is scanning that last item you touched at the mall or running a DNA test on the coffee you drank to better identify you (hopefully).

So why do I care if my digital or real fingerprint is unique and people can see it?  My fingerprint isn’t known to anyone so how does it help a website to track it?  Well, chances are you visited quite a few stores on the internet looking for the best deal and your digital fingerprint is being collected by each of those sites.  Those sites that share information with affiliate sites can now combine that information to begin creating a partial profile of your viewing behavior.  Remember that stop to read a magazine at Barnes & Noble or instead on the web when you went to TMZ to find out what Kim Kardashian was wearing last week so you could buy that dress?  News sites rely on advertising and those advertisers are keen to track who you are and what you read to better target you with the items you want to buy.  The kicker here is that the advertising is typically fed in from a larger advertising network which is distributed across thousands of sites.  Much like the stores with shared owners, these ad networks are collating your profile across many independently owned news sites.  The stores in can turn can pay for this information to better target your profile.

Are we still anonymous at this point?  Let’s say for the sake of argument that we are but that this anonymous profile has grown quite substantially and can be confidently linked together via your unique fingerprint.   Now, you’ve done your homework and you’ve found a great knockoff of that Kardashian dress and you’re ready to buy.  So, you create an account (or you don’t) and you put in your payment method, name, and shipping address.  At this point you are no longer anonymous to the site you are making a purchase from.  Along the way though, you left quite a trail with your unique fingerprint.  Each place that fingerprint was shared via common owners or ad networks has now potentially left an indelible profile of your online behavior.   All of this is now linked to your name and home address.

This is just one very common scenario through which you expose yourself daily on the web.  There are much more complex methods for uniquely identifying users.  Some banks even track biometric factors such as mouse movement and keystrokes for fraud prevention but these same techniques have also been used for more malicious purposes such as gathering insider trading information or compromising information about prominent individuals.

 


 

Grey Market Labs is a Public Benefit Corporation founded with the social mission of protecting life online for people and organizations. Focused on building the most comprehensive and realistic counter-exploitation platform for the enterprise, our software and hardware products are creating a future with privacy-as-a-service. Our Opaque platform delivers proactive internet protection from the moment of access to countering exploitation of digital interactions, behavior and activity. Bottom line, we prevent digital exploitation and stop the targeting of corporations, agencies and their employees online.

Contact us to see how we can work together.