A recent study, Online tracking: A 1-million-site measurement and analysis, conducted by researchers at Princeton University discovered that Google is tracking users on nearly 80 percent of all of the Top 1 Million Domains. How are they doing this? Not surprisingly, they’re using a variety of tracking and identification techniques and they’re doing it for the obvious reason: To manipulate you. In the beginning tracking you was just about getting you to buy stuff; now, it’s evolving, and in the future, it will be all about subtle, insidious manipulation.
Over the years we’ve seen a succession of these techniques, collectively known as “fingerprinting,” employed in the tracking of Internet users. HTTP cookies were arguably the first method used (1994 appears to be the first year they appeared in Web browsers) which was way before Google appeared and those were easily circumvented with cookie management tools. After that, the race for organizations to effectively track you at higher and higher levels of accuracy was on.
Alongside these active technique has been passive fingerprinting which is based on detecting a whole list of client-side attributes including the client's TCP/IP configuration, OS fingerprint, IEEE 802.11 (wireless) settings, and hardware clock skew. You can find an excellent example of how much data can be gathered by both active and passive fingerprinting on the Electronic Frontier Foundation’s Panopticlick site.
For my browser, Panopticlick reckons my browser fingerprint appears to be unique among the 135,923 tested so far and “we estimate that your browser has a fingerprint that conveys at least 17.05 bits of identifying information.” 17.05 bits may not sound much but it’s more than enough for me to be tracked fairly closely as I meander across the ‘Net. Now we have a new technique that Panopticlick has yet to implement that’s going to become widely used to improve the accuracy of identifying users online: The technique is called audio fingerprinting
Audio fingerprinting relies on testing the audio subsystem of your browser through the AudioContext API. The World Wide Web Consortium explains that the API is:
The organizations doing tracking this way send low-frequency sounds to the user’s browser and measure how the audio data is processed. This creates a fingerprint that depends on the user's hardware and software capabilities and configuration at a level of detail that makes it possible to distinguish individual user; in other words, it produces a measurement that has enough bits of identifying data to be useful for fingerprinting.
This page tests browser-fingerprinting using the AudioContext and Canvas API. Using the AudioContext API to fingerprint does not collect sound played or recorded by your machine - an AudioContext fingerprint is a property of your machine's audio stack itself. If you choose to see your fingerprint, we will collect the fingerprint along with a randomly assigned identifier, your IP Address, and your User-Agent and store it in a private database so that we can analyze the effectiveness of the technique. We will not release the raw data publicly. A cookie will be set in your browser to help in our analysis. We also test a form of fingerprinting using Flash if you have Flash enabled.
Apparently this technique is not yet in broad use but it’s pretty much guaranteed that in short order, it will be.
So, where will this all end? Will we ever be able to have a truly private online experience? For 99.99% of Internet users that answer is almost certainly “no” and of those people, pretty much all of them won’t care. Sure, they’ll hate the intrusive advertising and they’ll complain about the lack of privacy when they’re reminded of it but what they won’t be aware of will be how much their view of the world will be, shall we say, “curated.”
When large corporations, particularly Big Media, know who you are and where you go online and can then slice and dice your behavior with statistics and AI software to figure out what drives your interests and decision making, there is a 100% chance that data will be used for both commercial and political ends. And you’ll hardly be aware of the degree to which you’re being manipulated.
So, here's the future: You won’t have to welcome our overlords robotic or otherwise. You'll happily do what they want because you'll think it's what you want and you won’t even know they’ve taken over.
Comments? Thoughts? Suggestions? Send me some closely surveilled feedback via email or comment below then follow me on Twitter and Facebook. The NSA does, why shouldn’t you?