I’ve been looking for a new bike on the Internet, just a brief search, but it’s had big consequences. You see, since then, I’ve been hounded by adverts for sturdy city bikes and versatile MTBs – whether I visit an obscure British music blog or a newspaper website. I’ve been bombarded with them for weeks now.
It’s a result of a super-swift online auction, Robert van Eijk explains. Van Eijk is a doctoral candidate and senior inspector with the Dutch Data Protection Authority in The Hague, the administrative authority that monitors personal details processing. He is hoping to be awarded his doctorate on 29 January for his study of the networks that share information that enables them to sell products and advertisements on the Internet. The methods used by these networks could very well be in conflict with our fundamental rights, such as privacy.
On request, Van Eijk gives a quick diagnosis of my web-surfing:
“Which browser do you use?”
“Google Chrome”
“And you log onto Chrome?”
“Yep”
“And you never log off?”
“Uh, no.”
“Do you ever delete cookies?”
“That’s a no, too.”
“So, you leave traces all the time.”
“Advertising firms like Google monitor everything you show any interest in very closely,” Van Eijk continues.
“There are all sorts of platforms that help advertisers to find potential buyers on various websites. Then there are parties that are very good at enhancing your tracking cookies. They try to stick as much information about you as they can on those cookies. They might not know precisely who you are, but they know which browser and which computer you used and that you’re looking for a bike. An extremely rapid online auction decides who can fill in the advertising space with adverts on the websites you visit. It’s called real-time bidding.”
All those actions take place within a fraction of a second, in ever-expanding networks that collect that information, enhance it and trade it. “From a marketing point of view, you’re a fish they’re reeling in. Next, companies can make offers: those adverts that flash up on your screen.”
To find out how it’s run, Van Eijk listens in to the network traffic. “The server produces a host of answers, jigsaw pieces from different companies: one produces a picture, another a video clip, or a “like” button. I put all that information into a graph, it’s a spider’s web of all the parties who work together and contribute to a web page. It’s possible to apply algorithms to such networks and combine the data, so I can then investigate what is really happening: who’s sharing information about us with whom? And that means we can assess the legal aspects.”
What’s the issue with these networks? “Not being watched is a fundamental right. We mustn’t underestimate its importance. If all sorts of companies know when someone wants a bike, there could be drastic consequences. Snowden’s proved that very clearly.”
Edward Snowden worked for the American secret service, the NSA, and in 2013, he published a large number of documents about that organisation’s large-scale espionage operations.
“For instance, the NSA used tracking cookies to build profiles of certain people. Moreover, the system could also be used to contact you for other matters, like political advertisements. The more you know about a person, through analysing cookies, etc., the easier it is to influence a person, as became evident after the Cambridge Analytica scandal.” Cambridge Analytica used Facebook data and applied psycho-demographical algorithms to it to find out what people were thinking. That information was then used to influence their political preferences.
“We need to solve the problem of tracking cookies following us. We already have the “Cookie Act” in the Netherlands, but there’s proposal for a new European ePrivacy directive too. The directive will make it “forbidden” to use cookies “unless someone gives explicit permission”.
That’s a raising the bar considerably, but we really need to do it. A serious delay in Brussels is the main reason that the directive is not yet in effect, but I’m hoping that my study can help get it passed quickly.”
Van Eijk claims that you can make profiles of people without using cookies, i.e. “fingerprinting”. “For instance, browsers can allow access to sensors in mobile phones. That access is called an “application programming interface” and it physically reads the smartphone’s sensors’ properties. The properties of the chips or the battery in each phone are different, even if they’re made in the same factory, and you can use those differences to calculate a unique signature. We know that that kind of information is used for targeted advertising.
“I’ve come across fingerprinting in Hotjar, for instance, which is a tool used for analysing internet use. It’s more invasive than cookies, because it’s not visible to ordinary users, who are not usually specifically informed about it, either, when they visit a website.”
How does Van Eijk surf the Internet? “I type in the URL of the website I want to visit in a browser and click on very few links. I’ve set my browser, Mozilla Firefox, to delete all the cookies when I close it. I use social media, but only for functional reasons: LinkedIn and Twitter.
“I don’t have a smartphone, at least, not for personal use. I can use anything with a web-interface on my computer anyway, which gives me far more control over the information I don’t want collected. I want to be able to see clearly what happens to my data, and that’s more difficult on a telephone. It’s a habit I’ve picked up from my job.”
> Read more about Bodycams and trigger-happy cowboys