Who is looking at who?

Analysis of website usage is a huge part of understanding how to improve websites, how to give visitors a better surfing experience and how to maximise the time a visitor spends on a site ( potentially purchasing items while they are there ). SEO, or search engine optimisation, goes hand in hand with site analysis providing the initial lure in getting users to your site. A successful marriage of the two is what makes a great surfing experience.

There are 2 parts to analysing website usage. The first is to analyse the log data that is collected by your web-server, using discrete applications like Webalizer and Awstats, or an external system like Piwik or Google Analytics. The latter two options require you to add some tracking code to your website pages which triggers each time a visitor hits that page. These systems provide information such as visitor demographics, which pages are hit most often and what browsers or versions of browsers your visitors are using.

Traditionally though, most of the tracking by website owners is done using cookies, a small piece of information that is stored locally in the browser when visiting a website. The cookie can potentially store any kind of information including personal details that you’ve entered into the site, browsing preferences and browsing habits. The privacy issue raises its ugly head here because it’s unlikely that you would have been asked permission by the website to store this information. Cookies are generally harmless but due to their inherent nature, they can be used for harm too. On the other hand, using cookies can help your browsing experience. It’s a balance that tips one way or the other depending on which site you’re visiting. You can of course turn off cookie processing by the browser per site or globally in most browsers these days.

A new system ( amongst a number of competing options ) called DoNotTrack has become the standard in current browsers and allows a website to understand that it should not track your usage on a specific site. It’s implemented in an http header field and is currently undergoing ratification by the W3C. Chrome is the only browser out of the current crop that does not support DNT but it should be coming shortly.

The only issue with DNT is that it’s an honour system where the website has to voluntarily take your DNT status/request into consideration and action it. That’s not to say all sites will. And the web-server itself needs to support DNT for this to work in the first place. So DNT is not perfect but it’s definitely a start.

For more information on DNT, take a look at the Mozilla and DoNotTrack.us sites.

So to the title of this post – you’d be surprised how much information is being collected about you as you trawl the web. In fact it is quite scary. How would you know? Install an add-on called Collusion in your Firefox browser and you’ll be able to see the cobweb of links that are created as you surf. Collusion allows users to see which third-party advertisers are monitoring their activities across the Web, by creating a real-time graph of these tracking cookies. The graph shows the sites you have actually visited, each represented by a circle with a halo around it, with lines connecting it to cookies the site or its advertisers have placed on your browser, each indicated by a grey or red circle. The red circles represent behavioural tracking sites, which monitor the links you click on, content you view and searches you make. Grey sites are non-behavioural trackers, but may still follow you around.

Not only is tracking an invasion of privacy ( that you may or may not be concerned with ) but it’s also a serious security threat. Many companies are storing huge amounts of data about many people on the web. That data could be compromised by crackers or an insider could use that information to gain competitive advantage outside of the tracking company’s immediate mandate ( eg. blackmail ). There are many scenarios where tracking data can be a bad thing.

Consider an average day where you are photographed and surveilled by cameras, you clock into work using your electronic keycard and walk through your business place, browse the internet and send emails, purchase food and other household items, and rent your movies and music online. Your mobile phone has location-based GPS and provides location-based services. These in turn are integrated with online social services. Your car’s internal GPS stores information about where you’ve been ( and where your home is ). Every single facet of your life is being catalogued and analysed, mostly in a bid to provide more focused sales and tailored services. But nefarious parties also have access to this data and that’s why we need to be more vigilant in what we do online and in our daily lives. Online banking fraud, predator stalking and physical harm are just some of the serious issues that can occur as a result of information that has been collected about us.

Privacy is something that is entrenched in our constitution ( and those of many other countries ), yet our online and electronic presence is mostly treated with little focus on privacy. It’s a worrying state of affairs. DNT is just one tool that can make your life that much more secure. Hopefully many more websites will start incorporating DNT policies into their systems, honouring the privacy that is your due.

Robby Pedrica

Robby Pedrica is a storage and security specialist providing IT and ITSM consulting services in Southern Africa to SME and Enterprise clients. With 20 years of experience, and numerous certifications, Robby excels in niche areas such as systems monitoring, load balancing, advanced storage functions like virtualisation, backup and replication, virtual security appliances, and FOSS software infrastructure such as web, email and application servers. He also runs 'Robby Pedrica's Tech Blog' expounding the mantra of security, security, security.

robbypedrica has 22 posts and counting.See all posts by robbypedrica

Pin It on Pinterest