NNSquad - Network Neutrality Squad
[ NNSquad ] Spying on User Web Browsing Histories for Fun and Profit!
Spying on User Web Browsing Histories for Fun and Profit!
http://lauren.vortex.com/archive/000682.html
Greetings. A bit over a year ago, I reported here about a commercial
firm using JavaScript tricks to pry into the site browsing history
of unsuspecting Web users, and I discussed the serious negative
implications of such spying
( http://lauren.vortex.com/archive/000498.html ).
Now comes a handy "do it yourself" guide detailing the kinds of obnoxious
techniques involved, under the name "Sniff browser history for
improved user experience" -- a quintessential example of how to
portray (that is, spin) an obvious privacy invasion as if it were a
user-friendly value proposition
( http://bit.ly/b5YZr2 [Niall Kennedy's Weblog] ).
It's not terribly surprising that the author of the piece devotes only
a couple of words to even the possibility that such techniques could
be used for "evil" purposes.
But what's perhaps even more nauseating is the pro-privacy-invasion
fan-boy comments to his article, mostly drooling over the
possibilities.
While the browser history voyeurism technique described is not without
some inherent limitations, it is more than powerful enough to be
abhorrent to almost anyone with even a modicum of ethical
sensibilities.
Turning off JavaScript is simply not practical for most Web users
these days, given the major dependence on JavaScript and AJAX
technologies at the heart of so many major (and less than major) Web
sites.
But I can't find any ethical loophole for the use of such browser
history surveillance techniques in the absence of affirmative and
fully-informed opt-in permission being given by users for such
intrusions.
I have no gripes with systems that collect browsing history
information when this behavior is appropriately disclosed and
explicitly agreed to by users in a voluntary manner (e.g., as is the
case with various special-purpose toolbar products).
However, when browser history collection isn't disclosed and
permission for that collection is not voluntarily granted, "sniffing"
of user browser histories is the textbook definition of spying --
plain and simple -- regardless of whether or not the Web site operator
claims that they're using the information collected only for "good"
purposes.
For some Web users, the information that could be revealed by the
application of such techniques could have health, safety, and even
perhaps national security implications (think about the browser
histories of law enforcement personnel, for example).
I'm not a lawyer, but I would assert that such spying should be
illegal -- if it isn't already a civil or criminal infraction in
various locales.
At the very least, I'd welcome the readership's suggestions as to
legal processes (notifications?) and/or technical methods to fight
back against anyone attempting to deploy these browser history spying
abominations. But please keep in mind the limitations of script
blocking plugins (that I described in my earlier blog posting), and
the impracticality of turning off all JavaScript for most users
( http://lauren.vortex.com/archive/000498.html ).
Any ideas?
--Lauren--
Lauren Weinstein
lauren@vortex.com
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
- People For Internet Responsibility - http://www.pfir.org
Co-Founder, NNSquad
- Network Neutrality Squad - http://www.nnsquad.org
Founder, GCTIP - Global Coalition
for Transparent Internet Performance - http://www.gctip.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein