It’s no secret: Every move you make on the Web is being tracked, recorded, compiled, and used to sell advertising or otherwise finance the sites that we all know and love. But such activity has come under increasing scrutiny from privacy advocates, and even the U.S. government. Which got me thinking: What are these companies that are doing the tracking? And which websites are they using to gather this information? Using two of the most popular anti-tracking extensions, Ghostery and Do Not Track Plus, I visited each of the top 100 most-visited websites in the U.S., according to Alexa, to dig a bit deeper into this whole tracking debacle.
In total, about 125 different companies or company products are used to track your online activity through the top 100 sites. Many of these are simple advertising networks — but others are particularly nefarious. To get a better sense of what each of these companies are, I reached out to attorney Sarah Downey, a privacy strategist for Abine, which created Do Not Track Plus. Based on her extensive research, here are some of the companies you should be most concerned about.
DoubleClick: One of the most prevalent trackers on the Web, DoubleClick was purchased by Google in 2008. The company specializes in ad delivery, analytics, and building user profiles. The problem with DoubleClick is its near-ubiquity, though there are some positive aspects. “Google says that they won’t collect user data that could be used to make guesses about sensitive categories, like political affiliations or medical conditions,” says Downey.
To opt-out of DoubleClick, click here.
Disqus: This has become one of the most popular third-party comment plugins on the Web. That’s because it provides some robust tools for website owners to help keep conversations civil, as all comments posted through Disqus by a single user are linked, dissuading trolliness. However, the service does carry its share of privacy concerns.
“People understand that the Disqus widget is a commenting system, but it’s also a tracking system. It follows a user’s activities across sites that use Disqus, even if the user is logged out,” says Downey. The info collected by Disqus includes IP address, browser version and installed plugins, and exit links — data Disqus refers to as “Non-Personally Identifiable Information.” However, this information can be used to de-anonymize users, when combined with third-party information. And because Disqus reserves the right to share you data with third-parties, such action could be taken. Furthermore, says Downey, “Disqus has come under fire for privacy issues after it published its users’ full commenting histories on user profile pages that were visible to the public.”
Disqus is opt-in only — if you use it, you are opting in.
Facebook Connect: Facebook Connect is a tool that allows third-party websites to let users log in using their Facebook credentials. The primary benefit is that it’s easy — you don’t have to create an entirely separate login to comment on the site. Problem is, logging in with Facebook Connect allows for far more sharing between the site and Facebook, explains Downey. This includes your “basic info” — age, gender, current location, hometown, email address, interests, and all pages you’ve “liked.”
But that’s just the beginning — relationships, the male/female make-up and size of your friends list, your education history, your friends’ education history, your work history, comment and wall post frequency, and how you interact with your friends can also be tracked and shared.
Facebook Connect is pseudo-opt-in-only, meaning that it can still gather information on you if one of your Facebook friends uses it, even if you do not.
Facebook Social Plugins: The “Like” buttons and other sharing buttons from Facebook allow the social network to track your Web browsing history without installing a cookie on your machine, says Downey. This gives Facebook the ability to “build a record of every time you load a page with embedded Facebook content,” according to the Electronic Frontier Foundation.
Opting-out is the same as Facebook Connect.
Omniture: Owned by Adobe and AKA Adobe Digital Marketing, Omniture is “one of the biggest players in the online ad industry,” says Downey. Omniture has been criticized for trying to hide its data collection processes. “They send data to a domain name that’s designed to look like a safe IP address: 192.168.112.2O7.net. Actually, the 0 in 207 is a letter O, as in Omniture,” explains Downey. “Critics said that Omniture and Adobe were intentionally trying to thwart firewall rules and inquisitive users.” Like DoubleClick and Facebook Connect, Omniture’s most troublesome aspect is its prevalence on the Web.
To opt-out of Omniture, click here and read the instructions.
KISSMetrics: An analytics and user profiling company, KISSMetrics allows customers to “go back and look at each person’s interaction history no matter where it happens, Web, mobile, social, desktop, and even offline,” according to the company’s website. As if that weren’t bad enough, the company came under fire earlier this year for using non-deleteable ETags to track users’ Web activity. The tracking tool was used on some major sites, including Spotify and Hulu, both of which have since stopped using KISSMetrics. In response, KISSMetrics itself overhauled its privacy policy, and stopped using ETags.
To opt-out of KISSMetrics, click here. (But be warned, the company does this by putting another cookie on your browser, and if you clear cookies, you automatically opt-in again.)
RapLeaf: RapLeaf is a “big data miner making extremely detailed consumer profiles,” says Downey. The company has also been in trouble in the past for selling information about Web users’ reading habits and other personal data to the Main GOP for election targeting, Downey explains, and for selling Facebook IDs to advertisers.
To opt-out of RapLeaf tracking, click here.
TargusInfo: Like RapLeaf, TargusInfo is a profiling and data enhancement company. It offers a service called CustomerComplete, which verifies people’s names, address, and phone numbers, and links those with secondary phone numbers, additional addresses, and email addresses. “It also scores customers on how valuable they are” to other companies, says Downey.
To opt out of TargusInfo data collection, click here.
Tynt Insight: Simlar to the previous two, Tynt Insight scans real-time user behaviors, including the tracking of copy and paste, which means “they actually see what parts of a page you are copying and pasting,” says Downey.
To opt-out of Tynt Insight, click here.
Baynote Observer: An ad delivery and user profiling company, Baynote Observer builds users profiles by tracking what you search for, which articles you read, what you share on social networks, geolocation, online purchases, links clicked, and videos watch. Baynote also supplements its profiles with third-party data and “like-minded user evaluations,” says Downey. The company specializes in on-site user tracking and ad targeting.
Baynote Observer does not offer way to opt-out.
AddThis: “Known for share and follow buttons, which are actually tracking users, AddThis tracks clicks, shares, viral lift, copied text and more,” explains Downey. The company even admits that “what you share and how you share it with” can say a lot about you — which is exactly the kind of insight AddThis sells its customers.
To opt-out of AddThis, click here.
This is just a sampling of some of the most troublesome trackers out there — and you may find others on the list below that are just as bad or worse. But this gives you an idea of what these types of companies are collecting about you.
To construct the list below, I visited the homepage of each website. It is possible that you will get different results if you are either logged in or logged out of a particular website, or if you visit different pages on that site. In other words, this is a very basic list, but it does provide a great deal of insight into who the companies are that float just beneath the surface of the Web to watch your every move.
1. Google |
51. Yelp
|
2. Facebook
|
52. NBCOlympics.com
|
3. YouTube
|
53. Content Moved (SecureServer.net) (none) |
4. Yahoo!
|
54. GoDaddy
|
5. Amazon
|
55. xVideos (NSFW)
|
6. eBay
|
56. Outbrain (website marketing)
|
7. Craigslist (none) |
57. Instagram
|
8. Wikipedia (none) |
58. Etsy
|
9. Twitter
|
59. NBC News
|
10. Windows Live
|
60. Adobe
|
11. LinkedIn
|
61. Target
|
12. Blogspot
|
62. Pandora
|
13. Bing
|
63. Conduit
|
14. Go
|
64. CNet
|
15. MSN
|
65. Blogger
|
16. AOL
|
66. Indeed.com
|
17. Pinterest
|
67. Hulu
|
18. Tumblr
|
68. Publishers Clearing House (pch.com)
|
19. The Huffington Post
|
69. Reddit
|
20. Netflix
|
70. Groupon
|
21. CNN.com
|
71. UPS
|
22. PayPal
|
72. AT&T
|
23. Ask.com
|
73. FOX Sports
|
24. ESPN
|
74. The Pirate Bay
|
25. Bank of America
|
75. Pof.com
|
26. AVG
|
76. AWeber Systems
|
27. WordPress.com
|
77. Answers.com
|
28. Babylon.com
|
78. BBC
|
29. The Weather Channel (Weather.com)
|
79. Searchnu.com
|
30. Chase Bank (Chase.com)
|
80. Search-results.com
|
31. Comcast
|
81. RedTube (NSFW)
|
32. Apple
|
82. U.S. Postal Service
|
33. Zedo (ad network)
|
83. XNXX (NSFW)
|
34. Walmart
|
84. Best Buy
|
35. About.com (none) |
85. Dictionary.com
|
36. Wells Fargo (none) |
86. YouPorn (NSFW)
|
37. xHamster (NSFW)
|
87. Match.com
|
38. IMDB
|
88. Salesforce.com
|
39. NYTimes.com
|
89. Road Runner (rr.com)
|
40. Microsoft
|
90. Washington Post
|
41. t.co
(none) |
91. Major League Baseball
|
42. LiveJasmin (NSFW) (none) |
92. Drudge Report
|
43. FoxNews.com
|
93. Capitol One
|
44. PornHub (NSFW)
|
94. Verizon Wireless
|
45. 302 Found (MyWebSearch.com)
|
95. USA Today
|
46. GoogleUserContent.com
(not directly accessible) |
96. Photobucket
|
47. Flickr
|
97. The Daily Mail
|
48. eHow
|
98. deviantART
|
49. optmd.com (none) |
99. Zillow
|
50. Imgur
|
100. MapQuest
|
In the spirit of full disclosure, here is the list for Digital Trends:
- AppNexus
- BrightRoll
- ChartBeat
- Facebook Connect
- Google +1
- Google Adsense
- Google Analytics
- LinkedIn Widgets
- NetRatings SiteCensus
- OpenX
- ScoreCard Research Beacon
- Twitter Button
Image via Petya Nikolova Petrova/Shutterstock