When you surf the web, you are always providing information and data. It’s how the internet works. You send data to your internet service provider as well as various companies and apps/services. However, what you might not realize is how personal this data can become, or what companies can decide to do with it.
Recently German journalist Eckert and data scientist Andreas Dewes decided that they wanted to create an experiment on user data and anonymity. To do so, they created a fake marketing website with a linkedin page. They filled the site with convincing copy about their deep-learning algorithm and how they want to examine mass amounts of user data to better market to consumers.
— Svea Eckert (@sveckert) July 27, 2017
From here, they decided to reach out to “nearly a hundred companies, and asked if we could have the raw data, the clickstream from people’s lives.” Since the pair were looking only for German companies and German data, it took a bit longer than they initially planned. “We often heard: ‘Browsing data? That’s no problem. But we don’t have it for Germany, we only have it for the US and UK.”
However, the pair eventually got the data they needed–for free nonetheless, from a data broker which was willing to let them test their new platform. Initially the set of data was anonymous, but with a few simple tricks, the pair soon began to unravel threads quite easily.
Dewes used many methods to de-anonymise the data, but none of which are especially brilliant or expensive. He simply found a long list of URLs and timestamps and then started to categorize them. For example, some pages on the internet are only visited by one person. Take for example, a personal analytics Twitter page. It is only visited by one user which can then be identified. By collecting a mere 10 URLs, Dewes was able to start to create fingerprints and identify users.
Considering the FCC’s recent Broadband Privacy reversal, this experiment is a sobering prediction of what could soon become everyday reality. It shows there are very real and personal consequences when internet service providers can freely sell your web browsing history.
Since only two people could create a fake marketing company to find the browsing history and identify the habits of thousands of people, how hard do you think it would be for an entire team of hackers, or a shady marketing firm? The fact that only two people were able to accomplish should mean something. Either that ISP’s need to stop hoarding user data, or that you–the end user, need to take privacy into your own hands and start encrypting your data with a powerful VPN.
When using a VPN to encrypt your data, Internet Service Providers can’t make sense of your data or see the websites you visit. This means that if a fake marketing company comes along and buys your encrypted data, they can’t reveal anything about who you are, what places you like to shop online, or anything else that is personal to you.