The web is watching you. Chunks of code hide inside every website, tracking your online behaviour.
Now, a pair of computer scientists have published their attempt to spy back. They audited 1 million of the most popular websites for tracking behaviours – more than anyone has looked at before. Their investigation gives new insight not only into what sites might know about you, but how they’re figuring it out.
Studying a million websites is hard. To do it, Arvind Narayanan – who heads the Web Transparency and Accountability Project at Princeton University – built a tool called OpenWPM with graduate student Steven Englehardt. OpenWPM can visit and log in to websites automatically, taking more than a dozen measurements of each one. It took two weeks to crawl through the top million websites, as ranked by web traffic firm Alexa.
Narayanan and Englehardt discovered that many trackers are sharing the information they gather with at least one other party, sometimes dozens of times. The audit also revealed several previously unknown “fingerprinting” techniques that sites are using. Here, the website asks the browser to perform a task that is hidden from the user. The site then fingerprints individual machines based on slight differences in their performance. Trackers used to do this by watching how the browser draws a graphic; now, they check what fonts are installed or how the browser processes audio. A couple of trackers even gathered the device’s battery level.
“The audit found that some websites were asking for data on a visiting…