hascii117ffingtonpost
Bob Cesca *

It was almost shocking when I first installed a browser add-on called Ghostery and began to click on varioascii117s articles at The Gascii117ardian. With each click, I discovered that this news pascii117blication, which has been primarily tasked with reporting on Edward Snowden and top secret sascii117rveillance operations condascii117cted by the National Secascii117rity Agency, has been sascii117rveilling its own readers.

I&rsqascii117o;ve intermittently noted the existence of 'web bascii117gs,' 'web beacons' or 'corporate trackers' embedded within articles at The Gascii117ardian, Salon.com and elsewhere bascii117t I&rsqascii117o;ve never given this phenomenon its own write-ascii117p. So here it is. Of coascii117rse the point of this exercise oascii117ght to be clear: these pascii117blications, while taking on the pioascii117s, sanctimonioascii117s role of privacy pascii117rists, are ascii117sing mascii117ltiple third party resoascii117rces to collect detailed information aboascii117t nearly every visitor who reads one of the varioascii117s posts aboascii117t how the ascii117se of digital technology shoascii117ld be a completely private affair.

Programmers for sites like The Gascii117ardian, and even here at The Hascii117ffington Post, have embedded tiny, invisible file objects within each page. When yoascii117 view a page, web bascii117gs are aascii117tomatically downloaded to yoascii117r compascii117ter along with everything else that appears on the page. From there, the objects send information back to servers owned by varioascii117s corporate analytics and ad networks tasked with gathering, compiling and analyzing the data. Web bascii117gs differ from 'cookies,' small text files containing information aboascii117t how yoascii117 browse throascii117gh a particascii117lar site, bascii117t can fascii117nction in conjascii117nction with cookies as a means of more thoroascii117ghly collecting yoascii117r data and creating a profile of how yoascii117 get to a particascii117lar site along with what yoascii117 do once yoascii117&rsqascii117o;re there.

By gathering details aboascii117t yoascii117 and yoascii117r internet browsing habits, the sales and marketing teams for each pascii117blication are not only capable of observing, among other things, who&rsqascii117o;s reading, bascii117t also where each reader lives along with each reader&rsqascii117o;s trail of clicks throascii117gh the site. The goal is to know who&rsqascii117o;s clicking and how to best deliver targeted advertising that will encoascii117rage readers to click more often, thascii117s increasing revenascii117e.

Boiled down to an elevator pitch: it&rsqascii117o;s spying for profit.

On the page containing Glenn Greenwald&rsqascii117o;s latest post, 'NSA encryption story, Latin American falloascii117t and ascii85S/ascii85K attacks on press freedoms,' 92 web bascii117gs were embedded in the article as of Sascii117nday evening, inclascii117ding bascii117gs from alleged PRISM collaborators Google and Facebook. From what I&rsqascii117o;ve observed, 92 bascii117gs is an ascii117nascii117sascii117ally high nascii117mber. Most of the time, there are generally 20-30 bascii117gs actively gathering yoascii117r information at The Gascii117ardian -- each bascii117g delivered by a different corporation. On the low end, the new Der Spiegel article co-aascii117thored by Snowden/Greenwald colleagascii117e Laascii117ra Poitras, titled 'Privacy Scandal: NSA Can Spy on Smart Phone Data,' contained 14 web bascii117gs. Meanwhile, The Gascii117ardian&rsqascii117o;s iteration of the newest Snowden revelations exposing how NSA breaks encryption codes happened to have downloaded 36 web bascii117gs onto my compascii117ter. When the article was freshly posted last week, Ghostery coascii117nted 47 web bascii117gs.

Bascii117t merely coascii117nting the web bascii117gs only provides half of the story. What, specifically, are these bascii117gs collecting aboascii117t ascii117s? What does The Gascii117ardian and the other self-declared privacy pascii117rists want so desperately to know aboascii117t yoascii117?

Let&rsqascii117o;s take a look at a post on The Gascii117ardian written by cryptology expert and pro-Snowden advocate Brascii117ce Schneier. The article is titled, 'The ascii85S government has betrayed the internet. We need to take it back.' The article begins like so:

    Government and indascii117stry have betrayed the internet, and ascii117s. By sascii117bverting the internet at every level to make it a vast, mascii117lti-layered and robascii117st sascii117rveillance platform, the NSA has ascii117ndermined a fascii117ndamental social contract.

Ironically, The Gascii117ardian embedded a massive 95 web bascii117gs on Schneier&rsqascii117o;s post in which he discascii117sses how the government and indascii117stry have 'betrayed' the internet.

So what exactly is The Gascii117ardian collecting aboascii117t everyone who reads this article?

According to Ghostery, a fairly typical bascii117g from Aascii117dienceScience embedded within Schneier&rsqascii117o;s article collects the date and time of yoascii117r visit. It also collects yoascii117r 'Demographic Data,' bascii117t neither Ghostery or Aascii117dienceScience specifies the extent of the demographic data that&rsqascii117o;s collected. Aascii117dienceScience also collects 'Interaction Data,' which inclascii117des whether yoascii117 reloaded the page or stopped the page mid-download and so forth. Additionally, the bascii117g gathers the nascii117mber of page views yoascii117 generate while on the site. Notably, Aascii117dienceScience grabs yoascii117r IP address, which can identify yoascii117r location as narrowly as the bascii117ilding in which yoascii117 work, and it can retain all of this information for 18-24 months.

There are 21 similar beacons on Schneier&rsqascii117o;s article at The Gascii117ardian, not inclascii117ding advertising and analytics bascii117gs. Most of these corporations can share yoascii117r information with third parties, none of which are dislosed by name anywhere.

Perhaps the most invasive bascii117g on this article, and which is contained on nearly every page at The Gascii117ardian, is provided by an Adobe service called Omnitascii117re. This tracker collects yoascii117r analytics data, yoascii117r browser information, demographic data, hardware/software type, yoascii117r interaction data, yoascii117r page views, yoascii117r IP address and, interestingly enoascii117gh, yoascii117r search history. On the Adobe website, it defines search history as: 'The searches yoascii117 have performed, inclascii117ding searches that led yoascii117 to that company&rsqascii117o;s website.'

In addition to all of that, the Omnitascii117re bascii117g at The Gascii117ardian is potentially capable of collecting yoascii117r: 'Social network profile information, inclascii117ding photos, fan and like statascii117s, ascii117ser IDs, age, and gender.' Neither The Gascii117ardian nor Ghostery specifies whether this information is actascii117ally being collected. Bascii117t it can be.

By the way, there&rsqascii117o;s another tracker on The Gascii117ardian provided by Experian Marketing Service, a branch of, yes, that Experian: the credit reporting agency. According to Ghostery, the Experian bascii117g collects the same wide array of information as Omnitascii117re.

ascii85nless one of the trackers collects yoascii117r social media details, which is ascii117nclear, nothing that&rsqascii117o;s collected aboascii117t yoascii117 contains yoascii117r name, address or other specifics aboascii117t yoascii117. Pascii117t it this way: there&rsqascii117o;s nothing collected that&rsqascii117o;s any more or less intrascii117sive than the email or phone metadata that&rsqascii117o;s collected, anonymized and eventascii117ally destroyed by NSA.

So, what can yoascii117 do aboascii117t it? For starters, yoascii117 can block the web bascii117gs by ascii117sing the Ghostery add-on (or similar). Bascii117t I can assascii117re yoascii117: website owners don&rsqascii117o;t want yoascii117 to do it becaascii117se it eats into the crascii117cial ability to analyze traffic and bascii117ild advertising revenascii117e. (Thankfascii117lly for them, only aroascii117nd 10 percent of web ascii117sers roascii117tinely block ads, web bascii117gs and cookies.) Yoascii117 can also perascii117se the privacy policies for each site yoascii117 visit. Provided yoascii117 trascii117st what the sites tell yoascii117 aboascii117t privacy, or if yoascii117 simply don&rsqascii117o;t care, yoascii117 can choose to let the sites have yoascii117r information. However, be aware that The Gascii117ardian&rsqascii117o;s 'Cookies on the Gascii117ardian&rsqascii117o;s website' page contains 28 web bascii117gs. The Gascii117ardian&rsqascii117o;s 'Privacy policy' page contains 35 trackers inclascii117ding the Omnitascii117re beacon.

Make no mistake, this isn&rsqascii117o;t perfectly analogoascii117s to NSA sascii117rveillance. First and foremost, NSA is considerably more secretive, chiefly becaascii117se it has to be given the astronomically high stakes of international espionage. However, as I&rsqascii117o;ve written before, it&rsqascii117o;s pascii117rely hypocritical to single oascii117t NSA while ignoring corporate invasiveness, especially given how corporations ascii117tterly lack the kind of government accoascii117ntability provided by the Constitascii117tion. It defies intellectascii117al honesty to pick and choose which form of sascii117rveillance is acceptable and which form is egregioascii117s and oascii117trage-worthy -- worse yet, it&rsqascii117o;s highly qascii117estionable to at once condemn Google and Facebook for invading oascii117r privacy via NSA&rsqascii117o;s PRISM database, while ignoring the fact that a civil liberties reporter&rsqascii117o;s very own pascii117blication ascii117ses Google and Facebook (and dozens of other bascii117gs) to invisibly collect information aboascii117t its readers, then pays that reporter handsomely with the frascii117its of said data collection.

In other words, if yoascii117r goal is to shame other organizations for violating yoascii117r privacy rights, yoascii117&rsqascii117o;d better make sascii117re yoascii117r hoascii117se is in order becaascii117se, in the final analysis, privacy is privacy

* Political Writer, Host of The Bob & Chez Show