Tracking the Trackers

By Rachel Nuwer
September 07, 2018

This article is from the Summer 2018 issue of EQuad News magazine.

Most software engineers opt for careers in the tech industry rather than academia, which makes university-based researchers all the more vital, said Arvind Narayanan, an associate professor of computer science.

“We can make the world better by working on the problems that the tech industry doesn’t focus on — or even actively ignores — because those things get in the way of busi­ness interests,” Narayanan said. “This includes trying to show how certain technolo­gies being deployed are not really serving so­ciety in the way that they should, and figuring out what we can do to realign those diverging interests.”

Online privacy, for example, is at odds with companies’ eagerness to gather as much information as possible about their users so they can better meet users’ needs — and market products to them. “Data brokers” specialize in collecting and selling personal in­formation, from age, gender, and address to a propensity for gambling or drinking. Users typi­cally have no idea their personal information is being scooped up, and there is a general lack of transparency about what is collected and how it is used.

This is where Narayanan and his research team come in: “We want to shed light on the dark corners of online tracking,” he said.

To track the trackers, he, graduate stu­dent Steven Englehardt, and postdoctoral researcher Günes Acar built a bot that visits 1 million websites each month and records everything that happens behind the scenes — from cookies to so-called fingerprinting technologies — to identify visitors. So far, they have found a number of privacy violations, including programs that either intentionally or accidentally collect sensitive information such as passwords and medical prescriptions.

“Websites can install scripts that basically act like someone watching over your shoulder and recording everything you do — every key­stroke, every movement — and then send all of that information to a third party,” Narayanan said.

By exposing the problem, he hopes to appeal to both policymakers and browser designers — whose technologies are essential for viewing and interacting with websites — to enact privacy protections.

“Putting the burden on individuals to protect themselves is not the best approach,” Narayanan said. “There are ways to take col­lective action so that we don’t sleepwalk into a surveillance society.”