Web Beacons
In the Surveillance Society, Big Brother has a compulsion to monitor everything we do. The Constitution does not even contain the word “privacy,” but privacy rights have been inferred from portions of the First, Fourth, and Fifth amendments and embodied in law at all levels of government. The problem: in almost everything you do, at home or in public, you have voluntarily surrendered your right to privacy. We don’t have a choice. The most intimate details of our lives are an open book to any person or organization who knows how to turn the pages.
The Internet is often called the last bastion of personal freedom… freedom of expression, freedom of association, freedom of commerce, freedom of and from religion… and rightly so. But most of us would be surprised at the extent to which our use of the Internet is monitored and controlled.
If you are reading this online, you must at some point have signed up for an account with an Internet Service Provider. Dial-up, cable, DSL, it doesn’t matter– you said that you had read and agreed to the ISP’s terms of service. If you are reading this on someone else’s computer, whoever signed up for the service agreed that you and anyone else using that account would abide by those terms of service. But did you actually read them? Probably not. More likely you assume that the terms are “industry standard” (they probably are) and you really don’t have any choice (you probably don’t).
Here at Sten Gazette we had occasion to change ISP’s recently, and our requirements were pretty particular because of our privacy policy. So we read Terms of Service on thirty or forty web sites. Here is a verbatim quote from one of them: “You agree that we may monitor your usage of the system (including but not limited to e-mail, your hosted web pages, and other Internet activity) to ensure compliance with our Terms of Service.”
The Terms of Service include the privacy policy, which basically says “you agree” they can do anything they want with any information they collect about you. Naturally you make a mental note not to give them any more information than you have to, but you have probably already forgotten that you’ve already told them they can monitor your every keystroke. The best we could come up with was an agreement that our “use of the service will be in accordance with Federal, State, and Local Law.” But even this ISP reserves the right to enforce their terms of service.
Yahoo! is one of the few real success stories of the dot-com revolution. It got where it is by providing all sorts of useful features to its users, free. From web searching, through multiple e-mail accounts, to chat groups and online libraries of pornographic images, Yahoo! offers it all. Free. Along the way Yahoo! has given new meaning to several tired old cliches, to wit:
If it looks too good to be true, it probably is.
There’s no such thing as a free lunch.
The Devil is in the details
Yahoo! is not really free, if you read the details of their terms of service and their privacy policy. You pay by surrendering your privacy to Yahoo! and its advertisers, simple as that. We have long admired the lengths Yahoo! has gone to in order to conceal their inquisitiveness. The Devil is in the details, and the fine print of Yahoo!’s terms of service and privacy policy must be seen to be believed.
The length of a privacy policy is inversely proportional to the amount of privacy that it offers.
Yahoo!’s privacy policy is 1,378 words in length, and then some. The privacy policy is just one of the links on their much longer terms of service page, and the privacy policy itself contains more than a dozen links to other pages containing further detail, all of which is notionally included in what you agree to when you sign up. It is not practical, and may not even be possible, to follow every link and read every word, but you have to say you did!
In contrast, Sten Gazette’s privacy policy (to which there is a link near the top of every page) is stated in five words: “we respect your privacy absolutely.” The remaining 245 words or so on the page explain why and how we do it.
But Yahoo! has come up with a new way to invade our privacy, and it’s the last straw– We’ve begun the process of getting rid of every last connection we have to any Yahoo! service. The last straw is the so-called “web beacon.”
The “web beacon” is a system of cookies and scripts, used by Yahoo! and it’s advertizing “partners” to track you through the internet and e-mail with a view to collecting information about you and your interests. Near the middle of the main privacy policy page they say:
Yahoo! uses web beacons to access Yahoo! cookies inside and
outside our network of web sites and in connection with Yahoo!
products and services.
The words “web beacons” are linked to a supplemental page, which has another 354 words about them and a couple more links. They define web beacons as follows:
Web pages may contain an electronic file called a web beacon,
that allows a web site to count users who have visited that page or to
access certain cookies.
What’s wrong with that? Well, if you read it carefully, you will see that it is bullshit, pure and simple. How does a web page “contain” an “electronic file”? And what pray tell, is an electronic file? And what might those “certain cookies” be?
They go on to explain how the “web beacons” are used both inside and outside Yahoo!’s own “network,” and in the middle of all that they tell you what the beacons actually do, and why–
Information recorded through these web beacons is used to report aggregate information about Yahoo! users to our partners. This aggregate information may include demographic and usage information. No personally identifiable information about you is shared with partners from this research.
Note that they are admitting that their “research” includes personally identifiable information about you, but state that it is not shared. They don’t even bother to tell you whether the raw data is shared with their partners, but if they have the raw data then these partners can extract your personal information for themselves.
But it gets better! Why don’t you just “opt out” of web beacons? Yahoo! not only suggests that the “partners” are required to allow you to opt out, but invites you to do so right then and there. Or do they? If you click on the “opt out” link you are told:
Note: This opt-out applies to a specific browser rather than a specific user. Therefore you will have to opt-out separately from each computer or browser that you use
As if that’s not bad enough, if you use a dial-up connection, or a computer at work, or a broadband connection that gives you a dynamic IP number (new address each time you connect) then you will have to repeat the process every time you connect. The term “specific browser” sounds reasonable, but think about it– what is a “browser?” Is it your browser program? Is it the person using the browser (”one who browser?”). Is it the “network node” that is your computer on your specific connection at any given time?
But it gets worse! How pervasive are these “web beacons?.” Turns out they can be in any included material on any web page, so if you visit a web site that has pop up or banner ads, each and every one of them could have a “web beacon” embedded in it. Not even e-mail is safe:
Yahoo!’s practice is to include web beacons in HTML-formatted email messages (messages that include graphics) that Yahoo!, or its agents, sends in order to determine which email messages were opened and to note whether a message was acted upon.
Guess what– if you have a Yahoo! email account or subscribe to any Yahoo! groups, every single message is “sent” to you by Yahoo!!
What can you do? Stop using Yahoo!’s services. There are plenty of inexpensive alternatives out there, and few that are as nosy or intrusive. But if you are considering other services, please read their privacy policies. And remember our little rule– if they need more than a hundred words to explain their privacy policy, then they are explaining all the different ways you are agreeing to let them violate your privacy.
–SG
What do you think? Please enter a comment below.
May 29th, 2005 at 3:32 pm
I don’t think you understand how web beacons work. Try looking up “web beacons” in wikipedia.
May 29th, 2005 at 3:37 pm
Can’t see where we got anything wrong, although our focus was on Yahoo!’s USE of web beacons and the deliberate obfuscation in their privacy policy. If you are suggesting that web beacons are not a privacy issue or threat, note the separate treatment of e-mail web beacons in the Wikipedia entry which starts with “Email web beacons are a ubiquitous technology with privacy implications that are not widely appreciated.” Even Wikipedia glosses over the the real problem that is implied by Yahoo!’s privacy statements, namely, that personal information can be stored in cookies which can be retrieved by third parties. For anyone interested in reading the Wikipedia entry, the direct link is http://en.wikipedia.org/wiki/Web_beacon
May 29th, 2005 at 3:39 pm
Yeah, Don! Take THAT!!!
May 29th, 2005 at 3:40 pm
Interesting. Some browsers have the ability to allow the user to refuse to accept cookies. Some allow the user to specify that cookies will be deleted on exit from the browser. Would either of these be of some value in detering these nasty pests?
May 29th, 2005 at 3:42 pm
IE seems to be odd man out here, because the options are difficult to set and there is no specific option to delete cookies at end of session. The default is “automatic cookie management” and they don’t tell you much about what it does. The settings are under Tools, Internet Options, Privacy, Advanced. Mozilla offers a greater level of control. The problem is, many sites require that cookies be enabled for legitimate purposes, such as shopping cart systems. So the “safe” surfer will turn cookies on only when needed for a specific site, and only if they know the purpose and nature of the cookies. We think Yahoo! is a bit unscrupulous in this regard– few of their services can be used without enabling cookies (and java script), and the cookies have no other purpose than tracking for their data collection purposes. Mozilla seems to offer the most security against privacy threats and nuisance advertizing like pop-ups, and it seems to be the easiest to control. Use it intelligently, and back it up with good adware and spyware removal tools, and you’re reasonably safe, but when it comes to web sites you don’t know, you should heed Mulder’s advice and Trust No-one.