How dozens of companies know you’re reading about those NSA leaks

Electronic Frontier Foundation: As news websites around the globe are publishing story after story about dragnet surveillance, these news sites all have one thing in common: when you visit these websites, your personal information is broadcast to dozens of companies, many of which have the ability to track your surfing habits, and many of which are subject to government data requests.

How Does This Happen?

When you load a webpage in your browser, the page normally includes many elements that get loaded separately, like images, fonts, CSS files, and javascript files. These files can be, and often are, loaded from different domain names hosted by different companies. For example, if a website has a Facebook Like button on it, your browser loads javascript and images from Facebook’s server to display that Like button, even if the website you’re visiting has nothing to do with Facebook.

Why Does This Matter?

Each time your browser makes a request it sends the following information with it:

  • Your IP address and the exact time of the request
  • User-Agent string: which normally contains the web browser you’re using, your browser’s version, your operating system, processor information (32-bit, 64-bit), language settings, and other data
  • Referrer: the URL of the website you’re coming from—in the case of the Facebook Like button example, your browser tells Facebook which website you’re viewing
  • Other HTTP headers which contain potentially identifying information
  • Sometimes tracking cookies

Every company has different practices, but they generally log some or all of this information, perhaps indefinitely.

It takes very little information about your web browser to build a unique fingerprint of it. [Continue reading…]

Facebooktwittermail