Untangling the other dark web – of pervasive, inescapable, corporate surveillance
Visitors to this site are well aware of how our every move is tracked as we move around the Internet. We know that companies are building minutely-detailed profiles of us, stored on huge databases, and that the information held there not only changes the ads we see, and the prices that companies offer us when we visit e-commerce sites, but even the mix of news stories that we view. The scale of this “surveillance capitalism”, as it has been called, is vast. One recent study looked at a million Web sites, and found that over 80,000 third-party services receive details about the visitors to them.
The difficulty of grasping something this complex makes a new Cracked Labs report “Corporate Surveillance in Everyday Life”, available as a ten-part overview online and as a more detailed free 93-page PDF, particularly valuable. For the first time, it maps out the “other” dark web – the one that is hidden in plain sight, because at the heart of the surveillance capitalism lies omnipresent online advertising. The ability to gather information about Internet users, and to identify them in real-time, together offer unprecedented scope for advertisers to personalize their ads and offers on the fly, and thus to maximize their returns:
“When a person visits a website, it sends metadata about the contents of the page, user profile data, and, usually, some kind of user identifier to multiple advertisers. Then, advertisers who are interested in delivering an ad to this particular user at this particular time and in the context of this particular page make a bid. The highest–bidding advertiser wins and gets to place the ad. This so-called “real-time bidding” happens within the milliseconds of a website loading.”
The central position of the biggest global players like Google and Facebook was cemented when they permitted companies to upload their own customer data and cross-link:
“It allows companies to systematically connect their own customer data with Facebook’s data. Moreover, it also allows other advertising and data vendors to synchronize with the platform’s databases and tap into its capacities, essentially providing a kind of real-time remote control for Facebook’s data universe. Companies can now capture highly specific behavioral data, such as a click on a website, a swipe in a mobile app or a purchase in a store, in real-time, and tell Facebook to immediately find and target the persons who performed these activities. Google and Twitter launched similar features in 2015.”
Some of the names in the report, like Google and Facebook, are obvious key players. Others, like the major consumer data broker Acxiom, are little-known to the general public, even though they wield immense power over our lives. For example, as well as the 700 million profiles it owns, Acxiom also manages 15,000 customers databases with billions of consumer profiles, on behalf of its clients, which include large banks, insurers, healthcare organizations and government agencies.
One company that is explored in some detail is both well-known and yet comes as something of a surprise in this context. Most people associate Oracle with very boring enterprise database software. But the report reveals that the company has moved on from selling databases and cloud services to using them itself on a massive scale to track billions of us:
“By acquiring several data companies such as Datalogix, BlueKai, AddThis, and CrossWise, Oracle, one of the world’s largest business software and databases vendors, has recently become one of the largest consumer data brokers as well. In its data cloud Oracle aggregates 3 billion user profiles from 15 million different websites, data from 1 billion mobile users, billions of purchases from grocery chains and 1,500 large retailers, as well as 700 million messages from social media networks, blogs, and consumer review sites per day.”
Companies engaging in surveillance capitalism are interlinked in multiple ways. For example, one of Oracle’s “data providers” is Acxiom, along with Visa and MasterCard. In its turn, Oracle shares its hoards of data with Facebook and Twitter. Once our data is captured by one company, it is almost invariably passed on to multiple “partners” who cross link it with their own stores.
When faced with criticism about the troubling privacy implications of linking all this information together, much of it extremely personal, the surveillance companies often like to claim that everything is fine, because they only use anonymized data, with the names stripped out. But as the report notes:
“Even if the profiles companies share with one another only contain “hashed” or “encrypted” email addresses and phone numbers with each other, a person can still be recognized again as soon as he or she uses another service linked with the same email address or phone number. In this way, even though each of the tracking services involved might only know a part of someone’s profile information, companies can follow and interact with people at an individual level across services, platforms, and devices.”
As a result, this kind of corporate surveillance means that we are routinely tracked not just as we move around offline and online, but also as we hop from device to device – from desktop to smartphone – so that no detail of our lives is lost:
“The online data management platform Krux, which is owned by the leading customer data management company Salesforce, describes on its website how it might track and associate very different behaviors across a person’s day, including interactions that involve desktop computers, mobile phones, tablets, TVs, and store visits. A person may search for a product on the web, “like” a product and share it on social media, view a TV commercial, find a coupon on the web, and use it at a grocery store for a purchase.”
Moreover, it’s not just obvious things like which sites we visit that are captured. Other aspects include the timing and frequency of phone calls, GPS location, Web searches, how you fill in online forms, grammar, punctuation, and even whether you allow your phone battery to run down frequently. Since database storage capacities today are effectively infinite, everything we do can be stored in the hope that hidden among the apparently trivial details there are key signals about our views, wealth and buying intentions.
The main Cracked Labs 93-page document fills in all the details of the above themes – there are over 600 references, most of them online, which means they provide an invaluable starting point for further exploration of this rich topic. The one thing that is missing, perhaps because it lies beyond the scope of the work, is any real sense of what we can do to counter this unprecedented invasion of our most personal online spaces. That’s part of a larger discussion about surveillance, which includes government and criminal activities. It’s one we urgently need to begin if we are to retain any meaningful power to control and preserve our privacy as we use the Internet.
Featured image by Cracked Labs.