Brussels / 2 & 3 February 2019

schedule

Watching Them Watching Us

WebExtensions Exposing Privacy Leaks


Internet has become an integral part of our lives and everything we do online leaves a trail of data. This data is being collected, analyzed, sold and aggregated to cast profiles about us by companies across the globe.

In the physical world, if a stranger was to follow you everywhere you go, keep a log of who you talk to and meet with, read your mails and then share all this information with others, wouldn’t you be concerned? But somehow in the digital world we do not seem to worry too much about the same scenarios.

One of the main reasons for this is lack of awareness about how most Internet companies are making money these days. In fact, as a consequence of the business model of brokering personal data, a surveillance capitalism emerges.

With the advent of SaaS, website and app owners usually outsource functionality like analytics, recommendations, A/B tests to be managed by third parties, with legitimate business purposes.

While these use-cases might seem legit, the way data is collected to solve the legit use-cases are bound to harm the user’s privacy. You end up sharing sensitive user data with the companies you may have never heard of. They can not only link the webpages you visit but also have the ability to de-anonymize you by knowing your name, email, address, passport number etc.

Once this information leaves your machine, it is out of your control. From it, a detailed profile about you is created, which is then available to a whole bunch of parties, which may or may not live to any ethical standards. With accurate enough profiles, companies and data brokers can simulate the behaviors and decision making of the world's population. They don't even need everyone's interactions because they can infer the whole population behavior from just a few examples of each cluster.

This is why privacy is everyone’s concern so we need to raise awareness: - The general public needs to know how every move that they make in the online world is being tracked, shared and used. - Developers need to consider how their users and customers' data deserves to be treated with respect and care, not sold unknowingly to faceless companies.

But how do you transmit this complex reality to the broader audience outside our community? What data is being shared unconsciously? Who are these data collectors? What is the impact of our blocking mechanisms as users?

This is precisely the problem both Local Sheriff and Trackula tackle.

In this joint talk, we will showcase how two groups of people independently built Browser Extensions to answer these questions.

  • Local Sheriff - informs the user about which PII is shared, and with which companies?
  • Trackula  - from a less technical perspective and through a more visual UX focuses on raising awareness to non technical users.

More details about the tools can be found:

  1.  Local Sheriff - https://github.com/cliqz-oss/local-sheriff
  2.  Trackula – https://trackula.org/

Speakers

Santiago Saavedra
Photo of Konark Modi Konark Modi

Attachments

Links