Report: Widespread data sharing, 'Web bugs'

Jun 02, 2009 By Kathleen Maclay
Chart of user complaints about web privacy, showing user control and public display to be the top concerns.

(PhysOrg.com) -- Researchers at the University of California, Berkeley's School of Information released a report late Monday (June 1) showing that the most popular Web sites in the United States all share data with their corporate affiliates and allow third parties to collect information directly by using tracking beacons known as "Web bugs" - despite the sites' claims that they don't share user data with third parties.

Researchers Joshua Gomez, Travis Pinnick and Ashkan Soltani spent a year analyzing the data collection and data sharing practices of the 50 most visited Web sites. They were advised by Brian W. Carver, an assistant professor at the Information School. In their report just posted on a new Web site called "Know ," the researchers call for significant changes in Internet privacy policies.

First, they recommend that Web site operators and third-party trackers tell users all of the information that has been collected about them and with whom they have shared it. Second, they recommend that users be allowed to choose whether or not Web sites can share information about them with corporate affiliates.

Additionally, the researchers want Web site privacy policies to be more readable, contradictory Web site statements about third-party sharing eliminated and links set up from privacy policies to the online complaint form for the U.S. Federal Trade Commission (FTC).

A key focus of the School of Information report is the use of Web bugs. Web analytics companies and advertising servers use Web bugs to track users for improved marketing or behavioral profiling. A Web bugs is typically a small graphic embedded in a Web page, usually in the form of a 1-by-1 pixel image that is invisible to the naked eye.

It turns out that a handful of tracking companies operating Web bugs have an incredible breadth of coverage, the researchers said. For example, five tracking companies were represented on more than half of the top 100 Web sites examined in the study, while Web bugs from Google and its subsidiaries were found on 92 of the top 100 Web sites and 88 percent of the approximately 400,000 unique domains examined in the study.

"Web bugs are ubiquitous," said Soltani.

During the month of March 2009, the researchers found at least one Web bug on each of the top 50 Web sites, while most sites had several Web bugs and some had as many as 100.

Graph of privacy policy contents for 50 most visited sites

Although Internet data-sharing practices are widespread, the problem has yet to generate investigations by government organizations such as the FTC, which continues to rely on industry self-regulation to protect consumer privacy. Gomez said that is also because the commission has framed online privacy issues in terms of harm, rather than because of consumers' lack of control over personal information.

An assessment by the researchers of users' expectations of privacy online showed that they want control over the collection and use of their personal information, and that Web bugs are virtually invisible to consumers and difficult to block. Analysis and comparison of user complaint data from the FTC and privacy watchdog organizations such as the Privacy Rights Clearinghouse, the California Office of Privacy Protection and TRUSTe indicated that 40 percent of users are mostly concerned with a lack of control over data collection and the public display of personal information.

"Third-party tracking and affiliate-sharing are clearly at odds with user expectations," Pinnick said.

The researchers found that all of the top 50 Web sites do state on those sites that they may share collected data with affiliates. But, they said most statements are unclear about - or lack any information about - data retention, the purchase of data about users from other sources, or the fate of user data in the event of company acquisition or bankruptcy.

They said Web sites don't identify the affiliates that they might share information with and added that they got no useful responses when they asked representatives of the Web sites for a list of those companies. The researchers' own examination of the publicly-traded companies operating popular Web sites revealed that the Web sites had an average of 297 subsidiaries and a median of 93.

The researchers' full report and additional information is online at: www.knowprivacy.org .

Provided by University of California, Berkeley

Explore further: Twitter admits to diversity problem in workforce

add to favorites email to friend print save as pdf

Related Stories

Cookie Crunching May Be Pumping Up Web Traffic

Apr 17, 2007

Internet cookies might not be as reliable an indicator of distinct Web site visitors as previously thought, according to a Monday report from Internet research company comScore.

Study: Consumers accept personalization technology

Apr 17, 2006

Although they have concerns about privacy, consumers believe that personalization technology – such as direct-mail marketing and filling out forms on Web sites – is here to stay, according to a research project conducted ...

Recommended for you

Study shows role of media in sharing life events

11 hours ago

To share is human. And the means to share personal news—good and bad—have exploded over the last decade, particularly social media and texting. But until now, all research about what is known as "social sharing," or the ...

UK: Former reporter sentenced for phone hacking

18 hours ago

(AP)—A former British tabloid reporter was given a 10-month suspended prison sentence Thursday for his role in the long-running phone hacking scandal that shook Rupert Murdoch's media empire.

Evaluating system security by analyzing spam volume

19 hours ago

The Center for Research on Electronic Commerce (CREC) at The University of Texas at Austin is working to protect consumer data by using a company's spam volume to evaluate its security vulnerability through the SpamRankings.net ...

Surveillance a part of everyday life

20 hours ago

Details of casual conversations and a comprehensive store of 'deleted' information were just some of what Victoria University of Wellington students found during a project to uncover what records companies ...

European Central Bank hit by data theft

20 hours ago

(AP)—The European Central Bank said Thursday that email addresses and other contact information have been stolen from a database that serves its public website, though it stressed that no internal systems or market-sensitive ...

Twitter admits to diversity problem in workforce

23 hours ago

(AP)—Twitter acknowledged Wednesday that it has been hiring too many white and Asian men to fill high-paying technology jobs, just like several other major companies in Silicon Valley.

User comments : 0