How to use Privacy Watch like a pro, and what you can expect to find while surfing the web.
Before we get started
First things first: thank you! We’re concerned about online privacy and we’re glad you chose Privacy Watch to learn more about how tracking affects your online experience. We’re writing this post to give you a little background on how the internet got to be the way it is, and what you can expect to see using the Privacy Watch browser extension.
How we got here
In the beginning, the World Wide Web was a free place, unencumbered by the demands of the business economy. This was for one key reason, we simply lacked the technology to support what would eventually become e-commerce. At this time, the Internet was little more than a novelty. As technology advanced (and we developed payment systems, security features, etc.), smart businesspeople realized the people visiting their sites were a captive audience that they could monetize. Thus the digital advertising industry was born.
So, what exactly are trackers?
The primary benefit of digital ads over traditional ads (print, television and radio), was that advertisers had a direct link to consumers and information about them. Traditionally, advertisers could make an educated guess about how to reach their target audience. If they were trying to reach adult men, they’d have a better chance with an ad in Sports Illustrated than they would with Creative Knitting magazine.
But with the advent of the internet, advertisers now had the opportunity use information about users to directly serve them relevant ads. This created a quest to learn more and more about web users, spawning companies like Rubicon, Quantcast, Doubleclick (acquired by Google), Atlas Solutions (a Facebook subsidiary) and many others. With their cookies and tracking scripts proliferated about the internet, we refer to these companies (and their technologies) as trackers.
Privacy Watch changes colors based on the tracking “mood” of a website. The Privacy Feed and Sankey diagram views give additional insights into the tracking activity on a website.
A mood ring for the Internet
The first thing you may notice about Privacy Watch is that it changes colors. The color changes correspond to the level of tracking activity on the site you’re currently viewing. It’s like a mood ring for the internet. Here at WebAware, we often find ourselves going on hunts for sites that are red or black, which indicate a higher level of tracking activity.
However, just because a site is red or black does not mean it is unsafe or even that the tracking is especially invasive. The colors are simply an indication of the presence and amount of tracking on a site. Furthermore, a site that is red for someone else will not necessarily be red for you. Colors are driven by the trackers that you encounter, which is determined by your unique browsing history.
The Privacy Feed
When you open Privacy Watch, the first panel you’ll see is the Privacy Feed. This looks kind of like your Twitter feed, but inside the Privacy Watch extension. You will receive a notification for each type of tracking event that we observe on a site. There are six notifications in all (we’ll be adding more in the future!) and each notification can be expanded for a description of the tracker type.
The most interesting thing about notifications isn’t necessarily the notification itself, but instead the parties doing the tracking and the context surrounding the tracking. For example, we’ve found third-party trackers on sites where you wouldn’t expect them, like health insurance providers, government and even personal banking sites. But, just like the mood ring, the trackers or ads you encounter are unique to you. No two browsers or browsing sessions are the same.
The Sankey Diagram
Peeking out above the Privacy Feed, you may notice some colored bars matching the mood ring color. These bars are offering a glimpse of what lies beneath. Click the teal button from the Privacy Feed view and you’ll reveal the rest of the Sankey flow diagram.
You can discover a lot about the data tracking on a site by looking at the Sankey. For example, the widths of the bars at the top of the Sankey diagram correspond with the percentage of total data collection that a tracker performs on the site. You can also see where each tracker is sharing your data by following the flow from top to bottom. However, it’s worth noting that data isn’t just shared in one direction; the companies in the orange bar are also sharing consumer data with the trackers at the top.
If a company name is too long, we use an ellipsis. You can roll your cursor over the ellipsis and the company name will be revealed below the Sankey diagram. The grey section contains additional information about the site you’re on, including how many companies are making direct requests from the site (“first-party requests”) and how many companies are making requests from those first-parties (“third-party requests”).
What we’ve encountered
We already knew that data tracking was a widespread practice on the web, but the WebAware team has still been surprised at some of the websites and tracking we’ve observed.
Our first observation was this: the majority of web traffic is to third parties. What we mean by that is when you visit a site (for example, nytimes.com), even though you may be seeing mostly content from that website (articles, videos, etc.), the majority of what’s going on behind the scenes are processes from third-party sites like advertisers and data trackers. And that makes sense, considering we’ve observed sites with over 500 unique dependencies (on third-parties) and over 4000 cookies. Based on volume alone, with that many external dependencies on one site it’s no surprise that the majority of traffic goes to and from these third parties.
Another major effect of tracking that we’ve observed is the amount of extra bandwith that users consume while loading ads and trackers. Every image, video, audio file or ad loaded by a page is a request made up of a number of cookies (for example, one request may have 10 cookies). Assuming that a standard cookie is about 100 bytes in size (though a single cookie can exceed 4KB) and that a given page makes 100 requests (often they make more), then users spend 100KB loading the ads and trackers for a single page.
More significantly, we’ve observed many sites making thousands of requests and consuming over 1MB of bandwith in a single load. Considering the average MP3 is 3.5MB, that means for every 3–4 sites like this you visit, you spend one song’s worth of bandwith loading its ads and trackers. Extrapolate that over a year and you’d have quite the music library.
Want to see who’s tracking you? Download Privacy Watch today!