How Google and Facebook are tracking you on the internet. Do you care?
Ever wondered how Facebook manages to target those adverts at you when your logged in? How somehow there are adverts on websites that you have never been to for something that you were just looking at?
Facebook are about to roll out in-line adverts to their users moving away from the sidebars and into your newsfeed (source). The principal reason for this is obviously revenue, Facebook needs a lot of it to please it’s investors after their “interesting” stock launch (source).
So how do they actually know what you have visited? Well it’s actually quite straightforward but relies on setting up a environment that becomes self perpetuating; specifically the need for links to appear high in Google rankings.
We all want our articles or website in general to be viewed by many people and in order to do so we want to appear high up in the rankings on a Google search. Google, essentially, works out where to rank your website/page based on the number of external links to your website and therefore how “important” your website actually is. This grows a trend where you want to encourage people to link to your website to push up your rankings, and what’s an easy way of doing this? Sharing content on social media.
You have all seen buttons like this:
These are all over the internet with the idea of you reporting back to Facebook, Twitter, LinkedIn, Google+, DIG or whoever about how you like, or want to share, a particular page.
But these very things have two roles; they are an easy way for you to share your browsing experience of the internet (that really what you want?) and also tracks you as you go around the internet. How does it do this? Well actually its not that hard.
You would think that the two images above are actually stored on my website somewhere and are being served up to you, actually in this case they are but that’s not how it is meant to work. What is meant to happen is a webpage inside a webpage generates those images.
IFRAMES are an HTML coding term where an inline-frame is put within a webpage. This frame can take it’s source from where ever it chooses and will display exactly as if you had navigate to that page. To prove this point I have created an Iframe below and loaded Direct Gov’s home page:
<iframe src="https://www.direct.gov.uk" width="800px" height="300px"></iframe>Now that is quite useful if you are taking a feed from another website and you can do things like lose the scrolling bars on the bottom and right hand side and make it much smaller, in fact you can make it to roughly the size of an image. Do you see where this is going?
So instead of loading those Facebook and Twitter images from my own server I am encouraged (or more) to use an IFrame to do so. This doesn’t sound particularly interesting until you realise that you are permanently logged onto Facebook and so the image is actually loaded from their servers with your login. The code used to generate the Iframe above for the Direct Gov’s Home Page is:
The code to generate the Facebook “Recommend” button on this page ( http://www.independent.co.uk/news/business/news/george-soros-is-facebooks-friend-for-106m-8050419.html) on the independent website is (wait for it):
<iframe id="f33789e70c" name="f3b8a3ddb4" scrolling="no" style="border: none; overflow: hidden;
height: 20px; width: 130px; " title="Like this content on Facebook."
src="http://www.facebook.com/plugins/like.php?action=recommend&api\_key=235586169789578&
channel\_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd\_arbiter.php%3Fversion%3D9%23cb%
3Df33ef7dac%26origin%3Dhttp%253A%252F%252Fwww.independent.co.uk%252Ff81fa9e74%26domain%3D
www.independent.co.uk%26relation%3Dparent.parent&extended\_social\_context=false&
href=http%3A%2F%2Fwww.independent.co.uk%2Fnews%2Fbusiness%2Fnews%2F
george-soros-is-facebooks-friend-for-106m-8050419.html&layout=button\_count&
locale=en\_US&node\_type=link&sdk=joey&show_faces=false&width=130"></iframe>What the hell is going on in there? Well there are a few things and many are about display but one which I should point out. There is an “API_KEY=235586169789578” which is very likely to be a unique identifier for the Independent website. So, because you are still logged into facebook much the same as if you were visiting the site, Facebook now know you have visited the Independent newspaper website. There are also further values about where you are from and what you are looking at (the actual URL of the page is there) so they know exactly what page you have browsed to and could be sent ever more information should they want it.
That in itself is quite concerning but Google takes this up to another level.
Google Analytics allows you to track website visitors across your websites by loading a HIDDEN Iframe onto every page. That’s right you don’t even know it’s being loaded (unless you look at the source of the webpage). This reports back to Google what you are looking at exactly so that not only do the owner’s of the website know exactly what you have looked at but Google now knows as well. They can then use your recent browsing history to serve you up targetted adverts.
As an example of this do please now visit the millet sports website and have a look some golf shotes. In fact let me load that page for you in an Iframe (below)
But now lets open a completely different website that uses google analytics to produce adverts in our case this is going to be “HOCKEY BUZZ” which is actually an ice hockey site so not entirely relevant to field hockey. Open http://www.hockeybuzz.com/ and scroll down on the right hand side - notice anything familiar?
All they have done there is take your browsing history on one website and turn it into an advertisement on another by reading your browsing history from their database. This might not bother you as it’s just advertising being targeted very effectively but it also means that someone has your browsing history which you might not be so happy about.
How do you stop this? Well firstly you can sign out of Facebook, Google and anything else your not using when away from their site. Secondly you could use the “Incognito” browsing capabilities of the Google chrome but that is like trusting one of the perpetrators so I wouldn’t rely on it. Lastly I would realise that you are probably always being tracked. The new European legislation to ensure that we accept cookies (hence all those wierd cookie statements you have been seeing on websites recently) was to stop this kind of tracking using cookies as a storage device, it does nothing to stop this sort of tracking.
Do you care? I am not sure on this one but it does concern me only as far as identity theft and what someone could do with the information of your browsing history (if anything)? But forewarned is forearmed…. PS. The great irony in this is that if you try and load Google’s homepage in an Iframe you can’t as Google’s homepage sends a “X-Frame-Options: SAMEORIGIN” response header. This means that only pages on the same domain can load the homepage as an Iframe…..
