Fingerprint (not mine – combination of this image and this image)
Maybe you’ve noticed that Facebook is separating its messenger application from its mobile application. “That’s strange,” you think, “I like things the way they are. They’re integrated, which works well. Why would they change that?” Good question. According to Facebook, there are lots of reasons that your new experience will be richer and better.
But, according to this article on the Huffington Post, users who download the Messenger app agree to terms of service that are “unprecedented and, quite frankly, frightening.” For example, by installing it, you agree that the Facebook Messenger app can:
- call phone numbers and send text messages without your intervention
- record audio, take pictures, and take video at any time without your confirmation
- share data about your contacts,
- share your phone’s profile information including the phone number, device IDs, whether a call is active, and the remote number you are connected to
- access a log of your incoming and outgoing calls, emails, and other communication
Some of these are a bit scary — recording me without my confirmation? who are you, the NSA? But maybe you’re not surprised that Facebook is collecting and sharing your information because users get the app for “free,” which basically means you pay for it by giving over your data. And anyone who agrees to those terms and conditions gets what they signed up for, right? Well what if something similar was happening on the World Wide Web? Spoiler alert: it is.
Think turning off cookies keeps websites from tracking you? Take a look at the Electronic Frontier Foundation’s Panopticlick. Even if you don’t let websites store cookies — small files that websites use to track you — on your machine, it’s likely that the combination of your operating system, browser version, browser plugins, time zone, screen size, fonts downloaded, and a few other configurations are as unique as a fingerprint. And websites recognize you by your device’s fingerprint every time you visit.
In fact, your browser history alone is another giveaway. Think about how links to sites you have visited are purple while links you haven’t are blue, then consider this thought experiment: If a website picked a handful of websites and linked to them on its webpage, it would learn about you when you visited based on your combination of blue and purple links. As the number of links grows, there would be a greater and greater chance that your specific combination would be unique. And, based on your combination of blue and purple, and the demographics of visitors to those sites, some information about you could be predicted. For example, if you have visited Martha Stewart’s website on your computer and I’ve visited Hot Rod Magazine’s website on mine, a website could predict a few ways in which we are different. And, again, the longer the list of links, the more accurate the prediction becomes.
All of this information isn’t intended to cause a panic, but rather to raise awareness. Before you bust out your tinfoil hat, consider other alternatives that are more likely to keep you safe online: Check your browser’s security settings, keep your operating system up to date, and look into antivirus and anti-malware tools. And, be aware that what you are doing online is likely trackable and traceable, so be thoughtful of where you go and what you do there. As a friend of mine recently observed in response to all of this, “It’s a scary world. But also a great one.” Be careful out there.