Should Know some Free Tools to Keep Those Creepy Online Ads From Watching You

SAY you’re doing a web search on something like the flu. The next thing you know, an ad for a flu remedy pops up on your web browser, or your video streaming service starts playing a commercial for Tylenol.

The content of those ads is no coincidence. Digital ads are able to follow people around the Internet because advertisers often place invisible trackers on the websites you visit. Their goal is to collect details on everywhere you go on the Internet and use that data to serve targeted ads to your computer, smartphone and connected television.

This global commercial surveillance of consumers is poised to become more extensive as tech companies expand into the Internet of Things, a category that includes wearable computers and connected home appliances like smart thermostats and refrigerators. Amazon, eBay, Facebook and Google can already follow users from device to device because people log in to their services with the same IDs on various gadgets.

For other marketing companies, tracking people on multiple Internet-connected devices has become a holy grail. The process is complex, because some lack the direct relationship with people that the giant tech companies already have. Only about 6 percent of marketers can reliably track a customer on all of that customer’s devices, according to the research firm eMarketer. But advertisers are working toward the goal.

Continue reading the main story
RELATED COVERAGE
X Marks the Spot That Makes Online Ads So Maddening DEC. 6, 2015

How Bad Are These Bad Ads? DEC. 6, 2015
Smarter Living
Stories to help you understand the world – and make the most of it.
That New Year’s Resolution? Let Us Help You Stick With It
FEB 1
These Foods Aren’t Genetically Modified but They Are ‘Edited’
JAN 9
To Improve Your Sense of Direction, Lose the Technology
JAN 9
How to Navigate New Airline Carry-On Rules
JAN 9
How Emotion Over Pet Care Helps Explain Human Health Spending
JAN 9
See More »

ADVERTISEMENT

Continue reading the main story

“Our privacy is completely under assault with all these connected devices,” said Jeremiah Grossman, the founder of WhiteHat Security, a web security firm.

So what better time to get a head start on defending yourself against web snoops (as if email trackers, which this column covered last year, weren’t annoying enough already)? Many companies offer tools to help obscure your digital footprints while you’re browsing the web. We researched and tested four tracker blockers and found their results varied widely. In the end, the app Disconnect became our anti-tracking tool of choice.

Here’s how web tracking works: In general, targeting individuals with digital ads involves a sophisticated ecosystem of third parties — like online advertising networks, data brokers and analytics companies — that compile information on consumers.

When you visit websites, these companies typically pick out your browser or phone using technologies like cookies, which contain unique alphanumeric identification tags that can enable trackers to identify your activities as you move from site to site. To sell ads delivered to certain categories of consumers, like suburban singles looking for romance, companies may sync these ID tags to pinpoint individuals.

The downside is, your browsing history may contain sensitive information about your health concerns, political affiliations, family problems, religious beliefs or sexual habits.

“More than just being creepy, it’s a huge violation of privacy,” said Cooper Quintin, a privacy advocate for the Electronic Frontier Foundation, a digital rights nonprofit that also offers the anti-tracking tool Privacy Badger. “People need to be able to read things and do things and talk about things without having to worry that they’re being watched or recorded somewhere.”

We took a close look at four free privacy tools: Ghostery, Disconnect, RedMorph and Privacy Badger. We tested them with the Google Chrome browser on the top 20 news websites, including Yahoo News, CNN, The Huffington Post and The New York Times.

The tracker busters generally work in similar ways. You download and install an add-on for a web browser like Chrome or Mozilla Firefox. The anti-tracking companies each compile a list of known web domains that serve trackers or show patterns of tracking services. Then when someone connects to a website, the tools prevent the browser from loading any element that matches their blacklist.

Ghostery, a popular tracker blocker, was the most difficult to set up. When you install it, it asks you to manually select the trackers you want to block. Our problem with that approach is that there are hundreds of trackers, and most consumers probably won’t recognize most of them, putting the onus on users to research which specific services they might wish to block.

Scott Meyer, the chief executive of Ghostery, said this had been a deliberate design choice. When trackers are blocked, parts of websites may not function, so it is less confusing to let users experiment and decide which ones to block on their own, he said.

“We block nothing by default,” he said. “That’s in direct contrast to other companies who are saying, ‘We’re turning everything off and let you turn whatever you want back on.’ That’s way too complex for users.”

The tracker blocking tool RedMorph takes the opposite approach. It blocks every tracking signal it can detect and lets people decide which ones to allow. For parents concerned about their children’s Internet use, RedMorph also offers a service to filter out certain sites or block certain swear words or other language they find inappropriate.

“When you go home, you lock the door and you may pull down the shades at night,” said Abhay Edlabadkar, the chief executive of RedMorph. “You should have the same level of privacy control over your Internet activities.”

In our tests, RedMorph was the most thorough with blocking trackers. It blocked 22 of them on USAToday.com, whereas Privacy Badger blocked seven, Disconnect blocked eight and Ghostery detected eight.

But in the process, RedMorph caused the most collateral damage. It blocked some videos on the websites for CNN, USA Today, Bleacher Report, The New York Times and The Daily News. It also broke the recommended reading list on Business Insider and a Twitter box on BuzzFeed. For people who run into issues loading websites, the company offers an “Easy Fix” button to stop blocking a website’s trackers, but that’s hardly an ideal solution when it causes so many websites to malfunction. Mr. Edlabadkar of RedMorph said the tool was blocking some videos or recommended reading lists because they were loading only after a tracker had been loaded first.

That leaves Privacy Badger and Disconnect. Privacy Badger detects third-party domains that users are connecting with when they’re loading a website and blocks those domains only if they are determined to be tracking you. Its widget shows sliding bars of trackers it has detected. The ones in red are blocked and the green ones are allowed.

Disconnect takes a similarly nuanced approach. The company said some tracking was fair and necessary for a website to work properly — for example, if a site like The New York Times is using analytics to collect information about readers, as it describes in its privacy policy. However, Disconnect will block trackers from third parties that are collecting, retaining or sharing user data. On its website, it publishes lists of trackers it blocks and those it allows, along with explanations of its policy.

“We really focus on privacy rather than blocking ads that are done in a respectful way,” said Casey Oppenheim, the chief executive of Disconnect. “It’s important we have the ability for publishers to survive and make money. I think there’s a middle ground.”

In the end, we picked Disconnect as our favorite tool because it was the easiest to understand. It organizes the types of tracking requests it is blocking into different categories: advertising, analytics, social media and content.

Mr. Grossman of WhiteHat Security also tested tracking blockers and chose Disconnect for similar reasons. He breaks his online activities into two separate web browsers to make himself more difficult to track: On one browser, he does everyday tasks like reading news articles; on the other browser he logs into accounts that are linked to his personal identity, like online banking sites and Amazon.

But Mr. Grossman said that in the broad arms race between consumers and advertisers, the advertisers always find some way to outmaneuver us.

“We’re talking megabillion-dollar industries totally designed to track you online,” he said. “That’s their

Know More The Internet of Things Is Coming for Us

The Moche people lived on Peru’s north coast long before the Spanish conquest of the Americas. They grew corn and squash, built monumental adobe temples and were master craftsmen in gold and ceramics.

They never had the chance to sell their wares on Etsy, and yet they anticipated some of our most modern anxieties.

Like us, they saw themselves living in a vulnerable world where the technology created to make their lives better was just as likely to turn against them. While we worry about our baby monitors and home routers being hijacked by malicious hackers, they perceived a world in which everyday objects like jugs and clothes might come to life with ominous consequences.

Moche artists painted scenes of this happening on ceramic vessels and on the walls of their temples. They appear whimsical to us today — items of clothing, weaving implements, weapons, all with arms and legs, hands and feet, some with heads and faces, on parade or engaged in battle — but for the Moche they may have represented a deep-seated uncertainty and fear about the ultimate fate of the human-created world.

Continue reading the main story
ADVERTISEMENT

Continue reading the main story

In some scenes, the animated objects are docile. In one, bowls piled with food and jugs have grown legs and walk toward human figures participating in a ceremony; some helpful jugs even bend over to pour liquid into vessels.

But other paintings show a world turned upside down, where the objects have taken charge: They fight and defeat human warriors and parade naked human captives.

In an excavation in 1991 near the town of San José de Moro, archaeologists, including one of the authors of this piece, Luis Jaime Castillo Butters, discovered the lavish tomb of a Moche priestess. Her coffin had been anthropomorphized, with a mask representing the priestess’ face on top and with arms and legs fashioned from copper on the sides.

Inherent in the idea that objects have life is the more subversive concept that they also have desires; feel hate and love; seek revenge; and have the capacity to act on their own.

In the modern world, most of the objects that surround us are a result of an impersonal process of production — they come from factories, we buy them in stores or online. For the Moche, objects were not produced — they were created, imbuing them with the ambiguity and mystery with which life is given to animated beings.

Such objects could be either beneficial or dangerous, depending on whether they decided to serve their creators or turn against them, either of their own volition or through the black arts of others.

We now live in a world where objects once again have life. We can talk to them and they can answer back, as is the case with Alexa and Siri and their digital kin. With their help we can control and organize the world around us: We can make sure our homes are safe, turn lights and appliances on or off, summon a taxi or order food from a restaurant. Little by little we are transferring to these technologies the tasks that we used to do ourselves, and at the same time, we are giving them control over our surroundings.

The internet of things is made up of billions of everyday devices connected for convenience to the web. Last fall, hackers attacked this network, commandeering as many as 100,000 of these devices by using malicious software that guessed at their simple, factory-set passwords, and then ordering them to send volleys of nuisance messages to the computers of a company called Dyn, which functions as a sort of switchboard for the internet. That was enough to cripple many major websites, including Twitter and Netflix. We have given life to these things, but now we know that they do not obey only us.

There are alternative interpretations of the Moche ceramic paintings, and some researchers do not see a sinister component. But the paintings have an echo in a myth collected in central Peru in the early 17th century. In the myth, the sun dies, the world is plunged into darkness and household objects and domesticated animals revolt: Mortars and grinding stones eat people, and llamas drive humans.

Andean people before the conquest created a philosophical and spiritual system built around the concepts of duality and transformation — light versus darkness, order versus chaos.

The modern world is full of such opportunities for chaos, often created by humans and the increasing sophistication and technology-centeredness of modern life. A solar flare has the potential to disrupt electrical networks. A tsunami can flood a nuclear reactor. The digitalization of stock markets leads to flash crashes. Russian hackers stealing Democratic Party emails seek to influence an American presidential election.

Order gives way to chaos. The internet of things turns on its makers.

The Moche culture collapsed around A.D. 850. The reasons are not clear, but the collapse was most likely a result of the Moche’s inability to cope with a hostile and perhaps changing environment, including the failure of their technology, knowledge and institutions to help them overcome those challenges. We can be certain that the technology they created did not rebel against them. But neither did it save them when they needed it the most.

The development of Facebook’s Virtual Reality Business

Facebook’s virtual reality effort, including its big bet on the virtual reality goggles maker Oculus VR, has a new leader.

Mark Zuckerberg, Facebook’s chief executive, said in a post on Wednesday that Hugo Barra, a former executive at Google and the Chinese phone maker Xiaomi, was joining Facebook to lead its virtual reality business. The move puts to rest questions about who would assume direction of the efforts after Oculus ran into several hurdles, including an intellectual-property lawsuit and leadership changes.

“Hugo shares my belief that virtual and augmented reality will be the next major computing platform,” Mr. Zuckerberg wrote in the post. “Hugo is going to help build that future.”

Facebook paid $2 billion to acquire Oculus almost three years ago, with Mr. Zuckerberg proclaiming virtual reality the next big thing. While Oculus has released its virtual reality goggles and there is interest in the field, sales of the headsets are sluggish, and even Mr. Zuckerberg has said Facebook will probably need to invest an additional $3 billion in content and development over the next few years in hopes of seeing virtual reality take off.

Facebook’s desire to have a major stake in the technology undergirding virtual reality partly reflected the fact that it was not able to do so in mobile, even though it has managed to profit handsomely from mobile advertising. But the most capable virtual reality headsets are expensive and require powerful personal computers to support them. Breakout applications, including video games, have not materialized because developers have been reluctant to pour resources into an uncertain market.

While Facebook does not provide sales figures for the $599 Oculus Rift headset, which was released to the public last year, analysts believe they are slow. One research firm, SuperData Research, estimated the company sold only about 355,000 by the end of last year.

Oculus has been problematic for Facebook in other ways. Last month, a founder of Oculus, Brendan Iribe, stepped down as chief executive, moving to lead an Oculus group focused on virtual reality on personal computers. Facebook is also facing a lawsuit from ZeniMax Media, which has accused Oculus of stealing technology that went into the creation of the Oculus goggles. The social network could face as much as $2 billion in damages if it loses the suit.

This month, Mr. Zuckerberg said at the trial for the lawsuit in a federal courthouse in Texas, “I don’t think that good virtual reality is fully there yet.”

Mr. Barra is well known in Silicon Valley. As a Google executive several years ago, he helped build the search giant’s Android mobile business. In 2013, he left to join Xiaomi, then an up-and-coming phone maker in China, and became its international face. He oversaw Xiaomi’s international expansion to emerging markets including India, Myanmar and Brazil.

But the high-flying smartphone maker, once valued at $45 billion, has slowed as it has battled other Chinese hardware companies like Huawei and OnePlus. Recently, Xiaomi stopped sharing its annual sales numbers, after the chief executive, Lei Jun, admitted the company had expanded “too fast.” Mr. Barra left Xiaomi this month.

“The highest calling of an engineer is to make technology breakthroughs quickly and readily available to the widest possible spectrum of humanity,” Mr. Barra posted on Wednesday. “That will be my mission at Facebook.”

Information About Use of Ad-Blocking Software Rises by 30% Worldwide

Facebook has tried to ban it. Google has attempted to outsmart it. But no matter what these tech giants do, people’s use of software to block digital advertising — often the lifeblood of companies’ online business models — keeps gaining traction worldwide.

In total, roughly 11 percent of internet users globally relied on ad blockers to avoid some form of digital advertising last year when surfing the web. That equates to more than 600 million devices, from smartphones to traditional computers.

The figure represents a 30 percent annual increase, according to a new report published on Wednesday by PageFair, a start-up that helps companies recoup some of this lost advertising revenue, which now totals tens of billions of dollars each year.

By using software to block digital advertising, critics say, users are breaking an unwritten pact with websites and digital publishers, many of which generate the bulk of their revenue from these ads.

Yet industry watchers say such ad-blocking digital tools have garnered a mainstream following, particularly across the developing world where their use in countries like Indonesia has already reached roughly two-thirds of the internet population.

“There’s been a massive surge of mobile ad-blockers in these countries that no one anticipated,” said Sean Blanchfield, chief executive of PageFair. “In the West, I expect the same trend to blindside us in the very near future.”

This rise of ad blockers has not gone unnoticed by the advertising industry.

In August, for instance, Facebook — one of the world’s largest purveyors of online ads — tried to block people from using such software on its social network.

The company’s efforts, though, led to an arms race with tech start-ups offering new ad-blocking tools, as both sides have tried to outmatch each other.

“Ad blocking is a detriment to the entire advertising ecosystem,” Paul Verna, an analyst at the research firm eMarketer, said in a statement. “The best way for the industry to tackle this problem is to deliver compelling ad experiences that consumers won’t want to block.”

Across the developing world, ad-blocking software is primarily used by people to save on often costly data packages by removing video and other data-hungry advertisements from mobile websites.

More than 90 percent of all ad-blocking on mobile devices worldwide still takes place in the Asia-Pacific region, according to the PageFair report. And last year, such software was used on 380 million smartphones and tablets around the globe, a 39 percent yearly increase.

In contrast, the vast majority of ad-blocking on traditional computers, whose use similarly jumped 17 percent last year, to 236 million devices, is still restricted mainly to the United States and Europe. In those regions, people’s efforts to block malware disguised as online advertising has been the main motivation for downloading ad blockers.

“In the U.S., ad-blocking on mobile is slightly immature,” Mr. Blanchfield said. “But there’s no doubt that people’s use of it will skyrocket.”

How to Fend Off a Hijacking of Home Devices

MODERN homes today are getting internet-connected light bulbs, thermostats, TVs and speakers. So with a simple voice command or the touch of a button on our smartphones, we can set the temperature, turn on a light or prepare the TV to record a program.

What could go wrong?

A lot more than most people are prepared for, it turns out. If one of these devices gets hijacked, hackers could potentially snoop around for sensitive data like financial or health information. Or they could use a network of compromised devices to perform a widespread attack that takes down major websites, which is what happened last October.

The good news is that so far, online attacks on home devices are relatively uncommon. Only 10 percent of American consumers said they were victims of the crime in a recent study done for the Hartford Steam Boiler Inspection and Insurance Company. However, those who experienced such an attack through their home gadgets reported losses of $1,000 to $5,000 from the incidents.

“There’s still this whole sort of, ‘Gee whiz, it’s so cool’ thing that’s going on” with internet-connected home appliances, said Lee Tien, a lawyer for the Electronic Frontier Foundation, a nonprofit that focuses on digital rights. “That’s also what often gets us into trouble.”

As smart home devices become more popular, they will become bigger targets for hackers. So it behooves us to get ahead of the curve by securing our home appliances, using these tips from security experts who have closely studied smart home accessories.

Research Before You Buy

When shopping for an internet-connected home device like a smart speaker, lighting system or television set, a good rule of thumb is to go with a trusted brand.

Larger, well-regarded companies like Amazon or Google have a background in developing products with security in mind, said Liviu Arsene, an analyst for Bitdefender, which sells security hardware for protecting smart home accessories. Before buying a product, consumers should do a web search on it to see if the company regularly issues software updates that fix security vulnerabilities, he said.

People should also carefully read company privacy policies. David Britton, a vice president in the fraud and identity department of Experian, the credit reporting agency, said people should be curious about whether companies themselves were a threat to user privacy.

“What are they capturing about you?” he said. “Is the data leaving the device? Is it being sent back to the mother ship?”

Consider the smart speakers from Amazon and Google. Amazon said its Alexa smart assistant, which is used in its Echo speakers, automatically downloads software updates to defend against new security threats. Data from the Echo is also uploaded to Amazon’s servers only after people utter the wake word “Alexa,” the company said. That minimizes the likelihood that the device will record conversations unrelated to requests intended for Alexa.

Google said its Home speaker similarly issued regular software updates and employed advanced security features, like a technique that disables the device if its software is tampered with. The company added that the speaker processed speech only after the words “O.K. Google” or “Hey Google” were detected.

But other large brands occasionally engage in behavior that customers may find objectionable. The smart TV maker Vizio, for example, made headlines with revelations from the investigative news site ProPublica that it kept a detailed record of customer viewing habits and shared it with advertisers, who could then use the information to identify other devices you owned.

Strengthen Your Wi-Fi Security

Your Wi-Fi network is the pulse of your smart home, thus it is a vulnerable attack point. Mr. Britton and Mr. Arsene suggest connecting all your smart home accessories — for example, your Amazon Echo, Nest thermostat, Samsung smart refrigerator and Philips Hue smart lights — onto a Wi-Fi network that is separate from the one connected to your computing devices, like your smartphone, tablet and computer.

With two distinct Wi-Fi networks, it will be harder for a hacker to jump from infiltrating your smart accessory on one network to a personal computer on the other network, Mr. Arsene said.

The easiest way to create a second Wi-Fi network is to make a guest network. Many modern Wi-Fi routers, like TP-Link’s Archer C7 (the top router recommended by The Wirecutter, a product recommendations site owned by The New York Times), include the ability to host a network for guests that uses a name and password different from that of your primary network. Quarantining your smart speakers, lights and TV onto a guest network will allow them all to interact with one another, while keeping your computing devices safer in the event that any of the smart accessories are hacked.

If you are paranoid about your Wi-Fi network being hacked, you can also change the Wi-Fi router’s network settings to disable broadcasting the network name entirely, Mr. Britton said. That would make it difficult for a hacker driving by to detect and compromise your network, though it would also require house guests to manually type in your network name and password when they log on to your Wi-Fi.

Beef Up Your Wimpy Passwords

The same security principles for websites apply to the so-called internet of things. You should set strong, unique passwords for logging into each device you own. If you recycle your passwords and one device is compromised, the others can be, too.

A strong password can be a random string of characters or a nonsensical phrase with numbers and special characters. (Examples: My favorite number is Green4782# or The cat ate the CoTTon candy 224%.)

If you cannot memorize your passwords, that is a good thing: That means they are hard for hackers to crack. Keep them written down on a piece of paper and stored in a safe place, or store your passwords in a password-managing app like 1Password or LastPass.

Regularly Audit Appliances for Updates

While reputable manufacturers of smart home accessories offer software updates to patch security vulnerabilities, it is often up to the consumer to stay on top of updates. Because it lacks a screen, a smart light bulb or an internet-connected power socket is going to have a tough time informing you that it needs a software update.

Mr. Britton and Mr. Arsene recommend that consumers regularly log into the mobile apps or websites for their smart home accessories to check if they need software updates. If updates are available, install them immediately.

When in Doubt, Hit Mute

Among security researchers, putting a piece of tape over a computer webcam has become a tongue-in-cheek recommendation for those who are extra paranoid about their privacy. (Even Mark Zuckerberg, Facebook’s chief executive, does it.)

With smart speakers like the Amazon Echo and Google Home, there is an equivalent: a mute button to disable the device microphone so it can no longer listen. In the unlikely event that a device is hijacked, muting the microphone could help prevent hackers from listening to your conversations, Mr. Britton said.

Or you could go the safest route and opt out of having these devices at all. That was the method chosen by Mr. Tien, the lawyer for the Electronic Frontier Foundation, who previously studied the privacy risks of smart meters, the devices that utility companies use to monitor energy consumption.

He said he accepted the privacy implications of owning a smartphone, but a smart home accessory?

“I think it’s sort of asking to have your privacy invaded to have something like that,” he said. “I’m not sure that the value of it is really all that great.”