1 00:00:04,120 --> 00:00:07,160 Speaker 1: Get in touch with technology with tech Stuff from how 2 00:00:07,200 --> 00:00:13,720 Speaker 1: stuff Works dot com. Hey there, and welcome to tex Stuff. 3 00:00:13,760 --> 00:00:16,439 Speaker 1: I'm your host, Jonathan Strickland. I'm an executive producer with 4 00:00:16,480 --> 00:00:19,960 Speaker 1: how Stuff Works and I love all things tech and 5 00:00:19,960 --> 00:00:22,720 Speaker 1: in our last episode, I talked about how web analytics 6 00:00:22,800 --> 00:00:25,400 Speaker 1: work in general and why they are important both for 7 00:00:25,520 --> 00:00:30,240 Speaker 1: people visiting a website and owners of websites and the 8 00:00:30,400 --> 00:00:35,159 Speaker 1: advertisers who support websites and the companies that advertise through 9 00:00:35,200 --> 00:00:39,600 Speaker 1: these advertisers. They really help website designers also get a 10 00:00:39,600 --> 00:00:43,159 Speaker 1: better understanding of how their users navigate and consume stuff 11 00:00:43,159 --> 00:00:46,760 Speaker 1: on their sites and allows the web administrators to tweak 12 00:00:46,800 --> 00:00:49,760 Speaker 1: things to make the experience better. So it's not just 13 00:00:50,040 --> 00:00:53,360 Speaker 1: about advertising. It's also about how can I make this 14 00:00:53,479 --> 00:00:58,520 Speaker 1: website easier to navigate, more intuitive, more interesting, more exciting 15 00:00:58,560 --> 00:01:01,400 Speaker 1: to use, or more useful or whatever the purpose of 16 00:01:01,440 --> 00:01:04,600 Speaker 1: the website is that benefits the visitor, makes the experience 17 00:01:04,640 --> 00:01:08,720 Speaker 1: more satisfying one, and it helps the website administrator also 18 00:01:08,840 --> 00:01:11,560 Speaker 1: monetize through web advertising. But now let's get to the 19 00:01:11,600 --> 00:01:15,959 Speaker 1: other side of the coin. Tracking information obviously brings with 20 00:01:16,000 --> 00:01:20,920 Speaker 1: it some very nasty potential problems like threats to privacy 21 00:01:20,959 --> 00:01:27,119 Speaker 1: and security. Information is incredibly valuable. It is the currency 22 00:01:27,160 --> 00:01:30,040 Speaker 1: of the Internet. You might thought it was bitcoin, it's not. 23 00:01:30,760 --> 00:01:35,199 Speaker 1: Data is your currency. And generally speaking, the more data 24 00:01:35,240 --> 00:01:39,600 Speaker 1: a company can get about people who are using the web, 25 00:01:40,040 --> 00:01:43,200 Speaker 1: the better it is for that company, not necessarily better 26 00:01:43,280 --> 00:01:47,360 Speaker 1: for the people, the better for that company. Knowing information 27 00:01:47,360 --> 00:01:50,960 Speaker 1: about a person means being able to sell to that 28 00:01:51,040 --> 00:01:54,280 Speaker 1: person more effectively, or it might mean being able to 29 00:01:54,360 --> 00:01:59,480 Speaker 1: exploit that person in less legal or ethical ways, and 30 00:01:59,560 --> 00:02:02,040 Speaker 1: so they out of gathered about users can become a 31 00:02:02,040 --> 00:02:05,560 Speaker 1: tool or a weapon, depending upon the type of information 32 00:02:05,600 --> 00:02:09,160 Speaker 1: gathered and the will of the person who has access 33 00:02:09,160 --> 00:02:14,520 Speaker 1: to that information. So ideally you don't have any bad 34 00:02:14,560 --> 00:02:18,360 Speaker 1: actors out there, and even if people are gathering a 35 00:02:18,360 --> 00:02:21,760 Speaker 1: lot of information about users, they're not trying to put 36 00:02:21,760 --> 00:02:24,680 Speaker 1: it to any malicious purpose. Before I dive into a 37 00:02:24,720 --> 00:02:28,119 Speaker 1: detailed account of web analytics and privacy, I should say 38 00:02:28,160 --> 00:02:30,840 Speaker 1: that not everyone is out to scrape every bit of 39 00:02:30,919 --> 00:02:33,959 Speaker 1: data off of users or to figure out the identity 40 00:02:34,000 --> 00:02:37,040 Speaker 1: of a specific user. Many analyzes are more focused on 41 00:02:37,120 --> 00:02:41,800 Speaker 1: identifying emerging trends rather than singling out one specific user, 42 00:02:42,240 --> 00:02:46,160 Speaker 1: So the goal is not to look at that data 43 00:02:46,560 --> 00:02:50,160 Speaker 1: like a browser's history, like looking at the cookie information 44 00:02:50,200 --> 00:02:53,600 Speaker 1: and saying, oh, this person went from X website to 45 00:02:53,919 --> 00:02:56,880 Speaker 1: HY website to Z website and then come to the 46 00:02:56,919 --> 00:03:02,320 Speaker 1: conclusion of that must be Jonathan Strickland instead. More often 47 00:03:02,320 --> 00:03:06,120 Speaker 1: than not, these analytics companies are looking at aggregated data 48 00:03:07,160 --> 00:03:11,040 Speaker 1: that is, at least on the service level, anonymous, and 49 00:03:11,120 --> 00:03:13,880 Speaker 1: the purpose is to see more valuable information, such as 50 00:03:15,120 --> 00:03:18,119 Speaker 1: rose Gold is so totally in right now, so put 51 00:03:18,120 --> 00:03:21,079 Speaker 1: all your rose Gold products on your main page because 52 00:03:21,120 --> 00:03:23,400 Speaker 1: people are gonna go nuts. Right This really dates this 53 00:03:23,440 --> 00:03:28,480 Speaker 1: podcast because I'm about about two years out of touch, 54 00:03:29,080 --> 00:03:30,840 Speaker 1: so it tells you this one should have come out 55 00:03:30,840 --> 00:03:35,040 Speaker 1: two years ago. Anyway, this concept makes sense when you're 56 00:03:35,080 --> 00:03:38,440 Speaker 1: thinking of big sweeping strategies, like which products you want 57 00:03:38,440 --> 00:03:42,520 Speaker 1: to feature on an online stores homepage, or which news 58 00:03:42,560 --> 00:03:44,320 Speaker 1: stories are likely to be thought of as the most 59 00:03:44,360 --> 00:03:47,200 Speaker 1: important and relevant on any given day. So you might 60 00:03:47,240 --> 00:03:49,920 Speaker 1: look at something like Google Trends and say, oh, well, 61 00:03:50,080 --> 00:03:54,040 Speaker 1: a lot of people are searching this particular term. Let's 62 00:03:54,120 --> 00:03:57,640 Speaker 1: create an article about this thing. We can inform people, 63 00:03:57,680 --> 00:04:00,080 Speaker 1: we can make sure it's a really good article, but 64 00:04:00,120 --> 00:04:01,880 Speaker 1: we can also take advantage of the fact that people 65 00:04:01,880 --> 00:04:06,440 Speaker 1: are interested in this idea right now, so it's kind 66 00:04:06,440 --> 00:04:11,000 Speaker 1: of a mutually beneficial experience in the ideal. But it 67 00:04:11,040 --> 00:04:14,720 Speaker 1: would be silly to say that no one's interested in 68 00:04:14,800 --> 00:04:19,320 Speaker 1: your individual preferences, because that's not true. There are people 69 00:04:19,320 --> 00:04:22,280 Speaker 1: who are very interested in your individual preferences. For one thing, 70 00:04:22,760 --> 00:04:27,159 Speaker 1: it can help identify what different groups of people like, 71 00:04:27,640 --> 00:04:32,039 Speaker 1: so a company could present those different groups with distinct 72 00:04:32,120 --> 00:04:36,279 Speaker 1: experiences that were meant to appeal to that group. Right. 73 00:04:36,560 --> 00:04:40,160 Speaker 1: That's targeted marketing or targeted advertising. So let me give 74 00:04:40,160 --> 00:04:44,200 Speaker 1: an example. Let's say I run an online store, and 75 00:04:44,240 --> 00:04:47,640 Speaker 1: I've coded my home page in such a way that 76 00:04:47,760 --> 00:04:51,680 Speaker 1: it can dynamically display different products based off the information 77 00:04:51,720 --> 00:04:55,599 Speaker 1: I glean from analyzing a user's behaviors. And my site 78 00:04:55,680 --> 00:05:00,479 Speaker 1: uses cookies and JavaScript, and those analyze the are and 79 00:05:00,640 --> 00:05:05,520 Speaker 1: it presents the most appropriate products for return visitors. So 80 00:05:05,560 --> 00:05:07,960 Speaker 1: when you pop into my store, I happen to know 81 00:05:08,360 --> 00:05:11,599 Speaker 1: that you recently started for Star Wars toys because the 82 00:05:11,640 --> 00:05:15,120 Speaker 1: cookie information that I've installed on your browser from your 83 00:05:15,120 --> 00:05:19,080 Speaker 1: previous visit has told me this, And so I have 84 00:05:19,240 --> 00:05:22,560 Speaker 1: some Star Wars related products that I want to prominently 85 00:05:22,640 --> 00:05:25,360 Speaker 1: show to you in my homepage. Now when I say 86 00:05:25,400 --> 00:05:28,719 Speaker 1: I want to, all of this is done automatically. You've 87 00:05:28,800 --> 00:05:32,400 Speaker 1: got all this meta information, these tags that computers can 88 00:05:32,520 --> 00:05:37,440 Speaker 1: use to sort through and select to present what appears 89 00:05:37,440 --> 00:05:41,240 Speaker 1: to be the most appropriate products that will appeal to 90 00:05:41,600 --> 00:05:44,560 Speaker 1: the visitor. Now, let's say your buddy shows up and 91 00:05:44,600 --> 00:05:46,720 Speaker 1: your buddy is not as into Star Wars as you are. 92 00:05:46,880 --> 00:05:50,880 Speaker 1: Your buddies like a big clover Field fan, and your 93 00:05:50,920 --> 00:05:53,760 Speaker 1: buddy visits my online store and see is a totally 94 00:05:53,839 --> 00:05:57,120 Speaker 1: different selection of products than you do when they pop on. 95 00:05:57,520 --> 00:05:59,880 Speaker 1: Maybe your buddy is visiting my store for the first time, 96 00:06:00,080 --> 00:06:02,880 Speaker 1: in which case I don't have any for any information 97 00:06:03,080 --> 00:06:05,720 Speaker 1: about him or her. I don't know anything about this 98 00:06:05,760 --> 00:06:08,080 Speaker 1: person because they've just come to my website for the 99 00:06:08,120 --> 00:06:12,039 Speaker 1: first time. Now, they come there and I decided to 100 00:06:12,040 --> 00:06:16,320 Speaker 1: pop a cookie on their web browser, so i'll know 101 00:06:16,400 --> 00:06:18,839 Speaker 1: the next time they come through. But this first time, 102 00:06:18,880 --> 00:06:22,760 Speaker 1: it's a blank slate. That means that my store is 103 00:06:22,760 --> 00:06:26,680 Speaker 1: probably gonna show them a pretty neutral selection of products. 104 00:06:26,920 --> 00:06:29,239 Speaker 1: Maybe there will be some of the most popular products 105 00:06:29,240 --> 00:06:32,039 Speaker 1: that happened to appeal to a broad spectrum of people, 106 00:06:32,600 --> 00:06:35,839 Speaker 1: but they aren't targeted toward that specific person yet. Because 107 00:06:35,839 --> 00:06:39,880 Speaker 1: I don't know what that person's preferences are. But as 108 00:06:39,920 --> 00:06:44,120 Speaker 1: your friend navigates through my site, I'm collecting more and 109 00:06:44,160 --> 00:06:47,839 Speaker 1: more information about what they like based upon their behaviors, 110 00:06:48,600 --> 00:06:51,240 Speaker 1: and then I can make sure the next time they 111 00:06:51,240 --> 00:06:54,200 Speaker 1: come to my website that it serves up a more 112 00:06:54,279 --> 00:06:59,680 Speaker 1: appropriate landing page for them based upon their preferences. Again, 113 00:07:00,000 --> 00:07:04,000 Speaker 1: and I say, I decide this is all automatic. Let's 114 00:07:04,000 --> 00:07:06,960 Speaker 1: go a step further. Let's say that you are running 115 00:07:06,960 --> 00:07:10,640 Speaker 1: a blog that has online advertising on it. So you've 116 00:07:10,640 --> 00:07:14,080 Speaker 1: got spaces on your blog that are reserved for advertising, 117 00:07:14,760 --> 00:07:19,120 Speaker 1: and the ads themselves are tracking users with cookies and JavaScript. 118 00:07:20,040 --> 00:07:23,680 Speaker 1: Most ads come from brokers who have numerous clients, right, 119 00:07:23,760 --> 00:07:25,880 Speaker 1: So let's say that you go to a blog and 120 00:07:25,920 --> 00:07:29,480 Speaker 1: you see an ad for a popular soft drink company. 121 00:07:30,360 --> 00:07:33,680 Speaker 1: That ad did not come directly from the soft drink company. 122 00:07:34,200 --> 00:07:37,280 Speaker 1: More likely than that it came through an advertising company 123 00:07:37,360 --> 00:07:40,680 Speaker 1: that has that soft drink company is one of its clients. 124 00:07:40,720 --> 00:07:44,600 Speaker 1: So the brokers, these companies that have thousands of clients 125 00:07:44,640 --> 00:07:48,360 Speaker 1: representing all these different industries, can use this tracking information 126 00:07:48,600 --> 00:07:51,760 Speaker 1: in cookies and JavaScript to determine what stuff you're most 127 00:07:51,800 --> 00:07:55,480 Speaker 1: likely to respond to based upon your browsing history, so 128 00:07:56,640 --> 00:08:00,520 Speaker 1: that means the broker could potentially serve up ads based 129 00:08:00,560 --> 00:08:02,960 Speaker 1: on the information to help improve the chances that you'll 130 00:08:03,000 --> 00:08:06,800 Speaker 1: find any given ad more useful and click on it. 131 00:08:07,320 --> 00:08:12,280 Speaker 1: In these cases, the experiences are personalized, but that personalization 132 00:08:12,400 --> 00:08:18,000 Speaker 1: still is not dependent upon your identity per se. I mean, 133 00:08:18,000 --> 00:08:22,080 Speaker 1: it's based upon what you like and what your behaviors 134 00:08:22,120 --> 00:08:26,320 Speaker 1: have indicated you find valuable or interesting. But it's not 135 00:08:26,960 --> 00:08:31,240 Speaker 1: like that specific data is identifiable stuff like your name 136 00:08:31,480 --> 00:08:35,679 Speaker 1: or your address or anything like that. Although they can 137 00:08:35,720 --> 00:08:38,800 Speaker 1: at least get an approximation of your address based upon 138 00:08:39,640 --> 00:08:42,920 Speaker 1: uh your IB address, so that that could at least 139 00:08:42,920 --> 00:08:47,360 Speaker 1: know generally where you were, um maybe more specifically if 140 00:08:47,400 --> 00:08:49,960 Speaker 1: you're happy to use a mobile device and you have 141 00:08:50,480 --> 00:08:53,960 Speaker 1: location tracking on, or as it turns out, you don't 142 00:08:54,000 --> 00:08:56,559 Speaker 1: necessarily have to have location tracking turned on. There was 143 00:08:56,559 --> 00:09:01,040 Speaker 1: a recent story from uh AP that looked into this 144 00:09:01,200 --> 00:09:04,920 Speaker 1: and said that Google Android devices would check in with 145 00:09:05,000 --> 00:09:10,840 Speaker 1: Google an average of fourteen times an hour, giving information 146 00:09:11,240 --> 00:09:15,040 Speaker 1: about location even with location services turned off. So that's 147 00:09:15,040 --> 00:09:19,319 Speaker 1: a kind of tracking information that definitely rubs people the 148 00:09:19,360 --> 00:09:24,000 Speaker 1: wrong way, very valuable information. If Google wants to serve 149 00:09:24,080 --> 00:09:26,480 Speaker 1: up ads to you. That's that are based on your 150 00:09:26,720 --> 00:09:30,839 Speaker 1: your locale, but not very comforting if you're thinking about 151 00:09:30,960 --> 00:09:33,440 Speaker 1: I'm just carrying my phone around. I don't need my 152 00:09:33,520 --> 00:09:38,000 Speaker 1: phone telling Google everywhere I'm going throughout the day. Now, 153 00:09:38,000 --> 00:09:40,640 Speaker 1: there are instances where a company, an agency, or a 154 00:09:40,679 --> 00:09:45,240 Speaker 1: government might want to identify someone based upon their browsing behavior. 155 00:09:45,840 --> 00:09:48,360 Speaker 1: For example, let's say that there's a crime that's been 156 00:09:48,400 --> 00:09:51,600 Speaker 1: committed and law enforcement has come into possession of a 157 00:09:51,640 --> 00:09:56,000 Speaker 1: computer that they believe belonged to the perpetrator of that crime, 158 00:09:56,600 --> 00:09:59,520 Speaker 1: but they still don't know who that perpetrator is. They've 159 00:09:59,520 --> 00:10:01,840 Speaker 1: got they've up the computer, his or her computer, but 160 00:10:01,880 --> 00:10:04,400 Speaker 1: they don't know who that person is yet, and there's 161 00:10:04,400 --> 00:10:09,199 Speaker 1: no overtly identifiable information on the computer's hard drive, no fingerprints, 162 00:10:09,240 --> 00:10:11,360 Speaker 1: that kind of thing. Would it be possible for an 163 00:10:11,400 --> 00:10:14,240 Speaker 1: investigator or an analyst to be able to figure out 164 00:10:14,240 --> 00:10:18,520 Speaker 1: the identity of the computer's owner just through that person's 165 00:10:18,720 --> 00:10:23,080 Speaker 1: browsing history. If you looked at the information of what 166 00:10:23,200 --> 00:10:25,840 Speaker 1: websites they went to, would you be able to figure 167 00:10:25,880 --> 00:10:30,360 Speaker 1: out who it was that owned that computer? Well, setting 168 00:10:30,400 --> 00:10:34,000 Speaker 1: aside the possibility that the perpetrator had remained signed into 169 00:10:34,000 --> 00:10:37,839 Speaker 1: any services that would link back to his or her identity. 170 00:10:38,000 --> 00:10:40,160 Speaker 1: The task would require the analysts to look at the 171 00:10:40,200 --> 00:10:43,080 Speaker 1: patterns of behaviors and the browser history to figure out 172 00:10:43,240 --> 00:10:47,120 Speaker 1: what had the person had that computer's keyboard been doing. 173 00:10:47,559 --> 00:10:49,719 Speaker 1: It's kind of scary to think about this, but this 174 00:10:49,760 --> 00:10:52,000 Speaker 1: is totally possible to do. It's built upon the same 175 00:10:52,000 --> 00:10:55,360 Speaker 1: principles that were used to support e commerce. Back in 176 00:10:55,400 --> 00:10:59,120 Speaker 1: two six there were some Russian analysts who proposed a 177 00:10:59,200 --> 00:11:03,840 Speaker 1: method of user profiling that would create profiles of users 178 00:11:03,840 --> 00:11:08,600 Speaker 1: based on their browser history. So you would get shoveled 179 00:11:08,640 --> 00:11:13,280 Speaker 1: into progressively smaller groups based on your behavior. So you know, 180 00:11:14,240 --> 00:11:18,000 Speaker 1: initial analysis might put you in one of several broad categories, 181 00:11:18,600 --> 00:11:26,079 Speaker 1: but the more specific behaviors you exhibit, the more specific 182 00:11:26,120 --> 00:11:28,840 Speaker 1: the groups could be that you would be sorted into, 183 00:11:29,160 --> 00:11:32,280 Speaker 1: and that would represent profiles. As word vectors, that's a 184 00:11:32,440 --> 00:11:36,240 Speaker 1: method to assign context to words that ties into natural 185 00:11:36,280 --> 00:11:39,240 Speaker 1: language processing. I did a couple episodes on those a 186 00:11:39,280 --> 00:11:42,960 Speaker 1: little while back. The researchers use those word vectors to 187 00:11:42,960 --> 00:11:47,000 Speaker 1: create clusters of topics in a hierarchy to determine or 188 00:11:47,360 --> 00:11:52,000 Speaker 1: determined by rather user behavior and the stuff that users valued. 189 00:11:52,040 --> 00:11:55,480 Speaker 1: More as demonstrated in their behavior by following links or 190 00:11:55,520 --> 00:11:58,000 Speaker 1: staying on certain pages for a longer time, or making 191 00:11:58,040 --> 00:12:01,080 Speaker 1: searches would occupy a higher place in that hierarchy, and 192 00:12:01,120 --> 00:12:04,760 Speaker 1: that was one way of identifying users, at least by interest. 193 00:12:04,800 --> 00:12:07,000 Speaker 1: Now again that didn't assign a name yet, but that 194 00:12:07,080 --> 00:12:09,600 Speaker 1: was a building block towards this. There's a two thousand 195 00:12:09,679 --> 00:12:12,319 Speaker 1: seven paper I read that described a different approach that 196 00:12:12,360 --> 00:12:15,800 Speaker 1: could predict a user's gender and age based on his 197 00:12:16,000 --> 00:12:19,680 Speaker 1: or her web browsing behavior. The researchers created a model 198 00:12:19,840 --> 00:12:23,840 Speaker 1: that relied on users reporting their age and their gender, 199 00:12:24,160 --> 00:12:27,400 Speaker 1: so it's a self reporting kind of thing, and they 200 00:12:27,440 --> 00:12:30,320 Speaker 1: would also give up access to their browsing history to 201 00:12:30,440 --> 00:12:34,640 Speaker 1: this model, and the model would learn the associate to 202 00:12:34,720 --> 00:12:38,080 Speaker 1: associate certain behaviors with respect to age and gender and 203 00:12:38,160 --> 00:12:42,520 Speaker 1: draw general conclusions based on that. And once it learned 204 00:12:42,720 --> 00:12:45,840 Speaker 1: through this training process, it could then analyze an unknown 205 00:12:46,080 --> 00:12:50,000 Speaker 1: users browser history and then predict that person's gender and age. 206 00:12:50,720 --> 00:12:52,840 Speaker 1: I don't know how accurate it was. I came across 207 00:12:52,960 --> 00:12:56,240 Speaker 1: this information all reading a totally different but related paper, 208 00:12:56,440 --> 00:12:58,840 Speaker 1: didn't have time to track down the two seven document. 209 00:12:59,760 --> 00:13:04,000 Speaker 1: By this does lead to the way law enforcement might 210 00:13:04,240 --> 00:13:09,240 Speaker 1: use user profiling to identify someone based on their browser behavior. 211 00:13:09,720 --> 00:13:11,840 Speaker 1: I'll explain more in just a second, but first let's 212 00:13:11,880 --> 00:13:22,480 Speaker 1: take a quick break to thank our sponsor. Before the break, 213 00:13:22,520 --> 00:13:25,800 Speaker 1: I mentioned a paper that related paper was specifically about 214 00:13:26,520 --> 00:13:29,760 Speaker 1: identifying a suspect based on their web behavior and it 215 00:13:29,840 --> 00:13:34,880 Speaker 1: has the title Web user profiling based on Browsing Behavior Analysis. 216 00:13:35,400 --> 00:13:38,000 Speaker 1: And in that paper, the researchers describe a method in 217 00:13:38,000 --> 00:13:41,440 Speaker 1: which a computer believed to belong to a suspect is 218 00:13:41,480 --> 00:13:46,800 Speaker 1: compared to other computers that have known users. So law 219 00:13:46,880 --> 00:13:49,280 Speaker 1: enforcement gets hold of a computer, they know that this 220 00:13:49,320 --> 00:13:52,240 Speaker 1: computer was used by the perpetrator of a crime. They 221 00:13:52,280 --> 00:13:54,640 Speaker 1: don't have an identity yet, they do have some suspects. 222 00:13:55,360 --> 00:13:58,040 Speaker 1: They don't know if any of the suspects actually were 223 00:13:58,080 --> 00:14:01,960 Speaker 1: the perpetrator. So the goal is to take this target computer, 224 00:14:02,280 --> 00:14:06,880 Speaker 1: the one that was involved with the actual perpetrator, with 225 00:14:07,160 --> 00:14:11,559 Speaker 1: candidate computers the ones that suspects are using, and factors 226 00:14:11,600 --> 00:14:14,800 Speaker 1: such as the specific sites that were visited, the time 227 00:14:14,960 --> 00:14:19,560 Speaker 1: spent on every site, the order that the user would 228 00:14:19,560 --> 00:14:22,480 Speaker 1: browse the sites. All of these things are taken into consideration, 229 00:14:23,120 --> 00:14:24,760 Speaker 1: and at the heart of the matter is the idea 230 00:14:24,800 --> 00:14:27,560 Speaker 1: that we humans tend to be creatures of habit. So 231 00:14:27,680 --> 00:14:30,720 Speaker 1: here's how it would work. Investigators take that target computer 232 00:14:31,720 --> 00:14:34,920 Speaker 1: and they perform a data extraction on the computer. They 233 00:14:34,920 --> 00:14:37,760 Speaker 1: pull all the information they can off of it to 234 00:14:37,800 --> 00:14:40,240 Speaker 1: get a lead on the identity, and includes the browser 235 00:14:40,320 --> 00:14:44,600 Speaker 1: history and browser behaviors, and they analyze this. They have 236 00:14:44,720 --> 00:14:47,920 Speaker 1: identified some suspects and those suspects may be using other 237 00:14:47,960 --> 00:14:52,200 Speaker 1: computer s access online services, and those are the candidate computers. 238 00:14:52,200 --> 00:14:56,840 Speaker 1: So law enforcement gets possession of those candidate computers, presumably 239 00:14:57,000 --> 00:15:00,160 Speaker 1: through a warrant, and they preserve they do the same 240 00:15:00,200 --> 00:15:02,040 Speaker 1: sort of thing. They do a data extraction on each 241 00:15:02,080 --> 00:15:07,360 Speaker 1: of those computers. Then they process all that information and 242 00:15:07,400 --> 00:15:11,600 Speaker 1: they analyze it, and investigators determine which factors are domains 243 00:15:11,600 --> 00:15:16,120 Speaker 1: of interest, like what what are the things in the 244 00:15:16,160 --> 00:15:21,520 Speaker 1: target computer that could potentially be identify irs for somebody, 245 00:15:22,200 --> 00:15:25,240 Speaker 1: and they break this down into a vector representation. They 246 00:15:25,320 --> 00:15:27,960 Speaker 1: wait each of the factors to assign each one in 247 00:15:28,040 --> 00:15:32,520 Speaker 1: relative importance. So, for example, awaiting might represent that the 248 00:15:32,560 --> 00:15:36,080 Speaker 1: activity on the target computer showed the perpetrator repeatedly visited 249 00:15:36,120 --> 00:15:40,040 Speaker 1: the same five websites, so those websites would be weighted 250 00:15:40,480 --> 00:15:44,040 Speaker 1: heavier than others because the perpetrator had gone to them 251 00:15:44,120 --> 00:15:48,640 Speaker 1: multiple times, and it might within those five websites, each 252 00:15:48,680 --> 00:15:51,560 Speaker 1: of those websites might have their own weighting that is 253 00:15:51,560 --> 00:15:55,160 Speaker 1: based upon the amount of time spent on those sites 254 00:15:55,680 --> 00:15:58,200 Speaker 1: and the number of times that the perpetrator had logged 255 00:15:58,200 --> 00:16:01,640 Speaker 1: into them that are recorded in that browser history. These 256 00:16:01,720 --> 00:16:06,560 Speaker 1: indicate trends and behaviors. Then you would compare that with 257 00:16:06,920 --> 00:16:09,520 Speaker 1: the information you found from the candidate computers, and if 258 00:16:09,560 --> 00:16:13,600 Speaker 1: you found one that demonstrated a similar browsing behavior as 259 00:16:13,640 --> 00:16:16,040 Speaker 1: the one that was on the target computer, you can 260 00:16:16,080 --> 00:16:19,280 Speaker 1: make an argument that the respective suspect may well be 261 00:16:19,400 --> 00:16:22,480 Speaker 1: your criminal, then you can consider them a lead. It's 262 00:16:22,480 --> 00:16:27,320 Speaker 1: not exactly a smoking gun, but it's certainly says this 263 00:16:27,400 --> 00:16:32,840 Speaker 1: person browses on the Internet exactly the same way as 264 00:16:32,880 --> 00:16:36,040 Speaker 1: the person who owned this computer, and we know the 265 00:16:36,040 --> 00:16:39,360 Speaker 1: person who owned this computer committed the crime, and it 266 00:16:39,400 --> 00:16:42,920 Speaker 1: can lead you into a more specific investigation. In two 267 00:16:42,960 --> 00:16:46,680 Speaker 1: thousand and seventeen, Gizmoto ran a piece titled Here's all 268 00:16:46,760 --> 00:16:49,680 Speaker 1: the data collected from you as you browse the Web, 269 00:16:50,000 --> 00:16:52,760 Speaker 1: and it was written by David Neild and I really 270 00:16:52,800 --> 00:16:56,880 Speaker 1: recommend checking out this article. Again, it's called here's all 271 00:16:56,880 --> 00:16:59,360 Speaker 1: the data collected from you as you browse the web. 272 00:16:59,480 --> 00:17:01,760 Speaker 1: It's great piece. I'm gonna kind of go over it 273 00:17:01,840 --> 00:17:04,560 Speaker 1: here a little bit. Neil points out the type of 274 00:17:04,640 --> 00:17:07,520 Speaker 1: data your computer can share with sites on the Internet, 275 00:17:08,600 --> 00:17:12,040 Speaker 1: and as he mentions, it can include all of the following. 276 00:17:12,480 --> 00:17:15,720 Speaker 1: Your IP address. Now that makes sense. The IP address 277 00:17:15,760 --> 00:17:21,280 Speaker 1: corresponds to your computer or your router UH or a router. 278 00:17:21,440 --> 00:17:24,159 Speaker 1: It's necessary so that a site knows where to send 279 00:17:24,440 --> 00:17:28,320 Speaker 1: the data that you've requested. So if you visit a 280 00:17:28,359 --> 00:17:31,439 Speaker 1: website your typically you're technically sending a request to a 281 00:17:31,480 --> 00:17:34,359 Speaker 1: web server. The server has to know where to send 282 00:17:34,400 --> 00:17:39,040 Speaker 1: that site otherwise you'll never get anything back. But an 283 00:17:39,080 --> 00:17:42,600 Speaker 1: IP address can provide information that gives the site owners 284 00:17:42,640 --> 00:17:46,920 Speaker 1: a general idea of your location, not specifically where you are, 285 00:17:47,080 --> 00:17:50,119 Speaker 1: but generally where you are. Then there's the type of 286 00:17:50,240 --> 00:17:53,040 Speaker 1: system you're using, such as whether or not you're on 287 00:17:53,119 --> 00:17:55,679 Speaker 1: a phone or a tablet, or a computer or a 288 00:17:55,720 --> 00:18:00,480 Speaker 1: gaming console. UH. This is what will also typically include 289 00:18:00,480 --> 00:18:04,920 Speaker 1: information like the operating system that you're using, the display 290 00:18:04,960 --> 00:18:08,760 Speaker 1: resolution on the device you have, what processors your machine 291 00:18:08,840 --> 00:18:12,440 Speaker 1: might have like CPU and GPU, and the specific types 292 00:18:13,160 --> 00:18:15,840 Speaker 1: like how many cores that how much processing power that 293 00:18:15,880 --> 00:18:19,080 Speaker 1: kind of stuff, Which browser you might be using, what 294 00:18:19,280 --> 00:18:24,040 Speaker 1: plugins you have installed in that browser, your devices battery 295 00:18:24,160 --> 00:18:27,720 Speaker 1: charge could be part of the information. All of that 296 00:18:28,160 --> 00:18:31,280 Speaker 1: is part of the information that that your machine is 297 00:18:31,359 --> 00:18:35,200 Speaker 1: handing over. In this exchange, Neild also mentions the web 298 00:18:35,200 --> 00:18:37,400 Speaker 1: page that will let you know all the data your 299 00:18:37,400 --> 00:18:41,160 Speaker 1: browser since two pages. By default, that site is called 300 00:18:41,359 --> 00:18:45,920 Speaker 1: web k dot robin linus dot com or linus if 301 00:18:45,920 --> 00:18:49,439 Speaker 1: you prefer, it's w E B k A Y dot 302 00:18:50,080 --> 00:18:53,800 Speaker 1: R O b I n l I n us dot com. 303 00:18:53,840 --> 00:18:55,359 Speaker 1: So I went ahead and checked it out just to 304 00:18:55,359 --> 00:18:57,560 Speaker 1: see what would say about my connection here at work. 305 00:18:58,080 --> 00:19:01,760 Speaker 1: So it knew my work computer is running when seven, yeah, 306 00:19:01,800 --> 00:19:05,280 Speaker 1: I know. It also knew that I was using Chrome 307 00:19:05,480 --> 00:19:09,480 Speaker 1: as my browser. It identified the GPU and the CPU 308 00:19:09,680 --> 00:19:13,960 Speaker 1: for my computer. It knew what resolution I had set 309 00:19:14,040 --> 00:19:16,320 Speaker 1: my screen. It knew my laptops battery was at a 310 00:19:17,119 --> 00:19:19,639 Speaker 1: charge because it was plugged into a docking station at 311 00:19:19,640 --> 00:19:23,639 Speaker 1: the time. It identified the I s B my office uses. 312 00:19:24,160 --> 00:19:27,679 Speaker 1: It identified the download speed I had available to me. 313 00:19:27,840 --> 00:19:30,680 Speaker 1: It estimated my location. It was off by a couple 314 00:19:30,720 --> 00:19:33,240 Speaker 1: of blocks, but it was in the general area. It 315 00:19:33,359 --> 00:19:37,560 Speaker 1: identified which social media accounts I was logged into at 316 00:19:37,600 --> 00:19:41,560 Speaker 1: that time. If it had been a mobile device, um, 317 00:19:41,600 --> 00:19:44,360 Speaker 1: it would have also told me about my devices orientation, 318 00:19:44,480 --> 00:19:46,600 Speaker 1: like whether it was in portrait or landscape mode, and 319 00:19:46,680 --> 00:19:50,199 Speaker 1: more information like that. And then yield linked to another 320 00:19:50,240 --> 00:19:54,359 Speaker 1: site called click that one can monitor mouse movements and 321 00:19:54,680 --> 00:19:57,600 Speaker 1: mouse clicks and how active you are with a site. 322 00:19:57,640 --> 00:19:59,600 Speaker 1: I visited this one too, and it was kind of creepy. 323 00:19:59,600 --> 00:20:01,600 Speaker 1: It's just find in a way to actually reveal to 324 00:20:01,640 --> 00:20:06,040 Speaker 1: you how much information is being sent to a website. 325 00:20:06,040 --> 00:20:10,360 Speaker 1: So there's actually a voice that talks to you, prerecorded 326 00:20:10,400 --> 00:20:14,359 Speaker 1: stuff that's meant to be a little unsettling, and it 327 00:20:14,480 --> 00:20:17,240 Speaker 1: sends you information telling you, oh, you just move the 328 00:20:17,280 --> 00:20:19,520 Speaker 1: mouse to the right, you just moved it to the left, 329 00:20:20,320 --> 00:20:22,760 Speaker 1: You've sat still for thirty seconds, You've been viewing this 330 00:20:22,800 --> 00:20:26,080 Speaker 1: page for a minute. So this is all information that 331 00:20:26,160 --> 00:20:28,600 Speaker 1: could be sent to a site like they could actually 332 00:20:28,600 --> 00:20:32,920 Speaker 1: monitor where is your mouse moving across a web page, 333 00:20:33,280 --> 00:20:35,760 Speaker 1: which again gets a little creepy. Right now, there are 334 00:20:35,880 --> 00:20:39,400 Speaker 1: legitimate uses for that kind of information from a website 335 00:20:39,400 --> 00:20:41,440 Speaker 1: design perspective, it could tell you a lot about the 336 00:20:41,480 --> 00:20:45,200 Speaker 1: sort of things users find attractive or interesting. About your website, 337 00:20:46,240 --> 00:20:50,679 Speaker 1: but there are also potential misuses and legit analytics firms 338 00:20:50,680 --> 00:20:54,439 Speaker 1: won't use information to compromise users privacy, but not everyone's legit. 339 00:20:54,920 --> 00:20:59,520 Speaker 1: Here's another example. Let's say that you are in a 340 00:20:59,640 --> 00:21:02,520 Speaker 1: faery person. Actually, I'm not gonna say that you're a 341 00:21:02,600 --> 00:21:05,399 Speaker 1: nice person, you're not nefarious. Let's say there is a 342 00:21:05,480 --> 00:21:09,639 Speaker 1: nefarious person out there, and this nefarious person has installed 343 00:21:09,720 --> 00:21:13,920 Speaker 1: some rogue JavaScript on a website, then has tricked people 344 00:21:13,920 --> 00:21:17,840 Speaker 1: into going to it, and is able to give certain 345 00:21:17,960 --> 00:21:24,160 Speaker 1: bits of information that appear to include compromising information about 346 00:21:24,200 --> 00:21:28,879 Speaker 1: the user, and they're able to contact the user to 347 00:21:29,080 --> 00:21:32,119 Speaker 1: send a message out to that users perhaps their email 348 00:21:32,160 --> 00:21:35,919 Speaker 1: address or something on those lines, and through this method 349 00:21:35,960 --> 00:21:39,240 Speaker 1: of contact, they are trying to blackmail the users, saying 350 00:21:39,720 --> 00:21:42,800 Speaker 1: I have dirt on you because I know that you've 351 00:21:42,880 --> 00:21:46,400 Speaker 1: visited such and such website. Maybe it's an adult content website, 352 00:21:46,440 --> 00:21:50,520 Speaker 1: maybe it's a website that's about a sensitive subject. And 353 00:21:50,560 --> 00:21:54,080 Speaker 1: they're able to tell this from the cookies or the JavaScript, 354 00:21:54,720 --> 00:21:58,440 Speaker 1: and so they're sending a message that's essentially saying, if 355 00:21:58,480 --> 00:22:01,159 Speaker 1: you don't cooperate with me, I'm going to reveal the 356 00:22:01,200 --> 00:22:03,280 Speaker 1: information I have about you, Now that may not be 357 00:22:03,359 --> 00:22:06,880 Speaker 1: that they have any real information about you, anything that's 358 00:22:07,000 --> 00:22:13,920 Speaker 1: of any real damaging worth. But they're trading on people's 359 00:22:14,040 --> 00:22:18,960 Speaker 1: natural fears and and they know that even if not 360 00:22:19,960 --> 00:22:22,760 Speaker 1: of their attacks are going to be successful, at least 361 00:22:22,840 --> 00:22:24,560 Speaker 1: enough of them will be for it to be worthwhile. 362 00:22:25,280 --> 00:22:28,199 Speaker 1: So that's one way someone might make nefarious use of 363 00:22:28,200 --> 00:22:30,840 Speaker 1: this kind of data. I'll talk a little bit about 364 00:22:31,000 --> 00:22:38,119 Speaker 1: some ways that governments and companies and individuals have tried 365 00:22:38,160 --> 00:22:42,560 Speaker 1: to protect themselves and others from this kind of abuse 366 00:22:42,720 --> 00:22:44,880 Speaker 1: in just a second, but first let's take another quick 367 00:22:44,880 --> 00:22:55,320 Speaker 1: break to thank our sponsor. Now, there are some laws 368 00:22:55,440 --> 00:22:59,119 Speaker 1: in place that help protect people from predatory use of 369 00:22:59,240 --> 00:23:03,200 Speaker 1: their data. In the United States gets a little loosey goosey. 370 00:23:03,320 --> 00:23:07,040 Speaker 1: There's some state level laws in some places, but obviously 371 00:23:07,080 --> 00:23:10,800 Speaker 1: those apply within a state, not across the entire country. 372 00:23:11,119 --> 00:23:13,440 Speaker 1: There are a few federal protections that are in place. 373 00:23:13,560 --> 00:23:16,879 Speaker 1: In Europe, the protections are way more extensive. The g 374 00:23:17,040 --> 00:23:19,560 Speaker 1: d PR resolution is an example of that, but it's 375 00:23:19,600 --> 00:23:23,360 Speaker 1: just one example of that. So in Europe people generally 376 00:23:23,480 --> 00:23:27,679 Speaker 1: enjoy a better level of protection as far as uh 377 00:23:28,359 --> 00:23:31,040 Speaker 1: their data security is concerned, and there are a lot 378 00:23:31,040 --> 00:23:33,480 Speaker 1: of analytics companies out there that have tried to address 379 00:23:33,520 --> 00:23:37,320 Speaker 1: these issues because they want to know. They want people 380 00:23:37,320 --> 00:23:39,560 Speaker 1: to know, Hey, what we do is valuable. What we 381 00:23:39,640 --> 00:23:43,000 Speaker 1: do actually is part of what makes the Internet work. 382 00:23:43,720 --> 00:23:47,639 Speaker 1: As long as we do it with accountability and we 383 00:23:47,680 --> 00:23:50,439 Speaker 1: do it with respect to your privacy, everything should be 384 00:23:50,480 --> 00:23:53,080 Speaker 1: fine and everyone should benefit. So one of the big 385 00:23:53,119 --> 00:23:56,919 Speaker 1: pushes in the industry is to be more transparent about 386 00:23:57,359 --> 00:24:01,560 Speaker 1: what which data points these rights are collecting and to 387 00:24:01,720 --> 00:24:04,800 Speaker 1: what purpose, Like why are they collecting all this information? 388 00:24:05,720 --> 00:24:07,800 Speaker 1: And it can't just be transparent. It needs to be 389 00:24:07,840 --> 00:24:10,879 Speaker 1: worded in a way that makes sense. It's not buried 390 00:24:10,920 --> 00:24:14,920 Speaker 1: in jargon and legal ease, because then just nine people 391 00:24:14,920 --> 00:24:17,000 Speaker 1: just skip over it and they don't get angry until 392 00:24:17,080 --> 00:24:21,160 Speaker 1: something goes wrong. So being able to explain in blame language, hey, 393 00:24:21,240 --> 00:24:26,000 Speaker 1: we are collecting these data points about people. This is 394 00:24:26,080 --> 00:24:29,080 Speaker 1: how we're using that data. Here's how you will benefit 395 00:24:29,160 --> 00:24:32,720 Speaker 1: from that use, and here's how we benefit from that use. 396 00:24:32,760 --> 00:24:37,439 Speaker 1: If it's completely transparent, everyone is much less likely to 397 00:24:37,480 --> 00:24:41,920 Speaker 1: get upset because they're less likely to misinterpret what is 398 00:24:41,960 --> 00:24:47,160 Speaker 1: happening or to make assumptions about the worst right. So 399 00:24:47,200 --> 00:24:50,240 Speaker 1: tracking in itself might not be malicious. It's meant to 400 00:24:50,240 --> 00:24:54,280 Speaker 1: make things better for everybody, but it's also very easy 401 00:24:54,320 --> 00:24:58,600 Speaker 1: to misuse the information and data is valuable right, so 402 00:24:59,040 --> 00:25:02,080 Speaker 1: it has actual real value to it. That means bad 403 00:25:02,080 --> 00:25:04,679 Speaker 1: actors will go after it too. So what can you 404 00:25:04,800 --> 00:25:09,160 Speaker 1: do on a personal level to protect yourself. One thing 405 00:25:09,440 --> 00:25:12,880 Speaker 1: is that browsers have a do not track setting that 406 00:25:12,920 --> 00:25:17,600 Speaker 1: you can enact. You can enable do not tracked track. Rather, 407 00:25:17,840 --> 00:25:21,359 Speaker 1: in theory, that protocol would mean that sites would agree 408 00:25:21,520 --> 00:25:24,520 Speaker 1: not to track you. Now, I say in theory because 409 00:25:24,520 --> 00:25:28,000 Speaker 1: there's nothing legally requiring sites to obey that protocol, so 410 00:25:28,040 --> 00:25:32,760 Speaker 1: they might track you anyway. The more reputable ones probably won't, 411 00:25:33,160 --> 00:25:36,960 Speaker 1: but other sites might not really give it any mind, 412 00:25:37,280 --> 00:25:41,960 Speaker 1: so it's not really the safest approach. You can try 413 00:25:41,960 --> 00:25:45,840 Speaker 1: to browse in private or incognito mode and a browser 414 00:25:45,960 --> 00:25:49,679 Speaker 1: lots of browsers allowed for this, and usually what that 415 00:25:49,720 --> 00:25:52,800 Speaker 1: means is it will only load cookies for that current session, 416 00:25:53,040 --> 00:25:56,160 Speaker 1: so you're not gonna have cookies save to the browser 417 00:25:56,200 --> 00:26:01,199 Speaker 1: in this way, so that reduces a site's ability to 418 00:26:01,240 --> 00:26:04,280 Speaker 1: track your information. Although the longer you stay on a 419 00:26:04,320 --> 00:26:07,359 Speaker 1: site and the more you click around, the more information 420 00:26:07,400 --> 00:26:11,640 Speaker 1: you are giving that site. Uh, Incognito mode really only 421 00:26:12,320 --> 00:26:15,280 Speaker 1: kind of a racist trace of your activities on that 422 00:26:15,359 --> 00:26:19,480 Speaker 1: local device. So the computer you're using, the mobile device 423 00:26:19,480 --> 00:26:22,919 Speaker 1: you're using, whatever that may be. Incognito mode really just 424 00:26:23,040 --> 00:26:25,960 Speaker 1: keeps it from being you know, your activities being left 425 00:26:26,080 --> 00:26:29,520 Speaker 1: on that device. Your Internet service provider will still see 426 00:26:29,520 --> 00:26:32,919 Speaker 1: where you're going, because it has to in order to 427 00:26:32,960 --> 00:26:35,160 Speaker 1: be able to send you the information that you're requesting 428 00:26:35,160 --> 00:26:37,760 Speaker 1: through the web browser. Um, you still have an IP 429 00:26:37,880 --> 00:26:40,640 Speaker 1: address that can still narrow down where you live or 430 00:26:40,640 --> 00:26:44,360 Speaker 1: where you're accessing the information from. If you log into 431 00:26:44,440 --> 00:26:46,880 Speaker 1: a service like Facebook or Twitter or something like that, 432 00:26:46,880 --> 00:26:50,280 Speaker 1: that's a dead giveaway. So this is a limited help. 433 00:26:50,800 --> 00:26:53,760 Speaker 1: Another thing you might do is install browser extensions that 434 00:26:53,840 --> 00:26:57,680 Speaker 1: limit active scripts from running on websites without your authorization. 435 00:26:58,440 --> 00:27:01,960 Speaker 1: So there are extensions like no Script Security Suite that's 436 00:27:02,000 --> 00:27:06,080 Speaker 1: for Firefox, UH, their Script Safe that's for Chrome. These 437 00:27:06,080 --> 00:27:09,640 Speaker 1: are extensions that put the control in your hands. So 438 00:27:09,920 --> 00:27:11,680 Speaker 1: when you access a site that has one of these 439 00:27:11,680 --> 00:27:14,879 Speaker 1: sort of invisible trackers on it or whatever, it'll pop 440 00:27:15,000 --> 00:27:17,879 Speaker 1: up and alert you and you can choose to either 441 00:27:18,000 --> 00:27:20,639 Speaker 1: allow it or to prevent it from being able to 442 00:27:20,680 --> 00:27:24,280 Speaker 1: track you. UH. At least in the JavaScript approach. If 443 00:27:24,320 --> 00:27:28,520 Speaker 1: people are looking at their access logs, that's still gonna 444 00:27:28,520 --> 00:27:31,080 Speaker 1: show that you've visited the site, but it won't give 445 00:27:31,119 --> 00:27:34,520 Speaker 1: the kind of tiny amounts of data that JavaScript would. 446 00:27:34,800 --> 00:27:37,800 Speaker 1: Tiny tiny is in focused, there's actually quite a lot 447 00:27:37,840 --> 00:27:41,640 Speaker 1: of data. The Electronic Frontier Foundation offers up an extension 448 00:27:41,680 --> 00:27:46,280 Speaker 1: for Firefox, Opera, and Android called Privacy Badger. This add 449 00:27:46,320 --> 00:27:50,720 Speaker 1: on blocks trackers and spy wear. Specifically, it quote stops 450 00:27:50,800 --> 00:27:54,359 Speaker 1: advertisers and other third party trackers from secretly tracking where 451 00:27:54,400 --> 00:27:56,960 Speaker 1: you go and what pages you look at on the web. 452 00:27:57,560 --> 00:28:00,000 Speaker 1: If an advertiser seems to be tracking you across multiple 453 00:28:00,080 --> 00:28:04,560 Speaker 1: websites without your permission, Privacy Badger automatically blocks that advertiser 454 00:28:04,600 --> 00:28:07,719 Speaker 1: from loading any more content in your browser. To the advertiser, 455 00:28:07,720 --> 00:28:10,840 Speaker 1: it looks like you suddenly disappeared. End quote. So it 456 00:28:10,880 --> 00:28:15,280 Speaker 1: does this by identifying which content sources are registering your 457 00:28:15,280 --> 00:28:18,199 Speaker 1: presence on a web page, including the ads that are 458 00:28:18,280 --> 00:28:21,000 Speaker 1: loaded on that web page, and as you go from 459 00:28:21,000 --> 00:28:23,639 Speaker 1: one page to another, if it keeps picking up the 460 00:28:23,720 --> 00:28:26,720 Speaker 1: same sources, that's an indication that you're being tracked, and 461 00:28:26,760 --> 00:28:30,159 Speaker 1: those are the ones that will um it will stop 462 00:28:30,200 --> 00:28:33,800 Speaker 1: loading into your web browser, and since it stops loading it, 463 00:28:34,200 --> 00:28:37,480 Speaker 1: the source can no longer get information about your activities, 464 00:28:37,480 --> 00:28:39,640 Speaker 1: and it's like you just disappeared into thin air. But 465 00:28:39,760 --> 00:28:43,080 Speaker 1: what about them virtual private networks. I'm gonna have to 466 00:28:43,080 --> 00:28:45,920 Speaker 1: do a full episode about VPNs and why they exist 467 00:28:45,960 --> 00:28:49,240 Speaker 1: and why they're important and when you should use one. 468 00:28:49,960 --> 00:28:53,080 Speaker 1: I'll do one of those in the future, but generally, 469 00:28:53,560 --> 00:28:58,800 Speaker 1: in this context, they're mostly good for hiding your physical location. UH. 470 00:28:58,840 --> 00:29:02,440 Speaker 1: The lokal ation will appear to correspond to that of 471 00:29:02,520 --> 00:29:05,720 Speaker 1: the virtual private network, not to you, not to your 472 00:29:05,800 --> 00:29:11,760 Speaker 1: real world location, because the web browser will be acting 473 00:29:11,840 --> 00:29:17,479 Speaker 1: like the VPN is the source of the traffic, not 474 00:29:17,480 --> 00:29:21,200 Speaker 1: not your computer, and the VPN handles it from that 475 00:29:21,240 --> 00:29:24,240 Speaker 1: point to get it to you. So you would still 476 00:29:24,280 --> 00:29:26,280 Speaker 1: get cookies from sites. They'd still be able to track 477 00:29:26,320 --> 00:29:30,040 Speaker 1: your activities, but I would do it through the the 478 00:29:30,080 --> 00:29:34,080 Speaker 1: context of the VPN and UH. And since your behaviors 479 00:29:34,080 --> 00:29:36,360 Speaker 1: are filtering through the VPN instead of your normal I 480 00:29:36,560 --> 00:29:39,160 Speaker 1: s P, what you're really doing is trading one entity 481 00:29:39,240 --> 00:29:42,160 Speaker 1: for another. Instead of having the I s P be 482 00:29:42,280 --> 00:29:45,600 Speaker 1: the one monitoring all the stuff you're doing, the VPN 483 00:29:46,360 --> 00:29:49,360 Speaker 1: could technically monitor all the stuff you're doing, so I 484 00:29:49,400 --> 00:29:51,200 Speaker 1: guess then it just comes down to who do you 485 00:29:51,240 --> 00:29:54,760 Speaker 1: trust more, the VPN or the I s p UM. 486 00:29:54,840 --> 00:29:57,440 Speaker 1: The answer is going to be very dependent upon which 487 00:29:57,480 --> 00:30:00,520 Speaker 1: of those entities are you're making use of at any 488 00:30:00,560 --> 00:30:04,760 Speaker 1: given time. So one last little bit about the pros 489 00:30:04,800 --> 00:30:09,280 Speaker 1: and cons of tracking. Tracking is what makes online advertising work. 490 00:30:10,040 --> 00:30:13,560 Speaker 1: So it's somewhat infuriating because online tracking gives us a 491 00:30:13,600 --> 00:30:16,480 Speaker 1: really granular view of which ads work on which sites, 492 00:30:16,520 --> 00:30:20,120 Speaker 1: and which ones don't. We learned about how different form 493 00:30:20,200 --> 00:30:23,240 Speaker 1: factors can be more or less effective. You might find 494 00:30:23,240 --> 00:30:25,960 Speaker 1: out that at A tests really well on site one, 495 00:30:26,600 --> 00:30:29,280 Speaker 1: but it fails miserably on site too. But AD B, 496 00:30:30,240 --> 00:30:32,080 Speaker 1: which is for the exact same product, is at A, 497 00:30:32,240 --> 00:30:34,760 Speaker 1: but it's a different design that one works great on 498 00:30:34,800 --> 00:30:37,360 Speaker 1: site too. Or maybe you find out just by changing 499 00:30:37,360 --> 00:30:40,360 Speaker 1: where an AD displays on a page it drives more engagement. 500 00:30:41,040 --> 00:30:43,800 Speaker 1: The reason this is important is because running a website 501 00:30:44,000 --> 00:30:47,240 Speaker 1: is not free. If it were, the world would be 502 00:30:47,240 --> 00:30:51,280 Speaker 1: a very different place. So companies like how stuff works 503 00:30:51,320 --> 00:30:54,960 Speaker 1: dot Com have costs associated with them, right, and those 504 00:30:54,960 --> 00:30:58,240 Speaker 1: are significant costs, not just like web hosting, but other 505 00:30:58,280 --> 00:31:02,320 Speaker 1: stuff like off the space, lay salaries, healthcare lots and 506 00:31:02,400 --> 00:31:06,360 Speaker 1: lots of costs. So if there's no money coming in 507 00:31:06,560 --> 00:31:09,120 Speaker 1: to cover those costs, you won't stay in business. You 508 00:31:09,240 --> 00:31:14,160 Speaker 1: go into debt. Eventually you go into bankruptcy. Uh. So 509 00:31:14,320 --> 00:31:16,520 Speaker 1: you want to make money to pay off the costs, 510 00:31:16,560 --> 00:31:18,360 Speaker 1: and you really want to make enough to make a profit. 511 00:31:18,400 --> 00:31:20,040 Speaker 1: I mean, that's what a business is all about, is 512 00:31:20,040 --> 00:31:24,560 Speaker 1: making profits. So without profit, businesses don't really exist. And 513 00:31:24,600 --> 00:31:27,720 Speaker 1: then the content goes away. So unless we move to 514 00:31:28,000 --> 00:31:32,720 Speaker 1: a totally different model of the web, which probably be 515 00:31:32,800 --> 00:31:34,720 Speaker 1: one where we have to pay for everything we want 516 00:31:34,760 --> 00:31:38,680 Speaker 1: to access, everything would be behind a paywall, it would 517 00:31:38,680 --> 00:31:42,800 Speaker 1: be really hard to continue to have web content. We 518 00:31:42,880 --> 00:31:46,840 Speaker 1: have to have some financial means to support the content 519 00:31:47,720 --> 00:31:50,000 Speaker 1: or else the content goes away. Same thing is true 520 00:31:50,040 --> 00:31:53,920 Speaker 1: for podcasts. I mean, the reason we have sponsors is 521 00:31:54,000 --> 00:31:59,480 Speaker 1: to h to pay off the costs of producing these 522 00:31:59,480 --> 00:32:04,520 Speaker 1: shows and posting the shows and continue to develop shows 523 00:32:04,520 --> 00:32:09,560 Speaker 1: and make new shows. The ads support that, and hopefully 524 00:32:10,040 --> 00:32:14,800 Speaker 1: the ads that we are choosing to place with shows 525 00:32:15,440 --> 00:32:18,600 Speaker 1: are meaningful to our listeners, because if they're not, then 526 00:32:18,600 --> 00:32:22,360 Speaker 1: it's not really doing anyone any good. And ultimately, you 527 00:32:22,440 --> 00:32:29,440 Speaker 1: want the best possible relationship between content, advertising, and users. 528 00:32:29,520 --> 00:32:33,680 Speaker 1: You want something where everybody is happy with it, because otherwise, 529 00:32:33,680 --> 00:32:36,280 Speaker 1: what's the point. The same thing is true with the website, 530 00:32:37,280 --> 00:32:39,680 Speaker 1: so the tracking is very important to get that kind 531 00:32:39,680 --> 00:32:42,960 Speaker 1: of information. It's kind of funny to me because classic media, 532 00:32:43,040 --> 00:32:47,760 Speaker 1: your traditional media, things like television, magazines, newspapers, that kind 533 00:32:47,800 --> 00:32:51,960 Speaker 1: of stuff, everything that has advertising in it, Uh, it's 534 00:32:51,960 --> 00:32:55,160 Speaker 1: a lot harder to tell how well that advertising works, 535 00:32:56,320 --> 00:32:59,000 Speaker 1: how much impact that advertising has. With the exception of 536 00:32:59,040 --> 00:33:02,200 Speaker 1: stuff like the Super Bowl in the United States, where 537 00:33:02,200 --> 00:33:06,000 Speaker 1: people famously will tune in just to watch commercials, you 538 00:33:06,000 --> 00:33:09,560 Speaker 1: really don't know how much attention is being directed toward commercials. 539 00:33:09,640 --> 00:33:12,719 Speaker 1: You might be able to get some general ratings about 540 00:33:12,920 --> 00:33:16,160 Speaker 1: how well a certain television show has done, but that 541 00:33:16,200 --> 00:33:20,880 Speaker 1: doesn't really tell you anything about the ads themselves. So 542 00:33:22,720 --> 00:33:27,440 Speaker 1: it's funny to me that the traditional media, the advertising world, 543 00:33:27,480 --> 00:33:30,960 Speaker 1: is very comfortable in that space and in the online 544 00:33:30,960 --> 00:33:33,600 Speaker 1: space where we can actually see how well an ad 545 00:33:33,640 --> 00:33:36,760 Speaker 1: does because we can see how many people click on it, 546 00:33:36,840 --> 00:33:41,000 Speaker 1: how many people actually went through and said this is interesting, 547 00:33:41,120 --> 00:33:43,000 Speaker 1: I want to know more, I want to be able 548 00:33:43,000 --> 00:33:46,040 Speaker 1: to buy this. We can actually see how effective that is, 549 00:33:46,120 --> 00:33:52,160 Speaker 1: and somehow that makes it less valuable, uh in some cases, 550 00:33:52,200 --> 00:33:55,920 Speaker 1: like the CPMs that are demanded and in direct mail, 551 00:33:56,400 --> 00:33:59,960 Speaker 1: like sending stuff out in magazines and things that's way 552 00:34:00,200 --> 00:34:05,680 Speaker 1: higher than what you typically see for most online advertising. Um, 553 00:34:05,720 --> 00:34:08,800 Speaker 1: one of those things where a little knowledge can be dangerous. 554 00:34:08,840 --> 00:34:13,799 Speaker 1: I guess, very fascinating topic. And while you can go 555 00:34:13,880 --> 00:34:18,280 Speaker 1: through and do those extensions and use VPNs and things 556 00:34:18,320 --> 00:34:21,920 Speaker 1: and turn off a lot of the the elements that 557 00:34:22,040 --> 00:34:25,879 Speaker 1: will allow sites to track you, if you do that, 558 00:34:26,360 --> 00:34:31,000 Speaker 1: you also lose that of the benefits that tracking gives 559 00:34:31,200 --> 00:34:34,680 Speaker 1: to users. That might be a worthy trade off for 560 00:34:34,760 --> 00:34:37,800 Speaker 1: you if you really value your privacy and you don't 561 00:34:37,840 --> 00:34:41,560 Speaker 1: want sites to get access to that kind of information. 562 00:34:42,520 --> 00:34:46,040 Speaker 1: But UM, you know it's it's it's just this kind 563 00:34:46,040 --> 00:34:49,120 Speaker 1: of the way our online world works, and without some 564 00:34:49,200 --> 00:34:53,479 Speaker 1: sort of transformative change, I don't see that being any 565 00:34:53,520 --> 00:34:57,520 Speaker 1: different anytime soon. But it is an interesting subject. If 566 00:34:57,520 --> 00:35:00,880 Speaker 1: you guys have any ideas for future episodes, I any 567 00:35:00,920 --> 00:35:02,719 Speaker 1: sort of topic you want me to cover, whether it's 568 00:35:02,760 --> 00:35:06,160 Speaker 1: a technology, a company, a person in tech. Maybe there's 569 00:35:06,160 --> 00:35:08,600 Speaker 1: someone I should interview or have on as a guest host. 570 00:35:09,160 --> 00:35:11,839 Speaker 1: Send me a message. The email addresses tech stuff at 571 00:35:11,880 --> 00:35:14,479 Speaker 1: how Stuff works dot com or drop me a line 572 00:35:14,480 --> 00:35:16,359 Speaker 1: on Facebook or Twitter to handle it. Both of those 573 00:35:16,480 --> 00:35:19,640 Speaker 1: is tech stuff hs W. Don't forget. Head on over 574 00:35:19,680 --> 00:35:23,279 Speaker 1: to T public dot com slash tech stuff. That's T 575 00:35:23,560 --> 00:35:26,800 Speaker 1: e e Public dot com slash tech stuff to get 576 00:35:26,840 --> 00:35:30,719 Speaker 1: all your tech stuff merchandise needs. You know, maybe maybe 577 00:35:30,760 --> 00:35:34,160 Speaker 1: you're sitting there thinking, I have a cup of hot 578 00:35:34,200 --> 00:35:37,359 Speaker 1: coffee sitting here, but I have no mug to put 579 00:35:37,400 --> 00:35:40,680 Speaker 1: it in. Get yourself a tech stuff mug. They're pretty awesome. 580 00:35:40,719 --> 00:35:44,360 Speaker 1: I've got two of them myself, And don't forget to 581 00:35:44,400 --> 00:35:49,120 Speaker 1: follow us on Instagram. Don't talk to you again really 582 00:35:49,200 --> 00:35:57,760 Speaker 1: soon for more on this and thousands of other topics 583 00:35:57,800 --> 00:36:04,759 Speaker 1: because it how stuff works dot com. Who who Who