Featured
- Get link
- Other Apps
Some of the Most Popular Websites Share Your Data with
Over 1,500 Companies
Cookie pop-ups now show the number of “partners” that
websites may share data with. Here's how many of these third-party companies
may get your data from some of the most popular sites online.
In a little-noticed change at the end of last year,
thousands of websites started being more transparent about how many companies
your data is being shared with. In November, those infuriating cookie pop-ups—which
ask your permission to collect and share data—began sharing how many
advertising “partners” each website is working with, giving a further glimpse
of the sprawling advertising ecosystem. For many sites, it’s not pretty.
A WIRED analysis of the top 10,000 most popular websites
shows that dozens of sites say they are sharing data with more than 1,000
companies, while thousands of other websites are sharing data with hundreds of
firms. Quiz and puzzle website JetPunk tops the pile, listing 1,809 “partners” that
may collect personal information, including “browsing behavior or unique IDs.”
More than 20 websites from publisher Dotdash
Meredith—including Investopedia.com, People.com, and Allrecipes.com—all say
they can share data with 1,609 partners. The newspaper The Daily Mail lists
1,207 partners, while internet speed-monitoring firm Speedtest.net, online
medical publisher WebMD, and media outlets Reuters, ESPN, and BuzzFeed all
state they can share data with 809 companies. (WIRED, for context, lists 164
partners.) These hundreds of advertising partners include dozens of firms most
people have likely never heard of.
“You can always assume all of them are first going to try
and disambiguate who you are,” says Midas Nouwens,
an associate professor at Aarhus University in Denmark, who has
previously built
tools to automatically opt out of tracking by cookie pop-ups and
helped with the website analysis. The data collected can vary by website, and
the cookie pop-ups allow some control over what can be gathered; however, the
information can include IP addresses, fingerprinting
of devices, and various identifiers. “Once they know that, they might add
you to different data sets, or use it for enrichment later when you go to a
different site,” Nouwens says.
The online
advertising world is a messy, murky space, which can involve networks of
companies building profiles of people with the aim of showing you
tailored ads the second you open a webpage. For years, strong privacy laws in Europe, such as the GDPR, have
resulted in websites showing cookie consent pop-ups that ask for permission to
store cookies that collect data on your device. In recent years,
studies have shown that cookie pop-ups have included dark
patterns, disregarded people’s choices, and are ignored by people.
“Every single person we’ve ever observed in user testing doesn't read any of
this. They find the fastest way they can to close it out,” says Peter
Dolanjski, a product director at privacy-focused search engine and
browser DuckDuckGo.
“So they end up in a worse privacy state.”
For the website analysis, Nouwens scraped the 10,000 most
popular websites and analyzed whether the collected pop-ups mentioned partners
and, if so, the number they disclosed. WIRED manually verified all the websites
mentioned in this story, visiting each to confirm the number of partners they
displayed. We looked at the highest total number of partners within the whole
data set, and the highest number of partners for the top 1,000 most popular
websites. The process, which is only a snapshot of how websites share data,
provides one view of the complex ecosystem. The results can vary depending on
where in the world someone visits a website from.
It also only includes websites using just one system to
display cookie pop-ups. Many of the world’s biggest websites—think Google,
Facebook, and TikTok—use their own cookie pop-ups. However, thousands of
websites, including publishers and retailers, use third-party technology, made
by consent management platforms (CMPs), to show the pop-ups. These pop-ups
largely follow standards from the marketing and advertising group IAB Europe,
which details the information that should be included in the cookie pop-ups.
In November 2023, IAB Europe updated its Transparency
and Consent Framework, in response to rulings saying
it didn’t comply with Europe’s GDPR, to include the provision that
companies should disclose how many partners they're sharing user data with on
the first pages of their websites. Townsend Feehan, the CEO of IAB Europe, says
the update “includes a number of meaningful iterations,” which provide people
with more information about what data may be shared and include changes such as
making a “reject all” option prominently available. “The addition of the number
of vendors corresponds to a recommendation made by the CNIL [the French data
privacy regulator] and is meant to help end-users to have a reasonable
expectation, before they even access the secondary layer of the CMP, of how
many vendors feature on the transparency pop-up,” Feehan says.
However, adding the number of company’s data is shared with
becomes meaningless if the number is too large, Nouwens says. “If it’s anything
more than five, or maybe 10, it becomes untenable,” the researcher adds.
“That's still too many for anybody to really form an opinion on considering how
opaque and complex this whole data processing pipeline is.”
While individual websites may say data can be shared with
hundreds of third-party companies, they may not be doing it directly
themselves—the owner of one tracker may ultimately share that data with other
advertising companies. The majority of websites contacted for this story did
not respond to a request for comment about their data sharing; however, those
that did showed the complexity of the advertising industry.
A BuzzFeed spokesperson says they approved all of the IAB’s list of
vendors, resulting in 809 partners being shown, but the spokesperson says,
in reality, the number of partners it works with is 220. Paul Evans, managing
director at news discovery platform NewsNow, says that it only has “direct relationships with a
handful” of advertising exchanges, and its 1,298 disclosed figure is the total
of the partners those firms work with.
While the disclosures may not provide as much transparency
as intended, it’s also possible to analyze the number of trackers that are
directly placed on websites. DuckDuckGo keeps a record of the companies that
have the biggest tracking footprint across the web. For example,
while WebMD and ESPN disclose 809 partners on their cookie pop-ups,
DuckDuckGo’s data shows there are 96 and 33 trackers present on their websites
when they were scanned. Among the most common trackers, Google has its
technology on 79 percent of websites, while those from five other companies are
on more than 20 percent of websites.
“For the end user, the reality is, there is a myriad of tracking
that happens, there’s a myriad of techniques through which it happens,”
DuckDuckGo’s Dolanjski says. Using a privacy
browser, making
your searches private, and adopting a few basic practices can help
keep you more private online.
For months, US lawmakers have examined every side of a
historic surveillance debate. With the introduction of the SAFE Act, all that’s
left to do now is vote.
The Pentagon says it’s not hiding aliens, but it stops
notably short of saying what it is hiding. Here are the key questions that remain
unanswered—some answers could be weirder than UFOs.
Republicans who run elections are split over whether to keep
working with the Cybersecurity and Infrastructure Security Agency to fight
hackers, online falsehoods, and polling-place threats.
- Get link
- Other Apps
Popular Posts
- Get link
- Other Apps
- Get link
- Other Apps
Comments
Post a Comment