Alex Hern, the Guardian (via Dave Pell):
“What would you think,” asked Svea Eckert, “if somebody showed up at your door saying: ‘Hey, I have your complete browsing history – every day, every hour, every minute, every click you did on the web for the last month’? How would you think we got it: some shady hacker? No. It was much easier: you can just buy it.”
Eckert, a journalist, paired up with data scientist Andreas Dewes to acquire personal user data and see what they could glean from it.
Presenting their findings at the Def Con hacking conference in Las Vegas, the pair revealed how they secured a database containing 3bn URLs from three million German users, spread over 9m different sites. Some were sparse users, with just a couple of dozen of sites visited in the 30-day period they examined, while others had tens of thousands of data points: the full record of their online lives.
While many have been worried about intrusive government surveillance — and rightfully so — private companies have also been sweeping up and sharing browsing data and purchasing history, with little practical oversight. The scale of the so-called “marketing technology landscape” has quietly but dramatically grown over the past seven years; I worry about how little most people outside the tech bubble seem to know about its growing tracking capabilities, and how hard it is to opt out of it.