Watching videos, visiting online stores... Your online footprint is being tracked

  Our reporter Xie Kaifei

  Correspondent Xu Xiaofeng Dong Jiaqi

  Recently, CCTV has exposed some mobile apps that transfer users' personal information through plug-ins, involving nearly 50 mobile apps. In fact, in addition to users who may be monitored while using mobile apps, there is also this hidden danger when using computers to browse the web.

  When browsing shopping websites and video websites, many people must have had this experience. Most of the content on the shopping website is based on the style of your preference; after browsing a certain type of video, open it next time Video sites, you will see similar content on the homepage. Behind this is actually the network tracker at work.

  At this year’s Apple Developer Conference, Apple introduced the upgraded privacy report function. It is said that it can tell the user which web tracker is running on the website, and it can also generate a report detailing the data within 30 days. The web trackers that the user has triggered while browsing the web, in addition, it will also show which websites these trackers come from.

  How are network tracking currently implemented? What substantial impact will the information being tracked bring to users? How to maximize regulation and prevention? In this regard, a reporter from Science and Technology Daily interviewed relevant experts.

  Tracking technology is constantly updated

  Web tracking is a technology used to remember and identify the traces of past website visits. By interpreting the electronic traces left by the user during the Internet process, the corresponding information of the user can be collected.

  A reporter from Science and Technology Daily found that many e-commerce platforms or video software have embedded network tracking functions. In addition to embedding, using a specific network tracking interface provided by a third party, network tracking can also be implemented on various websites.

  What are the main technologies for network tracking? Take Youku and Taobao as examples. If people search for certain products on Taobao, the next time you open Youku, they will be pushed with advertisements related to these products. The reporter learned that this is because the platforms of Youku and Taobao also embed a web tracker named "mmstat.com", which is a statistical analysis interface provided by Alibaba.

  According to professionals, the original web tracker used cookies shared by multiple websites to analyze user behavior and identify browser users, thereby realizing web tracking.

  A cookie is a small piece of data sent by a website, similar to a "memory card". "Through cookies, the website can record the items that the user puts in the shopping cart on the e-commerce website, or record the user's browsing behavior, or record the user's previous name, address, password, credit card number and other information." 360 browser The person in charge of technology said.

  Dr. Liu Ximeng, assistant to the dean of the School of Mathematics and Computer Science of Fuzhou University and director of the Fujian Provincial Key Laboratory of Information Security for Network Systems, pointed out that the current use of third-party cookies can achieve cross-site user tracking. For example, when a user browses a webpage, website A will collect the user's surfing behavior through a third-party web tracker interface, and generate a cookie to save on the user's computer. Later, if the website B visited by the user and the website A use the same web tracker, then the website B will read the user ID from the cookie and grasp the user's online history behavior information, so as to achieve the purpose of network tracking.

  However, although the use of cookies to read user information is effective, it is usually easy to detect and block. As a result, after cookies, the second-generation network tracking technology represented by browser fingerprint recognition emerged. Browser fingerprints are like our human fingerprints, with individual recognition, which distinguishes different users by collecting characteristic information of the user's browser, operating system, and hardware in a specific period of time. Fingerprints work independently of cookies, and are more difficult to find than cookies.

  "In order to solve the problem of different fingerprint characteristics of multiple browsers on the same host, some people have proposed a cross-browser fingerprint recognition scheme with fingerprint tracking technology, which can identify and track the same user's information on multiple browsers at the same time. In addition, Someone is studying cross-device tracking and the use of log tracking technologies, all for the purpose of realizing network tracking." Liu Ximeng said.

  A "double-edged sword" that can optimize services and leak information

  What is the purpose of the service provider setting up these web trackers?

  "The purpose of some platforms with embedded trackers is to realize website analysis and provide customers with customized services, advertisements, etc." said Professor Xin Yang, deputy director of the National Engineering Laboratory of Disaster Recovery Technology and head of the Cyberspace Security Department of Beijing University of Posts and Telecommunications.

  The person in charge of 360 browser technology, for example, said that when users shop online, advertising companies can track browsing records to identify and distinguish different users, and then follow them on the Internet. This enables the website to allow businesses to obtain the personal preferences of users and to achieve personalized advertising.

  At the same time, by analyzing the conversion between user habits and traffic importing, consumption behavior, etc., the website is optimized to attract more target customers; by identifying users and analyzing user historical data, it can provide customization when users visit the website The content is optimized to optimize the user experience.

  Currently, the scope of information collected by network tracking is very wide, including website information that users have visited, online shopping search records, video browsing records, social networking site activities, etc., and even private information such as users' personal financial information, health status, and life background can be obtained. .

  The emergence of network tracking technology is like a "double-edged sword." Xin Yang pointed out that for users, they are more likely to receive the advertising content they need and avoid interference from a large number of irrelevant advertisements. At the same time, network tracking can provide users with customized services and improve the visit experience. For example, a shopping website will identify users and synthesize their historical data to give priority to recommending potentially interesting products.

  However, if a web tracker appears on multiple sites at the same time, as the user's use time increases, the user's personal information may be completely exposed, which will bring many hidden dangers to the user's privacy and security.

  "If this information is leaked or collected by criminals, it will pose a major threat to people's lives and property." Liu Ximeng pointed out that even through the analysis of information association of social accounts, criminals can also directly locate specific individuals, which may cause problems. In order to implement network fraud or more serious violations.

  It is difficult to avoid being tracked completely

  The convenience and security risks brought by network tracking technology come with it. What anti-tracking technologies and solutions are currently available?

  The person in charge of 360 browser technology pointed out that the current anti-tracking technology is generally built into the browser, which can turn on incognito browsing and prevent the use of third-party trackers to avoid being tracked. The technical principle of the realization of this function is to add a field to the "http" header of the send visit to tell the service provider not to insert the tracking code. This kind of method can achieve the purpose of anti-tracking to a certain extent.

  "It is also possible to directly block third-party cookies to avoid tracking by a large number of web trackers. However, this method will bring a lot of inconvenience to users. Some website functions will not be available, such as single sign-on, etc., which means In multiple application systems, users will not be able to access all mutually trusted application systems through a single login." Liu Ximeng said.

  Currently, there are already browsers that use machine learning methods to implement intelligent anti-tracking, such as Apple's Safari browser. This technology is more intelligent than the method of completely banning cookies, and avoids problems such as users being unable to single sign-on or blocking content of interest.

  So, is it possible to completely avoid being tracked? Liu Ximeng said that as long as users use electronic devices, they will be associated with service providers. When interacting with them, a large amount of behavioral data will inevitably be generated and collected by them. From the current situation, it is difficult to avoid being tracked completely.

  In this regard, Liu Ximeng suggested that the promulgation and implementation of the "Data Security Law" and other related laws should be accelerated, and effective data security supervision plans should be proposed; actively promote data development and utilization technology and data security standard system construction, and standardize website tracking User information behavior and data transaction behavior; in addition, universities and enterprises should also be supported to carry out data security education-related activities, and resources should be invested in the development of data security-related technologies and training data security technical personnel.

  "From the user's point of view, we must first visit regular websites as much as possible, avoid browsing malicious websites, and prevent information from being obtained by illegal elements. Second, users can set up privacy protection on their browsers, install anti-tracking extensions, and other methods to protect their privacy. "Xin Yang pointed out that if a website is found to be illegally acquiring and using user data, it should promptly report the illegal behavior of the website to the relevant departments, and when necessary, legal means should be used to protect its own legitimate rights and interests.