Privacyfix

As even moderately sophisticated users of the web are aware by now, the great majority of web sites that we visit have a keen interest in tracking their users. At the simplest end of the scale, visitor tracking takes the form of web server logs that record the source IP address of an HTTP request, the HTTP request itself, and the browser's user agent string. Further along the scale are simple cookie-based systems used to track the number of unique visitors to a site or to track each user's navigation around a site. Going further still are the cookie-based systems and widget-based systems (Facebook's "like" buttons, Google's "+1" buttons, and the like) that an increasing number of companies are using to track users' surfing habits across web sites, typically to gather a picture of our browsing habits in order to target us with more "personalized" advertising.

Furthermore, many of the free web services to which we provide any kind of personal information have a keen interest in monetizing that information as far their stated privacy policies allow. And in some cases those companies are prepared to be flexible about their policies when it suits their business goals. To take just one of the most noted examples, Facebook's constantly morphing range of privacy settings, and their defaults, appear to be designed more to suit the requirements of Facebook's paying advertisers rather than its users. As has been pithily observed, "if you are not paying for it, you're not the customer; you're the product being sold."

However, even for sophisticated users, preventing tracking and controlling the privacy of personal data can be challenging. Less sophisticated users can have trouble to even find which part of a web service's interface is used to control the privacy settings that determine how a company uses their data. While many users may be aware of cookies, probably only a minority actively try to control their use. And few of us have any idea how much the information that we provide to free web services might be worth to the companies providing the services.

Privacyfix, a plug-in for the Firefox and Chrome browsers released earlier this month, aims to educate users on how they are tracked and how their personal data is used; it also assists them with the task of locking down the privacy of their personal data on some web services. And perhaps most eye-catchingly, it attempts to give the user an estimate of the value of their web surfing habits for a couple of the web service giants. The plug-in is free as in beer, but while the web site mentions some collaborations with open source projects, no mention is made of the plug-in itself as being under a free license; one assumes that it is not.

Installation of the plug-in is accomplished by clicking a link on the Privacyfix home page. The actual installation takes just a few seconds, but is followed by a set-up phase whose duration depends on the speed of the user's Internet link. During this phase the plug-in is downloading a data set containing information about a large number of commonly used web sites. The Privacyfix FAQ emphasizes that the data exchange that is going on at this point is almost entirely one way. No browser information (such as cookies, history, or bookmarks) is sent to the Privacyfix site. The only information that goes to the site is unavoidable technical information such as the user's IP address, which PrivacyChoice, the company that produces the plug-in, claims to delete immediately.

Once the download is complete, the plug-in analyzes your browser's cookies and browser history, and—if you are logged in—your Facebook privacy settings and Google account settings to give you a picture of just how tracked your life on the web is. The plug-in then presents its results in a tabbed browser display of the form shown to the right.

The first two tabs provide information relating to the two web giants, Facebook and Google. In the lower right portion of each tab, the plug-in gives an indication of the extent to which your browsing is tracked or analyzed, and, based on the last 60 days of browser activity, estimates the annual monetary value of your browsing habits to the service. Based on the database of web sites that Privacyfix checks, the plug-in provides an indication of just how pervasive Facebook tracking is: an astonishing 83% of the sites that I visited are tracked by Facebook. In addition, I was informed that Facebook makes just a few US cents per year at my level of activity. Although my usage of Facebook is so low as to almost put me in the non-user category, this does seem like an underestimate, especially given the fact that Privacyfix tells me that Facebook tracks so many of the sites I visit. The developers note that these monetary estimates are based on the work of TREFIS, a company that estimates the monetization of users' interaction with major web services; the estimates shown by Privacyfix are necessarily imprecise.

The right-hand side of the browser display is more practically interesting. A series of horizontal bands provides visual feedback on how locked down your Facebook privacy settings are; hovering the mouse over each indicator provides further explanation about the setting. In this display, a green band indicates that Privacyfix considers your current setting to be good from a privacy point of view. An orange band indicates a setting that needs attention; the display shown above indicates what one unsophisticated Facebook user in this editor's household sees when using the "Facebook" tab. (And yes, there will be a talk at home tonight about Facebook privacy settings.)

Simply reading the pop-up explanation on each privacy indicator is informative; I didn't previously know that Facebook may automatically share my profile information when I visit certain web sites. One of the nice features of the plug-in is that each of the indicators can be clicked to change the privacy setting, typically by navigating the user to the appropriate part of the Facebook web interface that controls the setting—a boon to those who have, like your editor, struggled to navigate around Facebook's privacy settings. Once the settings have been changed (in any way), Privacyfix sets the corresponding indicator green.

Privacyfix takes a policy-neutral approach to your privacy settings. It will indicate privacy settings that may need attention, but won't automatically change any settings for you. The rationale for that approach is that you may have some quite practical reasons for surrendering some level of privacy; for example, disabling Facebook's "like" button may interfere with the rendering of some web pages. Similarly, disabling Google's recording of your web search history means that future searches may lead to less personalized results. Privacyfix leaves the user to make those choices.

The display in the "Google" tab is similar to the Facebook tab. The lower right portion tells me that Google collects data on 60% of the pages I visited in the last 60 days. The big surprise here is the monetary value of my browsing habits for Google: Privacyfix estimates these at US$1179 per year. Although I spend a lot of the day on the web, this number does seem implausibly high, especially when compared to the Facebook number. However, the point is made: our browsing habits are worth a lot of money to Google. Again, a set of clickable indicators on the right-hand side of the display provides a basic education on how Google uses data about the user and allows privacy settings to be changed.

The "Websites" tab displays the favicons of web sites that the user has visited that Privacyfix has rated as having some privacy issues, based on the sites' privacy policies. Sites that share data outside the parent company and its affiliates are placed in a special section at the top of the display. (I was surprised to find that the Deutsche Bahn, the German railway company, reserves the right to share the personal data that I've given to them with third parties.) A "fix" button in this part of the display allows you to automatically generate an email requesting removal of personal data on these sites; of course, in many cases there is no guarantee that such a request will be honored. Clicking each favicon drills down to a page displaying further information about the corresponding web site's policies and which other companies track your visits to the site and what their tracking policies are.

Privacyfix's "Tracking" tab provides a visual overview of which companies are currently using tracking cookies to monitor user visits. This sort of visual display provides an impressive reminder of just how tracked we are: most frequent web users are likely to see that they are tracked by at least a couple of hundred web sites. Again, each icon is clickable, leading to further information about the site's tracking policies, and there are "fix" buttons to disable tracking cookies and ad tracking.

The final tab, "Healthbar", places a "privacy health" button at the far right of the browser address bar. While browsing the web, you can click this button to obtain a pop-up privacy assessment of the site, if it is one of those in the Privacyfix database. To the right is Privacyfix's health display for Google.com. Again, this sort of display is an effective tool for educating users about web privacy. Most of the web sites that I visited that Privacyfix knows about showed at least some orange indicators to indicate potential privacy issues; notably, Wikipedia had a clean green bill of health.

When it comes to understanding and controlling how our private data is used on the web, Privacyfix seems a useful tool on many dimensions. First and foremost among these is its use as an educational tool for web users of all levels of sophistication to gain a better understanding of how they are tracked on the web and to learn about the privacy policies of the companies who are tracking them. Increasing user understanding in this area can only be a good thing, inasmuch as it may lead to greater public pressure on companies to act according to more ethical privacy and tracking policies.