How is my privacy? [Work in progress, Aug 2, 2015]


The why:

I don’t quite remember what started it, but over the last 2 months, I had been frequently having conversations with my friends about how our online behavior is tracked by third parties. These third parties could be websites that you visit, companies that you haven’t even heard of and could also be the Government. We traded heuristics that we personally use to keep ourselves somewhat anonymous online. But after a while, I felt that these discussions were kind of getting nowhere; I wanted something actionable to come out of all this. So I decided that maybe I should put up all this folklorish knowledge up on a website as a bunch of articles and create a service where people could just go and find out how much private information they were leaking to a website that they visit on the internet. During this time my friend Sathiya came on vacation to the Bay Area and when I discussed this problem with him, he mentioned that he had also been independently thinking about this space for a while and was interested. So we spent some time refining the idea and then decided to go ahead and build it.

The what:

From the beginning, it was clear to us that most people on the internet did not really care about their privacy online[4]. So it was important that the tool/service ‘howismyprivacy.com’ be personalized for each user and maybe give suggestions to the user on how he could become more anonymous online, depending on the stuff it could analyze about the user. There are tools like Privacy Badger that actually work well. But it requires the user to install something. It needs to monitor and analyze each user’s cookies and every website’s behavior to actually find out which website is tracking the user. We were pretty clear from the start that we didn’t want the user to install something on their machine. Our user should just be able to go to the website, run something on the website and find out stuff. Since installing something was out of the question, we thought maybe we could do some browser finger printing and show the user that you actually don’t need all that fancy cookie tracking to identify him/her uniquely. Just from their computer configuration, we could show them that they were pretty uniquely identifiable.

The how:

After working on this for a couple of evenings, we were able to get a very rough prototype up and running. At this point it was all just HTML, CSS and JavaScript. It basically contained a small article on how advertisement networks track users online, contained a browser fingerprinting tool that could be run and also contained a small test that the user could take to figure out how much of their personal interests were known to third parties. It didn’t really work well but it was enough to get the idea across to someone when we explain it.

Feedback:

We showed our prototype to friends, explained what we set out to do and asked for feedback. Below are some valuable ones..

[1] “Okay.. So my online fingerprint is kind of unique.. So what?”

We do not actually have a clear answer to that. Since user’s cookie analysis was out of the equation, we did not have enough content about the user to give him any useful advice. We realized that browser fingerprinting just did not provide enough value to a user. We are still trying to figure this one out.

[2] “Content presentation is crappy. It is not presented well from a design standpoint.”

This is a prototype. And the prototype came out pretty close to how we designed it. This was never meant to stand out based on the strength of its design. But it looks like we have to seriously consider the possibility that this might turn out to be a service that people would use, only if the design and presentation of content turns out to be brilliant.

[3] “This is not a need for me.”

This is an extremely valid feedback. We never intended this service to be something that people would need on a day to day basis. Our model was more like this: You want to find out how much information you leak by using work computer versus your personal machine at home. You move to new city/country and want to find out whether you are still being tracked. You use some kind of anonymizing tool and want to find out how much info you still leak. For all these reasons, you could potentially go to this tool, get some info and move on.

[4] “I just do not care about online privacy.”

Our personal belief is that people tend to hold this opinion until some of their embarrassing stuff become public knowledge. And then they realize that their online privacy is an important thing that needs to be protected. We thought our tool could bring some awareness to such audience. But clearly it is not doing that yet.

We are still figuring out how to improve this project and your feedback is welcome.

PS: If you are being individually targeted by highly capable and powerful agencies like the NSA, then your chances of protecting yourself from them online are extremely low. We did not set out to solve this.