It’s one of the Internet’s oft-mentioned ‘creepy’ moments. A user is served a banner ad in their browser promoting products on a site they visited hours, days or months in the past. It’s as if the ads are following them around from site to site. Most people know that the issue of ad stalking – termed ‘remarketing’ or ‘retargeting’ - has something to do with cookies but that’s barely the half of it.

The underlying tracking for all this is provided by the search engine provider, be that Google, Microsoft or Yahoo, or one of a number of programmatiic ad platforms most people have never heard of. The ad system notices which sites people are visiting, choosing an opportune moment to ‘re-market’ products from a site they visited at some point based on how receptive it thinks they will be. The promoted site has paid for this privilege of course. Unless that cookie is cleared, the user will every now and then be served the same ad for days or weeks on end.

privacy

Is this creepy? Only if you don’t understand what is really going on when you use the Internet. As far as advertisers are concerned, if the user has a negative feeling about it then the remarketing has probably not worked.

If it was only advertisers, privacy would be challenging enough but almost every popular free service, including search engines, social media, cloud storage and webmail, now gathers intrusive amounts of personal data as a fundamental part of its business model. User data is simply too valuable to advertisers and profilers not to. The service is free precisely because the user has 'become the product' whose habits and behaviour can be sold on to third parties. Broadband providers, meanwhile, are increasingly required by governments to store the Internet usage history of subscribers for reasons justified by national security and policing.

The cost of privacy - dynamic pricing

Disturbingly, this personal tracking can also cost surfers money through a marketing techique called 'dynamic pricing' whereby websites mysteriously offer two users a dfferent bill for an identical product or service. How this is done is never clear but everything from the browser used, the search engine in question the time of day, the buying history of the user or the profile of data suggesting their affluence may come into play. Even the number of searches could raise the price.

This seems to be most common when buying commodity services such as flights, hotel rooms and car rental, all of which are sold through a network of middlemen providers who get to decide the rules without having to tell anyone what these are. Privacy in this context becomes about being treated fairly, something Internet providers don't always seem keen to do.

ISP anonymity – beware VPNs

Achieving privacy requires finding a way to minimise the oversight of ISPs as well as the profiling built into browsers., search engines and websites. It is also important to watch out for DNS nameservers used to resolve IP addresses because these are increasingly used as data capture systems.

At any one of these stages, data unique to each user is being logged. This is especially true when using search engines while logged into services such as Google or Facebook. You might not mind that a particular search is logged by the search provider but most people don’t realise how this is connected directly to personal data such as IP address, browser and computer ID not to mention name and email address for those services. Put bluntly, the fact that an individual searched for health, job or legal advice is stored indefinitely as part of their personal online profile whether they like it or not.

In theory, the traditional way of shielding Internet use from ISPs can be achieved using a VPN provider. Techworld recently covered free VPNs available to UK users in a standalone feature so we won’t repeat its recommendations here but it is critical that the user doesn’t make naïve assumptions about this technology. A VPN creates an encrypted tunnel from the user’s device and the service provider’s servers which means that any websites visited after that become invisible to the user’s primary ISP. In turn the user’s IP address is also hidden from those websites. Notice, however, that the VPN provider can still see which sites are being visited and will also know the user’s ISP IP.

Why are some VPNs free? Good question but one answer is that they can perform precisely the same sort of profiling of user behaviour that the ISP does but for commercial rather than legal reasons. In effect, the user has simply swapped the spying of one company, the ISP, for another, the VPN.

Post Snowden, a growing number advertise themselves as ‘no logging’ providers, but how far the user is willing to go in this respect needs thought. Wanting to dodge tracking and profiling is one thing, trying to avoid intelligence services quite another because it assumes that there are no weaknesses in the VPN software or even the underlying encryption that have not been publically exposed. With that caveat: