I don’t quite remember what started it, but over the last 2 months, I had been frequently having conversations with my friends about how our online behavior is tracked by third parties. These third parties could be websites that you visit, companies that you haven’t even heard of and could also be the Government. We traded heuristics that we personally use to keep ourselves somewhat anonymous online. But after a while, I felt that these discussions were kind of getting nowhere; I wanted something actionable to come out of all this. So I decided that maybe I should put up all this folklorish knowledge up on a website as a bunch of articles and create a service 'howismyprivacy.com' where people could just go and find out how much private information they were leaking to a website that they visit on the internet.
The what:
From the beginning, it was clear that most people on the internet did not really care about their privacy online[4]. So it was important that the tool/service ‘howismyprivacy.com’ be personalized for each user and maybe give suggestions to the user on how he could become more anonymous online, depending on the stuff it could analyze about the user. There are tools like Privacy Badger that actually work well. But it requires the user to install something. It needs to monitor and analyze each user’s cookies and every website’s behavior to actually find out which website is tracking the user. I didn't want the user to install something on their machine. The user should just be able to go to the website, run something on the website and find out stuff. Since installing something was out of the question, the next thought was that maybe you could do some browser finger printing and show the user that you actually don’t need all that fancy cookie tracking to identify him/her uniquely. Just from their computer configuration, you could show them that they were pretty uniquely identifiable.
The how:
After working on this for a couple of evenings, a very rough prototype was up and running. At this point it was all just HTML, CSS and JavaScript. It basically contained a small article on how advertisement networks track users online, contained a browser fingerprinting tool that could be run and also contained a small test that the user could take to figure out how much of their personal interests were known to third parties. It didn’t really work well but it was enough to get the idea across to someone when you explained it to them.
Feedback:
After showing the prototype to friends, and explaining what was the goal, received the following feedback.
[1] “Okay.. So my online fingerprint is kind of unique.. So what?”
I do not actually have a clear answer to that. Since user’s cookie analysis was out of the equation, I did not have enough content about the user to give him any useful advice. I realized that browser fingerprinting just did not provide enough value to a user.
[2] “Content presentation is crappy. It is not presented well from a design standpoint.”
This is a prototype. And the prototype came out pretty close to how it was designed. This was never meant to stand out based on the strength of its design. But it looks like I have to seriously consider the possibility that this might turn out to be a service that people would use, only if the design and presentation of content turns out to be brilliant.
[3] “This is not a need for me.”
This is an extremely valid feedback. I never intended this service to be something that people would need on a day to day basis. The proposal was more like this: You want to find out how much information you leak by using work computer versus your personal machine at home. You move to new city/country and want to find out whether you are still being tracked. You use some kind of anonymizing tool and want to find out how much info you still leak. For all these reasons, you could potentially go to this tool, get some info and move on.
[4] “I just do not care about online privacy.”
I think people tend to hold this opinion until they are personally impacted. And then they realize that their online privacy is an important thing that needs to be protected. I thought the tool could bring some awareness to such audience. But clearly, just bringing awareness is not useful.
Reflections from 2020:
Thinking back, one way to have made more impact with this project would have been to have the user download an analysis tool onto their machine to analyze cookies and network. Then the amount of information we could have given the user would have dramatically improved and become useful. The analysis tool should have been open source and provide binary verification to make it trustworthy.