Skip to main content

Illustration by Jim Atherton for the Fort Worth Star-Telegram.

In January of this year, researchers at the San Francisco-based Electronic Frontier Foundation tried an experiment. The online privacy advocacy group set up a Web page, and collected and stored the browser information of everyone who visited it.

There were no tricks. The site would not steal any data or urge casual visitors to install tracking software. It would simply log the same basic information almost all Internet users in the world inadvertently hand over each time they visit a website, including their time zone and Internet-protocol (IP) address - important clues to their location.

The most alarming result of the study of more than 470,000 Web surfers is that 83.6 per cent of them had an instantly identifiable, totally unique fingerprint: Their particular combination of settings and information was unlike that of any other user, increasing the chance they could be personally identified, even though they had done nothing but make a few clicks of the mouse.

<iframe src="" scrolling="no" height="650px" width="460px" frameBorder ="0" allowTransparency="true" ><a href="" >The end of online privacy</a></iframe>

The traditional notions of privacy and anonymity - and even the revamped versions that arose with the Web two decades ago - are dying.

If you think the long-form census is pushy for asking you how many bedrooms are in your house, imagine someone knowing the exact colour of the IKEA sheets you're thinking of buying for your bed.

Indeed, a variety of players - including state security agencies to Internet marketers to organized-crime circles - are creating an online world in which the very concept of anonymity has basically vanished.

Earlier this month, The Wall Street Journal published a series detailing the type and quantity of information that online advertisers collected from site visitors. The investigation found that the top 50 websites in the United States "on average installed 64 pieces of tracking technology onto the computers of visitors, usually with no warning."

The Web is simply the most visible fragment of a system that includes everything from credit-score reports to radio-frequency-identification tags. Human beings are creating new data at an exponentially growing rate, and much of that data is personal.

The stakes are high. Privacy legislation in many countries was never tailored for the Internet age. As such, a host of nations - including Canada - are rethinking the very concept, and how to protect it in a world where personal information is becoming a form of currency.

Some of the world's fastest-growing companies, including Facebook, which is close to becoming the most-visited site on the Web, are in the business of collecting such information.

What they do with it will go a long way toward shaping the future of everything from how advertisers target customers to how banks decide on loan approvals.

The marketing-oriented assault on privacy is unnervingly complemented by a move to greater security measures, with everything from airport scanners to street surveillance cameras turning an invasive eye on citizens as they go through everyday life - and governments demanding access to your BlackBerry.

Put it all together with the constant availability impelled by texting, tweeting, cellphones and status updates - and you have a culture on a path to near-total transparency, a see-through society that may be past the point when it could ever cover back up.


Just a few years ago, many people thought the Internet was effectively anonymous, partly because they could do things such as leave comments on blogs without being identified, said Nart Villeneuve, a senior research fellow of the Citizen Lab at the University of Toronto's Munk Centre for International Studies.

"People at first thought anonymity was very simple," he says. "It's the complete opposite: The Internet is a great tool for spying."

At a conference earlier this month, Google chief executive officer Eric Schmidt outlined the not-too-distant future of information with a simple prediction: "True transparency, and no anonymity."

The buzzword of the day is "de-anonymization." And it goes beyond the Internet - starting with the postal system.

If you've ever entered your postal code to gain access to a website, the company that operates it probably knows roughly 14,000 things about you - if that company is a client of Toronto-based research firm Generation5 or a similar service. (The Globe and Mail is a Generation5 client.)

Generation5 has built exhaustive consumer profiles based on postal codes across Canada - mini-slices of communities whose residents tend to have certain traits.

It builds those profiles from data it collects from credit bureaus, Statistics Canada, media-rating agency BBM and others.

Businesses that buy its research also sometimes contribute to it: Retail stores have handed over purchasing information from their own loyalty programs or those times a cashier asks for a customer's postal code at checkout.

"People will give their postal code where they won't give their name, their telephone number, their address," says Chris Matys, chief analytics officer for the company.

Using its data, Generation5 can build a rough profile that includes probable demographics such as age range, education level and income, but also credit information, past purchase behaviour, media-consumption habits and preferences, as well as attitudes about everything from politics to technology: "All of which, when combined, create a very granular individual profile," says Generation5's director of client management, Jim Green.

For example, say you live in the trendy Westboro neighbourhood of Ottawa.

Depending on your exact address, there is a good chance you'll fall into the Young Homebodies category of Canadian consumers.

Your household income probably falls between $60,000 and $100,000 a year; you're probably unmarried, between 20 and 39 years of age and university- or college-educated; you probably rent your place, in a low-rise building or townhouse; you know about style but shop with thrift; you go camping.

If you live in the Yonge-Eglinton area of Toronto, on the other hand, depending on your exact address, there's a good chance you'll fall into the Mature & Prosperous category of Canadian consumers.

There is a 23-per-cent chance you're Jewish; your household income probably falls between $100,000 and $150,000 a year; you're married with children in elementary or high school; probably between 45 and 64 years of age; university-educated; you read the business section of the paper; and your spouse is an avid gardener.

"We're not working with any individual consumer information," Mr. Green says. "In fact, we don't want it." Instead, Generation5 says it focuses on balancing anonymity with consumer targeting.

In a way, it can be wise for businesses to know more about their customers, meaning less hassle for the rest of us: Why should you be harassed with flashing Web ads for poker sites if you never gamble?

If you're headed out to a movie at the last minute and haven't done much searching, a smart advertiser could suggest a more convenient show time at a theatre closer to you. If you've been coveting a couch that is out of your entry-level-salary price range, you would probably appreciate being told when it's on sale, or where to find a similar style at half the price.

To serve you these perks, an advertiser wouldn't have to know anything that could identify you personally.

"The winning approach is getting the right balance between knowing your consumer and respecting their privacy," Mr. Matys says.


But privacy is relative: When all these attributes connect with tracking technologies, supposedly anonymous information starts to look much more personal. And with the ability to narrow down a person's approximate location based on his IP address, companies may not need you to type in your postal code.

In a single visit, a website with enough aggregated data could know a whole lot about you before you have told them a thing.

If a user enables the use of "cookies" - little pieces of code that live on a person's computer, tracking the number of times they return to a particular site - it becomes even easier to unveil his or her identity.

For websites whose entire business model revolves around online ads, the ability to better reach consumers is increasingly what drives profits.

For example, in addition to posting classified job ads, uses an ad-serving technology called Helios to track user behaviour on its website, helping its employer-advertisers target their messages better. Through its partnership with online advertising network Olive Media, owned by Torstar Corp. (which also owns 50 per cent of Workopolis), it follows users and shows them ads elsewhere on the Web.

If a new graduate searches for financial-services jobs in Toronto, and then gives up for a while and goes elsewhere to read the news, Workopolis could continue showing her ads for financial-service jobs in Toronto on the New York Times website.

However, the company says personal information included on users' résumés is highly protected and not used in targeting.

"The last thing you want to do is give the seeker the impression that Big Brother is standing over them. That's an eerie experience," said Mario Bottone, vice-president of marketing at Workopolis. "Targeted advertising is about your behaviour. It's not about, 'Hey, your name is Jim and you live in Oakville and have two kids, and here's a product you might like.'"

The problem is that there is little incentive for companies to collect less data about consumers.

Increasingly, advertisers' money is flowing to targeted ads; information about the type of consumers that visit a site, and when, and what they look at, can make a website's ad space far more attractive, and therefore more likely to sell.

"Advertisers don't just want to send their message out into the ether any more," says Paula Gignac, president of the Interactive Advertising Bureau of Canada (IAB), an industry group that represents marketers. "Any [company] that can give them the best target with the most that's known about the type of user that you're going to be reaching with the ad ... will get the highest rate."


Yet the federal privacy watchdog disputes the idea that consumer-data collection is truly anonymous.

"As the technologies become more sophisticated, not only are there greater amounts of information collected about you - the meshing of the different actors who are collecting information means that it is much easier for them to constitute a profile of you," says the Privacy Commissioner of Canada, Jennifer Stoddart.

"Even if they say they're doing it anonymously, at some point they've got so much different and complementary information, they basically fill in the dots," thereby turning individual pieces of non-identifying information into a mosaic sufficient to identify an individual, Ms. Stoddart says.

The commissioner's office held a series of discussions with industry leaders on the topic of consumer data tracking in March and April, and will publish a report on those talks in the fall. It will also ask for comments from the public as it prepares to review privacy legislation next year.

"I think we're going to have to find a way to regulate this, and I think more strictly," Ms. Stoddart says.

On the Web, consent is a tricky idea. Companies have to say how they collect and use data, but lengthy privacy policies require users with the patience to parse out exactly how that information is being shared - sometimes with partners who have entirely different privacy policies, says John Lawford, a research analyst and lawyer with the Public Interest Advocacy Centre (PIAC) in Ottawa. How many people actually read sites' privacy policies before clicking "I agree"?

"If you are at a retail website, it's going to be a member of a number of affiliate-advertising networks: Doubleclick, probably Microsoft One, and one or two others. It's going to place at least one cookie, and then report back to [its]affiliate networks what you did," Mr. Lawford says. "There's effectively a perfect, almost biographical sketch of you somewhere in these affiliate computers, but it's not identified by your actual name."

In June, the Office of the Privacy Commissioner awarded a $50,000 grant to PIAC to study how likely it is that supposedly unidentifiable consumer sketches could be "re-identified," constituting a full personal profile that is no longer anonymous. Mr. Stoddart hopes to use the information to fill gaps in Canadian law.

Ms. Gignac, however, argues that consumers already are well protected by Canadian law: The Personal Information Protection and Electronic Documents Act deals with consumer-data collection, and typically requires that companies have individuals' consent before they use that data or make it available to others.

Beyond the law, her organization has proposed a number of moves the industry could make to educate consumers about how their information is collected, and give them more control over advertising that is targeted to them online. The IAB has proposed an opt-out system, similar to the Do Not Call list for telemarketers, but applied to all behavioural advertising on the Web.

"The industry is doing its best in a rapidly changing environment," Ms. Gignac says. She argues that there's no cause for alarm. "If you really see what a cookie looks like, it's unintelligible," she says. "There's no identifying information in a cookie," such as a name, phone number or address.

But PIAC's Mr. Lawford points out that consent with regards to behavioural targeting is also a problem when children are the ones visiting websites. As with any user, their clicks and movements can be analyzed to determine their interests, and they can be targeted.

"They have potential to build a profile on someone before that person's developed the personality they're going to have," he says.


There is another option available to users - call it re-anonymization. But it's becoming harder and harder to do.

Traditionally, websites can detect where a user is coming from because the request to view a page comes with the user's IP address. However, there is software that is meant to disguise that information from sites. A program called Tor, for example, routes the user's request through its own internal maze first, so the website sees only the request from Tor, not the original user.

It's not perfect, but using a system such as Tor restricts access to many of the bits of information the Electronic Frontier Foundation managed to collect during its research study in January, and cuts down on marketers pinpointing consumer data.

However, there are powerful opponents to this kind of anonymity software, and they aren't online advertisers; they're security agencies. Simply put, the same technology that allows people to maintain their privacy online also makes criminals tougher to catch. As such, there is a push to limit anonymity on the Web.

A perfect example is Research In Motion's BlackBerry. For years, big businesses have purchased the devices in droves because of their strong encryption, which makes messages sent from BlackBerrys much more difficult for outside parties to monitor. But now, a host of countries are threatening to ban BlackBerry services precisely because RIM keeps the data too private.

The Indian government, for example, is threatening to shut down RIM's enterprise-grade devices and its BlackBerry Messenger service by the end of the month unless the company gives state authorities access to the data. The Indian position was prompted at least in part by the fact that some of the perpetrators of the 2008 Mumbai attacks communicated using the devices.

Within Internet security circles (those charged with stopping cyber-criminals), there is growing talk about issuing virtual "passports" online, according to Ronald Deibert, director of the Citizen Lab.

"There is this pressure bearing down on anonymity with the coming securitization of the Internet," Mr. Deibert says. "The irony is that a lot of those [security agencies]themselves use anonymity services."

Many of the same tools that enable privacy online are also helping criminals organize the largest theft and fraud rings in history. Mr. Deibert, for example, divides his time between working with dissidents who are trying to communicate with one another without getting caught, and working to catch cyber-criminals trafficking in stolen credit cards and other such data.

It is difficult to conceive of too many ways to empower or restrict one side without doing the same to the other.

He adds that anonymity is almost never entirely possible, since there are always chunks of personal data floating around on the Internet. Think of all those networking sites that build profiles from searchable information on the Web; think of all those times a friend tagged you in a Facebook photo without your permission.

"There are traces of us everywhere [online] some of which we don't even generate," Mr. Deibert says. "There are digital doppelgangers of us all over the place."