From a post on The Markup, “a nonprofit newsroom that investigates how powerful institutions are using technology to change our society”. The Markup worked with a site to evaluate its trackers. Their discoveries were disappointing but not surprising:
She said she only allowed three trackers on spartapride.org: cookies from Twitter and Facebook that accompany their “like” buttons on the site, and one from Disqus, a commenting platform she got through a prepackaged website theme she bought off the internet for $59 to build the site.
But when The Markup scanned spartapride.org using our new instant privacy inspector, Blacklight, we found 21 different ad-tech companies tracked visitors to the site, sending possible signals about people’s gender identities to advertisers—without the users’ knowledge or consent.
Among them were the marketing and advertising arms of Google, Amazon, and Oracle’s BlueKai consumer data division, which reported a massive data exposure this summer, leaving billions of records—including personally identifiable information—accessible to the open internet without a password. Oracle did not respond to questions about whether data gathered from spartapride.org’s users was included in the exposure.
The trackers loaded because Disqus sells ads on the free version of its commenting portal, and that ad space comes with third-party tracking. Disqus discloses those trackers on its own website, but the company wouldn’t comment about tracking SPART*A’s users.
The information asymmetry is so vast between people who set up websites, and those that provide those sites and tools for those sites that there can be no informed consent.
No-code is another major trend will very likely lead to privacy issues. With the ecosystem of easy-to-use, plug-and-play services that is organically emerging and expanding fast, people with no or little programming experience can create fairly complex experiences online – landing pages, commerce stores, information processing, even with AI capabilities. But because some of the most innovative services are from small companies who’re focused on execution, either they will take short-sighted data collection decisions, or will themselves build on top of infra that has poor data and tracking policies.
As we saw on our post on The New Middle (Part 1, Part 2), there will be an opportunity for a whole set of privacy-focused tools. Over the last week, Cloudflare announced a privacy-focused website analytics tool to rival Google Analytics. Over time, there will be enough general awareness that people will choose these over others that don’t make privacy and reasonable choice a priority. Through this site and its small set of readers, I hope to push a little to hasten this.