Woke up this morning bleeding from the neck. Surprise #vampire attack?
Did you install EFF’s brilliant Privacy Badger or any other smart HTTP Cookie management tool? Or did you simply pick the privacy preference in your browser that ignores all third-party cookies? Did many websites you visit annoy you with permission-to-use-cookies pop-ups because of European legislation?
Guess what, it’s all been useless.
Hamburg university researchers have examined closely how web browsers implement so-called TLS session resumption and how the top million popular websites make use of that feature. They found that 80% of websites make a correct use, unsuitable for tracking repeat visitors — just resuming an existing session within the last ten minutes.
Unfortunately though, Google is present on 80% of these websites in form of Analytics, Fonts or other third-party inclusions. And among 10% of sites that do not respect reasonable resumption times, Google sticks out as one of the most greedy ones — it allows for a web browser to stay offline for over a day, and still be recognized as the same web browser the next day. Considering that it is nearly impossible to surf the web without accessing some Google content, this means that Google can track all your surfing habits without any need for HTTP Cookies!
As Facebook isn’t as pervasively present in all of the web, it went even further. It is enough for you to visit any website bearing a Like button every second day to allow Facebook to profile you, even if you never dreamt of logging into that service. Could it be our researchers just caught these companies with their hands deep in the cookie jar (pun intended)? For how long have they been collecting user data this way?
Somewhat conspiracy-theory-like take on an actual, real privacy issue: the fact that TLS makes tracking pretty easy even without cookies. If you thought my 301-based cookieless tracking was clever, this is cleverer. And harder to detect, to boot.
I keep getting caught up on small world coincidences, since I started working at the Bodleian Library last week. I know about selective biases, of course, and I’ve always said that coincidences happen nine times out of ten, but this is really starting to feel like some kind of amazing conspiracy that I’ve somehow wandered into.
The most recent chain of connected coincidences is also probably the most impressive. But to explain it, I’ll need to take you back in time by almost three years. Back in the summer of 2008, I went to BiCon for the second time, accompanied by Claire and Matt P. Among the various other things we got up to, we met a young lady called Ann (who, if I remember rightly, got along very well with Matt).
This morning I received an email from Ann. It turns out that she works in the Bodleian Libraries: she’s likely to be one of the very users who it’s now my job to provide training and technical support to! She saw my photograph in the newsletter I mentioned in my last blog post and looked me up: small world! I emailed back, suggesting that we get together for a drink after work, and she agreed: great! She also asked if she could bring a friend along, a colleague from the library. Sure, I said, sounds good.
This lunchtime I sorted out some of my holiday entitlement for the rest of this academic year. I booked off a few days for a Three Rings “code week” in the summer, and a couple of days around the time that I’ll be moving house next month. One of these days clashed with a meeting that I’d had planned with the Web/Digital Officer of one of the libraries (I’m doing a grand tour of many of the libraries that comprise the Bodleian, in order to meet all the relevant people), so I sent an email to this staff member to ask if we could reschedule our meeting to another time.
“Okay,” they said, “But I think I’m meeting you in the pub in 90 minutes anyway…”
It turns out that the person whose meeting I’ve asked to reschedule is the friend of the person who recognised me from the staff newsletter, having originally met me three years ago. Out of all of the people (I’m not sure how many exactly – it’s probably in the staff handbook I haven’t read yet – but I’ll bet it’s a lot) that are employed by this, the largest university library in the UK, what are the odds?
This has to be the best conspiracy theory I’ve ever read: this guy believes that the Galileo space probe that NASA crashed into Jupiter in 2003 (to avoid it being left in an unstable orbit and potentially crashing into Europa, which could affect the scientific value of the moon) is starting a nuclear reaction that will eventually turn Jupiter into a second sun, and that the reason NASA are no longer doing much active research on the Shoemaker/Levy 9 “black spot” impact (widely understood to be a comet impact) on Jupiter is because they don’t want to attract attention to what is actually the end of the solar system (he believes it’s the beginnings of a nuclear explosion) as we know it, caused by them.
Personally, I find it hard to believe that humans are making a significant impact on climate change on Earth, but this guy thinks that a single plutonium-238 core (not even a reactor, and not even the same kind of plutonium as is used in atomic bombs) dropped into Jupiter could cause a chain reaction that would suddenly make this into a binary system.
It’s entertaining reading, though. I’m looking forward to Jimmy passing comment on it, soon.
Oh, and it’s Crystal Maze night tonight (The Cottage, 7pm) for anybody still around. We’ve only got two episodes of Series 2 left, so if we run out we may have to fall back on some Wiigaming or something.