How to Baffle Web Trackers by Obfuscating Your Movements Online

Share this…

ONLINE AD NETWORKS and search engines love it when you surf around. Everything you do—every page you load, every query you type—helps them build a profile of you, the better to sell ads targeting your interests. Spy agencies are probably also happy to track your online moves.

But today they’re all having trouble figuring me out, thanks to some sneaky browser plug-ins. One, AdNauseam, clicks every ad on every page I visit, baffling ad networks. When I do a search, TrackMeNot sends a stream of fake queries in the background—like “conan o’brien” and “watch tokyo samsung”—so Google and Bing can’t easily profile me either.

This is “obfuscation,” and it’s a fascinating development in our relationship to online surveillance.

“We want everyone to benefit from this amazing online technology, but we want to impose constraints on it,” says Helen Nissenbaum, director of theInformation Law Institute at New York University and a leading thinker in the field of obfuscation. “Right now the technology is stacked against you.” Working with programmers overseas, Nissenbaum has spent the past decade crafting apps like AdNauseam and TrackMeNot, and this fall she published a book on why obfuscation is a strategy for modern life.

How to Baffle Web Trackers by Obfuscating Your Movements Online

Reason one: It’s increasingly hard to “opt out” of online tracking. “Unless you want to go live in a cave away from society,” Nissenbaum notes, you need to be online—often for work or to access government services. Online services claim they’re voluntary, but the cost of being a refusenik grows every day.

In this context, obfuscation is a clever judo move. It’s a way for people in a relatively weak position—which is to say all of us, compared with Google or Facebook—to fight back. You exploit your adversaries’ inherent weakness: their insatiable appetite for data.

Obfuscation has a long pedigree. Airplanes in World War II dropped chaff to confuse enemy radar. WikiLeaks has been known to generate fake traffic as cover for leakers who are uploading documents to the site. In all cases, the key to obfuscation, says Vincent Toubiana, a developer of TrackMeNot, “is to create noise.”

As you might imagine, the folks in power are unthrilled by this monkey-wrenching. (One executive of an ad-supported site harshly criticized Nissenbaum at a talk she gave.) Obfuscation, they say, is a form of unfair “free riding.” Search engines use tracking to improve the overall quality of results—so TrackMeNot users get those benefits without contributing their own personal data. Nissenbaum and her coauthor, Finn Brunton, think obfuscators are in the clear as long as their tools are open to everyone and they don’t make other users worse off.

A bigger problem with obfuscation is that it doesn’t curtail online tracking. Only legislation could do that, and it’s pretty unlikely to come about. Nor is obfuscation, as Nissenbaum and her collaborators hasten to point out, true security. To really hide from, say, a repressive government, you need unbreakable encryption.

But as a form of everyday protest, I love the concept. Indeed, I can imagine plenty more ways to conceal my tracks. How about a hack that generates fake GPS readings in mobile apps? If I’m going to be followed online all day, I might as well leave some digital chaff.