A lot of privacy threads focus on fantastical what-if scenarios that just never really come up. For the majority of Internet users, the biggest threat they would face comes from the adtech sector. Now most people aren’t going to understand what is collected in realtime as that’s usually company specific and usually encoded on the site/app, but standards are all open for anyone to read. Mostly this is going to come in the form of OpenRTB 2.6 (https://iabtechlab.com/wp-content/uploads/2022/04/OpenRTB-2-6_FINAL.pdf) or the Prebid library and its User ID Module (https://docs.prebid.org/dev-docs/modules/userId.html) with maybe some custom fields and VERY granular audience mapping.
Specific to that standard, 3.2.20Object: User and 3.2.27Object: EID and 3.2.28Object: UID are the important ones, but honestly all of the information can be used in conjunction with other pieces. Now if you look through that info, you’ll notice you don’t really see that much. You’re real name isn’t present. Your email isn’t present. Your physical address isn’t present (although its likely your geo location info is accurate from the device object). The thing is that so many little bread crumbs exists and so many actors are mapping those bread crumbs that once human psychology is overlaid on top of it crazy amounts of information that was not collected can be inferred. People think info like “His name is John Smith” is important when really “This is device ID EA7583CD-A667-48BC-B806-42ECB2B48606” and the numerous IDs built from that or a dozen other things is what matters.
Just from that standard with enough data/time, its possible to determine your demographic/sociographic information. One could determine who you will vote for and political leanings, how much money you make, what your job is, your sexual orientation, etc. This is great if someone is trying to sell you Tide detergent, but its also really useful if you’re wanting to start a “grassroots” campaign to add/remove rights for specific citizens. It allows you to know where you can get a foothold for your legislation (Cambridge Analytica comes to mind). And these things are all easily verifiable from your browser. Without an adblocker, go browse the internet and keep track of how many 1x1 tracking pixels get dropped on you. Checkout what’s in your cookie store and what’s sitting in sessionStorage and localStorage.
So, I think groups like r/privacy focus a lot on sci-fi inspired dystopia, when instead they could be focused on more real world dystopia.
Yes and no.
A lot of privacy threads focus on fantastical what-if scenarios that just never really come up. For the majority of Internet users, the biggest threat they would face comes from the adtech sector. Now most people aren’t going to understand what is collected in realtime as that’s usually company specific and usually encoded on the site/app, but standards are all open for anyone to read. Mostly this is going to come in the form of OpenRTB 2.6 (https://iabtechlab.com/wp-content/uploads/2022/04/OpenRTB-2-6_FINAL.pdf) or the Prebid library and its User ID Module (https://docs.prebid.org/dev-docs/modules/userId.html) with maybe some custom fields and VERY granular audience mapping.
Specific to that standard,
3.2.20 Object: Userand3.2.27 Object: EIDand3.2.28 Object: UIDare the important ones, but honestly all of the information can be used in conjunction with other pieces. Now if you look through that info, you’ll notice you don’t really see that much. You’re real name isn’t present. Your email isn’t present. Your physical address isn’t present (although its likely your geo location info is accurate from the device object). The thing is that so many little bread crumbs exists and so many actors are mapping those bread crumbs that once human psychology is overlaid on top of it crazy amounts of information that was not collected can be inferred. People think info like “His name is John Smith” is important when really “This is device ID EA7583CD-A667-48BC-B806-42ECB2B48606” and the numerous IDs built from that or a dozen other things is what matters.Just from that standard with enough data/time, its possible to determine your demographic/sociographic information. One could determine who you will vote for and political leanings, how much money you make, what your job is, your sexual orientation, etc. This is great if someone is trying to sell you Tide detergent, but its also really useful if you’re wanting to start a “grassroots” campaign to add/remove rights for specific citizens. It allows you to know where you can get a foothold for your legislation (Cambridge Analytica comes to mind). And these things are all easily verifiable from your browser. Without an adblocker, go browse the internet and keep track of how many 1x1 tracking pixels get dropped on you. Checkout what’s in your cookie store and what’s sitting in
sessionStorageandlocalStorage.So, I think groups like r/privacy focus a lot on sci-fi inspired dystopia, when instead they could be focused on more real world dystopia.