State Politics

Mississippi tracks you across its web sites, too. Here's how to protect yourself

The web browser add-on Disconnect reveals what's going on behind the scenes as a viewer watches a YouTube video of Sen. Roger WIcker questioning Facebook CEO Mark Zuckerberg. The Google tracker DoubleClick is taking notes in the background.
The web browser add-on Disconnect reveals what's going on behind the scenes as a viewer watches a YouTube video of Sen. Roger WIcker questioning Facebook CEO Mark Zuckerberg. The Google tracker DoubleClick is taking notes in the background.

Some websites operated by the state collect valuable information about Mississippians' internet habits without their knowledge.

For example, tucked into about 2,000 lines of computer code that generates VisitMississippi.org is a Facebook Pixel Code, which reports back to Facebook.

That's what Sen. Roger Wicker was talking about when he asked Facebook CEO Mark Zuckerberg if the social network had its hooks into internet users even if they aren't signed on to Facebook. Here's that exchange from a transcript supplied by Wicker's office.

"Wicker: One other thing, there have been reports that Facebook can track a user's internet browsing activity even after that user has logged off of the Facebook platform. Can you confirm whether or not this is true?

"Zuckerberg: Senator, I want to make sure I get this accurate, so it’s probably better to have my team follow up."

As BuzzFeed pointed out, Zuckerberg could have just pointed Wicker to Facebook's own site, where, as BuzzFeed pointed out, that confirmation is under the "help" section.

Wicker's staff sent that testimony out in an email complete with a link to a video on YouTube. As soon as viewers click on that link, YouTube starts tracking them.

Disconnect, a browser extension that uncovers trackers, reveals YouTube, which is owned by Google, uses the tracker DoubleClick. It collects information about browsing habits that can be used to show ads about products that match a visitor's interests. Kind of like those ads that follow Tom Cruise around in "Minority Report."

In all, it's valuable information. Google paid $3.1 billion for DoubleClick in 2008, according to The Guardian. It helped Google capture more than $95 billion in ad revenue in 2017.

In Mississippi, the Secretary of State's Office and the Governor's Office both have sites that track visitors and send information out to 17 sites.

The Office of State Auditor also tracks visitors via Google Analytics and Twitter, but only sends information to two other sites. Within seconds of landing on the Mississippi Development Authority's site, dozens of bits of information have passed back and forth between the site and Google Analytics and three other trackers.

What are you sharing publicly on Facebook? Who has access to your data on the platform? Can you ask developers to delete the data they’re storing on you? Users are asking themselves these questions in the wake of the Cambridge Analytica data breac

The Attorney General's Office has sued Google over privacy concerns and sent Facebook a letter earlier this year with more privacy concerns. Its website, though, dutifully reports back to Google Analytics and DoubleClick via trackers.

All these companies and the state assure internet users they have their best interests at heart and have their back when it comes to security — data breaches and Facebook scandals aside.

"We only collect, retain and use personal information where we believe it is essential (and allowed by law) to administer our business and to provide products, services and other opportunities requested by our customers," reads the privacy policy at MS.gov, the site run by Mississippi Interactive in partnership with the state.

It's a common theme in privacy statements.

"We use data to make our services as useful as possible, but you decide what types of data we collect and use," Google says.

What Mississippi does

Mississippi Interactive said it does not store any sensitive data.

"For any transactions that include sensitive data, we truncate account information as well as encrypt the information, said Drew Levanway, MI's director of operations. "Mississippi Interactive’s payment engine adheres to the highest levels of security within the industry and is compliant with PCI-DSS as a Level 1 Service Provider. All applications and websites undergo routine security scans, are patched to remediate any vulnerabilities, and are audited by third-party vendors that evaluate hundreds of security controls."

Eighty websites built by the state-private partnership offer 126 services, a third of which don't charge fees and therefore shouldn't collect sensitive information. All collect other than sensitive data, though.

And since President Donald Trump rolled back an Obama-era Federal Communications Commission rule that limited how internet service providers use the gathered data, privacy has become a gray area.

FCC Chairman Ajit Pai said the FTC, not the FCC, should govern the providers. But, as the Los Angeles Times reported, the FTC is empowered to enforce privacy rules against companies such as Google but not internet service providers such as AT&T. That leaves regulating providers, for now, up to the state.

In Mississippi, privacy and security are watched over by the Electronic Government Oversight, which includes officials from the state and Mississippi Interactive.

What you can do

Consumers, though, can opt-out of these data mining operations. The Disconnect add-on gives you the option of blocking tracking sites. Through a browser's settings, the user can tell it to reject all cookies.

You can install Privacy Badger to block all spying ads and trackers.

But all these solutions require a lot of attention and some computer savvy.

Starting next month, though, the European Union will require sites that gather and store data from web user to get their permission first. And that could spread to the U.S.

  Comments