We may never think about how we get free internet when visiting a social media website like Facebook or a web search engine like Google.
Maaz Musa, a PhD candidate in the Department of Computer Science at the University of Iowa, cautions web users to be more aware of what happens when they go online.
“I’ve realized nothing is free,” Musa says. “There’s an entire chain of 20 or 30 entities behind this free website you are visiting.”
More specifically, after visiting a hotel website for a reservation or a furniture site for a potential purchase, the next day you get an electronic brochure. However, you never gave them your email address, so what is happening?
When you go to a webpage, there are several trackers on that page. Web trackers collect, store, and analyze user activity. Data brokers then share your user data with advertisers. Website advertising revenue is a primary way for the Facebooks of the world to pay their employees.
“These are not as harmful (as other online issues), but they are, for lack of a better word, creepy,” Musa says. “Someone is always monitoring you. That’s not a pleasant thought.”
Musa says the user focused targeting is so good that you don’t feel like you’re being targeted as your behavioral and thought patterns are being influenced.
Web trackers and advertisers
Musa’s dissertation research, focused on online advertising, began by writing computer code to create online tools designed to uncover these relationships between web trackers and advertisers.
“We developed techniques based on content a user sees on a webpage,” Musa says. “If we turn off one tracker, the ads change on the webpage. That means that the tracker is selling your data to advertisers. Ads are supposed to be customized to the user. If you block a tracker and nothing happens to your ads, that means this tracker wasn’t in contact with advertisers.”
Musa, a native of Lahore, Pakistan, and his fellow researchers scaled their work to include the top 10 or 20 trackers, seeing which advertisers are linked to which trackers. This information is reported to ad blockers and enforcement agencies, causing the trackers to be excluded from solicitation process.
Users, who care about this issue, can help themselves avoid having their data sold to advertisers. According to Musa, they can add blocker extensions and manages cookies on their computers. He also said Brave is the only web browser that claims to be built upon privacy.
Consumer privacy standards
Musa’s dissertation work has extended to the area of states’ consumer privacy policies. Currently, California is the only state that has a privacy policy in practice.
“If data brokers are selling Californians’ data, they must give certain rights to user, including the right to know your data, the right to delete your data, and the right to stop your data from being sold and shared,” says, Musa, who is advised by Assistant Professor Rishab Nithyanand. “I’m trying to identify which data brokers are compliant to those rights.”
Data brokers are required to register themselves with the state of California. These data brokers receive large fines if they don’t follow the terms of the privacy policy.
In the next few years, Colorado, Connecticut, Utah, Virginia, and Iowa will have consumer privacy regulations in place.
In 2023, the Iowa legislature passed the Iowa Consumer Data Protection Act, a state law designed to protect consumer privacy. The law intends to hold businesses accountable by mandating specific privacy requirements and by granting consumers a range of rights. In addition, the law prescribes penalties for non-compliance. This law is generally considered more business-friendly and less restrictive than the California Consumer Privacy Act.
This Consumer Data Protection Act is scheduled to enacted into law in 2025.