A Business Technology Place

Targeted ads and your privacy

A large portion of my time at work managing Information Technology is spent handling security and availability of data. The number of compliance controls has sharply risen in recent years as a direct result of the publicity of data breaches and high profile data theft. Quite frankly, security and availability compliance is a bit chaotic right now with new job creation, changing standards, new standards, and individual company risk assessments.

A recent article in the Wall Street Journal from Christopher Mims about targeted ads left me thinking about the availability of my personal data spread across servers and data stores all over the internet. We all know about internet browser cookies leaving trails of our activity as we use the internet for research, shopping, reading, and entertainment. Mims discusses the rise of Amazon’s ad business and how it offers distinct data points that may differ from other internet giants like Google and Facebook. All this data sharing is governed by privacy policies, terms of use, and partner affiliates. But I still find it creepy when products I have researched appear on other sites I visit as recommended buys. As I mentioned my job makes me prove how I don’t share customer data. But retail and social media businesses are monetizing my data by selling it.

I performed a simple test this morning to how browser privacy settings affected my experience with some internet sites. For all these tests I used the Google Chrome Browser. Other browsers have similar features.

Note: There are so many variations for privacy settings across sites that this can quickly become a complex subject. Businesses rely on cookies in your browser but also have the ability to track your history on their site in their databases which is governed by their privacy rules. My simple test was to see how I might increase some of my privacy by adjusting a couple of settings on a browser.

Test One – Eat all the cookies


  1. Select the three vertical dots in the upper right corner and then select “settings” or go to chrome://settings/ in the browser address bar.
  2. From the settings bar scroll to the bottom and select advanced
  3. Under Privacy and Security select content settings
  4. Next select cookies
  5. Turn on the setting to keep local data only until you quit your browser
  6. Close and reopen the browser
  7. Go to Amazon, eBay, and Facebook


This setting allows the sites visited to set their tracking and information cookies. But each time the browser is closed all of the cookies are removed.  Automatically clearing cookies means it is necessary to log into the websites each time the site is revisited. Clearing cache files causes websites to load more slowly after a browser restart. Are the performance downsides worth the small increase in privacy?

I checked sites Amazon, eBay, and Facebook and targeted ads were not there across different browser sessions. But I did have to reauthenticate.

Test Two – Eat some cookies


  1. Select the three vertical dots in the upper right corner and then select “settings” or go to chrome://settings/ in the browser address bar.
  2. From the settings bar scroll to the bottom and select advanced
  3. Under Privacy and Security select content settings
  4. Next select cookies
  5. Turn off the setting to keep local data only until you quit your browser (revert Test One)
  6. In the section Clear on Exit add sites that may serve targeted ads. I chose
    • [*.]Facebook.com
    • [*.]Amazon.com
    • [*.]eBay.com
  7. Close and reopen the browser
  8. Go to www.google.com
    • Search “new tires”
    • Search “printer toner HP”
    • Search “Keurig k cups”
  9. Go to Facebook browse and look for ads
  10. Go to Amazon browse and look for ads
  11. Go to eBay browse and look for ads


I didn’t find any in-line ads for tires, toner or coffee initially. I noted that I had not clicked on any search results; I just searched and viewed results. I went back and researched on Keurig k cups. Then I clicked on a result from Amazon. When I did this, the recommended buys from Amazon completely filled with k cups.  I closed the browser and the recommended buys changed back to something I had purchased in the past. But the site still showed items I had recently browsed.  Since I cleared cookies I had to re-authenticate for my account.

eBay only filled a section with recently viewed items which gave me the impression they were only seeing activities performed on their site. Since I cleared cookies I had to re-authenticate for my account.

Facebook had no advertising in-line but did serve ads on the right-side of the page under the title “recommended for you nearby”. The ads I saw didn’t match tires, printer toner, or coffee. Since I cleared cookies I had to re-authenticate for my account. Advertisers buy targeted ads based on specific interests. I guess my timing wasn’t right for my three tests.

A few more settings of interest:


In addition to the web browser, Facebook is also tracking your account activity and selling that data to advertisers. Turn off some of the Facebook targeted advertising by doing this:

  1. From your Facebook profile, click on the small upside-down triangle in the upper-right side.
  2. Select Settings
  3. Select Ads from the left-hand side of the page
  4. Facebook selects Yes as the default option. Change the permissions to No.


  1. Go to page https://myaccount.google.com/activitycontrols
  2. There are various sections for activity tracking by Google (search, devices, YouTube, location, etc.) Read each section and designate if you want Google keeping that information.

My thoughts:

Unless I go off the grid or completely stop using the internet, it’s not possible to stop all monitoring of my activities by my internet provider, merchants, search engines, etc. Playing with the browser settings may limit some of the trails I leave and give me a sense of a little more privacy. The settings can certainly reduce the size of my electronic footprint but not eliminate it. As I mentioned before, it’s up to the individual to weigh the trade-offs of privacy with usage on the site.

Onward and upward!

Photo credit: Surlan Soosay via creative commons.

Smartphone passwords and privacy

How would you rule in this case?

An employee is provided a smartphone and cellular service by their employer. The employee leaves the company and returns the device. Then the employee is brought under investigation for by the SEC for insider trading activities. The SEC requests the password for the phone in an effort to build evidence for their case.

Is the employee required to surrender their passcode so that access can be granted to the smartphone?

The result may not surprise you but the reason will.

A US District Court ruled that that the employee was not required to surrender their password in SEC V. Huang as this could violate their Fifth Amendment right to privacy.

In a court response it stated that,

“Since the passcodes to Defendants’ work-issued smartphones are not corporate records, the act of producing their personal passcodes is testimonial in nature and Defendants properly invoke their fifth Amendment privilege. Additionally, the foregone conclusion doctrine does not apply as the SEC cannot show with “reasonable particularity” the existence or location of the documents it seeks. Accordingly, the SEC’s motion to compel the passcodes is denied. “

The case revealed that Capital One, the employer, did have policies stating that the company owned the device issued as well as corporate documents stored on the device. As you would expect, Capital One also required employees to use a passcode and by best practice the code should be private and not written down anywhere. Hence the court ruling that the passcode itself was not a corporate record.

The court also stated that,

“Each party argues based on established legal precedent m non-smartphone contexts involving the interplay between corporate records and encrypted information on computers. As we find the personal thought process defining a smartphone passcode not shared with an employer is testimonial, we deny the SEC’s motion to compel. “

I bet you’ve never considered making your password part of your “personal thought process”!

How far could this reach?

Could this apply to computer and laptop passwords? Would an employee be able withhold their password from an employer if they were not under investigation for criminal activity?

If the rationale of this decision carried forward then I would think it could be far reaching.  Employers typically don’t assert ownership of the password or require they be stored where they are accessible. Hence they would be considered something personal.

If a Company wants maintain complete control and ownership of equipment issued to employees they should consider the following policies:

  1. Create a policy that issues passwords to be used by employees on company owned equipment.
  2. Designate a required storage area for passcodes.
  3. Equip phones with software that allows a remote wipe of the device if the employee leaves.

Photo Credit: binaryCoco via creative commons


Do you cover your webcam?

Do you cover your webcam with a piece of tape?

Over the past several years I’ve noticed that many colleagues in the office cover their webcams with a piece of tape. Maybe they’ve read about incidents of camfecting or maybe they are just paranoid of any intrusion to their privacy. It may seem like a Hollywood movie script but the threats are real. Hackers have used webcam images for extortion  and even government agencies have hacked webcam sessions in the name of state security.

There are other ways block the camera hole.Samsung-close-webcam-cover

This security concern isn’t new. Some manufacturers allow you to completely disable the camera in the system BIOS. That’s a good method to turn it off before the system boots, but you’ll have to reboot to turn it back on if you want to use the camera for legitimate purposes. You can also disable the camera through the operating system, but that would be susceptible to hacking for power-up. There are variety of webcam slide covers available to purchase from a retailer. These devices have a manual slide closure which makes it more convenient than a sticky piece of tape to close and open the camera hole for viewing and more visually appealing.

If you are paranoid about someone spying on you from your computer camera you should also be concerned about the onboard microphone that captures sound. Don’t forget your cell phone camera. It’s susceptible to hacking as well.

With all the security concerns why isn’t a webcam slider standard issue?

If we can buy webcam sliding devices on the market to cover the camera hole then why can’t manufacturers make this a built-in standard feature? My car with a sunroof has manual sliding cover in addition to the electric sunroof opener. When I open the roof the manual cover slides open with it. Then when I close the sunroof I can slide the cover to a fully closed position if I don’t want to see the sky through the glass sunroof. Why can’t built-in webcams for laptops and USB webcams have a similar slide device built-in?

This would solve a need and keep the choice to cover or leave the camera up to the operator of the device. Hack me or hack me not?

Onward and upward!