American Automobile Fuel Consumption Debate


« Want to help send Bush back to Crawford, Texas? | Main | Stephen Schneider on Climate Change »



I don't have a technical answer - although, I would like to hear a technical answer.

In lew of a technical answer, I'll give you my rule of thumb. I go on the theory that if it is possible to monitor what people do on the Internet, someone at MIT knows how to do it. In fact, I believe that there are more people who know how to do it here than just about anywhere else. So, I just assume I am being monitored and try to be cool at all times.


What I do know...

When you visit a webpage, the website owner knows, at minimum this about you:

Your Internet Protocol (IP) adderess
This can give some information, such as your general location and your internet service provider. But doesn't say its YOU per say. Although people can get together and share this info and match it to you. Say you filled out a profile on that captured your IP address, and they sold that the match between your info and your IP address to who then knows who you are when you do visit.

This can also be an issue for a service like the Microsoft .NET Passport -- which you sign in for and allows ease of use across many sites-- but allows someone to track you.

The site ownder can see which webpage referred (linked) you to that site

What searchword you used to find that page (if you used a search engine).

Now, if you fill out a profile on a site - they obviously get info on you.

There are also different types of cookies and session state monitors that sites can install on your computer. Intenet explorer is defaluted to allow most cookies, if you dont have them enabled, using the web is a real hastle.

What the really malicious possibilities are is if someone has installed "Spyware" on your computer. Spyware is tracking software that gets on your computer when you accept it. Most commonly it comes from downloading Kazaza or something from It can track all of your activity and report it to someone


Adam sums it up pretty well. If you are just surfing, the only thing a website owner can tell is your IP address. There are two ways to map the IP address to a user:

1) Go to the ISP and ask for it. (i.e. the famous RIAA v. Verizon case)

2) Get identity disclosure. Fancy words for have someone type in a username and password to use the site. Sometimes in coding terms, this is called opening a session.

In either case, the site can track you only as long as you are on the site. (i.e. once you sign into Yahoo, they could track you through any usage at addresses ending or other domains they may own).

In movement from site to site, you are not tracked unless one of four things are true:

1) The origin site and destination site have an agreement to share session information AND you directly clicked a link from the origin site to the destination site.

2) The origin site and destination site have an agreement to share cookie information.

3) The destination site is "stealing" cookie information. This is rare and most good websites have cookies only they can decipher.

4) As Adam mentioned, you have somehow inadvertently downloaded "spyware". This is easier to do than most people think, however most good virus scan software will catch these with no problem. The Kazaa extras that do the same thing are not considered "viruses" though.

There are loopholes to my rules. The most frequent exception to the basic rules are Internet ads. Ads that are loaded within a page (such as having an ad from are also allowed to place a cookie on your machine. They can then "track" you from site to site, but only if they have ads on the various sites (which is common given companies like DoubleClick) and only via your IP.

If you are worried about cookie sharing or cookie stealing, you can always change you browser settings to only allow cookies for first party sites or from sites which you "accept." I always have this setting on to prompt for accepting cookies from third party (i.e. ads) sites. I like to know who is doing what on my machine.

I think those are pretty much the technical facts.

IMHO, there is a lot that is legal that is not necessarily ethical. As a general rule however, reputable websites do act both legally and ethically. Still cavaet...uh..surfer. As I mentioned earlier Big Brother can come in many forms.


Let me add one other thing. In the previous comment, I was referring to the tracking done by "outside" websites trying to track their users. However, after re-reading Tom's comment, I thought maybe I should add a clarification.

Whoever is giving you access to the Internet (your ISP if you are at home, MIT if you are at school, your employer if you are at work) can technically track all of your network traffic (web or not) right down to who you are. Whether or not they do is simply a matter of policy.

What I can decipher from MIT's policy is that they won't track you unless they have reason to believe you are violating the rules of use.

I think ISPs are forbidden to track usage under the Electronic Communications Privacy Act, but it is feasible that the service agreement you have to sign makes you waive that right (though I think Slashdot would be up in arms if this were true of major suppliers).

Tracking is kind of expensive (in terms of processing and storage), so corporations interested in controlling Internet usage generally just compile a "black list" of sites to block, rather than track individual employees.

I wanted to touch on this "harder" layer of tracking possibilities (i.e. tracking at the network traffic rather than tracking at the webpage level) that slipped my mind in the previous post.


Those are useful comments about what the web sites or other companies can do. However, what about the likes of Carnivore and TIA (which I learn may still be alive)?


I would be afraid of either Carnivore or a hidden version of the TIA coming about. Carnivore monitors traffic at the network (i.e. hard) level. It is pretty aggressive and process intensive kind of operation (thus I guess the name to fit). I don't know exactly what TIA does or how they expected it to work. They would have to force disclosure from ISP, web sites, etc, and use information from Carnivore to really get anywhere. Searching the a petabyte of data is no easy chore. I'm sure that the research in ARDA right now is focused just on that problem.

For now, I'm comforted by the presence of groups like the EFF, CDT, and even the ACLU.


Total information awareness, no, err, Terrorist Information Awareness system is basically hooking up a bunch of databases from credit card purchases, to air line reservations, and more together to track "terrorist suspects".

There was popular outcry against it and was shut down by Congress. But, as Anup points out, there are reports that its being revived under a different guise.

On a more positive note Anup, Washington Post reports today that the Senate has introduced the "SPYBLOCK" Act which would:

"make it illegal to use the Internet to install software on people's computers without their consent, and require companies that offer software downloads to provide more disclosure about what the programs do and what information they collect. The bill also would require Internet ads generated by the software to be clearly labeled."


I think it's important to note, as an addition to the Carnivore discussion, that Carnivore-like technology, while expensive computationally and otherwise when looking at general network traffic, can be deployed at an ISP when presented by a subpoena from the appropriate court.

Moreover, the terms of TIA suggest that something like that could be done without you ever being notified.

Finally, the third party monitoring of web surfing by ad companies via cookies is a particularly pernicious technology. Consider, for example, the number of forms that individuals might fill out over the lifetime of a cookie and imagine how the unscrupulous might assemble a profile from it.

Then, combine it with the technologies being used to attach location information to IP addresses -- for example, 18.172.x.x means E40, while 18.x.x.x means MIT. -- See, for example IP Locator


Or Quova


New research shows that one in twenty computers has "spy ware" on it. I know that in my research group, its been a significant problem this past week.

Adam Smith

A talk relevent to this discussion

Liberty by Design: The Internet as a Technology of Freedom and Control

Emerging Internet Technology and Policy Issues

A 4-session seminar

Offered by Alan Davidson, Associate Director of the Center for Democracy and Technology, Washington, D.C.

Sponsored by the Program in Science, Technology, and Society at MIT

Tuesdays: March 16 & 30 and April 13 & 27, 2004

4:00 - 6:00PM, Room E51-151, MIT

Old conventional wisdom states that the Internet is an unstoppable force for freedom. The new conventional wisdom is that the Internet can be a powerful tool of control. Largely by happenstance, the original design of the Internet open, decentralized, and extensible has supported Western democratic ideals: free expression, individual privacy, and participation by a diversity of speakers, creators, and technology developers. Today many of these values are now threatened by policy choices being debated in government and technology choices being debated by product developers and technology standards bodies.

How do we reconcile these competing visions of the Internet’s potential? This series will explore the ways in which the Internet's potential as a technology of freedom is being influenced by current technology and policy debates and seek to chart a path for developing an Internet designed with liberty in mind.

Seminar 1 Tuesday, March 16, 2004
· Free Speech by Design: Next Generation Internet Content Regulation - The free flow of information online is today threatened as national governments develop new ways to regulate Internet content and as new gatekeepers from ISPs to search engines emerge as attractive targets for content regulation. Can policy and technology choices serve to preserve free speech online?

Seminar 2 Tuesday, March 30
· Privacy by Design: The Golden Age of Government Surveillance - Information technology is giving government ever greater capabilities to observe the private activities of the citizenry. Efforts are underway to expand legal surveillance authority (like the controversial US Patriot Act) and create new surveillance technologies (like “guaranteed tap-ability” for Internet phone calls.) How can new imperatives for national security be reconciled with growing threats to personal privacy?

Seminar 3 Tuesday, April 13
· Privacy by Design: Corporate Data Collection in the Digital Age - Consumers face a rising tide of information collection about their personal lives, from better corporate database to new technologies like RFID, cell phone location tracking, and ubiquitous networks of embedded computers. How can law and product design serve to protect privacy in the face of marketplace data collection?

Seminar 4 Tuesday, April 27
· Fair Use by Design: Copyright and Creative Production - The threat of digital piracy has led copyright owners to seek laws that mandate new technological locks for their content threatening to constrain valuable uses of information and create new gatekeepers over content online. Can the public interest in access to content and innovation be reconciled with these efforts to protect content online?

Alan Davidson is Associate Director of the Center for Democracy and Technology, a Washington, DC public interest organization working to promote civil liberties and human rights on the Internet. Mr. Davidson, a graduate of MIT, received an S.B. in Mathematics and Computer Science and an S.M. in Technology and Policy. He attended law school at Yale, where he was Symposium Editor of the Yale Law Journal. Mr. Davidson is also an Adjunct Professor at Georgetown University and a Visiting Scholar this semester at STS.


you are definitely not anonymous on the web. Even when using the so called "super anonymizer" tor network.

There are ways for law enforcement to home in on you if they really want to.

Of course if your connection goes through some servers in a foreign country that will not cooperate with the group/law enforcement that want to find you out, then the last piece of evidence they will get is the ip and info they get up to that server in that foreign country.

The comments to this entry are closed.