#blacklight

gunnar@diasp.org

VPN services - what kind of privacy are they talking about?

Just made a test using Blacklight. Blacklight is a Real-Time Website Privacy Inspector.

Tested: expressvpn.com

ExpressVPN belongs to Kape Technologies, a UK and Israel based digital privacy and security company (ExpressVPN was acquired 2021).

This VPN service makes marketing with slogans like "Just one click to a safer internet - Going online doesn’t have to mean being exposed. Whether you’re shopping from your desk or just connecting at a cafe, keep your personal information more private and secure."

It turned out to be much worse than expected... Personal conclusion: Such a service is not recommended

Blacklight Inspection Result

6 Ad trackers found on this site.

Blacklight detected trackers on this page sending data to companies involved in online advertising.

Blacklight detected scripts belonging to the companies Facebook, Inc., Microsoft Corporation and Alphabet, Inc

3 Third-party cookies were found.

These are commonly used by advertising tracking companies to profile you based on your internet usage. Blacklight detected cookies set for Alphabet, Inc. and Microsoft Corporation.

When you visit this site, it tells Facebook.

The Facebook pixel is a snippet of code that sends data back to Facebook about people who visit this site and allows the site operator to later target them with ads on Facebook. 

A Facebook spokesperson told The Markup that the company set up this system so that a user doesn’t have to be “simultaneously logged into Facebook and viewing a third-party website for our business tools to function.”
Common actions that can be tracked via pixel include viewing a page or specific content, adding payment information, or making a purchase.

This site uses Google Analytics and seems to use its ”remarketing audiences” feature that enables user tracking for targeted advertising across the internet.

This feature allows a website to build custom audiences based on how a user interacts with this particular site and then follow those users across the internet and target them with advertising on other sites using Google Ads and Display & Video 360.

A Google spokesperson told The Markup that site operators are supposed to inform visitors when data collected with this feature is used to connect this browsing data with someone’s real-world identity. You know when those shoes you were looking at follow you around the internet? This is one of the trackers leading to that.

Some of the ad-tech companies this website interacted with:

The inspected website contacted some well known actors in the ad-tech industry. Not all of these loaded trackers, so they may be different from those listed in the tests section above. For more information on each company, what it does, and which of its domains Blacklight found during the inspection, click the arrow. Reading this can give you a better idea of how the ad-tech industry works.

Alphabet

Blacklight detected this website sending user data to Alphabet, the technology conglomerate that encompasses Google and associated companies like Nest. The Silicon Valley giant collects data from twice the number of websites as its closest competitor, Facebook. An Alphabet spokesperson told The Markup that internet users can go here if they want to opt out of the company showing them targeted ads based on their browsing history.

The site sent information to the following domains doubleclick.net, google-analytics.com, google.com, googleadservices.com, googleoptimize.com, googletagmanager.com.

#vpn #tracking #security #linux #openvpn #wireguard #privacy #expressvpn #bsd #solaris #google #facebook #microsoft #hackernews #blacklight #alphabet #meta #marketing #trackers #trackingpixel