The Firefox add-on Collusion is an attempt to visualize how websites and services are connected with each other. It is not all about advertising and user tracking though, it is about all connections that websites have with each other.

How does it work? The extension starts collecting connection information directly after it has been installed in the web browser. This is an automatic process that requires no user interaction from that point forward.

The extension adds an icon to the Firefox status bar. When you click on it, it launches the visualization screen in a new tab in the browser. Even with the page open it continues to update the connections in realtime whenever new web pages are opened.

Each dot represents a domain, connected with lines. These lines visualize the connections between sites. Colors are used to distinct between standard domains and domains that track users who visit those domains. Tracking domains are shown in red in the visualization.

Collusion displays information about individual domains on the same page. These information are displayed in the upper right corner of the screen. This includes information about the domain or tracking service, and the websites that it is connected to.

The visualization grows tremendously in size over time, and one of the criticisms that I have is that it is not possible to zoom in or out of the visualization or enter a domain name to display its connections in the list.

Update: It is possible to use the browser’s zoom in and zoom out feature to zoom.

Collusion is not available at the Mozilla add-on repository. The extension is only available at the developer website. Cautious users may want to look at the source code first before they compile the add-on or install the compiled version directly.

In telecommunications, data retention refers to the, often temporary, storage of phone records and Internet traffic by commercial organizations like phone companies and ISPs. Data types and retention time differs from country to country, but all can be used for traffic analysis to create a tracking profile.

German politician Malte Spitz managed to receive six month worth of data from Germany’s largest telecommunication company Deutsche Telekom. He forwarded the information to Zeit Online, a German newspaper, which used the information to create a detailed tracking profile of the last six month of the politician.

Geolocation information were linked to Internet activities like Twitter messages or blog postings. The tracking profile uses Google Maps to display information about the politican’s location at any given time of the six month. Information about incoming and outgoing calls, SMS messages and connection to the Internet have been made available as well. It is for instance possible to determine exactly when and where calls where made, and how long they lasted.

Please note that Zeit Online is a German website which means that all texts and information are in German. you can click on the play button to see the movement on the map. The Geschwindigkeit (speed) slider can be used to decrease or increase the speed. Take note that the location can be determined to the minute.

The tracking on the map appears to be detailed enough to determine the location at any given time providing that the user is in the country.

Head over to Zeit Online to play around with the tool.

What’s your take on it? Make sure you check out Creepy! Track Michael Arrington, Or Anyone Else, Via Geolocation which can also be used to track people. (via)

Want to know where Michael Arrington, Techcrunch founder was on January 23? In a building near the San Francisco airport. What did he wear? His urban spoon tshirt. Everyone can extract those information with the help of the software.

Creepy can also search for usernames on Twitter or Flickr. The software needs to be authorized before it can be used to search for Twitter users, the Flickr search on the other hand works right of the box.

The people tracker extracts the geolocation information from various sources.On Twitter,geolocation information added by mobile device tweets are used as well as IP address to location lookups if the web interface was used to write a message. For photos, both EXIF tags and geolocation information that are accessible through the image hosting services API are used

Creepy is actually making use of more services, not only Twitter and Flickr. It uses Foursquare as well but only for check-ins currently that are posted on Twitter, and more than a dozen image hosting services including Twitpic, Twitgoo or Img.ly.

The service displays the location of the user on Google Maps by default. This can be changed in the options to one of the other available services.

The effectiveness of the tracking depends largely on the user’s knowingly or unknowingly use of the service’s geolocation feature.

Is the use of the application legal or ethical? The geolocation data is freely accessibly, all that Creepy does is provide an optimized interface that collects and displays all relevant information directly.

Privacy conscious users may want to test Creepy by searching for their own accounts to see if they reveal any information that they do not want to reveal to the public.

Creepy can be downloaded from the developer website over at Github.

The Electronic Frontier Foundation has published an interesting theory that it is possible to track web browsers based on their web browser’s fingerprint. This fingerprint is of course the data that can be accessed by the server or website the browser connects to.

Math wizards might want to take a closer look at the technical analysis by Peter Eckersley.

There is a mathematical quantity which allows us to measure how close a fact comes to revealing somebody’s identity uniquely. That quantity is called entropy, and it’s often measured in bits. Intuitively you can think of entropy being generalization of the number of different possibilities there are for a random variable: if there are two possibilities, there is 1 bit of entropy; if there are four possibilities, there are 2 bits of entropy, etc. Adding one more bit of entropy doubles the number of possibilitie

The EFF has created a script on a website that computes how unique and trackable a web browser is.

The script will calculate a uniqueness score based on the data that the web browser reveals during connections. Tests with Google Chrome 5, Opera 10.5 pre-alpha, Internet Explorer 8 and Mozilla Firefox 3.6 revealed that all four web browsers contained unique bits that could be used to identify them.

This can be attributed to the web browser fingerprint database of the service as it contains only 450,000 fingerprints. It is likely that an increase here will reduce the uniqueness.

The self-defense aid lists some of the features that one could use to defend against browser fingerprinting:

• Try to use a “non-rare” browser
• Disable JavaScript (please note, Javascript needs to be enabled for the test to work)
• Use TorButton
• A Better Solution: Browsers’ “Private Browsing” Modes

The interesting aspect of this theory is that it is possible to track computers even if cookies have been deactivated in the web browser. There is another option to switching to a non-rare browser though: Browser switching. Identification is only possible for a session in which the same web browser is used. That in combination with disabled JavaScript could prove to be an effective defense against web browser tracking. (found at the Oracle)

In my opinion though the loss of privacy does not justify the gain, because in the end it does not really matter that much if you know if someone read the email or visited the link you send him. Tracking users, no matter if its done in large scale by companies or in smaller scale by individuals, is not right. Not for this purpose anyone.

Enough of the ramblings. I’m the last to tell you what you can and cannot do on the Internet. I just wanted to make my position clear before posting the links to the following two websites.

Linkblip and UrlVi are two online scripts that convert links into urls that are tracked much like tinyurl but with tracking included. If someone clicks the links you will be notified by email if you have been using Linkblip or by accessing a page of statistics if you have been using UrlVi.

Both bring fourth another concern that i have. They disguise the original link which is a technique used by spammers as well. Instead of showing the link url www.ghacks.net they display http://lburl.com/dcgdy or http://urlvi.be/rus2k which do not reveal any information about the destination.

I would be very cautious about such a link even if a friend would be sending it to me. My first reaction would be to call, chat or reply to that friend asking what the link was all about.