Spy on Yourself

"Wow," my hacker friend Mason breathed as he looked at my computer monitor. "That's really horrendously fucking evil."

He was responding to the sight of my account with Root Vaults (root.net), a web service with hazy goals but an interesting tool: If you sign up and download a plug-in for Firefox, Root Vaults will record your entire clickstream. When I go anywhere or click on anything online, the plug-in records it and sends the data to my account at Root Vaults. A nifty graphical interface shows me what sites I visited, including the most popular ones, as well as what I searched for on both Google and Yahoo.

Since I was just testing Root Vaults, I tried to search for important things like "horse porn" and "cute kitties." As a result, my clickstream looked sort of like this: www.xxxpower.net (the clickstream from this one yielded some interesting results, as it appears some scamster was trying to make it look like I was clicking on the ads on the site, even though I wasn't); www.cuteoverload.com (too bad Root Vaults couldn't measure my utter joy in looking at this site packed with a zillion cute animals); www.pussy.org; www.kittenwar.com.

Now imagine that I spent all week sending my clickstream to Root Vaults. Instead of seeing searches I don't normally do (well, OK, sometimes I do search for cute kitties), I'd have a record of everything I'd wanted to see and everything I did see. Seth Goldstein, inventor of Root Vaults, calls it the "record of your attention," and he wants to sell it.

Like Google, Claria and dozens of other companies that record what you do online, Root Vaults doesn't quite have a business model for all the data it's aggregating. Right now Goldstein uses the information he's gathered to sell "leads" to mortgage and insurance companies looking for people whose clickstream makes them seem like good prospects. Later he might use all the consumer data in Root Vaults to sell companies information about who clicks on what and when. Or maybe he'll try to sell futures in consumers by claiming he's got a batch of people whose attention data show they're on the cusp of buying something big because they've been visiting ConsumerReports.org and trolling Shopper.com.

Unlike its sister companies, Root Vaults is letting users see the data it collects. That's why I don't entirely agree with Mason's damning assessment of the service. Certainly clickstream snooping is a privacy invasion, but what's worse is that it's something few people understand. For example, when you download the toolbars from Google, Yahoo or Microsoft, each one sends the very same kind of data that Root Vaults collects right back to its mother company. So if you want to know how much Yahoo! knows about you, sign up for Root Vaults, watch your clickstream get recorded and find out.

Goldstein is excited about this idea. As a founder of Attention Trust, a nonprofit whose goal is to regulate the clickstream-tracking industry, he's intrigued by the idea of corporate scruples in a space that's best known for spyware. "This tool could be for self-education," he enthuses. "The same way "Fast Food Nation" taught us what we're really eating, Root Vaults could teach you what kind of data companies are really gathering about you."

You'll be truly weirded out to discover how easy it is for a tiny little browser plug-in to send every online move you make to a third party. Once you've completed your experiment, though, delete all the data from your Root Vaults account, then delete the extension from Firefox. And just to be safe, don't click on anything you'd be afraid to share with the world.

Although Root Vaults is setting a new standard for transparency in clickstream tracking, one telling detail is still obscured. Goldstein insists each vault "belongs to you." But it doesn't. Whenever anything of "yours" is stored on someone else's computer, it's not highly protected by privacy laws, largely under the assumption that it must not be as private as the stuff you store on your own computer. So the government or an attorney can get access to this data without contacting you personally, and often with very little court oversight. So remember, kids, just because something's in your account on Root Vaults, that doesn't make it yours.

And just because you can't see your own clickstream most of the time doesn't mean somebody else isn't watching it.

Enjoy this piece?

… then let us make a small request. AlterNet’s journalists work tirelessly to counter the traditional corporate media narrative. We’re here seven days a week, 365 days a year. And we’re proud to say that we’ve been bringing you the real, unfiltered news for 20 years—longer than any other progressive news site on the Internet.

It’s through the generosity of our supporters that we’re able to share with you all the underreported news you need to know. Independent journalism is increasingly imperiled; ads alone can’t pay our bills. AlterNet counts on readers like you to support our coverage. Did you enjoy content from David Cay Johnston, Common Dreams, Raw Story and Robert Reich? Opinion from Salon and Jim Hightower? Analysis by The Conversation? Then join the hundreds of readers who have supported AlterNet this year.

Every reader contribution, whatever the amount, makes a tremendous difference. Help ensure AlterNet remains independent long into the future. Support progressive journalism with a one-time contribution to AlterNet, or click here to become a subscriber. Thank you. Click here to donate by check.

alternet logo

Tough Times

Demand honest news. Help support AlterNet and our mission to keep you informed during this crisis.