Recently I have been playing with the Markup’s privacy-checking tool “Blacklight”. You give it the URL of any website you like. It then virtually visits the website and looks at what scripts it is sent by the site, picking out any that fall in the following 7 categories.

  • Third-party cookies
  • Ad trackers
  • Key logging
  • Session recording
  • Canvas fingerprinting
  • Facebook tracking
  • Google Analytics “Remarketing Audiences”

On the very first site I tried (which was just the last site I’d visited so nothing designed to be a special test), it found about 20 ad trackers and 60 third party cookies on its homepage. It also detected a session recorder, which tracks a visitor’s mouse movement, clicks, scrolls and so on. It was also logging the text users typed into a webpage even before you pressed submit. It also specifically let both Facebook and Google know that you’d visited.

Finally it listed some of the advertising companies that the website had interacted with behind the scenes - in this case a list of about 15 disparate organisations.

Now I’ve no reason to suspect that the site was aiming to do anything unusually weird or problematic with this data. Perhaps disturbingly, these aren’t particularly rare practices. But it is a lot. Far more than I felt I’d implicitly or explicitly consented to just by visiting a random company’s homepage. And this data is all ending up somewhere out of my control, including ready for use by organisations others than the one that owned the site, for purposes other than giving me the information I was seeking.

There’s a lot more about how Blacklight works and further background on The Markup’s site, including why it isn’t necessarily reassuring that Facebook on the surface comes back pretty spotless, and some steps you can take if you are not comfortable with the level of surveillance a given site non-consensually forces upon you.