Resources for the global digital safety training community.
Credits
Last Updated 2016-06Advertising networks look for detailed information about who you are, from your age to your postal code and everything in between. This activity works best if participants are using their personal computers and the browser that they normally use day-to-day. Still, some might not have browser profiles - which is great for their privacy, but boring for this activity. Keep this in mind while planning your agenda.
Key to this Activity, and to the module as a whole, is the concept of a browser profile. A browser profile is the semi-unique “imprint” of your particular browser instance seen by online advertisers and websites - this includes the kind of browser (i.e. Firefox, Chrome, Safari, etc.), the version, and any cookies or plug-ins associated with it. This is one way in which potentially identifying user data is visible to third-parties, and is important for users to be aware of.
It’s a good idea to invest time into a sample browser loaded up with a bunch of cookies, tested on BlueKai in advance, to ensure you have something interesting to share if all else fails. The one major caveat with installing a cookie editor and tweaking cookies is that these plugins are not FLOSS and therefore shouldn’t be trusted. It is highly advisable that the browser be contained in a safe and clean overall environment or operating system, such as a virtual machine or a sandboxed browser.
On a demonstration PC, visit BlueKai Registry (http://www.bluekai.com/registry) to show participants what information online advertisers are associating with your browser.
Digital security experts often don’t have browser profiles! So, to demonstrate BlueKai, you might want to build a new profile. This is possible with a cookie editor plug-in for Chrome or Firefox, though be warned: it is potentially unsafe.
Before proceeding to the next step, you may want to take this opportunity to ask participants how accurate the information BlueKai shows them appears to be. Note that, if participants are using rented equipment or devices during the workshop, the profile information is likely to be blank or unrelated to their personal habits.
Introduce the video clip for Vortex - Rachel Law, the student behind Vortex, is a Parsons School of Design graduate who gained attention for her project which allows users to confuse websites by exposing, mining and manually tweaking profile information.
Vortex was also made into a Minecraft-like game, as a means of visualizing its purpose and functionality - the plugin remains a work in progress and might not be released to the public, but it is a great visual representation of how cookies work.
The video is a bit too short to fully describe everything that’s going on with the Vortex plugin, and it might raise more questions than it answers. For an audience that is likely to be utterly confused by the Minecraft reference, stop the video at 2:39 - trainers can then go on to simply describe the second function of Vortex, which is to obtain cookies in order to edit them.
Use this time to take questions and reactions to the activity. Then, break down Vortex and lead participants through a discussion of the activity and the implications of browser profiles: