Presidential Campaigns Leak Supporters' Info To Tracking Firms

← Back to Stories (view on slashdot.org)

Presidential Campaigns Leak Supporters' Info To Tracking Firms

Posted by timothy on Thursday November 1, 2012 @10:04AM from the incompetence-or-incontinence dept.

Peter Eckersley writes "Stanford privacy researcher Jonathan Mayer has published new research showing that websites of both the Obama and Romney presidential campaigns, which are used to communicate with and coordinate their volunteers, leak large amounts of private information to third-party online tracking firms. The Obama campaign site leaked names, usernames, zip codes and street addresses to up to ten companies. The Romney campaign site leaked names, zip codes and partial email addresses to up to thirteen firms."

67 comments

Min score:

Reason:

Sort:

Leak? by amicusNYCL · 2012-11-01 10:07 · Score: 4, Insightful

That's not so much a "leak", and more of a "take this". They probably even get paid for it.

--
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
1. Re:Leak? by postbigbang · 2012-11-01 10:13 · Score: 4, Interesting
  
  One side of me says:
  Prosecute the fuckers, no matter who they are.
  The other, more dark side says:
  Same old stuff, different day.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
2. Re:Leak? by Anonymous Coward · 2012-11-01 10:58 · Score: 0
  
  Have to agree here. There is a huge difference between a 'leak' and a contract that you get paid for. The tracking code was not surreptitiously placed on those sites.
  Whenever I see stories like this the anger is always directed at the trackers, never at the folks that contracted with the trackers. I don't think any politician or political candidate follows the "don't be evil" mantra.
3. Re:Leak? by Anonymous Coward · 2012-11-01 12:21 · Score: 0
  
  The browser has been constructed specifically to allow and encourage this type of data collection and/or identification. Microsoft has ALWAYS done their utmost to encourage 'users' to provide as much information about themselves and facilitated data capture for anyone who owns and operates a website.
  The goal may not have been specifically naming individuals in order to find them in meat space, but it was certainly to be able to track and measure individuals in order to gather and parse demographics and marketing efforts and consumer trends. The entire analytics market has grown up around this type of information.
  Do consumers care? Before you can ask them in order to get an answer, you'd have to educate them. And in order to inspire the kind of outrage espoused by the EFF, you'd have to convince people there's an evil, or at least potentially detrimental, downside.
  Good luck with that. I didn't hear much outrage when Rich Perry stated that he'd be dismantling the EPA if he were elected president. And when the FDA went all commercial, with fast tracking, no one seemed to do much more than shrug.
  Scott McNeally set the tone when he stated that, "You have zero privacy anyway. Get over it."
  So... do something or... Get over it, already.
Romney wins! by irbishop · 2012-11-01 10:14 · Score: 0

Romney out performs Obama yet again
1. Re:Romney wins! by Nemesisghost · 2012-11-01 10:16 · Score: 3, Informative
  
  Only in number of firms. Obama leaked more info.
2. Re:Romney wins! by Score+Whore · 2012-11-01 10:17 · Score: 2
  
  One would think that leaking less is out performing. Apparently presidents are like gaskets. Or sphincters. Take from that what you will.
3. Re:Romney wins! by fustakrakich · 2012-11-01 10:25 · Score: 1
  
  I think I'd rather blow a gasket.
  
  --
  “He’s not deformed, he’s just drunk!”
4. Re:Romney wins! by ganjadude · 2012-11-01 12:15 · Score: 2
  
  monica?
  
  --
  have you seen my sig? there are many others like it but none that are the same
5. Re:Romney wins! by cyberchondriac · 2012-11-02 02:40 · Score: 3, Funny
  
  So that's what Obama meant when he promised more transparency in government!
  
  --
  
  Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
Money money money... by sirmonkey · 2012-11-01 10:15 · Score: 0

MONEYYYY
'merica wooo

--
bored? try this http://jadmadi.net/blog/2005/01/27/linux-wine-how-to-running-windows-viruses-with-wine/
1. Re:Money money money... by CanHasDIY · 2012-11-01 10:23 · Score: 1
  
  MONEYYYY
  'Merica - FUCK YEA!
  
  FTFY.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
2. Re:Money money money... by sirmonkey · 2012-11-01 10:40 · Score: 0
  
  i apologize for my understatement
  
  --
  bored? try this http://jadmadi.net/blog/2005/01/27/linux-wine-how-to-running-windows-viruses-with-wine/
Holy Mailing Ads by GeneralTurgidson · 2012-11-01 10:16 · Score: 0, Offtopic

Obama and Romney have been sending me 12 page full color magazines daily for the past twelve weeks. I think there comes a point when campaign money should be capped.
1. Re:Holy Mailing Ads by Anonymous Coward · 2012-11-01 10:17 · Score: 2, Funny
  
  Do you live in Ohio or something?
2. Re:Holy Mailing Ads by cheater512 · 2012-11-01 10:32 · Score: 1
  
  How do you think the US debt clock got so high?
  Politicians think it is a game and the debt clock is showing their score.
3. Re:Holy Mailing Ads by Nostromo21 · 2012-11-01 10:49 · Score: 1
  
  I'd like to suggest $0 as a starting point & we can dutch auction our way down from there. Sounds good?
  (it would make a refreshing change if the fuckers just sent us the money directly for our votes, don't you think...? :)
4. Re:Holy Mailing Ads by Anonymous Coward · 2012-11-01 10:50 · Score: 0
  
  Yes the debt is too high. And I'm also in favor of campaign finance reform.
  But the one has nothing to do with the other.
  They are spending donated money, not public money.
  But don't let me interrupt your righteous outrage. Preach on.
5. Re:Holy Mailing Ads by Anonymous Coward · 2012-11-01 11:17 · Score: 1
  
  Obama and Romney have been sending me 12 page full color magazines daily for the past twelve weeks. I think there comes a point when campaign money should be capped.
  Consider yourself lucky. I get nothing. You know why? Because my vote doesn't count. I'm not in a swing state. My state is poling 55 to 40%. Your vote counts, mine is just noise.
6. Re:Holy Mailing Ads by Anonymous Coward · 2012-11-01 11:19 · Score: 0
  
  Obama and Romney have been sending me 12 page full color magazines daily for the past twelve weeks. I think there comes a point when campaign money should be capped.
  Then cap the power of government - that's what all the donors are paying for - a bit of control over that power.
7. Re:Holy Mailing Ads by SolitaryMan · 2012-11-01 12:00 · Score: 2
  
  Vote for "The debt is too damn high" party.
  
  --
  May Peace Prevail On Earth
8. Re:Holy Mailing Ads by Anonymous Coward · 2012-11-01 12:19 · Score: 0
  
  I too am not in a swing state. Romney's got my state guaranteed. And since I'm no fan of Romney, no matter who I vote for, I'm voting for a "loser". So I may as well pick a third party, preferably the one that others are most likely to vote for. It won't change who gets my state this year, but maybe if enough other Obama supporters realize they are "throwing their votes away" by voting democrat, and decide to do the same, then other people will start to notice, and maybe next election we might see some real change.
9. Re:Holy Mailing Ads by cheater512 · 2012-11-01 13:02 · Score: 1
  
  But they always get low scores.
10. Re:Holy Mailing Ads by cheater512 · 2012-11-01 13:03 · Score: 2
  
  Hey I'm Aussie. I just took the opportunity.
  If they do that with donated money, what do they do with tax money?
11. Re:Holy Mailing Ads by lightknight · 2012-11-01 14:01 · Score: 1
  
  I was thinking something involving two blonds and a midget.
  
  --
  I am John Hurt.
There oughtta be a law... by msauve · 2012-11-01 10:19 · Score: 4, Insightful

but, considering that congresscritters exempted themselves from the Do Not Call phone list, it will never happen. We don't have a representative government, but one made of people who think they're better than those they supposedly represent.

--
"National Security is the chief cause of national insecurity." - Celine's First Law
1. Re:There oughtta be a law... by Hillgiant · 2012-11-01 10:53 · Score: 1, Insightful
  
  Maybe I am the odd one. I WANT someone better than me in office.
  
  --
  -
2. Re:There oughtta be a law... by msauve · 2012-11-01 11:14 · Score: 2
  
  I want someone in office who's so incompetent they can't get anything done. Less government is better government.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
3. Re:There oughtta be a law... by Anonymous Coward · 2012-11-01 11:24 · Score: 0
  
  There is a sizable divide between "want" and "have."
4. Re:There oughtta be a law... by ganjadude · 2012-11-01 12:17 · Score: 1
  
  But you dont want someone so incompetent that they get too much of nothing done, than you get...well... look around for the past 12 years
  
  --
  have you seen my sig? there are many others like it but none that are the same
5. Re:There oughtta be a law... by Anonymous Coward · 2012-11-01 12:25 · Score: 0
  
  No. How can they represent you if you cut the lines of communication? Their phone lines are open, you're welcome to call at any time. Newspapers are failing. News networks suck. God only knows how the postal service will fare in the coming decades. They have to get their message to you, so what the hell do you suggest?
6. Re:There oughtta be a law... by Anonymous Coward · 2012-11-01 12:29 · Score: 0
  
  What you actually get are greedy morons who simply THINK they're better. If that's enough for you, well, congratulations your government has been here all along.
7. Re:There oughtta be a law... by jd2112 · 2012-11-01 13:07 · Score: 1
  
  Good luck with that. Politics are a great example of the Peter Principle in action.
  
  --
  Any insufficiently advanced magic is indistinguishable from technology.
8. Re:There oughtta be a law... by Anonymous Coward · 2012-11-01 13:07 · Score: 2, Insightful
  
  I want someone in office who's so incompetent they can't get anything done. Less government is better government.
  That's quite a simplistic view on how societies work. Why don't you put your money where your mouth is, there are regions in the world with hardly any goverment at all, move there to see how you like it. Waziristan in Pakistan comes to mind, or some regions in Africa, in Somalia or some parts of the Democratic Republic of the Congo, for instance.
9. Re:There oughtta be a law... by jd2112 · 2012-11-01 13:11 · Score: 1
  
  Good idea, but you also need to make sure there is a fairly even split between parties to avoid "all the idiots are on the same side" issues.
  
  --
  Any insufficiently advanced magic is indistinguishable from technology.
10. Re:There oughtta be a law... by Anonymous Coward · 2012-11-01 14:05 · Score: 0
  
  You have your wish on the incompetence part but it's not that nothing gets done, it's that what gets done is for corporate interests.
Ghostery by Anonymous Coward · 2012-11-01 10:20 · Score: 1

If you want to know which trackers are in use on a page, install Ghostery
I also run AdBlock Plus and NoScript.
Any other plug-ins that I'm missing?
1. Re:Ghostery by CanHasDIY · 2012-11-01 10:25 · Score: 1
  
  I've had good luck with Do Not Track Plus for Chrome.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
2. Re:Ghostery by Anonymous Coward · 2012-11-01 10:42 · Score: 0
  
  The tracking sites probably filter out activity where AdBlock and NoScript is in use. A more amusing tactic might be a Greasemonkey Cookie Injector.
3. Re:Ghostery by Anonymous Coward · 2012-11-01 12:07 · Score: 0
  
  and hide ip easy, and I am sure that some of these peeps out there could do some wiced scripts for grease money... thats beyond me nut just a suggestion... poison the well as much as you can...
4. Re:Ghostery by Anonymous Coward · 2012-11-01 18:22 · Score: 0
  
  An even better solution, if you know how computers work, is to setup your own firewall (e.g. a dedicated OpenBSD-box) blocking all communication to and from Google (including _all_ their domains and IP-ranges) as well as other tracking websites. Thinking that blacklisting a single image or .js file from a server is enough to protect you is extremely naive.
5. Re:Ghostery by Anonymous Coward · 2012-11-01 18:24 · Score: 0
  
  That sounds like a great idea! Finally you can give a single marketing company monopoly of all your information to do with as they wish.
6. Re:Ghostery by Anonymous Coward · 2012-11-02 02:55 · Score: 0
  
  If you are on Firefox, you can stop cross-site requests all together with Request Policy (http://requestpolicy.com).
Not real "leaking" by Coolhand2120 · 2012-11-01 10:23 · Score: 5, Informative

This isn't leaking in the traditional since that someone is giving databases of information to 3rd parties. The leaking going on here has to do with GET requests to their respective web sites containing identifying information in the URL. This is probably unintentional and may not even be occurring at all since a lot of the pages use SSL and the URLs are encrypted. Of course internal analytic software can (and probably does) retain the URLs, but that's hardly "leaking" information to 3rd parties. If I was using a pay-for analytics suite and found that the people I'm paying were looking at my private information (tracking data) I would be pretty pissed off and might even consider legal action.

TLDR: No "leaking" going on here. The headline does not match the content of the article.
1. Re:Not real "leaking" by OneAhead · 2012-11-01 10:57 · Score: 1
  
  Mostly agreed, except that they could be a bit more careful to either have no identifiable account information in the URL or not have trackers on pages that contain account information; preferably both. What would be a better term than "leaking" for this blatant disregard of basic security practices? (That's not a rhetorical question - more an attempt to start a lame semantic discussion.)
  
  BTW, this, boys and girls, is why you should never browse without a decent script blocker. The revenue and sustainability of ad-supported sites is secondary to your privacy - or so I believe.
2. Re:Not real "leaking" by Anonymous Coward · 2012-11-01 11:13 · Score: 0
  
  that is pretty much how tracking works. You put your identifying information in the url for the tracking pixel. From what I recall they are supposed to take the first name, categorize it as male or female and then throw it away... lord only knows who really does that and who stores everything.
3. Re:Not real "leaking" by Anonymous Coward · 2012-11-01 13:55 · Score: 0
  
  I recall a time when Yahoo mail stored the password in the URL circa 1999, probably back before they even adopted javascript. Yes, nowadays any webmail service requires it. In any case, with these urls, you'd think voting is secret. Just wait till data starts leaking outside of monetary interests, allowing malicious agents to start outing certain potential voters in some... intolerant cities.
4. Re:Not real "leaking" by fulldecent · 2012-11-02 00:56 · Score: 1
  
  ** If I was using a pay-for analytics suite and found that the people I'm paying were looking at my private information (tracking data) I would be pretty pissed off and might even consider legal action. TLDR: No "leaking" going on here. **
  In the information world, what is leaked cannot be unleaked. Whether used or not, the information got out, this is a leak.
  
  --
  -- I was raised on the command line, bitch
5. Re:Not real "leaking" by Coolhand2120 · 2012-11-02 03:54 · Score: 1
  
  My only point was that the article title implied that the campaigns, or members of the campaigns, where giving the information to third parties intentionally in nice CSV files. When people say "leak" in the context "campaign" that's what they think. This is a leak in the since that your sink has a leak, not that someone in the campaign is leaking information. The context makes a big difference. The use of the word is hyperbolic.
6. Re:Not real "leaking" by fulldecent · 2012-11-03 18:56 · Score: 1
  
  I ran into this same situation with a large investment bank:
  http://privacylog.blogspot.com/search/?q=portfolio
  If they have valuable information and are leaking it... and refuse to fix this problem then hyperbole is warranted and I call this sale of private data.
  
  --
  -- I was raised on the command line, bitch
Of all the reasons I don't support either... by cervesaebraciator · 2012-11-01 10:51 · Score: 2

Of all the reasons I don't support either candidate, of all the ways either candidate is apt to violate my privacy, this is the least.
Still, I'll add it to the list.
I'm paying for one of those. by Anonymous Coward · 2012-11-01 12:22 · Score: 0

You'd better read it. *shakefist*
The Founding Fathers exempted Congress by stomv · 2012-11-01 12:26 · Score: 0

Without a political call exemption, the law would have been thrown out under the First Amendment of the Constitution. You know,
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
Don't like it? Amend the US Constitution. Good luck with that.

--
Support a few technologists in Washington.
1. Re:The Founding Fathers exempted Congress by msauve · 2012-11-01 12:35 · Score: 1
  
  "Without a political call exemption, the law would have been thrown out under the First Amendment of the Constitution."
  
  Somehow, I think you really believe that. "Free speech" includes freedom _from_ speech, The DNCL is a voluntary, opt-in system. No one has any Constitutional right to contact me via a service for which I'm paying. It's not clear why you think political speech has special dispensation - there's nothing in the Constitution about what types of speech are covered.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
2. Re:The Founding Fathers exempted Congress by frdmfghtr · 2012-11-01 12:46 · Score: 1
  
  How does a political exemption get the Do Not Call law past the Constitution? One's right to free speech doesn't obligate me to listen to it.
  
  --
  Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
3. Re:The Founding Fathers exempted Congress by Anonymous Coward · 2012-11-01 14:29 · Score: 0
  
  No, there is no freedom from speech. You cannot "opt out" of protesters talking to you outside of an abortion clinic.
What's the problem by Anonymous Coward · 2012-11-01 13:06 · Score: 0

If a citizen decides to give their details to the party of their choice why would they worry when that party receives the information? Could they be under the impression that their party is not the amalgamation of a dozen or so corporations?
For a democracy, this would be a story. But for a corporatocracy I just don't see the problem.
Why is it called a leak? by Anonymous Coward · 2012-11-01 13:23 · Score: 0

Why is it called a leak?
A leak means something unintended. Like a leaky faucet, or an engine leaking oil. You don't intend for that to happen, but it does.
Or for information, a leak is when an insider betrays the organization they work for, and secretly releases confidential information to the public.
This is not a leak. This is a blatant and pre-meditated handover of information, to 3rd party organizations.
They gave out the usernames of people? Why didn't they just give out their passwords as well?
Not really leaking by Anonymous Coward · 2012-11-01 13:58 · Score: 0

I suspect the reason they do it this way is for their emails campaigns, they also have the donation options in the query string as well. Doing it this way, you don't have to hit the database, imagine the email campaigns both parties are doing.
Security by uvajed_ekil · 2012-11-01 17:08 · Score: 1

This is why I only donate through my own tiny 503(c)(4), sometimes by way of a sham 501(c)(3), so it is much easier to obscure my name. Seriously, I like to support the candidates I like, but I don't necessarily want them screwing around with my contact information or bugging me at home, so I do it as anonymously as possible.

--
This is a hacked account, for which the owner can not be held responsible.
Charities Do Same Thing by retroworks · 2012-11-01 21:00 · Score: 1

If I'm not mistaken, Red Cross, CARE, Oxfam, etc. do this, in fact I'm not sure who doesn't. (Mommy, I'm tired of Bronco Bama and Mitt Romney on Slashdot.)

--
Gently reply
Well, they deserverved it. by Anonymous Coward · 2012-11-02 02:10 · Score: 0

In short: people dumb enough to donate^H^H^H^H^H^Hlose their time and effort to either of those two sockppets in a corporate reality show called "presidential campaign" have been sold like a bunch of lambs for a few bucks. Whatever.
Reminds me of when I was a victim of wikileaks. by Anonymous Coward · 2012-11-02 02:51 · Score: 0

Once I received and email from wikileaks telling me the reason I received the email because I was on a list of GOP supporters. They were so over confident and basically told me "HA, you're a GOP supporter and we're outing you". I was on that GOP supporter list because I am a libertarian so naturally I would be much more interested in the GOP fiscal policy than any dem fiscal policy. Sort of like the Communist Party of the United State endorsing Obama because his regime's policies are much closer aligned to the CPUSA's agenda than the GOP's agenda, LOL
Well, since I am for responsible spending, small government, lowest cronyism as possible, non-redistibution of wealth (STEALING) and many other philosophies that are closely aligned with the constitution, the constitution framers and the founding fathers, I have no other conclusion that wikileaks is against these things and thus are included in the most infamous, anti-American and anti-patriotism groups that currently exist, in or outside of our borders. Which, by the way, inherently makes them a serious threat to national security.
Thank you, wikileaks, for outing yourselves!!! LOL
Tips for privacy and security by R3nCi · 2012-11-02 20:44 · Score: 1

Here is an excellent collection of resources and tools relating to security and privacy on the internet, courtesy of Tunafish at the CrunchBang Linux discussion forums. Those who want to take a slightly more 'proactive' stance against the collection of their information should find this worthwhile reading.