Remember Oracle? That one tech company you barely remember hearing about beyond having acquired Java? Well, they’re the reason why Facebook and others are able to spy on you. And they just had a data leak.
Java wasn’t Oracle’s only notable acquisition. Over the last decade, the tech giant spent billions of dollars bringing key technologies under its umbrella to bolster its tracking (read: marketing) prowess.
One such company was called BlueKai, purchased by Oracle in 2014 for around $400 million. If you’ve never heard of it, that’s the point.
BlueKai started out as a service that sells data harvested from cookies. It quickly grew however into a data harvesting and organizing platform.
What BlueKai does, essentially, is take massive amounts of customer data and filter it out into different demographics.
And I’m not just talking about gender, race, and zip code. I’m talking those things plus your income level, plus your purchase history, plus your political views, plus your grandma’s political views, plus what sports your kids play, plus where your wife is at in her menstrual cycle, plus your secret fetishes. Everything. Everything.
This is the reason for the old wive’s tale that if you’re alone in the woods and you whisper something, Facebook will show you ads for it. Now while it could be the case that your microphone is indeed being used, it really isn’t necessary.
These big data profiling tools have gotten so sophisticated that, with everything they know about you, they’re able to make highly accurate predictions about what you’d be interested in. Every now and then they hit the nail on the head, and it creeps us out. Because a machine knew what we wanted before we did.
Anyway, that’s enough gloom.
On June 19th, a database full of BlueKai’s data was discovered on an unsecure server. Reporters from TechCrunch have checked the data and sure enough, they found all manner of harvested data. Down to browsing history and purchases.
Oracle was alerted to the issue and determined that these servers were misconfigured by third party companies. They also said they’ll take additional measures to avoid a recurrence. They didn’t disclose the identity of the two companies, but reportedly the sheer size of the database makes it one of the largest security lapses this year.
The fact that Oracle has this data and sells access to any interested advertisers is still tremendously troubling in and of itself.
Bennett Cyphers, staff technologist at the Electronic Frontier Foundation, said “There’s really no telling how revealing some of this data can be.”
Big tech companies like Facebook, Twitter, Microsoft, and Amazon can greatly leverage this data by combining it with their own treasure troves of personal data. Whatever is missing on either side is completed by the other. Before you know it, you’ve got a complete and thorough “marketing profile” on millions of people.
If you’re struggling to wrap your head around how it’s even possible to gather all this data, here’s an example. BlueKai uses invisible pixel-sized images on webpages that collect information about your system and network connection automatically as you load the page.
This information may not seem significant, but it acts as your digital “fingerprint”. If BlueKai then picks up your fingerprint using another IP address, they’ll know you’re using a VPN.
So if you visit a website dedicated to say, trucks, the tracking pixel reports back to BlueKai not just your fingerprint, but also that you’re interested in cars. If you happen to sign up for a user account or a newsletter, that just helps them tie this data to your identity.
All of the aforementioned tech companies, among others, have used BlueKai’s services in the past. BlueKai’s “Partners” page has since been taken down, and the entire domain now redirects to a one page site on Oracle’s main website.
What often makes people give up on their privacy all together is that you can’t do enough on a personal level to protect it. That said, combining several tools like tracker blockers, VPN, and incognito mode can go a long way.