Simply put, individual employees are being tracked pretty much everywhere they go online or in real life. Digital trackers collect not just the websites employees visit and the apps they use, but also collect location, unique identifiers, name, phone, address, email, name of employer, purchases, and more.
All this data is amassed by data brokers and advertising technology companies into a highly personal profile, which is analyzed and categorized via algorithm. Individuals are chopped up into millions of segments that not only allow hyper-targeting of advertisements but allow bad actors to use this data to hyper-target their attacks.
Armed with intimate real-time and historical data about their specific targets, attackers are able to launch customized attacks that are much more successful than typical mass targeted campaigns. Attacks are varied but may include highly-targeted spearphishing, watering holes, social engineering, malicious content aimed at individuals or their friends, family, personal contacts, or coworkers, and even direct blackmail.
Despite all the regulations and privacy marketing done by phone makers, the problem persists because there are hundreds of billions and even trillions of dollars to be made from collection of user data. It only takes common sense to conclude that the more data attackers have about your employees, the more successful they will be in breaching your organization. Individual employees are the weak link in your organization’s security.
As our tracker protection policy states, Disconnect defines tracking as the collection of data regarding a particular user's or device's activity across multiple websites or applications that aren’t owned by the data collector, and the retention, use or sharing of that data. We will also classify as trackers domains which collect, share, retain, or use data to enable tracking by other services.
Our definition focuses on third-party data collection AND retention. So, for example, our tracker definition doesn’t apply to sites that log an IP address but don’t save that information in a database. And the collection must be across context, so our tracker definition also doesn’t apply to cases where there is solely a first-party relationship with the user, for example the site only collects and retains information on site visitors. Finally, our definition also focuses on particular users and devices, so data that is immediately aggregated doesn’t apply.
According to independent studies, trackers appear on over 90% of apps and websites, and in 70% of emails. Some trackers are integrated into apps via Software Developer Kits (SDKs), while other trackers are integrated via cookies, JavaScript, or other internet technologies. Many web and app developers rely on companies that track users to report analytics, to serve advertising, images, videos, or other functionality. The reality is that trackers are pretty much everywhere employees go online.
The data broker ecosystem includes massive corporate advertising platforms and thousands of other companies, that most people have never heard of, which make collecting user information their business. These big and small companies collect, analyze, and share digital profiles that include highly sensitive data about specific users’ online and offline activities.
Data about browsing habits, search history, videos watched, purchases made, detailed location data, and more are combined and correlated with a user’s real identity, legal name, address, employer, and other offline information that has been collected for decades by people finder services, the whitepages, real estate databases, mailing lists, and other real world data services. User interaction with businesses, whether they be websites, apps, or brick and mortar stores, are incredibly valuable information.
Advertisers, marketers, government actors, politicians, and other parties, are willing to pay for access to detailed user profiles, so the data broker market continues to grow and evolve despite attempts to regulate.
There are many ways that criminals and state-sponsored actors gain access to sensitive and personally identifiable profile data. Perhaps the most commonplace route is through the advertising ecosystem, including Real Time Bidding (RTB). Through RTB, the top ad platforms allow advertisers to target based on over one million data segments. These detailed segments include incredibly personal information, such as health, financial, precise location, sexual activity, and other sensitive data.
RTB and other ad tech data regularly includes location data, time-stamps, and other identifiers that make it easy for data brokers to link these detailed segments to specific individuals. When consumers click on ads targeted to these segments, thousands of ad serving companies (Demand Side Platforms) obtain unique identifiers coupled with the targeting data. The DSPs retain, combine, and share this data with countless third-parties. Foreign states and non-state actors use RTB to track and target specific individuals and organizations, focusing on individuals’ with compromising issues relating to finances, health, or information they would likely want to be kept secret.
Our tracker protection lists are created by scanning and mapping network requests found in millions of websites, apps, and emails. We then utilize AI and other methods to analyze the dataset and identify potential “trackers” defined according to our policy. Potential trackers are then processed for both technical and policy review. Positive results are subject to compatibility tests and categorized. Our protection lists are recognized as the best in the industry and are currently powering privacy for over 750 million users
We power the default level of privacy protection for over 750 million users through integrations, including the Microsoft Edge and Mozilla Firefox browsers. We have unique insight into the tracker ecosystem and have developed detailed policies and sophisticated technology to develop the most robust, effective, and efficient database of third-party threats available. CPP also offers many customizations so that you are able to deploy the level of protection that is appropriate for your organization as a whole and for specific groups, users, locations, and types of traffic.
Our core architecture principle is to minimize or often eliminate access to customer data and infrastructure. Our solutions are architected not only to protect your employees from privacy and security threats, but to support your organization’s security architecture principles and compliance program.
The CPP Enterprise Bundle (also referred to as “CPP Bundle”, “CPP Enterprise”, or “CPP Enterprise Protection Lists”) is Disconnect’s Cloud Privacy Plus (CPP) Enterprise Bundle, a product that provides customers with access to Disconnect’s list-based tracker protection for the purpose of protecting a customer’s employees from trackers found in websites, apps, and/or emails. This product includes access to our list-based protection, which we typically provide via API, endpoint, file format (json, csv, etc.), or configuration profiles. The CPP Enterprise Bundle may be integrated into a customer’s existing security or technology infrastructure in a variety of ways, including but not limited to, integration in the customer’s security platform, gateway, firewall, URL filter, Mobile Device Management solution, DNS, VPN, hardware, and more.
CPP Browser Extension is Disconnect’s Browser Extension for Chromium based browsers, which may be integrated into a customer’s existing enterprise browser via the admin panel or delivered via a web store for the purpose of protecting customer’s employees from trackers found in websites.
CPP for Work App is Disconnect’s Cloud Privacy Plus for Work, a DNS-based application for mobile devices, which may be integrated into a customer’s existing enterprise MDM provider, or installed via an app store for the purpose of protecting customer’s employees from trackers found in websites, apps, and emails.
Since 2011, Disconnect has been a pioneer in the field of tracker protection. We have built award-winning products that have been directly installed by over 10 million people and our tracker protection lists power privacy for over 750 million people. Our technical research has been featured in prominent investigative reports by dozens of leading publications and media organizations, including The Washington Post, The New York Times, The Wall Street Journal, NBC News, The Today Show, 60 Minutes, Wired, Consumer Reports, and many others. Our business is privacy, and more specifically protecting people from unwanted tracking.
©2024 Disconnect, Inc. All rights reserved. Disconnect™ and Cloud Privacy Plus™ are registered trademarks or service marks of Disconnect, Inc. in the United States and/or other countries.