Trackers from Google are built into a number of official Russian electronic resources
Google is not what
J. Assange seems to be
I preface the text with a quote from the notorious comrade J. Assange, who published the book When Google Met WikiLeaks , which describes some facts and features of the close interaction of this company with the US government / intelligence agencies.
The article provides an express analysis of a number of official Russian resources for the presence of third-party foreign trackers, taking into account the fact that in the modern world some resources are not worth using software that can “fish out” information about Russian users and their behavior and a priori transfer them to “ foreign "servers.
A March article by Cookiebot, "Ad Tech Surveillance on the Public Sector Web", confirms that over 89% of EU government websites (belgium.be, gov.bg, gov.uk, etc.) contain third-party trackers, of which 82% from Google. A lot of EU resources related to health issues and the processing of personal, fairly confidential and sensitive issues (pregnancy, cancer, AIDS, mental illness ...) also contain many trackers, which contradicts not only moral standards, but also the EU law on the processing of personal data GDPR (this allows third-party companies to conclude that a user probably has certain problems or secrets that he thinks he keeps secret).
An ancient story is known about how a store learned about the pregnancy of a schoolgirl user on the basis of indirect signs of her activity on the Internet and sent her the appropriate advertising coupons that her dad got out and started a scandal in the store. Since then, technology has stepped forward, as they say.
In general, foreign companies, including comrades from Google, dominate not only in the EU, but throughout the world. This is proved by the article "Tracking the Trackers: Analyzing the global tracking landscape with GhostRank", which analyzes the dominance of various trackers in the world based on the study of 144 million web pages of resources of 12 countries, including Russia. Trackers are also located on 77.4 percent of the pages studied and allow you to track user activity, get some data about him and save his actions. Moreover, the overwhelming number of trackers are of foreign origin.
In this regard, I was interested in "... and what about us?" And I decided to conduct, as I wrote above, an express analysis of some official Russian resources for the presence of third-party trackers, believing that it is not worthwhile for state resources to use software, especially foreign ones, which can "fish out" information about Russian users and the features of their behavior and a priori transfer them to "foreign" servers.
The addresses of some government resources are from here . Investigated sites of the Kremlin , the Government , the Federal Security Service , Foreign Intelligence Service , Ministry of Interior, Traffic Police, Ministry of Defense , Rosgvardii , MOE , public services , the Ministry of Communications , Ministry of Foreign Affairs , Ministry of Energy , Rostelecom and Roskomnadzor .
I specifically note that such an analysis does not imply active actions on the site, extensions passively analyze the information that my browser exchanges with the site and notes the presence of a “third party” tracker - this software does not “break” sites.
To organize information about trackers, I compiled a table indicating their availability on the studied resources (the data is simplified and “combed” (for example, yandex.ru and not mc.yandex.ru), who needs more details, can check with the help of extensions and other software).
Moreover, on different pages of the site there is a different set of trackers, which complicates their description.
The purpose of the article is not a detailed description of the facts of the existence of each type of tracker on each resource (this is a task for the whole study a la Cookiebot), but an assessment of how we are in the situation with the provision of data on visitors of state resources to a foreign third party.
The main trackers found on the resource are listed in the table (on the start or other main pages, while there may be more, but they belong to the same owner). Also recall that doubleclick = google
|Ministry of Internal Affairs||yandex.ru sputnik.ru||twitter.com|
|STSI||sputnik.ru||google.com (hidden recapcha)|
|Ministry of Defense||yandex.ru mail.ru rambler.ru||google-analytics.com googletagmamanger.com|
|Ministry of Emergencies||yandex.ru mail.ru rambler.ru||doubleclick.net google.com|
|Ministry of Communications||yandex.ru sputnik.ru|
|Ministry of Energy||yandex.ru sputnik.ru|
|Rostelecom||yandex.ru mail.ru||google.com Twitter, Facebook|
In order not to seem unfounded, I’ll describe what, for example, the Ministry of Defense’s website sends to Google about a user who has logged in to calculate payments by an online calculator on the website’s page (some fields are converted from a formalized view to a readable one)
www.google-analytics.com utmwv=5.7.2 версия трекера utms=6 количество запросов, сделанных в пределах одной сессии utmn=2140646854 сгенерированный идентификатор utmhn=mil.ru сайт utmcs=UTF-8 формат utmsr=1920x1080 разрешение экрана utmvp=1900x962 разрешение окна utmsc=24-bit глубина цвета utmul=ru-ru раскладка utmdt= Калькулятор расчета субсидии для приобретения или строительства жилого помещения ... страница сайта, на которой находится пользователь utmhid=818112135 сгенерированный идентификатор utmp=/files/files/calc/ адрес посещенной страницы utmht=13.04.2019 @ 13:30:13 дата/время посещения utmac=UA-22580751-2 идентификатор аккаунта utmcc=__utma%3D261091234.889931234.1543171234.1543171234.1554661234.2%3B%2B__utmz%3D261091234.1543171234.1.1.utmcsr …… набор Google-куков, содержащих хеш домена, уникальный идентификатор пользователя, дата первого посещения ресурса, текущего посещения и некоторую другую информацию utmu=qAAAAAAAAAAAAAAAAAAAAAEE~ служебная информация
Theoretically, Google, due to the fact that there is a tracker on the site of our defense ministry, is able to bind the visitor’s id of this site to other data available on this id (what other resources does it visit, what is it interested in, “google”, what is the mail address on gmail , if any, correspondence texts, etc.). This is about "foreign trackers."
About collecting user data, it’s interesting and fairly detailed in the Google Data Collection article
Thanks to the mail.ru tracker, the same Ministry of Emergency Situations already knows the mailbox on the mail.ru domain of a person who visited the Ministry of Emergencies without demand, if it had already visited its mail.
content 3001305176a4f5483561246431b434566545876b164541: firstname.lastname@example.org:
In general, the situation is not so bad. The main thing is that there is no Kremlin, and Roskomnadzor did not disappoint. The main government resources do not use trackers or use Russian-made from mail.ru, sputnik and Yandex.
I am surprised about the resources on which foreign trackers are found. On the one hand, there are constant statements that information security is extremely important and some figures make it paranoia, blocking everything that gets into it, and on the other, there is an “enemy” code on official resources. Just in case, I checked the defense ministries of some other countries (this is faster than looking for an analogue of foreign analogues of the Ministry of Emergencies) for the presence of Russian trackers.
|USA||google analytics, gstatic, addthis, etc.|
|Great Britain||google analytics|
|Poland||googletagmananger, gstatic, cloudflare|
|Ukraine||google analytics doubleclick|
|Georgia||google analytics doubleclick|
|Belarus||googletagmananger, bitrix, yandex|
In this regard, I was visited by the muse - the idea that this is the basis for compiling "IT-psychological" portraits of states, because:
- The West uses exclusively its trackers;
- Georgia and Ukraine - use trackers from Google;
- Germany, in view of discipline in all respects (ordnung und disziplin), including information security, like China, does not contain trackers;
- The CIS (like us) does not disdain both Russian and American trackers (except for Ukraine and Georgia, which prefers only the Western one and gets rid of everything Russian).
In the place of the administrators of our resources, I would still remove the superfluous, following the example of the Kremlin, the SVR and the FSB, etc. And Yandex is enough for traffic analytics, etc.
DoubleClick (uses 1.6 million sites in the world) - similarly, but defines a unique device for switching contextual advertising to another resource.
Yandex - metric (web visor) - address and name of the visited web resource page, browser and device information, current location (by IP), language layout, data on user behavior on the web resource (including mouse movements, pages).
You can check how Wikileaks, EFF and others relate to the safety of their visitors regarding the placement of third-party trackers yourself.
Respectfully. There are no trackers