So, it’s probably hard to believe this, given my user name, but sometimes I want to be sober instead of wasted or possibly overdosing… I do not consider myself to be in recovery or have a drug problem, but today is a bad day, and I feel like sobriety may be a better option than the alternative.
There are generally two options when it comes to recovery from drugs. One is Narcotics Anonymous and one is Smart Recovery. The difference is Narcotics Anonymous involves “high powers” as a step, which I view as religious baloney. Since I hate religion, but also want to be sober, Smart Recovery is the main alternative.
Both of these websites have canvas fingerprint tracking in them.
This is incredibly irresponsible and selfish and dangerous and either is a result of extreme technological ignorance or just willful disregard of people visiting those sites.
Smart Recovery seems to be much worse than NA in terms of data privacy because Smart Recovery is loading up things from content delivery networks and lots of external scripts, none of which likely care about the privacy of someone not wanting to be tracked.
Yes, it’s “great” that NA and Smart Recovery can take a browser fingerprint of users and sell that to Meta who will then market this information to Rehab Facilities. (I’m not sure if that is what they do, but it wouldn’t surprise me.)
But this information also is likely getting sold somehow to data brokers and that information could end up being looked at by a variety of people, including potential employers. If a large employer is looking at a potential employee, they can and often do get detailed information from data brokers. People are incredibly naive as to how much data brokers store about people. It’s irresponsible and certainly not anonymous for these sites to track people like this, claim to be anonymous, and not even warn users prior to fingerprinting their hardware and identity.
Additionally, because na.org and smartrecovery.org are not hospitals or medical providers, this information is likely not HIPPA protected and certainly even if it were we have no way of knowing what data brokers do with these canvas profiles, which almost certainly link to real KYC canvas fingerprint profiles of naive users. And most users are naive users.
It’s also so frustrating because many of these meetings are being done on zoom, so accessing the meeting is done by going to the website and visitors or former addicts or people attending meetings are getting canvas fingerprinted every time. It’s disgusting, appalling, and another example of why it’s just better to keep an addiction secret, try to detox on your own, and try to sober up on your own and stay sober if you can.
It’s just infuriating. Thanks for reading my rant. And you can go to these sites yourself to check out the scripts in them. If I am misstating the privacy risks involved, I’d be happy to be told so.
Well I’m definitely not going to a meeting. Perhaps I can stick with coffee, although it’s pretty late for coffee?
I wish you the very best of success in your recovery efforts. It is a wise man who recognizes issues in his life, and takes steps to mitigate those issues. Much respect and solidarity. I am a recovering alcoholic of over two decades now. Sometimes when I’m at the store and wander by the alcohol isle, I think, ‘Gosh I sure am glad I don’t have to do that anymore.’ While I would never preclude anyone from consuming alcohol, the consumption of alcohol wasn’t my problem. It was that I allowed alcohol to consume me.
Onward and upward brother!
I’m a country coordinator for a SMART Recovery country other than the US.
This is highly unlikely, but I will check this out.
I find the idea that SMART would sell your data highly unlikely. SMART is privacy focused. Nick names are encouraged, you can enter zoom meetings with camera and mic silenced. SMART definitely does not collect personal data, only attendance numbers for internal statistics. SMART accepts donations from recovery organizations, but does not have any obligations towards them.
As I said, I will follow up.
Much of IT is subcontracted, so there may be the origin, and it will be looked into.
BTW, SMART’s Financials are public. You are free to check if there is income from selling your data.
It’s almost certainly some traffic analytics package for the website.
They sound good in their marketing, they provide a bunch of useful statistics about visitors so the site can be tweaked for ease of access or to lower bounce rate.
The downside is that they often have rights to that data under their TOS because aggregation of data from multiple sites is how they provide a service.
The concern is that this data can be used to locate individual people and to learn of their associated identities. This is true even if they claim the data is “anonymized”, it’s a trivially simple process to use a second data set to correlate details and deanonymize the data.
I understand the concern. I also imagine (I want to be optimistic here, maybe naively so) that most websites wants some form of analytics, probably does not code it themselves and instead of relying on aggregate data like a traffic counter of hits (maybe due to crawlers and other bad agents not respecting
robots.txt) then went with somethings fancier. Maybe that fancier tool is trying to mitigate automated traffic with fingerprint detectors.Well, one can understand and still disagree with it. I suggest contacting the administrator of such website with their concern BUT in the meantime, until they actually do act (which might be never) I suggest to start with self-defense and use dedicated tools e.g.
Firefox Enhanced Tracking Protection(you can use a non-Mozilla flavor of Firefox if you prefer) or even more specificallyJShelterwith its Fingerprint Detector.If a large employer is looking at a potential employee, they can and often do get detailed information from data brokers.
I think this is the only thing I disagree with. I’ve never heard of this happening, and I’ve worked at some very large companies that have very strict hiring practices. Even for them, they just pay a company to do a background check, which is basically just looking for a criminal record or sex offender registration. Maybe google their name and glance at their social media profiles.
If you’re concerned about this, I’d just use a separate browser for those sites, so that it’s not connected to the rest of your habits.
And once in a while I have decaf if I have a coffee craving in the evening. It still keeps me up a bit, but I think that’s just the placebo effect. Melatonin helps insomnia for me.
I am not concerned for me. I am concerned for a recovering drug addict who views the website with chrome, then applies to work at target using the same chrome browser.
You’ve said you work at large companies that do strict hiring checks. Do you work in HR? I am not referring to a background check. No offense, but you’re just wrong on this. When a company uses a data broker check and then rejects a candidate, a resume gets thrown in the trash and the candidate is not told why. You are greatly underestimating the privacy risk for someone naive who thinks they are attending something “anonymous.”
"In the data-driven world of today, privacy in the workplace is not confined to what is seen on security cameras or tracked by email monitoring systems. A more subtle and sophisticated threat is developing: shadow employee profiles created with data secretly obtained by external actors. Without employees even knowing they exist, these profiles can impact hiring, promotion, and even termination. What is a Shadow Employee?
A shadow employee profile is a digital file produced without direct permission or knowledge of the employee. It covers data not only from internal systems but also from outside sources such as credit records, online shopping, public databases, and social media activity.
Often working in legally murky areas, third-party data brokers gather, compile, and market this data to companies or background screening companies."
https://time.com/archive/6595428/data-mining-how-companies-now-know-everything-about-you/
from the article from 2010:
" Google’s Ads Preferences believes I’m a guy interested in politics, Asian food, perfume, celebrity gossip, animated movies and crime but who doesn’t care about “books & literature” or “people & society.” (So not true.) Yahoo! has me down as a 36-to-45-year-old male who uses a Mac computer and likes hockey, rap, rock, parenting, recipes, clothes and beauty products; it also thinks I live in New York, even though I moved to Los Angeles more than six years ago. Alliance Data, an enormous data-marketing firm in Texas, knows that I’m a 39-year-old college-educated Jewish male who takes in at least $125,000 a year, makes most of his purchases online and spends an average of only $25 per item. Specifically, it knows that on Jan. 24, 2004, I spent $46 on “low-ticket gifts and merchandise” and that on Oct. 10, 2010, I spent $180 on intimate apparel. It knows about more than 100 purchases in between. Alliance also knows I owe $854,000 on a house built in 1939 that — get this — it thinks has stucco walls. They’re mostly wood siding with a little stucco on the bottom! Idiots."
Mostly because rehab is very profitable and data brokers want that kind of info in your advertising profile just like any other trait that is easy for their customers to exploit for profit.
