The revelations that Facebook had lazily slathered user data around, and that Cambridge Analytica had weaponized it, shocked the world in 2018. It will likely be a turning point for how all of us think about sharing data online, but despite the discussions raised about privacy, we're still not talking about a bigger problem: the very news sites reporting on these scandals are slathering your movements online everywhere.

It's been great to watch the media start taking data breaches seriously, and begin reporting on it regularly, but the hypocrisy is flabbergasting. Most news companies, including the startups, send information about you to a slurry of ad networks, social networks, and other platforms, while simultaneously telling you about the importance of privacy.

Here's an example: The Verge, reporting in February about app makers sharing personal information with Facebook but not telling their users sends information about you to more than 90 unique domains when you open it. Why does it need to do that? It's unclear from the Vox website what purpose these tags serve, or how they affect me as a user—it just all happens transparently behind the scenes.


The list includes Facebook, Twitter Ads, Outbrain, Amazon Ads, Google Ads, Scorecard Research and many more. The irony is palpable, but do they care? I'll go out on a limb here and say that the money they get from ads is more important.

When you're signed into your Facebook account, or any other social media tool, this practice allows these companies to associate your travels around the web with your profile. Facebook then knows what you're reading, the products you're looking at, or the topics you're interested in—and the news sites are just giving it to them directly.

This is when I started wondering: how do the other big players reporting on these big data breach stories fare? Here's a short sample of how these sites are doing, and the worst of the bunch:

The New York Times' original story about Cambridge Analytica, blowing the lid off the scandal: 30 trackers, including Yahoo, Facebook, Twitter Ads, Google Ads, Pinterest, Oracle, and, strangely enough, Snapchat. Here's your data breach, served with an extra side of tracking!

The Guardian's story, launched alongside the NYT coverage, about the same scandal: 22 trackers including Facebook, Twitter Ads, YouTube, Scorecard Research, Google Ads and so on. Irony, truly, given the content of the story.

The UK's Channel4, which worked with The Guardian and NYT to launch the coverage: 13 trackers, the lowest I could find, and including only Google Analytics, Scorecard Research and a handful of smaller companies. The only player not sharing information with Facebook or the other social media companies.

What astounded me is that it's impossible to evade these social networks' reach while reading the news, and it's incredibly difficult to actually tell that these websites are receiving the data when you read them. Would the average user know that The New York Times is helping Facebook build a habit profile? Absolutely not.

It's even more disappointing that the technology media, which should lead the way in this debate, is staying incredibly quiet about this. A precursory look at the trackers used by the top 15 technology publications as listed by Techmeme is revealing:

Click image for live spreadsheet

When I finished this, it was something of a holy shit moment for me. Across these sites, only two didn't send data to Facebook, and all but one send information on visits to Google in some form (be it DoubleClick, Google Analytics, or even just Google Fonts). I also learned that ScorecardResearch is used ubiquitously, and is the third most common tracker on the web... despite it being incredibly unclear what news publishers stand to gain from it.

The web is sick and we need to fix it. I'm not saying that all trackers are bad—there are some genuinely useful ones, and I use a small handful such as Google Analytics—but I'd bet that if visitors knew just how much data they were leaking to other sites, they'd be appalled.

I know how these business models work, and what makes them tick (which is why I made a paid subscription instead of running advertising), but it just can't keep going like this: users deserve and want better from the industry. Techmeme, interestingly enough, just launched non-invasive advertising that actually seems to work, so it's not like there aren't other ideas out there.

It's particularly shocking, because I view these sites as the leaders in technology, but yet they're leaning on shady trackers and sharing data to make their business models work. I don't want Facebook building a shadow profile of my habits, and I'd assumed it wasn't happening as much in this industry.

Perhaps tracking data is the next digital oil spill. What happens when it leaks? I only looked at the top websites, but if these are the absolute best foot forward for the industry, I hate to think what the lower-end, smaller websites are doing with trackers.

So, what can you do? Well, for one, pressure your favorite sites to offer a way to pay and remove the advertising/trackers! If that doesn't work, use an extension like Disconnect or uBlock to remove trackers, or go for the full nuclear effect and install a network-wide blocker like Pi-Hole.

But, just know this: until publisher habits change, or there's external motivators from readers like you and me, they'll keep slathering on the trackers. Why not? It doesn't seem to hurt anyone, right?