Alas, the path to truly anonymous online living leads straight through the heart of corporate America.
One approach is for companies to just collect less data. Narayanan and a few colleagues demonstrated one way this could play out. They built a browser extension called Adnostic which could track your user behavior, but would restrict it to your computer. A company could use it to watch your behavior, and effectively serve you appropriate ads, without beaming your information back to servers, or selling it to anyone else.
If companies want to share collected data, Narayanan proposes that they sequester it, so that analysts need to make explicit queries to get information. "You can monitor the queries that people are running. If the analysts are doing something malicious there's a chance that they will be found out," he said.
A third approach is a slick mathematical process called "differential privacy." When linked together, identifiers like birth dates and zip codes form a unique identity "fingerprint" for a person. When a differential privacy algorithm is applied to a data set, those links get blurred, and bits of data can no longer be traced to their source. This would let companies or researchers conduct "sophisticated data analyses," whether for marketing or public health purposes, "while having some sort of mathematical guarantee against a privacy breach," Narayanan explains.
Differential privacy is now applied in situations where sensitive data needs to be shared for a common good. For example, the OnTheMap project, hosted by the U.S. Census Bureau, makes anonymized data publicly available while keeping sensitive information about citizens intact.
Differential privacy could be applied to targeted advertising, says Adam Smith, associate professor of computer science at Penn State University. In their current forms, "even if I trust Microsoft or Google to do the right thing with my data, Google may be inadvertently leaking my data" to third parties, he told NBC News.
But though the concept has been in development for more than a decade, the tools aren't quite ready for the market yet. Also, there still is no economic incentive for companies that collect and store and share Web-tracking data to use any of these options. Perhaps if more businesses — such as the DuckDuckGo search engine, whose motto is "We don't track you" — gain popularity, an incentive would arise.