Why DIY is DOA When it Comes to Managed Attribution

MA at a Distance: Managing Your Online Attribution While Teleworking

An Ntrepid Academy Blog Series

As nationwide stay-at-home orders extend further into the spring, we’ve all had the extent of our creativity and adaptability tested. We’ve attended virtual happy hours (let’s be honest, not as fun as they were in March), whipped our coffee (tastes fine; worth the Instagram post), and baked bread (both sourdough and banana, not bragging). At this point, it’s clear that there are few things that can’t become a DIY project (PowerPoint parties, here we come). 

When it comes to our managed attribution and online operations, however, DIY solutions can still leave us vulnerable to online risks. 

The shift to large-scale telework has made online security a priority for many of us. Just as Netflix has obliged our content craving, numerous articles have touted the benefits of simple, DIY online security tricks. Yet, these tricks can still leave you vulnerable to malware, tracking artifacts, and sophisticated fingerprinting techniques. 

One of the most common suggestions is to use private browsing for your online activities—after all “private” is in the name. While private browsing does prevent your browser history, form data, and some cookies from being saved for that session, it leaves other technical attributes exposed. Your IP address, network traffic, and online activity are all visible to internet service providers and website admins, and nothing about private browsing protects against malware. 

Other sites suggest using the Tor browser to operate online. The Tor browser obfuscates your internet traffic by routing your request through a series of globally dispersed nodes. Yet, the Tor browser projects a unique signature compared to other browsers, making it clear to admins of clear and deep web sites that you’re using the dark web browser. Further, Tor’s global routing protocol may complicate your ability to log into your online accounts, triggering security checkpoints or perhaps even locking them completely. 

The most common recommendation is to use a virtual private network (VPN) for your online activities. The benefit of using a VPN is that your web traffic will be encrypted, and you may even have the ability to choose from a limited amount of geographic locations from which to egress out to the internet. As we’ve discussed previously, however, there are significant limitations to relying on a VPN as a managed attribution solution. Many commercial VPN IP addresses are knowable, some VPNs log user activity, and others deliver high latency and poor performance. Further, VPNs do not protect against malware, nor do they prevent websites from using sophisticated browser fingerprinting techniques to identify and track users. 

None of this is to suggest that you shouldn’t use these solutions, but it’s important to weigh the benefits of these DIY approaches against their drawbacks, and to make the best decision based on our objectives and risk threshold. Private browsing or VPNs may be sufficient for personal use but not for sustained online investigations. Your ability to navigate these tradeoffs is critical to effective MA.  

Managed attribution is the process of controlling the technical and behavioral information you communicate as you operate online. When it comes to DIY solutions, many may be left DOA.