As the sacred shopping season gets underway, the Electronic Frontier Foundation has issued a report detailing the privacy cost of surveillance-based commerce.

Issued on the Monday after the US observance of Thanksgiving, a day so known for online shopping that marketers branded the event with its own commerce-promoting moniker, "Behind the One-Way Mirror" explores the technology of corporate data gathering, specifically third-party tracking. That's when websites and applications include code that enables entities other than the website or app publisher to gather data about those interacting with the software.

"The purpose of this paper is to demystify tracking by focusing on the fundamentals of how and why it works and explain the scope of the problem," said Bennett Cyphers, EFF staff technologist and report author, in a statement.

"We hope the report will educate and mobilize journalists, policy makers, and concerned consumers to find ways to disrupt the status quo and better protect our privacy."

The problem, as the EFF sees it, is such data tends to be collected surreptitiously, without meaningful consent.

"Most third-party data collection in the US is unregulated," said Cyphers. "The first step in fixing the problem is to shine a light, as this report does, on the invasive third-party tracking that, online and offline, has lurked for too long in the shadows."

[...] Asked why the EFF is revisiting this topic now after years of minimal progress, Cyphers in an email said, "Never before has so much tracking power been concentrated in the hands of so few companies. GAFT [Google, Amazon, Facebook, and Twitter] have more data from more places that they can tie to single identities."

Cyphers is hopeful that government officials around the world may be ready, finally, to support substantive privacy rules.

"There is real momentum behind privacy legislation, both in the US and abroad, and we want to make sure lawmakers know what and how to regulate," he said.

"The tracking industry is huge and convoluted, and you can easily make rules that don't reflect the way things really work, or that play right into the hands of the biggest actors. We're trying to say, 'This problem is big, and complicated, and subtle, but it's not intractable.' We really don't want to waste the opportunity to score meaningful wins for privacy."