The BBC logo overlaid with the blue Twitter bird

The Crow doesn’t like being surveilled - it’s hard to imagine that anyone does, really. Here in the nest, we take great pains to ensure that our connection to the wider world is as sanitised as possible.

We run anti-tracking extensions on our browsers and mobile devices, and on a network level, we have PiHole intercepting anything that might get through. Our news is filtered through FreshRSS on a raspberry Pi 4 - so we rarely need to visit an actual website, and we have our own private email server on the same machine.

But we’ve always felt safe with the BBC. We’re quite happy reading BBC news while we initialise a new machine - even before any of our usual protections are in place. On a new and undefended mobile handset, we’ve felt secure that the BBC wouldn’t be stalking us any more than their own analytics require, or allowing anyone else to stalk us either.

After all, the BBC regularly publishes stories on privacy related issues, tracking, as well as creating (somewhat outdated) educational materials on the subject. They employ a large team of tech journalists, as well as an army of technical staff. It’s inconceivable that the corporation is unaware of the issues and stakes involved in 21st century privacy.

Get to the point, dammit!

In the run-up to the 2020 US elections, we began to notice a lot of Twitter embeds on the BBC pages we were viewing. The Beeb has long used embeds instead of screenshots or simply quoting what was said. We don’t know why - tweets are temporary, outside Auntie’s control, and can be deleted at any time. But we started to notice them more.

Concerned that we were being tracked by a third party (no doubt anxious to know which morsels of celebrity gossip we were slurping up), we decided to check whether or not that was the case.

The tweets are embedded using ‘Twitter for Websites’ and the company makes it very easy for developers and site owners to to turn off tracking so that information about readers isn’t sent back to Twitter HQ. There are two options, as illustrated below, and it’s really easy to find.

Twitter for websites instructions for turning off tracking

The easy option is literally three words

Inspecting the HTML of a BBC web page is not the easiest of tasks. It’s minified, hard to read, and contains a lot of unnecessary bullshit. We don’t know why. The string ‘dnt’ does not appear in any of the pages which have Twitter embeds.

To make sure, we checked the logs of our anti-tracking extensions, and found that they had blocked two requests to Twitter. The tweet was still being displayed, and it appeared that unique identifiers were being sent back.

Yes, the BBC news site was allowing a massive corporation to know what users were reading, when, and link it up with any and all other information they may have. Not a problem for us, but uncool nonetheless.

Bizarrely, it also revealed that despite having their own analytics solution in place - ‘mybbc-analytics,’ the page was also using Google analytics. Whether or not the big-brains in the BBC tech department had remembered to tick the box which disallows the software from following you offsite, we don’t know.

Trying to help

We wrote to the Beeb on November 9th, using their comment form. We asked why they didn’t have the ‘Do Not Track’ flag enabled by default. and received a stock reply, acknowledging that a message had been received and would be looked at in due course.

We received another email on November 17th, this time referring to our submitted comment as a complaint (it wasn’t), and apologising for the delay. A further email on December 8th, again apologised for the delay, and suggested that if we were unhappy with the timescale, we were welcome to take up the matter with OFCOM. As of today - January 22nd - there has been no further communication. Checking the site this morning revealed that nothing had changed. If you use the BBC news site and you’re not taking precautions, Twitter is still tracking the shit out you.

It’s especially ironic when reading BBC stories about privacy results in you being further profiled.

Why is this important?

Well, it isn’t. Not really. People who use adblocks and other anti-tracking measures, it isn’t going to matter a damn. The BBC’s Twitter trackers aren’t going to be able to talk to their home base. People who don’t employ such precautions are already so heavily monitored, analysed, and categorised that a few more kelp-crumbs in the sea of data really won’t make that much difference.

But it makes it more normal. And that the BBC doesn’t care enough to take even the most basic steps to protect their readers is disappointing. It makes us sad to think that the massive, publicly funded body which exists to inform, entertain and edify, is just another piece of the problem.

And if you can’t trust Auntie, who can you trust?