Online Privacy and Cookies

Have you ever been on Google looking for something and then it shows up in your Facebook feed? Have you noticed that advertisements on the internet seem more and more applicable to your wants and needs? Well, you can thank (or scorn) big data for that. The practice is commonly known as “targeted advertising” uses data to target the most receptive candidates. Advertisers know that someone browsing for socks might very well purchase socks from an online retailer that gets in front of them. This sort of data can come from a variety of sources. One of the most common sources are cookies, which are small text files placed on your web browser or computer by a web server. Through a practice known as “cookie profiling,” advertisers can get a pretty good idea of who you are.

Cookies could be considered an innocent party to this because they were originally intended for servers to recognize a computer as it traveled between web pages.  Cookies tell the browser the name and domain of the website, sets an expiration date for the cookie, and a creates a coded number. A variety of additional information can be stored in cookies, such as IP address, credit card numbers, language preference, and login information. The next time you visit that site, the web server sees your cookie and knows who you are. Web developers love cookies primarily because the internet really wouldn’t work so well without them and, bonus, they can drastically improve the user experience by personalizing a website.

That aside, not all cookies are created equal. There are two primary types of cookies: session cookies and persistent cookies. Session cookies follow you around a website during your visit and then are lost. You can think of a shopping cart on a website. It helps store the items you’ve added before checkout, but once you’ve checked out the cookies is no longer needed. Persistent cookies hang around until they expire or are deleted (clearing your browsing history has an option to delete cookies). These are the cookies that advertisers use to flood your social media feed with socks right after you Googled “socks”. There are first party cookies and third party cookies. First-party comes from the website you visited. Third-party cookies come from parties interested in the users to a website and can originate from an advertisement, such as a banner across a page. Supercookies (also known as flash or zombie cookies) can hide in places and are particularly pesky to get rid of, but more on that another time.

All browsers have the ability to prevent the storage of cookies. Why? Because cookies are often associated with an invasion of privacy by big business and, you guessed it, targeted advertising. By preventing these cookies from getting onto your system you can cruise the internet in private, right? Well, no. Your internet service provider (ISP) is collecting data on you. They have access to the URL that you type in (http://www.datotech.com, for example) because they own the infrastructure that the internet runs on. Without getting too much into how the internet works, think of it like the road you drive to work on. You might be recorded on a traffic camera every weekday around 8:30 AM. The owner of that camera could then sell a local business owner your license plate number. Then he or she could look up the owner of that vehicle and then send advertisements to your home since it is known that you are in that area frequently. A brief aside: the jury is still out as to whether or not the government can sell traffic camera data. I should also not that the traffic camera isn’t the best example because ISPs have a perpetual traffic camera that follows your around, but you get the idea.

While traffic cam data is still in limbo, ISPs have been given the green light to collect your data and sell it. The FCC attempted to create a rule that required ISPs to get your permission before collecting and selling data. This data included your browsing history, app usage, and all that cookie data, but the US Senate narrowly voted to kill the legislation in March. I believe that the majority of Americans are upset about this (to vastly varying degrees) because since 1890 the idea of a “Right to Privacy” has been intertwined into the US legal system. So why on earth would our representatives vote to allow a business to expose our “private” information without our consent? Like all political finagling, it is difficult to pinpoint why, but you could certainly start with the lobbyists at Comcast, AT&T, and Verizon, among others. Their argument is that the FCC’s rules unfairly target them and gives companies like Google and Microsoft (Bing) an unfair advantage in the big data industry. Why would Google have an unfair advantage? Because Google isn’t an ISP, so they don’t have to ask your permission to collect and sell your data under these rules. Going back to our traffic camera example, it would be like the owner of a parking lot camera having permission to sell your license plate, but not the owner of a camera on the main road -especially when they paid to pave the road. I think most people would prefer that the rules extend to Google rather than not having any rules at all, but this is an obviously complex situation.

There are plenty of articles available that can give you a lot more detail on the legislation and reasoning behind killing it, but the long and short of it is that your browsing history is for sale. If you are like me, then you probably don’t care that much because I’m not doing anything illegal or reprehensible online. I wouldn’t mind if advertisers were better at identifying what I care to purchase so I didn’t have to waste time watching commercials during my favorite shows that simply don’t apply to me. Advertisers would love to practice more targeted advertising, too. It can be thousands of dollars to run a single advertisement, so if it isn’t going to result in a sale, then that money can be channeled to more fruitful ventures.

If you aren’t like me and you would prefer to have privacy while browsing the internet and after you’ve logged off, there are plenty of simple things that you can do to protect your data:

  1. See Who Shared Your Private Data. Sometimes you need to register for a website with your real email address, say, if you plan to log in repeatedly to make purchases. Here’s a neat hack for ferreting out which companies are sharing your data with email lists, if you have a Gmail account: Type “+” before the @ symbol and add the website’s name. Email addressed to YourName+Websitename.com@gmail.com will go to the regular inbox for YourName@gmail.com. But now it will carry an extra crumb of data, and if you get spam from a company you’ve never heard of, you’ll know whom to blame. Check out Consumer Report’s 66 Ways to Protect Your Privacy Right Now
  2. Use a Virtual Private Network (VPN) to surf the net. VPNs encrypt your digital traffic and disguise your location from servers and ISPs. Just do your research, since VPNs can be private entities that may want to sell your data anyway. This is another topic that could merit a future article.
  3. Think Before You Click! Ensure that the sites you are going to are secure, because it isn’t just the ISPs that want your data. Cyber criminals can be incredibly cunning (check out our past article, Malware Campaign Tricked Networks Since 2015). Even if the website you are going to seems pretty benign, remember that third party cookies can come from within an otherwise impartial website.
  4. Look for an “S”. You’ve probably noticed that some websites go to HTTP while others go to HTTPS. If you don’t already know, that “S” at the end is pretty significant. Companies get that by purchasing an SSL certificate. Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted.
  5. Antivirus software. Enough Said.
  6. Finally, Control Yourself on Social Media. Don’t advertise your private information for free. We all know that employers have taken to social media to check up on potential hires, so most of us try not to air our dirty undies on Facebook, but for those that don’t care about employers, remember that they are not the only ones accessing that information from Facebook. Hackers can use your posts to siphon personal information from you. Facebook also has no issue combing through your posts to see what you are talking about and with whom. Prudence is the best defense.