Friday, 10 February 2023

Little Brothers Watching You

I remember when I started working in I.T. being mildly surprised by how much customer data some website *cookies collected .....

Little Brother Is Tracking You

 .... it could be very sensitive stuff.

But it was usually site based, and useful for accessing the services available on the website, as opposed to those tracking cookies that some web pages increasingly load, whenever you land on their sites .... these tracking cookies, often harvest, and then pass on for sale or use, a lot of data unrelated any one particular site.

So according to a study, by the Irish Council for Civil Liberties (ICCL), the average European has data about his or her internet usage shared 376 times a day. For US surfers they said that this almost doubles to 747. This sounds a lot, but given that browsing the Internet takes up a large (and increasing), amount of our time, its perhaps not totally surprising.

The report claimed that:

  • Data about US web users' habits are shared in advert sales processes 107 trillion times per year. European users' data is shared 71 billion times.
  • Germany's individual internet users' data is shared once every minute that they are online, using a calculation based on averages.

The details of what each and all of us look at on-line, is an incredibly valuable resource and the data collected is often shared between brokers, who are acting on behalf of those wishing to place adverts, in real time, as a web page loads up. The brands in the adverts themselves are not involved in the collection or interpretation of it. So for example, we have all seen adverts for items we had been browsing appearing elsewhere on our computer screens, often with remarkable accuracy but on pages unrelated to the product.

However, on the positive side, the revenue generated from digital adverts is what keeps most internet services free for us to use, so banning its collection and usage could lead to less free content on the web or even to pages that only work on specific browsers (if data collection protocols breakdown).

But, even with this in mind, the amount of tracking data collected via cookies, can seem unreasonable, as it usually includes information about the device the page is loading on, some details about where that device is, and other information such as previous websites visited and their subject matter. Personally-identifying user information is not included in this collection, but that's about all that's excluded.

Blank Advert Space - Being Sold
 

The real time data collection and auctions (via 3rd party cookies loaded with the web page, or via a phone app), are where most of the secret/silent data is collected and brokered, So when you momentarily see empty advertising spaces as the web page loads, before they are then filled on the web page or a web application, you are essentially watching your activity data being auctioned in that moment, and the winner placing their advert . 

The data collected is known as audience-taxonomy and by default your data can be used to infer your sexual orientation, religion, what you're reading, watching, and listening to, your location and also tell whether they have seen the individual's profile before. It can also be used to determine if you have debts.

According to a report commissioned by Apple, the average phone app includes six third-party trackers, that are there solely to collect and share your on-line data. While any one data broker is estimated to have data on up to 700 million consumers, according to research consultants Cracked Labs.

Cookies Allow Sites To Recognise Users

So why are cookies allowed? Well cookies are small amounts of data, stored in small text files, on your computer. When a web server has sent a web page to a browser, the connection is shut down, and the server then forgets everything about the user, meaning you always visit as a new user.  Which is not useful in many instances, for instance buying and selling.

BBC Cookies Are Useful

So cookies were invented to solve the problem of "how to remember information about the user" and these First Party cookies are useful in the user experience. These are stored by the domain (website) you are visiting directly and they do things like:

  • Remember website configuration (e.g. language preferences, names).
  • Login details.
  • Products added to the shopping cart, even after a user leaves the site, and
  • That visitors are for example, signed up members. e.g. Have Your Say on the BBC.

 

This HTML markup creates the 3rd Party Cookie

Its tracking (Third Party) cookies that are the potential problem, as they are not specific to a site and report your web progress. They are created by domains other than the one you are visiting directly, hence the name third-party. They are primarily used for cross-site tracking, retargeting, behavioural profiling and ad-serving. But many sites such as newspapers, that rely on advertising sales need the click income they generate (hence the "We see you have ad-blocker" messages you often see ...) ... so they allow these cookie creation insertions.

Facebook has argued that Apple's recent move of enforcing "opt-in" consent for being tracked by apps on its devices, is likely to hit small businesses hardest, but also presumably Facebook as well, because user data - and the advertising it can generate - is what makes Facebook so profitable. 

Google, not unsurprisingly, have sided with Facebook for the same reasons, and so Google want to continue tracking people, but in a privacy-friendly way, by replacing third-party cookies. This update could deal a severe blow to its business model. Apple on the other hand has little interest in its customers' data, as it markets itself as a privacy-first company, because it makes its money from selling devices and in-app purchases, rather than from advertising. Google have instead set up the Federated Learning of Cohorts (FLoC) to promote their own data privacy standards. 

The idea behind this new Google standard, is that a browser that is enabled with FLoC, would collect information about browsing habits and assign users to a group, or 'flock', with similar browsing histories. Each will share an ID which will indicate their interests to advertisers. This is already implemented on the Google Chrome browser, it has not been accepted by FireFox, Opera and other browsers over concerns about its possible misuse or data leakage.

But whatever happens, it looks as though the future for this sort of targetted advertising, based on your data being harvested via cookies or apps, then brokered is now limited. In the near future, contextual ads, such as fashion-related ads, may appear only on websites about fashion rather, than randomly following you across the web (as often seems to happen). With the rise of podcasts or 'influencers' advert placements on them could be another non-intrusive way of advertising.

Make Money Browsing The Web?

There is even the possibility that you could sell your own tracking data, via a privacy first browser extension such Surf. This rewards people for surfing the Internet by them bypassing Google etc, and instead it sells your data directly to retail brands. In return Surf gives you points that can be saved up and then redeemed for shop gift cards and discounts.

All the data is anonymous - your email addresses and telephone numbers are not shared, and you don't have to give your name when you sign up. It does however ask for your age, gender and approximate address, but these are not compulsory.

So far its in trials and has limited rewards, but as this is very similar to the cash-back schemes for shopping on-line it looks likely to attract some interest, especially if used in conjunction with the cash-back sites. 

This may well be the future of data collection, with the I don't care about tracking cookies crowd, effectively selling their web movements marketing data, to get cash-back/discounts in return.

NB:  *A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website. Cookies are used by many websites and can do a number of things, e.g remembering your preferences, recording what you have put in your shopping basket, and counting the number of people looking at a website. Some are session cookies that are deleted when you leave current website, while others are persistent i.e are stored permanently (or for fixed timescales) on your PC e.g storing login/passwords.

Oh and in case you were wondering, Second Party cookies are, if they exist at all, First Party cookie information passed by agreement between partner companies, in a data exchange e.g. An airline and a foreign subsidiary, or maybe to a partner hotel chain.

2 comments:

  1. Thanks. I had often wondered about cookies and not really understood the differences until reading this article.

    ReplyDelete
    Replies
    1. Thank for the comment Mo. Cookies are interesting little data packets.

      Delete

All comments are welcomed, or even just thanks if you enjoyed the post. But please make any comment relevant to the post it appears under. Off topic comments will be blocked or removed.

Moderation is on for older posts to stop spamming and comments that are off topic or inappropriate from being posted .... comments are reviewed within 48 hours. I don't block normal comments that are on topic and not inappropriate. Vexatious comments that may cause upset to other commentators, or that are attempting to espouse a particular wider political view, are reviewed before acceptance. But a certain amount of debate around a post topic is accepted, as long as it remains generally on topic and is not an attempt to become sounding board for some other cause.

Final decision on all comments is held by the blog author and is final.

Comments are always monitored for bad or abusive language, and or illegal statements i.e. overtly racist or sexist content. Spam is not tolerated and is removed.

Commentaires ne sont surveillés que pour le mauvais ou abusif langue ou déclarations illégales ie contenu ouvertement raciste ou sexiste. Spam ne est pas toléré et est éliminé.