Your Promiscuous Data – Cookies

cookies lined up on market stall

Welcome to Part 2 of Your Promiscuous Data a new data privacy and cyber security series. This week’s topic is cookies.  Not the kind that Mom or Grandma made and if you are like me represent a constant challenge to one’s waist line later in life. What we are offering in this article is a quick read on the topic but we have linked to longer more in depth content should you want to gain a deeper understanding. The main topic is cookies and cookie types but there are other kinds of web activity trackers that get used.

In fact the term cookie is now more associated with the internet than the baked good. And ever single place you land your browser on the internet wants to put a little piece of data on your computer.  The key point is it’s stored on your machine and not the server of the site you have visited although that server uses it as you browse and if you return to that page again.  It is about ease and experience.  Cookies are site or “domain” specific. Using my site as the example timkubiak.com it can’t read any users cookies from other sites they may have visited. Yet everywhere you go it seems the internet knows where you’ve been. So the questions become how is that the case and what does that mean for your privacy?

What are Cookies?

A Cookie is literally a small piece of data that gets logged every time you visit a website. They are site and browser specific. Meaning that Microsoft Edge and Firefox don’t read each other’s cookies.  It tells the browser to tell that site you have been there before and in the cases of persistent cookies which pages you visited. Over time it is a way to keep track of you and start to build a “profile” of your visits and habits. In theory some cookies are destroyed when a particular browsing session ends.  However that is not always the case and there are multiple types of Cookies.

The video below lays out the history of the cookie and how they can track in very simple and straight forward terms.  How large companies like the usual suspects FB and Google get access to information across multiple sites and platforms. And finally a few suggestions on how to limit exposure through browser ad ons.

Single Session

Single Session cookies are generally there to enable the smoothest web browsing experience. The are used to aid site navigation, enable surveys, or track items in your shopping cart. Like the other types they are just small bits of data but essentially are destroyed when your close your browser and that session ends. They can however remember you log in credentials for a site.  

Multi Session persistent cookies

Multi-Session Persistent cookies are a different matter. These cookies remain on your computer and record information every time you visit some websites. They are stored on the hard drive of your computer until you manually delete them from a browser folder, or until they expire, which can be months or years after they were placed on your computer.  

Along these lines they allow advertisers like google, facebook and countless others who sell advertising to target you “better”. Two reasons why you see ads across multiple platforms, such as a website you are reading the news on, and also your Facebook page is these types of cookies and also log in data. By staying logged into sites you enable better profiling and tracking of your browsing habits.    

First Party Cookies

First Party Cookies are ones used by a websites owner or developer.

Third Party Cookies

“Some commercial websites include embedded advertising material which is served from a third-party site, and it is possible for such adverts to store a cookie for that third-party site, containing information fed to it from the containing site – such information might include the name of the site, particular products being viewed, pages visited, etc.” Source: WhatareCookies.com

What is a Cookie Policy?

Now more often than not when you first go to a website it provides a cookie policy for you to accept.  This came about because of the “GDPR” regulations in Europe. Essentially it is a way for you to determine what data is being collected and who may have access to it. Some cookie policies will refer you to a privacy policy that goes into more detail. For reference National Geographic has a great write up and explanation of their cookie policy.  A website’s Privacy Policy while related serves a different purpose.

So let’s take a quick look at the US Department of State’s Privacy Policy. Personally Identifiable information or PII is reasonable. They clearly state they don’t collect such information unless you choose to provide it. If you look further they discuss 3rd parties, warn you that email is not secure (and really it’s not in case you didn’t know.) They go on to detail their cookie types tell you how to turn off cookies and also what they do to secure information. In fairness I typically poke fun at government agencies and politicians. In this case they seem fair and reasonable. News sites on the other hand are another matter,

Can I Say No To a Cookie?

Yes and no. The first step really is to set up your browsers correctly meaning to disable cookies automatically. You can use a 3rd party extension or tool to help block cookies. Some sites will lose functionality and sites like YouTube require cookies to allow you to watch videos.  Why because they care about their advertising profits over your privacy.

How Do Cookies Get Used?

It’s not just how they are used but by who they are used by that needs to be looked at.   As we mentioned earlier cookies get used by a website’s server to make browsing an easier and better experience, yet they are also used to target you with advertising and to understand what you like, are thinking about and are interested in.

If you buy that cookies are only there to “help you” I have some week old bread that has been left out in the rain to sell you at an exorbitant premium!

They get used in all kinds of ways, 1st to target advertising to you. Secondly they begin to create a profile. The more data point companies have, even if they are small seemingly insignificant bits create data lakes. Like it or not put enough bits about you from enough places (apps, programs, check ins, likes etc) and even random things can become very clear.  

Are Cookies Dangerous?

Generally speaking Cookies aren’t dangerous in they don’t deliver Malware directly to your machine. However in a 2017 study at Stanford it was shown that with the right data sets De-anonymizing Web Browsing Data with Social Networks could be done with 70% accuracy.

Do I need to Protect Myself?

Simply put YES! If you don’t you will not have control over who has data related to you and what they intend to do with it.  Anything from advertising, to profiling to meddling in elections. The Web Transparency project at Princeton took a look at 1,000,000 websites and their tracking.  Ironically news sites seemed to be the most pervasive users of cookies. In a paper published by Queen Mary University in London shows the use of 3rd part trackers and the geographic variance of them. Meaning that US trackers can be found abroad and likewise trackers from other countries like Russia and Germany are plentiful and reach far beyond their sovereign borders.

Does My Browser Matter?

Yes your browser matters and the setting in it matter even more.  If you are ready to take that step LapTop Magazine has ten simple steps to help keep Microsoft Edge from spying on you.

Chrome is a Google product and many people love it. Perhaps the devil you know with it’s automatic updates that can’t be disabled. However if you want to use it there are ways to limit the amount of data you expose, How to Geek takes you through the settings to change to maximize privacy.   

Admittedly I am a Firefox fan and have been for years.  Firefox has begun taking privacy more and more seriously. That said there are still things that can be changed to lock things down even more.

Privacy Browsers

Brave is a relative newcomer on the scene and boasts that they keep you safe from ad trackers, cookies and other nasty things on the web. It has a slick design and kudos to them for being right up front with their setting in the tutorial on install and easily letting you turn off their private date reporting feature.  There are documented cases of it being reported as a virus or malware and ironically when tested on one of my machines did trigger warning from my AV client.

TOR – isn’t magic but can help with Privacy.  First know that is it based on a FireFox framework. Adding extensions put it more at risk. You should still combine it with a VPN. And while the toy and target of hackers, bad actors and people exploring the dark web it is still a reasonable option for those of us trying to protect our data out of principle.

Browser Tools to help

DuckDuckGo – has browser extensions that rate the privacy of sites and a good reputation as a search engine concerned with privacy.  

Ghostery – is a simple browser extension designed to block 3rd party cookies and trackers. It doesn’t require you to be a geek to install and use. It has had a significant amount of downloads.

Privacy Badger –

What About My Antivirus ?

Yes you need it! Keep it current, run scans etc. And if you are running Avast replace it now!  Vice reported that Avast has been selling the data they collected through their Jump Shot organization.   

Run protection on your computers, tables and mobile phones.   

Virtual Private Network (VPN)

While a topic we will cover in depth in a few weeks. A VPN is a must have for homes and small businesses. It helps to keep your data from prying eyes between your PC and what you are connected to by encrypting it.  What it doesn’t do is stop cookies and trackers from being placed on your machine.

Cookies In Conclusion

Yes nothing is fool proof. Nothing is simple and like all things that matter it comes down to us as individuals to take the proper precautions, do the reading and tweak the settings. Simple steps that take a few moments fix a multitude of sins.  

Keep in mind it’s not just the usual punching bag targets Google, Amazon, and FB who are sniffing our data and tracking us. There are other advertising companies. Our Telecom (Mobile and circuit based) and Internet Service Providers and possibility public agencies and guys paid by your government as well.     

Tim Kubiak

Business Geek, Nomad, Aging Metal Head, Nerd, & Coffee Addict. plus the only big guy at Hot Yoga with 25 years of Sales and Leadership experience in organizations of all sizes.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.