Have you ever been on a website and wondered why the “you
might be interested in” pop-ups and onsite advertisements really reflect your
interests and freakishly echo your online activity? [Inner monologue - I HAVE!
It happened again today, so I decided to do some research.] I think we all know
that marketing firms and advertisers track our online activities and interests to target ads at us. I knew that to some degree, but didn’t
realize just how prevalent this business really is.
What does this mean to you -
4c812db292272995e5416a323e79bd37 – Anything? Nothing? Well, according to the
Wall Street Journal, this single line of code details a huge amount of detail about a woman in Nashville,
TN – all derived from her Internet browsing. The Journal conducted a
comprehensive study that assessed cookies and other surveillance technology
that companies deploy on Internet users to harvest information. The study revealed that tracking of
consumer Internet activity has grown significantly and is much more intrusive
than most people know.
And if I'm reading this research correctly, a more recent article published August 23, 2013
by the Wall Street Journal demonstrated that one of my most frequented sites,
Dictionary.com, has up to 234 trackers on any given day. And another site I hit
daily - MSNBC – avg. of 117. While some have no objection to this, many users
do not want their online activities monitored and sold. Call me paranoid [go
ahead, wouldn’t be the first time] but when I’m searching for a synonym for a
word to develop a great blog or searching for the latest news on DDoS attacks,
I don’t really want that information bought and sold like the day’s corn
harvest.
Internet Explorer, Safari and Firefox all offer a Do Not Track (DNT)
application that, in theory, allows a user to not
have information about their web browsing activities monitored and
collected. Does it work? Well, only if
the site acknowledges the DNT request, which most reportedly don’t. There is no regulatory
or legislative authority requiring that a site honor the DNT request.
In
response to privacy concerns expressed by the public, the Federal Trade Commission asked Congress to endorse the Do Not Track (DNT) “mechanism
that would allow consumers to control the tracking of their online activities
across websites, and other approaches recommended in its recent privacy
report.” The result? Well, that’s shaky at best. A few social media giants have
accepted the FTCs expectations, such as Twitter and Pinterest, but most reportedly
do not.
So with all this paranoia swirling around in my head, I had
to consult an information security guru, Rick Doten, Chief Information Security
Officer at DMI Inc. Rick has been recognized as an ethical hacker who today uses
his dangerously-sharp knowledge to protect Internet users and businesses. He’s
also a dear friend who tolerates my frequent paranoid outbursts [Thanks Rick].
Rick’s take on my recently-developed cookie-phobia is: “My perspective is to keep in mind that not all cookies are
bad. The web is a stateless environment, and therefore unless you want to
re-authenticate for each page you visit, a cookie will help identify you as a
user and maintain your authentication and authorization. But that obviously can
be used for nefarious purposes as you are discussing. And most folks don't
realize how many cookies are tracking you until you run an anti-malware scan
that identifies them. It's usually best to clear cookies when you close
your browser, though most people don't close their browsers often. Leveraging
an incognito or "private" browsing window, which all the browsers
have now, is another way to help. Also, don't browse when you are logged into
Google, Facebook, LinkedIn, etc. because cookies can inherit identity. That's
where multiple browsers are a good idea.”
Well, thanks Rick, while I am now calmer my phobia
has not abated. So, what’s the lesson from today’s soap-box ladies and
gentlemen? Well, that honestly depends on your point of view. Personally, I am
now clearing cookies after every session, downloaded a third Browser, and made sure all of my Browsers have
the cooking blocking application checked. I’d rather enter a few additional
authentication measures than have my personal information bought and sold.
That’s just me. Go forth and prosper in the Wild Wild West, I mean, the World
Wide Web.