There has been a lot of uproar recently about how ISPs are now able to monetize our browsing history. It’s certainly scary thinking that a company can record what you do on-line and then sell this information to others who can use it for reasons unknown.
But we are already being tracked today (and have been for some time) to some extent by cookies put onto our computers when we visit websites. Cookies are not automatically bad, but many cookies were designed for the express purpose of spying on us and to track and record our web behavior.
Cookies differ from viruses, worms, trojan horses and other kinds of malware which are active pieces of code that can make almost any imaginable change to a computer. Lately ransomware is the worst of the new viruses which encrypts your hard drive and won’t unlock it until you pay a ransom fee to have the virus removed (and often then your system still won’t unlock).
Cookies instead are strings of text stored on your computer. In the most benign cases a cookie can be a time log that records when you visited a given web site so that the web site owner will recognize you when you return. And many benign cookies are friendly and convenient and are used to store your log-on passwords so that you don’t have to log in every time you visit a web site. But since cookies are text files they can record a lot more information and in the most extreme cases can be used as a place to record your browsing history – the same thing we are worried about the ISPs monetizing.
Cookies are routinely used by retail shopping sites. They not only record who you are but they know what you viewed and what you purchased at a site. These adware cookies allow a web site owner to direct you to a tailored page when you visit their site based upon your past history on the site. They may send a previous shopper to a page showing the things you are interested in, or for a non-shopper may offer discounts to lure you to buy.
Shopping sites and others similar web services like cookies because it’s the only easy tool they have to identify you. If you browse a website without somehow logging in to identify yourself a web site has no idea that you have been to their site before. All that any web site can see from a non-identified user is the identity of the ISP you use to get to that site. But by putting a cookie on your computer, even if a web owner doesn’t know your name, they know your past behavior at their site and the cookie provides a ‘memory’ about you.
Of course, some cookies are more aggressive. Once sitting on your hard drive they can gather data that identifies more about who you are, so that when you return to a web site the owner might know your identity and can tailor items and prices to you.
Years ago it was fairly easy to deal with cookies. They often were named for the web service that created them, such as your bank or the log-in page to your ISP. We learned not to delete these cookies in order to avoid having to log in every time we visited a web site or service. But today there are huge volumes of cookies.
I rarely do anything personal on my work computer. I rarely shop from it, play games, watch video or do anything personal. I mostly use my work computer to do research and to read industry articles. I also run an ad blocker to minimize ads that can see my computer. Even with this limited use I get hundreds of cookies every week. Most people don’t realize that when you visit a web page with ads that many of those ads dump a cookie on your computer – and you don’t need to click on the ad for this to happen. Many web sites have been created just for this purpose, such as web sites that make you click through multiple pages of a ‘slide show’ to see the ten cutest puppies or the ten best town in America. Those sites are ad heavy and pound your computer with cookies and sometimes even malicious malware.
The worst thing about cookies to me is that I don’t know who is placing cookies on my computer or what they want to use them for. Since some cookies can be malicious I worry that they are recording my web browsing history or passwords or other information I want to keep private. The worst of the bad cookies are persistent and bury themselves in places that are hard to find. These kinds of cookies cross the line to look more like viruses, but it’s still considered to be a cookie if it just records things and become a virus when the actively change something on the computer.
I sometimes wonder if we worry about the wrong things in the cyberworld. ISPs certainly have the opportunity to know a lot of things about me, but they also are likely to be at least a little cautious about blatantly abusing their customers. It seems more likely that most big ISPs will use our data for their own market purposes and may not sell our data to competitors or the wide world.
But the people who put cookies on our computers don’t have any such restraints. They get on our computers anonymously and we have no idea what they are doing with any given cookie. It’s now well-known that there have been detailed profiles created about each of us and I have to think that a lot of the data used to populate these profiles comes from cookies. Most people I talk to do not use ad blockers or routinely purge cookies the same way I do – and I don’t even know if what I do really makes a difference. If there are even just a handful of the more malicious cookies hidden on my computer somebody might already be tracking a lot of the things I do.
I too routinely “wash out” the cookie jars, so to speak, on my personal and work computer. I also store log-ins and passwords on my cellphone directory, so do not worry if the “convenience” gets washed away as well.
I also prefer NOT to do computer work (and especially, banking…) on my cellphone… since I figure the security of the laptop, WiFi and ISP is better than that which is available over a cellphone and mobile network. I’ll check e-mail on my cellphone, but only if my computer is not available.
I also make it a policy not to make donation commitments over the Internet or phone, and not to utter the word “yes” in my communications. If I have not already hung up, and/or told them “… take me off your list please”, I will flat out tell the caller/requester to mail the information to us at our home address and we will then make a decision.
If they insist on a verbal commitment, I reiterate our policy. Usually that shuts down the boiler-room / auto-dialer / lazy representatives. “If you want us to consider the donation, please mail the information. If you choose not to mail us information, then the answer is no.”