Beyond Cookies

120px-VirusThis not a blog entry about cakes and pies, but rather more discussion about how companies are tracking people on the web. A few weeks back I wrote a primer on cookies, which are the scripts that are left on your machine to store facts about you. Cookies can store almost anything and can be as simple as something that remembers your login and password to as complex as storing all sorts of other information about what you are doing on the web.

But many people have become very conscious of cookies and routinely delete them from their computers. Further, our web habits have changed and we access the web from multiple platforms. Cookies are only good for the device they are stored on and are not particularly effective in today’s multi-device environment. So there are new techniques being used to track what you do on the web including authenticated tracking, browser footprinting and cross-device tracking.

We make it easy for big companies to track us without cookies because we basically tell them who we are when we log onto our devices. You routinely authenticate who you are when you use sites like Facebook, iTunes, Gmail and others. An example of how you do this is your android phone. The first thing you are asked to do when you buy an android phone is to log on with a Gmail account as part of the activation process. It never asks you for this again, but every time you turn on your phone it automatically logs you in to that Gmail account again and Google always knows who you are. Apple phones and tablets have something similar in that each device is given a unique identifier code known as a UDID.

So Google is tracking android phones and Apple is tracking iPhones and I have to guess that Microsoft is tracking their phones. Since you ‘authenticate’ yourself by logging onto a cell phone you have basically given permission for somebody to learn a lot about you without the need for cookies – where you are and what you are doing on your cell phone.

The next tool that can be used to identify you is browser footprinting. This is interesting because each one of us basically creates our own digital fingerprint telling the world who we are through our browser footprint. The browser footprint is the sum total of all of the things that are stored in your browser. Some of this is pretty basic data like your screen size, the fonts you prefer, your time zone, your screen settings. But there are other identifying features like Plugins or any other program that wants to create a place on one of your tool bars.

As it turns out, almost everybody has a unique browser footprint. You can test this yourself. You can go to the website Panopticlick and this will tell you if your browser footprint is unique. It will show the kind of information that others can see online about you and your machine. One would think that most people have the same sort of stuff on their computers, but it only takes one thing different to give you a unique browser footprint and almost everybody is unique. And the people who are not unique still share a browser footprint with a discrete number of other people.

Finally there is cross-device tracking and Google is at the forefront of this effort. Over time as you log onto Google from different devices, or as you authenticate who you are on multi-devices, Google and others can note that information coming from these various devices are all from you. And so when your browse from home and are looking at new cars, it will become possible for them to tell an auto dealer what you have already done in terms of research once Google notices by your cellphone GPS that you are at a car dealer. They aren’t doing this quite yet, and for now they are just linking and tracking you across your multiple devices. But this tracking effort gives them a more complete picture of who you are, which is what big data is all about.