Saturday March 16, 2013, 7:14 pm
Free Cookies: Strings attached to browsing raise costs for users
11:01am | 11 March 2013 | by Access Policy Team

Guest post by Jon Fox
A version of this post first appeared on the California Public Interest Research Group site

The recent introduction of Do-Not-Track legislation is again bringing the issue of online privacy back to the forefront in the United States. Given its mixed history, lack of widespread agreement on how to treat Do-Not-Track requests, and what sort of behavior constitutes tracking, the effectiveness of existing Do-Not-Track systems are far from adequate.

Free services are a major driving force behind the world wide popularity of the internet. But the free does not come without cost. That’s because users are tracked online, data is collected and stored, and profiles are created for companies to target ads and better sell us products.

Though using a service may be free, we pay for targeted ads in various ways. Companies pay millions to collect user information and then buy targeted ads, an expense that is ultimately passed on to consumers in higher prices. Moreover, basic economic principles dictate that consumers pay more when companies know more about how much they are willing to spend, past shopping behavior, and personal circumstances.

That’s why for some time consumer and privacy advocates have sought to address online tracking through Do-Not-Track regulation, which would allow internet users to set their web browsers to tell websites, advertising networks, data brokers, and other online entities that they do not want to be tracked online for commercial data mining.

More than a nuisance, losing control of your data online could affect your offline life. ‘Big data’ brokers combine bits of data to complete a picture of your life and -- accurate or not -- sell it, in ways that could lead to illegal, racial and class-based outcomes on loans and credit scores, hiring, search results and ads, and family privacy.

A mixed history

Recently, Senator John D. Rockefeller (D-WV) introduced the Do-Not-Track Online Act of 2013, which, along with requiring the Federal Trade Commission (FTC) to set DNT standards, would also instruct the commission to draft rules to enforce users’ request to opt out of such tracking.

But Rockefeller’s proposal is just the latest in the long, mixed history of Do-Not-Track. In 2009, privacy expert Chris Soghoian and others proposed a technical solution -- inserting “DNT” into the headers of messages web browsers send. Senator Rockefeller previously put forward a Do Not Track bill two years ago, yet did not pursue it after industry groups pledged to develop voluntarily mechanisms to honor user’s browser-based Do-Not-Track flags.

Since then, negotiations to set universal Do-Not-Track standards as part of the World Wide Web Consortium (W3C) standards have fallen through and little progress has been made towards effective self-regulation.

While some companies have decided to move ahead themselves, consensus and clarity around Do-Not-Track standards is still needed. Microsoft announced it would set Do-Not-Track as a default setting in its newest web browser IE10. Mozilla recently raised the bar when it announced that it would offer to block third-party tracking cookies on its new version of the Firefox browser.

Advertisers and other online data brokers have resisted such efforts to respect users privacy preferences vigorously. A leading industry lobbyist called Mozilla’s added Do-Not-Track feature on Firefox “a nuclear first strike” against the ad industry. Without such agreement or enforcement mechanisms, self-regulation is not enough to protect users.

The public wants to have more control over when and how their online activity is tracked: In response to the advertising industry’s outcry, Brendon Lynch, Microsoft’s chief privacy officer, cited a company study of computer users in the United States and Europe which found that 75 percent wanted Microsoft to turn on the Do-Not-Track system. Access noted the FTC is getting more serious about mobile privacy disclosures. Yet industry leaders have so far failed to reach agreement on establishing Do-Not-Track mechanisms. It is time for lawmakers to act and pass a Do-Not-Track bill to protect users.

How we got here: free cookies

From the beginning of their existence, Google, Facebook, and Twitter drew new customers in with their free offers, and users quickly signed up. Some internet services successfully transitioned to paid premium service packages, like the online television streaming service Hulu’s premium Hulu Plus subscription plan, once users familiarized themselves with the product.

However, for the most part, the core of the online experience is free. Or is it?

The answer to that question is in the details, or rather, in the data. Terms of service agreements make it seem like consumers willingly made a Faustian deal to enjoy all the internet has to offer for free in return for letting online companies monitor and track them. For the most part tracking is done through browser cookies sent while the user is on a website and stored on the computer.

But the deal between users and their trackers is not completely above-board. Cookies were originally designed to help websites “remember” us on our next visit, speeding up the browsing experience and making it more enjoyable. Since then tracking cookies, and especially third-party tracking cookies, have become more sophisticated and compile a record of individuals' browsing histories, online interactions, movements, and interests. Although services like Ghostery and DoNotTrackPlus reveal the long lists of third parties tracking you, most users have little idea that this monitoring is taking place in the background, and have even less control over what data is collected or how it is used.

Unknown third-party companies collect user data from tracking cookies and then sell it to other online businesses. This data is often used to provide consumers with a “tailored” web experience matching their interests and past behavior online. While most internet users are not familiar with the technical details, by now most aren’t surprised to see ads for sunscreen in their Gmail after receiving a hotel confirmation for a beach vacation.

For most, a few “targeted” ads seem like a small price for all the awesomeness the internet has to offer. But the costs extend beyond what most users imagine.

The costs of a personalized web

Tracking cookies allow online marketers to create “buckets” for customers meeting various criteria, offering each a different price for the same products. The Wall Street Journal found that popular retailers, including Staples, Discover Financial Services, Rosetta Stone Inc. and Home Depot Inc., were consistently adjusting prices on product offers based on a range of characteristics that could be learned about the user. For example, if a man googles “last minute Valentines gift” and then reaches a florists’ website he may see different pricing than another who simply googled “florist delivery.” Online marketers can sniff out the desperation, and can adjust prices upwards for those rushing to save a relationship.

We are told that giving up a little bit of privacy is the only way users can continue to enjoy the level of internet services we are accustomed to. Yet, even glossing over the (valid and persuasive) argument that corporate tracking of our online activity is a violation of privacy, not to mention creepy, this claim doesn’t address the problem. Online tracking isn’t done to create a better user experience: it is done for commercial gain. The collection and sale of user data is a growing business, putting user privacy behind profits. Lawmakers need to step-up and pass Do-Not-Track legislation, which regulators need to enforce.

Jon Fox is a consumer advocate and social activist who has worked in the U.S., Southeast Asia, and the Middle East on issues of technology, privacy, and human rights

Saturday March 16, 2013, 10:00 pm
Noted..thankd JL.

Saturday March 16, 2013, 10:09 pm
NOTED, THANKS!!!

Saturday March 16, 2013, 11:09 pm
Very true , for now I have been using Ixquick they claim to not track .
However legislation is needed now .
Thanks so much , excellent post .

Saturday March 16, 2013, 11:58 pm
Thanks, that's important information for everyone.

Sunday March 17, 2013, 1:23 am
Noted. Thanks J.L.

Sunday March 17, 2013, 3:09 am
Noted, thanks.

Sunday March 17, 2013, 7:58 am
You are welcome Jerry, Terry, Lydia, Dorothy, Giana and Kerry.
You cannot currently send a star to Dorothy because you have done so within the last day.

Sunday March 17, 2013, 8:00 am
Thanks noted

Sunday March 17, 2013, 8:43 am
ty

Sunday March 17, 2013, 9:41 am
thanks

Sunday March 17, 2013, 9:43 am
I have SpyHunter which tracks this type of thing plus Malware and a couple of others. They still manage to get through and even SpyHunter will tell you that there are just some cookies that are repetitive. One of the worst offending browsers is Mozilla Firefox. Firefox is not just an energy piggie it is also a cookie monster.

Sunday March 17, 2013, 10:24 am
ty

Sunday March 17, 2013, 12:45 pm
You are welcome Carol, Ro, Tim and GD. Thanks for the Firefox heads up--C2 seems more compatible with that browser compared to some others.
You cannot currently send a star to Michael because you have done so within the last day.

Sunday March 17, 2013, 2:08 pm
Unfortunately there is no such thing as a free lunch even though we like to think there is. I look at Care2 and the amount of advertising on here. Yes people complain but without those ads the site might not be operable and all that good work we all achieve wouldn't get done either. Are each of us willing to kick in a monthly donation?
You could argue that lunch is free when someone buys you lunch but then you are obligated to spend your lunch time with that person. Get a good software program that will minimize the amount and affects that those cookies bring.

Sunday March 17, 2013, 2:11 pm
"Since then, negotiations to set universal Do-Not-Track standards as part of the World Wide Web Consortium (W3C) standards have fallen through and little progress has been made towards effective self-regulation."

There are ways around this ubiquitous practice. I use a lot of them. You can control through browser settings what kind of cookies you allow and how long they are kept, you can sweep them all out when you close your browser, you can stop them from tracking completely with browser add ons, if you are using something other than IE, for the most part. I use an add on called Web of Trust, available for all browsers, which warns of harmful websites and will prevent you from going to to bad one by accident, though you can override it - you shouldn't really, I use Do Not Track Me from Abine which is free. I have internet settings such that a website must get permission from me before placing a cookie, some I allow permanently, almost all others "for this session only" if at all. I do use Firefox and it is thousands of add ons that I find of use. It is a matter of controlling it, and it is extremely customizable and much safer than IE. Don't like Chrome or Opera but do use both from time to time, all are customized as tightly as I can make them. Practicing safe computing is as important as safe anything else. I also use standalone anti virus, malware and fire wall products, and run independent programs periodically like CCleaner and Malwarebytes, free, just to be extra sure. In 15 years of having a pc, I've yet to have even one virus or piece of malware make it to my machine. It just requires diligence. Which I have in spades, or maybe that is paranoia, they're hard to tell apart sometimes. :^)

Sunday March 17, 2013, 2:37 pm
Good advice Theodore and Gene (thanks to the latter for the specifics to help those more challenged by technology)!
You cannot currently send a star to Theodore because you have done so within the last day.
You cannot currently send a star to Gene because you have done so within the last day.

Sunday March 17, 2013, 2:55 pm
noted thank you

Sunday March 17, 2013, 4:43 pm
Noted

Sunday March 17, 2013, 4:45 pm
You are welcome Marcel