Internet Privacy 2010 – "big cookies" and the global debate

Concern and debate about the ethical issues of a third party tracking and selling the online habits of PC users is not new in the Internet age. However, the debate over personal privacy on the Internet is heating up dramatically in 2010 and gaining global attention from civic and government organizations around the world. The impetus for a renewed focus on standardized levels of consumer privacy online is largely driven by new technologies in cookie tracking tools that are earning a name in some industry circles as “super cookies.”

To understand the latest round in the online privacy debate, we first need to get a brief, non-technical overview of what a super cookie is and how it differs from a standard browser cookie. The standard browser cookie is familiar to most PC users. It is a small, non-viral piece of text that is stored on a user’s computer by a web browser primarily for authentication, session tracking, user preferences, shopping carts, etc. but it also allows the capture of personal information and preference data. Web bugs are particularly sneaky cookies that can be deposited on your PC through your browser or through a small 1X1 pixel graphic that can be stored in a document or email someone sends you. Standard browser cookies are, for the most part, easy to identify and remove, if you choose, through your browser’s cookie management tools.

The new generation of super cookies transcends traditional settings and can be used for the same good or questionable purposes. What really differentiates a super cookie from a standard cookie is how they track a user’s online activity, what they are storing, and how difficult it is to identify and manage a super cookie. Today’s super cookies are synonymous with Adobe Flash and Microsoft Silverlight cookies, which are browser independent.

According to a WIRED.com article I recently read about a UC Berkeley report on Internet privacy, the phenomenal explosion of non-browser cookies created through tools like Adobe Flash and Microsoft Silverlight should give us pause. The article quotes from the report that “More than half of the major websites on the Internet use Flash cookies to track users and store information about them.”

Adobe Flash software is estimated to be installed on approximately 98% of personal computers. Therefore, when you visit a site like YouTube, it is likely that you are using a multimedia tool such as Adobe Flash that may drop a cookie on your system each time you visit. The cookie is not actually in your browser, where you would normally be able to find and delete it. They are browser independent, so even if you change browsers, that cookie will still be on your system, tracking your next online visit and building up an ongoing profile of your habits. Most alarmingly, few sites acknowledge the use of Flash in their privacy statements.

The fundamental concern is how much and to what extent anyone’s online habits can be stored for behavioral targeting and online contextual advertising when the user does not know how and what is being tracked. Especially when the user believes that he is taking appropriate steps to protect her privacy. In general, the question on the table is “Who regulates the tracking and sale of personal data and online purchases?”

With the proliferation of super cookies, government and industry regulation is evolving as an agenda item in the Internet privacy debate as it relates to stored online activities. The “Do Not Call” telemarketing database protection from several years ago (and Unsolicited FAX many months before) is largely working. It’s not perfect, but it does offer consumers some level of protection against invasion of privacy. The same applies to CANSPAM laws to opt out of unsolicited email from a business. It’s not okay for him to call me during dinner if I explicitly ask him not to. Similarly, if I opt out of receiving email solicitations from a business, I should not expect further email from that business within a reasonable period of time that allows the business to mark me as “no email” in its database. data. Yet now, our clothing online is being tracked, bought and sold without our knowledge and subtly resold to us in the path of our next “suggested” site visit or “contextual ad”.

The consumer privacy ramifications of super cookies are already on the radar of the Federal Trade Commission (FTC), many US state government offices, and global Internet privacy organizations. It will be interesting to follow the outcome of the recent FTC roundtable discussions on this issue that took place in California in January 2010. Also, let’s see how Barbara Anthony, Massachusetts Under Secretary for Consumer Affairs, can lead the way. with your statement that you want similar consumers. online data protection in her home state before March 1. All we ask for when it comes to our online privacy is something of a gentleman’s agreement regarding disclosure and recourse. We just want a level playing field, regulated by industry or government to protect us in an era of unscrupulous business practices, identity theft, and invisible collection of personal data.

On the technology side, we know there will be a huge increase in code and practices that generate viruses, malware, and spam. We also know that the good creative marketers will stick very close to the bad guys who create these vile things. But super cookies don’t come from the bad guys in an unidentified location. They come from big companies with strong ties to industry and access to the pockets of government lobbyists.

The online user is at a disadvantage because super cookie management technology seems to be in its infancy. Even if there is a government or industry self-regulation in the coming months and years, the user needs a comprehensive tool to automatically manage and manually adjust all types of cookies allowed and not allowed according to their personal data protection requirements. With all the renewed global discussion about online privacy, especially since the recent proliferation of super cookies, 2010 will likely be a watershed year for positive changes in online consumer protection.