The collection of web data, and especially the use of "cookies", raises concerns about individual privacy, a subject that has been discuss at length for years now. Cookies work as a tagging mechanism to identify a computer out of the millions of users accessing the Internet. There are session cookies, persistent cookies, flash cookies, first party and third party cookies, as well as opt-in and opt-out cookies. As cookie technology evolves along with website publishing and advertisement technology, privacy issues are sure to arise time and again.
Cookie Profiling
Cookie profiling, also called web profiling, is the use of persistent or permanent cookies to track a user’s overall activity online. This tracking does not just happen when you are on a particular site, but it occurs the whole time you are browsing. Marketers buy advertising rights on thousands of popular websites in order to collect and collate cookie information and create a single “profile” of a user. Internet advertising targets potential customers based on the manner they browse the Internet. This matter may not be a big deal for some, but others take their privacy seriously and are uneasy about being “followed around” and profiled.
Cookie profiling that marketers do is actually less alarming than other attempts of obtaining personal information online. Cyber criminals utilize cookies for internet phishing to acquire highly sensitive data like credit card information, social security number, usernames, passwords, and bank information.
However, if marketers acquire personal information by purchasing it from social networks, that is not really ethical. Many users, not knowing that their personal information is being shared, will probably consider this a detestable action, even if some users do not actually take it as offensive.
Facebook, like any other website, utilizes cookies in order to monitor its users. But the problem is that it does not stop tracking after a user signs out of his or her account.
Privacy Concerns on Cookies
Cookie-based ad tracking has evolved through the years, from simple operations like counting ad impressions, limiting popups to preserving ad sequence, third party ad serving cookies have evolved to user profiling/website preference tracking. In particular this latter group of activities has attracted a lot of controversy among online consumer privacy groups and other concerned parties, insisting that increased ad effectiveness must be weighed against the impact on user privacy and the fact that there is no obvious consent given for such tracking. Given the rapid evolution of cookie-based ad-serving and behavior-tracking technology, consumer privacy activists are urging a reconsideration of the default standards for cookies.
The rise and fall of flash cookies intensified the privacy debate. In addition to user behavior tracking and browsing history-based ad serving, online consumer groups are also concerned at the rising level of cookie anonymity. While browser-based cookies are easy to detect and delete, many consumers are not very familiar with “flash-based” cookies. Also called “Local Shared Objects” (LSO), flash-based cookies are not stored on your computer like browser-based cookies. As a result, they are harder to find and delete. Banks and online finance sites use flash-based cookies precisely for this reason. Once again, there's no explicit notice sent to the user that a flash cookie has been planted on the user's computer.
Due to the increasingly vocal concerns raised by consumer groups and privacy groups, flash-based cookies are being phased out on a technical level. Newer versions of Adobe Flash notify users that a cookie is being planted and explicitly asks users if they consent to storing website server information on their computer. Regardless, the rise, widespread use, and fallout resulting from flash-based cookies does raise a fundamental question at this stage of cookies' technological evolution—are current privacy protection processes enough?
P3P: Inadequacy in the Face of the Internet's Evolution?
P3P stands for “Platform for Privacy Preferences Project”. It is a project by the Internet standards setting body, the World Wide Web Consortium (W3C), which aims to help consumers manage their privacy, while navigating websites which have differing privacy policies such as, what information is collected or what duration is set, among others. Users set their privacy preference in their P3P-enabled browsers. Before a user loads a site, the browser's P3P agent checks the privacy policy of the website being loaded. If the site falls within the user's preset privacy settings, the site loads automatically. If the site's privacy policy doesn't match the user's settings, the user is prompted.
Critics of P3P note that it offers weak protection against the highly evolving pace of website content, since only a small fraction of websites complies with P3P or even has a privacy policy, not to mention that there's no legal compulsion for websites to enforce their privacy policies. In essence, the P3P, its critics charge, is a well-intentioned failure—a toothless tiger.
Opt-Out Cookies
Online consumer privacy groups urge a new default standard for cookies, namely OPT OUT, which means that consumers are notified via an alert or window when they load a website. The user must consent to the notice before they can navigate the site and any cookies are planted. At a minimum, the notice is to contain the following: disclosure of information gathering practices, the uses for this information, and policies for processing and disposing of this data. The user should be given the right to know if the information being gathered contains any personally identifying data, the right to get a copy of the data collected at an affordable price and in a form that the consumer can readily understand, and the right to request a correction of the data, and, most importantly, the right to have all data on the user's behavior/browsing pattern within the website destroyed.
Consumer privacy protection activists argue that due to the huge evolution of websites like Facebook, which pose extensive security concerns as well as the evolution of “hidden” cookie technology as exemplified by flash cookies, an opt out regime is the only effective way to safeguard user information.
There are two kinds of cookies – those to help a site function and those for ad tracking/monetization. The divide between the two grows wider as the debate between the proper role of cookies and the user tracking/user information storage they make possible gets louder. However, one thing is for sure, cookies' website-enhancing functions will remain in demand regardless of whether the cookie, as a file form, survives today's raging privacy debates.
Cookies are at a tenuous, yet, crucial crossroad between public policy and technology. Hopefully, in the future these issues will be safely resolved— providing high levels of personal privacy, while preserving full website functionality and advertiser monetization. According to the guys at allaboutcookies.org “it is just a matter of innovation”. (Source: http://www.allaboutcookies.org)
By MediaBUZZ