What’s in a cookie? Used by browsers of all types, these small files are designed to help websites create tailored, curated experiences for netizens — and are also used by advertisers to track the performance of marketing efforts. But as revealed by The Intercept, these seemingly innocuous bits of data are being put to more malicious use thanks to the NSA, which is leveraging its XKeyscore program to mine personal data about unsuspecting Internet users. Have cookies gone stale in the face of government-sponsored recipe meddling?
Advertisers and companies alike rely on cookies to improve sales and create an optimized web experience. For many users, the small amount of personal information available to private companies is worth the slight loss of privacy since things like browsing, purchase and account history allow businesses to develop a Web experience that feels personalized — for example, sites will remember your username, what you last purchased and then make recommendations based on this information.
Of course, there has been some consumer pushback, since marketers don’t always make it obvious that consumers can “opt out” of cookie tracking, and don’t always follow through when users say they no longer want their data collected. Web browsers also share some of the blame since many aren’t clear about how to disable cookies or won’t display sites correctly when cookies are turned off.
According to Adage, however, it’s not just advertisers looking to sniff out consumer data, even if they’ve opted out of tracking. Using Xkeyscore, the NSA is able to track and view all unencrypted cookie data, giving them unfettered access to the Internet at large. And while agencies like the Digital Advertising Alliance (DAA) are pushing for more user control of their own Internet data, including provisions that data must “within a reasonable period of time from collection go through a de-identification process,” there’s no hard-and-fast rule of what constitutes “reasonable,” giving the NSA ample time to track down and grab the data they want.
Worse yet? Cookies follow consumers across networks and IP addresses. Even if netizens switch to VPNs or refresh their IP address, the cookie remains. Users must switch browsers or devices to escape the reach of ad agencies and government spies.
Beyond Chocolate Chips
Of course, the cookie isn’t the end-all-be-all of Internet tracking. As noted by Time, companies are turning to cross-device tracking programs which would allow them to keep tabs on users no matter their connection method — smartphones, tablets, laptops, and desktops would all be fair game. And while this comes with the added benefits of shopping carts saved and transaction histories never misplaced, it also opens the door to a host of privacy issues. The FTC already has plans to hold a workshop this November to discuss tracking-privacy concerns and identify methods to protect consumer privacy while also empowering companies to conduct critical market research. The NSA isn’t invited, but it’s a safe bey they’ll be very interested in the results.
So how do users keep personal data personal when browsing the web? Clearing browser cookies, opting out of tracking, and being vigilant about requests for data access is part of the solution, but advertisers must also step up and honor do-not-track requests along with encrypting cookies to make listening in more of a challenge for the NSA. You can also opt for a browser that disables ads by default, such as Brave. Combined with a VPN, you can do your part to send the NSA to bed without dessert.
The NSA is tracking your online browsing habits. Consider going cookie-less.