So far, it seems that
cookies are useful and help by making the browsing of websites a better
experience for the user, so why are the EU and privacy organisations concerned
about cookies? Well, hopefully you picked up some points I mentioned the
previous blog entries about cookies that are the cause of the concern about
privacy. For those who didn’t, it is because cookies can be used for tracking,
they can be created for third parties and browsers frequently ignore
recommendations in the RFCs about session management
Tracking
A company may want to track a person using their website, they do this by setting a first-party cookie, they then log the pages requested that have the cookie sent in the request header enabling them to track page views and the order in which they were viewed, they do this to obtain data to improve navigation, calculate popular pages and personalise pages offered to a user when they visit, depending on what was viewed last time.
3rd Party Tracking
Third- party companies can create a cookie on a domain other than their own if the web page includes objects, such as images requested from the third party domain embedded in the web page; this allows the creation of third party cookies with a domain different to the domain of the requested webpage.
If the third party has a series of these objects across a large number of domains, it allows what a first party cookie on its own website can do in tracks pages viewed, but now the third party can track page usage across all domains on which it has an object embedded. This can allow targeted advertising based on web sites visited, i.e. adverts for trainers if the user has visited a number of sports footwear website, but it can be used to profile a user for alternate purposes.
Reselling Internet usage
Generally with a web site to which you subscribe there is often the option to decide on how the owner of the web site can use your information and whether they can pass it on to external parties. However when it comes to third party tracking of Internet usage it is a lot harder to prevent them from reselling the derived data about your web usage, they can use the information themselves and additional sell it on to other interested parties, either for marketing purposes or for other profiling purposes.
Profiling
If a user is tracked across the Internet through 3rd party cookies, for example an advertising company that places it is adverts onto websites so the owners can generate revenue by per click advertising. It allows the advertising company to record what sites a user has visited, if for example they track a unique cookie value as having visited several horticultural sites and sites about growing cannabis etc. this level of profiling and tracking would be useful for law enforcement agencies.
Leakage of information
Additionally vulnerabilities have allowed data to be retrieved from cookies that could allow an unauthorised person to steal information about the user and/or impersonate them on web sites allowing identity theft, fraud and other crimes to be committed.
Privacy and the real world
The real danger comes when it becomes possible to link an online identity created by a unique cookie value with personal identifiable Information, allowing the online identity to be linked to an real world identity allowing a name, address to be added to data collected about their viewing habits, this could be useful for direct mail marketing companies but also could be abused by companies, criminals and other agencies.
Tracking
A company may want to track a person using their website, they do this by setting a first-party cookie, they then log the pages requested that have the cookie sent in the request header enabling them to track page views and the order in which they were viewed, they do this to obtain data to improve navigation, calculate popular pages and personalise pages offered to a user when they visit, depending on what was viewed last time.
3rd Party Tracking
Third- party companies can create a cookie on a domain other than their own if the web page includes objects, such as images requested from the third party domain embedded in the web page; this allows the creation of third party cookies with a domain different to the domain of the requested webpage.
If the third party has a series of these objects across a large number of domains, it allows what a first party cookie on its own website can do in tracks pages viewed, but now the third party can track page usage across all domains on which it has an object embedded. This can allow targeted advertising based on web sites visited, i.e. adverts for trainers if the user has visited a number of sports footwear website, but it can be used to profile a user for alternate purposes.
Reselling Internet usage
Generally with a web site to which you subscribe there is often the option to decide on how the owner of the web site can use your information and whether they can pass it on to external parties. However when it comes to third party tracking of Internet usage it is a lot harder to prevent them from reselling the derived data about your web usage, they can use the information themselves and additional sell it on to other interested parties, either for marketing purposes or for other profiling purposes.
Profiling
If a user is tracked across the Internet through 3rd party cookies, for example an advertising company that places it is adverts onto websites so the owners can generate revenue by per click advertising. It allows the advertising company to record what sites a user has visited, if for example they track a unique cookie value as having visited several horticultural sites and sites about growing cannabis etc. this level of profiling and tracking would be useful for law enforcement agencies.
Leakage of information
Additionally vulnerabilities have allowed data to be retrieved from cookies that could allow an unauthorised person to steal information about the user and/or impersonate them on web sites allowing identity theft, fraud and other crimes to be committed.
Privacy and the real world
The real danger comes when it becomes possible to link an online identity created by a unique cookie value with personal identifiable Information, allowing the online identity to be linked to an real world identity allowing a name, address to be added to data collected about their viewing habits, this could be useful for direct mail marketing companies but also could be abused by companies, criminals and other agencies.
No comments:
Post a Comment