Cookies & Behaviorial Tracking

Mmmm, cookies fresh out of the oven.  You know the kind with the yummy, gooey chocolate chips that have you running to the fridge for a glass of cold milk?  What’s not to love?  Well, these are NOT those kinds of cookies.  Computer or HTTP cookies are basically little packets of information saved on your computer by the websites you visit.  While some cookies expire when you leave a website or at the end of your Internet session, others, like those extra pounds from a chocolate-chip cookie binge, can stick around for a long, long time.

What Cookies Do
Third-Party Cookies
Ways to Avoid/Delete Unwanted Cookies

---

What Cookies Do

Some cookies are good – they allow you to fill a virtual shopping cart with different items and pay for the whole thing instead of one item at a time.  They also store authentication information so that you can log into your bank or credit card account online without answering a gazillion questions every single time.

Others are not so benign because they can be used to invade your privacy and track information about your web surfing habits. Imagine if someone you didn’t know was able to view your entire browsing history – every website you visited and every ad you clicked.  They might be able to figure out what kind of work you do, your income level, if you’ve recently been diagnosed with a disease, whether you are about to get married or divorced – the possibilities are endless.  Horrifying thought, isn’t it?  Marketers can get this kind of info from cookies stored on your computer to create a profile of what type of shopper you are so they can bombard you with targeted ads.  This practice is known as Behavioral targeting or behavioral tracking.

 

Third-Party Cookies

Third-party cookies are particularly alarming when it comes to tracking.  Unlike first-party cookies, which are placed by the actual websites to which you navigate, third-party cookies usually end up on your computer because of embedded advertising and can persist for years.  For example, you might be visiting a favorite news site that stores a cookie on your computer – this is a first-party cookie.  These are generally harmless and can usually only be accessed by the website that put it in place.  However, on that same news site, there are a bunch of ads (banner ads or pop-ups, for example) from other companies who can also place cookies on your computer even though you may have never visited their websites.  These ads might appear on multiple websites you visit and can help an advertiser build a profile on you.  Based upon your surfing history, the profile can be used to create targeted marketing that will appeal to you.

And as if that wasn’t enough, identity thieves and criminal hackers may access or tamper with the information stored in cookies.  They may be able to “cookiejack” information, such as logins and passwords, credit card numbers, and the like.  In what is known as “cookie poisoning,” hackers change browser cookies to assume your identity to access secure websites such as your bank.

The FTC is starting to clamp down on behavioral tracking and third-party cookies placed by ad networks without consent.  In March 2011, the agency reached a settlement with Chitika, a company that buys ad space and places cookies on consumers’ computers in order to track online behavior.  Although the company’s privacy policy allows users to opt-out of tracking, apparently the opt-out was only good for 10 days.   The company was targeted for deceptive practices and is now required to not only extend the opt-out period to 5 years, but also make the process easier for those who do not wish to be tracked.  It is interesting to note that, according to Chitika, they receive only 30 opt-out requests on average per month, compared to 450 million unique MONTHLY users whom they are tracking.

Ways to Avoid/Delete Unwanted Cookies

1. Check your cookies: Check how your browser (Firefox, Internet Explorer, Safari, Chrome, etc.) is currently set-up to manage your cookies.  You can do this by going to the preferences, options, or privacy/security section of your browser.  You can ask to be notified every single time your computer accepts a cookie, or choose to never accept cookies.  The first option can get a tad annoying, and the second option can make websites you actually want to use non-functional.  A better option, which many browsers will now let you do, is to opt-out of third-party cookies and only accept cookies from sites you visit.

2. Delete your cookies: Actively manage cookies stored on your computer and regularly delete ones from companies you don’t know.  If you delete all, you may lose the contents of your shopping cart, have to re-enter login information, or go through an authentication process with certain websites you visit regularly.  Instead, delete the ones that look like they come from advertisers such as: adap.tv, clearspring.com, doubleclick.net, interclick.com, specificlick.net, tremormedia.com, videoegg.com to name just a few.  You can also purchase or install free software to help you manage your cookies. To buy software, check for reviews at websites such as:

www.cnet.com
http://www.pcmag.com/

3. Opt-out of cookies: Many websites and advertisers will now let you opt out of behavioral tracking by installing an opt-out cookie or specialized software.  That’s right – a cookie to avoid other cookies!  Unfortunately, as of right now, many of these cookies are site-specific, meaning you have to install one from each website/server.

• Google, for example, has a plug-in to opt out of the Double Click cookie (one of the online advertising goliaths): http://www.google.com/ads/preferences/plugin/.

• Firefox has software called TACO (Targeted Advertising Cookie Opt-Out) that will get you off the radar of 110 advertising companies:https://addons.mozilla.org/en-US/firefox/addon/targeted-advertising-cookie-op/.

• An industry organization called the Network Advertising Initiative (NAI) allows consumers to install opt-out cookies from its member organizations at:http://www.networkadvertising.org/managing/opt_out.asp.

None of these are ideal so both the FTC and the Commerce Department are looking into a more universal “Do Not Track” option similar to the “Do Not Call Registry” available for telephones.  Stay tuned.