Introduction
In order to offer something expensive to you for free, such as news or valuable information, websites will make back their costs by selling advertising to you. Tracking cookies allow sites to target their ads to the people most likely to buy based on their purchase history or the kinds of websites they usually visit.
Google is one of the biggest collectors of data on you, from your search history, to how you use their free Gmail email services.
According to a July 2018 report by The Wall Street Journal, Google has admitted troubling security and privacy etiquette by not only allowing third-party companies to view how you use Gmail, but also allowing other app developers to sift through this personal data.
Google’s use of cookies to note your search history is of particular interest as well.
Other advertisers on Google’s network can make use of the cookies it sets and companies who want to advertise their products to you will pay Google for the privilege. Tens of thousands, if not hundreds of thousands of advertising networks are operating constantly every time you go online. With cookies, they can put together a sophisticated picture of the websites you visit most frequently and how long you spend on them.
Referrer URLs are an important part of the package. As Google explains, tracking cookies can be sent back to an advertiser’s own server, and can include data on the previous website that you visited.
So it’s not only the site that served you the cookie that benefits. Others down the chain can make use of this data, and serve you ads on garden hoses or any other related items they think customers with the same profile might buy.
By building a profile of you across websites, tracking cookies can link your smartphone to your laptop and any IoT devices such as Alexa assistants or Google Home smart speakers. In the past five years, the use of tracking cookies has become much more common and the information available is exponentially more detailed.
The rise in private and state-sponsored hacking has also put this data at risk. Privacy leaks from large data-storage companies are not uncommon, and these companies often have millions of people on file.
The link between tracking cookies and other forms of unwanted advertisements like nuisance cold calls is not always clear.
Originally cookies were only for use online, but the staggering amount of personal data points and location data that websites now collect from smartphones and work computers means that anyone who has the resources and the desire can build up a very detailed picture of an individual just through their online behaviour. This includes marketing professionals, corporate hackers and cyber criminals.
What do tracking cookies actually do?
Tracking cookies can pick up and broadcast a vast range of data, including your approximate location, what kind of computer or smartphone you’re using to access the website, the search queries you’ve entered, what you have bought online, and any URLs you have clicked on.
If you look into the technical aspect of tracking cookies, it becomes clear the kind of information that is being stored on you…
- Name: This is the name of the cookie, and in general what it is used for
- Value: Normally an alphanumeric string of letters and numbers, this is the unique identifier for your computer. It’s used so companies can tie that online session directly to you. In practice, it acts as a way to advertise to you when you visit different websites.
- Attribute: These are the specific features of the cookie, including: how long it will last for before being deleted, whether other websites and domains can use that cookie, if the cookie can only be accessed by using https, a secure version of the protocol that displays website pages, and whether the cookie can be accessed via Javascript. The last one of this list is particularly important because attackers can use cross-site scripting vulnerabilities to change what the cookie is allowed to do to spoof your login credentials and effectively fake your ID.
How to stop tracking cookies
Some websites make it easy to turn off cookies at this stage that are intended only for advertising with a simple click.
Others try to discourage this by making it more difficult, burying this option deep within a vast wall of text, like a privacy policy or a set of Terms and Conditions.
This can be time-consuming and confusing, and it’s no fun digging through endless menus, turning off the advertisers or preferences you don’t particularly want. If you want to avoid being tracked online, your first port of call should be to speak to your managed security service provider for advice.
There are steps you can take, though…
- Delete the cookies in your browser history. It’s not always easy to see what cookies are stored on your computer. However, it is relatively simple to clear and delete cookies. For example, if you are using Google Chrome, you can type chrome://settings/ into your address bar, scroll down to Advanced and click on Clear browsing data. For all other browsers, check out this website.
- Install an ad-blocker or anti-tracking browser extension. This is a very common and usually secure way of hiding your activity from tracking cookies. Always ask a cyber security professional before installing any software.
- Send a ‘Do Not Track’ request with your browser traffic. This option is common to most modern browsers and can usually be found in your Settings menu.
- Install a VPN. A business-grade Virtual Private Network can change your IP address in every session, making your profile much harder to reconcile and track. Ask your managed security services provider for recommendations.
