Are cookies crumbling our privacy? We asked an expert to find out

government anti surveilance email online privacy
“Cookies are just a fundamental part of how the Web works, about as essential as Wi-Fi, HTML, or electricity,” explains Silktide founder, Oliver Emberton. “All cookies do is recognize your computer as it travels between Web pages — so you need them for critical things like logging into a website, or buying something from a store.”

Cookies are small text files that reside on your computer, and the information they contain is set and accessed by the servers of the websites that you visit. Cookies allow servers to identify you and remember things about you.

“The problem is that those same cookies can also be used to track people, and do things that many people don’t like, like deliver targeted ads,” says Emberton. “And this has got a lot of people understandably concerned.”

In Europe, it generated so much concern that the European Union legislated in 2011, demanding that websites gain user consent to use cookies. That law is still the subject of much debate, but before we get into it, let’s rewind and take a look at where cookies came from in the first place.

A brief history of cookies

The man responsible for cookies is Lou Montulli. He developed one of the earliest Web browsers, Lynx, in 1991 and joined Mosaic Communications Corporation, later to become Netscape, in 1994. He was responsible for a variety of Web innovations including the blink tag, server push and client pull, HTTP proxying, and cookies.

According to the man himself, cookies are named after the computer science term “magic cookie,” as discovered by Clouseau on Google Answers. The Jargon File describes a magic cookie as “something passed between routines or programs that enables the receiver to perform some operation; a capability ticket or opaque identifier.”

“The vulnerability of systems to damage or snoop by using Web browser cookies is essentially nonexistent.”

Montulli had the idea to use a similar system in the Netscape browser for Web communications, and he used the familiar programming term, cookie. They were first used to verify whether users had visited the Netscape website before, and they enabled websites to remember your preferences. The cookies also presented a handy solution for virtual shopping carts, enabling e-commerce websites to remember what you were shopping for the last time you visited.

The public didn’t really become aware of them until 1996, when the media started reporting on the potential threat to privacy. Concerns focused on the fact that cookies were storing information on user’s computers without their knowledge or consent.

The revelation generated enough fuss that in 1998, the U.S. Department of Energy Computer Incident Advisory Capability released an information bulletin, which included this assessment: “The vulnerability of systems to damage or snooping by using Web browser cookies is essentially nonexistent. Cookies can only tell a Web server if you have been there before and can pass short bits of information (such as a user number) from the Web server back to itself the next time you visit. … Information about where you come from and what Web pages you visit already exists in a Web server’s log files and could also be used to track users browsing habits, cookies just make it easier.”

What is the threat?

Clearly cookies have an important function, and they make Web browsing much more convenient for us, since we don’t have to identify ourselves again every time we visit a website. Many people don’t see much of an issue with cookies, but the potential threat is described succinctly on Cookie Central:

“Unfortunately, the original intent of the cookie has been subverted by some unscrupulous entities who have found a way to use this process to actually track your movements across the Web. They do this by surreptitiously planting their cookies and then retrieving them in such a way that allows them to build detailed profiles of your interests, spending habits, and lifestyle.

Acer Chromebook 15

Bill Roberson/Digital Trends

On the surface, this practice may seem harmless and hardly worth fretting over since the worst thing most imagine is that corporate concerns will use this information to devise annoying, yet relatively innocuous advertising campaigns, targeted towards specific groups or individuals. However, it is rather scary to contemplate how such an intimate knowledge of our personal preferences and private activities might eventually be used to brand each of us as members of a particular group.

But remember a site only knows what information you have entered. Not all cookies are bad, they can also provide useful functions on the Web. The threat posed by cookies is a legitimate concern for people worried about privacy, but it pales in comparison to other threats, particularly in the wake of Edward Snowden’s revelations about the NSA and government surveillance.

Cookies are the thin end of the wedge

“Cookies aren’t the problem,” says Emberton. “There are equivalent or worse technologies that most people don’t know about (like local storage and LSOs), which can do the same thing. Cookies just happen to have caught mainstream awareness. The real issue isn’t the technology, it’s what people choose to do with it, but that’s harder to police.”

“Over 95 percent of websites use cookies, mostly for boring things that never cross our minds, like ensuring a website responds quickly, or counting visitors. The data most sites hold can’t be used to identify you personally,” he explains. “However, a handful of big companies — most notably Google, Facebook, and Amazon — hold a vast amount of personally identifiable information about millions of people. For example, Google’s history might tell someone if you have a medical problem, or your sexual orientation, or what political party you support. This information is likely linked to your real name.”

“Google’s history might tell someone if you have a medical problem, your sexual orientation, or what political party you support.”

The FTC has tangled with Google and others on the issue of online privacy several times in the last few years. In 2012 Google agreed to a $22.5 million settlement over Apple’s Safari Web browser, which has a default setting to block third-party cookies that Google bypassed. A U.K. court recently ruled that Safari users can sue Google over cookie tracking.

In the States, there have been attempts to introduce “Do Not Track” legislation, mirroring the “Do Not Call” law, which prevents telemarketers from contacting people who opt out. The idea is to give users the right to opt out of being tracked by third-party websites. According to its website, as part of its remit to protect consumer privacy, the FTC has been considering the “Do Not Track” proposal, but has yet to vote on whether to support it.

From 2011 various bills have been introduced, but later withdrawn or failed. The difficulty of establishing standards and agreeing workable legislation seems to have scuppered its progress. By contrast, legislation was passed in the EU, but how effective it has been in protecting consumer privacy is highly questionable.

EU Cookie law

In May, 2011, the e-Privacy Directive changed the law with regard to cookies in the European Union. In order to comply with the new law, website owners were charged with telling visitors about the cookies they use and obtaining their consent. In practice, websites that have complied now display a pop-up when you first visit that links to an explanation of their cookie policy and allows you to accept it.

European website owners and online businesses were understandably upset. Particularly because the law could penalize them, but not their competitors beyond EU jurisdiction. At first it wasn’t clear how the legislation would be enforced.

In the U.K., it fell to the Information Commissioner’s Office (ICO) to decide, and the agency gave websites a grace period of a year to comply. Many did comply, in no small part because the ICO was empowered to impose fines of up to £500,000 ($768,000), but the lack of will to enforce the law across the EU soon led to resistance.

Silktide develops software to help measure website quality. It released a free, open source cookie consent plug-in to enable websites to easily comply with the new law, but then it decided to challenge the ICO with nocookielaw.com, which begins “Dear ICO, Sue us,” and goes on to ridicule the law and explain why it’s largely pointless.

online spending

There was no lawsuit. We contacted the ICO, and Lead Communications Officer Anya Burgess confirmed that “so far the ICO have not issued any fines for ignoring the EU cookie law.”

She also pointed us to ICO’s latest study, which reveals the average website places 34 cookies on your device on your first visit, and 70 percent of them were third-party cookies (set by websites other than the one being visited). The study also raises concerns about the expiry dates on cookies, with some, optimistically, set to expire in the year 9999.

“I find the law misguided, but it has softened over the last couple of years, as the EU wrestled with how to implement it,” says Silktide’s Emberton. “The difference between what was written — which pretty much made every website illegal — and what has been policed is immense. I expect the letter of the law will slowly catch up with reality over time, but I don’t expect the law will actually do anything for user’s privacy.”

That’s the way the cookie crumbles

There are still efforts in motion to get some legislation on the books Stateside, but resistance remains fierce, and even if some kind of “Do Not Track” law is passed, will the FTC have the power or the will to enforce it against big business?

“Improving online privacy would be a noble goal, but regulating cookies would be a terrible way to accomplish it,” says Emberton when asked about the U.S.

“Cookies by themselves pose no threat to the average person, but the information that companies store about you (with or without cookies) is always a concern, and should be protected for good reason.”

Computing

Canada’s winters inspired a startup to warm homes with cryptomining heat waste

Cryptomining may be the key to untold riches and the future of currency, but it’s also an environmental nightmare. Heatmine, thinks it has the answer, but it could mean bolting a mining rig onto every home and business in the country.
Music

Here's our head-to-head comparison of Pandora and Spotify

Which music streaming platform is best for you? We pit Spotify versus Pandora, two mighty streaming services with on-demand music and massive catalogs, comparing every facet of the two services to help you decide which is best.
Product Review

The Black Shark gaming phone takes a big bite out of your free time, but the software sinks it

The world is being treated to an ever-increasing number of high-powered gaming phones. With so many great options already out, is there room for another? The Black Shark thinks so. But is it any good? We find out.
Gaming

How you can give your PS4 a fresh start with a factory reset

Learn the many ways you can factory reset your PS4. From reverting your settings to factory to doing a full wipe and reinstalling the latest PlayStation firmware, we cover it all here, step by step.
Deals

Best deals on smart locks so you’ll never have to worry about unlocked doors

Is your front door locked? We found the best deals on smart home door locks that take the worry out of wondering if your home is secure. You can lock or unlock your doors remotely and some models let you control locks with voice commands.
Home Theater

Confused about LED vs. LCD TVs? Here's everything you need to know

Our LED vs. LCD TV buying guide explains why these two common types of displays are fundamentally connected, how they differ, what to look for in buying an LED TV, and what's on the horizon for TVs.
Product Review

The Asus ZenBook 14 is a tiny notebook that gets lost in the crowd

The ZenBook 14 aims to be the smallest 14-inch notebook around, and it succeeds thanks to some tiny bezels. Performance and battery life are good, but the notebook lacks a standout feature other than size.
Deals

The best MacBook deals for December 2018

If you’re in the market for a new Apple laptop, let us make your work a little easier: We hunted down the best up-to-date MacBook deals available online right now from various retailers.
Computing

How to connect AirPods to your MacBook

If you have new AirPods, you may be looking forward to pairing them with your MacBook. Our guide will show you exactly how to connect AirPods to MacBook, what to do if they are already paired with a device, and more.
Computing

Hitting ‘Check for updates’ in Windows 10 opts you into beta releases

Users who are careful about keeping their system updated should watch out -- Microsoft revealed this week that clicking the Check for updates button in Windows can opt you in to testing beta code.
Computing

Secure your Excel documents with a password by following these quick steps

Excel documents are used by people and businesses all over the world. Given how often they contain sensitive information, it makes sense to keep them from the wrong eyes. Thankfully, it's easy to secure them with a password.
Computing

Which Macs are compatible with MacOS Mojave?

Is your computer ready for Apple's big Mojave update? Here's what you need to know about MacOS Mojave compatibility, what Macs can successful download Mojave, and the requirements you need to know about.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Booze-filled ski poles and crypto piggy banks

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Computing

Change your mouse cursor in Windows with these quick tips

The standard mouse cursor is boring, so change it! With this guide on how to change your mouse cursor in Windows, you can choose to use one of Microsoft's pre-installed cursors or download something a bit more extravagant.