The Cookie Monster: Are you OK with who is tracking you online?

In a new, Covid-19 world, more business than ever is taking place online. While there were questions about digital privacy prior to this crisis, there are exponentially more in our now mostly work-from-home economy. The problem is not as simple as IF your data is shared, but rather HOW it is shared and with who.

Historically, cookies were the common method for advertisers and websites to track users online. Simply put, websites would leave “crumbs” on an individual’s browser that allowed advertisers to track you when visiting that same website later. As online privacy became more of a public concern, browsers like Apple’s Safari and Mozilla’s Firefox provided users with more privacy control. This has led to a rise in new more complicated techniques of online tracking. Fingerprinting, for example, uses a computer’s default settings to track users across browsers and websites. The concern of online tracking is only exasperated by the introduction of ubiquitous mobile phone usage. Most mobile apps request access to your location that can be easily used to track an individual even with anonymized geo-location data. The New York Times has shown how a bad actor only requires a handful of location data points to identify any person.

Worry about being tracked online by numerous companies can make anyone consider deleting their online presence; however, becoming completely anonymous online is impractical. If you have ever used Google Maps to find your way home, enjoyed a show suggestion by Netflix, or happily reconnected with a long-lost friend on Facebook, then you have traded some of your privacy for a beneficial service. If you were to pay for these types of services with cash instead of online data, the costs would add up quickly. Google and Facebook made $32.6 billion and $16.6 billion, respectively, in advertising revenue in a single 2019 quarter. Dividing only Facebook’s ad revenue by their number of users, shows an average revenue of ~$28 per person each year. Many would pay this price for privacy, but others from around the world may find this price far too high. Additionally, this $28 covers the use of only Facebook without considering other similar prices for Google, Amazon, Twitter, YouTube, TikTok, and more. Even if users are willing to pay for each online service to have more privacy, the overall effectiveness of online services would diminish without this aggregate data. The unaccounted value of users’ online data is that it creates beneficial services tailored for each individual. For example, getting a great restaurant recommendation from Google based on your preferences. Such recommendations would be near impossible without large scale aggregate data.

If you have decided that you are O.K. with trading your online data for the benefits of personalized free services, does that mean you can continue with your current online habits? NO. Online users can and should take steps to limit which applications track online activity. Users should not simply accept the default settings provided to them even if they seem harmless. Many mobile applications will default to collecting location data to “help provide better services” which they later sell to multiple advertisers. Most of these applications will work without needing location data and users should decide which apps absolutely require location info to work. To show how bad accepting a default security/privacy setting can be, look no further than the recent string of Zoom Bombing events. “Hackers” didn’t steal passwords or write codes to crack a database as most early 2000s movies would have you believe. Instead, these bad actors found dial-in information posted publicly on social media before joining a Zoom call that did not have a default password set.

The takeaway from these anecdotes is like most daily activities in life: don’t over panic but take the adequate precautions. Many people may find it impossible to avoid “dangerous” car travel for the rest of their lives, but that doesn’t mean you should forego a seatbelt and airbags just in case. So take a deep breath, turn off some of your mobile location tracking, consider changing to a more secure browser, and take a look at a helpful data privacy guide.