“Politicians are letting foreign-owned companies covertly gather information about voters” screeched the Nicky Phillips “EXCLUSIVE” in Fairfaxland today. “The websites of Barry O’Farrell, Kristina Keneally, Tony Abbott and the Greens plant spying devices on visitors’ computers, which can track them as they browse the internet.”
Pot. Kettle. Black.
Fairfax’s own websites, from smh.com.au and theage.com.au to Essential Baby, TradingRoom.com.au and personals site RSVP, all use these “spying devices”. They’re called cookies, and they’ve been a common part of the commercial web since the mid-1990s.
A cookie is nothing more than a piece of data that a website leaves on your computer. It might contain a unique session ID that’s used, say, by a shopping website to ensure you see the contents of your shopping cart rather than someone else’s. A cookie can remain on your computer between browsing sessions. A unique user ID can for example, ensure that any customisation you made to your “browsing experience” is preserved for next time without you having to log in. So far so innocuous.
But consider “third-party” or “tracking cookies”. They’re placed on your computer by another website whose content is included in the web page you’re visiting — such as the advertising inserted into the page by an advertising network. Every time you visit a website in that network, the advertiser knows because they see the same cookie with your unique ID.
“Information gathered about a user’s online behaviour can be used to build detailed profiles to help target advertisements — a practice many believe is a threat to privacy,” writes Phillips. True. This is precisely what tracking cookies are for.
But none of this is news. And for Fairfax to criticise anyone for using tracking cookies is the height of hypocrisy. Fairfax’s own sites are riddled with the damn things — almost all of them from “foreign-owned companies”.
A single visit to the smh.com.au home page this morning placed no less than 21 cookies from seven third-part sites on my computer.
Among them was a cookie for Google subsidiary DoubleClick, one of the biggest online advertising networks and a foreign-owned company. There was one for IMR Worldwide, part of the foreign-owned Nielsen audience-measurement empire. For 2o7.net, a website analytics tool operated by Utah-based Omniture. They’re owned by Adobe, a foreign-owned company. Scorecard Research, another website analytics company. Guess what? Foreign-owned.
While Phillips tried to scare us with the news that Tony Abbott’s website installed “a tracking device, owned by Yahoo! and dated to expire in 2037”, Phillips’ own story at smh.com.au installed “tracking devices” from amgdgt.com (Google’s advertising manager, foreign-owned) set to expire in 2020 and serving-sys.com (another advertising network, Eyeblaster, foreign-owned) expiring in 2038.
The last third-party cookie was from atdmt.com. As Crikey’s deadline approached I ran out of time to look it up, but I wouldn’t put money on it having anything to do with an Australian-owned company.
The ad networks will tell you that their cookies don’t contain any personal information. Perhaps. But if you provide any personal details to any website in the network, it can be cross-matched. Log into your Google Gmail account and your personal data can be correlated with everything collected from networks using DoubleClick’s advertising. If you have a profile at RSVP, Fairfax can cross-match that with your news viewing.
Now the response from Tony Abbott’s office — that any inquiries about third-party cookies on his website should be directed to those third parties — is lame. His office should be taking responsibility for the privacy implications of the technology they use. And if politicians aren’t mentioning this tracking in their website privacy policies then they’re behaving very badly indeed.
However, the mere fact that someone uses tracking cookies isn’t news. Even Crikey uses them, for the DoubleClick ad network, and for analytics by IMR Worldwide and Effective Measure analytics.
Phillips’ story, with its scary-sounding foreign-owned spying devices, is nothing but a beat-up.
atdmt.com is Atlas, Microsoft’s advertising network/software.
PS: IMR Worldwide == Nielsen. You mentioned this when describing Fairfax’s cookies, but not at the bottom of the article when talking about Crikey’s use.
There is, of course, a story in the privacy implications of all this stuff. For those of us who work in the field, it’s sometimes downright scary how much personal data is sprayed around. (The astute will note I don’t have a Facebook account.)
But that story is probably a bit complicated for the Smage’s broadloid target audience.
I’m a bit of a computer duffer ( actually a complete Bozo)
For example on the Crikey Comment section there’s this line “Some HTML is OK”
I’ve always wondered what ius HTML & why is some OK but since I don’t really care I’ve never bothered to find out.
I’ve heard of cookies but didn’t realise they were so widespread and sneaky.
You said you identified 21 cookies from one visit. How did you do this & how do I blow them up on my system or whatever you do to stuff them
@Pav: Stopping cookies depends on the browser you use. Some sites you’ll have to allow, if you want to use them (eg net banking), and some browsers will let you ban all sites but those that you set exceptions for. (Chrome for instance[1])
[1] Well, possibly, I’m using the dev version of Chrome, not sure if this feature is on release. The much handier script blocker for instance, is not.
@Shermozle: Well, I figured mentioning the IMR Worldwide / Nielsen link once was enough, given I was already over length. There is indeed a wider story about the privacy implications of tracking cookies, and of the massively detailed profiles being constructed by the advertising networks. Another tale for another time, perhaps.
@The Pav: HTML is the “hypertext markup language”, the codes out of which web pages are built. You can use a limited subset of them in the comment form to add formatting, such as the one to make text in italics like this. You’re only allowed to use the ones that won’t have security implications, for example embedding piece of another website or malicious stuff into the comments.
You can see what cookies you’ve collected in the privacy controls of your web browser. The exact technique difference for each browser, but it’s often under “preferences” and drill down to privacy. You’d be able to delete them there, but they come straight back the next time you visit the website.
Third-party cookies can be blocked by selecting the right privacy settings. You can get more control using some of the third-party security software. All of the major security software vendors have something that can help, usually sold as privacy protection.
Alas the details get a bit complicated for here, but whoever you normally turn to for help with computer stuff should be able to help.