How the Cookies Crumble

PART 1

My father-in-law used to say “If it sounds to good to be true, it is too good to be true!” Another famous quote is “You get what you pay for!” So why am I mentioning these things in a post on Cookies and what does that have to do with you? Well, demographic information on Facebook helped re-elect Barak Obama in 2012. The government used Facebook to experiment with your emotions. Facebook tracks everything you do on your personal devices, computer, tablet and smart phone. This tracking can lead to privacy compromise, unreliable computers, devices and smartphones, targeting for advertisements as well as potential association with websites or organizations with whom you and/or your friends may not want to be associated at all.

So free comes at a price and that is what “How the Cookies Crumble” is all about. Basically, sites like Facebook say; “If you want to use our stuff for free you have to give up your right to privacy.” Facebook states that it is for our best interest and they are protecting and providing us with a better experience. We’ll read that a little later right from the Facebook privacy agreement and decode what it really means. For now we’ll focus on Facebook as the example but Google, Yahoo and any other “free” services use the same techniques to track everything you do. In fact practically every web site you visit uses some kind of tracking.

Here are some important questions to ask yourself .

• Have you ever really considered how your personal data is used?
• Have you ever considered the fact that these sites keep watching even after you log off or leave the browser?
• Do you know why they collect and how they use this data?
• How do companies like Facebook make money?
• Have you considered how this collection of information can effect the performance and reliability of your system or device?
• Have you experienced slow and/or unreliable page loads?

Well if you have not considered that they are watching, you should! Facebook tracks pretty much everything into which they can hook their pixel tags, cookies and scripts. They even track your cursor movements when you are logged in to catch where you hover and what you click

to view.

Did you know?

• Facebook tracks all of the web pages you have visited on your computer, tables and smartphones even if you are not logged into Facebook?
• Facebook tracks the same information and more on your smart phone?
• When you login to Facebook there is an advertiser bidding war going on as to who will get to serve you adds based on the data Facebook has collected on you (FBX)?
• When you logon to a website or game site using your Facebook profile that not only is your profile information shared with that website but also your “Friends List”?
• When you click the “Like” or “Share” button that your personal information is sent?
• That  your location is tracked by default when using Facebook on your smart phone?
• That pixel tags(web beacons) can track not only your browsing activity but also your email usage?
• That Facebook has collected 300 petabytes of data on its subscribers?

How they track you?

Web sites use a number of techniques to hook your computer and/or your personal devices. Facebook primarily uses cookies but here are several other means used by which they can get their hooks in your devices:

• Bowser Cookies – a small file stored on your computer
• Flash Cookies – or LSO (Locally Shared Objects) are files stored by Adobe Flash
• EverCookies – these are similar to browser cookies but these are stored in several different ways in several different places making them difficult to remove
• HTML5 Storage – DOM (Document Object Model) Storage new type of local storage with HTML5
• IP Address – Internet Protocol address, the place your device lives on the internet
• Fingerprinting – sometimes called pixel tags or web beacons typically use an invisible .gif file to generate a unique identifier for the browser

Privacy from the Facebook Perspective!

How many of us just “click” through the Facebook agreement to their privacy policy without actually reading the policy?

Lets take a look at some provisions in the Facebook “Privacy Policy” with regard to information they collect (take directly from the policy):

Site activity information. We keep track of the actions you take on Facebook, such as adding a friend, becoming a fan of a Facebook Page, joining a group or an event, creating a photo album, sending a gift, poking another user, indicating you “like” a post, attending an event, or authorizing an application. In some cases you are also taking an action when you provide information or content to us. For example, if you share a video, in addition to storing the actual content you uploaded, we might log the fact you shared it.

Access Device and Browser Information. When you access Facebook from a computer, mobile phone or other device, we may collect information from that device about your browser type, location, and IP address, as well as the pages you visit.

Cookie Information. We use “cookies” (small pieces of data we store for an extended period of time on your computer, mobile phone, or other device) to make Facebook easier to use, to make our advertising better, and to protect both you and Facebook. For example, we use them to store your login ID (but never your password) to make it easier for you to login whenever you come back to Facebook. We also use them to confirm that you are logged into Facebook, and to know when you are interacting with Facebook Platform applications and websites, our widgets and Share buttons, and our advertisements. You can remove or block cookies using the settings in your browser, but in some cases that may impact your ability to use Facebook.

Facebook Privacy – What it Really Means!

Let’s take a closer look at each of the areas and what this really means.

Site activity information. If you like something or re-post something, why does that need to be tracked? If you friend someone, why does that need to be tracked? Well, the answer is simple, it really doesn’t need to be tracked. However, the demographic information that can be gleaned from tracking this information is monumental in advertising and targeting for advertisements and even for political campaigns. As mentioned Facebook has in the past several years collected more than 300 petabytes of information through tracking. That is 300,000 gigabytes of data or nearly 1 million bytes of information for every man, woman and child in the US. Algorithms which analyze this data provide Facebook and it’s partners with reams of information through which it can leverage to make a profit.

Access Device and Browser Information. So you are being tracked. Physically tracked. The GPS in your smartphone provides real-time information on your exact location and Facebook tracks that information by default. They know the places you go to eat, shop, sleep and work. On your computer there is a network interface, whether wired or wireless. This interface is connected to a router which is connected to your ISP, Cable, Fios, etc. The router is assigned and address by your ISP and your network interface is associated with that address. This is called an IP (Internet Protocol) address and is used in the internet to find you much like your street address is used to receive mail. That being the case, how could this be helpful to Facebook. Well, as mentioned in the privacy agreement, all of the web pages you visit are tracked and one of the common threads for linking those pages is you IP address. So by collecting the type of browser, device and your location they can created data inferences that are useful for marketing purposes.

Cookie Information. This is the most invasive thing done by Facebook as well as many other companies. When you login to Facebook they store a number of pieces of information on your system, device or smart phone. These pieces of information are called cookies. The interesting part about Facebook cookies stored on your device is that other websites can use that information and it allows Facebook to track all of the things you are doing in your browser. One of the questions in the “Did you know!” section regarded the fact that when you use Facebook to login to another site not only is your information sent along but your friends list as well.

Below is a paragraph from the Facebook “Data Use Policy“. On the surface this seems helpful and nice. But is it really?

Let’s look at the statement:

Other websites and applications

“Facebook Platform (or simply Platform) refers to the way we help you share your information with the games, applications, and websites you and your friends use. Facebook Platform also lets you bring your friends with you, so you can connect with them off Facebook. In these two ways, Facebook Platform helps you make your experiences on the web more personalized and social.”

Let’s translate this statement into something more meaningful:

Facebook wants you to focus on the “you” parts of the statement. Facebook will make it easier for you to connect with friends. They’ll make your experience on the web better, safer and more tailored to your needs. Really, just how will they tailor your Facebook experience? What it really means is that they intend to learn enough about you to provide a way for Facebook as well as other websites to target you and your friends. So let’s say you have a friend who is not of the best of character and they use Facebook to login to an unscrupulous website. Because Facebook passes along not only the use profile but the friends list, you just got served up to that site as well and now all of the hooks Facebook has in your system legitimizes the access of that site on your system. When you login to your favorite whoozy-whatsit site using your Facebook login, you just served all of your friends up to that site as well. This kind of networking is very beneficial to Facebook in that perhaps some of your friends may be interested in the new marketing campaigns they are about to receive.

If Facebook is trying to make it better – What is the problem?

Well we have mentioned the downside of serving up your friends to websites using Facebook as a single-sign-on. But it gets worse. Facebook, as specified in their privacy policy, tracks all of the pages you have visited (i.e. you browser history). When you visit the Facebook web page, it loads a series of advertisements and associated scripts which invoke links to other sites and each of them wants to track what you do so they add their own tracking mechanisms. Facebook facilitates that by deliberately placing advertisements in the web pages that link to other web sites, remember the bidding wars. Those web sites in turn want to see all of the web pages you are viewing to target you for their specific purposes because they paid Facebook to get at you. Further complicating the issue, those web sites also have marketing partners who want to target you using the same processes. These kinds of interactions combine to cause slow, sometimes unreliable, page load times and with each new set of links from each new web page increases your risk of acquiring something that is truly damaging to your privacy and/or your devices. As the number of these trackers increase the problem gets worse creating what I call a degenerative feedback loop which not only slows down page loads but also uses up valuable network bandwidth. This is particularly true in smart phone world where you pay a high price for a limited amount of bandwidth.

So what can I do about it?

I’m glad you asked. We’ll cover that in “PART II”. There is hope and there are ways to stop this pernicious snooping!