Mozilla, the developer of the Firefox web-browser, has decided that voluntary compliance by advertisers with its ‘Do Not Track’ settings is not working. Advertisers have basically been ignoring what is essentially a request by users, so instead of giving up, Mozilla has taken the right step and will simply not allow ad networks to install cookies on user’s computers or phones. This will of course cut ad revenue to some sites that rely on it, but it will also be a major step to slowing the proliferation of online tracking.
Of course, it can also be seen as a new negotiating position in a long conflict, as the Centre for Democracy and Technology points out, it could be a negotiating position that is all about trying to force companies to implement Do Not Track requests as a compromise from wholesale cookie-blocking. But I’m fully on board with Mozilla here either way. I very much doubt that Microsoft will take a similarly ethical stance on user control – because that’s what this is really about, not privacy as such but who has the right to control information about themselves.
In one of those curious synchronicities that occasionally emerge out of the chaotic foam of the internet, I came across two stories (of an entirely different nature) featuring surveillance and ‘zombies’ this week.
The first is one that Ars Technica first publicized recently – the creation of new undeletable cookies. Cookies, for the still unaware, are little bits of code that sit on your computer and store information, usually relating to websites you have visited – so, passwords and the like. Originally they were simply a tool to make it easier to handle the proliferation of sites that needed login details from users. And in most cases, they used to be both moderately consensual (i.e. you would be, or could be, asked if you wanted to have you computer download one) and relatively easy to remove. However, in recent years, this has changed. For a start there are so many sites and applications using cookies that it has become inconvenient to ‘consent’ to them or to manage them in any unautomated way. The new development however is a system that uses the database capabilities in HTML5 rather than being a traditional cookie. The major problem with this, and you can read more about the technical details in the story, is that these cannot ever be deleted by the user, as when they are deleted, they respawn themselves, and recreate the data profile of the user by reaching into other areas of your computer (and even stuff you thought was also deleted). The company concerned, Ringleader Digital, which specializes in ‘targeted, trackable advertising’ for ‘real-time visibility’, says users can ‘opt-out’ by using a form on their website, but this so-called ‘opt-out’ is hedged about with terms and conditions.
Now, Ars Technica reports that an open-source developer, Samy Kamkar, has created ‘evercookie‘, a virtually indestructible cookie designed as an educational tool to make users aware of the presence of these new internet zombies that do their master’s bidding. It’s a neat idea but I wonder – and I hope you will excuse my taking the zombie metaphor just a little further here – whether in raising the dead to show that necromancy is bad, good wizards like Samy Kamkar might in the end just be contributing to the problem. It isn’t as if most ordinary users understand these strange powers. Perhaps the people who need to witness the power of these occult rites are the regulators. It’s not clear to me whether these kinds of programs would be considered in any way legal in most places with strong data-protection and privacy laws, like Canada and the EU – as the controversy over the similar British Telecom system, Phorm, showed. So I would be very interested in what the Canadian Privacy Commissioner has to say about it, for example. I will be asking them.
(The second zombie story I will add later…)