Research To "Reveal the Unseen World of Cookies"

An anonymous reader writes "The Guardian newspaper has teamed up with Mozilla to research the monitoring of online behavior through cookies and other web trackers. After downloading the Collusion add-on for Firefox, you can generate a visual representation of all the cookies that have been downloaded which are linked to the sites you have visited. This shows quite an interesting picture. The Guardian staff then want the data from Collusion to be uploaded to their site, after which they say 'we can build up a picture of this unseen world. When we've found the biggest players, we'll start tracking them back — finding out what data are they monitoring, and why.'"

Re:Great Idea

[WrongSizeGlass]

Is there an equivalent of Collusion for Chrome?

I believe it's called Google Ads ;-)

How to get rid of them

[GameboyRMH]

On Firefox, disable HTML5/DOM storage, install CookieMonster 1.5 and BetterPrivacy.

Pot kettle spy.

[FatLittleMonkey]

we'll start tracking them back — finding out what data are they monitoring, and why.

Well, here's my contribution;

The Guardian page in the link has six trackers:
24/7 Real Media
Audience Science
ForeSee
Maxymiser
Optimizely
Quantcast

I don't know what any of them do, and I blocked them all. Fuck 'em.

Re:Pot kettle spy.

[FatLittleMonkey]

Story of my life. I brag about having 6, and the other guy has 9.

Re:Pot kettle spy.

Hi,

I'm the Guardian journalist working on this.

Unsurprisingly, if you install Collusion after reading an article on The Guardian, you tend to log cookies that our website sets. So we're noticing quite a few of the trackers we use on guardian.co.uk turn up in the project. :)

We're ok with that - better to be open that our website uses cookies for registration, analytics and advertising (just like most others!), than pretend or hide away the fact. Actually, we did another article on the same day showing how we use them: http://www.guardian.co.uk/technology/2012/apr/13/new-law-cookies-affect-internet-browsing.

The ones in that list above are a mix of third-party advertising cookies, analytics and A/B testing (so I'm learning!).

When it comes to the data we're going to try and get from the Collusion info - we can't really infer much about what behaviours have been tracked from the exported data. However, it gives us a nice long JSON string that associates certain cookies as being set when visiting certain sites. At the moment we're using that to find out how many instances of each type of tracker we're seeing across multiple sites.

We're then going to take the most prolific ones and find out more about what they do, who owns them, how they work, etc. However, we're going to be using old-fashioned journalism to do that - research and phone calls.

However, I was thinking of putting up open documents like this: https://docs.google.com/document/d/1lCp8H9i-MJwyORj_MOZflH6BCt9j6HIbQkyS2536knM/edit
so you could see where I'd got to and put me right if I was going off track (as it were). Good idea? Bad idea?

Joanna.

Cookieculler

[MLCT]

Bit of a shoutout for the firefox extension cookieculler.

I have never found anything that matches cookieculler for features: it doesn't just purely delete cookies, it operates with a white-list based system (the way everything on the web should work). Cookieculler deletes all cookies each time you close the browser, except the ones you have whitelist "protected", that keep login information etc. as you choose.

Along with noscript, cookieculler is the main reason I stay on firefox.

Re:Cookieculler

[MLCT]

Granted firefox can offer something close, but not quite. Cookieculler offers finer control, because you can whitelist the *cookies* rather than the domain. So I can (and do) choose to protect my /. cookie, but not anything else that /. place in my browser (hypothetical example, as /. don't place any other cookies).

Internet marketing

[Roberticus]

If average folks become aware of how many cookies get set (along with getting a user-friendly way* of turning them off), that could have a huge and entertaining effect on the world of Internet marketing**.

For example, right now, I can assume enough website visitors have JavaScript enabled to make it almost 100% (and not worth writing HTML for the case where they don't). But if I can only reasonably assume, say, 50% of my visitors/email through-clickers/etc. have cookies active, that plays havoc with my reporting.

* "User-friendly" defined as "something my dad can do without asking me for help".
** I spend all day every workday in this world.

Facebook

[Lucky75]

You'd be shocked at how many cookies come from facebook across multiple sites. I use an extension called Ghostery (https://addons.mozilla.org/en-US/firefox/addon/ghostery/) to block most of them.

Re:Great Idea

You mean those ads which are displayed on all browsers and are in no way tied or targeted to Chrome?

Either you're a troll or that was a bad joke.

It's interesting to me how someone joking around is considered a 'troll' to you. You are what is wrong with /. these days. 'Troll' is the new 'I disagree with you'.

Did he REALLY evoke an emotional response from you by saying what he said? Did it truly upset you to the point where you were incensed and bitter over his words? If so, then maybe he is, indeed, a troll. Otherwise, shut up.

Cookies not the only way to do this...

[isaac]

Cookies are not the only evidence of tracking. Even Flash LSO, HTML5 local storage, etc.

There's a surprising amount of identifying information in request headers and what's available to javascript. (see http://panopticlick.eff.org/ for a demonstration.) That means, one often needn't accept or store a cookie to be tracked.

A really comprehensive pro-privacy browser extension would munge request headers and enumeration of fonts, plugins, screen resolutions, etc. to match one of, say, the top 5 most common desktop browser fingerprints - and to change every so often (Changing per request would itself be a trivially detectable signature.)

-Isaac