Misguided Paranoia: Cookies, Tracking and Reality (Oh My!)

October 30, 2012 | by | Category:

Human beings are suspicious creatures. From a child scared of monsters under the bed to an adult worried about the world ending in November based on what is likely a falsified prediction from a long-defunct dynasty – we’ve all fallen prey at one time or another in our lives.

This makes it all the more important to be accurate on topics that can be misleading and frightening to the uneducated masses. I’d take it a step further and say it’s the responsibility of experts in any field to provide unbiased and data-driven analysis that arrives at conclusions that are honest and forthcoming.

Exaggeration leads to fear, fear leads to… never mind

In March this year the CEO of Mozilla, Gary Kovacs, gave one of the most inaccurate and alarmist lectures I’ve seen at a TED conference:

Less than ninety seconds into this video Mr. Kovacs has already made a gross exaggeration of reality meant to scare the crap out of everyone. His claim is that we are all being tracked (yep), leaving breadcrumbs like Hansel and Gretel (kind of), leaving behind our birthdays and our places of residence (hey wait, what?).

Alright, let’s stop there for a second. I’d like to propose that there are two kinds of tracking that exist in virtually any kind of sales/marketing medium, be that TV, radio, print, snail mail, or digital: Anonymous and Opt-In. I’m going to focus the rest of this post on the anonymous variety since that’s what’s being addressed in the video above.

“Welcome… to the real world” -Morpheus

Anonymous forms of tracking are all around us. When I’m watching Sportscenter in the morning, why do I see advertisements that seem related to mostly things I’m interested in? Is there someone watching me? Are they tracking me? Where are the ads for wedding dresses and Adele concerts? We all know the answer to these questions. ESPN understands its product and market. They’ve done research using Nielson surveys and other tactics. They know their demographic is mostly men in a certain age range. In a sense, this is a subtle form of “tracking” – they know who is watching and they tailor a message for that specific audience. They don’t know my specific birthday or place of residence, and don’t need to.

When I go to any grocery store these days I’m part of a membership program that enables me to get discounts on thousands of products. I can get these discounts without giving my name or address. All I need is the little swipe card. When I check out and pay the cashier, he or she hands me my receipt along with a few coupons for next time. Amazingly, those coupons tend to be for products I buy on a regular basis! Oh Holy Jesus they are tracking me! Does the knowledge that I’ve bought spinach every week for the last year somehow open me up to privacy attacks? Of course not. Besides, don’t we have bigger problems to deal with like whether or not to feed our pets gluten-free food?

Nearly all forms of tracking described in the TED talk above fall into this category. This behavioral tracking is not invasive or dangerous. Let’s be clear about one immutable fact: the only way a web site can know who you are or where you live is if you voluntarily give them that information. This personal information can be given willingly through a web form or even a social login. These are clear opt-in scenarios. None of the casual browsing Mr. Kovacs discusses in this talk will provide that level of detail about an individual.

Actions speak louder than words

If there were truly danger or risk associated with his daughter browsing a Katy Perry web site, would he let her anywhere near a device that put her in harm’s way? This young lady is power browsing at the breakfast table for crying out loud and I doubt her behavior will change any time soon. I’d stake my money on the Opt-in networks like Facebook being more dangerous and more frequented by kids of all ages. Even in that case, however, the danger isn’t in the tracking of behavior but rather in the social interactions available with other members of those sites.

So what’s the big deal?

Eliminating this passive collection of relatively anonymous data would have disastrous consequences for the infrastructure and enterprise of the Internet. Let’s get real here – everything has a cost. We all have the privilege of unlimited real-time access to billions of web sites and all manner of free products such as Twitter. The cost for us is the minor annoyance of a web site tracking what we’re interested in and serving up content tailored to our past history and preferences.

The brain trust behind organizations attempting to enact “cookie laws” and “do not track” settings in web browsers are misguided and thus making some pretty bad decisions. When properly informed about what cookies are and how they are used most rational people come to the conclusion that this is a non-issue. Especially when compared to the publically available information sitting out there that has nothing to do with where you’ve browsed or what you’ve downloaded.

The bottom line: let’s do better

Lectures like this scare the uninformed into passing laws that don’t protect people from squat while at the same time crippling e-commerce. A list of phone numbers and a little social engineering is a far easier and more efficient way to find out who you are and where you live. Try “The Art of Deception” by Kevin Mitnick for something much scarier than a little anonymous tracking. If I were so inclined, here are some of the places I’d start:

Cookies aren’t dangerous. Anonymous behavioral tracking isn’t scary. As experts in the industry let’s all do our best to keep the facts straight and stop taking advantage of people’s fear of the unknown. Even if it means not as many people will download our pet project plugin thingamabob.