Press Box

The Invasion of the Cookie Monsters

Whom to blame for the loss of our Internet privacy.

Screenshot of the cookie manager in the Safari browser. Click to view larger.

Unless you’re a vigilant privacy buff, you’re being watched right now.

As you scoot from one Web site to another, you accumulate a swarm of tracking cookies and other bits of computer code (“beacons” or “flash cookies”) that report your status to a database that keeps a dossier on you and what you do on the Web.

And you thought the Web was “free.” You’re paying with your privacy.

The invasive use of these technologies, documented brilliantly in an ongoing Wall Street Journal series titled “What They Know,” allows data miners to collect reams of personal information about you. They know which Web sites you’ve visited and which ads you’ve clicked. “Scrapers” know about comments you’ve added to online forums. They’ve installed software that tells them what you’re doing on the Web in real time. As the Journal reports, some of these bits of code “surreptitiously re-spawn themselves even after users try to delete them.” These dossiers “are bought and sold on stock-market-like exchanges that have sprung up in the past 18 months.”

I doubt that few who use the Web ever thought they were signing up for a technology whose surreptitious data-gathering can home in on a user’s age, ZIP code, level of education, health data, gender, estimated income, marital status, real estate situation, and more, as the Journalreports.

Tracking technology has spun so far out of control that Comcast was dropping tracking cookies that it didn’t even know about on users’ computers. The culprit was some free software Comcast used to build a slide show. Microsoft confessed to the Journal that it didn’t know why its MSN.com site was planting a powerful tracking file from Targus Information Corp. on users’ computers. Dictionary.com, meanwhile, took the cookie prize in the Journal series, depositing 168 tracking tools on browsers without giving users a chance to opt out. Even the Journal is guilty of tracking without asking. The series noted that the paper’s WSJ.com drops 60 tracking files. The Journal busted its corporate sibling, MySpace, for shipping users’ personal data to outside advertising companies when they clicked on ads.

You can cleanse your computer of tracking files if you follow the Journal’s instructions or those published in the New York Timestoday. But I’m warning you—it’s as much work as a part-time job. Some users will decide that deleting cookies is more trouble than it’s worth. Cookies, after all, store passwords, preferences, and other settings that make surfing easier. Plus, some tracking done by advertisers can be beneficial if it serves you an advertisement that interests you as opposed to a random pitch.

The Web-advertising industry has tried policing itself with programs that allow users to opt out of certain tracking files. Software developers have written nifty programs that help Web surfers minimize unwanted surveillance. But these fixes only ratchet up the arms race between the snooping companies and the blockers. As we’ve learned from our experiences with spam, viruses, and malware, there are no permanent solutions to our computer annoyances.

We could always go to the government for legislation to blunt the snooper. But the Cato Institute’s Jim Harper would remind us that the feds have too much in common with the Web spies to be good protectors of our privacy. It’s the federal government that wants the Web infrastructure to be reprogrammed, so it can expand its wiretapping powers. It wanted a “clipper chip” that would allow authorities “back-door” entry into encrypted communications. It’s behind the FBI’s “Carnivore” system and the Total Information Awareness proposal. It installed those hideous “backscatter” scanning devices at airports. It mandated compulsory identification cards. Do we really want to put the Federal Trade Commission in charge of the Internet?

As I already noted, the privacy problem is really one of our own making. We’re the ones who surrender the privacy of the contents of our e-mail, calendars, and contacts to Gmail, which then sells ads against those contents. We give the mapping services our home addresses and our destinations; we give similar information to free GPS outfits. We share our comings and goings by checking in on Foursquare. We let iTunes catalog our music libraries in exchange for its “Genius” recommendations. We submit volumes of personal information to Facebook for Mark Zuckerberg to monetize. None of these exploitations should come as a surprise. They weren’t forced on us. If we read the voluminous “terms of service” agreements that we check yes to in return for these free services, we’d see that the providers of “free” services were very candid about how they’d use our personal information.

Much of the privacy that so many of us cherish has been an economic fluke. The comings and goings of city dwellers, their preferences and perversions, and their secrets weren’t easily known, because they were too expensive to harvest. But for inhabitants of small towns, this was never true. Those streets have gossiping eyes, which is one reason people moved to cities. Since the Web makes harvesting of personal data so cheap—and lucrative—it’s hard to imagine village- or city-dwellers enjoying any of their former anonymity unless they’re willing to pay for it.

As the Journal series notes, our privacy dilemma is baked into many of the Web browsers that we either download for free or accept with our operating systems. In 2008, a faction at Microsoft wanted the next version of its browser, Internet Explorer, to “give users a simple, effective way to avoid being tracked online. They wanted to design the software to automatically thwart common tracking tools, unless a user deliberately switched to settings affording less privacy.”

That set off a debate at the company between user advocates and advertising advocates. Microsoft, Google, and Apple, makers of three top Internet browsers, are also in the advertising business. * You can guess which Microsoft faction won. The automatic privacy functions were gutted to make consumer tracking—and hence ad sales—easier. (Here’s how to use the “InPrivate Filtering” tool that survived in the shipped version of Internet Explorer 8.)

Surfing the Web anonymously is possible, as the Journal and New York Timesprimers show, but, as I said, it’s a lot of work. So my question is this: Would you be willing to pay for a browser that was designed from the bottom up for privacy, not to serve advertisers? Are you prepared to pay for all the content (like Slate!) and services you now get for “free” in exchange for giving up privacy and anonymity to tracking files?

How much is your privacy worth?

******

See Jeff Jarvis’ blog for his continuing thoughts on why we should abandon our privacy obsessions. (He’s writing a book on the topic.) If you’ve got great privacy ideas, share them below in comments. Yes, you’ll have to give up some privacy to contribute. See this site for data on how much tracking is going on at your favorite sites. (It doesn’t have a score for Slate yet.) Send your Social Security numbers, passwords, DOB, and other personal identifiers to slate.pressbox@gmail.com. Invade my privacy through my Twitter feed. (E-mail may be quoted by name in “The Fray,” Slate’s readers’ forum; in a future article; or elsewhere unless the writer stipulates otherwise. Permanent disclosure: Slate is owned by the Washington Post Co.)

Track my errors: This hand-built RSS feed will ring every time Slate runs a “Press Box” correction. For e-mail notification of errors in this specific column, type the word privacy in the subject head of an e-mail message, and send it to slate.pressbox@gmail.com.

Correction, Nov. 12, 2010: This article incorrectlyclaimed that Microsoft, Google, and Apple make the three top browsers on the market. They make three of the top browsers, but not the top three. This error was introduced by an editor several hours after publication. (Return to the corrected sentence.)

Like Slate on Facebook. Follow us on Twitter.