It’s easy to think that the internet is something like a one-way mirror; you can look in, but that unless you’re posting comments, sending emails etc. that nobody can look back at you. Well, that’s not really the case.

When you want to look at a web page, the server that it’s on needs to know what information to send out, and where to send it. So, for example, for your visit to this site, there is some information that you have had to send, which can easily be recorded.

Your user agent (that is, the is type of operating system and web browser that you’re using to see the page) can be identified as CCBot/1.0 (+http://www.commoncrawl.org/bot.html)

The page you came here from was

Your IP address is 38.103.63.59

Many websites rely on the ability to “remember” certain information. For example, when you log into a website, it’s obviously important that when you go to a different page on the site, it somehow knows that you’re still logged in under your own account. If you add something to a shopping basket then leave the site, it’s helpful if it’s still there next time you visit the site. If you choose to personalise a website in a certain way- for example, to change the number of results per page that a Google search shows you- then you want it to stay that way when you come back again. Or if you see an advert that leads you to buy a product, then the advertiser wants to know, because that’s the only way they can judge whether they are getting value for money from their advertising. (Especially if they are the kind brand who cares about their image and doesn’t want to litter thousands of websites with flashy and obtrusive advertising…)

To make this “memory” work, most sites will use cookies.

Cookies are simply small text files that are saved on your computer. You can see what’s stored in them- you will have a “cookies” folder somewhere on your computer which you can look in to see what cookies are being stored on your machine, and you can look at what information is stored in them by opening them up in a simple text editor like Notepad. Usually, these will mostly be things like unique numbers which correspond to an entry in the web servers’ database, identifying your computer with your online identity.

As is usually the case with technical matters, the level of understanding about cookies amongst most consumers is probably best described as “confused.” One of the findings of a study by InsightExpress in 2005 were that 77% of people said that they knew what cookies were, but when asked to describe them only 25% could give a correct description. That means that there are more people who don’t have any idea what they are than who actually know what they are— and that most people think they know what they are, but don’t.

Many of the incorrect definitions said that cookies were executable files placed automatically on a computer, or “hidden attachments that allow unauthorized access and tracking abilities.” Others stated that while cookies make Web sign-ins easier, they can also let spyware in to infect a hard drive. Some wrong answers confused cookies with cached Web pages or temporary Internet files.

In a second survey, users were asked to pick the most accurate description of cookies from a set of possible choices. Almost 29% chose to say a cookie was “a small file enabling a server to identify a browser end/user”, a reasonably close definition of the term. But another 25% said a cookie was “a program that tracks all of the sites a browser/ end-user visits”, a notion that brings cookies into close relation with spyware. More than 13% said cookies can record users’ e-mail and Web activity”, while about 3% said they generate pop-up ads.

The indication that users are ascribing evil intent to cookies was made clearer in another portion of the InsightExpress survey. Asked to check off all the reasons that they delete cookies, two-thirds of respondents—66.5%– said they erase cookies to “protect my privacy/ prevent tracking.” That response was the second most widely given in the survey, following only “clean computer/ free up disk or memory”, something 77.4% of those polled said they agreed with.

Cookies carry a technical restriction, in that they can only be read and written from a single domain (ie. a cookie set by “domain.com” could be read and written by any page that falls under that domain- such as “domain.com/home.htm”— but not by “someoneelse.com.” However, pages can contain content that comes from other domains— such as advertising on other domains. So if you visit two completely unrelated websites that carry advertising from the same ad server, then your movements between those websites can be tracked using cookies.

The thing that makes it interesting is that people simply aren’t generally terribly interested in your personal information— that is, what you as an individual are doing on the internet. However, when your personal information is added to that of hundreds and thousands of others’, it becomes much more interesting, and valuable to online marketers. For example, if advertisers for a new car see that 20% of people who come their brand’s website leave, visit a financial website and then come back again, it suggests to them that people looking at financial websites to see what loans they can afford will be worth advertising their brand to, so that people who might be shopping for a different car might see it and want to investigate the competition. Alternatively, they might want to track how they got to a particular website and choose the adverts accordingly- so someone who came to a car website from a Google search for “cheap car” might be shown an advert that highlights the value, while one who came from a search for “eco friendly car” would be shown a different advert, highlighting it’s green credentials.

I talked about Facebook in pretty broad terms back in May;

There is always the possibility that a large corporation will buy them out, or advertising will increase to an unacceptable level, and users will start going on strike or boycotting the site in protest. The fact that Facebook has already turned down some very large offers from the likes of Yahoo makes me think that is very unlikely.

I believe that the future of the web lies in trust— who do you trust to give you the information you’re searching for, who do you trust with your credit card details, and who do you trust with your name and address?

Well, the recent launch of two new Facebook advertising programs have made the possibility of advertising “increasing to an unacceptable level” look somewhat more likely— not in terms of the volume of advertising, but in the way that advertising is targetted and delivered.

The first programme is Facebook Pages, where brands or companies can create their own profile page, and users can sign up as a “Fan”— much like becoming a “Friend” of another user, this lets the brand post items as notifications in the Fan’s news feed, and for Fan’s “interactions with the brand” to be posted in their friends’ news feeds.

The second, and much more controversial programme, is Facebook Beacon. This involves affiliated websites using cookies to share Facebook members’ activity on their own sites with Facebook, so that they can have their activity shared with their friends.

There are two key things that make Facebook’s Beacon different to the kind of tracking that we’ve seen before.

Firstly, they are showing a clear interest in you as an individual. Not just as “cookie number 46462156731242571″ who was one of 1000 people who visited sites x and y on their way to making an online purchase from site z (which might indicate that site y a good place for site z to advertise) but as Joe Websurfer, 23 years old from London with 120 friends, 40 of whom are interested in similar bands and hobbies etc. etc.

Secondly, they are pulling back the curtain and showing what’s happening behind the scenes. If you see your actions on one website being tracked on another, your first guess might be that they are sharing information— maybe you use the same email address for both websites, or if you clicked through from one site to the other, there might be something stored in the link address. But when people aren’t using the same usernames or email addresses, didn’t go from one to the other and simply don’t understand how Facebook knows what they were doing on eBay (or whatever affiliate they’ve been using), then it seems to be some sort of mysterious unexplainable voodoo. Because people don’t get any indication of what adverts other people might be seeing, they don’t know how, or even if, they are being tracked and targeted.

Of course, with the Internet being such a new and relatively unregulated medium, perhaps it’s up to the governments to ensure that individuals’ privacy is protected. The U.K. has something of a reputation for being a “Big Brother” state, due to the high numbers of CCTV cameras watching most of our towns and cities. But don’t expect the U.S. to be taking the lead either; a recent report by research agency Forrester said;

“We evaluated the sites of Hillary Clinton, John Edwards, Rudy Giuliani, Barack Obama, Mitt Romney, and Fred Thompson. All of the sites failed our privacy and security criteria. Candidates should make trust a major element of their site design requirements.”

Meanwhile, the website for Harvard alumini, 02138 casts a critical eye over the ongoing dispute over Facebook’s origins. It’s not a new story— it’s been going on for a few years now, involving stolen ideas and code from the “ConnectU” social networking site which Zuckerberg was working on before launching Facebook, and his subsequent inconsistencies in his story about his involvement— but coming at a time when people might be questioning exactly what they are getting from Facebook for “free” and why they are being given it, it might be interesting to see how public awareness and perceptions of the issues surrounding Facebook and online privacy and security will change over the next few months.

Name (required)

Mail (will not be published) (required)

Website