Cookies were originally developed to store user preferences of an online user to provide them personalization on a particular website. Today all websites including government, MNC, online games, online stores and social networks all are collecting information about a user with or without informing them. The scope of this information ranges from basics of name, age and gender to more specifics such as the religion, political affiliations, hobbies, friends and family as well as your travel, web and relationship history. Most online applications today allow users to sign in through their social media accounts and get access to their friends list, without any intimation to the friends.
Every site we visit today sends our browsing history to the used social network we use to tell them even more about us. This is why we often see very relevant ads on our social media page based on what we searched for another site. Though the relation between the browser history and the advertising might seem simple, at the base it tracks ever move and every click of the user to personalize information for him at each step.
According to an infographic by cookieopedia.org, on average every site saved 36 cookies about a user every time they visit based on the survey of 10,872,563 cookies from 299,074 websites visited. Among these saved cookies about 26% cookies were targeted on storing the user’s online behavior profile while 67% of cookies had unknown purpose.
While behavior profiling tracks and store data about what a user searches for and what he likes/dislikes, these sites are tracking more personal information without the user being aware of that.
These behavior profiling and buying/browsing history is most effectively being used by online advertisers or data managing companies that sell this data to other companies that is utilized for targeted marketing mainly but there can be other uses unknown to a typical user.
This paper will discuss the types of cookies stored and the purpose of online advertisers in using them as they argue for targeted marketing. The paper will also debate about the possible harm caused by targeted advertising in comparison to the benefits of it. The discussion will include ethical as well as legal implications of using personal information and behavior profile of a user without their intent for broader use in advertising and marketing based on the cyber law.
Types & Purposes of Cookies
Cookies are small text files that are stored in a user’s browser’s cache to store specific information about the user primarily to provide personalized web experience to the user. Cookies enable online visitors to interact better and faster with the websites as these keep track of the user preferences.
There are mainly following types of cookies based on their persistence:
The most common form of cookies are session cookies that are active and collect data regarding a particular session of use of a user. This cookie is removed automatically from the cache memory and the device as soon as the user closes the website. These cookies are mostly used to store user data during transitioning through various pages of a website, to enable a user to not enter same data over and over again in each page.
Persistent cookies are used to store user settings that might be required by more than one website thus these cookies continue to exist even after a website is closed.
Third Party Cookies
Third party cookies are used for analytical reasons. Several independent companies provide cookies that demonstrate how users use the website to study the trends and statistics. Third party cookies are today widely used by the digital advertising industry to record user interactions and trends related to website or service. These cookies track and share information between the user’s computer and several websites that a user visits during a single session and sends these usage trends to as networks often without informing the user. This data and trend statistics play an important role in showing users very relevant ads often from the websites that they had previously visited.
Figure 2 types of cookies
Flash cookies are relatively a new breed of cookies that track user movement on internet and store lot of known and unknown parameters. Flash cookies are also termed generally as local shared objects (LSO) and it is mainly used to help flash applications to store preferences or user data on the local system. Flash cookies are not stored like other cookies and it’s hard to locate them from browser or cookie manager.
A lot of concern was raised about flash cookies not only because it does not prompt the user before storing information and also due to the fact that normal cookies take 4kbs while flash cookies take up to 100kbs of storage space.
HTTP-only cookies or secure cookies as the name suggests transmit data over secured connection and stores user data on the local hard disk. A secure cookie provides the server access the information on the user’s system through a secure mechanism.
Online businesses are following the trend of targeted marketing everywhere. Brands like Zappos started making explicit offers to their users based on their preferences and behavior on the website. In order to increase their sale conversion statistics the company offered on site recommendations that were highly relevant to the user’s likes , dislikes and history. The companies maintain huge data about users stored in form of cookies that helps them reach the potential customer even if they leave their website. Remarketing banners and ads can be sent to the user on their social media accounts to bring them back to the site.
Advertising aims to bring the right product to the right audience. Conventional advertising and marketing campaigns spend huge budgets to survey the buying trends and the likes/dislikes of their target audience. As internet has revolutionized every industry, the survey of the usage trends and preferences of users also needs to be carried out in the digital world.
Digital advertising has been utilizing the power of cookies to track and understand their target audience better. Digital advertisers make use of third party cookies to learn more about their audience. The growing trend on using third party cookies for tracking user actions can be proven by the fact that the number of third party cookies rose 23% in a year from 1,887 in May to 2324 in October according to a report by university of California.
Digital advertiser as well as publishers from online newspaper to ecommerce websites are focused on implementing various tracking technologies to better understand the audience and in some cases this data is also sold to data exchanges.
While these tracking services record browsing trends of users visiting different websites, another prominent technique retargeting is implemented by websites to remind their visitors about their brand. Mostly, only 2% visits are transformed into sales rest of 98% traffic usually forgets the brand as soon as they leave the site, retargeting is to reach that 98%. The following figure shows the effects of retargeting as it focuses on the people who could be potential customer and are aware of the brand. Retargeting techniques strive to bring them back and make their visit purposeful.
According to stats, more than 71% marketers/brands spend about10-50% of their advertising budget on retargeting and the percentage is growing every year showing the effectiveness of targeted digital advertising for brands. The following figure shows the stats of retargeting:
Ethical Implications of Behavior tracking cookies
Possible uses of user’s behavior data
Every consumer oriented business is using cookies and behavior tracking mechanisms to understand their customers better. The following section discusses the way this data is utilized:
Target customer vulnerabilities
Though behavior tracking data is used for marketing relevant products however since the recorded data includes a user’s financial, health related and personal details such as their sexual orientation, hobbies and preferences, thus this information can used to target them loans, mortgages, controversial healthcare products or dubious services , all based on their history on the internet.
Not all online users are capable enough to evaluate and understand the marketing strategies and might fell prey to these ads.
Discrimination between the customers
Since the data is collected across the web, it is possible that companies judge and make offers to the customer with prejudice and discrimination.
Beyond marketing use
Considering these uses or misuses following are some of the ethical implications of cookies and behavior tracking.
According to cyber law definition if a user is monitored, tracked or observed regarding his online activities and interests without complete knowledge of the user, the action is considered a serious invasion of privacy. The behavior tracking cookies as used in advertising and marketing not only track user data without consent however it also sells this data to independent third parties. On one hand while cookies generate sales leads for businesses it disrupts with cyber law for information security and privacy.
The following stats show the way behavioral data is being used and is raising concerns among authorities regarding the vulnerabilities related to user data and their privacy.
While it is understandable that a website such as ecommerce store, tracks their user’s behavior to improve their offerings and catalogue and might be acceptable for the customer of that store, however it is unethical that site forwards a user’s choice of videos to another website such as a social media platform to target ads relating to that video genre on their page.
Several companies involved in cookie racking and ad retargeting declare that their tracking is anonymous and no user data is leaked. On the other hand it is notable to see that recent history is full of big names like Netflix, AOL, Skype and Epsilon that felt prey to user data leakage. Additionally, huge players in online business like EBay lost about 145,000, AOL lost 240,000 and Facebook lost 6000,000 records recently in spite of their heavy investment in secure and protected IT infrastructure.
Data Leaks & Breaches
Most of the tracking companies are small scale companies and their IT investment cannot be comparable to these big companies. Thus the leakage of data and user identification information can be stolen or used in several wrong ways.
According to a report by Verizon on data breaches in 2013 stated that about 30% that is 45 out of 120 companies that were a victim of data breaches were small scale companies with team size less than 1000. This also indicates to the fact that every company has a threat of data breach attack however smaller companies are more prone to be attacked to steal or misuse user data. The report also indicates that within a year the frequency of data breaches is increasing every year, the number of attacks in year 2013 was 621 and is increasing every year.
Vulnerabilities of cookies
Cookies are created with the intent of sharing data between a web browser and the authorized server(s). Travelling through HTTP makes it visible to anyone with a packet sniffer that can steal the information, send cookies to an unauthorized address.
Cookie PoisoningCookie poisoning is often a result of cookie theft. The data of the cookie is acquired and used against the company in many ways.Cross-Site CookiesSome browser flaws can affect the cross site cookies to change cookies on other websites.in this scenario attackers do not target cookie data however they utilize the flaws and shortfalls of browsers to alter cookies or use non-malicious user data.
People across the globe are heavily dependent on Internet and utilize lot of online services including their personal, social, financial and health related services. Web users are required to provide their basic information at various pints during their surfing and believe that their data is stored with that website. However, the growing digital marketing and advertising has given rise to behavioral tracking through cookies to collect and record every bit of detail about a user. Each and every action and activity of the user is tracked and recorded including their social media interactions, email contents and address books, spending trend as well as their physical location at some point in time, thanks to the various services locating and reporting a user’s current location. Every detail about the user is kept in a continuously updating the user profile.
Online companies and brands are using this information to send very relevant ads based on the user’s browsing history. Behavioral targeting is different from contextual advertising as it can combine the data from various sources to make the target offer. The data collected for behavioral targeting is so deep that it can identify the identity of a person.
While experts believe that behavioral targeting helps companies to show the most relevant ads to the user without cluttering unwanted information. This strategy has proven to make accurate recommendation to the user even after they leave the website by sending them retargeting messages. Retargeting techniques assist a brand to bring back the potential customer to the website by tracking their buying trend and preferences.
As in real life marketing where companies use data surveys to learn more about their customers, in similar ways brands with online presence try to collect and record true data to help them understand the trends better. However the issue is that in case of online brands the user is completely unaware of being monitored and stalked. The data collected for survey includes all possible details about the customer that can make him prone to identity thefts and other crimes. In addition to this, not every company can use the data responsibly, thus there are chances that the data is used in wrong manners. The unconsented tracking of a user is an invasion of privacy and has severe ethical implications. Similarly the data collected and can be leaked and get into wrong hands who can misuse the information for clients.
Brinkmann, Martin. Flash Cookies explained. 2007. http://www.ghacks.net/2007/05/04/flash-cookies-explained/.
ECKERSLEY, PETER. "How Online Tracking Companies Know Most of What You Do Online (and What Social Networks Are Doing to Help Them)." https://www.eff.org/ (2009).
JEGATHEESAN, SOWMYAN. "Cookies – Invading Our Privacy for Marketing,Advertising and Security Issues." n.d.
Kaye, Kate. "Use of Tracking Cookies on the Rise as Advertisers Seek More Data From Web Surfers." AdAge (2012). web.
LESINSKI, MIKE. "Understanding the Difference Between Third-Party and First-Party Data." n.d.
Linden, Maura A. van der. Vulnerability Case Study: Cookie Tampering. 2009. http://www.infosectoday.com/Articles/Cookie_Tampering.htm.
Marvin, Ginny. More Marketers Now Dedicate Over Half Of Digital Budgets To Retargeting. december 2014. web. march 2015.
Mathieson, Rob. Secure Cookies explained. July 2014. http://cookiecontroller.com/internet-cookies/secure-cookies/. 2015.
Raicu, Irina. "Loss of Online Privacy: What's the Harm?" 2012.
Retargeter. WHAT IS RETARGETING AND HOW DOES IT WORK? 2014. web.
Traders, Ad. "The Ethical Issues with 3rd Party Behavioral Tracking." adexchanger.com (October 31st, 2011).
Verizon. "Verizon 2013 Data Breach Report." 2013.
visual.ly. Who's Tracking You? infograhic. London: Cookiepedia UK, 2013. web.