I’ve noticed recently a lot of annoying ads following me around on the Internet. Not just showing up every so often in the browser side panel, but some embedded deep within the pages I’m viewing, making them very difficult to ignore. Often the ads are for something I’ve already bought or something I’ve decided not to buy. I also get the same things continuously cropping up with little variety.
Anyway, I had a couple of spare hours over christmas, so thought I’d finally get round to turning off those cookies that I’m obviously leaking onto the Internet.
Nowadays, cookies are also used for other purposes. For example, they can be used to store preferences for personalisation, so that when you go back to an online shop it remembers that you like a specific brand of clothing, without having to store that information on the server itself. They’re also used for authentication, so you don’t need to constantly log into your banking application. These are known as persistent cookies or tracking cookies; they’re stored on your hard drive and don’t expire when the web browser is closed or the device is rebooted. However, they are configured with an expiration date, which could be just a few seconds to years. If an attacker could get access to your authentication cookie, he could potentially cause you a lot of damage, for example by illegitimately accessing your banking application.
Cookies therefore hold quite a bit of information about you and one of the fundamental tenets is that cookies only get sent back to the website that originally stored them in your browser. The cookie is therefore associated with the domain shown in your browser’s address bar and known as a first-party cookie.
However, the problem I’m having with adverts following me around on the Internet is probably due to what’s called third-party cookies. These are cookies that are inserted when I visit websites, but by other domains, such as by advertisers providing banner ads. These have the potential to track me around the Internet, allowing an advertiser to serve me ‘relevant’ adverts across multiple domains.
Third-party cookies are often frowned upon as a privacy concern and I’d assumed that they were disabled by default in most browsers. I was therefore quite surprised when I had a look at the settings in my browser. It should be reasonable to expect that the average user can simply disable these with relative ease, even without understanding the technical details as to how they work.
Assuming I’m at least somewhat technically competent, as I do work in IT, I took a look at my favourite browser; Google Chrome. This runs on a windows laptop (I also use Safari on a Mac, but haven’t taken a look at that yet), so I went into settings and expected it to be quite obvious where to edit these cookie settings. After spending a while looking under ‘Settings’, I was eventually forced to click on ‘Show advanced settings’. That’s a bit worrying, because I wouldn’t expect a typical user to click on ‘Advanced settings’.
OK, so even after looking through the advanced menu, it’s taken me some time before eventually I’ve had to go back and take a second look at ‘Privacy’. Under this heading I have to click on a box called ‘Content settings…’. Under there I find a check box marked ‘Block third-party cookies and site data’.
For comparison, I had a look at how to disable third-party cookies with Microsoft Edge. Similar to Chrome, I had to go to ‘Settings’s, then ‘View Advanced Settings.’ Under ‘Privacy and Settings’ there’s a drop down option under ‘Cookies’ to ‘Block only third party cookies’. Not ideal, but slightly easier to find than in Chrome.
I’ve yet to find out what sort of change this setting makes to my web experience and I still need to take a look at Safari on my Mac, but my point is that this shouldn’t be so difficult to do. Arguably, this setting should already be enabled by default. The industry needs to be making it easier for users to manage their privacy and security online, not making it so complicated that only ‘advanced’ users can modify these settings, even then with some time and effort. This is one of the reasons users are beginning to use ad blocking software and other security plugins.