Cookies Are Bad, M’Kay?

For those who do not follow Dutch politics, due to efforts of the Labour Party, we have legislation that prohibits cookies. More precisely, it prohibits reading information from or storing information on someone’s computer without consent. However, in what way do cookies invade privacy?

When one visits the Dutch parliament, you have to get your bags scanned. Afterwards, they will be tagged with a ribbon on which is written that the bag has been checked by security. One could say that the guards stored a cookie on your bag to remind themselves of having checked it. Comparably, when I am asked by the organisation of a congress to wear a name tag, this tag acts like a cookie containing my name for the organisation.

Nevertheless, the “cookies” I have discussed happen with my consent. Imagine that a shopkeeper will slap a tag on my back as soon as I walk into his store to track my visits – think of the children’s joke where they quietly put a note on the other’s back saying “I stink”. Without my consent, he tagged me and started using this for tracking.

The Web Needs Cookies: Why Else Would They Exist?
First of all, a certain amount of cookies is required for proper functionality, because the protocol used for visiting websites is stateless. This means that every time you connect to a website, a new session is started. Thus, if the website has to recognise you, e.g. to keep you logged in, it has to tag you in some way. This is why cookies were originally invented.

When connecting to a website, your browser will send all cookies stored by that website with the request. This way, the website knows all the information it asked your computer to store in a previous session. Commonly, those cookies are used to identify you as logged in or to recover your preferences. Nevertheless, this mechanism can also be used to track you, by giving you an uniquely identifiable number.

It would be wrong not to mention here that the so-called Dutch cookie legislation does not forbid those cookies that are required for the proper functioning of the system. In other words, cookies used to store your settings or to keep you logged in are fully legal under these rules. As would be a cookie that stores your consent with placing non-functional cookies.

Let’s Track!
Although cookies are very useful for making nice web applications, most of the cookies you will find on your computer are used for tracking you. Those cookies are commonly placed on your computer without your consent and are used to uniquely identify you for various purposes.

A large company like Google will be able to track you along most websites that you visit, because most people use Google’s search engine and most websites use their services. For example, Google Adsense and Google Analytics can be found on a very large number of websites, allowing them to track your moves on all those corners of the web.

It should be noted that users can be tracked in much more ways. For example, the technique of browser fingerprinting, where all information of your browser and computer is read, can be used to uniquely identify you. This is due to the fact that most combinations of plug-ins, operating system versions and browser information are unique – or at least very rare. The Panopticlick of the Electric Frontier Foundation shows this quite nicely. As I stated before, the Dutch legislation on cookies does require prior consent for this, too.

Tracking Cookies: Just Another Means Of Profiling
In the end, tracking cookies provide just another means of collecting the data that is required for profiling. The cookies are not really the ones you should be scared of, it is the profiling and information collecting that harms your free identity, as this has direct effect on how you browse the web. After all, a large behavioural advertising company is able to track you quite well, even without using tracking cookies.