Saturday, 19 October 2013

Microsoft, Google working on super cookies to track your activity on every device



It has served us well for almost 20 years, but now the humble browser cookie is on its deathbed, faced with forced obsolescence by a new brand of super cookies. Developed by the likes of Microsoft and Google, super cookies will track you wherever you go, and whatever you do, whether it’s on your smartphone, PC, game console, or even TV.
The HTTP cookie began life as a simple way of storing your preferences for a website, but quickly became the primary way of providing targeted advertising. For the most part, targeted ads are the sole reason that most of the web is free to surf, and thus why cookies are so damn important. As internet access has spread to mobile devices, TVs, and game consoles, though, surfing habits have changed, and the cookie has been unable to keep up. There have been various attempts to rejuvenate cookies for the 21st century, but for various reasons they’ve never really worked out. Furthermore, with the recent Do Not Track movement, and some browsers looking at disabling third-party (tracking) cookies by default, the age of cookies is quickly drawing to a close.

The complete hardware stack that Microsoft wants to track with super cookies.



Without a way of tracking our usage across devices, it’s very hard to derive behavioral patterns (analytics) or provide targeted advertising — and, put simply, it’s untenable for a commercial entity to be competitive without analytics or revenue stream. Thus, Google and Microsoft had announced their intentions to create new super cookies that can track us across every internet-connected device, and we wouldn’t be surprised if other giants such as Facebook and Apple aren’t also working on their own super cookies. While exact details of their implementations are pretty vague at this point, it’s presumed that these super cookies will probably link the unique identifiers (serial numbers) of your devices to some kind of global account, such as your Microsoft or Google account. The working name of the Google super cookie is AdID, but Microsoft’s cookie doesn’t have a name yet.

Once the unique ID of your smartphone, laptop, TV, and game console has been linked to a central point, it becomes very easy to track your usage behavior. Microsoft (or Google or Apple or Facebook) will know what time of day you wake up (when you first check your phone), the route you take to work (via GPS), where you work (GPS), your job description (via your searches), and when you get home, the games you play and TV you watch. (See: The Big Brother TV that watches you.)

Super Cookie MonsterIf all this sounds rather terrifying to you, good. It’s already pretty scary that Google and Facebook have almost complete vision of your web surfing habits — to think that they could soon be privy to virtually all of your digital-oriented behavior (which is essentially your entire life, if you walk around with a smartphone in your pocket) is frankly disturbing.



There are two saving graces, though. Following a few cases of high-profile abuses of tracking cookies, and then US government intervention with the Do Not Track scheme, the online community is now quite savvy when it comes to being tracked. For years, many of us didn’t even realize that we were being tracked — and now, surfers actively seek out ways of blocking third-party tracking cookies, and using sites that comply with Do Not Track. In short, while these super cookies are scary, there will almost certainly be an easy way to turn them off — as enlightened denizens of the web, we simply won’t stand for anything else. We should also be somewhat comforted by the fact that all of our analytics are being stored on the servers of big, mostly trustworthy companies. As it stands, anyone can track you across the internet — if Microsoft and other tech giants implement super cookies, it’s highly likely that there will be a lot of safeguards to prevent your data falling into the wrong hands.

Even so, though, having these super cookies stored in a central repository will make for a very, very tempting target for hackers. Let’s not forget that most of these companies also have our credit card, contact, and address details, too. The last few years have shown that even huge companies like Sony and Vodafone and banks like Chase and Citigroup can’t secure their systems against hackers. If the likes of Microsoft and Google are going to store virtually our entire activity and behavior in a database somewhere, then it better be damn secure