Cookie monitoring?! No way…just a “coincidence”
Yesterday, E-Crime Expert presented some privacy risks associated with the Internet usage here. Today, it is presented how one could be monitored through a cookie, regardless that starting with May 31, 2011, a cookie in order to be installed on a user’s machine or browser should have first his/her explicit consent and acknowledgment as per the Directive 2009/136/EC requirements. Unfortunately, this Directive does not specify that such consent should be obtained “prior” to that particular cookie instalation on the user’s machine or browser.
Recently, while reading the news on the Internet (Yahoo Canada news), I was surprised to see on the bottom of the page (see Fig. 1), the name of one of my Facebook contacts where the news titles are usually summarized (as she likes that particular article and through association I should “like” it too). I thought that she was in the news so I clicked through to read it. But instead, there was a field named: “Friend’s activities”. What fiends? Yahoo friends? This was not possible as this contact does not have my Yahoo email address, so what is this about? In fact, there was a new field with updates of my Facebook friends regarding information they shared with their connections on Facebook. Why would I want to see on Yahoo Canada News a link that I could see on my Facebook? How would that be possible? Simply, the link was there. I had to figure it out, as I never clicked the famous Facebook “Like” button on any of my websites or during my browsing activity, nor on Yahoo Canada news.
The only way that it was possible for my Facebook friends’’ updates to appear on the Yahoo Canada News homepage is because the email I use for my Facebook account is actually my Yahoo email address. If I am logged in to Yahoo and browsing the Internet and also logged on to Facebook on the same computer but not necessarily having them open in separate tabs (aka webpages) simultaneously, or even have Facebook opened at all, Facebook through my log in username (Yahoo email address), is “following” me anywhere I go over the Internet. I also never imported my Yahoo contacts to Facebook or any other email client contacts. In this case, regardless of whether I expressed or not my consent to be delivered friends’ updates or links outside my Facebook platform, I am getting them anyways.
This represents information that I never requested nor authorized to be delivered to me outside of Facebook (in this case the Yahoo News). Furthermore, this is strong proof of the fact that users are being monitored outside the Social Networking platform’s walls and being delivered advertising. In fact, just the Facebook wall post referring to a commercial activity was linked to my yahoo News page (not a regular daily activity like walking the dog for example), which will bring further audience to that particular business. What is disturbing here is that neither me the receptor of the information nor the person who posted that information, were informed about this advertising practice: to appear on an electronic News page as news. Every user will be provided with different content than other users regardless if they read the same electronic newspaper and the same news. This content will be individually tailored for each user based on his/her personal preferences and characteristics.
Technically, this was made possible through a cookie(s) uniquely connected to my user name (e.g. my Yahoo address). The Article 29 Working Party through its February 2010 opinion, specifies that: “placing cookies or similar devices on users’ terminal equipment or obtaining information through such devices is only allowed with the informed consent of the users”. Furthermore, another Article 29 Working Party’s opinion from January 2008, specifies that:
“When a cookie contains a unique user ID, this ID is clearly personal data. The use of persistent cookies or similar devices with a unique user ID allows tracking of users of a certain computer even when dynamic IP addresses are used. The behavioural data that is generated through the use of these devices allows focusing even more on the personal characteristics of the individual concerned“.
In my case, my unique user id (Yahoo address, which is assigned as a Facebook log in), has a designated unique cookie. That cookie is “following” my Internet activity on my computer, and later transmits data back to Facebook. All these are happening without my acknowledgment or consent.
Last but not least, let’s assume that a father is sharing the same computer with his teenage daughter, and his daughter comes to use their shared computer, then she will have access to her father’s personal Facebook contacts and account content without his consent, as there under his Yahoo page, links from his Facebook account will be displayed. Also, his daughter by clicking on that Facebook link under the Yahoo News page (mistaken as a yahoo news item), could easily get into her father’s Facebook account which is his private space. As Facebook in my opinion, is a communication platform, this will be a real intrusion into someone else’s communication and private life. If there were contacts’ personal details, this would qualify as a breach of personal data by being exposed to unauthorized persons (the daughter).
Any questions can be submitted to:
Additional information can be found at: www.e-crimeexppert.com
Have you ever felt monitorized on the Internet? Did this happen to you? Would you be interested in checking the new Facebook privacy settings?
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.
- @k3rstin Hi Kerstin. Im fine thank you. Still in Brussels. Can we collaborate on any project/assignment? Best regards, Dan. 1 year ago
- 6 Essential Tips on How to Prevent Online Shopping Fraud wp.me/p1N1s0-jD 3 years ago
- Cyberbullying wp.me/p1N1s0-jz 3 years ago
- 10 Ways to Prevent Your Identity From Being Stolen wp.me/p1N1s0-jv 3 years ago
- Infographic-Privacy and Security on Facebook wp.me/p1N1s0-jp 3 years ago