This is going to be a short and sweet blog post. I was unfortunately too busy running through my own presentation over and over in my head to pay attention to most of the others. I learned a lot about carrier pigeons from Wren Glanville though.
I had no idea how far back carrier pigeon use went. Their use in Ancient Egypt to report the flooding of the Nile was fascinating. I also never knew there were war hero pigeons. I knew they were used in war, but I did not expect them to be commemorated.
The presentation that I was most concerned about was Catherine Crump’s on police surveillance technology. I knew it was a lot, but I had not realized quite how much we are being tracked in our day to day lives. That was back in 2014 too. It is just speculation, but one can only imagine how much more sophisticated tracking technology has become over the past ten years.
I think what to do about this situation from a policy perspective is tricky, though. There are obvious safety benefits in the intended uses of the technology they use to track us. The automatic plate scanner Crump talked about are really good for knowing when people run red lights, speed, or park in illegal places. They are also good for finding known criminals or stolen vehicles. Whatever policy is implemented would ideally retain those benefits while also preserving peoples’ privacy.
I would recommend a method like ones that I have read in the EULAs of many software products. Oftentimes if a company collects your data (and is not planning to use it maliciously), they have a policy that it will be deleted after a specified amount of time. For an example, I would propose a policy that the data collected by police agencies must be deleted within 30 days unless the subject of that data is under an active warrant, on a watch list, or similar. This would keep the criminal catching uses of the technology, while minimally sacrificing the privacy of normal civilians.
Unfortunately, there is not very much we can do to protect our privacy as civilians. Our smartphones report our data to corporations, cell towers, and routers constantly, so we are always willingly being tracked. Also unfortunately, smartphones are just too much of a necessity to give up in the modern world. We are always being watched, and that is the way we like it.
When people think of internet cookies, they often think of sneaky bits of spyware that track you all over the internet. While, yes, that is something they are used for, it is not the only thing they do. They come with major benefits too. For instance, if you have ever changed the language on a website, that was a cookie. If you have ever been automatically logged in, that was a cookie. And, perhaps most importantly to the field of communications, if you have ever used a shopping cart, that was a cookie.
The shopping cart was actually one of the original intended uses for cookies. Back in 1993 online shopping was not very popular, and while that was mostly due to the limited popularity of the internet at the time, it was also because it was very tedious. Without any extra features like cookies, websites cannot remember anything about your visit, whether that be between visits or even just between different pages in a single visit. There was no way for you to find an item you wanted and then go find a different item so you could buy multiple things at once. The website would simply forget.
Lou Montulli
That is where cookies come in. A man named Lou Montulli was working with the Mosaic Communications Corporation to develop the Netscape Navigator web browser, which would coincide with the launch of the World Wide Web. One of Mr. Montulli’s visions for the internet of the future was easy and efficient online shopping, and so he devised the cookie.
The Anatomy of a Cookie
The concept behind the cookie is very simple. It is a small packet of data that a website sends a visiting device so that it can store browsing data on that device. Even though the data packets are small, having thousands or millions of them stored on the host server would quickly get out of hand. If each user stored their own data though, the amount would be so miniscule that no one would even notice. When the user visits the website again or changes pages, the site simply requests the packet back from the user so they can resume right where they left off. The data was also encrypted so that only the rightful website could access it. Montulli reasoned that governments, corporations, advertising agencies, and hackers would be absolutely salivating over all that data, so it could not just be sitting around easy for them to access.
Montulli’s implementation of the cookie would be a flagship feature for Netscape Navigator, and when that web browser took over the internet, it set a cookie standard that is still held to this day. Thus, all of our favorite shopping websites like Amazon, Steam, and Ebay can exist and help people all over the world get the products they need.
Unfortunately, though, that is not the end of the story. It is common knowledge today that cookies are practically spyware that track your every movement. So, where did it all go wrong? The answer is Third Party Cookies. For an example, consider the targeted advertising industry:
Third Party Cookies
Website owners often want to make money, but website users often do not want to pay them. The most common compromise is for the website to have ads on it. However, that ad space can be tricky to sell to advertisers. That is where an advertising company steps in. They automatically connect website owners with advertisers, and in exchange receive a portion of the ad revenue. They also request that the site owner distribute the ad service’s cookie packaged with the site’s own cookies. This is a really sneaky way of bypassing Montulli’s encryption. Effectively, because the ad service now owns part of the cookie package, they can now rightfully access the rest of the cookie too. With thousands of sites all using their ad service, and millions of cookies being distributed, they now get a constant stream of data from users all over the internet which they can do with as they please. That is how they track you.
This was a flaw in the cookie’s design that was known even before the release of Netscape Navigator. It had already been exploited to lesser degrees in cruder cookie-like features in previous browsers. Montulli knew about this, but he included and standardized his flawed cookie design anyway. His reasoning was that it was a choice between standardizing his flawed, but still somewhat privacy respecting cookie, or wait and risk more malicious developers standardizing something even more invasive. It was a choice between the devil he knew and the devil he did not. He chose the one he knew.
Unfortunately, this story does not have a happy ending. The devil he did not know was eventually created. It is called Fingerprinting, and Montulli was right. It is far worse than his cookies. However, this marks the end of the cookie’s story, the story of how the hard work of a genius was corrupted into the tool of spies. Though they have attained the ire of the masses, maybe the next time you buy groceries online you will remember all the good cookies do for us, as well as all the bad that comes packaged with them.
Sources:
https://www.digitaltrends.com/computing/history-of-cookies-and-effect-on-privacy/
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#security
https://allaboutcookies.org/what-is-a-cookie
https://developer.mozilla.org/en-US/docs/Web/Privacy/Third-party_cookies
This is going to be a short and sweet blog post. I was unfortunately too busy running through my own presentation over an...
