Web beacons, tracking cookies, pixel trackers and browser fingerprinting are used increasingly on college and university web sites. Unfortunately, most CIO’s and Chief Marketing Officers have very little knowledge of these web trackers presences and are naive as to their uses. In my opinion this is a significant problem for higher education that could kill any momentum in growing online learning, learning analytics, gamification, and existing uses of cloud services. But let’s not get ahead of things just yet.
Internet tracking has become so sophisticated it has been referred to as the new arms race by researchers as the University of Washington. The problem is so vast I struggled with how to best break it into manageable pieces while still keeping it interesting and valuable.
So to kick things off I thought I should start with an overview of the most common forms of web tracking used today. There are other forms such as the use of ETags (entity tags), Visited Link Coloring and some other less common forms. But for now, I will focus on browser fingerprinting, cookies, Flash Cookies (LSO), and web beacons (web bugs).
Perhaps the best way to understand this is for you to use the Electronic Freedom Fronties latest research tool Panopticlick to see just how unique and trackable your browser settings are.
According to my browser fingerprint test using Panopticlick it would be very easy to track me while gathering anonymous and pseudoanonymous browsing history data and match it on the back end to personally identifiable data.
What are Cookies
Cookies are small bits of data downloaded and stored text by a user’s browser from web pages they visit. Their purpose is to store bits of information about your interaction with the website and its content. Contrary to popular belief, cookies do not contain software or programs.
There are several types of cookies that are classified by how they function and who sets them. First-party cookies are the ones most people are familiar with which are set by the website owner and have the same domain name as the site. So if you visit the University of Virginia website at Virginia.edu you will get several first-party cookies downloaded into your browser. The details of one of the site preference cookies are shown here:
Third-party cookies function the same way but are cookies downloaded from a website that are not from the website domain. Third-party cookies are also called third-party tracking cookies, or tracking cookies, because their primary use is to accumulate long term browsing histories that is used by third parties.
One of the more common uses of third-party tracking cookies used heavily is for behavioral analytics to tailor online advertising or content to site visitors. So when visiting portions of the University of Virgina such as their News page you will get two third-party tracking cookies from ShareThis.com shown one that expires in a few hours but the other, shown here, won’t expire for a year.
Some third-party tracking cookies used for site analytics are actually set by using the site owner’s domain as with Google Analytics making this an even messier situation to sort out.
What are Flash Cookies LSO
Flash cookies also known as “local shared object” (LSO) are pieces of information that Adobe Flash might store on your computer. This is designed to save data such as video volume preferences or, perhaps, your scores in an online game.
The difference between Flash cookies and a browser cookie is that they are not stored in your browser which makes blocking and deleting them harder. This makes them more controversial because several unsavory companies have used them as “cookie backups” to reload cookies back onto your computer if you delete them as “cookie backups”
What are Web beacons
Web beacons are very small, usually invisible, objects embedded into a web page or email. Web beacons are also referred to as , which also go by the names “web bugs”, “tags”, “tracking bugs”, “pixel trackers” or “pixel gifs“.
In their simplest form they are tiny clear images the size of a single pixel that loads as an image when the web page is loaded or the email opened by making a call to a remote server for the image. The server call alerts the company that their email has just been opened or their web page visited.
Web beacons are used heavily by companies that want to track when their emails are opened.This has also made them attractive for spammers that use them to verify active email accounts by sending emails with pixel trackers embedded in them. This is why you should not display images in emails from senders you do not trust.
Web beacons are also used by online advertisers who embed web beacons into their ads so they can independently track how often their ads are being displayed.
This is just the beginning of what I hope will be an enlightening set of posts.