Are Cookies An Invason Of Privacy Or Identity Theft Concern?

Robert Siciliano Identity Theft Expert

Ive taken lots of heat for my comments on a Fox News report that the Office of Management and Budget is considering reversing a nine year ban on using “cookies” to track users’ preferences and interests on federal websites. The shift in policy is being billed as a way for government to enter the 21st century and for federal agencies to use the same technology utilized on news sites, retail sites and social media networks.

My comments under fire involve some “scaremongering” and potential inaccuracies in relation to cookies and what they do.

“Without explaining this reversal of policy, the OMB is seeking to allow the mass collection of personal information of every user of a federal government website,” said Michael Macleod-Ball, acting director of the American Civil Liberties Union’s Washington Legislative office. “Until OMB answers the multitude of questions surrounding this policy shift, we will continue to raise our strenuous objections.”

A cookie is a small piece of text or code that is stored on your computer in order to track data. Cookies contains bits of information such as user preferences, shopping cart contents and sometimes user names and passwords. Cookies allow your web browser to communicate with a website. Cookies are not the same as spyware or viruses, although they are related. Many anti-spyware products will detect cookies from certain sites, but while cookies have the potential to be malicious, most are not.

A colleague sent me a note after reviewing my comments regarding cookies and stated:  “Cookies have been around since the mid-to-late ’90’s, and most people still don’t understand what they are or what they do. If you go to http://osvdb.org and do a search for “cookies”, you’ll see there have traditionally been tons of vulnerabilities surrounding them. From a privacy standpoint, they’re also a potential issue depending on how they’re used, but that really depends on a site’s environment. Saying that “cookies store passwords” isn’t really true in most cases based on evidence I’ve seen over the last several years. They might store session IDs or be manipulated to allow admin access to a site, sure… but that’s not true across the board for every (or even most) sites.”

However Informationweek reports Internet users are revealing information that identifies them through the use of social networking sites cookies.

What was said in the video in relation to what cookies do was more of an analogy than stating fact. I was trying to simply give a bit of perspective and explain what the privacy concerns may be. Its a complicated issue that has the ACLU and others up in arms.

The government tracks criminals using specially developed spyware that gathers a wide range of information, including IP and MAC addresses, operating systems, Internet browsers, open ports, running programs, user names, and recently visited URLs. This scares privacy advocates, for good reason.

But cookies are generally not invasive. They are typically used to produce usage statistics within a single site, or to produce anonymous user profiles across multiple sites, in order to determine which advertisements would be most relevant. Many websites become unusable if your browser does not accept cookies. Social networking sites are particularly dependent on cookies.

Federal government agencies have banned cookies in their own sites since 2000 in response to demands from privacy advocates. Some claim that the proposal to reverse the ban comes in response to Google’s recent lobbying efforts. Whitehouse.gov posts YouTube videos that contain Google’s third party cookies. The entire issue requires a bit more transparency for all those involved.

Advertisers have long known that cookies are useful for customizing the user experience. The government seems interested in taking advantage of this benefit as well. If that is the real motivation, it’s great. But privacy advocates aren’t happy, since the government tends to take a mile when given an inch.

There are a few fundamental ways to keep yourself secure. Browsers all give you the option of simply turning cookies off.  Make sure that yourInternet security software is updated, and install spyware removal software if it isn’t included in your basic security suite. Lock down your wireless connection. Use strong passwords that include upper and lowercase letters as well as numbers, and never share them. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. In most cases, this prevents new accounts from being opened in your name. Download CCleaner, a free system optimization, privacy and cleaning tool that removes unused files including cookies from your system, which frees up disk space and allows Windows to run faster. It also cleans traces of your online activities. And invest in Intelius identity theft protection. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses a proposal to allow the use of cookies on federal websites on Fox News, and again on Breitbart.tv.