Other than No Agenda, the only podcast I never miss is Security Now. Since I’m a SysAdmin, I really need to keep up to date on security news and that’s the show for it. The most recent episode had a lively (not lively enough) debate between Leo Laporte and Steve Gibson arguing for and against third-party cookies, respectively. The only problem was that they both totally missed the point.
Leo’s position: Advertising is how the internet is monetized. You get free stuff (like Gmail, Facebook, YouTube) so you should expect advertising. And you should expect targeted ads (made possible by tracking), since those are more valuable to you and to the site owners. Therefore, tracking cookies are ok.
Steve’s position: Advertising doesn’t need cookies to work. They can glean enough information from the source IP address and the referrer headers to make proper impression calculations. And, although he didn’t say this (because he’s too nice of a guy), the implication is that tracking is therefore simply greedy.
Both of these positions miss the real point, which is: Being tracked as part of advertising isn’t unique to the internet(think grocery store discount cards), but being tracked at the discretion of the product owner without your consent is.
If the grocery store offers me a discount card, I can refuse it. It also only works at that chain of stores. But, the issue with internet tracking is that you’re getting tracked by site owners choosing to use free services, which is beyond your control. If you go to a blog like this one, and I choose to serve you ads (which I never will), you’re now going to get tracked by that advertiser wherever you go within their ad network. You never had a choice. You never even knew it was happening. And you can’t know before-hand which sites are ad supported and which are not until you visit them. And then you’re tracked just for visiting.
It’s like having the grocery store manager hiding up in the rafters and silently shooting you with an RFID tracking chip as soon as you walk in the door.
And that’s just the advertising side. The other part is analytics services like google-analytics. It’s hard to find a site these days that doesn’t use google-analytics. That means Google has a record of your travels across the web, just by virtue of those site owners choosing to use that service. Again, it’s all beyond your control.
You can act, as Leo did, as if it’s tin-foil hat to think that these companies like Double-Click care about the habits of individual persons. But, what happens when you find yourself in the cross-hairs of an overzealous child services worker. Busy-bodies turn in people for bogus reasons all of the time. Would you want that social worker subpeonaing your web history from Google so they could fish around for something to make a case out of? Almost any website you visit could be pulled out of context and turned into something “troubling.” What about that time you went to WebMD and did a search for “child has a rash on his kneck”? Did you follow that up with a doctor visit? If you didn’t, then maybe that’s negligence. See how this works?
Tracking is not necessary for internet advertising. It might be necessary for really good internet advertising. But, what kind of argument is that? Think of how much better ads would be if the ad companies could have your credit card purchase logs, your credit report and all of your medical records too. Wouldn’t that be awesome!