Yesterday's post discussed research about how retailers extensively track consumers online. Today, I wanted to explore this further.
So, I secured my Microsoft Internet Explorer browser and its Privacy settings to prompt me every time a Web site or page attempted to place or edit a Web cookie on my computer. This prompt would allow me to note the site requesting the cookie, and either accept or reject that cookie request.
I am not a computer expert, and this is not a formal, academic test. And it doesn't cover Web Beacons. This informal test is limited in that it won't indicate the contents of each Web cookie request; only that a cookie request occurred. I am sure that there are plenty of computer experts that can design a sufficiently rigorous test. Regardless, I felt the need to start somewhere.
For test web sites, I chose two of the credit reporting agencies' sites (Equifax.com and Experian.com) since I use these sites, have discussed them previously, and since these sites contain sensitive personal data about consumers.
It didn't take long for the results to show. When trying to access the Equifax.com home page, I noticed that the site placed a multitude of Web cookies on my computer. The list of companies writing to my Web browser cookie file went far beyond just Equifax:
- 12 Web cookies requests by Equifax.com, plus
- Doubleclick.com (2 requests)
- Quantserve.com (2 requests)
- Atdmt.com (2 requests)
- Hitbox.com (2 requests)
If you are counting, that was about 22 cookies requests before the home page fully loaded. To me, that seemed like a lot of Web cookie requests. And, who are these companies? Some of the names (e.g., HitBox, Doubleclick) I recognize since I work in the Internet industry. I know some of these are tracking services for advertisements.
I couldn't help but wonder what most consumers would think of this. I couldn't help but wonder what most consumers, who don't have the benefit of working in the Internet industry, would think of this -- if they took the time and knew how to configure their Web browser. This would probably make any consumer pause, and wonder what exactly is going on.
Sure, we all want to be informed consumers, but things seem stacked against consumers. The online tracking at Web sites starts sooner than many consumer probably would expect.
"We use session and persistent cookie technology for several purposes. For example, cookies: Allow you to order more than once during a visit without your having to re-enter your information each time you place an order for a Personal Solutions product; Allow us to gather aggregated statistical data about the use of our website for research purposes; Help us improve your navigation of our web site(s); Enable us to store your preferences for certain kinds of information and marketing offers; Help us to provide features such as personalized greetings; If you're a Member of Personal Solutions, allow us to store your user name and encrypted customer identification number so that we recognize you when you return to our web site; Help us combat identity theft and fraud with more reliable identity verification and authentication data."
"Cookies set by us or our agents are not interpreted or shared with any other third party. We may combine cookie data with personally identifiable information or business organization identifiable information you provide to us... We may sometimes use outside technology companies to set cookies on our web site and collect cookie information for us. We use the cookie information collected by these companies in the same manner as stated above in this section. Those companies may not use these cookies for their own internal purposes or share the information collected with any party other than Equifax."
A, "sometimes use outside technology companies?" 22+ cookie reqests at the home page tells seems far beyond "sometimes use."
And, who are Equifax's "agents" and "outside technology companies?" Who are these "third parties" that are not agents? Are they the list of companies I encountered or some other companies?
This secrecy leaves consumers to guess about what is going on. If everything Equifax is doing is really that good, then it shouldn't be an issue to list the technology companies, agents, and third parties.
The situation was little better at the Experian.com home page. I experienced fewer Web cookie requests from fewer companies:
- 11 cookie requests by Experian.com
- statse.webtrendslive.com (2 cookie requests)
If this lack of transparency bothers you (and I sincerely hope that it does), learn more about targeted advertising (a/k/a behavioral targeting). Then, write to your favorite retailers and demand more disclosure in their Web site Terms of Service and Privacy policies. If that doesn't work, write to your elected officials in Congress and demand legislation for more disclosure.