In May of 2018, the General Data Protection Regulation (GDPR) came into effect in the EU. Seemingly overnight, websites everywhere started throwing pop-ups to inform us about their use of cookies and our privacy rights. While the presence of the pop-ups may be reassuring to some (and annoying to others), the real issue is that very few of these pop-ups give any explanation as to how the cookies are used or whether they inform marketing decisions. So, before you click “accept” on that next privacy policy notification, read our primer on all things related to cookies, pixels, and web traffic trackers.
Check out the Webroot Community for more tips on how you can manage these cookies.
What is a Cookie?
Cookies (aka. HTTP cookies, session cookies, browser cookies, web cookies, or tracking cookies) are used by almost all websites to keep track of site users’ sessions. While you might not like the idea that a website is tracking you, cookies actually provide a very convenient function. Without them, websites you regularly visit wouldn’t be able to remember you or what content they should serve you. For example, if you added items to an online shopping cart and then navigated away without purchasing, that cart would be lost. You’d have to go back and add everything all over again when you were finally ready to buy. If it weren’t for cookies, our web experiences would be entirely different (and much more frustrating).
In cases like the previous example, the use of tracking cookies is pretty benign and helps smooth the user’s online experience overall. So, if cookies can provide a beneficial service, why do we need privacy laws like GDPR? The answer is because of a specific type of cookie, i.e. third-party tracking cookies. These are created by domains other than the one you are actively visiting. They run silently in the background, tracking you and your online habits without your notice and compiling long-term records of your browsing behavior. These are typically used by advertisers to serve ads “relevant” to the user even as they navigate unrelated parts of the web.
Who Serves Cookies and Why?
By far the most prolific servers of third-party cookies are Google and Facebook. To help businesses target and track advertisements, both Google and Facebook both suggest embedding a tracking pixel—which is just a short line of code—into business websites. These pixels then serve up cookies, which allow the site owner to track individual user and session information.
The tracking doesn’t stop there. To optimize their marketing tools for all users, Google and Facebook both track and store this data in their own databases for processing through their own algorithms. Even if you’re not currently logged in to Facebook, your session data can still be tracked by your IP address.
What is People-Based Targeting?
Google and Facebook’s ad platforms work incredibly well because they pair cookie data with an existing bank of user data that most of us have willingly (or unwillingly) given them. Your Facebook account, Instagram account, Gmail, and Google Chrome accounts are all linked to larger systems that inform sophisticated advertising networks how to appeal to you, specifically, as a consumer. This way, websites can serve you ad content you’re likely to click on, no matter which sites you’re actively visiting. Combining traditional cookie tracking with these types of in-depth user profiles is called “people-based targeting” and it’s proven to be an incredibly powerful marketing tactic.
How to Protect Your Data
The sad truth is that you’ll never fully escape tracking cookies, and, frankly, you probably wouldn’t want to. As mentioned above, they streamline your online experiences in a pretty significant way. What you can do is reduce the breadth of their reach in your digital life. Here are a few key ways to do that.
- Stay vigilant. Be sure to read the privacy policies before you accept them. This advice goes beyond the GDPR-compliant pop-ups that have become so prevalent in the last year. Keep in mind that tech giants are often interconnected, so it’s important to be aware of all the privacy policies you’re being asked to accept.
- Clean house. You don’t have to do it often, but clear your cookie cache every once in a while. There are plusses and minuses here; clearing your cache will wipe away any long-term tracking cookies, but it will also wipe out your saved login information. But don’t let that deter you! Despite that sounding like a hassle, you may find your browser performance improves. Exact steps for how to clear your cookies will depend on your browser, but you’ll find plenty of guides online. Don’t forget to clear the cache on your mobile phone as well.
- Use a VPN. Most of all, we recommend installing a virtual private network (VPN) on all of your devices. VPNs wrap your web traffic in a tunnel of encryption, which will prevent tracking cookies from following you around the web. Make sure you use a reputable VPN from a trusted source, such as Webroot® WiFi Security. A number of the supposedly free VPN options may just sell your data to the highest bidder themselves.
Cookie tracking and digital ad delivery are growing more sophisticated every day. Check back here for the latest on how these technologies are evolving, and how you can prepare yourself and your family to stay ahead.