Protecting privacy is more than just rejecting cookies

Protecting privacy is more than just rejecting cookies

The award for the biggest data breach in history has a few nominees. First there’s Facebook, who, after ‘pivoting to privacy’ in 2019, saw 540 million records of likes, comments, reactions, account names and Facebook IDs left in an unencrypted publicly accessible database by third party app developers. 

In 2017, the credit reporting agency Equifax saw the records of 147 million Americans stolen by hackers who managed to access their system and remain undetected for almost two months. It took the company six weeks to tell the public there was a breach. Six weeks in which top executives conveniently sold lots of Equifax stock. 

But these data breaches are nothing compared to Yahoo. In 2016, they let the public know that 500 million users had had their accounts compromised. Just a few months later, Yahoo came forward again, revealing 1 billion user accounts had been unknowingly breached years before, in 2013. 

By the time the investigation was complete, it was determined that all 3 billion Yahoo accounts had been compromised. The information included names, phone numbers, security questions and the email addresses used to recover passwords. 

An even bigger data leak than Yahoo?

Each of these data breaches got plenty of news coverage. Passwords were reformulated and security increased. But while these big breaches always hit the headlines, huge amounts of data are being leaked every single day. And that data isn’t being stolen. It’s being handed out for free, or even knowingly sold when we read the news, go on social media or shop online. 

Each time we click accept on a consent banner, we’re agreeing to give access to our personal data, without really knowing what we’re giving consent to, or what the possible consequences are. We leave trails of it around for advertisers and companies to pick up and profit from. Forget Yahoo; we're living through the biggest data breach in history and haven’t even realised it. 

Online tracking isn’t just cookies

It may seem like all that is starting to change with the news that third party cookies are on their way out. The illusion is that we’re finally going to get our privacy back. But third party cookies are only one way we’re being tracked online. Other techniques exist, and just because cookies are being phased out, it doesn’t mean you’ll no longer be tracked or have your actions online spied on. 

Fingerprinting

Wired recently ran an article about how fingerprinting could become advertisers' new alternative to third party cookies. 

Fingerprinting isn’t a new technology, and was first seen around 2010. It works by gathering detailed information about your phone or browser like your language, timezone, keyboard layout, your operating system, and combines it to build a set of characteristics that are around 80-90% unique to you. Advertisers can then use this information to track you as you move from site to site

Although fingerprinting falls under the GDPR rules in Europe, according to that Wired article, it can be difficult to detect and difficult to stop. 

Cross device tracking

This matches up your browsing habits across multiple devices to create one consistent profile. 

Web Beacons

Beacons track how you engage with a specific website, including the content you click. 

Favicons

Those small pictures in the search bar that help identify a website through its logo are often saved by browsers in a cache. Websites can store a specific combination of favicons when a user first visits a site, and then check those images when the user visits again. It’s another way for websites to identify a user even when other privacy measures are being used. 

What the FLoC will Google do?

With so much of Google’s revenue coming from advertising, they’ve been on the hunt for an alternative to cookies that keeps advertisers happy. Federated Learning of Cohorts (FLoC) is a method where users are grouped instead of being individually identified. They’re grouped into like-minded users and then collectively tracked. Google has said it plans to lean on this method of tracking as third party cookies are phased out. 

The alternative to tracking

It’s still possible to be tracked and tagged without cookies (check out whotracksme to see how many trackers different websites have) and we’ll continue to have our behaviour studied through different spying and stalking techniques unless we aim for bigger change. At Motive.co, we’ve built privacy into the core of our product. Our Plug & Play search tool doesn’t track, tag, spy or stalk. And that means it doesn’t require a customer to click accept on a consent banner. With the trend moving towards more privacy, Motive Commerce Search provides you with the best search features while future proofing your store.