Privacy & Security: The 2o7.net cookies story
I recently noticed the 2o7.net cookies in my Firefox browser. For those who are not familiar with the 2o7.net (the "o" is the letter O not zero!) the cookies have the names of various sites you visited prefixed to the 2o7.net domain. A WHOIS query on the 2o7.net domain yields nothing. On a hunch I queried the WHOIS database for 207.net and sure enough it came up with Omniture, a major web analytics vendor providing web customer tracking solutions for many large and medium companies.
A bit of research showed me that the issue has been on and off since 2005. After the initial uproar about these cookies, Omniture linked the www.2o7.net page to their web site with some explanations.
Around the same time I happened to be testing a Mac widget that tracks IP addresses geographically with Google Earth. So, I traced the route to 2o7.net and was surprised to see the path that came out: After the usual zigzags across Canada, the route crossed to the US (Washington state, then California) as expected but instead of connecting with Omniture's network next door it jumped to an Omniture router in Dubai and from there back to Omniture in Minneapolis, MN.
Now if you're an optimistic person you may say that traffic conditions at the time of my test dictated routing the packets over that Dubai link because it was the faster delivery option. That's how routing protocols work.
If you are a pessimistic person you may wonder if routing the tracking cookies to Dubai may have anything to do with more "flexible" privacy regulations off shore. The fact is that Omniture has access to cookies linking your browsing across multiple sites and technically could aggregate such information. To be fair, such aggregation would yield a profile of your browsing without "direct" personally identifiable information, unless of course you consider your IP address and browser identifier as such.
Whatever the case, I have cleaned up all those 2o7.net cookies from my browser. Omniture does offer on its 2o7.net page a link to opt out of these cookies, but does not explain how the opt out is actually implemented. So I said "thank you, but no thank you" to that offer. Instructions on how to remove these cookies depend on your browser and operating system and are available easily on the web.
Have you checked the cookies in your browser lately? Do you have any 2o7.net ones? How do you feel about those?