Wednesday, October 01, 2008

Privacy & Security: The cookies story

I recently noticed the cookies in my Firefox browser. For those who are not familiar with the (the "o" is the letter O not zero!) the cookies have the names of various sites you visited prefixed to the domain. A WHOIS query on the domain yields nothing. On a hunch I queried the WHOIS database for and sure enough it came up with Omniture, a major web analytics vendor providing web customer tracking solutions for many large and medium companies.

A bit of research showed me that the issue has been on and off since 2005. After the initial uproar about these cookies, Omniture linked the page to their web site with some explanations.

Around the same time I happened to be testing a Mac widget that tracks IP addresses geographically with Google Earth. So, I traced the route to and was surprised to see the path that came out: After the usual zigzags across Canada, the route crossed to the US (Washington state, then California) as expected but instead of connecting with Omniture's network next door it jumped to an Omniture router in Dubai and from there back to Omniture in Minneapolis, MN.

Now if you're an optimistic person you may say that traffic conditions at the time of my test dictated routing the packets over that Dubai link because it was the faster delivery option. That's how routing protocols work.

If you are a pessimistic person you may wonder if routing the tracking cookies to Dubai may have anything to do with more "flexible" privacy regulations off shore. The fact is that Omniture has access to cookies linking your browsing across multiple sites and technically could aggregate such information. To be fair, such aggregation would yield a profile of your browsing without "direct" personally identifiable information, unless of course you consider your IP address and browser identifier as such.

Whatever the case, I have cleaned up all those cookies from my browser. Omniture does offer on its page a link to opt out of these cookies, but does not explain how the opt out is actually implemented. So I said "thank you, but no thank you" to that offer. Instructions on how to remove these cookies depend on your browser and operating system and are available easily on the web.

Have you checked the cookies in your browser lately? Do you have any ones? How do you feel about those?

Labels: , , , ,

After a long dormant period I have decided to blog again.
I welcome your contribution of information, insights, and opinions as long as they are thoughtful, respectful of others and constructive. For those who don't fall in these categories: there are plenty of other venues in main-stream and alternative media for you!

So welcome to Nabou. Shine the light on the other sides of the stories you come across every day.