What Everybody Knows About You: Your Browser

This article is part of a continuing series about data collection today. The previous article talked about smart watches and other personal devices.

Most sites collecting data from your browser are retailers, but I am devoting a separate section of this series to the browser because of its unique technical issues.

The classic means of tracking a user was a browser mechanism that stores a coded message from the server, called a “cookie.” This odd term has an interesting background. Early in computer programming, developers liked to mark file types by leaving a particular string in them. For instance, every Postscript file begins with the string %!PS-Adobe and every PDF file with the string %PDF followed in both cases by a version number. These cookies are hints to programs that process different types of files.

In browsers, cookies were originally offered to help manage a session, allowing you to stay logged in and preserve preferences while traveling from page to page on the same server. But eventually, sites realized they could recognize visitors who made repeated visits to the site, a boon to marketing. For instance, using a cookie, a site could remember that you had looked at pictures of shoes on previous visits and offer you a discount on shoes during your next visit.

The information provided by cookies was vastly multiplied when a company named DoubleClick (now part of Google) started controlling cookies delivered by many cooperating retailers. Now a retailer knew not only what you viewed when you visited its website earlier, but all the things you viewed on other retail sites that are DoubleClick clients. The company stores a great deal of personal information in addition to your browser behavior.

Cookies can be disabled in your browser (thus losing the advantages as well as the privacy impacts of their use), but doing so, popularly called “Do Not Track” settings, are generally seen as ineffective. This is because modern servers use techniques so advanced that they’re like giving up a cookie for crème brûlée.

The first source of information is the browser’s “navigator” setting. This is used by JavaScript programmers. (By the way, some people disable JavaScript for privacy and other reasons.) Most of the navigator fields say nothing of value about you as a customer, but there are so many settings that their combination is virtually unique for each browser. Collecting the information is therefore called “browser fingerprinting” and lets sites identify you pretty much as well as if they used cookies.

Every server knows your IP address (or more likely, the IP address of a hub set up by your internet provider). This gives the company enough information to determine your geographic location. Servers can collect even more information about your browser and computer—even battery status!

This wraps up my focus on devices; in the remaining articles of this series, we’ll look at the use made of this information by the big institutions in our lives.

<< Read the previous part of this series