Not Your Mamma's Cookie Jar

A year ago, if someone asked me if I wanted some cookies, I would have probably replied, “Please tell me they’re peanut butter.” Another year of working at a company that is heavily involved in the technology sector, though, has taught me to clarify whether we are talking about the good ol' Toll House, make-with-your-grandfather, eat-in-excess kind of cookies or the significantly less fattening (depending on how well they are used to advertise) cookies of the modern world wide web.  

A recent conversation in the office about the risk and threat that internet cookies pose to the average person spurred my further research into the subject, and, to my fellow victims of the cookie monster, here are the most important lessons:

Cookies are small bits of data that are sent to your web browser. These pieces of data are then stored on your browser and facilitate things like leaving items in your Amazon shopping cart, closing the browser, and finding the same items still in your cart the next day. Cookies also enable online payment processes. Cookies are meant to streamline your browsing experience and better serve your needs by guessing what you're looking for (ads and Google searching) before you even know it. Essentially, anything that is preloaded in a website for your convenience is cookie-enabled. 

This all seems well and good, except that cookies make it easier for anyone with a few hundred dollars of mobile hardware and open source tools to capture an alarming amount of information you've entered into the internet. 

Ars Technica, a respected online technology publication, spent a week spying on an NPR reporter with his permission in order to see what information was leaking out of his browser. In order to do this, Ars Technica used the technology that an average tech geek (or your average high-schooler) could pull together and gathered data from unencrypted sites and cookies. 

The extent of the data collected was alarming. Among the most concerning: a full Skype contact list, work-related emails in full, phone numbers and email addresses of sources for a story he was working on, a full Google search history, locations and contact information of databanks he was researching, and a full interview audio file. And that was just from his computer. Many mobile phone apps are unencrypted, and information such as your location, home address, phone number, work address, and medical history can be retrieved quite easily. By the end of the week, the Ars Technica team had not only located many bugs in supposedly "fully encrypted" websites, but they had all the source material for the story he was writing.* 

I, for one, had a casual understanding of cookies before, thinking they would be harmless until national news told me otherwise. Clearly, I did not pay attention when Edward Snowden made national news by leaking evidence that the National Security Agency was utilizing Google cookies as evidence of suspicious activity to warrant investigations into private citizens. While government probing into the lives of civilians isn't a new idea, there used to be a clear line that defined probable cause; the boundary was something out in the open that everyone could see. Now, this line is blurred to include things like your less than exemplary Google search history (and the fetishes or curiosities it indicates.)

Over the span of a week, I quickly learned cookies are scary and that my browser literally broadcasts information constantly. So, where does it end? and can it? 

Unfortunately, the internet is used for everything, (and I DO mean everything,) and there doesn't seem to be a way to stop the leakage of information without moving to a cabin off the grid and keeping all your cash in a shoebox. Most of the sites the average user (you and I included) loves to use work better with cookies. In fact, the internet isn't even really worth it without cookiesit turns into a frustrating, glitch-filled place with none of the ease-of-use that I love. So, I hate to say this, but it seems like when it comes to cookies, it's goodbye peanut butter and hello necessary evil.

As with any tasty treat, indulge with caution; be aware anything in your browser window is most likely accessible to anyone with the willpower to go looking for it. If you want some privacy, buy a notebook, and if you want to ask the internet a sensitive question, we recommend DuckDuckGo.


*For the full list of information leaked from the NPR reporters browser, check out the original article.