Cookie Monsters

Related articles

Tracking cookies, those bite-size snippets of code that log your internet behavior come in as many forms as recipes for chocolate-chip cookies. Let us make a few quick distinctions. Some “session” cookies are bound to your browser and expire when you close the browser. Other cookies can have “best-by” dates or may last forever, like Twinkies. More importantly to this study, some cookies are issued by the site you are visiting, first-party cookies; others, ghostwritten by obscure code, serve the need of external third parties. Those are the subject of some new research.

The researchers scanned websites for these third-party tracking cookies. What is unique is that they looked at three forms of “official websites.” First, the governmental websites of the G20, the 19 countries, and the EU that control about 90% of the “gross world product and two-thirds of the world population.” Second, “international” official websites were identified by the UN and EU; finally, COVID-19 websites were identified by the CDC and EU’s equivalent, the European Center for Disease Prevention and Control.

“The majority of the official websites, ranging from 77% to 100%, of the G20 countries add cookies without user consent.”

This refers to any cookies, including those self-limited session cookies. For the inquisitive, the US stood at 93.5%, certainly shy of the 100% for Saudi Arabia or 99.5% for Russia. We were closer to the 92.4% for China. The real “dirt” resides in this graphic showing the percentage of third-party cookies and trackers. 

The percentages are higher for more time-limited trackers, but it is clear that someone is interested in our use of these official websites. For those seeking a silver lining, governmental websites use about half as many long-term trackers as general websites. I find little solace in that finding. That is reinforced by the discovery that even France and Germany, with strong privacy protection, use these unannounced trackers.

Who might these trackers be?

No surprise, Google heads the list covering 20 to 50% of the websites, except in China, where Baidu, the local Chinese Google equivalent, holds sway. Meta, the new Facebook brand, covers 5 to 20% of these websites.

How do they attach themselves to these websites?

The predominant means by which third-party trackers gain access to these governmental websites is through the use of social media analytics, like Google analytics, or the links to social media, like Twitter, and links to video, like YouTube. But as the researchers write,

“our analysis shows that there is no apparent provision to remove third-party trackers altogether from official governmental websites, as we would hope and expect from administrators of such websites.”

International organizations are not immune from these practices. The research concluded that 60% of international websites had third-party trackers. Nor are COVID-19 sites immune; the Johns Hopkins University site has seven third-party trackers.

Our focus is on third-party cookies and well-known tracking services. Ironically, despite significant efforts to promote regulations like GDPR, governmental sites themselves are not yet clear of tracking practices targeted by such regulations.”

Rather than try to conclude some ill intent on the part of the government or the third parties, perhaps we can take this as a measure of the ubiquity and persistence of tracking. Strong rules require surveillance and enforcement to have their deeds match their words.

Source: Measuring Web Cookies in Governmental Websites Association for Computing Machinery DOI: 10.1145/3501247.3531545"