Cookie Monsters on the Web

Related articles

Tracking cookies – those bite-size snippets of code that log your internet behavior – come in as many forms as recipes for chocolate chip cookies. They are ubiquitous on all commercial websites, but as it turns out they can often be found on governmental websites. How did that come to be? Part of Big Brother’s surveillance or could it be a quiet “smash and grab” by social media companies?

Let us make a few sharp distinctions. “Session” cookies are bound to your browser and expire when you close the browser. Other cookies can have “best-by” dates or may last forever, like Twinkies. More importantly to this study, some cookies are issued by the site you are visiting, first-party cookies; others are ghostwritten by obscure code to serve the needs of external third parties. These third-party cookies are the subject of some new research.

The researchers scanned websites for these third-party tracking cookies. What is unique is that they looked at three forms of “official websites.” First, the governmental websites of the G20, the 19 countries, and the EU controlling about 90% of the “gross world product and two-thirds of the World population.” Second, “international” official websites as identified by the UN and EU; and finally, COVID-19 websites were identified by the CDC and EU’s equivalent, the European Center for Disease Prevention and Control.  

“The majority of the official websites, ranging from 77% to 100%, of the G20 countries indeed add cookies, without any user consent.”

This figure refers to any cookies, including those self-limited session cookies. For the inquisitive, the US stood at 93.5%, undoubtedly shy of the 100% for Saudi Arabia or 99.5% for Russia. We were closer to the 92.4% for China. The real “dirt” resides in this graphic showing the percentage of third-party cookies and trackers. 

The percentages are higher for more time-limited trackers, but it is clear that someone is interested in our use of these official websites. For those seeking a silver lining, governmental websites use about half as many long-term trackers as general websites. I find little solace in that finding. The finding reinforces that even France and Germany, with strong privacy protection, use these unannounced trackers.

 

Who might these trackers be?

No surprise, Google heads the list covering 20 to 50% of the websites, except in China, where Baidu, the local Chinese Google equivalent, holds sway. Meta, the new Facebook brand, covers 5 to 20% of these websites.

How do they attach themselves to these websites?

The predominant means third-party trackers gain access to these governmental websites is through social media analytics, like Google Analytics, or the links to social media, like Twitter, and video, like YouTube. But as the researcher writes,

“...our analysis shows that there is no apparent provision to remove third-party trackers altogether from official governmental websites, as we would hope and expect from administrators of such websites.”

International organizations are not immune from these practices. The research concluded that 60% of international websites had third-party trackers. Nor are COVID-19 sites immune; the Johns Hopkins University site has seven third-party trackers.

“Our focus is on third-party cookies and well-known tracking services. Ironically, despite great efforts to promote regulations like GDPR, governmental sites themselves are not yet clear of tracking practices targeted by such regulations.”

Rather than try to conclude some ill intent on the part of the government or the third parties, perhaps we can take this as a measure of the ubiquity and persistence of tracking. Strong rules require surveillance and enforcement to have their deeds match their words.

 

Source: Measuring Web Cookies in Governmental Websites Association for Computing Machinery DOI: 10.1145/3501247.3531545"