Saturday, November 03, 2018

Cookies are Bad for You by KimB

[Editor's Post]

Everyone knows Cookies are Bad for You but we still consume lots of them.

Years ago, watching the Oprah Winfrey Show, she hosted a guest nutritionist telling everyone around the OprahSphere how to lose weight. The Skinny Dude was telling those of us with Many Shades of Tubbiness how to be Just Like Him: Skinny.

His advice:
If you want a cookie... Eat a Cookie.
Oprah's response:
A Cookie? A Cookie?
It's not A COOKIE, it's a BAG OF COOKIES!!!!

Which goes to show that Oprah knows of what she speaks.

In my few encounters with nutritionists I've noticed that they have always been "skinny folks". The only credible people I've met are people who have Been There Done That ... about a thousand times.
Skinny folks, don't get it.
Fat folks get more than they should.

Which brings me to the topic of the day:

COOKIES are BAD for YOU

Because like Bags of Chocolate Chip Cookies, Computer Cookies are just as nasty. Worse even. A Bag of Chocolate Chip Cookies at least tastes good. Computer Cookies don't have any taste at all yet still manage to clog the arteries of your computer faster than the fake-chocolate, high fructose corn syrup, 200 years worth of preservative Chocolate Chip Cookies can clog yours.

Sort of a race to oblivion.

What are Computer Cookies?
You might very well ask...

Cookies are technically small files that are created and destroyed when you use a Browser (Chrome, Safari, Edge/IE, Firefox and others).1 The appear harmless in concept but in practice they can be nasty or put to nasty use. They come in many types with different uses and their current use is one reason why the internet is the mess it is today.

Here are just some of the types of cookies you will find when you visit any website:
  • Session cookie
  • Persistent cookie
  • Secure cookie
  • Http-only cookie
  • Same-site cookie
  • Third-party cookie
  • Supercookie
  • Supercookie (more than)
  • Zombie cookie / Evercookie

The average web page contains 20 or more cookies. Only 1% of cookies are strictly necessary. A scan of 330,000 websites found 4,940,969 Garbage Cookies and that's a lot of Computer Cookie Calories clogging up the internet.2

Computer Cookie Calories 2
Average cookies per website 20
Strictly necessary cookies 1%
Persistent Cookies 74%
Websites Scanned 329,151
Cookies Found 6,656,090
3rd party cookies 4,940,969

Cookies are the number one method companies and government's use to track people. The entire Internet Data Mining System is built on Computer Cookies and corporations use them to make Billions and Billions of Dollars from you, your family, your friends, your neighbors, and people you didn't even know you know.

Governments, of course, have many more methods they can use because they are not constrained by Rule of Law - they get to do whatever they want, whenever they want.

Years ago, working in a Start Up in the early Daze of Silicon Valley, discussing some internet protocols with other engineers in our High Tech Environment, the subject of cookies came up. One of the engineers stated flatly that No Cookie was ever going to grace the environment of his computer system and flatly refused to support cookie use. He was one of the few that no other engineer could bamboozle with Internet Hocus Pocus. He knew his stuff. And we all knew he knew too.

I have often thought about that conversation and thought More Fool Me for not recognizing what was really happening. Engineers get rather short sighted while slogging through deadlines and project status meetings and milestones and releases and QA cycles; more often than not, we miss the whole point.
  • Engineers are good at doing what they are told to do.
  • Engineers are great at building a Never Seen Before Widget
  • Engineers are terrible at recognizing what it is that they are really building
  • Engineers are horribly gullible and the smell of money and stock options makes them loopy

So what is the fuss about?

  • A cookie is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing
  • A cookie is designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user's browsing activity
  • A cookie can be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit card numbers

These are what allow websites to "remember you" and perform "auto logins". They help you avoid the unpleasant necessity of remembering and typing in awkward number sequences and the website takes advantage of this to put all kinds of trash on your system for their own benefit.

Computer Cookies were invented (ahem loose phrasing here) in 1994. Browser Makers created the code and started pushing cookies onto systems everywhere and sort of forgot to mention this to the public until they were outed in a Financial Times article about them on February 12, 1996

So for 2 years, Silicon Valley didn't say nuffin'.

At about the time of the article, the folks in charge of Defining the Internet had already identified third-party cookies as a considerable privacy threat.

Silicon Valley didn't change a single thing. 1996 - 2018 ... 22 years and counting.

Kind of makes you shudder a bit. Silicon Valley is just as forthcoming now as they were then.

Cookies and the Are You You? Problem

In the old days when folks were trying to recognize Friend From Foe there were a whole lot of ways you could tell or get the other guy to tell which side of the battlefield they were fighting for:

Loud Movie Voice:
H A L T !!! Who goes there? Friend or Foe???

Do you really think anyone was stupid enough to answer FOE?

In the internet, our battlefield lies between your computer and the destination computer you want to access. The size of the battlefield is enormous and spans the entire globe, with every government and bad dudette on the planet looking to find a way past each other into your very attractive computer or mobile device.

The Cookie was an attempt to create a system where the Web Page knew You were You and didn't go blabbing your personal life to anyone else. This is sort of moot at the moment as web pages no longer need to blab much as entire corporations are spewing their data repositories containing every item they've collected about World+Dog to any FOE who wants to see it for FREE. If you are FRIEND you have to pay big bucks for the same data.

It was not the only way to do it this and like the stupidity of Friend or Foe, it didn't take long for the Foes to pretend to be Friends.

It was known 20 years ago. It is known now. It's not new news.

It's just the folks making a lot of bucks off of you DO NOT want YOU do know what to do about it.

Challenge of the Cookie

The internet battlefield is strewn with the corpses of good ideas and punctured balloons. It's like trench warfare: the lines move by inches back and forth. We gain some and we lose some. There isn't any "final victory". Foes are clever and they figure out new ways to pass through to their desired destinations.

There is NO DIFFERENCE between FOES:

Governments   Corporations   Bad Guys

They work the same methods and use the same techniques. There are no Knights in Shining Armour there.

What there are, are folks pushing back against the FOE Lines to minimize some of the damage they do. The damage is greater than advertised. Google recently shut down their Google+3 system due to:
Pick the Google answer you think best fits the topic:
  1. Low usage.
  2. or
  3. Major Software Bug allowing Private Data to be exposed.
Was it due to cookies?   Yes.

Because cookies ARE methods by which private data is collected and then exposed not to mention a lot of other bad news coding. It was sooo bad they folded up the entire shop because there are some new laws (mostly in the EU), that make it very expensive when these eruptions happen. Facebook's MarkZ got a nice grilling in Congress4 and actually had to put on a suit and tie for similar reasons. I'm sure MarkZ was more upset that he couldn't wear his tee-shirt to the BBQ.

Recently, there was a new Internet Directive for browser makers involving removing cookies on demand or when a setting is checked that tells the browser to clear all cookies. Google sort of forgot to clear their own tracking cookies.5 When it was noticed (and it was noticed pretty fast) the official response:

Google:
Oh..   Ahhh...   Ummmm....
We thought you meant the OTHER GUY'S cookies.
Surely you want to keep OURS...

Corporations don't want to make things better for you. Only for themselves. In the Friend or Foe battle, corporations jump lines all the time. Even when you get a message saying "Cookies are cleared" that doesn't mean anything. All it means is you got a message with that text. It's a FOE claiming to be FRIEND.

So here are some things you can do to Challenge the Cookie and they are not painful or hard.
  1. Check for Cookies
    Look at each web page you visit and check what kind of cookies are being pushed. This ability varies by browser. Some make it easy to see what's being dumped to your system. It is most often in the Privacy Settings Page of the browser.
  2. Turn OFF the settings to automatically accept all cookies.
    This varies by browser. It's hidden in some and right up front in others. It is most often in the Privacy Settings Page of the browser.
  3. Set up Your OWN List of FRIEND sites
    Set up Your OWN privacy list of webpages where cookies are OK Most people visit a small handful of webpages where they really want to have their data harvested. Most people visit a lot of webpages just to Surf. Use the Privacy Options to create your own list of who gets FRIEND status. Everyone else will be FOE by default. Change the list as needed.
  4. Reconsider which sites you go to
    There are so many sites with similar information select the ones that aren't FOE makers. Put them on your FRIEND site list.
  5. Turn off JavaScript
    This is the BEST thing you can do. It's the most armour you can get. Without JavaScript setting cookies is much harder. Never underestimate FOEs but it will push them back a long way. This setting is often hidden in the browser configuration file.
  6. Accept there will be less flashy page layouts
    If you DO NOT allow ALL cookies and/or JavaScript some sites are gonna barf. Yeppers, sites that cannot get their cookie fix might choke. Many times it doesn't matter that much you can still use the site OKish. Some fancy stuff might not work but do you really need the fancy stuff?
  7. Clear your History, your Cookies and your Browser Cache
    This varies by browser. It's hidden in some and right up front in others. It is most often in the Privacy Settings Page of the browser. There is often a direct button for this on the Browser Menu too. Clear your Trash Can too.
  8. Clean out Temporary Files.
    Temporary files never make it to the trash can. They are normally managed by the operating system. Cookies and Junk can accumulate in the Temporary File Storage Area. This an advanced housekeeping action. DO NOT attempt to do this without completely understanding which files you can remove. Clearing out the wrong files can disable your computer. You can find information on the internet on how to do this for your system.


References
  1. https://en.wikipedia.org/wiki/HTTP_cookie
  2. From a research website that extracts and analyzes cookie usage.
  3. https://en.wikipedia.org/wiki/Google%2B
    https://www.theguardian.com/technology/2018/oct/08/google-plus-security-breach-wall-street-journal
  4. https://www.theguardian.com/technology/2018/apr/11/zuckerberg-hearing-facebook-tracking-questions-house-back-foot
  5. https://www.theregister.co.uk/2018/09/25/chrome_69_google_cookies/


Wanna Cookie?
Wanna Cookie?




No comments: