You've been permacookied and don't even know it

Every advertiser on the Internet wants to know where you're going, what you're doing, but permacookies go too far

I’ve long warned that no one is truly anonymous on the Internet. Tor guarantees anonymous downloads about as much as naming your hacking collective "Anonymous" guarantees you won’t be arrested. Those private snaps on your smartphone? If anyone cares to see them, they can be stolen and posted publicly. Repeat after me: When you use the Internet, anonymity is not a feature.

The last shreds of Internet privacy are falling away. More and more vendors are trying their darnedest to track you wherever you go. Google and its DoubleClick subsidiary have long dominated the tracking cookie game. Google probably knows you better than your significant other or best friends do -- maybe better than you understand yourself.

These days, your digital locations are only part of the story. Your smartphone broadcasts your physical location to service providers and other interested parties -- either through your device's GPS or by estimating your position via cell towers. Even if you don’t enable apps to use GPS location features, your smartphone may be using its Bluetooth feature to track you indoors.

The latest privacy surprise is that Verizon Wireless and AT&T are inserting identifying cookies into each and every Web request you make from your cellphone. You can’t remove them. Worse, because they are inserted into your requests, websites can also read them and use them to track you.

This onslaught of cookie tracking techniques, whereby the user is tracked by a unique, “invisibly” inserted piece of digital data that cannot be removed or refused by the user is known as a permacookie. The term is not new; I can find references to it at least as far back as 2011. I thought outrage at these permanent, silently tracking cookies would defeat the blasted items, but recent events convince me they're here to stay.

It’s important to note that some permacookies are not conventional cookies. Flash cookies, for example, have been around forever and are probably second in popularity only to DoubleClick’s tracking.

Worst of all, some permacookies cannot be avoided -- at least not without completely refusing to use the service. If Verizon Wireless and AT&T are doing it, other providers are likely doing it or will soon be.

Given all this, it may surprise you to learn that I'm not against permacookies. After all, the Internet is largely an advertising-supported world, and you gotta make a buck somehow. What I’m against is the lack of transparency and the inability to opt out.

I don’t think it’s a win for privacy and individual freedom when it takes investigative journalism to find out we’re being tracked. If a service tracks us, it should clearly state so up front and either allow users to opt out or forgo the service.

Transparency and respect for privacy -- what a quaint concept!

Copyright © 2014 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline