Christian Huitema's blog

Cloudy sky, waves on the sea, the sun is

Let’s build a cookie exchange

17 Mar 2013

Bruce Schneier's post on Internet privacy hits the nail on the head. He is not the first one to make the point. Scott McNealy did that in 1999. Reporters were asking questions about the privacy implications of Sun's Java/Jini technology, and he quipped "you have no privacy, get over it." That was 14 years ago. Since then, we have seen the "web 2.0" technology drive surveillance to ever greater extremes, in the name of better advertisements. Bruce is making the strong argument that, by now, trying individual actions to protect privacy is futile. The only real solution would be political, that our elected representative pass laws that forbid such surveillance. But at the same time, there is so much "synergy" between surveillance by government and tracking by advertisers that such laws are very unlikely to get passed, let alone enforced.

I am all for political action and trying to pass such laws, but I think we should also start developing "protest technology" that actually fights back against tracking by advertisers. My pet project would be a "cookie exchange." The idea is to mess with the tracking, so that the service end up collecting lots of fallacious information. In effect, this will poison the data collected by trackers, diminish their value, and hopefully make tracking much less profitable.

Tracking services get developers to insert a reference to their services in the web pages, typically in exchange of better analytics, or as part of a display advertisement service. When we visit web pages, the tracking services get their own cookie back. The same tracking cookie identifies a given user on many web pages, allowing for correlation and profiling. The standard defense is to "block third party cookies," but that's not always available. In any case, blocking cookies only reduces the total amount of information in the database.

Let's suppose now that whenever a browser receives a cookie from a tracking site, it sends a copy of that cookie to our "cookie exchange," and receives back a cookie that was allocated to somebody else. The next time the browser access a web page, it serves back the exchanged cookie instead of the real one. Voila, the tracking service starts getting confused, it will believe that the page was accessed by that other person. If many people play that game, the data base and the statistics will be seriously flawed.

Of course, we need to get a few engineering details right. For example, we have to check how often the local cookie should be swapped with the exchange. We have to find the right way to design cookie exchange plug-ins in the browsers. We have to look at some filtering procedure to avoid swapping the "good" cookies, such as for example the access tokens to our bank account. The exchange will have to understand the lifetime of cookies, so as to avoid serving obsolete ones. If we cannot access the browsers, we may want to check for possible implementation of the exchange inside a web proxy.

There will be a cat-and-mouse aspect to all that, with advertisers trying counter-measures, and exchange developers hacking back. But all in all it sound like fun. If you are interested by such a project, drop me an e-mail!