Monday, February 9, 2009

White House Cookies Stir Controversy

To bring more communication and transparency to the White House, a new Whitehouse.gov site was rolled out precisely at the stroke of noon on Inauguration Day. Within hours, there was already controversy.

The new White House Website makes use of cookies from WebTrends and from YouTube Inc. The concern centers on whether the cookies are capable of tracking an objectionable amount of private information about visitors to the site.

Much of this is not even news, as WebTrends had been in use on the White House Website for several years, though the Youtube cookies are new.

The information tracked by the cookies is as follows:

The White House, and WebTrends, the vendor, know the referring URLs that bring users to the WhiteHouse.gov site. They know the ID of any WebTrends cookie already installed on the visitor's system; the language the browser is set to; the time since the last visit; the current time; and whether Java, Flash, or Silverlight is installed.

YouTube, or, more broadly, Google (Nasdaq: GOOG), knows how many times YouTube videos are viewed by people via the White House Website. None of this data is tied to an individual. None of the data reveals that I visited Whitehouse.gov on Inauguration Day.

I think the challenge comes down to what is public and what is private. Let’s take an example: Say I am a rabid supporter of U.S. statehood for Quebec.

If I make a phone call from my house or cellphone to the offices of "Quebec the 51st State," that is clearly private information. The police, or any other government agency, would need a court order to learn that I made the call -- or that I called the offices of Internet Evolution just before phoning the Quebec campaign.

If I participate in a rally supporting Quebec statehood that is held on the streets of D.C., then my participation can be freely observed. It can be recorded, it can be taped -- there is nothing private about my actions. It may be seen via any number of cameras that now watch the streets in most major cities that I left Restaurant X and walked to the Quebec statehood rally.

The most private item that WebTrends could report to the White House is the summary data of how many people visited a site, say the Website for Restaurant X, immediately before visiting Whitehouse.gov. Is that data even private? Is that data like my sample phone call?

I, for one, am pleased to see the government using WebTrends (again, a decision that predates the current administration). It means they are buying an affordable software solution instead of spending my taxpayer dollars building unnecessary software. Plus, it means they are looking to track the success or value of their work.

If they build a new section on the Website that they think will provide a public service, they can then use the analytics from WebTrends to discover if many people or few people visit. If few people visit, then they can spend their limited dollars and staff time on other projects. These metrics help provide accountability!

I am quite biased when it comes to Web analytics. I implemented a Web analytics tool (a WebTrends competitor) back in 1999, and today that site represents the longest continually running implementation of Web analytics on the Internet. I have seen the value it brings.

Eating too many Girl Scout cookies is bad. But there is a time and a place to have a few. Likewise, computer cookies can be bad -- but at the same time, there are many times when using them provides great value.

Friday, February 6, 2009

Komando's Q & A: Don't worry about cookies

Question: I was recently alerted to a feature of Yahoo Groups. The site uses Web beacons to track users. So, how do I defeat the Web beacons? I clear the cookies from my browser, but is this enough?

Answer: All Yahoo sites use Web beacons. These are small image files, undetectable to the eye. They let Yahoo servers access your browser's cookies. I think you're worrying too much about the Web beacons. Information obtained through Web beacons won't be shared. You could clear the cookies from your browser, but this is a pain. Plus, I think people worry too much about cookies. They aren't dangerous, but many people still dislike them. If you're still bothered, I can help. You'll find some helpful tips at www.komando.com/news.

Q: I teach eighth grade and I'm worried about my students. Most use MySpace and many are posting inappropriate information. They don't seem to understand the risks the site poses. Can you help me persuade them to be safer on MySpace?

A: There is a lot of inappropriate content on MySpace. Some teens post sexual and drug-related messages. Others post sensitive information that predators could use. Your students may understand potential risks associated with MySpace. However, teenagers tend to think that they are invincible. So, present them with news stories about the dangers of misusing MySpace. You'll find many of these stories at www.komando.com/news. You'll also find my MySpace quiz. Here, students will have to find what's wrong with a typical MySpace profile.

Q: I heard about some changes in the iTunes music store. ITunes will be offering high-quality downloads. I'm really excited about this, but do I need a special iPod to play them?

Cookies - delicious or malicious?

It's a fact of modern life that we have to learn new skills if we are to keep up with the younger generation.


I don't mean we have to wear pants that could sleep a family of six, baseball caps with the beak sticking out to one side and adopt hand movements as if we are "scratching" on twin "decks" while "kicking rhymes".

What I mean is that as we get older and everything gets more complicated, we need to adapt to the technology of the day.

Our grandparents had radio and television to contend with, while our parents broke in video-recorders, CD audio technology and alarm clocks. While many are still 12:00 flashers (they never remember how to set the clock, hence the display shows a perennially-flashing 12:00), they did their best in an ever- changing technological landscape.

Fast-forward a decade and computers are our toy of choice. Many lament that computers are hugely complicated contraptions that we love to hate and the first time they break down we find we can't do without them.

The kicker is we need to learn all that computer lingo - words and terms we must know if we are to ever be the master of our machines.

Take cars, for example. We have to know at least some related jargon so we can explain what is wrong to our mechanic.

A typical exchange goes like this; "The engine makes a funny noise and won't start".

This, of course, isn't much help and the mechanic has to practically start from scratch to assess the problem.

On the other hand, if we rocked up and said "the cam-belt perambulator has failed, forcing a piston and valve contraction in the number three pot which caused the big-end to choke the gudgeon pin journal and now we're pretty certain the head will need to be planed", our mechanic would probably give us one of those looks that they reserve for "special" customers.

It may surprise you to learn that the computer universe is very close to this example.

It seems everyone knows someone who "knows about computers" and often those in the computer repair business only see machines after they have passed through several pairs of "helping" hands, which, it turns out, often make things worse.

My point is, there is all this computer-related jargon we have to learn, just to give the impression we know what we are doing.

Even something as simple as surfing the internet involves seemingly mission-critical messages telling us to make sure "cookies are enabled", or "Javascript is turned on" and other equally mysterious dialogues.

What does it all mean? What happens if we click Yes and navigate away from a secure site without it being encrypted? Will we be robbed? And aren't cookies dangerous?

Didn't we hear that allowing scripts to run spreads viruses? Our anti-malware software keeps finding "tracking cookies" and makes it sound like we should be scared.

Should we be? Well, yes and no.

Like everything with computers, the issue isn't so cut and dried.

To help websites be more clever, developers use snippets of code to make everything work properly. Cookies are just small scripts that are temporarily stored on our machines while we surf the web and are used for a wide variety of tasks like security, tracking our movements within the site, helping with logins, forms and shopping-cart systems, or simply to help sites provide the best content for our particular web browser.

Other scripts and Browser Helper Objects are there to make certain everything works as it should. This is a widely acceptable use of web technology.

The problem is that anything used for good can also be used by bad people to do bad things.

For example, very few cookies are malicious, but most anti-virus (AV) software treats them as a potential threat because one might be nasty.

Besides, AV software likes to be seen to be doing something to justify the price tag or, if it is free, validating your decision to use it.

Shopping sites like Amazon require you to have cookies enabled because, besides other uses, the shopping-cart system uses cookies to keep track of your products and purchases.

While it is unlikely you will ever see a truly malicious cookie, they are a reality, which is why opening your browser settings and enabling "delete cookies on exit" is a good idea.

Likewise, JavaScript and other scripting can be malicious but the majority of it is harmless. My advice is surf with JavaScript and cookies disabled and simply turn them on if required.

Learning any new language is hard but you only need to know a few choice words to be computer literate. I'll leave it up to you to decide which ones.

Porn mode - no longer a dirty little secret

People like porn, but some web browsers have been slow to acknowledge this naked 800 pound gorilla sitting in the corner.

Whenever you surf the web, you leave behind all kinds of clues on your computer as to what you've been doing, such as cookies, images in the cache and addresses in the browser history. Anyone who knows even the slightest bit about computers can easily tell what you've been up to unless you cover your tracks. Thus the popularity of "porn mode" in web browsers.

Of course they don't call it porn mode, it's more likely to be labelled "private browsing mode" or "stealth mode". There are lots of legitimate reasons why you might want to engage such a mode, but surely the number one reason for most people is so they can look at porn without leaving behind incriminating evidence that their loved ones might stumble across.

There are porn mode plugins for some browsers, but it seems Safari on Mac OS was the first to get a built-in porn mode back in April 2005. Google's Chrome browser launched with "Incognito mode" in 2008. Surprisingly the two browsers with the biggest market share have been very slow off the mark. Mozilla Firefox still doesn't have a built-in porn mode, although it's expected to be included in the upcoming 3.1 update. Likewise Internet Explorer doesn't let you peruse unsavory sites with impunity, but an "InPrivate mode" is coming in IE8.

The usual suspects will naturally come out of the woodwork to declare porn mode yet another sign of the coming apocalypse, but if you don't give the people what they want they'll go elsewhere. I doubt IE and Firefox consider Safari much of a threat, but once Google Chrome launched on Windows with porn mode last year, the pressure was on IE and Firefox to follow suit. I'd say it's the kind of feature that would encourage people to switch browsers, or at least to install a second browser for their clandestine browsing sessions. If people install Chrome just for looking at porn, they might decide they like it better than IE or Firefox and make the switch completely.

If you've got a dirty little secret, and you'd like to keep it that way, porn mode is coming to a browser near you.