What is it: ETags are similar to self-regenerating, Flash-based “zombie” cookies that helped spark a nationwide debate on privacy recently. They are the nearly indestructible data files that re-spawn on consumers’ computers or tablets, even after users choose to “delete all cookies.” Often, flash cookies and ETags work together like partners in crime, collecting duplicate data pools and assuring that tracking processes are housed in multiple locations on a device. One major distinction between Flash cookies and ETags is that ETags are a native part of HTTP, the core protocol of all Web services. ETags can pass information about a device to a website and then simply re-issue after any subsequent requests are sent to the Web from the same device after cookies are deleted. This allows tracking to renew incessantly. ETags also operate using HTML5 to facilitate local data storage. This allows them to regenerate easily on mobile devices like tablets and hold huge amounts of granular data, without the cross-platform restrictions posed by the use of Flash cookies.
Who is Using Them?: Several media companies — ABC, MTV, ESPN, NBCUniversal and Myspace, among others — were
accused of using Flash cookies via third parties. They recently
settled with plaintiffs in class-action suits. It is difficult to pin down which companies are using ETags.
New allegations of ETagging have been lodged against KISSmetrics and some of the companies that were its clientele, such as Hulu and Spotify. Both companies dropped KISSmetrics as an ad technology provider last week. The allegations stem from
a study coordinated by researchers from the University of California, Berkeley released last week. The study found that although the use of auto-regenerating flash cookies on the most visited 100 websites in the US has dropped from 281 in 2009 to about 100 in 2011, ETags were in use as tracking methods on several major sites. More sophisticated cookie-deletion tools, such as those on the Firefox browser, have made it easier for Flash cookies to be deleted by consumers and because of this, the report maintained, ETags were being used as a replacement.
How it Works: ETags track consumers even when all cookies are blocked at the browser level and the browser’s cache has been emptied. HTML5 uses semantic tags to store and transmit data about browser activity. Semantic tagging can create a unique identifier for a consumer’s computer or any other element of the consumer’s online behavior and then store that data in a section of the device’s virtual memory that doesn’t usually house cookies. Because ETags can hide easily on a device, they are difficult to find and delete without some intermediate technical knowledge. ETags can hoard data undetected, and that means that end-users of the data can trace the online behaviors of virtually everyone, with or without their consent. ETags can absorb a consumer’s browsing history and even incorporate a weighting system for behaviors in order to create a fairly comprehensive portrait of the consumer’s preferences. This behavioral portrait goes from being somewhat anonymous while a consumer is being tracked online by a third-party data collector to an intimately detailed snapshot of a consumer’s digital identity once a consumer makes a purchase or submits personally-identifiable information to a website.
Why it Matters: Flash cookies can hold the equivalent of 50 pages of data and semantic-based ETags are even more agile than Flash cookies. Companies that boast of “tracking without cookies” use semantic identifiers to pass on information to end-users. When these tracking practices cannot be eliminated even through the selection of a “do not track” option or manual cookie-deletion, existing privacy laws may be violated.
Assessment: The potential for consumer backlash for this newer form of resilient cookie is enormous. The advertising industry’s indulgence in underhanded methods such as these gives credence to the fears of the fringe element of the privacy movement.
https://digiday.com/?p=2927