Saturday March 23, 2013
Hands in the cookie jar
Made in China
By CHOW HOW BAN
A cookie is a piece of information in the form of a text file placed in the user’s hard drive. It is generated by the website to keep track of the user. Now third party companies have codes to access cookies on behalf of their clients.
CHINA Central Television recently exposed a commercial practice by third party companies to set codes for access to cookies in one’s computer on behalf of their clients.
Based on the investigative report by the state TV station in its special programme on the protection of consumer rights, many information technology (IT) companies in China are helping major news and email websites such as 163.com, Sina, Sohu and QQ to capture potential Internet users who might be interested in products and services offered by advertisers on the websites.
These IT companies will be allowed to place codes on the websites to access cookies in the user’s computer so that they will be able to obtain accurate information on the user such as his surfing behaviour and preferences of products and services.
A cookie is a piece of information in the form of a text file placed in the user’s hard drive. It is generated by the website to keep track of the user.
When the user logs onto the website, cookies containing the user’s browsing history, Internet protocol (IP) address, user name, password and other information will be stored in the user’s computer. Whenever he revisits the website, the website will then use the cookie files to identify the user automatically, making his surfing experience faster and smoother.
Zhang Jie, a customer service department head of iPinYou Interactive IT Co Ltd, claimed that the company had the technology likened to a “spider web” to capture information on Internet users. She said the company currently obtained more than 570 million cookies via the Internet.
Other companies like AdChina said it captured over 300 million cookies while Yoyi and Avazu said they possessed 500 million cookies. Adsame Networks Technology and Emar even claimed to have 900 million cookies.
When asked by the China Central Television reporter on how iPinYou captured the cookies, Zhang Jie said the company simply added codes on its client’s websites.
“You will not be able to see the codes whenever you visit a website. If you can see them, who will be willing to go online?” she said.
“(We will be able to gather) information on the user’s gender, age, occupation, income and education background and his registration for email and even lottery for certain products.”
Adsame Networks Technology customer service manager Liu Mingqi showed the reporter the user’s cookie data collected by the company’s server, including the location of the user, his hobby, age, household income and IP address.
The company even knew every detail of the user’s browsing history and record, from the website that he had visited to the exact time he had done so.
AdMaster customer service manager Lu Jie said with the cookies her company would be able to dig deeper to find out the user’s mobile phone number and username and password for QQ (one of China’s biggest social network sites).
AdChina deputy general manager Yang Shoucheng said his company had embedded codes on over 400 media websites, while Zhang explained that major news and email websites such as 163.com, Sina, Sohu and QQ basically did not allow third party companies to add codes directly to their websites but such companies would still be able to get it done through advertisement placements.
When asked whether Internet users should be informed of their privacy risk or the third party should obtain consent from the user first, Zhang said of course her company would not want to do so.
Emar traditional and digital marketing and sales centre project manager Li Ying said: “In principle, there should be (consent agreement). But, basically, it has been in default now and the default is that you can use (the information).”
Guo Xinghua, the Eastern China region channel centre director of NetEase which owns and runs the 163.com website, said third party companies would usually get to embed codes on its website if the advertisement was placed deeper inside such as on the women’s channel of the website.
She said NetEase, without the help of a third party, it would also be able to use information in the cookies or access email content of its members to analyse what type of person was the user.
“For example, if the user replies emails containing stock account numbers, then we will be able to identify him as a member who works in the finance sector and direct advertisements to him more accurately,” she said.
The TV station reported that although one would be able to prevent cookies access by a third party in the setting of Internet browsers or clear cookies history, some companies had already countered this by storing flash cookies in users’ computers.
Yang said whenever the user viewed an advertisement in the form of a flash video, flash cookies would be stored in his computer and it would be hard to delete such cookies.
Responding to the China Central Television report, iPinYou Interactive IT Co Ltd CEO Huang Xiaonan said in a statement posted on the company’s website that the cookie itself does not involve privacy of personally identifiable information as it is just an anonymous code collected via the Internet traffic to identify a computer.
She said the company focused on increasing the effectiveness of online advertisement and was not involved in any data trade, forced pop-up advertising or disclosure of users’ personal information.