If you’re surfing the internet, websites will give you cookies. Unlike the kind the Cookie Monster prefers, these are small snippets of text that the browser will hold on to. If you open the same website again, it’ll send along the cookie it received last time¹.

This doesn’t sound very nefarious, and in fact, it allows some very handy things, like staying logged in to a website².

The trouble starts with the fact that any website can send your browser a cookie, and it’ll store it. Browsers (by default) only restrict cookies on size³, not which websites can store them.

To illustrate, let’s examine that you open a news website in your browser. That website will likely have ads on it, and some sort of tracking, so they can see what their readers are doing on the website. But those ads and tracking are not hosted on the same website — they’re outsourced to third party companies. So when your browser loads the news website, it’ll get a cookie from the news website. And also a cookie from every ad provider and every tracking company that is included on the news site.

So far, this still doesn’t sound too bad. But the ad and tracking companies have a trick up their sleeve: If you don’t already have a cookie set from them, they’ll send you one containing a unique identifier. And the next time you visit a website that includes ads or tracking from the same company, your browser will dutifully send along the cookie with the unique ID it got earlier. And suddenly that company can track you across the internet.

Of course, that requires that all or most websites include that companies ads or tracking, and that would be pretty hard, wouldn’t it? Well…

• Facebook definitely fits that bill: Many websites include some Facebook snippet, either to collect likes and shares, or something called the “Facebook Pixel”. Facebook also looks at your Facebook Messenger conversations, the photos you upload, and what you do and write on Instagram (one notable exception so far is WhatsApp, since it uses end-to-end encryption, but Facebook could change that at any time). Facebook is also notable because it seems to believe that its users have no expectation of privacy anyway, and it’s their own fault (no, seriously, their lawyers said so in a court).
• Google is the other giant in that space: A lot of websites use Google Ads to advertise, or include Google Analytics⁴. Google also knows what you search for, what videos you watch on YouTube, what you do on Google Maps, your Chrome browsing history, and, if you have an Android device, it uses that as a data source as well.
• Amazon isn’t as well connected as Facebook or Google, but since you use Amazon to shop for stuff, it can also infer a lot about yourself and your habits. It collects and stores everything you’ve said to your Alexa device. And Amazon owns a lot of other companies that it can use as data sources, like Audible, IMDb, Twitch, or Goodreads.
• Even Apple, the most privacy focused of the big four, knows quite a bit about you: It has a history of all your purchases in Apple stores, iTunes and App stores, it does some of its maps processing in the cloud (albeit in an anonymized manner), it scans your iCloud emails for malware and other assorted threats, and if you use Siri, some of the commands are sent to Apple’s servers for processing⁵.

And there are a lot of other, much less known, companies that are happy to stay in the background, simply collecting data on you through techniques like this. And they don’t just stop at websites: Many apps don’t just include the same sort of tracking, they can do even more, like get a precise location through GPS or (if you’ve not given permission for GPS) by tracking the WiFi networks and Bluetooth devices it sees around you. Your cellphone provider also can (and most likely, does) track you.

Even Email isn’t safe. Newsletter usually include a tracking pixel to allow tracking open rates (including this newsletter, though not by my own choice⁶). Some mail clients go even farther: Superhuman, the newest and hottest startup and email client on the block, includes a tracking pixel that allows the sender to not just see whether you’ve opened the email, but also when and where you’ve done so. And it does so by default, allowing every Superhuman user to spy on you.

The end result is that every time you use the internet, through a browser or an app, there’s a veritable legion of companies tracking your every move (on- and offline), purchase, and interaction. They know what you look at, search for, put in your shopping basket, but don’t purchase, watch, read, and listen to. They know you better than your spouse does, and maybe even better than yourself.

And it’s not the tracking itself that’s necessarily troubling. Used for good, it allows for a personalized experience, tailored to your needs. But as it stands right now, your data is sold anyone who wants to buy it, and you have little to no control about what happens to it.

Even if you think none of this is as bad as I make it sound (although you care more about your privacy than you think), you should take some steps to protect yourself. Use ad blockers to limit the tracking in the browser, look at the privacy settings on your smartphone and computer, turn off automatic image loading in your mail client, don’t just give websites like Facebook or LinkedIn your personal data, and use apps that are known to put privacy before profits. And the next time there’s an election, vote for the parties that push for more privacy controls, not less.

Landing on the Moon

July 16th, 9 days away as of writing, marks the 50th anniversary of the moon landing, the first time a human stepped onto another celestial body besides our own. Follow the Apollo 11 Mission in Realtime.

Perfect Storm

40 years ago, two 747 — one Pan-Am and one KLM — collided on Tenerife-North airport, killing 583 passengers and crew. It was a perfect storm of outside events, errors, and bad luck: The true story behind the deadliest air disaster of all time

Who’s Out There?

Over the years, a lot of probes have been sent to space. Many of them have ceased functioning by now, but there’s still an impressive number around, doing science in all parts of the solar system: Space Robot Roll Call.

Too Good for This World

Many modern celebrities share a lot about themselves, or are good for salacious headlines and scandals in the yellow press. But there is one notable exception: Keanu Reeves Is Too Good for This World.

📖 Weekly Longreads 📚

For most people, computers have improved their lives, or allowed them to do things they couldn’t before. But one group isn’t so happy about them: Why Doctors Hate Their Computers.

🦄 Unicorn Chaser 🦄

Photos of Tokyo taken with a fractal lens look incredibly futuristic