By the time a kid turns 13, more than 72 million pieces of personal data have been collected about them on the internet, according to a 2018 report. These can include name, date of birth, address, family members, where they hang out, the people they interact with, what they do in the classroom, and which websites they visit. In other words, TMI.
As a product manager working on Total Cookie Protection, which Firefox rolled out by default to all users in June, I wanted to learn more about how this privacy feature could benefit families. So I designed a family cookie experiment. While it wasn’t as yummy as it sounds, the experience reminded me of why online privacy is so important, especially for kids and teens.
First, let’s talk about cookies
Who knows you better than you do? Probably the internet, or at least it sometimes feels that way.
One minute you’re daydreaming, casually browsing a travel website. Next minute, you’re seeing ads for luggage, including one in a snazzy shade of green. You hit “Buy.” By the way, there’s a “flash sale for flights to the Bahamas!” according to an email you just got from your favorite airline. Perfect. Now you really have to book that trip. How did the internet know that you need a vacation, and that you need it now?
If you’re someone who has spent time online since the days of dial-up, then you’ve probably noticed how internet ads have become a lot more personal. That’s made possible by cookies, or small text files that a web server stores in your computer.
These files contain bits of information like your username, location and language preference so that you can return to a website without having to enter your credentials over and over again. Did you close your browser window while shopping? No worries, the website will remember you’re an English-speaker who lives in the U.S. Your items will still be in your cart.
Not all cookies, however, are created equal. Other entities, including analytics, advertising and data collection companies, also deposit what we call third-party cookies in your computer through ads, social media widgets, background scripts, and pixels (tiny images tucked into website code) that are on the pages you visit.
Cookies are sent by different websites to identify you, enabling third-party companies to collect crumbs of your personal data and piece them together to create a profile of the person the internet thinks you are. Data brokers sell that profile to businesses, which then target you with seemingly tailored ads for products you’re more likely to buy.
This may sound harmless to some people. The internet offers us a world of possibilities after all, and it seems giving away some of our information to advertisers for some conveniences is a small price to pay. Plus, you’ve got nothing to hide or be embarrassed about.
Now here’s the big but: As our Bahamas example shows, browsing behavior – in the name of profit – can be used to shape people’s thoughts and actions. Why did you buy a suitcase in a color named “springtime parsley”? And why are you booking a trip to the Bahamas when it’s hurricane season? No wonder those plane tickets are so cheap.
The family cookie experiment
Now onto my experiment: I started browsing the web to mimic the experience of a parent looking to book a vacation for two adults and two young children.
I visited multiple travel websites to find and compare flight, hotel and car rental prices for a trip to Costa Rica. Additionally, I used Google to search for resources on sightseeing (videos, tourism and travel websites), traveling with children (blogs) and the best suitcases (trusted magazine articles and major e-commerce sites). Sometimes, I chose the top hit on Google’s results page, which tends to be ad-sponsored and therefore prioritized.
Here’s what happened:
- My browsing activities generated 1,620 total cookies, about 20% of them third-party cookies.
- Many of the third-party cookies came from websites linked to analytics and ad companies.
- Surprisingly, cookies deposited via major media publications were worse: An article from a prominent magazine about suitcases inserted third-party trackers from other brands under the publication’s parent company umbrella, ranging from fashion to food to architecture.
- When I checked the forecast for Costa Rica on a major weather website, I saw so many ads that dropped third-party cookies, suggesting this may be a big revenue source for the website.
My takeaway from this experiment: There’s something insidious about doing something that should make you feel empowered and excited – only to feel like you’re spilling details that unknown figures can exploit. In the act of planning a trip online without anti-tracking protection, someone out there now knows about the ages of your children, your partner’s interests, which family scuba lesson you’ve booked and with whom.
The effects of this surveillance extend beyond your flight back once the trip ends. Data brokers can sell the growing swarm of information they have not only on you but also your family. Interested parties will already have rich data profiles on your children by the time they start using the home computer.
Talk to your kids about online safety
Cookies and kids
They may not be making their own travel plans just yet, but children have had data collected about them long before you entered their ages into an airline’s website for their first flight. Maybe you created an online baby registry, or relied on certain websites to find answers to questions about your child as a new parent. Later, kids’ own online activities – for entertainment, education or otherwise – enhance their data profiles.
How much this data economy is shaping children’s development is a concern highlighted in a recent report by the Human Rights Watch, which looked into the collection of kids’ information through online learning tools schools used during the COVID-19 pandemic.
“Because children are at high risk of manipulative interference at a time when their capacities are evolving, they may be particularly vulnerable when they come into contact with algorithms that can be used to target and influence their thoughts, opinions, and beliefs through the curated display of content,” the organization said.
Even teens are worried about how technology seems to promote decreasing attention spans and leave misinformation unchecked. Do you have a high schooler considering colleges? The Markup and Mozilla Rally found that applying for federal financial aid could automatically send students’ personal data like their names, phone numbers and email addresses to Facebook – even when they didn’t have a Facebook account. And during a time where legislation can target vulnerable groups, data can be used to infer information about the identity and health care needs of internet users, no matter their age.
Take back your family’s privacy with Firefox’s Total Cookie Protection
Preventing your kids from having their data collected doesn’t mean cutting their internet access or sacrificing the quality of your family’s browsing experience. That’s why when you use Firefox, Total Cookie Protection is built-in and already turned on by default.
This means for every website you visit, Firefox creates a digital “jar” that confines cookies to that website. So when you enter your children’s ages to book a flight, that information won’t be picked up and tracked by Amazon to recommend toys your kids might like, or by YouTube to show videos they can watch on your way to Costa Rica.
Online privacy lets our families decide our own life experiences without third party interference.
The internet is a great place for families. It gives us new opportunities to discover the world, connect with others and just generally make our lives easier and more colorful. But it also comes with new challenges and complications for the people raising the next generations. Mozilla wants to help families make the best online decisions, whatever that looks like, with our latest series, The Tech Talk.
Get the browser that protects what’s important