Website Cookies, Local Storage, and Heat Maps Explained PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document explains various techniques used by websites to track user behavior, including cookies, local storage, heat maps, and web beacons. It also discusses digital fingerprinting, emphasizing the collection of data for personalization and targeting. The document focuses on how these tools operate and impact online user experience and privacy.
Full Transcript
We're all familiar with **website cookies**. But what are they? A cookie is a **[small text file]** that is created by a website when you visit it. This text file is saved onto your device (e.g. laptop, mobile phone) and contains information about your visit to the website. When you visit the webs...
We're all familiar with **website cookies**. But what are they? A cookie is a **[small text file]** that is created by a website when you visit it. This text file is saved onto your device (e.g. laptop, mobile phone) and contains information about your visit to the website. When you visit the website again, the cookie is sent back to the website, allowing it to recognize your device and remember certain information about you (e.g. login credentials, shopping cart items, preferences that you have set on the website). Cookies can be either \"session cookies\" or \"persistent cookies.\" - **Session cookies** are temporary and are deleted when you close your browser; - **Persistent cookies** remain on your device for a longer period of time, even after you close your browser. Cookies can be used by websites to provide a more personalized experience for you. But they can also be used to collect data for analytics and marketing purposes. **Local storage** is another way for websites to store data on your device. Again, a website saves **[a file on a specific part of your device's hard drive]** (typically in a folder called "local storage"). While local storage is similar to cookies, there are differences: - Local storage allows websites to store larger amounts of data than cookies do; - Data is not sent back to the website every time you visit it; - Local storage is faster and more secure than cookies are, simply because data does not need to be sent through the internet each time you visit a website; The type of data stored via local storage is fairly similar to that of cookies. It is important to note that the data that a website has stored in your local storage is not accessible to other websites or applications. **Heat maps** are a way for an organization to see how visitors are interacting with their website (e.g. what they click on, where they scroll, where they spend the most time, what they ignore, etc.). Unlike cookies and local storage, heat maps -- generally -- don't save a specific file onto your digital device. Instead, they are simply **part of the code that creates the website experience\ (e.g. JavaScript).** The data that the JavaScript code collects on user activity is then visualized by software. This software assigns a color to each area of the page based on how often users engaged with that area (e.g. by clicking, scrolling, typing). Areas of a website that visitors engage with very frequently are shown in red, whereas areas of the website that visitors do not interact with are shown in green. The purpose of heat maps is to identify which areas of the website are most popular and engaging for users, as well as areas that may need improvement. Further, heat maps are used by organizations to test and refine different design elements on their websites. For example, they can compare the engagement levels of two different page layouts or button designs to see which one performs better. A **web beacon** - or \"**tracking pixel**" -- is a **[tiny image]** (1 pixel \* 1 pixel) or code snippet that has been embedded in a website or an email. Unlike cookies or local storage, web beacons are more difficult to spot. When you visit the website or open the email, the web beacon **[sends a message to a server]**. This message allows the sender to track certain information about your online activity. Web beacons collect the same time type of information as cookies and local storage. However, they are far better at tracking your activity across multiple websites and platforms. This allows them to develop a more complete profile of you as a user. When organizations embed web beacons in emails, these are typically used to track whether the recipient opened the email, how long they spent reading it, and whether they clicked on any links. This information can be used to measure e.g. the effectiveness of an email campaign. Due to their 'invisible', difficult-to-detect nature, they are unfortunately often used by hackers as conduits to installing malware on their victims' digital devices. **Digital fingerprinting** draws upon one or more of the previous techniques (e.g. cookies, web beacons) in combination with your web browser. Unlike the previous three web tracking techniques, the main purpose of digital fingerprinting is **[to identify individuals based on their online behavior and device information]**. The data that has been collected on a user is used to create a **[unique digital profile of the user]**, which can be used to track their online activity across multiple devices and websites. Digital fingerprinting is often used for targeted advertising and personalization. However, it is also the basis for online identity theft -- and for tracking users without their consent. After you've come home from work or university, you will -- presumably -- close the front door behind you. At that point, people outside your home will not be able to observe your behavior unless you want them to. The choice is yours. We've just seen in the section on web tracking that the same cannot be said for our online behavior. Both our behavior and the resulting data can be tracked without us even being aware of it. This might bother us. Or it might not. But as we spend more and more of our lives online, we should be given the same choice to "close the front door behind us" that we have in the physical world. And that's where **data privacy** comes in. Data privacy involves protecting personal information (e.g. names, addresses, financial details, health records) from people -- or organizations - who have no right to access that information. It involves regulating and controlling **(a)** who has access to personal data, **(b)** how that data is collected, **(c)** how it is used, and **(d)** how and where it is stored, and making sure that these areas are handled in a manner that is consistent with the basic ethical and legal principles of our society. Every organization has an Enterprise Information System. This means it handles lots of sensitive information on customers, employees, suppliers, and other stakeholders. It is the responsibility of every organization to ensure data privacy by implementing strong security measures. Otherwise, lives may be ruined. Many organizations assume their Digital Responsibility automatically. For those that don't, lawmakers have introduced strict laws requiring them to protect data privacy. The most important of these in the EU is the General Data Protection Regulation (GDPR). The **General Data Protection Regulation** (**GDPR**) is a European Union law that aims to protect digital privacy rights. It was introduced in 2018 and **[applies to all organizations that]** **[process the personal data of individuals residing in the EU]**. This includes companies, non-profits, public authorities, and online service providers (e.g. social media platforms, e-commerce websites). The GDPR states that members of the groups listed above must **(a)** be transparent with users about how they collect and use their personal data; and **(b)** follow strict rules on what types of information can be collected, how it can be used and how it must be stored. These requirements apply to all personal data - regardless of whether it\'s stored on paper or electronically. Organizations found to be in violation of the GDPR face penalty fines of up to €20 million or 4% of global sales revenues. Data becomes particularly sensitive wherever financial transactions are involved. If someone hacks your Instagram account, it's bad. But if someone hacks your bank account and password, it's worse. Probably. Because of this, financial institutions protect their customers' data with many of the security measures we've just seen:\ multifactor authentication, firewalls, encryption, and intrusion detection systems. However, there is a further technology that can be used to protect financial transactions between two parties called\ **blockchain technology**. Blockchain was originally developed in context of the first digital currency, Bitcoin. But in the meantime, it has advanced to a level where it is used to safeguard many transactions that have nothing to do with cryptocurrencies.