Commentary

Ghostery's Automated Never-Consent Cookie Experience

Ghostery, which specializes in privacy-focused web tools, last week released technology that allows site visitors to get to the content in much less time and helps them avoid the annoyance of trying to determine which personal information to give away.

Never-Consent, an automated notification blocker, works in the background to opt-out site visitors from all cookie-tracking requests and GDPR pop-ups. 

Pop-ups usually serve up when someone goes to a website they have never been before. It tells the site visitor that a website is tracking them using browser cookies. It gives the person a way to refuse those cookies, as required by law in some countries like England and certain states in the U.S.

The pop-ups usually tell the site visitor that the page being visited uses tracking cookies. Often, consumers just click “accept all.” At least that’s what marketers hope they will do.

Some cookies are necessary to give visitors a better experience, but too many track a consumer's every move.

This Never-Consent browser extension will soon become available across desktop, iOS, and Android devices in the Ghostery Dawn browser. It initially will launch as a Safari extension.

The tool is one in a long list aimed at protecting consumer privacy through holes in the code, many of which are just now being detected.

Inside Performance recently caught up with Jean-Paul Schmetz, founder and CEO of Cliqz, and chief scientist at Hubert Burda Media. Cliqz, owns Ghostery. Both are owned by Hubert Burda Media Company.

Schmetz pointed to a recent report from developer Felix Krause, who dived deep into the holes in Facebook and Instagram and uncovered exactly how much data Meta’s companies collect from users through their in-app browsers.

He explained how browsers and websites work, and then compared how Meta’s apps, Facebook and Instagram, work.  

He said Facebook and Instagram have their own browser-like technology in the apps, which means those using the apps never need to leave it. JavaScript code injected into the app the person uses can track every event that occurs on the page.

Schmetz said Facebook and Instagram collect all types of consumer data interactions.

“It’s been going on for years, but no one had bothered to read the code,” he said. “We found a clever way to do it because if you leave Facebook and all their apps unchecked, they will collect as much data as they can.”

Facebook tracks every page load, every click on content, movement on the page, and time of engagement. The script can collect a lot more than just basic information within the apps. This is the type of information that Ghostery’s technology blocks.

TikTok's in-app browser also injects code to observe all taps and keyboard inputs, which can include passwords and credit cards, according to Krause.

When a TikTok user opens a link in the iOS app, it’s opens inside the in-app browser. While someone interacts with the website, TikTok subscribes to all keyboard inputs including passwords, and credit card information, as well as every tap on the screen. The list of JavaScript commands he was able to detect is vast. TikTok confirmed to Forbes that those features exist in the code, but a spokesperson said the company does not use them.

Next story loading loading..