Cookies have been proliferating at a rate that would impress epidemiologists. "Five to 10 years ago, if you opened NYT.com in your browser, you'd get a cookie from the New York Times, maybe a couple, and that would basically be it," says staff technologist Dan Auerbach of the Electronic Frontier Foundation. "Today you get probably on the order of 50 cookies from all sorts of third parties: ad servers, data brokers, trackers. They can build up this big profile about your browsing history."
The worst part, says EFF's Auerbach: "It's totally invisible to users. They have no idea what's happening."
Marketers say that they keep user data private by viewing it only in aggregate, but the sheer volume of data a cookie can collect about any one person can enable the cookie's owner to infer a surprising amount about the individuals being tracked. As a 2010 report by Gartner found, "the more that personal information can be correlated, the less it is possible to completely anonymize."
But while cookies appear to be going viral, help may be on the way. In 2012, the Obama Administration proposed a Privacy Bill of Rights that would include Do Not Track legislation, so that consumers could choose whether and when to be tracked. Do-not-track mechanisms are being built into major Web browsers, such as Mozilla's Firefox. The Do Not Track concept still has no legal support, however. Marketers, many of whom claim that tracking data is essential to their business, remain free to ignore Do Not Track efforts -- or build ways around them.
"Do Not Track has no teeth right now," says EFF's Auerbach. "If you set it in your browser, you should not expect to gain significant privacy." Nonetheless, John M. Simpson, director of the Privacy Project at Consumer Watchdog, sees promise in new legislative efforts -- specifically, the Do-Not-Track Online Act of 2013. "I think this may be the only way to get meaningful protection for consumers," says Simpson.
#2: Seizing cloud data
You love how easy it is to grab data from the cloud -- and so do law enforcement agencies. And there's only going to be more of that data to love in coming years: Gartner predicts that 36 percent of U.S. consumer content will be stored in the cloud by 2016.
But whether you use a Web-based email service, keep files in Google Drive, or upload photos to Shutterfly, everything you write, upload, or post gets stored in a server that belongs to the online service, not to you. And because of outdated rules enumerated in the ECPA, this cloud-based data is vulnerable to a privacy loophole so big that a Google self-driving car could roll through it.
"A huge concern about using the cloud is that your data does not have the same Fourth Amendment protections that it would have if it were stored in a desk drawer or even your desktop computer," says Consumer Watchdog's Simpson.