As early as the 1990s, many people were wondering what these cookies are that still haunt Internet users in the form of annoying banners when they open websites. 1997 delivered a user has the following description: Cookies are a kind of scent mark that certain companies leave on the computer. Hundreds of advertising companies are now collecting data about us in this way. To do this, they put the small snippets of text on our computer in order to send information about us to the advertising industry.
Cookies are integrated into many shops, brand and news sites as spying third parties. Only when companies recognize people can they create a long-lasting profile about them. So-called advertising identifiers on smartphones have so far worked in a similar way to cookies. Behavioral data from many of the pages and apps used are also collected in profiles at the advertising companies, and they use them to build advertising target groups.
For some time, however, has been going on in the industry panic um: Apple and Google, the rulers of Android, the iPhone and the Chrome and Safari browsers are phasing out support for these so-called third-party cookies and mobile advertising IDs. Above all, Google is probably not primarily concerned with data protection, but rather with hindering its competitors in the field of personalized advertisements – in order to gain a higher share of the $ 336 Billion Internet Advertising Market to get.
These are identity providers
Commercial surveillance of people online is changing. In 2021, a new technology that will work without the support of the monopolists will pick up speed. Identity providers are the names of the companies that register centrally when a person logs in somewhere. They pass this information on to advertising companies. They then recognize who is interested in what, even without cookies. The email address is often used as a unique identifier. For tracking purposes, it is usually converted into a sequence of numbers and letters (a “hash”) which, like a fingerprint, uniquely matches the original address. Is that more privacy-friendly than cookies? To understand the new login matrix, the Southgerman newspaper examined the data traffic on a few dozen major websites in Germany. To do this, she used the network analysis technology in the browser.
Like other media companies, SZ uses certain tracking tools and cookies. Under www.sz.de/tracking you will find information about which trackers are used on our website and how they can be deactivated.
You can find the full data protection declaration at sz.de/datenschutz. You can object to data processing in the SZ apps by deactivating user statistics, error analysis and crash reports or personalized advertising in the data protection settings of the respective app. As with many media companies, the digital advertising market is responsible for a substantial part of the revenues. This is another reason why elaborately researched articles can be made accessible to readers.
Passing on identities
In the simplest case, personalized advertising with an identity provider works like this: A shop page registers who clicks on a vacuum cleaner there. The shop then bids for any advertising-financed pages on an ad space – these auctions are fully automated on the Internet and run within milliseconds. The only condition: the ad should only reach those people who have clicked on the vacuum cleaner. If a person was logged into the shop and later also, for example, to a weather service, then an advertising platform can merge both logins and display the corresponding advertising with the weather service. But because you use many pages without a login, the advertising companies are trying to make the login identity larger.
An identity for every household
The IP address under which a household is connected to the Internet helps here. It only stays the same for about a day and then changes automatically. But as long as someone from the household is logged in, an identity provider can track these changes.
Example: Another person is looking for a vacuum cleaner, this time they are not logged into the shop or the weather page. But a child in the same household uses an app with a login. The app passes this information on to the identity provider. The service recognizes that the app, the shop and the weather page were accessed from the same IP address and can thus record behavioral data from the household under a profile. Again – if it works as planned – the “right” person will receive the vacuum cleaner advertisement. This is because the provider can easily differentiate between the devices within a household using technical features such as screen resolution.
The cookie banner is no longer just for cookies
This tracking via the IP address was found at mirrors, Sport 1 or image – but only if you consent to the “cookie banner” that opens when you call up the page. These annoying banners exist because laws are designed to protect against unwanted advertising tracking. With the new technology, the banners have simply been expanded: They not only ask for the OK to the cookie, but also whether the visitor accepts the tracking via their IP address or email. The behavior on the page can also be continuously monitored via these two data points.
Linking the offline and online world
Another area in which identity providers are active: They help large companies analyze their customer data and use their email address to transfer marketing to the online world. Zeotap is a company from Berlin that supports brands such as Nissan and Audi. The company founder explained the business model at a conference Clearly: It would be good for a local BMW dealer to know that a former BMW customer was looking for a new car at Autoscout24 yesterday. When you log into Autoscout24, the hashed – i.e. unreadable for unauthorized persons – email address is sent to Zeotap. This creates target groups of people interested in cars who are useful for car dealerships or like goods acted can be. On another big site, gutefrage.net, the email hash was sent to six advertising companies after Zeotap logged in.
Data protection violations and criminal offenses
The online advertising industry has never been particularly squeamish about data protection laws. The new identity providers were also used in the test in some cases without the consent of the website visitors required therein, as was the case with Autoscout24 and Gutefrage. Neither company did not comment on this when asked. Zeotap denied that email addresses were passed on to third parties at all. The identity provider Liveramp, which was active on freundin.de and eatsmarter.de without consent, was particularly problematic. It searches these pages, which have been viewed by millions of Germans, by default for fields that have been filled out. The problem: Some password managers – little helper apps for the forgetful – enter emails in login fields so that you can log in comfortably with one click. Liveramp recognizes such people immediately when they view the site, even if they do not log in at all. Peter Hense, lawyer for data protection law, assesses this insidious method as a criminal offense under the Federal Data Protection Act. Eatsmarter did not comment on the allegation, Liveramp asserted on SZ request that the procedure was lawful.
Users can do that
To protect against identity providers, you should generally reject requests for consent – in those cookie banners – even if this often costs more than two clicks. It can also be worthwhile Tracking blocker use that many browsers have integrated or offer as a plug-in and prevent monitoring. Most effective, however, is to use a different, unique email address for each page or app. This works best if you already have a website with your own domain (such as example.de) and configure your email there with a “catch-all” setting: Any addresses that are only created for special logins (such as login [email protected]) then all end up in the same mailbox. For people who don’t have their own domain, email providers like Mailbox.org and Protonmail the catch-all service including domain.