Last time around, we wrote about cookies and how one should deal with them. Like many technology-related topics, it was a bit abstract. A reader, let’s call him Keone, wrote in with a specific example of how cookies have affected him. It’s an interesting tale to tell, and perhaps better illustrates how internet tracking mechanisms work.

First, note that some of the particulars of this story have been changed, but the general gist remains intact.

Keone says he is looking for a house on the mainland. (The reason why he is looking at mainland real estate is really not relevant, and the reader can draw their own conclusion.) He used one of the big national real estate websites to search for homes and found a particular property that suited his interests. He dug deep into the property details and spent several minutes examining the details of that particular listing.

The next day, at some ungodly time of the morning, Keone’s cellphone rang. He let it go to voicemail, and the message was from a Realtor in the city of the listing in question. The Realtor gave a sales spiel and closed with “aloha.” The Realtor, being a trained salesperson, also followed up with an email. Apparently, though, this mainland Realtor didn’t know how time zones worked.

Now, Keone had not entered in his phone number, nor had he provided an email to this website, and, of course, had not said anywhere that he was in Hawaii. How did all of this information end up in the mainland Realtor’s possession?

The answer is simple: cookies, probably along with IP tracking and sale of personal information. Tracking cookies stored his information from visits to other websites, enabling the building of a profile that could include his phone number, email address and physical address if he used those on other websites, which in all probability he did. After all, we’re talking about a guy who’s buying a house thousands of miles away via the web, not someone who still writes checks. This information was then sold to a company that aggregates such data and, in turn, sells it back to consumer marketing-oriented organizations to help them improve their sales. IP tracking also may have been used to confirm this information.

As of this writing, none of this is illegal anywhere in the U.S. Further, Keone did nothing “wrong” to create this situation. In fact, as an avid user of the web, there is pretty much no way he could have avoided this.

The fact of the matter is that anyone who uses the web regularly can and probably is in this same situation. Right now there is no good solution, hence the pressure on website owners to be more careful about what they do with such information.

Many states are enacting laws similar to the California Consumer Privacy Act, which requires the user to be informed of and allowed to block the sale of any personal information. Given the worldwide nature of the web, many websites are following the CCPA regardless of where they are hosted and their intended audience.

As such, folks should take advantage of any website that allows blocking of the sale of personal information. Further, extreme care should be taken when entering financial information such as bank accounts, credit cards and Social Security number. Don’t enter such information unless you are comfortable with the website and it is absolutely necessary.

———

John Agsalud is an IT expert with more than 25 years of information technology experience in Hawaii and around the world. He can be reached at jagsalud@live.com.