MADRID — Are governments around the world going too far? A new study has discovered that “Big Brother” may be more widespread than anyone thinks. Among the countries that make up the G20, researchers found the vast majority of government websites add third-party tracking cookies without their users’ consent.
The G20 is an international forum which includes 19 countries and the European Union. The forum focuses on solving issues connected to the global economy, climate change mitigation, and the development of sustainable technology. The members include Argentina, Australia, Brazil, Canada, China, France, Germany, India, Indonesia, Italy, Japan, Mexico, Russia, Saudi Arabia, South Africa, South Korea, Turkey, the United Kingdom, and the United States.
The international team notes that, in some of these countries, nine in 10 official sites add third-party tracker cookies — even if they have strict user privacy laws. To uncover the scale of this problem, the researchers examined 5,500 websites tied to international organizations, governments, and official COVID-19 information sites during the pandemic.
Their study comes at a time when citizens across the globe are providing information through government websites at an unprecedented rate.
“Our results indicate that official governmental, international organizations’ websites and other sites that serve public health information related to COVID-19 are not held to higher standards regarding respecting user privacy than the rest of the web, which is an oxymoron given the push of many of those governments for enforcing GDPR,” notes Nikolaos Laoutaris, a research professor at IMDEA Networks, in a media release.
What kinds of cookies are lurking on government sites?
“There are first-party cookies, which are those created by the visited website itself, while third-party cookies are those commonly created by external agents through content embedded in the website. In addition, there is the cookie ghostwriting, in which an external entity creates the cookie on behalf of another party and therefore its origin is unknown,” says Srdjan Matic, a research assistant professor at IMDEA Software.
The team also separated their findings based on the duration of these cookies — analyzing cookies active only during someone’s visit to a webpage and those which persist over the short, medium, and long-term.
Nearly every COVID website is adding unwanted cookies
Results show most of the G20 nations install at least one cookie on a website without a user’s consent. Overall, Japan comes in with the lowest percentage of websites containing cookies — but that number still sits at a staggering 77.2 percent. Meanwhile, the team found Saudi Arabia and Indonesia top the list with cookies on 100 percent of their official sites. The majority of the G20 nations fall between 87 and 97 percent, with the U.S. adding unwanted cookies to 93.5 percent of the 1,239 webpages examined in this study.
Of these cookies, a large portion are either third-party cookies (TP) or third-party tracking cookies (TPT). Additionally, over 50 percent of the TP and TPT cookies in 16 of 19 countries take more than one full day to expire. Website users in France will find the largest number of cookies which take more than a year to expire.
When it comes to official websites which specifically deal with the coronavirus pandemic, results show over 99 percent add at least one cookie without anyone’s consent.
“There are no special measures to neutralize third-party cookies on these websites since 52% of the websites of international organizations set at least one cookie associated with a tracker (TPT),” Matic adds.
Laoutaris hopes the team’s findings “put more pressure on governments to clean up their own house first and, by doing so, set an example and be more convincing about the importance of implementing the GDPR in practice.”
The team presented their findings at the Web Science Conference.