The vast majority of governmental and COVID-19 tracking websites employ third-party trackers on users without consent, according to a new study.
The revelation comes from a recent paper – “Measuring Web Cookies in Governmental Websites” – published by a cohort of European researchers funded by groups including the European Research Council (ERC), the European Union, and the Spanish government.
“A potential risk from e-governance is that since it represents a unique point of interaction for mandatory and indispensable services for all citizens, it can, unintentionally or not, become a single point of monitoring and tracking for the entire population of a country. A readily available way to achieve that is with the use of Web cookies,” cautions the paper.
The study analyzed three types of websites: official governmental websites of “G20” countries around the world; websites of international organizations such as the United Nations and popular websites used for COVID-19 tracking and information. It measured these sites’ use of “cookies” – personal data related to your browsing history that websites can retrieve at a later time.
“Web cookies have been exploited to collect information about users’ online activities and interests,” notes the paper.
“Our results show that, unfortunately, tracking is a serious concern, as in some countries up to 90% of these websites create cookies of third-party trackers without any consent from users,” explains a summary of the findings.
“Non-session cookies, that are created by trackers and can last for days or months, are widely present even in countries with strict user privacy laws. We also show that the above is a problem for official websites of international organizations and popular websites that inform the public about the COVID-19 pandemic,” it continues.
Researchers found that up to 90 percent of governmental websites for “G20” countries, which include 19 countries and the European Union comprising the world’s largest economies, added tracking cookies without user consent.
“More than 50% of cookies created on G20 government websites belong to third-parties and at least 10% (up to 90%) originate from known trackers. Most of these cookies have a life span of more than a day and many an expiration time of a year or more,” continued the study, which based its analysis on 5,500 governmental websites and over 118,000 URLs administrated by governments.
Around 95 percent of the international organizations analyzed in the paper created cookies without user consent, and roughly 60 percent used at least one third-party cookie. Third-party cookies are “known to be tracking users for data collection purposes,” explain researchers.
Similarly, 99 percent of COVID-19 information sites added at least one cookie without user consent.
“For example, the very popular website with global maps about the COVID-19 cases, maintained by Johns Hopkins University, add cookies from 7 trackers,” explains the paper.
“All the other Top 10 website are official national information websites in European countries that have three trackers or more. The American Centers for Disease Control and Prevention (CDC) is also in the Top 10, with cookies associated with three trackers,” it continues.
The findings come amidst concerns that governments in the West are seeking to emulate the Chinese Communist Party’s “social credit score” system, granting the regime the ability to dictate individuals’ spending habits and movements potentially based on their ideologies.