I Want My Own Supercookie

I’d like to track my own data and see everywhere it is going-- every data broker, every developer, every ad tech network. Give me my own super-cookie so I can trace my personal information, and better yet-- be able to detonate or revoke it.


I would only want this if it’s thoroughly anonymized/obfuscated. Traceability shouldn’t mean trackability. I agree in principle with the impulse, though.

It’s also the case that implications through its use may not always be revocable, for example the weighting of your actions on a platform as inputs that influenced how it served other content to other users cannot be truly un-done after-the-fact, e.g. the fact the other user saw it obviously but also in log files of a platform’s own decisions at the time based on it as well as its impression in other users’ histories, and that will leave a footprint even if you detele it, perhaps all the more conspicuously if you do delete it. That in itself could lead to a form of tracking (unfortunately), although that preregative for participants would likely still be better than nothing in many if not most cases.

The infrastructure for dealing in anonymized but traceable federated data just doesn’t exist yet, let alone the incentives for it to hold sway: for that I think privacy would need to be an even bigger concern politically than it already is, sadly. Hopefully we’re closer than it feels like to me, already? Black-box module services that park your data as encrypted blobs are starting toward the right-ish direction. There would have to not just be lawful protections upon the individual’s datum, but strict standards with rigorous oversight and enforcement upon its handling, storage, transmittal, etc. even before taking into account the circumstances under which such activity is deemed lawful. Julie E. Cohen’s “duty of care” legal scholarship at Harvard seems a poke in the right direction?

GDPR does impose some of these, but only externally and vaguely and I have heard nothing indicating it pins down any nuts-and-bolts interoperability mandates, functionally. Seems right now there’s nothing more than “best practices” and liability’s threat for the fraction of circumstances when consequences can actually bite back, which is really mostly a joke compared to up-front controls.

1 Like

Well I don’t know about how to make a tracer like you want, but I do have a suggestion for you. Split your online personality. Make up a plausible substitute for you, and let him be the person who inhabits sites you don’t “care” about. See how much of him gets around, and see if he eventually gets real physical junk mail. (You either have to use your real address, or pay for a PO Box or something I guess.) I did this, almost on accident, when Best Buy invented their point system and I didn’t want to give them my real info. Since that time my “fake me” gets real physical mail, gets phone calls, all manner of interesting things. He’s even gotten offers for financial interests, which leads me to believe he has somehow evolved to the point where he has a credit rating O_o .


This is an excellent point that is often missed when people talk about how Google and Facebook give you access to your data, and allow it to be exported, or they say you can tell Google to automatically delete your data. By the time you delete or revoke it, these companies have already extracted maximum value from it. They’re just giving you the leftovers because they don’t need it anymore, and storing it actually holds more risk than reward for them. What they don’t do is tell you everything they actually know about you from all of the other sources they have, or what they have modeled based the inputs they get directly from you; nor does taking back your direct inputs unwind any of that, or delete their shadow profile.


That is amazing. Maybe “fake you” can get a job so you can take a real trip somewhere once this pandemic is over.