Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
ranger_danger 2 hours ago

Potential real-world consequences, while they do exist, are simply too subtle to realize. Some actual examples of cookies being used against people:

- CBP has admitted to buying location/advertising data from brokers to use in helping locate people to arrest

- Phishing and identity theft can be made easier due to cookies... security researchers have even demonstrated 2FA bypass techniques based on it

- Price discrimination - Consumer Reports found that flight prices can fluctuate based on your cookies. Sometimes they would even raise the price if you kept searching for routes, as an indication that you were in a hurry, thus likely willing to pay extra.

- Healthcare discrimination - Companies have been found to raise healthcare prices or deny coverage due to cookie data aggregated via brokers where external sites tracked a person's health conditions based on what pages they visited (examples: fertility, cancer and mental health support groups)

- AI models or automated systems using cookie data to predict housing stability, creditworthiness, and employment risk without ever seeing your resume or credit report directly

- ProPublica found that Facebook was allowing advertisers to target their housing ads based on specific age/race groups stored in cookies

- Some recruiting firms have used cookies to infer personality traits and political leanings. Your employment application could be rejected or deprioritized based on that

- Based on the previous examples, I think it is not a far-fetched idea that websites and services could deny you access altogether based on data revealed by a combination of things like your browser fingerprint + brokered cookie data, such as political affiliation, estimated income, race/gender, health situation, etc. Imagine for example, not being able to order pizza because you badmouthed their favorite president online.

It's also harder to change your mind later and go delete a bunch of specific cookies to opt out when you could have just said no from the beginning.

tempestn 2 hours ago | parent [-]

I appreciate the list of potential harms. I'm curious about your last point though. Isn't it trivially easy to wipe cookies from your browser?

drnick1 22 minutes ago | parent | next [-]

You should always configure your browser to automatically wipe all data on exit. The Arkenfox user.js user profile does this and more to mitigate fingerprinting.

fsflover an hour ago | parent | prev | next [-]

It's not just about cookies but also about fingerprinting, which is extremely hard to prevent.

SoftTalker an hour ago | parent [-]

No extensions that randomly change your fingerprint? I suppose that might trigger a lot of captchas.

ranger_danger 2 hours ago | parent | prev [-]

It can be yes, although not everyone wants to do that because you will likely be logged out of all the websites you're using, shopping carts cleared out, etc.