Accepting Cookies

By /

nnWith the rise of artificial intelligence and its thirst for data, SergiunRezmives, CC, highlights the need to focus more closely on cookiensecurity and the trend for accepting cookie terms without reading them.nn

n

Just as we saw thennspace race, we’re now witnessing a new technological race to be first and/or dominantnin the field: the Artificial Intelligence (AI) race.

n

nPutting aside the outreach and dissipation limitations of AI innless-connected parts of the world, its impact on society is alreadynnoticeable. While I have no political position to convey here, I do paynattention to the international geopolitical arena and other socio-economicnevents. In March 2024, two important events took place,nnThe Select Subcommittee on the Weaponization of the Federal Governmentnn(US Government-led) and the Graphic Processing Unit (GPU) TechnologynConference (corporate-led).n

n

nOn paper, there seems to be no obvious link between the two. However, thesentwo events, so opposite in members and audience, are more relevant fornfuture technological development than they initially appear.n

n

nUsing Collected Datan

n

nThe US Government-led event focused on the risks of executive outreach andnhow it can use data collected by banks to achieve its goals. While it mightnnot sound Orwellian at first, your opinion might shift should you review thentestimonies from some invited guests and experts.n

n

nTo summarize the scenario: one entity (a bank) holds your online data suchnas banking transactions, geolocation at the time of those transactions, etc.nThe other entity (a government) can access that information when specificnlegal and regulatory conditions are met and could use it to take specificnactions (potentially punitive) against other entities or individuals (namely thenaccount holders or entities involved in transaction with them).n

n

nHardware Enabling AIn

n

nThe second event was about showcasing the latest capabilities in CPUs andnGPUs for hardware used in data centers and AI development. This event wasnfocused on Big Tech,nand, to summarize it: CPUs are more powerful than ever, can processninformation faster and can support Large Language Models (LLM) and AIndevelopment at a higher rate compared to previous years.n

n

nLLMs are computer programs (a form of AI) that are “served” with massivenamounts of data, which they are trained to recognize. The most commonlynknown example at the moment is the LLM that powers ChatGPT. Later, they cannbe used for a variety of purposes, producing text, writing code, customernservice functions, the list goes on. AI and LLMs are used interchangeably innthe industry, differentiated typically by their scope: generative AI createsnmore than text while LLMs are more focused on text.n

n

nThe Role of Cookiesn

n

nYou almost certainly know what a cookie is and what it does: it’s a smallnpiece of information (a text file) that helps identify your computer on theninternet. According tonnw3techs.com, “42.1% of all websites” use cookies. Considering there are approximatelynone billion websites worldwide, that means approximately 420 millionnwebsites currently use cookies in one form or another.n

n

nIf you decide right now to search for anything online, and decide to open anpage which appears to have what you seek, you are likely to stumble across anprompt like this:n

n n

nWhen you click “Accept” in response to such a pop-up, you allow that websitento leave a text file on your computer which it reads back. And, as you allnknow, that file contains unique data about your device (computer, phone,nlaptop, tablet etc.) that could, in effect, allow identification of anperson.n

n

nLook again at the picture, where it states “…we and our 218 partners usentechnology such as cookies to store and/or access device information.” Wherenthe website allows it, you can see the list of partners, what data theynstore/process/collect from a device and how long they keep it for.n

n

nReading What You Acceptn

n

nSpecific legislation regarding cookies varies greatly between countries andnpolitical territories, with some imposing requirements on websites to allowna user to “accept, reject or manage” what data a website can collect about andevice and user. However, when you – like many individuals – are in a rushnto find information about a product, place, how to do-it-yourself or anrecipe etc. you are probably using a phone. When you find the information –nwithout even blinking – you likely hit “Accept” on the cookie prompt withoutna second thought or further investigation.n

n

nIt’s likely that nothing will happen straight away. Some actions may bencovert or unnoticeable; you won’t see anything obvious at all. However,ndon’t be surprised if your social media account, smart TV or other devicenstart to show more adverts relating to what you were just searching for.nOther examples are more overt and clear: you may find yourself receivingnspam or even fraudulent phone calls, along with spam or phishing emails.n

n

nConsider this scenario:n

n

nnA user always accepts cookies, never managing or rejecting them. Theirndigital footprint is large and the user is active on social medianplatforms, expressing opinions and views, some not resonating with thosenof others. The user never searched for a bank online or used onlinenbanking services.nn

n

nImagine, now, that this person searches online for a bank and applies tonopen an account. Thanks to cookies, the following two extremes are bothnequally imaginable in today’s AI-powered world.n

n

nAt one extreme, the user’s application to open an account may be refused bynthe bank due to their online profile without any reason given. Under thisnoutcome, the user can, of course, be psychologically or physically impacted.n

n

nAt the other extreme, the user’s application is not only welcomed but,ninstead of a person, the user is greeted and dealt with by a generative AInthat appears to know the user’s tastes and preferences very well due tonhaving access to that cookie data. But could the revelation that the user’snentire online life is available to organizations ‘on demand’ be just asnpsychologically disruptive?n

n

nThe Intersection of Cookies and AIn

n

nThis exemplifies how both government and corporate-led events impact thenfuture use of AI and end-users.n

n

nGenerative AI and LLMs are already being put to good use. Personally, I’mnresistant to some AI-based developments, but I also recognize that I’mnprobably already benefiting from them without even knowing. The point isnthat both generative AI and LLMs rely on access to massive amounts of data,nwhich cookies help to generate.n

n

nIn this respect, the humble cookie is a very powerful tool which, like anyntool, can be used to build or to dismantle. Accepting cookies by default isna behavior that is unlikely to end any time soon. Being aware of the impactnof cookie data can help users make more informed decisions.n

n

nRegardless of one’s views cookies and AI are here to stay. To quote thenauthor Frank Herbert: “A process cannot be understood by stopping it.nUnderstanding must move with the flow of the process, must join it and flownwith it.”n

n

nnSergiu Rezmives, CC, has 13 years of experience in the security industry, with a focusnon physical security implementation, design, and operations. He has heldnmanagement and technical roles with the Romanian Army, ICTS UK andnAmazon.

n n
n
]]>

Leave a Comment

Your email address will not be published. Required fields are marked *