Listening Back

Listening Back sonifies internet cookies in real time as you browse online. Every time a cookie is inserted onto your computer, deleted from your computer or overwritten a sound is triggered. Signature sounds have been designed for the most commonly browsed platforms, e.g. Google, Facebook, YouTube, Amazon and more. Via preferences an interface allows one to change the pitch and volume of the cookie data. By translating cookies into sound Listening Back provides an audible presence for hidden infrastructures that collect personal and identifying data by storing a file on one’s computer. Listening Back therefore functions to expose real-time digital surveillance and consequently the ways in which our everyday relationships to being surveilled have become normalised.

A Brief History of the Origin of Cookies. Named after the computer science term “magic cookie” when Netscape Communications programmer Lou Montulli had the idea of using cookies in web communications in June 1994.(1) At the time Netscape was developing an e-commerce application for North American telecommunications corporation MCI and cookies provided a means to reliably implement a virtual shopping cart.

Before Internet cookies were invented in 1994 the World Wide Web had no memory. In other words the Web was a stateless infrastructure. ‘Stateless’ is a computer engineering term used to describe the situation whereby every time a web site was visited there was no recall of previous visits, preferences, log in information or user ID. Without a state mechanism to store records of browsing activity, future developments such as shopping online would not have been possible. Online shopping without cookies would be analogous to using a vending machine as you could not buy more than one product at a time and there would have been no automated feature to remember your personal information. A stateless Web meant that every visit to a website was like the first and any commercial transaction would have to be handled from start to finish in a single session. The statelessness problem concerned the Netscape Enterprise Server Division, while working on a contract for a new shopping cart application for online stores. In 1994 Lou Montulli and John Giannandrea developed a working concept termed, ‘Persistent Client State HTTP Cookies.’ This solution called for each Web site's server to place a small file on each visitor's computer that would track what the visitor did at that site. Internet cookies enabled Web servers to keep track of users browsing activities thereby providing the Web with memory, and significantly for the first time, a protocol for online automated data collection. Cookies transformed the World Wide Web from a system of discontinuous visits to a culture of persistent connectivity.

The first use of cookies out of the lab in 1994 was to determine if visitors to the Netscape website had already visited the site. Montulli applied for a patent for the cookie technology in 1995 and support for cookies was integrated into Internet Explorer version 2 in October 1995. Netscape cookies led to the Internet Engineering Task Force (IETF) (2), to work on a standard for state management on the Internet. The first proposed standard was Kritsol’s State Info which limited state information to a browser session. In contrast Netscape’s cookies had no requirement that cookies be destroyed at the end of a browser session, rather they could persist for many years. However the IETF eventually switched to the Netscape cookies’ specification largely because the Netscape version was a ubiquitous working model that had become a de facto standard. The IETF’s goal then shifted to developing a more precise standard for cookies than Netscape’s one page draft.

It was not until early 1996 that the public became aware of cookies. The Financial Times broke the story on February 12, 1996 with an article on cookies and privacy (Jackson 1996). This was followed by a story the next day in the United States, “Web Cookies May Be Spying on You” (Gomes, 1996). The article immediately drew attention to cookies and resulted in a great outcry due to the significant privacy implications.

It was also in February 1996 that the IETF identified third-party cookies as a considerable privacy threat. Normally, a cookie's domain attribute will match the domain that is shown in the web browser's address bar. This is called a first-party cookie. A third-party cookie however belongs to a domain different from the one shown in the address bar. This sort of cookie typically appears when web pages feature content from external websites, such as banner advertisements. Third party cookies can be used by online advertising companies to create detailed records of a person’s web browsing habits. The specification produced by the IETF in 1997 (RFC2109) specified that third-party cookies were either not allowed at all, or at least not enabled by default. At this time advertising companies were already using third-party cookies. Despite the IETF s standard, browsers still accept third party cookies by default to satisfy the advertising companies that rely on third party cookies.

Due to the rapid development cycle and emphasis on commerce Netscape’s cookies were introduced in four ways. Firstly, Netscape turned the feature on by default without notifying or asking the consent of users. Secondly, there was no notification mechanism to alert people when cookies were being placed on their computer. Users did not know that information about them was being saved. Third, the cookies technology was not transparent. Examining a cookies file provides no information about what is stored in the cookie file. Fourth, there was no documentation available that explained what cookies were and their privacy implications. Since it’s origins in the 1990’s cookies have become ubiquitous, fundamentally altering the nature of surfing the Web from being a relatively anonymous activity, to the kind of environment where records of one's transactions, movements and even desires could be stored, sorted, mined and sold.

(1) A Magic Cookie denotes a packet of data a program receives and sends back unchanged.

(2) IETF was the de facto Internet standards body