I've not been a major user of Firefox for the past year or so, since I discovered the wonderful Google Chrome. But over the past couple of days I've been an avid Firefoxer, solely because of an absolutely wonderful (and extremely concerning) add-in called Collusion.
You probably know about cookies. A cookie is a small text file that a web site is generally permitted to store on your computer, to help the site identify you in the future. Generally it stores a unique random ID number, and a few bits and pieces about what you were doing on that particular web site.
All pretty harmless so far. If I go to World of Toasters online and look at the Model 2000, I have no problem in the site showing me that same model when I go back to the site the following day. And it can do that because it's stored the details on my computer in a cookie.
One of the golden rules about cookies is that, for security, the only site that can read a cookie is the one that created it in the first place. So World Of Toasters knows which model I was looking at last, but if I subsequently surf to Toasters R Us, they have no clue.
At least, that's the theory. And that's what the security consultants tell you. But it's not entirely true.
What happens if both of those toaster-related web sites happen to have their on-site advertising provided by the same agency? If that agency writes cookies under its own name, can it read them both? And can it thus track your behaviour across both web sites? You betcha.
Which is where the aforementioned Firefox add-in comes in. It's called Collusion, and it examines the cookies on your PC to find out who's been sharing information with whom. Or at least, who could technically be sharing information with whom. And this is not just any information, of course. It's yours. Data about what you've been looking at online.
If you want to try it out, you'll need to use Firefox as your browser (at least for the duration of your experiment). Assuming that you have FireFox, go to https://secure.toolness.com/xpi/collusion.html to download and install the add-in. It only takes a few seconds.
Now, just carry on surfing as normal. At any point, when you want to see the results of Collusion's analysis, head to http://collusion.toolness.org. You will see a chart such as the one below. Each red dot indicates a cookie through which your internet activity can be tracked. And the explanation on the right hand side will show just how many sites have access to that cookie.
And now the scary bit. Want to know how many sites I visited in order to build up the chart shown below? Just 3.
My thanks to Lex Davidson for telling me about this fascinating Hot Find.