HOWTO Prevent YouTube from Tracking your GMail Credentials

Updated 21 Jul 2012 to correct the cookie pattern syntax for Chrome.

I have recently noticed that when I visit a page on youtube, the top-right corner shows that I am logged in by my email address. Because I use Google Apps for Business (neĆ© Google Apps for Domains) to manage my email, and because Google recently insisted I merge all of my Google accounts, I also see a banner at the top of the page warning “This account is managed by jclark.org” with a link for more info.

What this means is that Google can track all of the videos I watch on YouTube and associate them with my GMail account. And I expect that goes for YouTube viedos embedded on other sites as well Because I value my privacy, I don’t want that behavior; that’s the primary reason I have never signed up for a YouTube account. Logging out of YouTube has an undesirable side-effect: I am immediately logged out GMail and Google Reader as well. One solution is to use separate browsers, however, I prefer to run a single browser for efficiency, and viewing any page with an embedded YouTube video in my GMail browser would tack me, even if I then use another browser to view it.

I have found a simple solution: do not allow youtube.com to receive or store cookies on my browser. This also required removing any existing youtube.com cookies already stored by the browser. This has the side effect that I cannot log in to YouTube at all, however, that is acceptable to me since I don’t have, and do not want, a YouTube account.

Here are the steps I took in Chrome:

  1. Close any open youtube.com pages.
  2. Using the wrench icon, open Preferences
  3. In the “Under the Hood” tab, in the Privacy section, click “Content Settings…”
  4. Under Cookies, the current setting should say “Allow local data to be set (recommended),” or possibly “Allow local data to be set for the current session only”. If you have another setting, you probably already take a more active role in managing your cookies, and should not need these directions.
  5. Under Cookies, click “Manage Exceptions…”
  6. Under “Hostname Pattern” type “[*.]youtube.com” (no quotes) and change the Behavior dropdown to “Block”. Close the dialog.
  7. You are returned to “Content Settings”; under Cookies click “All Cookies and Site Data…”
  8. In the search box, type “youtube” (no quotes). The list of sites’ cookies will be filtered to URLs containing “youtube”; in my case, it was all URLs ending in youtube.com. Click “Remove All”.
  9. Close preferences. Browse to YouTube, you should now see a “Sign In” link in the upper right corner. Confirm that you are still logged in to GMail.
  10. Profit! Well, a little more Privacy, at any rate.

Data Mining and the Apple Store.

When I was in college, all CS majors had to take a course about the impact of computers on society. I’m not sure of the title anymore, I think it was something pithy like “Computers and Society.” Since it wasn’t an actual programming or algorithms class, I wasn’t very interested, but it’s one of the courses that has stuck with me to this day. I still recall animated discussions about the sort of information which computer systems hold about each of us, and the sort of information harvesting that results. We all live with this reality today, especially with the mainstreaming of the Internet. How many of us would want a list of every Google search we’ve ever run posted for all the world to read? What sort of information do companies glean about us by tracking our credit card transactions. To this day, I dislike “membership” discount programs, such as the “bonus cards” most supermarkets require in order to qualify for sale prices. What a perfect way to monitor everything your customers purchase, and to link every purchase to a specific customer.

All this was brought home to me again today. I had to visit the Apple store because my daughter’s MacBook has developed cracks in the case where the top lid meets the lower lid. After meeting with a genius (“No problem, we can fix that”), I decided to pick up a Belkin iPhone adapter- the one that lets you use any headphones with the specially recessed headphone port on the iPhone. The Apple store I was visiting is the older design- they still had a separate Genius Bar and Register area. While waiting in line to check out, a store associate wielding one of Apple’s hand-held checkout devices offered to complete my sale, if I was paying by credit card. Rather than wait, I agreed. When he asked me if I wanted a receipt by email or a hard copy, however, I opted for the hard copy. As quick as the handheld devices are, I didn’t want to wait while he picked out my email address on his on-screen keypad using the stylus. He swiped my credit card, retrieved my receipt (and a bag) from behind the Genius Bar, and I was on my way.

So imaging my surprise about an hour later when, upon checking my email on my iPhone, I discovered that the Apple store had emailed me my receipt. The only possible explanation is that they had saved my credit card info and the associated email address from a prior purchase (at another Apple store, no less) and used that information to send me a receipt anyway. It’s a good thing that my purchase wasn’t a gift, and that I don’t share an email account with anyone. And before you ask, they did not get my email address from my earlier Genius Bar visit. Beside dealing with different associates, I never gave out my email address- the MacBook in question is registered to my daughter.

Now, I understand that emailing a receipt is a convenience- both when checking out, when it allows staff to ring you up from anywhere in the store, no need for a printer, and for the customer, as a lost receipt is replaced by a quick trip to your email client. I also know that when I make a purchase via credit card, the merchant may store that number with my order; Internet retailers commonly keep it on file for later purchases. It still bothers me that a retailer would use my credit card info from this purchase as a lookup key to find earlier purchases, and then use that information to contact me with content I had already declined.

There’s no escaping this kind of data mining today, but it still bugs me. I think I may start carrying (and using) more cash.