In Like Cookies through the Internet, players trade away pretend pieces of private information for online apps and rewards. Players spend their pretend private information like cash to buy the apps and rewards they want. Each 'purchase' also comes with a number of first- and third-party cookies.
Cookies are snippets of code that let developers follow people and keep track of where they go and whay they do online.
First-party cookies come from developers watching their own sites and services. Third-party cookies come from outside companies watching online traffic.
For example, Company A may use first-party cookies on its own website to find out what its users do with their app or service. Company B, a company that studies our online habits, might pay Company A to use its third-party cookies, as well. If Company A agrees to take Company B's money and to add third-party cookies to its site, then Company B can learn about Company A's customers and sell whatever information they gather to advertisers.
Some companies don't sell the information they collect with cookies. Instead they use it to analyze their work and improve it for users.
Regardless, cookies are a big business because they let companies know our business. Cookies clue companies in to what we do as individuals and as large demographic groups. When a company knows where we go online and what we like and dislike (or what we buy or don't buy), they can develop advertisements and products designed to grab our attention and money.
In this game, we're going to look at just how much we're willing to pay to get the apps and rewards that make our lives more convenient, but less private.
How to Set-up
To play Like Cookies through the Internet, you need
- A facilitator (that's you!) and a group of players. (In a large group, you may want to form smaller groups for play and discussion.)
- This set of rules.
- A scorecard for each player.
- A set of reflective questions (like the ones provided below) to discuss after the game.
- Optional: edible cookies or edible cookie substitutes (or stickers or tokens that represent cookies).
Essentially, once you've prepared your follow-up questions and each player has a scorecard, you're ready to play.
How to Play
Each game of Like Cookies through the Internet consists of 5-8 rounds of play. The facilitator should decide on the number of turns per game based on how many people are playing: the larger the group, the fewer the rounds.
During each turn, the facilitator names a service and announces its cost and the number of first- and third-party cookies that come with it.
For example, reading from the chart below, the facilitator would say something like,
- 'The first service for sale is private text messaging.'
- 'To get this service, you have to give up your phone number and your contact list.'
- 'This service comes with one first-party cookie and no third-party cookies.'
Here is a turn-by-turn table for the facilitator to use that matches players' scorecards. By clicking the green remix button in the upper right-hand corner of the screen, you can use Mozilla's online code editor, Thimble, to remix this table, as well as the scorecard template, to create your own list of services, costs, and cookies.
|Turn||Service||Privacy Cost||First-Party Cookies||Third-Party Cookies|
|1||Private Messaging||Phone number + contacts||1||0|
|2||Private Broswer||No information||1||0|
|3||Online coupons||Email or phone number + credit card number + search history||1||2|
|4||Online & offline coupons||Email or phone number + credit card number + search history + purchase history||1||3|
|5||File sharing||Email address + contacts||1||1|
|6||Sales alerts & coupons||Email address or phone number + credit card number + search history + purchase history + location data||1||4|
|7||Free smartphone service||Email address or phone number + credit card number + search history + purchase history + location data + social media posts||1||5|
|8||Online puzzle game wtih friends||Email address or phone number + credit card number + search history + purchase history + location data + social media posts + game results||1||6|
Next, each player decides whether or not to buy that service and marks her decision on her scorecard.
After that, each player calculates her privacy score for the round and writes it down at the end of the appropriate row on the scorecard.
- Each service is worth +1 point.
- Each first-party cookie is worth -1 point.
- Each thrid-party cookie is worth -2 points.
If you have edible cookies, edible substitutes, or ineedible tokens, you can pass them out each round and give each player the number of 'cookies' that they earned that round.
How to Win
At the end of the game, each player tallies her points and writes the total at the bottom of her scorecard.
The player with the lowest score wins. Everyone who played can eat and/or share any edible cookies or edible cookie substitutes (or trade stickers or tokens or other inedible substitutes).
As players eat their cookies (or not), facilitate a brief conversation around questions like these (or come up with questions of your own). You should customize the questions for your audience.
- How do you feel when ads and coupons for the things you buy or search for show up on your Facebook page, or in your email, or as part of your search results? Do these kinds of advertising techniques take away from your privacy? Is that okay?
- Should corporations and governments be able to build programs and devices that record your behavior online? Is it a big deal or no big deal to download and use an app that records what you say and type?
- What does 'free' actually mean when it comes to cookies and tracking?
- Why do you think it's valuable for developers and advertisers to know our online habits?
- What seems like a good balance between online privacy and convenience? What kinds of information do you feel safe sharing with developers and advertisers?
- What are some ways that apps, services, websites, and companies incentive us - or reward us - for giving them private information?
- Is convenience worth more than privacy? Why or why not?
- What are some advantages and disadvantages of losing privacy online?
- What do you think are some strong privacy habits we could all practice online?
- Can you think of a time when you knew you were beign tracked online because of the ads you saw or the texts or emails you received?
- Do people know about cookies and the cost of 'free' online services? Should they? How much does privacy matter online?
- Should companies be able to collect information about you and trade it? Why or why not?
- What would the Internet be like if companies couldn't track you or study your behavior? Would you like that Internet?
- How can people learn about and better understand online privacy? How would you teach someone about this topic?
- The facilitator reads from the table: 'The next service offers you pop-up alerts for sales on your favorite items online or in the stores around you as you travel. You need to give up your phone number or email address for this service, along with your credit card number, your search history, and your purchase history. If you buy this service, you get one first-party cookie and three third-party cookies.'
- Each player marks her scorecord to indicate whether or not she bought the service.
- Each player records her score for the turn.
- The facilator passes out any edible cookies or substitues used in the game.
- App: a program you purchase to do something on your device, like share pictures or play a game.
- Cookie: a snippet of code developers use to follow people around the web and see what they do.
- Developer: a person, team, or company that makes an app
- First-party cookie: a cookie from the person, team, or company that made the app or website you're using.'
- Third-party cookie: a cookie on an app or website that comes from an external company and lets that compamy watch your online behavior.
Curious about cookies? You can learn more from this Privacy bacis: Online Tracking Kit from Mozilla's Privacy team. For instance, check out this expanded list of cookies from Cookie Batch Bingo:
- Flash Cookie: A type of super cookie that uses Locally Stored Objects (LSOs). These cookies are independent of the browser, designed to be permanently stored on your device (never expires), and usually written when you visit a site that uses Flash.
- Super Cookie: A cookie that remains on your device even after you have removed all cookies from your browser. Super cookies are more difficult to detect and remove from your device because they arent' browser cookies and can't be deleted using browser tools.
- Zombie Cookie: A cookie that is automatically recreated after being deleted.
- Authentication Cookie: The most common method used by web servers to know whether the user is logged in or not, and which account they are logged in with.
- Session Cookie: A cookie that is stored in temporary memory and is automatically removed when you close your browser. Also known as an In-Memory Cookie or a Transient Cookie. Commonly used for shopping cart software and online forms. The browser knows to treat them as a session cookie because they don't have an expiration date on them.
- Persistent Cookie: A file that is stored on your hard drive until its expiration date. Also known as a Stored Cookie. Sometimes called a Tracking Cookie, but they can also be used for functions like authentication and language selection.
- Secure Cookie: A secure cookie can only be transmitted over an encrypted connection (HTTPS) so that it is less prone to attacks. These cookies are stored on your hard drive. Also known as an httpOnly cookie.
- Magic Cookie: Thought to be a possible origin of the term "cookie", it's a term used by programmers to describe a packet of data a program receives and sends back unchanged, while the contents remain unseen.
You can also visit the Mozilla Developer Network to learn more about how cookies work and what they do.
Ideas for Remix
- Add more privacy-friendly apps and services to the game to help players earn higher scores by using better privacy habits.
- Localize the apps and services used in the game to use real-world examples popular in your community.
- Use this Lightbeam activity from Mozilla to track-the-trackers and see how many cookies really come with each website your players want to visit.
- Work in other types of cookies (like zombie cookies!) and costs to remix the game's scoring structure.