Like Cookies through the Internet

Trade privacy for cookies in this game about the cost of online services.

Introduction

In Like Cookies through the Internet, players trade away pretend pieces of private information for online apps and rewards. Players spend their pretend private information like cash to buy the apps and rewards they want. Each 'purchase' also comes with a number of first- and third-party cookies.

Cookies are snippets of code that let developers follow people and keep track of where they go and whay they do online.

First-party cookies come from developers watching their own sites and services. Third-party cookies come from outside companies watching online traffic.

For example, Company A may use first-party cookies on its own website to find out what its users do with their app or service. Company B, a company that studies our online habits, might pay Company A to use its third-party cookies, as well. If Company A agrees to take Company B's money and to add third-party cookies to its site, then Company B can learn about Company A's customers and sell whatever information they gather to advertisers.

Some companies don't sell the information they collect with cookies. Instead they use it to analyze their work and improve it for users.

Regardless, cookies are a big business because they let companies know our business. Cookies clue companies in to what we do as individuals and as large demographic groups. When a company knows where we go online and what we like and dislike (or what we buy or don't buy), they can develop advertisements and products designed to grab our attention and money.

In this game, we're going to look at just how much we're willing to pay to get the apps and rewards that make our lives more convenient, but less private.

How to Set-up

To play Like Cookies through the Internet, you need

Essentially, once you've prepared your follow-up questions and each player has a scorecard, you're ready to play.

How to Play

Each game of Like Cookies through the Internet consists of 5-8 rounds of play. The facilitator should decide on the number of turns per game based on how many people are playing: the larger the group, the fewer the rounds.

During each turn, the facilitator names a service and announces its cost and the number of first- and third-party cookies that come with it.

For example, reading from the chart below, the facilitator would say something like,

Here is a turn-by-turn table for the facilitator to use that matches players' scorecards. By clicking the green remix button in the upper right-hand corner of the screen, you can use Mozilla's online code editor, Thimble, to remix this table, as well as the scorecard template, to create your own list of services, costs, and cookies.

Turn-by-Turn Table

Turn Service Privacy Cost First-Party Cookies Third-Party Cookies
1 Private Messaging Phone number + contacts 1 0
2 Private Broswer No information 1 0
3 Online coupons Email or phone number + credit card number + search history 1 2
4 Online & offline coupons Email or phone number + credit card number + search history + purchase history 1 3
5 File sharing Email address + contacts 1 1
6 Sales alerts & coupons Email address or phone number + credit card number + search history + purchase history + location data 1 4
7 Free smartphone service Email address or phone number + credit card number + search history + purchase history + location data + social media posts 1 5
8 Online puzzle game wtih friends Email address or phone number + credit card number + search history + purchase history + location data + social media posts + game results 1 6

Next, each player decides whether or not to buy that service and marks her decision on her scorecard.

After that, each player calculates her privacy score for the round and writes it down at the end of the appropriate row on the scorecard.

If you have edible cookies, edible substitutes, or ineedible tokens, you can pass them out each round and give each player the number of 'cookies' that they earned that round.

How to Win

At the end of the game, each player tallies her points and writes the total at the bottom of her scorecard.

The player with the lowest score wins. Everyone who played can eat and/or share any edible cookies or edible cookie substitutes (or trade stickers or tokens or other inedible substitutes).

As players eat their cookies (or not), facilitate a brief conversation around questions like these (or come up with questions of your own). You should customize the questions for your audience.

Reflection Prompts

Example Turn

  1. The facilitator reads from the table: 'The next service offers you pop-up alerts for sales on your favorite items online or in the stores around you as you travel. You need to give up your phone number or email address for this service, along with your credit card number, your search history, and your purchase history. If you buy this service, you get one first-party cookie and three third-party cookies.'
  2. Each player marks her scorecord to indicate whether or not she bought the service.
  3. Each player records her score for the turn.
  4. The facilator passes out any edible cookies or substitues used in the game.

Glossary

Curious about cookies? You can learn more from this Privacy bacis: Online Tracking Kit from Mozilla's Privacy team. For instance, check out this expanded list of cookies from Cookie Batch Bingo:

  • Flash Cookie: A type of super cookie that uses Locally Stored Objects (LSOs). These cookies are independent of the browser, designed to be permanently stored on your device (never expires), and usually written when you visit a site that uses Flash.

  • Super Cookie: A cookie that remains on your device even after you have removed all cookies from your browser. Super cookies are more difficult to detect and remove from your device because they arent' browser cookies and can't be deleted using browser tools.

  • Zombie Cookie: A cookie that is automatically recreated after being deleted.

  • Authentication Cookie: The most common method used by web servers to know whether the user is logged in or not, and which account they are logged in with.

  • Session Cookie: A cookie that is stored in temporary memory and is automatically removed when you close your browser. Also known as an In-Memory Cookie or a Transient Cookie. Commonly used for shopping cart software and online forms. The browser knows to treat them as a session cookie because they don't have an expiration date on them.

  • Persistent Cookie: A file that is stored on your hard drive until its expiration date. Also known as a Stored Cookie. Sometimes called a Tracking Cookie, but they can also be used for functions like authentication and language selection.

  • Secure Cookie: A secure cookie can only be transmitted over an encrypted connection (HTTPS) so that it is less prone to attacks. These cookies are stored on your hard drive. Also known as an httpOnly cookie.

  • Magic Cookie: Thought to be a possible origin of the term "cookie", it's a term used by programmers to describe a packet of data a program receives and sends back unchanged, while the contents remain unseen.

You can also visit the Mozilla Developer Network to learn more about how cookies work and what they do.

Ideas for Remix