Slashdot Mirror
New Technique for Tracking Web Site Visitors
bigtallmofo writes "According to Jupiter Research, 58% of web surfers deleted cookies from their system in 2004. This has sent a loud message to marketers in regard to consumer's preference as to tracking their online activities. The marketers have responded with PIE. Persistent Identification Element (PIE) is a technology that uses Macromedia's Flash MX to track you even without using cookies. Macromedia has created a page to instruct users on how to disable this."
not to install flash. What good features did it have anyway?
If it's being used for this then I guess I can finally take the plunge and get it off my machine completely. I guess I'll be missing all that "cool" stuff on "teh interweb" but I'm sure I'll survive.
I bet Macromedia is thinking the same thing.
Comment removed based on user account deletion
That Firefox flashblock is one of the best technologies ever. The idea is so simple, and should have been an option in the actual flash itself: the thing doesn't load unless you click on it and say so. Most things should be like that, or be able to be set like that, and it's annoying when a company wants to control your property in such a fashion.
I mean, I have flash to play the occasional game or watch a movie. That shouldn't make me susceptible to ads crapping all over my eyeballs.
More importantly, Macromedia should be on my side with this, unless they are somehow benefitting everytime a flash app is loaded (which isn't impossible, but creates a serious conflict of interest).
I would wager that 58% of users know someone who is a "computer person" who, in their routine of cleaning all their friends' and family's boxes from spyware/adware, also deleted tracking cookies.
Mookie Tanembaum, founder and chief executive of United Virtualities, says the company is trying to help consumers by preventing them from deleting cookies that help website operators deliver better services.
gee, thanks mookie, i just wouldn't know what to believe on the internet if it weren't for all your protection. oh, and thanks for preventing me from deleting my own files. you're right, i really did want those after all. you're such a good friend.
*happy sigh*
The only way to get rid of a temptation is to yield to it.
-Oscar Wilde
I keep telling people that Flash is evil, this just re-enforces my point.
As it is, Flash is:
1. Bandwidth hungry (Bad for the many people still on Dail Up)
2. Allows for the most annoying of Advertising gimmics
3. Disabled unfriendly, as screen readers for the blind can't read flash.
4. Google and most (all?) search engines don't do flash either.
and now:
5. Allows for privacy invasion.
Sometimes I wish I was a plumber, then I'd know how to deal with other people's shit.
to your point, however, some % of that 58% are likely deleting cookies when e.g. AdAware or Yahoo! antispy is telling them to clean up this "tracking info."
Regardless, it's a Good Thing users are doing this.
Oh come on, we all know that lawyers that bring class action suits are the lowest form of life. Even lower than so-called ambulance chasing attorneys. At least the clients of ambulance chasers get 2/3rds of the judgement/settlement. Class action attorneys, on the other hand, get millions while their "clients" get worthless coupons.
If someone says he and his monkey have nothing to hide, they almost certainly do.
It's almost, but not quite, time for spyware removal programs to remove Flash as hostile code. It's probably time for programs like AdAware to offer the user the option of easily removing Flash. Perhaps with a message like this:
"Macromedia Flash is a program used primarily to deliver advertising messages. It can turn on your microphone and camera (if present) and transmit the results to advertisers, store personalized data on your machine and transmit it to advertisers, and play commercials with audio. Do you want to remove Macromedia Flash?"
58% know a computer person? That's a lot of computer people who don't know how to install SP2.
It's not an uphill battle to track visitors. You can track a visitor just fine. You can even track them from business transaction to business transaction just fine.
What advertisers are having a hard time doing is tracking visitors across sites or across casual visits to the same site, and I'm THRILLED by that. Hey, I know it makes their business harder and less cost effective, but that's not really my problem. Let the Web business model collapse a bit more. I think it's healthy.
Oh, and using Flash won't help. Most people are getting wise to Flash and are installing features like the Firefox plugin that requires you to click on an icon in order to activate a flash component (should you want to). I consider Flash dangerous, and I don't execute dangerous code unless I REALLY trust the place I'm getting it.
Bullshit!
Deleting cookies is no problem because nothing should be stored on the client. Website logins should be session cookies, preferences should be stored server-side. If web developers don't understand this, they should stick to html.
Check out this nugget from the article
United Virtualities's PIE helps combat this consumer behavior by leveraging a feature in Flash MX called local shared objects.
"combat this customer behavior"? Is this how companies are viewing the general public?
The Jupiter results don't note a couple of obvious questions.
1) Of the 58%, are they really deleting cookies via the browser's "Delete Cookies" button, or are they blocking those sites. Is there a difference?
2) Of the cookies installed on those subject systems, how many were agreed to by the user? Let's assume that 10% of the cookies installed on the subject systems wasn't the result of spam, p0rn and spyware sites.
Do those numbers matter if the user doesn't care about the personalization as much as they are pissed that spyware and ad companies use your information against you? How many were from legit sites that the user was serious about re-visiting?
That 58% number is more probably a reflection of the amount of crap our browsers are loaded down with. The user would rather clean out the entire mess than sort out the couple that might matter to them. (remember, site personalization is supposed to be seamless, they might not notice the difference)
Infact I'm pretty certain the biggest pain a user is going to feel when dumping their cookies is those site's that cache your username/password in a local cookie, so you don't have to type everything in again.
Personally I prompt for all 1st and 3rd party cookies, then block the sites I see fit to. Most ad server farms use the same domain (ad1.adfarm.com, ad2.adfarm.com, etc...) so blocking them all in one cookie prompt is completely possible.
Personally, I set Firefox to allow all cookies for the session only (i.e. until I close Firefox). This method allows sites like yours to track me when I'm logged in, but prevents presistent cookies, often used by advertisers, being saved on my system. I allow certain trusted sites like Gmail to set persistent cookies, so that my login details can be stored. This method has worked pretty well for me for several months now.
Anyone who mods me down for expressing this perfectly valid opinion needs to get out more.
Drill baby drill - on Mars
What advertisers are having a hard time doing is tracking visitors across sites or across casual visits to the same site, and I'm THRILLED by that.
Well, that's one positive effect, but what you're missing is that individual sites cannot track their repeat visitors. This is one of the most important numbers you can track - it makes it pretty hard to cater to your audience as a content provider if you don't know how many of the 50,000 people you get to your site in a day have even seen it before.
Remember, it's not just advertisers that track visitors. It's mostly the sites themselves, and site providers use those numbers to try to provide better content for their readers (which will in turn hopefully lead to greater numbers of readers). If, for example, you know that 50% of your audience is repeat visits, and that a majority of those repeat visitors actually come to your site more than once per day (a-la Slashdot), then you will probably want to rotate content in and out more quickly. On the other hand, if you're seeing hardly any repeat visitors at all, then you will know that some substantive changes probably need to be made to the site to encourage repeat business.
Deleting cookies throws this all out of whack and makes it difficult for web sites to know what their readers really want. Of course, there are other ways for sites to track visitors, but it's difficult to do across multiple sessions (repeat visits) without cookies.
Flash was once a rather nice delivery system for animated content. Then it became an advertising delivery system. Now it's becoming an adware/spyware vehicle.
Macromedia? Are you paying attention?
If you let this crap go on too long you're going to wreck your platform. People (a small fraction of them) are starting to think your stuff is a giant hole through which marketing zombies are driving Mac trucks. What happens to you when it's 15, 25 or 50%?
The page you provided is helpful; it also demonstrates the correct attitude. Unfortunately it is not enough. Not by a long shot. Here's a clue; if it could conceivably be used to monitor the user it needs to be OFF by DEFAULT. If ANYTHING the plug-in "knows" or "shares" is not ENTIRELY REMOVED simply by clearing the browser cache you are wrong, pure and simple.
Flash is not essential. Get on the stick or you're done in the market.
Lurking at the bottom of the gravity well, getting old
Most people are getting wise to Flash and are installing features like the Firefox plugin that requires you to click on an icon in order to activate a flash component (should you want to).
Most people use Internet Explorer and a lot of them do not even know that Firefox (let alone the plugin) exists. I highly doubt they are getting wise to Flash.
Let's not forget, to a lot of people IE is the Internet and/or Google/Yahoo is a web browser.
I think it's time for SVG to replace flash for our vector animation needs. It can be lightweight (in it's gzipped form), and doesn't have delusions of grander about being an application development environment (which flash does rather poorly). It's nice to see that SVG is making head-ways in Linux (especially KDE) and the mobile market, but we need to get the word out to the general populace (or, at least, web developers).
End of Line
the whole delete your cookies thing is silly. i run several web sites that use cookies to track logins, not for me to track them but for the site to track who is logged in.
Translation: I'm doing the right thing, so obviously the other 99.9999% of the world is as well and we are all "fools" for believing otherwise.
Please, most websites try to hit me with a doubleclick.net cookie or an advertising.com cookie right away. I'm no "fool" for deleting that sort of thing. Nor am I a fool for deleting all of the miscellaneous cookies I get, e.g. from misconfigured sites which leave Apache's mod_unique_id enabled for no reason.
As for user-tracking cookies, which may well be useful, there are two kinds: session cookies (which my browser does and should delete at the end of the session) and unreliable ones (e.g. ones which treat everyone on a public terminal or a family computer system as the same person). Ditching isn't such a bad idea (though I personally leave a few around from sites which I do use and trust).
Remember, the web is not a publication medium. It is designed to be interpreted by the user's web browser. If the user turns off images, they will see no images. If they turn off flash, there's no flash. If they use a screen-reader... well, you get the idea. That's the way the web was always intended to work. Turning off/deleting cookies is no different. The user controls the experience, plain and simple, and apparently 58% of people have decided to do that. Good for them, especially given the number of junk cookies out there.
Comment removed based on user account deletion
If you really want to track repeat users/readers for purposes other than advertising, look setting up a login. If they really like the site they'll sign up...kinda like the over 700k+ that have signed up on slashdot. :)
"...we dont care about the economics; we just want to be able to hack great stuff."
You seem to be mistaken the quote very clearly states consumer behaviour not customer behaviour. Most companies have long ago stopped seeing you as anything other then an income source.
Think about Flash applications. One Flash movie load of 200K can replace a dozen or more page views at 100K each. So 200K vs. 1200K. Which is less?
It's probably a tie, or pretty close to it.
On those dozen HTML pages, many elements such as graphics, stylesheets, and client-side scripting are going to be common across all of the pages. After they've been fetched once, they're going to be in the client's browser cache and won't have to be sent across the wire again.
Thus, the first page access will result in 100K going across the network. The second page may only be 30K of new traffic. Depending on how many pages the user needs to visit, HTML could be more or less pageweight.
Given the declining popularity of slow dialup connections, and all the other benefits of using HTML, I would say that if a site could be done equally well in either Flash or HTML except for pageweight, it should absolutely be done in HTML. Which isn't to say that there aren't instances where Flash is the better (or only) solution...
And it would be legal if the privacy statement on the breast examination site warned of the consequences. I would imagine 99% of people don't read those, and even the 1% that does read them probably doesn't read the whole thing. You would have to pay taxes on the pics website however.
Used properly Flash is first class when it comes to building Rich Internet Apps that do away with this whole 'Refresh' to change page state idea.
Javascript, XHTML, and CSS can of course do what Flash can do (considering Flash's ActionScript is based on the same ECMAScript), but we're only *now* starting to see good implementations of these technologies that really deliver good web applications thanks to Google maps.
Now with Actionscript 2.0 you have access to a language that's finally emerging as a solid OOP language, but with a VM (the Flash plugin) that craps over anything else when it comes to building client apps. I've quit Java dev for the joys and rewards of developing in Flash. I'm not one of those 'web developers' you love to hate who created the whole skip intro thing, I'm a slashdot-reading, programming geek who sees what an awesome tool Flash is to create astounding next-generation applications.
It never ceases to amaze me how blinkered this tech-aware community is when it comes to Flash. Any technology can be poorly implemented, but the days of horrible sliding text skip-intro multiple alpha-tween flash movies are long, long gone. But just to rile you up here's a *nice* piece of heavy flash work. It's a great promo for an ad agency, integrates audio, video, and has a real 'application' feel, so for those who still don't load frames or images you won't be happy with this: http://www.agencynet.com/
It's the year of Linux! To celebrate I have x free hotmail accounts to give away
No, I do not like seeing the same ad again and again, but it doesn't happen. I don't look at ads. I have trained my peripheral vision to recognize ad space on a web site, and I deliberately avoid looking. A pop-under escaped my block-pop-up technology yesterday, and there it was sitting under my main window. So I positioned my mouse so that when I clicked the pop-under would become the primary window. I closed my eyes, clicked, and pressed the key combo to close that window. I then went back to reading what I was reading, having not the slightest idea which advertiser I had just ignored. I literally did not see the ad, not even peripherally.
Take note, advertisers: We do not want you around.
Take note, webmasters: We do not want to see ads.
Still feel the need to run ads? It's your choice, and I respect your choice. But I'll make my own choice at the same time and ignore your ads, and try hard not to even see them directly. Your choice, my choice.
I understand your points, even if I don't agree with them all, except for this one:
we can't send you to the right clickthru!
Maybe the average banner ad system really is that stupid, but what's so hard about serving proper links to go with the ad content?
You make it sound like every banner click goes to exactly the same URL, and that destination only knows where to redirect you based on what the cookie says.
Like I said, maybe people are using that setup, but it's about as bad an idea as you could possibly think of.
This Like That - fun with words!
What a hoot! Funny. Really.
It's so cool that Bill was able to make a living without anything he did or produced having to be actually sold or otherwise introduced to the people who actually paid his way. I find it so wonderfully delicious that his memorial web site, which quotes an MP's motion to recognize that Hick's talent was a "...bullet in the heart of consumerism, capitalism..." pitches t-shirts as a come-on for donations. Why, that's almost... marketing.
Don't disappoint your bird dog. Go to the range.
Flash would actually be more powerful than cookies, because it would share the same information between browsers. Browsers (IE, Firefox) typically have their own unique set of cookie data. Flash uses a single set of data for all browsers on a machine. So if you visit the Gadgetron (semi-fictional company) website using Firefox in the morning, and then return to the same site with IE, Flash will recognise you as the same customer. This works on Windows at least.
But don't tell marking folks that.
You mentioned frequency capping. What frequency capping? After seeing the stupid animated ad for mortgages (you know the one--it has little buttons for every state, in various configurations) or the stupid "click the moving object" ads for the thousanth time, I have no reason to trust advertisers to 'cap' the number of times I see an ad for any given product. I wouldn't mind seeing a few ads for a new product I'm not familiar with, but I'm sick of seeing ads for mortgate refinancing ten or twenty times a day every !*&(*& day. Advertisers seem to just want every consumer to see their ad as many times as possible, without limit. They have proven by their behavior that this is their goal. Why would we trust them when they claim that they need cookies to provide "frequency capping"? There must be some other motive behind it.
If advertisers don't shape up, we are all going to be using Adblock before long. I'm aware that advertising often pays for content, and I'm willing to see ads to have good content, but there are limits. If you make your ads annoying, intrusive, or privacy-violating they will be blocked. Maybe the amount of content on the web will decline, or maybe the existing ad companies will go bankrupt and will be replaced by ones that are more aware of what consumers want. The current trend cannot continue, however.
So this is what it's come to: we the consumers are officially enemy combatants?!?
OK then, fine. I can live with that.
But tell me one thing: can a businesses that hires a marketeer that treats their customers thus way live without my business, or say, the business of the 58% of Internet users that are apparently getting tired enough of this crap to actively seek out and delete cookies?
Didn't think so.
Business needs to realize that it is precisely because of this entitlement mentality that people are beginning to get pissed. Personal lives and habits are not a gift given automatically with the purchase of a six-pack. My $3.49 doesn't give you any right to compile a psychological shoppping profile. You want to know about my buying habits? Ask Me!!! Try to take it without my knowledge, or sneak it off my hard drive and I'll treat your business no better than I would a common thief: from an extreme distance, and fully armed.
I'm not tense. I'm just terribly, terribly, alert.
I'm surprised it's that low.
I spent about 4 years in internet tech support, and pretty much everybody wants to delete their cookies for every problem imaginable.
Can't browse?
"How do I delete my cookies?"
Can't view SSL sites?
"I tried everything, even deleting my cookies."
Daughter's knocked up?
"I deleted her cookies."
It's a cute, easy to remember name, and every "tech" article geared toward unwashed masses reminds people to delete cookies. Even if they don't know how, they'll ask, and somehow a person that loses their taskbar every 3 days will remember how to clear cookies the first time they see it.
<xml><I><am><so><damn>Web 2.0</damn></so></am></I></xml>
Just so we're clear that I will *not* be paying for any therapy that may be required afterward. ;)
Speaking of which, is there a plugin that pretends to be a webcam but "records" nothing but the Goatse image? If someone wants a picture of me without politely asking for it they should get what they deserve.
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
What teenaged girls are interested in cancer? Theyr'e teenagers, they're never going to die. No, you'd be more popular with the "naughty grannies" market.
Ah, but their advertising is still getting to you. Brand recognition. When was the last time you choose a brand you'd heard of over one you'd never heard of? That's advertising. Otherwise, you'd have heard of neither.
Oh, which Cola do you drink? ;-)
most of the fallout of not tracking by cookies is borne by the user.M/u
So it's our choice and we're making it.
Now whether you like it or not I WILL stop you from spewing your damn graffiti onto my hard drive. If you want to keep precious IP tracking data on your drive then that's up to you. I won't let door to door salesmen make chalk marks on the side of my house for later reference either. Why do you find this so hard to understand?
More optimized delivery = more money for publisher = less ads for you.
That's nice, but we had somthing different in mind.
No delivery = no money for marketers = no ads for us.
"Why isn't using an antispyware program to delete cookies considered "actively deleting cookies"? Just because you use software that accomplishes the same thing doesn't mean the cookies aren't getting deleted. That percent is probably accurate."
It doesn't count unless you wrote the software yourself, and even then only if it's in assembly. Just like I didn't really make my web page.
My Blog
"rather nice" is subjective. The first time I ran into flash on someone else's system I realized what a problem it was going to be. After that, I always clicked cancel when I ran into a flash object rather than download and install like the popup asked.
On my personal systems, the first thing I did upon installing Mozilla (or running it for the first time) was to search for and remove or rename the plugin that enabled flash. Besides using a custom hosts file that blocks ads, and rarely if ever viewing images or using javascript with Konqueror, this is generally enough to stay away from flash ads. The problem with this is that non-technical users view this setup as "broken" if they can't view a flash item they wanted to view even though they are spared from all the flash ads.
This is where the virus that is flash could have been nipped in the bud. If the browser developers could have simply added an option, "no, and don't ask again" to the pop up request for installation, then maybe my family members and other users less technical would have chosen that option rather than simply clicked "install" so they stopped the pop ups. If this had been done, maybe they would have seen the value in adding a button or menu option to disabling flash except on activation by user, like I can keep images turned off and just click the image icon at the top of the browser window whenever I find it necessary to view images.
The reason for such a widespread userbase/use of flash is because it was able to spread more effectively than a virus. That's the only way to really describe the method in which it was able to install itself so widely. Virus writers can only dream of the success that flash has had in penetrating users.
Thanks to this new abuse of tracking "for the good of the user, whether the user agrees or not", maybe more developers in the FOSS community will finally admit that what could have been a useful technology instead has turned into one of the worst spyware/viruses of all time.
Konqueror developers and others, add an icon/button to the navigation taskbar that turns javascript and flash on when it is off by default, just as the konqueror image icon works now. When it is off by default, an image icon appears on the toolbar that when pressed downloads images of the web page you are looking at. When not pressed, only the html downloads without images. This is far better and will cut javascript and flash usage by default much more than the menu-only choice of turning javascript on/off, even though the menu-only choice is as easy as Tools -> html settings -> javascript.
If there were the above icon/button for flash, then maybe I'd even retain the ability to view flash through the button. Without it though, I'll keep my main and auxiliary browsers flash free. Need I view a flash object, I'll keep a third browser ready and enabled, but I haven't had the need in a couple of years.
What I can't believe is how other users put up with flash ads (and popups/unders) and other animated junk when viewing what basically is static html. Javascript on for everything, accept images from all sites, etc. With Konqueror and Mozilla (and Firefox?) javascript can be turned on for specific sites only, and off for everything else which negates the often posted argument, "but web sites don't work without javascript". I don't know which sites require daily use of javascript, but I have it turned off by default, and other than my isp's site (which is registered as a javascript-allowed site in my browser settings), I haven't used javascript in months. So many months that I can't really remember when I had it turned on.
I see in other posts that flash defenders/developers claim that cameras/microphones are turned off by default in response to posts on camera/microphone security concern posts. This is only true as long as spyware/virus writers stay away from targeting these settings. As the spyware/virus developers continue to explore ways of breaking into end