Slashdot Mirror
Net Marketers Worried as Cookies Lose Effectiveness
Saint Aardvark writes "The Globe and Mail reports that Internet
marketers are worried about the decreasing persistence of cookies.
Almost 40% of surfers delete them on a monthly basis, says
Jupiter Research -- a fact one marketers attributes to incorrect associations with spyware and privacy
invasion. United
Virtualities' Flash-based tracking system is mentioned as a possible
substitute...though they don't mention the Firefox plugin that removes
them, or talk in any meaningful way about why people
might want cookies gone. Still, the article is a good overview of
life from the marketer's perspective."
Going to play the devil's advocate here, because I know how most of the rest of you feel:
.com a few years ago. I created a custom metrics program that intergrated into into our (also custom) ecommerce application. To track users, I gave them a single, persistant cookie that contained only a GUID. I used this information to determine our converstion ratio (number of visitors to buyers), figure out the top paths through the site, determine percentage of traffic that was return visitors, etc.
I used to be the web architect for a
All this stuff was entirely anonymous unless they purchased something from us. But, even then their site history was really only incidently linked to their contact info because we never correlated the data together. Why would I? Knowing that "John Smith" visited our site 3 times a week isn't really any more insightful that knowing that "User #5233258" visited us 3 times a week. The data was only useful in aggregate. For example, knowing that the last page 20% of people visited was our contact page, yet only 10% of those people actually submitted the form would make me reevaluate that page. Maybe the contact form wasn't very user friendly? So, I'd tweak it and then recompare the metrics.
The whole point of my tracking was to better serve our visitors and eventual customers. I wanted to make it easier for them to do what they came to our site to do. Or it would help us target our advertising for effectively. If a lot of people clicking through from a banner ad we had on Site A tended to buy Widget B, we'd decide to modify the banner ad to specifically highlight Widget B. Maybe my attitude is different than most, but I can't be unique. I never looked down upon our visitors, feeling that I was hearding cattle together to be slaughtered, or at least ripped off. Quite the opposite. These visitors wanted to be on my site, elsewise they wouldn't have dropped by. It felt pretty cool that so many people were coming to a site that I was responsible for managing. These people were supplying my paycheck and I had to make sure that they preffered our site to our competitors'. If a lot of visitors deleted that single cookie I used, that made that job much more difficult.
Does that still make me evil?
Entrepreneur : (noun), French for "unemployed"
I don't delete 'em. I log in to various sites that use them (that I want to use them), then I close the browser and then make the cookies.txt file read-only (chmod or chattr, or attrib). Get the benefit for sites I want the customizations on, don't get the tracking
Don't blame me, I voted for Kodos
Cookies were intended to allow sites to serve users by providing a convenient method of preserving client-side state.
They're intended to do legitimate things like let a site remember who you are so you don't need to log in every time you visit it, or assign a transaction code to make it easy for things like shopping carts to work... and prevent you from double-ordering if you click the "Order" button twice.
They were never intended for the purposes to which marketers have misappropriated them.
It's just another example of information being ostensibly collected for a purpose the user approves of, and then being secretly used for purposes the user is unaware of and might not approve of, and it justifiably makes people angry.
"How to Do Nothing," kids activities, back in print!
How many visitors are on an old dial up connection or connecting via proxy? I.P. numbers simply aren't a reliable way of providing usage statistics.
...just ask sessions. I think there needs to be a term defining the difference between reality and the responses on Slashdot. Of course computer nerds are going to be up in arms about using cookies to track info, the rest of the planet, however, is wondering why a computer site has an article referring to baked goods.
I keep 3rd party cookies blocked... that keeps everything nice and clean.
For the layman, the way these tracking cookies work is when you're visiting site A, site A has a banner from site Z. If you have 3rd party cookies enabled, not only can site A set a cookie to your harddrive, so can site Z. Now, you go to site B which also uses site Z's ads... and site Z can see you were also at site A. Block 3rd party cookies however, and you cant get a cookie from site Z unless you actually VISIT site Z.
Disabling 3rd party cookies lets you keep their useful functions (login information at ebay, etc) and restrict the illegitimate ones (tracking my useage).
Mike Healan from Spywareinfo.com has a good article about cookies and their spyware-esque function here: http://www.spywareinfo.net/july20,2005#cookies
To err is human, to really foul up requires a computer
As a small time webmaster with only intermediate programming experience (with the "P" languages), let me say this is a total non issue. If we want to track you, we will track you. If you turn off cookies, we'll just put a unique ID in every single link and form of the page we serve you. This ID will be implanted in every single link on the next page, and so on. Since increasingly whole sites are generated via database on the fly, this is not hard to do. It's just one extra param in each CGI-style GET or POST (except with mod_perl mod_php mod_python or J2EE it's way faster than CGI and we can do URL rewriting so it won't be obvious).
And by the way, it is increasingly cheap to share this information with third parties. It used to be a big slowdown to communicate with other webservers (like those owned by marketing companies) over http using protocols like SOAP or XML-RPC. With processing, memory and bandwidth cheaper than ever, it's not a big issue to send your tracking information behind the scenes, further eliminating the need for tracking cookies.
By turning off your cookies, you are simply making a little tougher to track you, ensuring only that larger more sophisticated sites can operate with viable business plans. So in "protecting your privacy" you are actually squeezing out small and marginal media competitors and preserving the Web for large corporations. Congrats!
Try the Flashblock extension! It's the best thing I ever downloaded for my Firefox. Keeps flash plugins from playing unless you click on them in the browser to start them. And for some reason I have never found that I want to click on one to deliberately see an ad...
Cookies don't track which sites you go to. A cookie has a domain that it actually is assigned to. When you visit that domain, the web browser sends that cookie to the server. If I go to amazon.com and they put a cookie on my system, then the only people who can look at it is amazon.com. They can't tell that I also went to overstock.com and looked at books. And overstock can't tell that I've been to amazon.
The only time they can get this information is if a third party has an Ad, or some other content on both sites (which is what makes cookies from ad sites more dangerous).
So really, when you go to the gas station, the attendant doesn't have to put a tracking device on your car. Just record your license plate (after all, isn't that all a GUID is?) Your car always has it's license plate, and so they can see who it is. Then they can track your usage at the gas station.
Cookies can provide useful information to the site developer. You like visiting well designed websites right? Getting information that will help you streamline the site is a good reason to track those statistics.
You are being too paranoid. Get adblock, only allow cookies to be set by the originating website and use a hosts file that blocks most ad sites and then you won't have to worry about it.
Don't count your messages before they ACK.
My ability to make up fake phone numbers is almost a brainstem response. I accidentally told a mortgage officer a fake phone number once, then had to do the lame, "Uhhh, wait that's my old number" thing.
Whenever someone asks for info they don't need, lie. It's the only safe thing to do. I hit one of those surveys where they ask you for your computer password in exchange for a 5 dollar gift certificate.
They said, "We'd like to offer you a free gift certificate for coffee in exchange for your password."
And I said, "What a coincidence, my password is 'Il1k3fr33c0ff33'." I'm not sure they got it, but I got my fr33 c0ff33.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
I am a developer of site analytics software, and I make major decisions on the featureset and development, so I think I'm qualified to speak from this side of things.
Most of the discussion I'm seeing is "let those dirty marketing bastards choke on this!" As if the sole purpose for using cookies is malicious and couldn't actually be beneficial to both sides.
First off, if you really believe large coorporations are analyzing each of the individual millions of visitors they get each day to try to identify them personally, wringing their hands and laughing manicly in backrooms as they discuss all the ways to scam money out of you, you are a true paranoid and should seek counseling immediately. You would have to hire an entire staff who's sole purpose was to attempt to make personal connections between hundreds, thousands, even millions of tracked data and the real person, which is usually impossible, unless that visitor has registered with personal information to the site anyway, in which case the visitor obviously feels comfortable enough to let the company know who they are in the first place, and it doesn't really do that company any good to go through their specific records to see everything they did on the site... there's no benefit I can identify with doing that! It'd be EXTREMELY time consuming and probably wouldn't be effective.
In cases with large coorporations it's impossible to find a valid reason to sift through each and every visitor to see what they did and how they could be exploited... utter rubbish! That data is used for looking at visitor trends IN GENERAL, to figure out what problems the site or campaign may have to make them better. This results in a better site UI so that people can find what they're looking for quickly and easily, as well as a better all around experience for the visitor (and MAYBE even lower prices). The data can be analysed for a product page, for example, to see how many people are browsing it and following through to purchase, and how many people are leaving. This could be an indication of the product's popularity vs the purchase ratio which could signify that the price needs to be lowered or that there is a UI problem with checkout.
I don't know about you, but I purposefully leave my cookies turned on because I believe that in general they IMPROVE the web, not worsen it. There are ALWAYS going to be people trying to exploit everything technological, but they are the rare not the norm. By the same logic most of you are following, we should get rid of computers in general because people are using them for identity theft, fraud, and exploitation in general. Does that make sense?!
Makes me mad when I see the posts by paranoid masses that follow this line of logic because it's just not well thought out. And I really don't like stupid people.
Alright, fine. Some types of cookies can be easily exploited, but there is one type of cookie that you DON'T want to turn off (and don't want people in general to turn off), and that is the session cookie.
All this 'anti cookie' propaganda is really getting out of hand. Session cookies are a great way to securely identify a series of otherwise unrelated requests as belonging to the same session. By turning off cookies one is also disabling this very valuable feature.
"But it doesn't matter" you say, because web sites can use URL rewriting instead. Well, think about it:
* If URL rewriting is used, exactly how is this better, from a privacy stand-point, than a session cookie? The exact same information is propagated, so nothing is gained in terms of privacy. In addition, the "evil" people whom everybody is presumably trying to prevent from tracking a user's session can also use this technique.
* On the issue of security and technical convenience however, you are making it worse. URL rewriting is inherently less secure in the fact of 'accidents' such as paste:ing a link (which the average joe won't understand contains sensitive information) to a work collegue sitting behind the same NAT:ing gateway. And how about referrer URL:s making it into web server logs? (There is no guarantee that the session identifier is encoded such that a security conscious browser can spot it, and refrain from sending it as part of a referrer URL to another web server.)
Overall, session cookies are vastly superior to URL rewriting in a number of different situations. But this overzealous anti-cookie paranoia is forcing people to use URL rewriting *anyway*. In tryng to increase privacy, it has actually been lessend - along with security!
Just to give one example of how the ACP (anti cookie paranoia) can interact with web pages: I was recently involved in a situation where some browsers would disable cookies (even session cookies) for requests that were made as part of an IFRAME on a page hosted on another domain (presumably for privacy concerns). This resulted in, for practical purposes, a total inability to use cookies on that site. URL rewriting is now used instead, to a detriment of security and privacy.
/ Peter Schuller
--
peter.schuller@infidyne.com
http://www.scode.org
I should clarify the example at the end: I am absolutely not saying that cookies should cross domain borders; the set of cookies for the 'parent site' and the 'child site' would remain orthogonal - but not *DISABLED*.
/ Peter Schuller
--
peter.schuller@infidyne.com
http://www.scode.org
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
EPIC has a page on "Flash Cookies" online at http://epic.org/privacy/cookies/flash.html
It argues that the direct marketing company is overstating the capabilities of the Flash Cookie.