Slashdot Mirror
Net Marketers Worried as Cookies Lose Effectiveness
Saint Aardvark writes "The Globe and Mail reports that Internet
marketers are worried about the decreasing persistence of cookies.
Almost 40% of surfers delete them on a monthly basis, says
Jupiter Research -- a fact one marketers attributes to incorrect associations with spyware and privacy
invasion. United
Virtualities' Flash-based tracking system is mentioned as a possible
substitute...though they don't mention the Firefox plugin that removes
them, or talk in any meaningful way about why people
might want cookies gone. Still, the article is a good overview of
life from the marketer's perspective."
If someone has money, you have no privacy.
Its a mircale that marketing firms are not claiming to 'own' the cookies and sue you if you delete them for destruction of property.
Since the marketeers want to use their cookies to spy on me, I'm not sure what's incorrect about those associations...
Hrm? They track you through the cookies, yet comparisons to "spyware" are unjustified?
Cookies are fine for storing login information. If a user wants to keep a persistent cookie to make their visits to my site easier they are free to click the box. If they only want a session ID then they can login, use the site, and leave w/o a cookie.
Why do companies think that it is important to not tell a user up front that they are going to get a cookie w/o logging in?
Yeah, they might have been paying your wages and you were just doing your job but I don't see how aggregating statistics need to be done via cookies. Can't you do it through your logs?
I think you make some really interesting points. From one aspect, you are tracking users by depositing information on their computer. While you claim this information could not be used to identify them elsewhere, it's certainly a concern with less careful web developers at the cookie helm. At the same time, you make an interesting point about how a store owner may want to track how their users use their site, what brings them there, and what they look for. If you think of a real store, the owner would certainly be able to do this easily by simply watching the customers (many do, many even ask if you want help to see what it is that you're looking for). Really, without some tracking mechanism like this, web shops would have to depend entirely on user feedback to determine how easily their customers are finding products on their sites, and how many visitors turn into buyers. I think both of these pieces of information can be quite critical to obtaining success.
only incidently linked to their contact info because we never correlated the data together ...
Does that still make me evil?
Yep.
If you have the *ability* to do it, then somebody in your organization eventually will decide that it sounds like a good idea.
This is why all my browsing is cookie-free (or rather, cookies being allowed on a whitelist basis and everything else removed on browser shutdown). I don't want you to have that ability to track what I do on your site for very long. Regardless of whether you use that ability or not, I don't trust you to behave properly with that information. Why should I? I don't know you.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Flash-based tracking system is mentioned
It doesn't seem to have dawned on marketers that many, many people already associate Flash with "annoying advertising", "high CPU usage for nothing" and "general nuisance", and that it is disabled in many browsers as a consequence.
Speaking for myself, Flash is disabled. When I need it occasionally (that is, when I happen to want to play this about once a year), I re-enable it. But otherwise, I've yet to see a website sporting Flash that doesn't use it for useless eye-candy or advertising.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Go Go Gadget Firefox!!!
Just another crappy blog
No it doesn't. I'm gonna jump right in and reply because like the rest of us that have written CGI we have to face the problem of session tracking. When your business requires that the customer give you a lot of information you cant upset them by asking them the same stuff every time they use the site. Some kind of tracking ouside the session is very desirable, nay essential for certain website ideas to work at all without logging in.
The problem is that we let marketeers get their hands on this technology. Who was the bright spark that told some PHB you could track customers habits and browsing patterns with cookies. Control freaks cant help themselves, cookies have been abused and now we lose them as a tool for serious problem solving. Whatever the replacement, as long as marketeering Golgafrinchans get their mits on it then it will be abused to achieve unsavoury aims and people will disable it. There is no technological problem here, only one of human nature and the lesson of not giving access to powerful technologies to idiots.
Why should I? I don't know you
Do you know your bank? I mean apart from the front-end office that takes your money?
Do you know VISA, AMEX, Mastercard or whatever credit card you use?
If you have the *ability* to do it, then somebody in your organization eventually will decide that it sounds like a good idea.
And this is paranoia on crack... it assumes that people will ALWAYS do the wrong thing and will ALWAYS try and screw you about, and that customer profiling NEVER results in a better service.
Feel happy in your paranoia, me I just assess risk on a site by site, and business by business basis.
An Eye for an Eye will make the whole world blind - Gandhi
I'm sure that you're not suggesting that you buy things from websites that you dont trust....
Why not? Buying things online means, at worst, giving out info from a credit card. If they prove untrustworthy, then I call up the credit card company and reverse the charge. Trust does not have to be involved to engage in a purchase. You buy from people you don't any basis of trust for all the time.
However, WTF would he need to know I came back to his site later? WTF would he need to know that I visited his site several times over a period of a week and eventually purchased something? Why would he need to know what products I looked at each of those times I visited? That information could be used to build up information about me that I might not want him to have. He doesn't have need for that information, and since I don't trust him, I should attempt to deny him the ability to collect that information.
Furthermore, if he's a marketer, he can place his ads on several sites and track me via cookies from site to site. He can see what sites I frequent, he can see my reading habits... once I buy something from a site, he can track that and correlate all this to my identity.
I'm not paranoid, because I don't think anybody is actually doing this sort of thing at the moment. However, the capability is there. I remove cookies to make this sort of thing that much harder to accomplish. Not because I think they are doing it, but because the potential is there for them to do it.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Some cookies are reasonable to accept because they actually do help keep track of client-side status during a website visit. Or even repeated visits. A cookie which persists more than a few months or even a few weeks probably outlives any utility as a status tool. Why, then, do websites continue to try to get me to accept cookies which have five or ten or even thiry year lifespans? I automatically reject cookies which are set to live longer than I probably will.
I hear many people complaining about EVIL marketers. Most marketing companies are rather decent people trying to find you the customer who wants their product. A VERY small % of marketing companies are shady info-whoring bastards. Targetted marking is a rather nice thing as far as I am concerned. When offered to provide interests, and the resulting ads, I find myself visiting the link. WHAT I HATE is misdirected market, you know assholes that call you about new siding on your house when you live in an apartment, or my favorite (being a married old fart) getting ads for tapons and crap like that (because the wife occassionally does some surfing under my ID).
It's too bad a small group, as usual, ruins it for the majority.
-=[ Who Is John Galt? ]=-
Ok, you're obviously running a site that is not insignificant if you have an eCommerce application, GUID numbers and tracking individuals as they visit different pages. There are other ways to do this outside of cookies that gather non-aggregated data without putting anything on the user's machine.
The simplest example I can think of is one Java based web application I was one of the deveopers for. We had to deal with secure logins, we had eCommerce and a variety of other things that are mostly irrelevant. But the big thing was intercepting more than one person attempting to login with the same id, as well as session timeouts. This was further complicated by the fact that we had certain pages that users were expected to go to, and spend 10-20 minutes reading without generating another page hit.
So what we ended up doing was correlating IP addresses, user ids and page identifiers along with timestamps to track a user through the site by way of session level Java Beans and validate if a user had timed out, if it was the same one attempting to log back in after exiting their browser in a way that didn't terminate a session, or another IP attempting to log in to a busy account.
This info was stored on the server side, and from it we could assemble user flow and page use statistics without ever using a cookie or piece of Javascript.
And before anyone says anything, yes we did have strict privacy policies and agreements in place with our clients since access to the application had to be purchased in the first place.
This is not a sig.
Web proxies and NAT
I would bet 50% or more of the current web traffic is aggregated behind those 2 items. Makes IP based tracking useless.
Telcos have alot of dark fibre in the States. Most people assume that's optical fibre...but it's actually moral fibre.
They abused phone calls, and that brought about the national Do Not Call list.
They abused TV commercials, and that brought about "commercial skip" VCRs and TiVo.
They abused pop-ups, and that brought about pop-up blockers.
They abused Flash to make more attention-getting (read: obnoxious) banner ads, and that brought about Flashblock.
They abused cookies, now people obsessively delete them if they allow them to be created at all.
Am I the only one who sees a pattern here?
~Philly
If they know their customers a little better...
:P
But they don't know me. They will never know me.
"Knowing me" means knowing my name, shaking hands, asking me about things we've discussed in the past. That's being friends with somebody. That's knowing them. That's what your idea of the "clerk who recognizes your face" is about, no? The little guy running the corner market, sort of thing.
Some dude running a website on the opposite side of the country will never know me. At best, he'll know what I've bought from him and other website owners that he shares information with or advertises with. Knowing what I buy doesn't mean he "knows me". It means he's treating me as an impersonal entity to be exploited, somebody to attempt to get more money from. It doesn't mean he's treating me as a fellow human being deserving of respect and friendship.
No, fuck that, I'll remain a stranger to that guy across the country running a website, and I'll know the guy who sells me my fresh fruit down on the corner market, and I'm quite comfortable with that and don't see it as a conflict whatsoever.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Nope. Thanks to the prevalence of proxies, log data should be considered nearly useless.
Check out my sci-fi/humor trilogy at PatriotsBooks.
If the cookie contains a GUID to identify you, what difference does it make if the GUID is read only? Answer: it doesn't make any difference.
Too bad if the marketers don't like that people delete cookies.
Companies like doubleclick and the ones who seem to only serve up annoying advertising have no expectation that I will a) accept their cookie (if you're not the site I'm visiting, why do you get a cookie?) or b) even if I did accept their cookie, that I would keep it.
The real world would be tagging your clients. Someone comes in to browse, you snap an ear collar on him. You walk into another store, someone wants to stamp the back of your hand indicating that you've shopped there.
I had a person at my door asking if I'd received my flyers -- when I told her than if I had I'd tossed them in the bin, she wanted my name and phone number. What part of I'm not interested in your flyer, and you don't need my contact info to respond to this?
I wouldn't accept K-Mart putting a radio tracking collar on me, WTF do on-line marketers think they're any different?
Lost at C:>. Found at C.
If the task were possible by using logs, would that make it ok? I don't really see the distinction: Using a cookie to track a user for aggregate data is bad, but using logs to track a user for aggregate data is ok?
is a rider on the next Iraq spending bill that makes deleting cookies and blocking popups illegal.
And how exactly did this happen. I have not deleted my cookies for a couple YEARS since I last reloaded my computers, and have yet to have a single problem with stolen passwords or any of these other problems that evil cookies are supposedly causing.
There is the possibility that a large enough group of companies collaborating could use the information to link purchases and browsing habits together. But I really don't care. They want to try to personalize my ads, that's fine too. Why? Because it's a free lunch. They think they're convincing me to buy stuff, when in fact I don't give a fuck. As long as the illusion is maintained, I'm happy to let them think they're learning valuable information about me. If this avenue is cut off to advertisers, either the free lunch will end or something more insidious will take its place.
Most companies only care about using cookies to keep track of visitors to their site anyway, and this can be useful to improve the site. A site that uses tracking information to see what other sites you visit (which is difficult without having their ads directly on other sites, which usually isn't the case because someone else usually hosts the images) and sells your email address is probably not one you want to continue purchasing from.
"No one likes working in a hamster wheel, and your shop smells of cedar shavings from here." - TaleSpinner
I went to his competitor up the street, bought the same printer. I told the story to the store manager there, who had a nice laugh and was happy to get my money.
Ok, so tell your customers that: if a cookie isn't accepted, take them to a page that tells them,
Opinions on the Twiddler2 hand-held keyboard?
Few will argue that cookies serve a legitimate need for intra-site surfing. The shopping cart example above is a good one.
The real issue is the handful of companies with ads that are pervasive. I get a nice little prompt each time someone tries to set a cookie on my machine. (I do this out of curiousity, more than a privacy concern.) Doubleclick ads show up all over the place. Even worse, I see cookies being set from *.207.net from everywhere.
Try to go to www.207.net - it is a blank page. They want to track you, but they don't want you to easily see who they are. Those cookies are set by an online marketing giant Omniture.
I can block all future cookies for this 207.net domain, but they never use the same one twice. So you cannot have a blanket deny for all 207.net cookies. One site will have 398jdije.207.net - the next may be 39du39.207.net.
It is this type of deliberate obfuscation that earns my distrust.
Maybe if advertisers would stop setting ridiculous expiration dates. The thought that advertisers think they can have a small peice of my hard drive until 2069 sickens me.
Mozilla (and firefox) makes it easy, set network.cookie.lifetimePolicy to 3 and then set network.cookie.lifetime.days to the maximum number of days a cookie can stay.
I have mine set to 2, if I visit a site and don't come back within 2 days, I think it's safe I won't miss anything by having them remember me.
If you don't want to be monitored in a store, you have no recourse but to not go there.
The same goes for the website you visit.
It's not a privilege to collect your data, it's a necessary part of sending you the information you've requested. Your HTTP request contains plenty of valuable data that you claim infringes on your privacy. Though I'm a privacy nut myself, I think your complaints go too far.
You can either accept the logging/tracking/analysis or you can stop using the web. It's pretty simple.
Cookies cannot be accessed by sites that did not put them there in the first place
You'd hope that would be true, but historically that has not been the case. A google for "cookie exploits", "cookie migration" and even a browse of IE "domain" bugs shows this to be true.
The carefulness of web developers has nothing to do with anything.
Really? Some years ago I noticed that the FriendsReunited.co.uk website set a cookie after I'd logged in, along the lines of "confirmeduser=23959".
What happened if I modified the cookie? Yep, you guessed it... ability to modify somebody elses details.
As a web developer, I know that cookies are a good solution to the problem of maintaining state in a stateless medium
If the medium is stateless there is no solution. You mean "as a lazy developer, cookies work most of the time"?
As a web developer
I'm guessing you claim cookies to be "good" because your development environment/web-server is not configured to allow anything else? Why not just append a "&sessionid=[big binary data]" to all your page links? I'm guessing that, despite being a "web developer" you are not given the ability to do so
It wouldn't be so bad.
In theory, having cookies to track where you go and what you do is a good thing. It allows marketers to target ads at you for stuff you are actually interested in. If they actually did that.
Unfortunately, they don't. They use it to bombard you with constant, endless ads for "related stuff", to the point where you can't actually see the content on the web page you want to read.
Or they decide that looking at Corvette pictures means you think your penis is too small, and therefore "natural male enhancement" is a "related product."
To hell with 'em all.
However, PLEASE try and remember something. The people you talk to and buy things from are not the store owners. In fact, they're lucky if they've ever even met the franchise owner of the store, let alone the owner of the company.
You are taking out your annoyance on someone who has: a) No real interest whatsoever in whether or not you buy X piece of crap (unless they get commissions on sales) and b) No control over the policy, the system, and in most cases, the cash register either. They might be able to get around it (as the clerk did in the OP's post), but that's not the point
The point I'm making here is this: don't get pissed at some clerk or manager at a chain store for following store policy, or expect them to change it for you, even if it's a dumb policy.
I've worked at department stores and grocery stores, etc - it sucks. And you know what? The only people I ever really disliked when I worked any retail job were the people who thought it was MY store and MY decision to harass them for a phone number/address, whatever. These are the people that expect you to break the rules for them (c'mon, you can just give me the discount, I forgot my coupons), then treat you like shit when you follow the rules of the company that puts the paycheck in your hand at the end of the week.
It was store policy to ask for a phone number, the register prompted for it, and we're supposed to ask. If we got shopped by a "secret shopper" or a manager caught us ignoring it, that's our ass, not the customer's. On behalf of all past, present and future retail employees: We don't care what your personal information is. We care about our paycheck and about following the rules of the job.
I agree that it should only take one polite refusal to avoid having to give out your information. Just keep in mind that the manager may have to give approval, and in the larger chains, even the manager may not have the power to negate store policy. Either way, the bottom line is even if the manager has the ability to counteract the policy, they don't care. The manager at Best Buy is not sitting at home in a deep depression because you bought your printer at Circuit City instead.
I suppose it could even be argued that since users can't access the logs, but can access, delete etc the cookies, that the cookies are better.
http://marriedmansexlife.com/
Another example of users having to adjust to what is more convenient to the designer/programmer.
As mentioned before, there is a way to do it without cookies for what ever reason cookies are not available.