Slashdot Mirror
Net Marketers Worried as Cookies Lose Effectiveness
Saint Aardvark writes "The Globe and Mail reports that Internet
marketers are worried about the decreasing persistence of cookies.
Almost 40% of surfers delete them on a monthly basis, says
Jupiter Research -- a fact one marketers attributes to incorrect associations with spyware and privacy
invasion. United
Virtualities' Flash-based tracking system is mentioned as a possible
substitute...though they don't mention the Firefox plugin that removes
them, or talk in any meaningful way about why people
might want cookies gone. Still, the article is a good overview of
life from the marketer's perspective."
Going to play the devil's advocate here, because I know how most of the rest of you feel:
.com a few years ago. I created a custom metrics program that intergrated into into our (also custom) ecommerce application. To track users, I gave them a single, persistant cookie that contained only a GUID. I used this information to determine our converstion ratio (number of visitors to buyers), figure out the top paths through the site, determine percentage of traffic that was return visitors, etc.
I used to be the web architect for a
All this stuff was entirely anonymous unless they purchased something from us. But, even then their site history was really only incidently linked to their contact info because we never correlated the data together. Why would I? Knowing that "John Smith" visited our site 3 times a week isn't really any more insightful that knowing that "User #5233258" visited us 3 times a week. The data was only useful in aggregate. For example, knowing that the last page 20% of people visited was our contact page, yet only 10% of those people actually submitted the form would make me reevaluate that page. Maybe the contact form wasn't very user friendly? So, I'd tweak it and then recompare the metrics.
The whole point of my tracking was to better serve our visitors and eventual customers. I wanted to make it easier for them to do what they came to our site to do. Or it would help us target our advertising for effectively. If a lot of people clicking through from a banner ad we had on Site A tended to buy Widget B, we'd decide to modify the banner ad to specifically highlight Widget B. Maybe my attitude is different than most, but I can't be unique. I never looked down upon our visitors, feeling that I was hearding cattle together to be slaughtered, or at least ripped off. Quite the opposite. These visitors wanted to be on my site, elsewise they wouldn't have dropped by. It felt pretty cool that so many people were coming to a site that I was responsible for managing. These people were supplying my paycheck and I had to make sure that they preffered our site to our competitors'. If a lot of visitors deleted that single cookie I used, that made that job much more difficult.
Does that still make me evil?
Entrepreneur : (noun), French for "unemployed"
Maybe now marketing companies will try to discover new ways of generating usage statistics beyond catching, tagging, releasing, and tracking innocent internet users via cookies. This could be an excellent opportunity for innovation in the space resulting in better privacy and better statistics.
If someone has money, you have no privacy.
Its a mircale that marketing firms are not claiming to 'own' the cookies and sue you if you delete them for destruction of property.
Hrm? They track you through the cookies, yet comparisons to "spyware" are unjustified?
I blame the Atkins craze for the sudden diminishing of cookies. On a side note, as a general rule, I'm pretty happy with any behavior that makes marketer's lives more difficult. Just one of those rules of thumb.
If brevity is the soul of wit, then how does one explain Twitter?
I don't delete 'em. I log in to various sites that use them (that I want to use them), then I close the browser and then make the cookies.txt file read-only (chmod or chattr, or attrib). Get the benefit for sites I want the customizations on, don't get the tracking
Don't blame me, I voted for Kodos
only incidently linked to their contact info because we never correlated the data together ...
Does that still make me evil?
Yep.
If you have the *ability* to do it, then somebody in your organization eventually will decide that it sounds like a good idea.
This is why all my browsing is cookie-free (or rather, cookies being allowed on a whitelist basis and everything else removed on browser shutdown). I don't want you to have that ability to track what I do on your site for very long. Regardless of whether you use that ability or not, I don't trust you to behave properly with that information. Why should I? I don't know you.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Seems like there was some lobbying effort once upon a time to make them the company's property. Obviously it did not get anywhere. Or maybe I'm dreaming, but I could swear I remember something along these lines in the past...
Flash-based tracking system is mentioned
It doesn't seem to have dawned on marketers that many, many people already associate Flash with "annoying advertising", "high CPU usage for nothing" and "general nuisance", and that it is disabled in many browsers as a consequence.
Speaking for myself, Flash is disabled. When I need it occasionally (that is, when I happen to want to play this about once a year), I re-enable it. But otherwise, I've yet to see a website sporting Flash that doesn't use it for useless eye-candy or advertising.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Cookies were intended to allow sites to serve users by providing a convenient method of preserving client-side state.
They're intended to do legitimate things like let a site remember who you are so you don't need to log in every time you visit it, or assign a transaction code to make it easy for things like shopping carts to work... and prevent you from double-ordering if you click the "Order" button twice.
They were never intended for the purposes to which marketers have misappropriated them.
It's just another example of information being ostensibly collected for a purpose the user approves of, and then being secretly used for purposes the user is unaware of and might not approve of, and it justifiably makes people angry.
"How to Do Nothing," kids activities, back in print!
Go Go Gadget Firefox!!!
Just another crappy blog
People can complain all they want, but cookies are necessary to make surfing experiences less problematic.
Oh yeah? I have my Mozilla configured to ask me, if a site wants to install a cookie, whether I want to let it or not. Usually, I just click DENY more or less automatically. Once in a while though, I do that and a realize the site doesn't work without cookies so I go and explicitely re-enable cookies for it.
How often does that happen? I'd say about 10 times this year, no more. And I can tell you, I click on the DENY button about 50 times per day, because just about every website owner and his dog wants to set cookies.
So, "cookies are necessary" my hiney. I don't buy that...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
How many visitors are on an old dial up connection or connecting via proxy? I.P. numbers simply aren't a reliable way of providing usage statistics.
Every once in awhile I like to toy with the cookies. I'll edit their content - flip some bytes, add lots of corrupt text, delete sections. Occasionally, I'll flip all the cookies to "Read Only". Its fun to see a site occasionally puke from bogus cookie data.
The only PT Boat Journal on the web: http://www.PT171.org
Why should I? I don't know you
Do you know your bank? I mean apart from the front-end office that takes your money?
Do you know VISA, AMEX, Mastercard or whatever credit card you use?
If you have the *ability* to do it, then somebody in your organization eventually will decide that it sounds like a good idea.
And this is paranoia on crack... it assumes that people will ALWAYS do the wrong thing and will ALWAYS try and screw you about, and that customer profiling NEVER results in a better service.
Feel happy in your paranoia, me I just assess risk on a site by site, and business by business basis.
An Eye for an Eye will make the whole world blind - Gandhi
I'm sure that you're not suggesting that you buy things from websites that you dont trust....
Why not? Buying things online means, at worst, giving out info from a credit card. If they prove untrustworthy, then I call up the credit card company and reverse the charge. Trust does not have to be involved to engage in a purchase. You buy from people you don't any basis of trust for all the time.
However, WTF would he need to know I came back to his site later? WTF would he need to know that I visited his site several times over a period of a week and eventually purchased something? Why would he need to know what products I looked at each of those times I visited? That information could be used to build up information about me that I might not want him to have. He doesn't have need for that information, and since I don't trust him, I should attempt to deny him the ability to collect that information.
Furthermore, if he's a marketer, he can place his ads on several sites and track me via cookies from site to site. He can see what sites I frequent, he can see my reading habits... once I buy something from a site, he can track that and correlate all this to my identity.
I'm not paranoid, because I don't think anybody is actually doing this sort of thing at the moment. However, the capability is there. I remove cookies to make this sort of thing that much harder to accomplish. Not because I think they are doing it, but because the potential is there for them to do it.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
"That cookie shit makes me nervous."
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
...just ask sessions. I think there needs to be a term defining the difference between reality and the responses on Slashdot. Of course computer nerds are going to be up in arms about using cookies to track info, the rest of the planet, however, is wondering why a computer site has an article referring to baked goods.
I hear many people complaining about EVIL marketers. Most marketing companies are rather decent people trying to find you the customer who wants their product. A VERY small % of marketing companies are shady info-whoring bastards. Targetted marking is a rather nice thing as far as I am concerned. When offered to provide interests, and the resulting ads, I find myself visiting the link. WHAT I HATE is misdirected market, you know assholes that call you about new siding on your house when you live in an apartment, or my favorite (being a married old fart) getting ads for tapons and crap like that (because the wife occassionally does some surfing under my ID).
It's too bad a small group, as usual, ruins it for the majority.
-=[ Who Is John Galt? ]=-
I went to a clothing store a few years ago to buy a present for the wife. I handed the cashier cash for the items, then had the following conversation -
... ... ...
Cashier: May I have your phone number?
Me: No.
Cashier: It's only for customer satisfaction purposes
Me: What part of "no" was ambiguous?
Cashier: We need your phone number to improve customer service
Me: Get your manager over here right now so I can explain why you're losing this sale, and all future sales
Cashier: {types in store phone number}
I get amazingly cheesed when businesses fail to respect my privacy (whether I have a "right" to privacy is a whole separate rant.)
And depending on how they're assigned, they may well know your actual address as well, just from the number.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
They abused phone calls, and that brought about the national Do Not Call list.
They abused TV commercials, and that brought about "commercial skip" VCRs and TiVo.
They abused pop-ups, and that brought about pop-up blockers.
They abused Flash to make more attention-getting (read: obnoxious) banner ads, and that brought about Flashblock.
They abused cookies, now people obsessively delete them if they allow them to be created at all.
Am I the only one who sees a pattern here?
~Philly
I keep 3rd party cookies blocked... that keeps everything nice and clean.
For the layman, the way these tracking cookies work is when you're visiting site A, site A has a banner from site Z. If you have 3rd party cookies enabled, not only can site A set a cookie to your harddrive, so can site Z. Now, you go to site B which also uses site Z's ads... and site Z can see you were also at site A. Block 3rd party cookies however, and you cant get a cookie from site Z unless you actually VISIT site Z.
Disabling 3rd party cookies lets you keep their useful functions (login information at ebay, etc) and restrict the illegitimate ones (tracking my useage).
Mike Healan from Spywareinfo.com has a good article about cookies and their spyware-esque function here: http://www.spywareinfo.net/july20,2005#cookies
To err is human, to really foul up requires a computer
Wanna buy it?
If brevity is the soul of wit, then how does one explain Twitter?
If they know their customers a little better...
:P
But they don't know me. They will never know me.
"Knowing me" means knowing my name, shaking hands, asking me about things we've discussed in the past. That's being friends with somebody. That's knowing them. That's what your idea of the "clerk who recognizes your face" is about, no? The little guy running the corner market, sort of thing.
Some dude running a website on the opposite side of the country will never know me. At best, he'll know what I've bought from him and other website owners that he shares information with or advertises with. Knowing what I buy doesn't mean he "knows me". It means he's treating me as an impersonal entity to be exploited, somebody to attempt to get more money from. It doesn't mean he's treating me as a fellow human being deserving of respect and friendship.
No, fuck that, I'll remain a stranger to that guy across the country running a website, and I'll know the guy who sells me my fresh fruit down on the corner market, and I'm quite comfortable with that and don't see it as a conflict whatsoever.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Too bad if the marketers don't like that people delete cookies.
Companies like doubleclick and the ones who seem to only serve up annoying advertising have no expectation that I will a) accept their cookie (if you're not the site I'm visiting, why do you get a cookie?) or b) even if I did accept their cookie, that I would keep it.
The real world would be tagging your clients. Someone comes in to browse, you snap an ear collar on him. You walk into another store, someone wants to stamp the back of your hand indicating that you've shopped there.
I had a person at my door asking if I'd received my flyers -- when I told her than if I had I'd tossed them in the bin, she wanted my name and phone number. What part of I'm not interested in your flyer, and you don't need my contact info to respond to this?
I wouldn't accept K-Mart putting a radio tracking collar on me, WTF do on-line marketers think they're any different?
Lost at C:>. Found at C.
is a rider on the next Iraq spending bill that makes deleting cookies and blocking popups illegal.
Should web marketers really be surprised that constantly tagging people and most of the time and giving them no benefit at all makes them nervous? What if you had your hand stamped with invisible ink every time you went into a store, and received nothing for it? How many people would want to allow that?
The thing is that these marketers want something for nothing. I enable the "ask for each cookie" option in mozilla, and generally click "allow for session" on 99% of most sites because they offer me NOTHING in return for tagging me. On sites like Amazon.com I can add things to my wish list without logging in, or on slashdot I can login without typing in passwords. Tvguide.com will show me my local listings, cool. I've gotten a benefit from the site knowing who I am, so I'm much more likely to allow them to know that.
Most sites that hand out cookies give you nothing for identifying you. Why should I give them somthing they want for nothing? I certainly don't trust the average marketer to not do skeevy things like targeted pricing (looks like I visit bmw.com a lot.. I must be rich. Raise my prices by 10%).
AccountKiller
A client/server system without persistent client state is unuseably crippled. Cookies are a simple way to get that. If users are flushing them once a month, but need not, they must be balancing the convenience of persistence with their perceived "privacy". If just the marketers are complaining, I don't care. When the engineers complain that no persistent client state is crippling our apps, then I care.
Marketers could stop complaining, and fund better UIs that decrease the false perception that cookies are bad. Their stealth makes them sinister, and their unmanageability makes people throw out the benign majority with the tiny malign minority. But only a generation of marketdroids could taint the deep-seated pleasant associations with "cookies" into fear of deadly poison. If they rechanelled their complaints into better UIs, they'd be "engineers", not marketdroids. So they're doomed. If only they were as doomed as the cookies they mourn.
--
make install -not war
And how exactly did this happen. I have not deleted my cookies for a couple YEARS since I last reloaded my computers, and have yet to have a single problem with stolen passwords or any of these other problems that evil cookies are supposedly causing.
There is the possibility that a large enough group of companies collaborating could use the information to link purchases and browsing habits together. But I really don't care. They want to try to personalize my ads, that's fine too. Why? Because it's a free lunch. They think they're convincing me to buy stuff, when in fact I don't give a fuck. As long as the illusion is maintained, I'm happy to let them think they're learning valuable information about me. If this avenue is cut off to advertisers, either the free lunch will end or something more insidious will take its place.
Most companies only care about using cookies to keep track of visitors to their site anyway, and this can be useful to improve the site. A site that uses tracking information to see what other sites you visit (which is difficult without having their ads directly on other sites, which usually isn't the case because someone else usually hosts the images) and sells your email address is probably not one you want to continue purchasing from.
"No one likes working in a hamster wheel, and your shop smells of cedar shavings from here." - TaleSpinner
agreed. Best Buy has been doing this for some time. The clerk said she had to have my phone number and I said that she didn't. Turned out she was wrong and I was right. Still left the store without purchasing.....oh shit!
Duh!!! She was asking for my phone number!!!
**Idiot**
Gotta get back to Best Buy.
Later
I went to his competitor up the street, bought the same printer. I told the story to the store manager there, who had a nice laugh and was happy to get my money.
Here's how I handle it:
Cashier: May I have your phone number?
Me: Sure! It's $(friend's ex-wife's phone number), and I'll love to hear more about other promotions you may have in the future.
Dewey, what part of this looks like authorities should be involved?
My ability to make up fake phone numbers is almost a brainstem response. I accidentally told a mortgage officer a fake phone number once, then had to do the lame, "Uhhh, wait that's my old number" thing.
Whenever someone asks for info they don't need, lie. It's the only safe thing to do. I hit one of those surveys where they ask you for your computer password in exchange for a 5 dollar gift certificate.
They said, "We'd like to offer you a free gift certificate for coffee in exchange for your password."
And I said, "What a coincidence, my password is 'Il1k3fr33c0ff33'." I'm not sure they got it, but I got my fr33 c0ff33.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Maybe if advertisers would stop setting ridiculous expiration dates. The thought that advertisers think they can have a small peice of my hard drive until 2069 sickens me.
Mozilla (and firefox) makes it easy, set network.cookie.lifetimePolicy to 3 and then set network.cookie.lifetime.days to the maximum number of days a cookie can stay.
I have mine set to 2, if I visit a site and don't come back within 2 days, I think it's safe I won't miss anything by having them remember me.
I use cookies for session management and tracking usage in a site.
Spyware abuse generally occurs when a big company (doubleclick, valueclick, etc) want to track your usage between sites. The spyware fears generally arise with third party cookies.
These cookies generally come attached to images. For example the image ad on top of this slashdot page might access cookies that get used to build a profile of my slashdot usage.
Preventing spyware is a matter of blocking third party cookies.
Personally, I can't see any real reason why images (the IMG tag) should be allowed to set cookies.
When the main page sets a cookie, it is almost always to provide service to the end user. When an image sets a cookie, it is almost always so marketers can build profiles. My ideal browser would not allow third party cookies nor would it allow cookies to be set by img tags.
I have often wondered why there isn't a push for browsers to support real grown up session tracking that is properly user configurable. Session tracking is something that has to be done so frequently I'm amazed someone has come up with a better solution.
At it's simplest session tracking could be implimented as a cookie that contains a fragment of XML (or maybe just formatted text if you're alergic to XML) which gives various pieces of information identifying the site.
To ensure that it's all above board make sure that the session identifier is digitally signed. By default the browser would be set to accept session requests (as happens now) but could query a repository of "abusers" and block certain sessions (much like email black lists only more effective because it's digitially signed).
Since this system only does one little thing it should be easy to implement and you could probably turn off other cookies.
Anyway just thought you might like to kick that idea about a bit and see how it fits.
I used to have a better sig but it broke.
Why do you have your friend's ex-wife's number? Or maybe that's why she's his ex-wife.
Error 404 - Sig Not Found
Found it on the bathroom wall. It's common knowledge in these parts.
Dewey, what part of this looks like authorities should be involved?
If you don't want to be monitored in a store, you have no recourse but to not go there.
The same goes for the website you visit.
It's not a privilege to collect your data, it's a necessary part of sending you the information you've requested. Your HTTP request contains plenty of valuable data that you claim infringes on your privacy. Though I'm a privacy nut myself, I think your complaints go too far.
You can either accept the logging/tracking/analysis or you can stop using the web. It's pretty simple.
It wouldn't be so bad.
In theory, having cookies to track where you go and what you do is a good thing. It allows marketers to target ads at you for stuff you are actually interested in. If they actually did that.
Unfortunately, they don't. They use it to bombard you with constant, endless ads for "related stuff", to the point where you can't actually see the content on the web page you want to read.
Or they decide that looking at Corvette pictures means you think your penis is too small, and therefore "natural male enhancement" is a "related product."
To hell with 'em all.
Alright, fine. Some types of cookies can be easily exploited, but there is one type of cookie that you DON'T want to turn off (and don't want people in general to turn off), and that is the session cookie.
All this 'anti cookie' propaganda is really getting out of hand. Session cookies are a great way to securely identify a series of otherwise unrelated requests as belonging to the same session. By turning off cookies one is also disabling this very valuable feature.
"But it doesn't matter" you say, because web sites can use URL rewriting instead. Well, think about it:
* If URL rewriting is used, exactly how is this better, from a privacy stand-point, than a session cookie? The exact same information is propagated, so nothing is gained in terms of privacy. In addition, the "evil" people whom everybody is presumably trying to prevent from tracking a user's session can also use this technique.
* On the issue of security and technical convenience however, you are making it worse. URL rewriting is inherently less secure in the fact of 'accidents' such as paste:ing a link (which the average joe won't understand contains sensitive information) to a work collegue sitting behind the same NAT:ing gateway. And how about referrer URL:s making it into web server logs? (There is no guarantee that the session identifier is encoded such that a security conscious browser can spot it, and refrain from sending it as part of a referrer URL to another web server.)
Overall, session cookies are vastly superior to URL rewriting in a number of different situations. But this overzealous anti-cookie paranoia is forcing people to use URL rewriting *anyway*. In tryng to increase privacy, it has actually been lessend - along with security!
Just to give one example of how the ACP (anti cookie paranoia) can interact with web pages: I was recently involved in a situation where some browsers would disable cookies (even session cookies) for requests that were made as part of an IFRAME on a page hosted on another domain (presumably for privacy concerns). This resulted in, for practical purposes, a total inability to use cookies on that site. URL rewriting is now used instead, to a detriment of security and privacy.
/ Peter Schuller
--
peter.schuller@infidyne.com
http://www.scode.org
I should clarify the example at the end: I am absolutely not saying that cookies should cross domain borders; the set of cookies for the 'parent site' and the 'child site' would remain orthogonal - but not *DISABLED*.
/ Peter Schuller
--
peter.schuller@infidyne.com
http://www.scode.org
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
However, PLEASE try and remember something. The people you talk to and buy things from are not the store owners. In fact, they're lucky if they've ever even met the franchise owner of the store, let alone the owner of the company.
You are taking out your annoyance on someone who has: a) No real interest whatsoever in whether or not you buy X piece of crap (unless they get commissions on sales) and b) No control over the policy, the system, and in most cases, the cash register either. They might be able to get around it (as the clerk did in the OP's post), but that's not the point
The point I'm making here is this: don't get pissed at some clerk or manager at a chain store for following store policy, or expect them to change it for you, even if it's a dumb policy.
I've worked at department stores and grocery stores, etc - it sucks. And you know what? The only people I ever really disliked when I worked any retail job were the people who thought it was MY store and MY decision to harass them for a phone number/address, whatever. These are the people that expect you to break the rules for them (c'mon, you can just give me the discount, I forgot my coupons), then treat you like shit when you follow the rules of the company that puts the paycheck in your hand at the end of the week.
It was store policy to ask for a phone number, the register prompted for it, and we're supposed to ask. If we got shopped by a "secret shopper" or a manager caught us ignoring it, that's our ass, not the customer's. On behalf of all past, present and future retail employees: We don't care what your personal information is. We care about our paycheck and about following the rules of the job.
I agree that it should only take one polite refusal to avoid having to give out your information. Just keep in mind that the manager may have to give approval, and in the larger chains, even the manager may not have the power to negate store policy. Either way, the bottom line is even if the manager has the ability to counteract the policy, they don't care. The manager at Best Buy is not sitting at home in a deep depression because you bought your printer at Circuit City instead.
Like it or not, the cashier represents the store during the sale. During my experience at the store, I probably have the most "face time" with the cashier, and checking out ends up being the part of the sale that tends to stick in my mind. I want it to be pleasant and hassle free.
Asking for personal information will get you a polite but terse "no." I have no intention of justifying my response to you or anyone else. Pressing the matter restults in me getting annoyed. Pressing *again* puts you in risk of losing the sale, and yes, I'm going to tell the manager why. I recognize that the cashier doesn't set the store policy. I don't think I've ever yelled at a cashier for that very reason. However, unless the store management hears about the cheesed customers and the lost sales, the store policy won't change.
I vote with my wallet and my feet. Yelling and screaming just gets you written-off as a whackjob. Telling the manager why you're taking your business elsewhere, and then doing so, punishes the crummy vendor and rewards the competitor who doesn't have the crappy policy.
Unfortunately, that has the same problem as I was discussing in my original post - the store manager doesn't care either, in most cases. The store manager in a major chain gets paid a few dollars more an hour than the cashier, has a lot more rules and some more resonsibilities, maybe even a set of 'manager keys'.
What he STILL doesn't have, is a stake in the business. If you leave and go elsewhere to make a purchase, so what? Yeah, it loses the store money, but as a store/shift/dept manager, he'll still get paid, and the odds are extremely slim that it will affect him in any meaningful way.
I'm not saying it's totally pointless, but don't kid yourself into thinking you're putting the hurt on the store and they're going to feel bad about it.