Slashdot Mirror
Net Marketers Worried as Cookies Lose Effectiveness
Saint Aardvark writes "The Globe and Mail reports that Internet
marketers are worried about the decreasing persistence of cookies.
Almost 40% of surfers delete them on a monthly basis, says
Jupiter Research -- a fact one marketers attributes to incorrect associations with spyware and privacy
invasion. United
Virtualities' Flash-based tracking system is mentioned as a possible
substitute...though they don't mention the Firefox plugin that removes
them, or talk in any meaningful way about why people
might want cookies gone. Still, the article is a good overview of
life from the marketer's perspective."
Going to play the devil's advocate here, because I know how most of the rest of you feel:
.com a few years ago. I created a custom metrics program that intergrated into into our (also custom) ecommerce application. To track users, I gave them a single, persistant cookie that contained only a GUID. I used this information to determine our converstion ratio (number of visitors to buyers), figure out the top paths through the site, determine percentage of traffic that was return visitors, etc.
I used to be the web architect for a
All this stuff was entirely anonymous unless they purchased something from us. But, even then their site history was really only incidently linked to their contact info because we never correlated the data together. Why would I? Knowing that "John Smith" visited our site 3 times a week isn't really any more insightful that knowing that "User #5233258" visited us 3 times a week. The data was only useful in aggregate. For example, knowing that the last page 20% of people visited was our contact page, yet only 10% of those people actually submitted the form would make me reevaluate that page. Maybe the contact form wasn't very user friendly? So, I'd tweak it and then recompare the metrics.
The whole point of my tracking was to better serve our visitors and eventual customers. I wanted to make it easier for them to do what they came to our site to do. Or it would help us target our advertising for effectively. If a lot of people clicking through from a banner ad we had on Site A tended to buy Widget B, we'd decide to modify the banner ad to specifically highlight Widget B. Maybe my attitude is different than most, but I can't be unique. I never looked down upon our visitors, feeling that I was hearding cattle together to be slaughtered, or at least ripped off. Quite the opposite. These visitors wanted to be on my site, elsewise they wouldn't have dropped by. It felt pretty cool that so many people were coming to a site that I was responsible for managing. These people were supplying my paycheck and I had to make sure that they preffered our site to our competitors'. If a lot of visitors deleted that single cookie I used, that made that job much more difficult.
Does that still make me evil?
Entrepreneur : (noun), French for "unemployed"
Hrm? They track you through the cookies, yet comparisons to "spyware" are unjustified?
I don't delete 'em. I log in to various sites that use them (that I want to use them), then I close the browser and then make the cookies.txt file read-only (chmod or chattr, or attrib). Get the benefit for sites I want the customizations on, don't get the tracking
Don't blame me, I voted for Kodos
only incidently linked to their contact info because we never correlated the data together ...
Does that still make me evil?
Yep.
If you have the *ability* to do it, then somebody in your organization eventually will decide that it sounds like a good idea.
This is why all my browsing is cookie-free (or rather, cookies being allowed on a whitelist basis and everything else removed on browser shutdown). I don't want you to have that ability to track what I do on your site for very long. Regardless of whether you use that ability or not, I don't trust you to behave properly with that information. Why should I? I don't know you.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Flash-based tracking system is mentioned
It doesn't seem to have dawned on marketers that many, many people already associate Flash with "annoying advertising", "high CPU usage for nothing" and "general nuisance", and that it is disabled in many browsers as a consequence.
Speaking for myself, Flash is disabled. When I need it occasionally (that is, when I happen to want to play this about once a year), I re-enable it. But otherwise, I've yet to see a website sporting Flash that doesn't use it for useless eye-candy or advertising.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Cookies were intended to allow sites to serve users by providing a convenient method of preserving client-side state.
They're intended to do legitimate things like let a site remember who you are so you don't need to log in every time you visit it, or assign a transaction code to make it easy for things like shopping carts to work... and prevent you from double-ordering if you click the "Order" button twice.
They were never intended for the purposes to which marketers have misappropriated them.
It's just another example of information being ostensibly collected for a purpose the user approves of, and then being secretly used for purposes the user is unaware of and might not approve of, and it justifiably makes people angry.
"How to Do Nothing," kids activities, back in print!
How many visitors are on an old dial up connection or connecting via proxy? I.P. numbers simply aren't a reliable way of providing usage statistics.
Every once in awhile I like to toy with the cookies. I'll edit their content - flip some bytes, add lots of corrupt text, delete sections. Occasionally, I'll flip all the cookies to "Read Only". Its fun to see a site occasionally puke from bogus cookie data.
The only PT Boat Journal on the web: http://www.PT171.org
Why should I? I don't know you
Do you know your bank? I mean apart from the front-end office that takes your money?
Do you know VISA, AMEX, Mastercard or whatever credit card you use?
If you have the *ability* to do it, then somebody in your organization eventually will decide that it sounds like a good idea.
And this is paranoia on crack... it assumes that people will ALWAYS do the wrong thing and will ALWAYS try and screw you about, and that customer profiling NEVER results in a better service.
Feel happy in your paranoia, me I just assess risk on a site by site, and business by business basis.
An Eye for an Eye will make the whole world blind - Gandhi
I hear many people complaining about EVIL marketers. Most marketing companies are rather decent people trying to find you the customer who wants their product. A VERY small % of marketing companies are shady info-whoring bastards. Targetted marking is a rather nice thing as far as I am concerned. When offered to provide interests, and the resulting ads, I find myself visiting the link. WHAT I HATE is misdirected market, you know assholes that call you about new siding on your house when you live in an apartment, or my favorite (being a married old fart) getting ads for tapons and crap like that (because the wife occassionally does some surfing under my ID).
It's too bad a small group, as usual, ruins it for the majority.
-=[ Who Is John Galt? ]=-
I went to a clothing store a few years ago to buy a present for the wife. I handed the cashier cash for the items, then had the following conversation -
... ... ...
Cashier: May I have your phone number?
Me: No.
Cashier: It's only for customer satisfaction purposes
Me: What part of "no" was ambiguous?
Cashier: We need your phone number to improve customer service
Me: Get your manager over here right now so I can explain why you're losing this sale, and all future sales
Cashier: {types in store phone number}
I get amazingly cheesed when businesses fail to respect my privacy (whether I have a "right" to privacy is a whole separate rant.)
They abused phone calls, and that brought about the national Do Not Call list.
They abused TV commercials, and that brought about "commercial skip" VCRs and TiVo.
They abused pop-ups, and that brought about pop-up blockers.
They abused Flash to make more attention-getting (read: obnoxious) banner ads, and that brought about Flashblock.
They abused cookies, now people obsessively delete them if they allow them to be created at all.
Am I the only one who sees a pattern here?
~Philly
I keep 3rd party cookies blocked... that keeps everything nice and clean.
For the layman, the way these tracking cookies work is when you're visiting site A, site A has a banner from site Z. If you have 3rd party cookies enabled, not only can site A set a cookie to your harddrive, so can site Z. Now, you go to site B which also uses site Z's ads... and site Z can see you were also at site A. Block 3rd party cookies however, and you cant get a cookie from site Z unless you actually VISIT site Z.
Disabling 3rd party cookies lets you keep their useful functions (login information at ebay, etc) and restrict the illegitimate ones (tracking my useage).
Mike Healan from Spywareinfo.com has a good article about cookies and their spyware-esque function here: http://www.spywareinfo.net/july20,2005#cookies
To err is human, to really foul up requires a computer
But ultimatly, most users would probably enjoy the massive improvments in customer expierience that could be achieved using this information.
When I go to the gas station, the attendant does not put a tracking device on the car that keeps track of everything I look at in the store and allows him to take note of whether I stop off for gas with one of his competitors.
Here's the problem: companies are impersonal. So are websites. No amount of "tracking" will make a website seem like a conversation with anohter person. If you want my opinion, ask for it. Either way, I will be deleting cookies from your website every day.
If they know their customers a little better...
:P
But they don't know me. They will never know me.
"Knowing me" means knowing my name, shaking hands, asking me about things we've discussed in the past. That's being friends with somebody. That's knowing them. That's what your idea of the "clerk who recognizes your face" is about, no? The little guy running the corner market, sort of thing.
Some dude running a website on the opposite side of the country will never know me. At best, he'll know what I've bought from him and other website owners that he shares information with or advertises with. Knowing what I buy doesn't mean he "knows me". It means he's treating me as an impersonal entity to be exploited, somebody to attempt to get more money from. It doesn't mean he's treating me as a fellow human being deserving of respect and friendship.
No, fuck that, I'll remain a stranger to that guy across the country running a website, and I'll know the guy who sells me my fresh fruit down on the corner market, and I'm quite comfortable with that and don't see it as a conflict whatsoever.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Too bad if the marketers don't like that people delete cookies.
Companies like doubleclick and the ones who seem to only serve up annoying advertising have no expectation that I will a) accept their cookie (if you're not the site I'm visiting, why do you get a cookie?) or b) even if I did accept their cookie, that I would keep it.
The real world would be tagging your clients. Someone comes in to browse, you snap an ear collar on him. You walk into another store, someone wants to stamp the back of your hand indicating that you've shopped there.
I had a person at my door asking if I'd received my flyers -- when I told her than if I had I'd tossed them in the bin, she wanted my name and phone number. What part of I'm not interested in your flyer, and you don't need my contact info to respond to this?
I wouldn't accept K-Mart putting a radio tracking collar on me, WTF do on-line marketers think they're any different?
Lost at C:>. Found at C.
A client/server system without persistent client state is unuseably crippled. Cookies are a simple way to get that. If users are flushing them once a month, but need not, they must be balancing the convenience of persistence with their perceived "privacy". If just the marketers are complaining, I don't care. When the engineers complain that no persistent client state is crippling our apps, then I care.
Marketers could stop complaining, and fund better UIs that decrease the false perception that cookies are bad. Their stealth makes them sinister, and their unmanageability makes people throw out the benign majority with the tiny malign minority. But only a generation of marketdroids could taint the deep-seated pleasant associations with "cookies" into fear of deadly poison. If they rechanelled their complaints into better UIs, they'd be "engineers", not marketdroids. So they're doomed. If only they were as doomed as the cookies they mourn.
--
make install -not war
And how exactly did this happen. I have not deleted my cookies for a couple YEARS since I last reloaded my computers, and have yet to have a single problem with stolen passwords or any of these other problems that evil cookies are supposedly causing.
There is the possibility that a large enough group of companies collaborating could use the information to link purchases and browsing habits together. But I really don't care. They want to try to personalize my ads, that's fine too. Why? Because it's a free lunch. They think they're convincing me to buy stuff, when in fact I don't give a fuck. As long as the illusion is maintained, I'm happy to let them think they're learning valuable information about me. If this avenue is cut off to advertisers, either the free lunch will end or something more insidious will take its place.
Most companies only care about using cookies to keep track of visitors to their site anyway, and this can be useful to improve the site. A site that uses tracking information to see what other sites you visit (which is difficult without having their ads directly on other sites, which usually isn't the case because someone else usually hosts the images) and sells your email address is probably not one you want to continue purchasing from.
"No one likes working in a hamster wheel, and your shop smells of cedar shavings from here." - TaleSpinner
I went to his competitor up the street, bought the same printer. I told the story to the store manager there, who had a nice laugh and was happy to get my money.
Cookies don't track which sites you go to. A cookie has a domain that it actually is assigned to. When you visit that domain, the web browser sends that cookie to the server. If I go to amazon.com and they put a cookie on my system, then the only people who can look at it is amazon.com. They can't tell that I also went to overstock.com and looked at books. And overstock can't tell that I've been to amazon.
The only time they can get this information is if a third party has an Ad, or some other content on both sites (which is what makes cookies from ad sites more dangerous).
So really, when you go to the gas station, the attendant doesn't have to put a tracking device on your car. Just record your license plate (after all, isn't that all a GUID is?) Your car always has it's license plate, and so they can see who it is. Then they can track your usage at the gas station.
Cookies can provide useful information to the site developer. You like visiting well designed websites right? Getting information that will help you streamline the site is a good reason to track those statistics.
You are being too paranoid. Get adblock, only allow cookies to be set by the originating website and use a hosts file that blocks most ad sites and then you won't have to worry about it.
Don't count your messages before they ACK.
If they know their customers a little better, they can improve their business, just as any salesman who recognized a regular customer would.
To the benefit of whom? I feel no incentive to assist in this process.
But if you feel better always being a stranger then I dont see any problem with that. A stranger to whom? To doubleclick.net? Yes please! And let us not forget the resale value of aggregated marketing data. I think I'd like to remain a stranger to a lot of people online.
But not everyone. I don't post as an AC for example. I think I can manage my own privacy thank you.
But ultimatly, most users would probably enjoy the massive improvments in customer expierience that could be achieved using this information.
"could" being the significant term. I have no confidence that this information would be utilised to improve my life. What they going to do? Give me targetted ads? Adverts that more closely match my interests? Only an adman thinks of that as a benefit.
And I've yet to hear mention of any other
Don't let THEM immanentize the Eschaton!
Cookies don't track which sites you go to. A cookie has a domain that it actually is assigned to. When you visit that domain, the web browser sends that cookie to the server. If I go to amazon.com and they put a cookie on my system, then the only people who can look at it is amazon.com.
Well, Sherlock, we're talking about the marketers like Doubleclick here. Doubleclick has banners on countless websites. Each banner's picture has the website it's displayed on encoded in the URL. Additionally, they set cookies from the domain doubleclick.net. Now what happens? Doubleclick can track you because each of their banners on all sites they have a banner on can read the cookie.
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
Alright, fine. Some types of cookies can be easily exploited, but there is one type of cookie that you DON'T want to turn off (and don't want people in general to turn off), and that is the session cookie.
All this 'anti cookie' propaganda is really getting out of hand. Session cookies are a great way to securely identify a series of otherwise unrelated requests as belonging to the same session. By turning off cookies one is also disabling this very valuable feature.
"But it doesn't matter" you say, because web sites can use URL rewriting instead. Well, think about it:
* If URL rewriting is used, exactly how is this better, from a privacy stand-point, than a session cookie? The exact same information is propagated, so nothing is gained in terms of privacy. In addition, the "evil" people whom everybody is presumably trying to prevent from tracking a user's session can also use this technique.
* On the issue of security and technical convenience however, you are making it worse. URL rewriting is inherently less secure in the fact of 'accidents' such as paste:ing a link (which the average joe won't understand contains sensitive information) to a work collegue sitting behind the same NAT:ing gateway. And how about referrer URL:s making it into web server logs? (There is no guarantee that the session identifier is encoded such that a security conscious browser can spot it, and refrain from sending it as part of a referrer URL to another web server.)
Overall, session cookies are vastly superior to URL rewriting in a number of different situations. But this overzealous anti-cookie paranoia is forcing people to use URL rewriting *anyway*. In tryng to increase privacy, it has actually been lessend - along with security!
Just to give one example of how the ACP (anti cookie paranoia) can interact with web pages: I was recently involved in a situation where some browsers would disable cookies (even session cookies) for requests that were made as part of an IFRAME on a page hosted on another domain (presumably for privacy concerns). This resulted in, for practical purposes, a total inability to use cookies on that site. URL rewriting is now used instead, to a detriment of security and privacy.
/ Peter Schuller
--
peter.schuller@infidyne.com
http://www.scode.org
However, PLEASE try and remember something. The people you talk to and buy things from are not the store owners. In fact, they're lucky if they've ever even met the franchise owner of the store, let alone the owner of the company.
You are taking out your annoyance on someone who has: a) No real interest whatsoever in whether or not you buy X piece of crap (unless they get commissions on sales) and b) No control over the policy, the system, and in most cases, the cash register either. They might be able to get around it (as the clerk did in the OP's post), but that's not the point
The point I'm making here is this: don't get pissed at some clerk or manager at a chain store for following store policy, or expect them to change it for you, even if it's a dumb policy.
I've worked at department stores and grocery stores, etc - it sucks. And you know what? The only people I ever really disliked when I worked any retail job were the people who thought it was MY store and MY decision to harass them for a phone number/address, whatever. These are the people that expect you to break the rules for them (c'mon, you can just give me the discount, I forgot my coupons), then treat you like shit when you follow the rules of the company that puts the paycheck in your hand at the end of the week.
It was store policy to ask for a phone number, the register prompted for it, and we're supposed to ask. If we got shopped by a "secret shopper" or a manager caught us ignoring it, that's our ass, not the customer's. On behalf of all past, present and future retail employees: We don't care what your personal information is. We care about our paycheck and about following the rules of the job.
I agree that it should only take one polite refusal to avoid having to give out your information. Just keep in mind that the manager may have to give approval, and in the larger chains, even the manager may not have the power to negate store policy. Either way, the bottom line is even if the manager has the ability to counteract the policy, they don't care. The manager at Best Buy is not sitting at home in a deep depression because you bought your printer at Circuit City instead.
Like it or not, the cashier represents the store during the sale. During my experience at the store, I probably have the most "face time" with the cashier, and checking out ends up being the part of the sale that tends to stick in my mind. I want it to be pleasant and hassle free.
Asking for personal information will get you a polite but terse "no." I have no intention of justifying my response to you or anyone else. Pressing the matter restults in me getting annoyed. Pressing *again* puts you in risk of losing the sale, and yes, I'm going to tell the manager why. I recognize that the cashier doesn't set the store policy. I don't think I've ever yelled at a cashier for that very reason. However, unless the store management hears about the cheesed customers and the lost sales, the store policy won't change.
I vote with my wallet and my feet. Yelling and screaming just gets you written-off as a whackjob. Telling the manager why you're taking your business elsewhere, and then doing so, punishes the crummy vendor and rewards the competitor who doesn't have the crappy policy.