Death of Cookies, Spyware Greatly Exaggerated?

securitas writes "The New York Times' Bob Tedeschi interviews several Internet marketing leaders who debate recent reports that Internet users are deleting cookies en masse and causing serious problems for advertisers. Among the interviewed is Eric Peterson, co-author of the Jupiter Research report that claims 39 percent of Internet users delete cookies. Slashdot has recently had stories about this supposed trend in June and July. A shorter version of the article at IHT. Who is telling the truth and who is deleting cookies? Are you?"

Yes

[It+doesn't+come+easy]

[...]who is deleting cookies? Are you?

Routinely and automatically. I don't need any help in remembering my ID, password, or credit card number, thank you. And I don't want any company tracking my every move on the net just so they can turn around and sell information about my personal habits, whatever those habits may be.

Here's a challenge for all the companies (and individuals) out there who think it's perfectly acceptable to track and profit from every personal detail you can get your hands on of the people who interact with you. I'll let you track and profit from everything I do if you let me track and profit from everything you do. Complete discloser in both direction. Anything less is unacceptable.

Re:Yes

[soma_0806]

Here's a challenge for all the companies (and individuals) out there who think it's perfectly acceptable to track and profit from every personal detail you can get your hands on of the people who interact with you. I'll let you track and profit from everything I do if you let me track and profit from everything you do. Complete discloser in both direction. Anything less is unacceptable.

I think there is an even better solution. The only reason I have a problem with the whole cookies thing is that what is being taken from me has a commercial value. If the people collecting my preferences can sell them to larger companies or profit by them by tailoring product lines and advertising, then money is being exchanged for my opinion.

If money is being exchanged or made from my opinion then the one individual that most deverves some or all of that financial gain is the original owner of the opinion/preference (me). However, through the cookies scheme, I'm the only one not getting paid.

If I own something that has value and someone else takes it and prevents me from profitting myself from it, that is theft, plain and simple. I don't want someone else's prefences in exchange for mine. I want the monetary value of my opinion.

Re:Yes

[SB5]

"I want the monetary value of my opinion."

Here's your two friggin' cents... Some people, I tell you!

Re:Yes

[BlogPope]

If I own something that has value and someone else takes it and prevents me from profitting myself from it, that is theft, plain and simple.

And how do you figure you "own" the information? You visit site X, doesn't the list of people who visit site X belong to site X? Do you "own" the fact that you drive to work every morning at 8am? Do you "own" the fact that I saw you walking your dog in front of my house this morning? Did the traffic reporter steal from you when he reported the congestion you were stuck in? Did the newscaster steal from you when he reprted the headcount of the "Million Moron March"?

You want to block cookies, fine. I'm sure you accept the consequences of your actions, no problems. The the concept that someone who is taking the effort to aggregate the behavior of millions is stealing from you personally is stupidity.

Re:Yes

[dajak]

If I own something that has value and someone else takes it and prevents me from profitting myself from it, that is theft, plain and simple.

: The concept that someone who is taking the effort to aggregate the behavior of millions is stealing from you personally is stupidity.

It's just as nonsensical as the concept of advertisers losing money if people delete cookies. Or the concept of losing money on non-sales because of piracy. No money is changing hands, and no goods are stolen. Just business models that reach the end of their useful life.

I love cookies

[Sodki]

Cookies are delicious delicacies.

I, for one, don't bother with cookies anymore

[BlackCobra43]

I simply deleted all my cookies, visited every site I *want* a cookie from and then set my cookies to be read-only. Worry-free AND all the benefits of good cookies!

I usually don't delete cookies ...

[maxwell+demon]

... because I already don't let the browser set them.

Does the advertising industry also "lose" money because it cannot track if I am watching their ads on TV?

Cookie Monster says...

[nearlygod]

Cookies are a sometimes food.

Let's put it like this

[Moraelin]

Let's put it like this: when you have someone whose very revenue depends on "detecting wolves", they'll cry "wolf!" All the time. They'll cry "wolf" at the neighbour's "alsacian wolf" dog even. I'm talking about anti-spyware and other "security" companies. Do they delete cookies? Well, I briefly had McAffee installed, and among other problems (such as being a piss-poorly programmed POS) it did exactly that. It tried to protect me from all those supposedly dangerous cookies, storing such "personal details" as the session ID on some site. I'm not kidding. Using half the sites that required logon (such as Gamespy's Fileplanet) was suddenly impossible. So based on that I'd say the concern is genuine. But it's probably not the users going through the menus to delete cookies. Joe Average probably wouldn't even know or care what a cookie is. But Joe Average likely has some POS security software installed that deletes the cookies for him

Re:Not that it would matter, but

[Dogers]

Some don't actually EVER expire..

Some, like Googles cookie, don't expire for ages!

(Googles cookie implodes some time around January 2039)

Firefox has poor cookie management

[plover]

Out of the box (or out of the 'download' folder, I should say) Firefox has really poor cookie management. I have it set to prompt, but once I deny a site permission and realize I want to do business with them it takes many mouseclicks and a lot of stupid scrollbar searching to hunt down the cookieblock and delete it.

There are some cookie management extensions out there, but for "normal" people to better manage their privacy (or even to realize they have privacy right that they can manage) I'd like to see "prompt always, deny third party" turned on by default, and a cookie toolbar/rightclick option that allows you to accept/decline/delete them. As a matter of fact, that would be a nice option for the Firefox installer: a checkbox that says something like "[ ] Help me manage my privacy rights online." We could debate whether or not it should be on or off by default.

Or, weirder yet, what about something like the infamous Clippy? "Hi, I'm Foxy, and I'm here to help you with online privacy so you don't become a victim of identity theft, or a pawn of corporate marketing strategies!"

Anyone NOT deleting their cookies?

[llevity]

I see all these posts about people who delete them every day, every time they close their browser, or they don't accept them to begin with.

Anyone just not give a damn? I mean, everyone's up in arms about privacy, and these lofty ideals of how it should be protected, etc. Just come out and say it. You don't want anyone else to see what porn sites you've been to.

Personally, I don't care about cookies. I don't have many illusions of privacy to begin with. I'm just non-egotistical enough to know that no one really cares about what sites I go to, as an individual.

They want to track my usage and habits? Fine. Throw me in a demographic, and call it a day. Use me as a statistic. Whatever.

Is everyone here paranoid, or do I have any fellow compatriots in the nation of apathy?

Re:Anyone NOT deleting their cookies?

[HunterZ]

Is everyone here paranoid, or do I have any fellow compatriots in the nation of apathy?

You do, but they're all to apathetic to bother replying...

Re:No, but...

[Frymaster]

I don't allow cookies in the first place;

i went through a no-cookies allowed period a couple of years ago and i quickly found something out: they're actually useful and in a lot of cases, dare i say it, desireable.

call me lazy but i actually like my login forms prefilled (name only, of course). i like my template preferences recorded. when i go to ecommerce site 'x' i honestly find it convenient to see what i bought on my last trip.

and, above all, i want to be able to maintain sessions on a lot of sites. increasintly, if you don't have cookies, holding a session is impossible (unique id's on the getline are going the way of the dodo) and, increasingly, sites want you to maintain sessions to do anything useful.

Delete them daily

[MobyDisk]

Cookies aren't evil. They are just misused, and misunderstood.

There's nothing wrong with using cookies to prevent me from having to logon to Slashdot 10 times a day. And there is nothing wrong with cookies telling Amazon.com that people who buy Movie X also like to buy Book Y. That is useful anonymous marketing information. I actually LIKE it when Amazon recommends things to me, because they are usually right!

The problem is when the cookie stays around for days and you never get a login prompt: that's a security problem. Or when marketers build long-term profiles on you, then try to grab identifying information from other sites you use.

I have Mozilla set to delete cookies every day, which seems to be the best balance. (Firefox unfortunately does not have this option).

Re:No, but...

[Jaseoldboss]

Here's what I do.

Get Firefox to turn ALL cookies into session cookies by deleting them "when I close Firefox" in options.

Then make exceptions for the sites you want to track you. I do this for /. so I don't have to log in everytime.

From the article;

This anticookie fervor also hurts the deleters, she says. For example, cookies help a computer limit how many times the user is exposed to annoying ads like a floating, animated message. Since when should you trust a site not to annoy you with ads, block popups and use Adblock and Flashblock.

"...So cookies are a really good thing for managing the user's experience," she said." If this was true, we'd all be installing adware on our computers to deliver 'interesting relevant and targetted' advertising to enrich our web experiences wouldn't we? Bah!

Re:No, but...

[Evil+Grinn]

increasintly, if you don't have cookies, holding a session is impossible (unique id's on the getline are going the way of the dodo) and, increasingly, sites want you to maintain sessions to do anything useful.

For session tracking, cookies are now the standard, but there are other security precautions that can only accomplished by including a unique ID in every form.

Go read up about "session riding" or "cross-site request forgery". For example:

http://shiflett.org/articles/foiling-cross-site-at tacks

See the code sample near the end of the page, under "Force the use of your own HTML forms".

Delete 'em? Nope, I poison 'em!

[OpenGLFan]

About once a week or two I'll get a few idle minutes, playing with my laptop while making dinner, and I'll just start opening up cookies and changing the data in there. Not to try to impersonate someone else, but just as every person's duty to scribble nonsense on some moron's database.

It's fun. It probably doesn't do anything, but it kills a minute or two of time, and it's more fun than "bejewled".

Re:cookie swapping?

[Madcapjack]

Who needs to delete cookies? I just have a little program that overwrites the text with random text. Why? Well, spyware companies suck that's why. But you're not kicking them in the gut if you just delete the cookies. Nah, feed their databases with crap. That's what I say.