Delete Cookies, Inflate Net Traffic Estimates

eldavojohn writes "In my browser, I regularly go to the tools menu and clear my private data. This includes my cookies. As a result, people like me who destroy cookies by the thousands may be inflating estimates of Web traffic by up to 150 percent. People have good reasons for clearing out cookies — we've heard about bad cookies before (and I think the FCC is still investigating the issue). But every time you delete cookies, many of the sites you've visited count you as a new visitor next time."

On the other hand...

[Yusaku+Godai]

...you could be like me--I block all cookies from all sites until I've added them to my whitelist.

Re:On the other hand...

[dattaway]

and be sure to set your browser to "googlebot"

That way no one has visited but another web spider!

Re:On the other hand...

I just forward all my cookies on to Santa - I get good presents

Re:On the other hand...

[Derek+Pomery]

Heh. I do the same thing.
Of course, a site could also try tagging me by serving me a uniquely timestamped file modification date on some piece of server content. Assuming I cache, that'd also serve for tracking.

Isn't like everything is just cookies and IP tracking.

Or heck, SSL session ID makes for short-lived tagging to determine a visitor, as does analysing site access patterns.

Re:On the other hand...

[Derek+Pomery]

Hm. Super-convoluted. Use a javascript image portscan to attempt a fingerprint to try and determine if the IP has moved, if the visitor is identified as coming from a dynamic range.

Re:On the other hand...

[Derek+Pomery]

... how about 301? Let's say a site redirects from / to /DEADBEEF1234/ or from /webbug.gif to /DEADBEEF1234/webbug.gif with a 301 - that seems that could track people too.
And let's not forget flash - it has a local store for saving flash app information, often on by default.
I wonder if a really determined ad company might not have a half-dozen methods of tracking me.

Re:On the other hand...

In Soviet Russia the Cookie Monster eats your cookies.

Re:On the other hand...

[Goldenhawk]

Hmmm. I wonder if this inflates the apparent popularity of Firefox (not that I consider that a bad thing, mind you).

After all,

1) it's geeks who tend to both use FF *and* block cookies
2) the FF extension architecture makes it easy to use selective cookie blocking tools
3) FF settings allow automatic cookie deletion each time it exits, unlike IE (=IE6, at least)

All in all, I suspect that (*IF* the subject article is accurate) FF users probably account for a disproportionately large chunk of those "re-visits".

I bet M$FT hates that.

Re:On the other hand...

In Soviet Russia YOU eat the Cookie Monster.

Re:On the other hand...

[xENoLocO]

On one hand, your post is intriguing and thought provoking.

On the other hand, this is slashdot and that kind of behavior is not allowed here. We demand you say something funny.

Re:On the other hand...

[gDoDig]

The real counting of visitors is done through parsing web server logs (for example with AWStats), not by using cookies. So this is mute point...

Re:On the other hand...

"What's that, you say? I can't hear you, your point must be mute or something!"

Re:On the other hand...

[SeaFox]

Hmmm. I wonder if this inflates the apparent popularity of Firefox (not that I consider that a bad thing, mind you).

Actually, it means something much more frightening. It means MySpace is even more popular in comparison to other websites, as no one on MySpace would be smart enough to delete cookies on a regular basis, so there aren't any "double dips" of the new visitor counter like other sites would have.

Re:On the other hand...

[rapidweather]

In my livecd linux, based on Knoppix 3.4 (see screenshots, below) I use control scripts for Firefox, Flock and Opera that does several things.
First, if any ~/.flock ~/.mozilla or ~/.opera happens to be in /ramdisk, it deletes the entire ~/.flock, ~/.mozilla, or ~/.opera then installs a new, default one, that I have set up. The browser then displays a local copy (in the cd) of this page:

http://www.geocities.com/rapidweather/web.html

A default set of RSS feeds is on the Firefox favorites toolbar, the "My News" section of Flock and the "Feeds" section of Opera. They are not the same for each browser, for variety.

Firefox 2.0.0.3:

When the user closes Firefox, or it crashes, a dialog box appears asking "Did you want to close Firefox", with Yes or No choices. Choose Yes, and the control script deletes the ~/.mozilla, and the ~/.fullcircle from /ramdisk and the browser is gone. If the choice is "No" such as in a crash, then the user is presented with a dialog box to restart the browser with the current ~/.mozilla still in place. This can repeat two more times before the user is instructed to start Firefox using the desktop icon, starting from the beginning. Also, the Firefox preferences are set up in the normal way to delete all of the personal information, including cookies, when it's closed. All that would remain in ~/.mozilla is the RSS feed contents, and any changes to the Firefox preferences over and above my defaults during this session. Opera is set up the same way, using a similar control script. This is designed as a high-security setup, for privacy.

Flock uses a control script, but does not have the "multiple restart" feature that Firefox and Opera have.
I found that Flock can keep data even if one sets the browser's preferences to clear everything out, so using the control scripts to remove the entire ~/.flock takes care of that.
If anyone wants to keep cookies, they can use an alternate menu, that does not use a control script, and starts the browser(s) in the normal manner, setting all preferences as they wish. They cannot, then, use the icon to start the browser(s), or the control scripts will delete their ~/.opera, ~/.mozilla, or ~/.flock.
One useful side effect of running a control script in a shell, if the browser "locks up" as can happen on some older machines, and some websites, one can just close the shell, and the browser is gone. That would leave a ~/.mozilla in place, possibly a defective one if a web site caused problems, so that's why I delete any ~/.mozilla found in /ramdisk and start Firefox with a clean slate, when the control script is used.
So, the icon points to the "start_firefox.sh", rather than to the browser itself.

I put three browsers in my livecd linux, I find that Opera is a little lighter on something like a Celeron (Covington) processor, running at 267 MHZ, than the others.

Rapidweather

Re:On the other hand...

[FFFish]

I spoof my MAC address and re-boot my DSL connection once a week, getting a new IP Address each time!

Re:On the other hand...

Many websites monitor the visitors through a Javascript include from an external website
but with the popularity of the NoScript extension in firefox many accesses to such websites
would not be logged...

Could this mean Firefox could be used more than statistics show us ?

Re:On the other hand...

[gDoDig]

:)))) moot point...

Re:On the other hand...

Personally, I automatically accept all cookies for the session.

It saves me from having to add the oddly cookie-requiring sites to my allowed cookies list. Even if I'm only going to do "allow for session" or "until I close the browser" or whatever term one would like to use. I know I've seen a few such sites somewhere.

Okay, so they can track me via cookie until I close my browser. I just want to browse, and don't want to fiddle with settings for every cookie-needing site. Besides, my IP, browser, etc. are going to be the same, cookies or not.

Re:On the other hand...

[Sir+Runcible+Spoon]

You are counting the number of hits, not the number of users.

Re:On the other hand...

[Lord+Kestrel]

I've never seen the local flash storage on by default, and I've installed it a dozen times or so on various platforms.

...And?

[xlsior]

News at 11 -- Water still wet.

Re:...And?

[mandelbr0t]

Oh darn. An audience that varies from day to day that is very large to begin with is difficult to count. Find a metric that everyone is happy with it, realize it isn't reality any more than any other metric, and move on with actually being a BA. The worst problem with most BAs is that they are constantly inventing reasons that something has to be analyzed again. Accurately counting television viewers, sports event attendees (as opposed to ticket holders) raindrops and grains of sand might keep you entertained, but it's unlikely you'll ever get the correct answer. Besides, does it really matter if your website had 1 million visitors as opposed to 1.5 million? What would you do differently with the extra 500,000 visitors?

Re:...And?

[amper]

And in other news, Generalissimo Francisco Franco is *still* dead.

Re:...And?

[DrEldarion]

Besides, does it really matter if your website had 1 million visitors as opposed to 1.5 million? What would you do differently with the extra 500,000 visitors? I'm sure it matters a lot to people buying advertising on those sites. Having your ad shown to .66% of the people they're telling you it's being shown to would be a bit upsetting.

Re:...And?

[CastrTroy]

As someone who's buying ads, ask them how them came up with their numbers, and be your own judge of how accurate they are. If you aren't asking how their numbers are being generated, then they could just be making it all up. Granted, they could be making up the numbers anyway, but at least you've done some due-diligence. Besides, what you should really be doing is checking your own site statistics that the ads are linking to, to determine how many people the ad is drawing. If you believe everything the other company is telling you, without actually verifying it, then you deserve to get screwed.

Re:...And?

[mandelbr0t]

Which leads one to wonder how useful these numbers actually are to either the advertiser or the website owner. We've already established that they're just made-up numbers that happen to correspond to some log entries (not people). I'd pay an advertiser for their time and for any material they created (posters, brochures, website graphics, etc.) and for their reputation. If I wanted to check up on them, I'd do a customer service survey to find out how many of my customers became customers because they saw an ad. But to actually pay someone to bring traffic to your website and then count something stupid like page hits as success is just asking for someone to write you a distributed link-clicker bot. I'm pretty sure there's already a few out there.

Re:...And?

[trianglman]

Besides, what you should really be doing is checking your own site statistics that the ads are linking to, to determine how many people the ad is drawing.

Which is subject to the same issue and is better how? If this article is accurate, and I am inclined to believe it is, this information really does throw off marketing data, not just from hosted ads, but also from internal campaigns, any A-B testing a site might be doing, etc.

BTW, I am one of those FF users that believes no cookie should be around longer than my browser is on also (although I am not so militant as to block all cookies unless I let them in).

Re:...And?

[AmiAthena]

Aww, I was hoping for the news for the hard of hearing!

Re:...And?

Won't someone pleeease think of the advertisers?!?!

They can fuck off and die.

Re:...And?

[steppin_razor_LA]

No shit. Hello!?!?! Topic moderation please!!

Re:...And?

[Moofie]

As long as everybody's calculating the same way, it doesn't really matter. Assign an arbitrary unit, stop pretending it's a one-to-one correlation with a unique meatbag's attention, and go on with your business.

It's advertising. Who cares?

Re:...And?

That's all well and good until they take your free content down with them.

Re:...And?

Exactly! How is this my problem? Like I really care. lol

Re:...And?

[delinear]

Aren't ads usually priced on individual page impressions rather than unique visitors anyway? I doubt that an ad company would query the value of showing an ad to someone more than once - if anything, used properly, this can be more valuable since it is a constant brand reinforcement and may be more effective than a one-off viewing.

150%? Please

It's not that many people, compared to the hundreds of millions of people on the net. There are also other ways of tracking people like IP addresses possibly in combination with browser UA string.

Re:150%? Please

[w3woody]

There are also other ways of tracking people like IP addresses possibly in combination with browser UA string.

Unless you're on a corporate network behind a NAT with a standard-issue OS install with a standardized browser.

Re:150%? Please

[thue]

Or a dialup user who is allocated a new DHCP dynamic IP for each reboot.

Re:150%? Please

[will_frag_for_food]

nah... nobody surfs the web from work... what a ridiculous concept!

Re:150%? Please

[Rick17JJ]

I unplugged the telephone line on my DSL router just now, for a few minutes, and was then dynamically assigned a new IP address just now. That happens to all DSL users a lot during summer thunderstorms, due to the power briefly going off every few days or so. I suppose that would probably also happen to broadband cable users too, but I don't know for sure.

I also use several different computers. I have both a desktop computer and a laptop computer at home and another computer at work. I also sometimes take occasional part-time College computer courses and have a computer on my desk there too. So I will sometimes use up to four different computers in one day and each will have different cookies and some of the computers have different IP address too. Not only that, but I also have more than one browser on most of those computers and don't always use the same browser every day. Advertisers must be counting me at least several times.

When using a free WiFi hotspot from a laptop, a always clear my cookies out first, because I realize that data is sent unencrypted over the air and can be picked up by anyone running packet sniffing software. I am not sure how useful that information would be to them, but they could probably use that to go to the same website and it would assume it was me returning. Because of that, I clear out the cookies more frequently on the laptop computer.

No surprise

[HomelessInLaJolla]

I hadn't thought about counting it this way until this article appeared but, now that it's said, I'm not surprised. It doesn't matter what the consumer does. The business analysts will always find a way to spin it for their profit. Initially the business analysts thought that this would be a perfect way to track all of the visitors. When some of the visitors decided they didn't want to be tracked then the business analysts decided that, well, maybe tracking them (in that particularly way) wasn't the important metric for the shareholders to see. The more important number, obviously, is how many discrete visitors they have.

Brilliant.

Re:No surprise

[Garridan]

Nope. Anybody doing this sort of market / traffic analysis will look at the correlation between "unique" pageviews and sales. The actual number of "unique" pageviews does not matter. Inflating it by 200%, or even a million times, does not matter. Scaling by a constant factor has zero effect on correlation analysis. All it does is sets the value of a "unique" hit -- scale the hits up by 100%, and it scales the value per hit down 50%. Nobody is getting cheated, and nobody who knows anything about browsers or the internet believes that a metric of "unique" pageviews based on cookies alone is accurate. Fact of the matter is, without biometric identification, you'll never get anywhere near the accuracy this article implies people want. And even biometrics are hackable.

Re:No surprise

[HomelessInLaJolla]

Nobody said anyone was being cheated. I think you've somehow been hypersensitized to have a need to downplay anyone who thinks any deeper than the surface. As if by playing the "nope--you're wrong" card you somehow completely invalidate any possibility that numbers are ever spun. That's a troll tactic. Read saying and immediately begin with "No, you're wrong".

Disabled Cookies?

[marcog123]

What happens with people who have cookies disabled? In this case each hit will be counted as a unique visitor, unless the site checks IP address or other details.

Re:Disabled Cookies?

[catbutt]

Smart software can detect that. At least if they click to another page, or if it brings down images etc.

So what?

[EveryNickIsTaken]

If the primary concern is for unique visitor tallies for traffic-based advertising, wouldn't web sites be affected (mostly) across the board? If all web traffic is artificially inflated close to the same amount, then this becomes a non-issue.

Re:So what?

Maybe they want to evaluate advertisements on the web compared to other media like magazines. The idea being that if they figured out the constant of proportionality between these two in the 1990s then this value isn't valid today.

Re:So what?

[Red+Flayer]

If all web traffic is artificially inflated close to the same amount, then this becomes a non-issue.

True. But I'm certain some websites have a higher proportion of visitors with cookies disabled... slashdot, for example. The trick, then, in order to make discrete visitor metrics truly useful (from a marketing standpoint) is to normalize for cookies-disabled visitors. Some factors that would have to be considered are how many cookies-disabled visitors access your site, and whether disabled visitors exhibit the same repeat visit habits as enabled visitors.

This is why there is research out there to use methods other than cookies and IP addresses to identify users -- see this article from last September.

I'm sure this concept can get some VC if companies begin distrusting current traffic anlayses -- it would be a useful adjunct to traditional traffic monitoring.

150%?

[catbutt]

That assumes an awful lot of people do that.

I don't do it because it is a pain to constantly log back in everywhere. But I seriously doubt more than 2% of the non-slashdot crowd does it.

Re:150%?

I don't do it because it is a pain to constantly log back in everywhere.

This really isn't about sites you log into. For those, they already have a mechanism of knowing who is on - the login session. This is more about sites that send everybody a cookie simply for the sake of counting users. Those sites will end up counting high. It's likely they don't really care that they're counting high until the people they are trying to sell on advertising space start saying that they don't believe the traffic numbers because of this. In general, most companies I've ever seen are more than happy to believe they are getting more traffic than they really are.

I remember way back in the day with a customer who was happy that his 'hits' went up when his site was redesigned. I pointed out that he was counting ALL requests. The new design had more images than the old one and, therefore, a single load of the index page would generate a 50% increase over the old site even if the number of users and page views stayed the same.

Re:150%?

[catbutt]

What login session are you talking about? Sites like slashdot keep track of me with a cookie. Sure, they might appeand a session id to the url while I'm here, but every time I leave and then come back to the site I'd have to log back in if not for the cookie.

And BTW, if I ever delete cookies, I tend to go through them carefully and leave the ones I want to keep (such as slashdot, nytimes, etc). The problem there is that it takes me 20 minutes to do it. I've yet to find a nice firefox extension that makes this a lot more efficient, but maybe I haven't looked hard enough.

Re:150%?

[Sparr0]

No, it's just bad math and/or horrible reporting. The article states that 31% of visitors deleted their cookie. That means the increase in reported traffic might be (31%/69%)=45%. They probably meant an increase *OF* 50%, which is an increase *TO* 150%.

Re:150%?

That Firefox extension is called "Opera". It allows individual settings for each site, including cookie settings. Set the defaults to delete all permanent cookies when you close the browser, then set the settings for the sites you like to not delete the cookies, and hey presto, it's fully automated.

Re:150%?

[kilgortrout]

In firefox go to Preferences>Privacy. Tick "Accept cookies from sites". In the "Keep until" menu, select "I cose firefox". That will delete all cookies when you close firefox. You then click the "Exceptions" button and set the "Allow" option for all the websites you want to have leave their login cookies.

Re:150%?

[pla]

I don't do it because it is a pain to constantly log back in everywhere.

As someone who has cookies automatically deleted when I close my browser...

You don't actually need to log in to every site you visit - Only if you want to buy or post something, in general (in fact, I prefer they can't track me while "just looking").

And not only do I get a somewhat increased level of privacy, I get massively increased security as well - Someone needs to actually know my passwords, not just sit at my computer, to use one of my accounts.

Re:150%?

FTA
Researchers found that 31 percent of U.S. Internet users erased their first-party cookies over the course of the month. As a result, Web sites could be inflating their web traffic by as much as 150 percent, according to comScore.

Looks like only 31 percent of web viewers might be cleaning their cookies. Now why is my CAPTCHA puberty? Are you guys trying to tell me something.

Re:150%?

[eriks]

http://cookieculler.mozdev.org/

lets you "protect" certain cookies, and has a tool to delete all but your "protected" cookies. Works pretty well for me.

Re:150%?

[Code+Master]

Or, if I visit multiple times, each of those counts as a new visit. So if I visit a site 10 times a month without cookies, it counts as 10 visitors. If I visit it 10 times a month with cookies, it counts as one visitor. That is an increase of 1000%!

Re:150%?

[Beetle+B.]

Use the CookieSafe extension. It'll let you easily:

1. Whitelist sites whose cookies you want to keep.
2. Blacklist cookies from some sites (doubleclick, anyone?).
3. Set most other cookies to be killed after you exit FF.

I know Firefox lets you do that anyway, but the difference is that Cookiesafe lets you do it easily.

Re:150%?

[fermion]

It not help to accept the site cookies. Much of the tracking may be done with third party cookies, and browsers are increasingly able to manage these third party cookies automatically. Therefore all the 2o7, doubleclick and the like are never allowed on the computer.

It seems to me that one of the advantages that google has is that they are a first party sites, and therefore likely have more valid cookies out in the wild. That is also on of the disadvantages of the doubleclick deal. Doubleclick is less trusted than even google, so I certainly plan to limit my google cookies.

Re:150%?

[coyotecult]

CookieSafe: will let you allow cookies for given sites, allow cookies for sessions for given sites, allow them temporarily for given sites, or not let a site set the cookie.

Re:150%?

[Lord+Kestrel]

I know Firefox lets you do that anyway, but the difference is that Cookiesafe lets you do it easily. How could it be any easier? FF makes it so simple, my entire family does selective white/grey/black listing of cookies.

Set your preferences to ask, and then when you visit a site, either allow it forever, allow it for the session (the common choice for broken sites that require cookies to browse them), or deny them. You also choose whether FF should remember your choice or not, and you're done. After a couple days of hitting your usual sites, almost no work is needed.

So?

If cookies aren't reliable, find something else to do your estimates.
It's no rocketscience

FTC, not FCC

[Eric+Smith]

The FCC has little reason to investigate cookies.

Re:FTC, not FCC

[Aladrin]

That's funny, maybe you should tell them...

http://yro.slashdot.org/article.pl?sid=06/11/15/16 22251

Re:FTC, not FCC

[gEvil+(beta)]

The FCC has little reason to investigate cookies.

I thought the FDA was responsible for investigating cookies...

Re:FTC, not FCC

If the Federal Cookie Commission doesn't look at cookies, then what do they look at? Are you telling me America isn't prepared for a Cookie Monster attack?

Re:FTC, not FCC

[yoyoq]

you should check your sources one level deeper than the slashdot summary.
the original article was FTC, the summary was FCC

Re:FTC, not FCC

The Slashdot post and title say "FCC", but the actual article says "FTC".

Re:FTC, not FCC

[Eric+Smith]

Interesting. I don't think the FCC has any regulatory authority that would cover cookies. Not that they'd necessarily let a minor thing like that stop them...

Re:FTC, not FCC

What about the FDA? I thought cookies were their domain.

Oh, wait...

Re:FTC, not FCC

[Flunitrazepam]

Obviously you didn't see the sesame street where Cookie Monster called Big Bird a "nappy headed ho"

Re:FTC, not FCC

[Fozzyuw]

Obviously you didn't see the sesame street where Cookie Monster called Big Bird a "nappy headed ho"

The worst part is that they didn't fire Cookie Monster him until the letter Q and the number 4 pulled their sponsorship. Of course, I think he didn't need to go on Bert and Ernie's talk radio program either because they're hypocrites themselves.

At last!

[brennanw]

I finally have the secret to ultimate web traffic power! Now my alexa ranking will go through the roof! THROUGH THE ROOF, I TELL YOU!!!

What I do in my computer is my business

[140Mandak262Jamuna]

I delete cookies, permit them, leave them on, it is all my business. I am under no obligation to provide web site operators reliable count of how many uniqie visitors they get. They should stop complaining and develop better ways to count unique visitors. If they cant, it is still not my problem.

Re:What I do in my computer is my business

[catbutt]

While I mostly agree with your sentiments (I don't think anyone said it was your obligation) --- to be the devil's advocate: if they can't make money and shut down their site, it does become your problem.

Re:What I do in my computer is my business

[jandrese]

Sure, since neither cookies nor IP addresses are good ways to count traffic you'll start seeing an increase in sites that don't let you do anything until you register. Frankly, this is already happening. I've searched for plenty of technical questions on google that land me on forums that require you to register to even read the posts. This means you have to give them a valid (well long enough for you to get the confirmation) email address and username/password. The worst part is that a lot of times those sites are really slow to send out the email and you're stuck waiting for it to solve your problem. It's obnoxious, but I guess they have to do it since they can't count traffic reliably otherwise...

Re:What I do in my computer is my business

[nadamsieee]

While I mostly agree with your sentiments (I don't think anyone said it was your obligation) --- to be the devil's advocate: if they can't make money and shut down their site, it does become your problem.

No, that is most definitely still the website's problem. If they can't figure out how to stay afloat without forcing their customers to do something they don't want to do (like keeping cookies for example), the competition surely will. Failure is a good thing; its a sign of a healthy economy.

Re:What I do in my computer is my business

[rhombic]

Many websites are entertaining to me, but there's not a single one whose disappearance would constitute a major problem for me.

Re:What I do in my computer is my business

[Zephyros]

I've searched for plenty of technical questions on google that land me on forums that require you to register to even read the posts.

Try viewing Google's cache of that result. If the forum post is showing up as a search result, Googlebot must've been able to see it. That's worked for me in the past. It's not perfect, though -- if you have to dig into that forum any deeper than just that page, you're out of luck and have to go through the registration like you said. :/

Re:What I do in my computer is my business

If your business model is totally reliant on having an accurate visitor count, even though the technology just doesn't support it, then perhaps you should/i> go out of business.

Re:What I do in my computer is my business

[nine-times]

Oh no! If this happens, the internet might become much less commercial!

Re:What I do in my computer is my business

[PingXao]

Actually, it's not my problem or anyone else's. For every website that goes under there are 3 more waiting to take their place. There is no website I visit that is indispensible.

Re:What I do in my computer is my business

[TheCarp]

Here is the thing... Someone, somewhere decided to use a method of counting users. This method was not entirely unreliable. They used it for many things, even though, it couldn't hope to possibly work right, given that cookies are under end user control. Even normal activity (using a different PC, reloading the OS, making a new browser profile) could cause it to register you as a new user.

THIS METHOD OF COUNTING WAS BROKEN FROM THE VERY DAY IT WAS INVENTED

It is not my, or anyone else responsibility to give two shits for the fact that this problem is, in fact, much harder than it seems to do for real, and some retard decided to do this.

If the website owner screws up in other ways his site can come down forever too. If he forgets to take backups and deletes his site, its gone. If he puts in the wrong credit card number or sends in the wrong server decomissioning order, gone. If he screws up his DNS, gone.

Bottom line, theres so many ways he could screw up and lose his own ability to keep the site up. This is just one of them. In the end its not "Delete Cookies, inflate net trafic"

The title is wrong from the start its "Count users incorrectly, inflate net traffic estimates"

-Steve

Re:What I do in my computer is my business

[asninn]

Do you honestly think that any website is going to shut down solely because people delete their tracking cookies?

Re:What I do in my computer is my business

[asninn]

I've searched for plenty of technical questions on google that land me on forums that require you to register to even read the posts. This means you have to give them a valid (well long enough for you to get the confirmation) email address and username/password. The worst part is that a lot of times those sites are really slow to send out the email and you're stuck waiting for it to solve your problem.

http://www.bugmenot.com/ is your friend - and there's also a Firefox extension. :)

Re:What I do in my computer is my business

[littlewink]

Agreed. And web programmers who can't or don't write web apps w/o cookies are incompetent. Unfortunately, that seems to be a majority of web app developers.

Re:What I do in my computer is my business

[Kalriath]

Then you fire off a report to Google that the site you found is engaging in cloaking, which Google doesn't allow - and let the site owner know you did so too. Losing Google ranking these days constitutes an internet death sentence to a site.

Re:What I do in my computer is my business

[prockcore]

They should stop complaining and develop better ways to count unique visitors. If they cant, it is still not my problem.

They can make you login in order to do anything.. of course you'll complain about that even more.

Re:What I do in my computer is my business

[Ankur+Dave]

That only works about 1/2 of the time --- often, the site's admins will tell Googlebot not to cache the site ( />).

Re:What I do in my computer is my business

[qzulla]

Mine did. The bastids!

qz

Small businesses

Deleting cookies makes life difficult for the small businesses struggling to grow. I try very hard to optimize my advertising costs with Google, and if I can't figure out if you've already visited I'm going to miscalculate. I'm not saying you owe me anything, but please don't go out of your way to delete cookies simply out of some feeling of empowerment. My cost of acquiring new customers makes an enormous difference in my bottom line, and the more accurately I can gauge that the better I can run my business.

And believe me, you're not making a rich man richer, you're making a middle-class man better able to support his family.

Re:Small businesses

And f**ck you too.

It is not MY responsibility to validate YOUR business plan.

Re:Small businesses

Like I said, you don't owe me anything. But in the real world, the best shopkeepers remember their customers. They remember what they like, what they were looking for last time they came in, etc.

In the real world if a shopkeeper said "Hi, nice to see you again. Did you find that X you were looking for?" I doubt that your response would be "Fuck you." If every time you came in the guy acted like he'd never seen you before you'd think he had Alzheimer's. Then you might say "fuck this guy. He doesn't even know I'm alive."

It often takes more than one visit for a visitor to become a customer. If I can remember that I've seen him before I might be able to emphasize parts of the site that he hasn't seen. And if I can notice that people who begin by going down "aisle" #1 are likely to come back, and those who start in aisle 4 never come back, well, I know I should probably place more emphasis on #1, and at the same time go figure out what's wrong with #4.

And just maybe it will be better for both of us.

Re:Small businesses

There really is a world of difference between a human being welcoming you back to a local business and a computer program printing "Welcome back Miss Doe!" on the screen. The former impresses me, the latter reminds me how much I dislike being tracked for commercial purposes.

The only time I like cookies being used is when they are useful to *me*. The vendor improving their site could be called useful but if I'm a returning customer, I obviously didn't have so much of a problem with the site that my custom was lost in the first place. This sort of indicates that it's not really all that useful to *me*.
A web forum remembering who I am so I don't have to log on each and every time is IMHO actually quite a useful function (within reason) and it's things like this that I will keep cookies for.

If the cookie is more useful to the website owner than it is to the visitor you really shouldn't complain when people dump it since it's garbage to the person whose hard disk space it's taking up.

Re:Small businesses

It would really help me if you gave me free stuff.

Re:Small businesses

[PietjeJantje]

Hi! I'm the manager of the new grocery store on the corner. Would you be a sport and show your ID everytime you enter our shop? You go out of your way to defeat our statistics, you don't want the air miles card, and I tell you, you're hindering a middle-class man in better supporting his family. I think everybody should just wear an easily readible ID badge when wandering the mall, because you exist for us, salespeople.

Re:Small businesses

But if you want to be rich, you have to pay the google-tax to the google pimp. Why? If we kill google all ya little middle-class men will be able to compete freely with each other.

Re:Small businesses

There really is a world of difference between a human being welcoming you back to a local business and a computer program printing "Welcome back Miss Doe!" on the screen.

I'm sure it wasn't meant to be taken literally. From the description, presumably it's a site that has something that interests the person visiting. If it allows the site to make the visit a better/more informative one, then everybody benefits. I don't think he's looking to "trick" people into paying for something they don't want.

The whole "fuck everybody else" attitude in this thread is amazing. Most people in the world are just people trying to get by. They're not out to "screw you over" and they're not "the enemy."

Humans love to label things. That's because our brains are lazy and always looking for ways to not have to actually think. Labels work well for that. As soon as you can decide, for instance, someone's a "bleeding heart liberal" or a "fascist right-winger" then you no longer have to think, you already "know" what your opinion is. That's why the whole notion of "red" and "blue" States took off. Once you can tag a whole State with a single word, well, your brain is done thinking.

And this whole thread typifies that. People are concluding "they need to track me for profit! Therefore they are evil!" As if profit were synonymous with exploit.

Suppose you know someone who, say, loves animals. And their dream is to raise them and care for them. But they also have to live, and so the only way they can do what they love is by....uh oh, here comes that word.....making it profitable to do so. But they didn't get into it because they thought it was a good way to 'generate profits', they got into it because they loved doing it, and want nothing more than to keep doing it for the rest of their life. But they can't do it unless it provides a way to make a living.

Many, many people and businesses are like that. Stop thinking of them as the enemy.

Re:Small businesses

[archeopterix]

In the real world if a shopkeeper said "Hi, nice to see you again. Did you find that X you were looking for?"

In the unreal world of the internet, it's more like:

"Hi, nice to see you again. I have analyzed your shopping pattern and deducted that you have a furries fetish and a mistress that you visit every friday. By the way, it's friday - wanna buy a pack of condoms, some lube and a furry costume, size 38 (I have deducted that too)? Ah, and I sold this data to some other stores around town. Have a nice day!"

Re:Small businesses

Which is all quite irrelevant. In the relatively free market you have the right to ___try___ to make a profit. You have no inherent right to make a profit. You have to compete on your own competitive advantages. Anything else is no longer a free market, but some breed of communism or socialism.

Find a better way to grow, find a better business model, find a better way to track your customers. That is all your responsibility in your attempt to make your own profit. Never rely on the good will of your customers for that.

Re:Small businesses

Who said anything about businesses being "evil" or being out to screw anyone over? The backlash is against the attitude that the vendors have a right to our private information so they can sell us stuff. I'm sorry but that just doesn't fly. Nobody should be complaining at me about my computer housekeeping habits. I like to clean out my cookies once in a short while. It's my computer and my information, why on earth should I feel in anyway obliged to give it away?

Personally I'd prefer a nice, tidy, well laid-out website that I can navigate in a logical manner. Heck, I have no problems with a web site that'll let you register an account (like most online stores do when it comes to paying) and then offer you the opportunity to customise the website experience by giving it information. I don't however, like being tracked without my consent. I find it...well...rude!

Re:Small businesses

What you don't seem to understand is that the great-great-great-grandparent poster did not demand that you keep the cookies, merely stated why (s)he would like you to keep the cookies.
Another thing you don't understand is that no browser I have ever encountered forces you to accept every cookie from every site you visit. You have every right and many options to customize your cookie acceptance policy. Have your browser prompt you to accept cookies, set up a list of sites that you will always accept cookies from, etc.
Quit being a jerk just because someone would like you to keep your cookies.

I don't keep mine, but I wouldn't tell someone who wants me to, "F**k you." I'd ask them why I should keep their cookies and, if I agree with them, I might place their site on my list sites I accept and retain cookies from.

Re:Small businesses

[watergeus]

Time for the middle-class man to rethink his marketing and cookies.
Cookies are nice in a middle-class family, but I was thought never to accept them from strangers.

CookieSafe is my current favourite

[KenAndCorey]

Cookiesafe allows me to keep my permanent cookies to a minimum, yet allow me all the functionality of session cookies. Of course, it does inflate the stats as the article mentions. In my previous job I worked with stats quite a bit (using WebSideStory/Hitbox), and it is such an inexact science that it ranks right up there with Lies and Damn Lies.

https://addons.mozilla.org/en-US/firefox/addon/249 7

Anyone have other suggested software they prefer?

Re:CookieSafe is my current favourite

[CastrTroy]

Web statistics is something that's extremely hard to track once you start talking about unique visitors. Ideally, you want to get this down to exactly how many actual people are using the site, but usually it comes down to the number of computers accessing the site, with people who delete cookies being counted as a new user. Some systems count each IP as a different user, but that doesn't account for users behind a NAT, or those with changing IP addresses. The idea is however, that those two groups cancel each other out to some degree. There's also a lot of users who may access the site from many different computers, including Home, Laptop, Work, Cell Phone, Web Cafe, Wii, and others. You can inflate the numbers a lot if you're looking to impress people, or you can try to get accurate statistics that are actually meaningful if you want to actually analyze the data.

Totally agree -- though hard to believe the extent

[techitout]

This is all so true -- but the same can be said for any method of tracking internet traffic. Think of the Alexa toolbar, or the new Compete toolbar (completely biased). This particular ramification will be more widespread, as the big traffic monitors like HitWise and ComScore who publish industry-standard numbers will be affected. So businesses that rely on those numbers should account for the skew (though, 10 years ago trend seekers relied solely on newspaper and magazine publishing stats to come up with numbers... yikes!). However, I find it hard to believe the article's report that "researchers found that 31 percent of U.S. Internet users erased their first-party cookies over the course of the month." Does 1/3 of the general public even know how a cookie works, never mind how to erase them? Side note -- the person with all the traffic data? Google. Making Analytics free has created such a huge install base, they have an amazing amount of traffic data. Scary what they could figure out.

Not a surprise

[Kelson]

...though it may be to some people.

Anonymous user stats are always going to be an estimate. Cookies aren't reliable, because people clear them. IP addresses aren't reliable, because some are dynamically generated, some are shared, and people move around.

You can only really know how many users you have if (a) they're registered and (b) they visit the site while logged in. (And even then, people could be sharing accounts -- bugmenot, anyone?)

Personally, I don't think this is a problem, as long as you're willing to look at the estimates for what they are and not treat them as if they were precise.

Hmm... how long before someone claims that Firefox's/Opera's/Safari's stats are inflated because they make it easier to wipe cookies than IE?

Re:Not a surprise

[maxwell+demon]

Cookies aren't reliable, because people clear them.

That's not the only reason. If you surf the same site from work and from home, you inevitably will be counted as two different users, no matter what you do with your cookies. I'm sure that alone will increase the user count of certain web sites by a high margin (I guess for Google it will probably mean an almost doubled user count). The same is true if you happen to have several computers, e.g. a desktop and a laptop, not sharing the browser data (which esp. for the desktop/laptop scenario is probable, since you'll want to use the laptop when away from home).

OTOH several persons using the same computer and not having separate user accounts will be counted as single person. I'm sure that especially for home installations this is not uncommon.

just plain wrong

[eneville]

i think this is very wrong. who counts the number of cookies as bandwidth? the bandwidth is measured at the routers, if it's not, then dont read too much into bandwidth estimates as it's nothing more than a wet finger in the air.

Re:just plain wrong

[cpghost]

In fact, it's measurable. Setting and reporting cookies (one line of HTTP per cookie) itself doesn't really influence bandwidth. It's not even a blip on the radar. BUT if websites generate different content based on the cookies (new user content, returning visitor content), and if the content size is significantly different in both cases, then bandwidth usage could go up (or down)... quite measurably sometimes.

Visitors vs. Unique Visitors..anyone?

[madsheep]

But every time you delete cookies, many of the sites you've visited count you as a new visitor next time. Yea in like 1999 this was true. Don't most websites that actually care about traffic or try to reasonably measure it go off of UNIQUE VISITORS? I think the most basic of webstats programs for 5+ years now know and show the difference. What exactly is the point of all this? Who realistically tracks their users and bases their counts off of cookies? This is absurd. IP address has been the standard for quite some time now.

Re:Visitors vs. Unique Visitors..anyone?

[KenAndCorey]

IP address has been the standard for quite some time now.

This isn't the case. It has to be a combination of IP Address, cookies, time of hits, and even User Agents. They all have their drawbacks, but in combination they can at least improve the accuracy.

Re:Visitors vs. Unique Visitors..anyone?

[jonnythan]

So how do they differentiate between the 600 employees at my company that use a standard browser installation and share an IP address?

Re:Visitors vs. Unique Visitors..anyone?

[madsheep]

Exactly? So how do you distinguish between that company with 2000 users with a standard load browser that does not accept cookies and they all go out a proxy? You can try and track every single user in the world, but most to any given site won't be going out a shared proxy. IP address has, is, and will be the way to go.

Re:Visitors vs. Unique Visitors..anyone?

[Todd+Knarr]

Unfortunately IP address doesn't work. NAT can put anywhere from a couple (small home network) to thousands (corporate networks) of individual machines behind a single IP address. The common ISP practice of using dynamic addresses can result in a single machine having anywhere from one address for years at a time to a different address every hour. Most web-statistics companies have abandoned IP addresses as a valid identifier.

Most of them do in fact rely on cookies of one sort or another. Most rely on browser cookies, a few are using Flash or media-player cookies. All of them suffer from the fact that cookie deletion or filtering in the browser corrupts the statistics. Blocking of cookies completely is the easiest form to deal with, the server-side code can check whether cookies were in fact set and simply discard data from browsers that don't accept cookies. Cookie deletion, or forcing cookies to have session lifetimes, is harder to deal with since to the server it looks like the cookies are good but in reality they can't provide information about visitors, only sessions. The worst are one-shot cookies, where the browser will let a new cookie be set but then won't permit it to be modified or removed. The big problem with them is that any test will overlap to some degree with normal cookie behavior, so you end up having to balance how much corruption you're getting relative to how much good data you're throwing out by mistake.

Most web-statistics firms are working to avoid the worst of the problems by moving their machines into the DNS namespace of the sites they're collecting statistics on. That helps get around third-party cookie behavior in browsers, and should work until browsers either start having extensive host-specific block lists or start allowing cookie filtering based on IP address instead of URL hostname.

I always considered the intricacies an interesting puzzle, and wringing every bit of validity possible out of the system a challenge. Management, unfortunately, doesn't want to hear about the intricaties, they just want to hear that there's no problems, everything's fine and the numbers they're giving their customers are perfect. Customers, even more unfortunately, don't want to hear about any problems, they just want to hear that the numbers they're getting are perfect. Sooner or later the cluebat will get applied.

Re:Visitors vs. Unique Visitors..anyone?

[CastrTroy]

Wouldn't putting thousands of users behind a single IP address via NAT create some problems? From my understanding, when you connect through a NAT, it gives you a port, and anything coming back over that port goes back to your computer. So if you have 5000 users, and there's 65000 ports, that's only 13 ports per user. I guess that not everyone would be connecting all the time, but what is the effective limit of number of people you can have behind a single IP address?

Re:Visitors vs. Unique Visitors..anyone?

[Todd+Knarr]

Most people aren't running connections continuously. Web browsing in particular uses ports on a very short-term basis. The hardware also handles the problem to a degree, either delaying until a port's available or simply rejecting the attempt and letting the browser handle it. To users this appears as just normal slow-downs and errors. Errors in particular people tend to ignore. How often have you seen the broken-image link on a page and thought "Oh, another glitch." and paid it no more mind? As ad-laden as a lot of commercial web-site pages are, errors mostly tend to be in advertising images or scripts and the breakage doesn't affect anything the user cares about. They literally won't notice there's a problem.

Re:Visitors vs. Unique Visitors..anyone?

[Eivind]

The practical limit for users doing websurfing is huge. 13 ports per user is much much more than you need, infact 1 port pr user may be more than you need.

A single TCP-connection is identified by a quad: ip and port for the two destinations.

So, you only really need a new source-port for every internal user who visits the same site.

NAT is implemented by maintaining an internal table of what external ips/ports should be mapped to which internal ip/port. An example:

• Internal machine X makes a connection from its port Y to external ip Z port W.
• Nat machine Z takes note of X:Y - Z:W and uses its external port Q for this.
• Later, when a packet from Z:W arrives on port Q, the internal table says to forward this to X:Y internally.
  • This way, a second request can use the same external port Q, aslong as the new request ain't also directed at Z:W (in which case it'll need to use a new port)

    Practical result ?

    You can use a single external IP for a group of websurfers, the size of the group has a limit, you run into trouble the moment more than 65000 of your internal users want to visit the same website simultaneously. With simultaneously being defined as within the timeout of the NAT-table (typically 1-5 minutes)

    Atleast a million websurfers can easily hide behind a single IP using this technique. 10 million if they're not hugely active, or if they don't visit the same sites all the time. Not that there's any reason to. Ips aren't *that* hard to come by.

    You could increase this by another order of magnitude or two by also taking sequence-numbers into the NAT-tables. Two different users connecting to the same service at the same time are likely to get sequence-numbers different enough that the two connections can be recognized based on this. This ain't really a good idea though, because if you did this, you could get unlucky and have two connections accidentaly get sequence-numbers close to oneanother.

    Besides, you don't really have a *reason* for hiding a billion websurfers behind a single IP, now do you ?

Re:Visitors vs. Unique Visitors..anyone?

[innocent_white_lamb]

That is extremely interesting, indeed. Thank you for a very enlightening explanation.
 
One further question: How do you assign internal IP addresses in that situation?
 
For example, if I have a common router (Dlink or whatever), it will assign internal addresses from the 192.168.0.x range; I have always taken that to mean 253 users per router (192.168.0.2 through 192.168.0.254). How do I get more on the external IP that the first router is talking through? Plug in another router to the existing router and get another 253 users again?

Re:Visitors vs. Unique Visitors..anyone?

[Todd+Knarr]

Expand or change the internal netblock. The 192.168.0.0/24 netblock that's normal for home routers isn't writ in stone. Corporate networks usually use the 10.0.0.0/8 reserved block instead, allowing for 16 million internal machines. You can also use the entire 256-network range of the 192.168.0.0/16 reserved block (256 contiguous /24 networks), allowing for 64K machines within it, but generally if you're going to do that you just use a /16 network from the 172.16.0.0/12 block (16 contiguous /16 networks) instead. Commercial-grade routers will let you use all networks from all the reserved blocks at the same time if you really really want to, but I'd start to question the sanity of whoever designed that network.

Re:Visitors vs. Unique Visitors..anyone?

[Eivind]

You use one of the larger "reserved" netblocks. Such as 10.0.0.0/8 which has 2^24 or around 16 million available ips in it.

I'm not saying a el-cheapo D-link for $50 would actually manage to maintain NAT for a million users. For one, it doesn't have enough RAM for the NAT-table. I'm just saying, there's nothing technically in NAT that prevents a million or more users from sharing a single IP.

The NAT-table can be dealt with on a larger router. You have 1 million active users and 10 million NAT-entries that aren't expired. (i.e. less than 5 minutes old) (this would mean your users visit a new page every 30 seconds on average -- very active usage) One NAT-table entry is on the order of 16 (minimum) to 64 bytes. So the total space-requirement would be 160 - 640MB for the NAT-table alone. Which a el-cheapo D-link doesn't have. Neither does it have the performance nessecary.

There's other reasons why you'd not actually want to do this. But lack of external ports ain't one of them.

people are self-reporting anyway, so what?

[Gothmolly]

So now instead of innocent webmasters naively listing more hit counts than they have, they'll just simply lie about their hitcounts to inflate the numbers.

The effect of this is what?

... and

Most pointless article ever. Why the fuck do I care about people inflating their web traffic?

If you don't give stores your phone number, they may inflate their customer count.

Re:... and

[Dogtanian]

Most pointless article ever. Why the fuck do I care about people inflating their web traffic? If you don't give stores your phone number, they may inflate their customer count. Give it a break; you had a valid point first time round, second time is excusable, third similar post from the same person (AC or not, it obviously is) just smacks of trying to get attention.

It Probably Evens Out

[TheLazySci-FiAuthor]

Since I block javascript by default, I must be deflating at least some traffic statistics.

Re:It Probably Evens Out

[micromuncher]

javascript != cookies

Cookie is sent on request to a web server. Its sent back to a client on response. Disabling javascript doesn't do much with a cookie except obliterate the capability to create a cookie client side via javascript. A lot of apps don't do this. They send you your cookie which you return on subsequent requests.

Re:It Probably Evens Out

[cpghost]

That's right. Considering that each of setting and reporting a cookie takes exactly one line of HTTP per page request/response, it's really not that much - even if sites set multiple cookies (yuck!).

But the parent poster is right w.r.t. javascript/bandwidth relation: just blocking out javascript won't reduce bandwith per se, because it still has to get to the browser; but it would cut everything javascript downloads on its own, so it's not such a bad deal. NoScript is your friend...

Inflate the estimate?

[dctoastman]

If I go to the site twice, I go twice. If I delete my cache, I have to re-request everything on the page. In any case, I _AM_ causing more traffic.

It would be like saying you don't count as traffic for streets you've previously driven on.

Re:Inflate the estimate?

[delinear]

Exactly - and more to the point, when it comes to advertising, who cares if you're showing one ad to two people or showing it to the same person twice? Unless your ad is so great that every single person who sees it is a guaranteed sale, then it doesn't really matter. I'm sure once an ad has played during the superbowl and been seen by billions of people worldwide, the advertisers don't claim they should be allowed to repeat it for less, or just pull it completely, since pretty much everyone's already seen it.

Re:Don't use cookies to log traffic

This is, you'll pardon me, rampant ignorance.

Most users of many sites come from businesses. Most businesses run users through a proxy. This means that a large number of users will come from the same IP. Also, many proxies have multiple IP's they rotate users through (AOL being a great example).

Sorry, tracking by IP is significantly less accurate than tracking by cookie.

Umm... So?

[pla]

But every time you delete cookies, many of the sites you've visited count you as a new visitor next time.

I have Firefox clear my cookies on browser close... So I look like a new visitor every time I visit a site.

Perhaps someone would explain to me why I should care about this? The only use I can see for unique visitor counts (other than the trivia value) involves ad revenue - And I aggressively block almost all adverts, so don't care about that, either.

Re:Umm... So?

[prockcore]

Perhaps someone would explain to me why I should care about this?

Perhaps you could explain to us why you care so much that you have set up your browser to delete cookies when you close your browser?

Re:Umm... So?

[pla]

Perhaps you could explain to us why you care so much that you have set up your browser to delete cookies when you close your browser?

Simple, real example.

I do most of my holiday shopping online, largely from Amazon.

Every year, once I log in, Amazon innundates me with front-page crap related to what I bought for other people. I have zero interest in golf, for example, but buy a particular Ping driver for a relative, and suddenly I start seeing all the greatest new books from guys I've never heard of explaining why I suck compared to them (apparently Amazon considers golf a more lucrative topic than the sort of things I normally buy, for myself).



But that just illustrates one specific example of the overarching issue - Privacy. I like mine. Clearing cookies gives me quite a lot more of it as opposed to (potentially) letting every site I visit track my every online step.

Stats...

[Mockylock]

Whatever happened to tracking new visitors or original IPs? I'm pretty sure that even the POS hosting company I use has those basic capabilities.

Re:Stats...

[sqlrob]

So you have one person visiting several million times from Dulles, Virginia?

Re:Stats...

[Mockylock]

From AOL, or my IP?

Re:Stats...

[sqlrob]

AOL. Proxies like AOL destroy the usefulness of IP. It's one thing to lump all the users from a given company together, but from a large ISP?

Re:Stats...

[Mockylock]

I catch what you're saying. Good call. I was REALLY confused, simply because I work and live in Dulles.

good

I don't want you to know who I am dood...

Not users fault

[pianowow]

There are too many other ways of tracking unique vs. returning visitors. If a site relies only on a tracking cookie, it's their own fault for misrepresenting the new hits to their site.

It's not the fault of the person who deletes the cookie. It's the fault of the website for relying on flimsy evidence.

Re:Not users fault

[Paradise+Pete]

There are too many other ways of tracking unique vs. returning visitors. If a site relies only on a tracking cookie, it's their own fault for misrepresenting the new hits to their site.

For instance?

Google relies on cookies for some things. From the Adwords Help Center:

If cookies are disabled, cookie-based analytics programs (such as Google Analytics) will not count the visit.

Re:Not users fault

Even if it is their fault, so what? It's not the responsibility of the users to help websites collect usage data,

Re:Not users fault

[causality]

It's not the fault of the person who deletes the cookie.

What you say there is absolutely correct, but it begs the question: How would it ever be the fault of the user in any possible case? I have a newsflash for the advertisers -- you do not have a God-given inalienable right to store data on my computer. It's mine, I paid for it, and I will selectively accept or freely remove any data that you attempt to place on it, for any reason or for no reason at all. The world does not owe anyone a reliable way to track the Web surfing of others.

This and DRM are two categories where marketers act like my personal property is theirs to do with as they please, and I'm sick of the way the average "consumer" puts up with this concept or anything resembling it.

Any Web site owner who doesn't like this can feel free to block me from their Web site; since it is theirs after all, I certainly do not dispute their right to do that (they would do so to find that I can live quite well without them). But please, let's dispose of this idea that some marketer not being able to track me is somehow my fault or my problem.

I say that if your business model relies on the ability to effectively spy on people, often without their knowledge or consent, then your business model is flawed and any difficulties you encounter are well-earned. I further say that the current situation exists only because of widespread ignorance; that is, if every single person who ever went online were a thoroughly educated uber-geek and fully aware of all tracking techniques used, then no one or practically no one would ever allow any of it and the marketers would have to come up with a more reasonable way to make money.

Re:Not users fault

[prockcore]

if every single person who ever went online were a thoroughly educated uber-geek and fully aware of all tracking techniques used, then no one or practically no one would ever allow any of it and the marketers would have to come up with a more reasonable way to make money.

I'm fully aware of the tracking techniques used.. and I don't delete my cookies. I'm an anonymous number to them.

I bet you go shopping in a ski mask too, because every store video tapes you.

Re:Not users fault

because every store video tapes you.

Like the store "faithful customer cards" this process should have been banned by customers from the very first instance of such abuse, unfortunately the public is too willing to give up their privacy and thus privacy is eroded. Even my ip address should be dropped as soon as it is no longer needed for the data transfer. If I am not attacking or robbing you then you don't need my ip address or my picture or anything else once a transaction is complete.

Re:Not users fault

[qzulla]

I'm fully aware of the tracking techniques used.. and I don't delete my cookies. I'm an anonymous number to them.

Are you really? Prove it. Prove they are not tracking your IP. Even if it is dynamic there is still a trail for a time. Prove they are not tracking your MAC address. What about those little 1X1 gifs they use? Do you know all the tracking techniques used?

I doubt anyone does.

qz

Re:Not users fault

[toadlife]

Prove they are not tracking your MAC address. I doubt he's in the mood to give you a primer on networking.

Re:Not users fault

[Spacezilla]

it begs the question I think you mean it RAISES the question. :)

Huh?

[CrazyTalk]

But every time you delete cookies, many of the sites you've visited count you as a new visitor next time."

Huh? Isn't the entire POINT of cookies pretty much so sites recognize you when you return? Sorry, but this statement wins todays "No Duh" award.

Deleting is meh - have more fun

Open your cookies.txt and make subtle changes to the values. If we can encourage enough people to participate, we will rise above statistical noise to become the bane of online tracking systems.

Obviously doesn't consider p2p, VOIP, video or...

[CaptainPatent]

seeing as how p2p occupies well over 80% of all internet activity due to its high bandwidth, Deleting cookies would need the amount of information in a typical webpage to increase at least threefold assuming absolutely everyone deletes cookies. given a more logical assumption that about 30% of people delete cookies that increase in internet activity is more like nine times the information. Keep in mind this doesn't take into account other internet activity (VOIP, video, etc) and that most likely, far fewer than 30% of people regularly delete cookies.

server's fault, not the user

[brunascle]

it's the server sending the cookies, not the user. in fact, if the user is deleting the cookies then the HTTP request the user sends to the server is using less bandwidth. it's not my fault the server keeps sending me these god damn cookies.

Well... ok

[Opportunist]

I offset it by not having a spambot trojan in my system, so my addition to the unnecessary traffic is about on par with those who do have one.

Geez...

[rlbond86]

I have a hard time believing that the 1% or so of paranoid people inflate web estimates by 150%.

Re:Geez...

[CastrTroy]

It depends on the site. Take Google, or any other search engine. If each user does 1 search a day, and there are 1000 users, then over the year there are 365,000 hits. If there are 1% of users who delete cookies, then the 10 users doing 1 page hit a day, end up looking like 3650 users. So, instead of having 1000 users, you now have 990(users with cookies) + 3650 (users without cookies) = 4640 users, when in reality you only have 1000 users. So it doesn't even require 1% of users disabling cookies, or for them to visit every day to increase your traffic figures by 150%

Re:Geez...

[delinear]

The figures from TFA state that 31% of US internet users delete their cookies once per month. So if they only visit a particular site once per month, and everyone else visits the same site once per month with cookies, then the 150% figure possibly makes sense - but there are a lot of undeclared variables here. Where did they collect these stats? A tech savvy source, for instance, could skew the figures a lot. How often do visitors return to a website? If they only delete their cookies once per month but they visit every day then the inflation of figures would be much lower than 150%, not to mention that over time it would even out (a consistent influx of new users each month would balance out with a drop off of the same number of users if it was simply the same group of users deleting their cookies).

It seems to me there's too little mathematics and too much marketing in the original figures.

wait

[brunascle]

is this article actually implying that web-sites decide whether or not to send you and updated file or assume you have the file cached based on the cookie? no, no sane web developer would do that.

yes, deleting your cookies may cause the server to user more resources (because it will have to add another row to it's "unique visitors" table in the database), but that is not "web traffic".

the only bandwidth i could possibly think of is that which is being used to specifically send the cookie to the client. and that's only going to happen when the client didnt send the cookie to the server. so a web site that requies everyone to have a cookie is going to have 1 cookie transaction for every request+response: either the client sending it or the server sending it.

Fine by me

[billcopc]

Keep on clearing those cookies, advertisers pay for traffic :) More uniques means more money for me!

No, that's not really correct

No one in analytics worth their salt would take numbers at face value. It's about setting baselines and looking at trending. Getting exact numbers will never be possible based on technical limitations.

Investors? yes. Advertisers? No

I can see investors being interested in the "new visitors" number, but advertisors are more interested in "page views" or ("unique visits" if they're more sophisticated).

Page views are pretty straightforward and won't be messed around by deleted cookies (they can be manipulated by other means).

Unique visits are usually handled using session cookies expiring after 30 minutes rather than persistent cookies, so clearing your cookies won't invalidate the effects. (And for the cynical, the use of session-cookies-expired-after-30-minutes is more or less an industry standard which the advertisers and ratings outfits insist on so they can compare like-with-like. They are, after all the ones paying the money, they like to get this sort of thing right).

Boo Hoo

[Strilanc]

This is ridiculous, "whine whine, we can't count unique visitors because people are disabling cookies" You couldn't count them before! People don't match up one to one with computers. I can use multiple computers and a computer can be used by multiple people.

If only there were some mathematical field, meant to deal with uncertainties like this.

Every time you delete cookies...

[chinard]

...god kills a kitten!

Re:Every time you delete cookies...

[CaptainPatent]

no no no... I think that's for something else!

Re:Every time you delete cookies...

...an angel gets its wings!

Re:Every time you delete cookies...

[Rude+Turnip]

Hm, you're not married, are you?

Re:Every time you delete cookies...

[DreamerFi]

Approximately 70,000 dogs and cats are born in the U.S. each day, or 25,567,500 each year. Of these, roughly 54%, or 13,806,450, are cats. Since 34.5% of cats don't live to see their first birthday, we can assume that about 4,763,225 kittens die each year in the United States alone. We'll take for granted that God in His divine Wisdom purposely smote each of these kittens.

Let's assume that the idiom is talking only about male masturbation. Let's further assume, highly conservatively, that males do not start masturbating until they reach age 15. Of the total U.S. male population, 107,199,356 would then be masturbation-age males. Again, let's conservatively estimate that teenagers masturbate no more frequently than adults, and that all men masturbate an average of 20 times each month or 240 times per year. This means that each man in the United States masturbates approximately every 1.5 days. It also means that there are approximately 25,727,845,440 male masturbation sessions in the United States each year.

There are nearly 26 billion male masturbation sessions in the U.S., yet there are fewer than five million kitten deaths annually. Far from a one-to-one correlation, there are 5401.5 masturbation sessions for every single kitten death. This means that the average American man can masturbate regularly for 22.5 years before he is responsible for the death of a single kitten. Indeed, with a life expectancy of less than 75 years, the average man will be responsible for only two or three kitten deaths in a lifetime of vigorous masturbation.

Re:Every time you delete cookies...

[gemada]

best post of the year!!

Re:Every time you delete cookies...

[Grizzlysmit]

Whats all this stuff about killing kittens, is this some movie reference I've never heard of??

Re:Every time you delete cookies...

[Spacezilla]

http://images.google.com/images?q=god+kills+a+kitt en

Re:Every time you delete cookies...

[StrawberryFrog]

You're assuming that God kills only American kittens.

Re:Every time you delete cookies...

[DreamerFi]

Are you assuming only americans masturbate?

Re:Every time you delete cookies...

[StrawberryFrog]

Americans could be bigger wankers than everyone else.

Sometimes that's for traffic, though.

[Kadin2048]

I'm sure there are lots of reasons for doing it, but most bulletin boards that require registration in order to read, at least in my experience, do it in order to limit traffic, not count it. It's a way of keeping costs down, albeit at the expense of making the board less useful as a resource to the general public.

Unfortunately the best board relating to Knoppmyth is like this; it was just too expensive for the maintainer to run openly; the traffic cost too much. By requiring registration to read, it cut down on traffic enough to make it affordable. Given the choice between a register-before-reading board and no board at all, I think the public is best served by the former.

Re:Sometimes that's for traffic, though.

[jandrese]

See, I disagree there. This means a lot of the valuable information is locked up in a forum that people may well not find because it doesn't show up very highly in Google. The public may be better served by abandoning the guy on a shoestring budget and posting in forums that get indexed by search engines.

Re:Sometimes that's for traffic, though.

[Moofie]

IFF the public agrees with you, that will happen.

Since (according to my gp) it hasn't happened, I suggest you re-visit your premises.

It's not up to the board admins to foot the bill to make the information publicly available. It's up to the board admins to do whatever it is they want to do without any regard for value sets other than their own (within the bounds of the law, of course).

Nobody's fault, nobody's news

[jfengel]

I don't think it's a question of fault. This is really a warning to webmasters, and to the advertisers who use the statistics.

I'm hard pressed to say how this is news exactly. It's really a press release from a company called comScore. Betcha they've got a service to provide more accurate counts that they'd be happy to sell you.

Waffer thin

[Forget4it]

I never realized that Bit Torrent involved cookies.

Car analogy

Why the exercise in counting the number of unique visitors instead of total page views? If you're measuring traffic on a bridge, you'd count how many cars cross it per day. Why care if the same guy crossed it 10 times?

That's nothing, think of people use muliple PC's

[Xenna]

I use a PC at work.
And another one at home, well even two sometimes.
And a smart phone equipped with a browser.

So I inflate web usage statistics with 100 to 300%?

And then there are people sharing the same PC/account deflating the stats...

All of us who host websites know how unreliable statistics are. Nothing new there...

X.

Yeah, we know

[smooth+wombat]

As the article from 2005 that I linked to in a comment from yesterday, advertisers are going apeshit over people like me who delete cookies and skew their traffic results.

Oh boo hoo, cry me a river. Produce something people want and they'll come back time and again and you won't have to worry about your traffic.

I counteract that...

by using adblock and blocking all that flashy, crap, image traffic.

So, industry should thank me - oh, wait a moment...

Firefox can amplify this affect

There is a feature in Firefox that allows deleting persistent cookies at the end of the session. It was first introduced in IE6, called "downgrading" but the IE options do not allow configuring the cookie settings to use it.
See http://randomoracle.spaces.live.com/blog/cns!31E31 D6FA273C756!153.entry for an overview of downgrading.

Downgrading can increase the skewing of user stats. Instead of having to wait for user manually deleting cookies, it happens automatically and each new session registers as a new unique user

By the way, rejecting all cookies does not skew user count statistics, because it is possible to detect that cookie was not set. As simple defense, the count should be incremented when cookie is received not when it is set.

Privacy is an illusion

[bahwi]

As soon as you log on to a site connected with certain advertisers your brand new not you unique cookie is again linked back to your old account thru backend calls between advertisers and accounts. Yeah, there's a minor % that is wrong because of people using other's computers, but it's better than having people delete cookies being new customers again. Yeah, a lot of random sites you probably will never go to again don't know you from one to the other, but others get who you are from your cookie linked to their advertiser, and as soon as you log in to any of the sites that have the same advertiser, you're linked up again and some sites do it retroactively. Of course, if you want privacy, better than a cookie blocker is actually adblock and the filterset.g updater. Those give you more privacy than deleting your cookies. But yes, it's possible to track you past the cookies.

There's a few fingerprinting companies out there, track you by stuff plugins give away(dates, versions, etc.. anything the plugin will give up). I've even heard of a company using the time offset from your computer from your web browser(which passes the time back in milliseconds since 1970, IIRC) and combined with some other methods it really helps you track people down. Not to mention you can combine all this with your IP address and you're pretty good. But deleting cookies doesn't really help you, it's more of a minor inconvenience to the small companies who don't really care to track you that much, and a tiny hurdle to larger companies who do care and who are already doing it and some that even know you before the cookie. (Don't accept cookies? Check for that, and IP address, flash version, time offset(if it's possible), what plugins are installed via navigator.plugins and you're pretty close to a positive ID. Of course there are many other ways and I don't know any of them. So, delete your cookies if you want, but realize it's not much of a help.

Adblock is, and ultimately those who really want to track you probably can.

Re:Privacy is an illusion

I've even heard of a company using the time offset from your computer from your web browser(which passes the time back in milliseconds since 1970, IIRC) and combined with some other methods it really helps you track people down. Not to mention you can combine all this with your IP address and you're pretty good.

I have js disabled, they could still use HTTP caching to measure my clock drift between NTP syncs (daily) if it weren't 1. for network latency and 2. proxies.

IP address,

Proxied

flash version,

None

time offset(if it's possible),

Javascript is disabled and I'm generally using proxies or even X forwarding /VNC from a machine on a different continent.

what plugins are installed via navigator.plugins

None and javascript is disabled so they can't even check

Plenty of people gain from making it appear that privacy is an illusion. That's an illusion in itself, one that a little technical knowledge lets you see right through.

Mod Parent Informative!

n/t

So what?

[bratwiz]

So what? Not my problem. And if sites didn't go so far out of their way to invade my privacy with cookies, I probably wouldn't feel compelled to clear them out as often and they'd have better stats. So I say again-- so what? They've made their bed, let 'em lie in it and stop complaining. Or else maybe work out a deal to get the RIAA to sue people who clear their tracking cookies...

Re:That's nothing, think of people use muliple PC'

[BagOCrap]

Precisely. Make that five computers with as many public IPs for me. Google and my local newspaper must love how much traffic I generate every day. Inflation alert!

So it messes up market research, too? Cool.

All the more reason to delete cookies often, or keep them from being set in the first place. With the exception of a few trusted sites.

Why would I care?

[rbowen]

I simply don't care, and can't fathom why I should care. It is not, never has been, and never will be my responsibility to ensure the accuracy of statistical reports on sites that I visit. What data is stored on my personal computer is my business, and nobody else's. Is there seriously anybody who thinks that this is actual news? Are there seriously people who are able to get funding for such intuitively obvious research? Where do I get my cut?

Cookies by the FCC?

[guruevi]

Since when did cookies go wireless? I though the FDA might look into issues with cookies... those darn girl scouts!

Re:Don't use cookies to log traffic

If you require your users to log in, there shouldn't be a need for any cookies (except for the remember my username cookie), all user preferences/tracking data can be stored on the server.

Maybe websites "shouldn't" use cookies for tracking, but it's more effective than using IP so they will be used for cookies.

I do it automatically

[Rix]

I tell firefox to treat all cookies as session cookies, with a whitelist of sites I trust or don't care if they track me. I stay logged in where I need to, and dump bad cookies without having the problems associated with not accepting cookies in the first place.

Oh boy...

[Seoulstriker]

Dear Anonymous Coward,

So, you're the little bastard who keeps forwarding me that crap.

This year... no presents for you!!!

Sincerely,
Santa H. Claus
santa@northpole.net

Re:Oh boy...

[osu-neko]

Do Santa and Jesus have the same middle name?

Re:Oh boy...

[Oktober+Sunset]

yes, cos they are secretly the same person. You think Jesus would let some fat man hijack his holiday? Hell no, he killed the real Santa back in the 20's and stole his identity.

Re:Oh boy...

Anagram santa = satan

Re:Oh boy...

[KDR_11k]

In some regions the presents are attributed to Jesus himself instead of any Santa Claus.

Re:Oh boy...

[rainman_bc]

In some regions the presents are attributed to Jesus himself instead of any Santa Claus.

Why not? Believing in one is just as silly as believing in the other ;)

You can just block them, you know...

[Chemisor]

I don't delete cookies because I don't accept them in the first place. I explicitly allow the sites where I want to be tracked, of course, like Slashdot, but everywhere else the browser is set to block everything by default. If the site doesn't work without cookies, you can allow session cookies, which is usually enough. Or, just leave. There are likely to be plenty of other sites with the same information but without the stupid cookie requirement.

IP and DB client info storage

[amoeba47]

As a developer, that's why I use the IP address and a database for storing user session data. Cookies are too unreliable

Re:IP and DB client info storage

[Sir+Runcible+Spoon]

So you are keying your user's session by their incoming IP address?

That's interesting. Er - and you don't find that all the users logged into the same machine, or behind the same ISP's gateway are accessing the same session?

Funny, I knew cookies weren't perfect, but I thought they were as good as it gets when it comes to tracking users.

Tell me - when you go to www.dnsstuff.com and look at your external IP address at the top of the screen, do you see the same address as the guy at the next desk?

That explains quite a bit.

[Cathoderoytube]

This is a pretty interesting find. I went over the math to see what the numbers really were, then I did it again, because I couldn't believe it. Turns out, only 5 people actually use the internet, all from the same library. This obviously raises a few rather important questions, but I think more or less explains everything else... Like why that book I just bought off amazon.com said 'property of Peterbourough public library' inside the cover

how about making cookies.txt read only?

[wandlerer]

I am not really current on browser operations, but I just make the cookies.txt file read only.

Browser starts up, sites throw cookies at it, the cookies stay in memory until the browser is closed, and then start fresh the next time the browser is opened. I don't get permanent cookies written in my cookie.txt file ever. Of course I have to log in every time I start the browser too. I also "accept" all cookies, because I know they will not be written.

I guess the downside is that I have to look at the cookies from the browser vs the .txt file, but I don't do that too often.

Any other problems [security, etc] with this approach that I am missing?

Has anybody thought of the consequences?

[dzfoo]

OMG!!! Do not delete those cookies!!!1one

Every time you delete a cookie god kills a kitten.

          -dZ.

OK...

So they just realised cookie isn't a reliable way to track traffic?

Well, it took them long enough, surely they would find new and more accurate ways.

not me

[kcornwell]

I use IP addresses instead for an idiotproof experience. http://www.idiotproofwebsite.com

Insignificant compared to windows re-installs

[edfardos]

Those of us who know how to delete cookies now and then and actually do are insignificant to the number of people who must constantly re-install Microsoft Windows, and by effect, clear all their cookies.

So how many cookies are sent with the HTTPRequest?

[kenevel]

If I delete my cookies (and assuming the server doesn't just send me a whole bunch of new ones), aren't I lessening internet traffic? All your cookies for a given domain, path and protocol (http or https) will be sent with each and every request you make - and that includes image requests etc. made while rendering HTML. Surely the less cookies you transmit the better.

Following on from that, the less requests you make the better. At work we found that the number of individual requests made by an old-school internet page (tables & spacer images) with poor HTTP header caching values amounted to some ungodly bandwidth, and after we fixed the caching headers for the images etc, the load dropped off enormously. It goes to show how many requests your browser makes for you and also how many times it'll transmit all your relevant cookies to the server.

So get deleting...

Cheers

Mike

IPA Registry?

[nukeforum]

Perhaps there could be a projected amount of possible, individual IPA logs from an area based on a IP annual report of subscriber amounts, accessible through some web page or another. Then, end of the year web activity reports could be compared to possible number of individual hits based on number of subscribers. Or maybe I don't know enough about the internet to be giving input on this. Just thought I'd give a suggestion.

CookieCuller is a good firefox cookie mgr plugin

[chongo]

'' Anyone have other suggested software they prefer? ''

I recommend the CookieCuller firefox plugin to control cookies:

http://cookieculler.mozdev.org/installation.html

CookieCuller gives you the option to remove all non-protected cookies when firefox restarts. You choose which cookies, if any, that deserve protection.

I configure CookieCuller as follows:

1. Tools->Add-ons->CookieCuller->Preferences and check: [x] Delete Unprotected Cookies on Startup
2. View->Toolbars->Customize and Drag the CookieCuller icon (A chocolate chip cookie) to the toolbar panel
3. Click on the CookieCuller icon, select any cookies you which to protect (if any) and click Protect Cookie

Even if a site requires you to accept their long life cookies, on restart CookieCuller will toss your cookies! :-)