Forgot your password?
typodupeerror
Privacy

Net Marketers Worried as Cookies Lose Effectiveness 556

Posted by CmdrTaco
from the only-a-matter-of-time dept.
Saint Aardvark writes "The Globe and Mail reports that Internet marketers are worried about the decreasing persistence of cookies. Almost 40% of surfers delete them on a monthly basis, says Jupiter Research -- a fact one marketers attributes to incorrect associations with spyware and privacy invasion. United Virtualities' Flash-based tracking system is mentioned as a possible substitute...though they don't mention the Firefox plugin that removes them, or talk in any meaningful way about why people might want cookies gone. Still, the article is a good overview of life from the marketer's perspective."
This discussion has been archived. No new comments can be posted.

Net Marketers Worried as Cookies Lose Effectiveness

Comments Filter:
  • by XorNand (517466) * on Thursday July 21, 2005 @03:04PM (#13127504)
    Going to play the devil's advocate here, because I know how most of the rest of you feel:

    I used to be the web architect for a .com a few years ago. I created a custom metrics program that intergrated into into our (also custom) ecommerce application. To track users, I gave them a single, persistant cookie that contained only a GUID. I used this information to determine our converstion ratio (number of visitors to buyers), figure out the top paths through the site, determine percentage of traffic that was return visitors, etc.

    All this stuff was entirely anonymous unless they purchased something from us. But, even then their site history was really only incidently linked to their contact info because we never correlated the data together. Why would I? Knowing that "John Smith" visited our site 3 times a week isn't really any more insightful that knowing that "User #5233258" visited us 3 times a week. The data was only useful in aggregate. For example, knowing that the last page 20% of people visited was our contact page, yet only 10% of those people actually submitted the form would make me reevaluate that page. Maybe the contact form wasn't very user friendly? So, I'd tweak it and then recompare the metrics.

    The whole point of my tracking was to better serve our visitors and eventual customers. I wanted to make it easier for them to do what they came to our site to do. Or it would help us target our advertising for effectively. If a lot of people clicking through from a banner ad we had on Site A tended to buy Widget B, we'd decide to modify the banner ad to specifically highlight Widget B. Maybe my attitude is different than most, but I can't be unique. I never looked down upon our visitors, feeling that I was hearding cattle together to be slaughtered, or at least ripped off. Quite the opposite. These visitors wanted to be on my site, elsewise they wouldn't have dropped by. It felt pretty cool that so many people were coming to a site that I was responsible for managing. These people were supplying my paycheck and I had to make sure that they preffered our site to our competitors'. If a lot of visitors deleted that single cookie I used, that made that job much more difficult.

    Does that still make me evil?
    • Cookies are fine for storing login information. If a user wants to keep a persistent cookie to make their visits to my site easier they are free to click the box. If they only want a session ID then they can login, use the site, and leave w/o a cookie.

      Why do companies think that it is important to not tell a user up front that they are going to get a cookie w/o logging in?

      Yeah, they might have been paying your wages and you were just doing your job but I don't see how aggregating statistics need to be d
      • Yeah, they might have been paying your wages and you were just doing your job but I don't see how aggregating statistics need to be done via cookies. Can't you do it through your logs?

        Nope. Thanks to the prevalence of proxies, log data should be considered nearly useless.

      • If the task were possible by using logs, would that make it ok? I don't really see the distinction: Using a cookie to track a user for aggregate data is bad, but using logs to track a user for aggregate data is ok?
    • I think you make some really interesting points. From one aspect, you are tracking users by depositing information on their computer. While you claim this information could not be used to identify them elsewhere, it's certainly a concern with less careful web developers at the cookie helm. At the same time, you make an interesting point about how a store owner may want to track how their users use their site, what brings them there, and what they look for. If you think of a real store, the owner would c
      • I think you make some really interesting points. From one aspect, you are tracking users by depositing information on their computer. While you claim this information could not be used to identify them elsewhere, it's certainly a concern with less careful web developers at the cookie helm.

        Cookies cannot be accessed by sites that did not put them there in the first place. The carefulness of web developers has nothing to do with anything.

        Advertising companies that embed ads in the web pages you surf ca

        • by neil.pearce (53830) on Thursday July 21, 2005 @06:10PM (#13129846) Homepage
          Cookies cannot be accessed by sites that did not put them there in the first place
          You'd hope that would be true, but historically that has not been the case. A google for "cookie exploits", "cookie migration" and even a browse of IE "domain" bugs shows this to be true.

          The carefulness of web developers has nothing to do with anything.
          Really? Some years ago I noticed that the FriendsReunited.co.uk website set a cookie after I'd logged in, along the lines of "confirmeduser=23959".
          What happened if I modified the cookie? Yep, you guessed it... ability to modify somebody elses details.

          As a web developer, I know that cookies are a good solution to the problem of maintaining state in a stateless medium
          If the medium is stateless there is no solution. You mean "as a lazy developer, cookies work most of the time"?

          As a web developer
          I'm guessing you claim cookies to be "good" because your development environment/web-server is not configured to allow anything else? Why not just append a "&sessionid=[big binary data]" to all your page links? I'm guessing that, despite being a "web developer" you are not given the ability to do so
          • by Bitsy Boffin (110334) on Thursday July 21, 2005 @07:55PM (#13130623) Homepage
            "&sessionid=[big binary data]" to all your page links? I'm guessing that, despite being a "web developer" you are not given the ability to do so


            Because that will inevitably lead to session hijacking. Either through a proxy or people sharing bookmarks.

            Cookies for session ID storage reduce the first problem (but don't remove it totally), and eliminate the second.

            They also reduce code, and remove session id's from URLs which is not where they belong for most URLs (why should the "aboutus" page need a session id, how is that useful, but if passing session id's on the url then it's required even though "aboutus" couldn't care less).
    • Yes, yes it does. (Score:5, Insightful)

      by Otto (17870) on Thursday July 21, 2005 @03:10PM (#13127600) Homepage Journal
      only incidently linked to their contact info because we never correlated the data together ...
      Does that still make me evil?


      Yep.

      If you have the *ability* to do it, then somebody in your organization eventually will decide that it sounds like a good idea.

      This is why all my browsing is cookie-free (or rather, cookies being allowed on a whitelist basis and everything else removed on browser shutdown). I don't want you to have that ability to track what I do on your site for very long. Regardless of whether you use that ability or not, I don't trust you to behave properly with that information. Why should I? I don't know you.
      • by Miros (734652) on Thursday July 21, 2005 @03:14PM (#13127658)
        If you dont trust the website, why would you ever give it personal information anyway? In the above poster's example, he said that they collected personal information about users when they would buy something (when else?). I'm sure that you're not suggesting that you buy things from websites that you dont trust.... SO, what are you saying exactly? You sound paranoid.
        • Why not? (Score:2, Insightful)

          by Otto (17870)
          I'm sure that you're not suggesting that you buy things from websites that you dont trust....

          Why not? Buying things online means, at worst, giving out info from a credit card. If they prove untrustworthy, then I call up the credit card company and reverse the charge. Trust does not have to be involved to engage in a purchase. You buy from people you don't any basis of trust for all the time.

          However, WTF would he need to know I came back to his site later? WTF would he need to know that I visited his sit
          • Re:Why not? (Score:2, Insightful)

            by Miros (734652)
            Do you shop more than once at the same store? gas station? cvs? etc? What is the differnce between a cookie, and a clerk who recognizes your face? I mean, I completly understand your love of privacy, and I believe that it is your right to keep that information to yourself if you want to. But at the same time, your WTFs ask for a why; the why is simple. If they know their customers a little better, they can improve their business, just as any salesman who recognized a regular customer would. But if you
            • Re:Why not? (Score:5, Insightful)

              by periol (767926) on Thursday July 21, 2005 @03:35PM (#13127949) Homepage
              But ultimatly, most users would probably enjoy the massive improvments in customer expierience that could be achieved using this information.

              When I go to the gas station, the attendant does not put a tracking device on the car that keeps track of everything I look at in the store and allows him to take note of whether I stop off for gas with one of his competitors.

              Here's the problem: companies are impersonal. So are websites. No amount of "tracking" will make a website seem like a conversation with anohter person. If you want my opinion, ask for it. Either way, I will be deleting cookies from your website every day.
              • Re:Why not? (Score:5, Informative)

                by ip_fired (730445) on Thursday July 21, 2005 @04:09PM (#13128421) Homepage
                Cookies don't track which sites you go to. A cookie has a domain that it actually is assigned to. When you visit that domain, the web browser sends that cookie to the server. If I go to amazon.com and they put a cookie on my system, then the only people who can look at it is amazon.com. They can't tell that I also went to overstock.com and looked at books. And overstock can't tell that I've been to amazon.

                The only time they can get this information is if a third party has an Ad, or some other content on both sites (which is what makes cookies from ad sites more dangerous).

                So really, when you go to the gas station, the attendant doesn't have to put a tracking device on your car. Just record your license plate (after all, isn't that all a GUID is?) Your car always has it's license plate, and so they can see who it is. Then they can track your usage at the gas station.

                Cookies can provide useful information to the site developer. You like visiting well designed websites right? Getting information that will help you streamline the site is a good reason to track those statistics.

                You are being too paranoid. Get adblock, only allow cookies to be set by the originating website and use a hosts file that blocks most ad sites and then you won't have to worry about it.
                • Re:Why not? (Score:3, Insightful)

                  by Otto (17870)
                  Get adblock, only allow cookies to be set by the originating website and use a hosts file that blocks most ad sites and then you won't have to worry about it.

                  Holy crap that's a lot of work. I simply changed my preferences to "delete cookies at shutdown" and then add sites I want to remember me on a site-by-site basis.

                  Far, far simpler. Far, far more effective. When I find a new site and decide I want them to remember me, I simply add that new site to the whitelist. No hosts file slowdown (and no need to m
                • Re:Why not? (Score:5, Insightful)

                  by TCM (130219) on Thursday July 21, 2005 @04:42PM (#13128870)
                  Cookies don't track which sites you go to. A cookie has a domain that it actually is assigned to. When you visit that domain, the web browser sends that cookie to the server. If I go to amazon.com and they put a cookie on my system, then the only people who can look at it is amazon.com.

                  Well, Sherlock, we're talking about the marketers like Doubleclick here. Doubleclick has banners on countless websites. Each banner's picture has the website it's displayed on encoded in the URL. Additionally, they set cookies from the domain doubleclick.net. Now what happens? Doubleclick can track you because each of their banners on all sites they have a banner on can read the cookie.
                • Re:Why not? (Score:3, Insightful)

                  by dillon_rinker (17944)
                  Cookies don't track which sites you go to.
                  Right. And guns don't kill people.

                  The only time they can get this information is if a third party has an Ad, or some other content on both sites
                  Exactly. And the only time a gun is dangerous is when it is loaded and pointed at you.

                  Your car always has it's license plate, and so they can see who it is.
                  No one tracks license plates. The benefits of tracking them are far outweighed by the costs.

                  You like visiting well designed websites right?
                  You like candy, don'
            • by Otto (17870) on Thursday July 21, 2005 @03:35PM (#13127960) Homepage Journal
              If they know their customers a little better...

              But they don't know me. They will never know me.

              "Knowing me" means knowing my name, shaking hands, asking me about things we've discussed in the past. That's being friends with somebody. That's knowing them. That's what your idea of the "clerk who recognizes your face" is about, no? The little guy running the corner market, sort of thing. :P

              Some dude running a website on the opposite side of the country will never know me. At best, he'll know what I've bought from him and other website owners that he shares information with or advertises with. Knowing what I buy doesn't mean he "knows me". It means he's treating me as an impersonal entity to be exploited, somebody to attempt to get more money from. It doesn't mean he's treating me as a fellow human being deserving of respect and friendship.

              No, fuck that, I'll remain a stranger to that guy across the country running a website, and I'll know the guy who sells me my fresh fruit down on the corner market, and I'm quite comfortable with that and don't see it as a conflict whatsoever.
              • Welcome to the new age. Information is now far more profitable than any tangible good. It surprises me that people on a technology website are so unaware or unwilling to realise this, despite the fact it is technology and the internet that's increasing the pace and efficiency of this new market.

                You are not valuable, your information is, but not on its own, nobody is sufficiently important to warrant any company to change its habits based on one customer. Once information is collated and processed, it be
            • Re:Why not? (Score:5, Interesting)

              by NickFortune (613926) on Thursday July 21, 2005 @04:14PM (#13128507) Homepage Journal
              I mean, I completly understand your love of privacy, and I believe that it is your right to keep that information to yourself if you want to. Excellent. That is all I ask.

              If they know their customers a little better, they can improve their business, just as any salesman who recognized a regular customer would.

              To the benefit of whom? I feel no incentive to assist in this process.

              But if you feel better always being a stranger then I dont see any problem with that. A stranger to whom? To doubleclick.net? Yes please! And let us not forget the resale value of aggregated marketing data. I think I'd like to remain a stranger to a lot of people online.

              But not everyone. I don't post as an AC for example. I think I can manage my own privacy thank you.

              But ultimatly, most users would probably enjoy the massive improvments in customer expierience that could be achieved using this information.

              "could" being the significant term. I have no confidence that this information would be utilised to improve my life. What they going to do? Give me targetted ads? Adverts that more closely match my interests? Only an adman thinks of that as a benefit.

              And I've yet to hear mention of any other

        • by TopSpin (753) *
          sure that you're not suggesting that you buy things from websites that you dont trust....

          Contemporary life does not provide us with the option of trusting every entity with whom we interact. Do you trust your electric utility and their outsourced billing department? What about the clerk behind the counter at the gas station who now has your credit card number, license plate and photograph? What about that cable company and their computing hardware embedded in your home?

          The parent recognizes that some
          • Marketeers often forget that the user actually has some say in the process as well. Just as services like Paypal allow you to mask your credit data from a vendor, eventually anonymous buying services will provide the ability to mask your identity completely. Imagine a service, say, BuyMaster.com, combined with a new AnonyShip service from UPS or FedEx where you can purchase through them and all the vendor site knows about the purchase is it was placed through BuyMaster and then must turn the product over

      • by tgd (2822)
        Thats rediculous.

        Do you insist the security tapes are turned over when you shop at stores? Do you pay only in cash? Its hard to pay cash online, but presumably you use credit cards. Why do you trust them with your info? Its easy to track where you shop with that.

        Do you know the people at your bank? At Visa/MC? The processor? How about the people at the stores you shop at? Do you not use any of those shopper cards at the grocery store (I don't)? No Costco membership, or library card?

        You know, you're logge
        • by justforaday (560408) on Thursday July 21, 2005 @03:20PM (#13127751)
          Have you SEEN their editing abilities?

          They have editing abilities?
        • Do you insist the security tapes are turned over when you shop at stores?

          If I thought it feasible, yes, I would. It's not feasible, so no, I don't.

          Do you pay only in cash? Its hard to pay cash online, but presumably you use credit cards. Why do you trust them with your info? Its easy to track where you shop with that.

          I trust my credit card company, because hey, it's their money I'm spending. If they decide to be bastards, then I'll just not freakin' pay 'em. ;-)

          Do you know the people at your bank?
      • by MosesJones (55544) on Thursday July 21, 2005 @03:21PM (#13127759) Homepage

        Why should I? I don't know you

        Do you know your bank? I mean apart from the front-end office that takes your money?

        Do you know VISA, AMEX, Mastercard or whatever credit card you use?

        If you have the *ability* to do it, then somebody in your organization eventually will decide that it sounds like a good idea.

        And this is paranoia on crack... it assumes that people will ALWAYS do the wrong thing and will ALWAYS try and screw you about, and that customer profiling NEVER results in a better service.

        Feel happy in your paranoia, me I just assess risk on a site by site, and business by business basis.

        • And this is paranoia on crack... it assumes that people will ALWAYS do the wrong thing and will ALWAYS try and screw you about, and that customer profiling NEVER results in a better service.

          I fail to understand why people like you refer to corporations as people. I will trust any single individual more than I will ever trust any corporation. Corporations exist to extract as much money from me as possible. That's it.

          I think it is a safe assumption that corporations will *always* end up doing some
    • by Compholio (770966) on Thursday July 21, 2005 @03:11PM (#13127611)
      Knowing that "John Smith" visited our site 3 times a week isn't really any more insightful that knowing that "User #5233258" visited us 3 times a week.

      Then why isn't user 123.456.789.012 good enough?
    • If you really ARE looking at agregate statistics then how does deleting the cookie really impact your analysis, other than slightly inflating your unique visitors numbers? I would think that things like best path through the site could be determined from session cookies, no need for them to be sustained. If you want to track return purchasers just associate their account with a cookie and if they return to purchase again just reassign them their original GUID or combine the GUIDs into one trackable metric.
    • I have no problem with one site tracking my motions through their services. What bothers me is services that track me through multiple unrelated sites, some of which have my personal information on file.
    • Yes. Simply put, my sense of privacy says that I do not wish to be tracked, in any way shape or form.

      Your presumption that it is OK to do so and that because you want to make your site better you somehow have the right to presume that is arrogant and misled. I'm an anonymous visitor and I wish to remain anonymous. I do not want you recording any information on my IP, me, my browser, cookies, where else I've been on your site and how long I was there. I do not want to be given a customer number or an entry
      • by Migraineman (632203) on Thursday July 21, 2005 @03:28PM (#13127868)
        I went to a clothing store a few years ago to buy a present for the wife. I handed the cashier cash for the items, then had the following conversation -

        Cashier: May I have your phone number?
        Me: No.
        Cashier: It's only for customer satisfaction purposes ...
        Me: What part of "no" was ambiguous?
        Cashier: We need your phone number to improve customer service ...
        Me: Get your manager over here right now so I can explain why you're losing this sale, and all future sales ...
        Cashier: {types in store phone number}

        I get amazingly cheesed when businesses fail to respect my privacy (whether I have a "right" to privacy is a whole separate rant.)
        • by blitz487 (606553) on Thursday July 21, 2005 @04:09PM (#13128417)
          I had a similar experience. I went into a computer store to buy a printer. The cashier wanted my home address. I said "no". The cashier said it was their policy for all sales. I asked for the manager, who repeated that line. I asked him if he was willing to give up the sale for his policy. He said "yes", and I said it was my policy to not give out my address, and I left.

          I went to his competitor up the street, bought the same printer. I told the story to the store manager there, who had a nice laugh and was happy to get my money.

          • by jayloden (806185) on Thursday July 21, 2005 @08:07PM (#13130705)
            Look, I appreciate the sentiment - I don't like handing out my phone number or personal information for stupid reasons either.

            However, PLEASE try and remember something. The people you talk to and buy things from are not the store owners. In fact, they're lucky if they've ever even met the franchise owner of the store, let alone the owner of the company.

            You are taking out your annoyance on someone who has: a) No real interest whatsoever in whether or not you buy X piece of crap (unless they get commissions on sales) and b) No control over the policy, the system, and in most cases, the cash register either. They might be able to get around it (as the clerk did in the OP's post), but that's not the point

            The point I'm making here is this: don't get pissed at some clerk or manager at a chain store for following store policy, or expect them to change it for you, even if it's a dumb policy.

            I've worked at department stores and grocery stores, etc - it sucks. And you know what? The only people I ever really disliked when I worked any retail job were the people who thought it was MY store and MY decision to harass them for a phone number/address, whatever. These are the people that expect you to break the rules for them (c'mon, you can just give me the discount, I forgot my coupons), then treat you like shit when you follow the rules of the company that puts the paycheck in your hand at the end of the week.

            It was store policy to ask for a phone number, the register prompted for it, and we're supposed to ask. If we got shopped by a "secret shopper" or a manager caught us ignoring it, that's our ass, not the customer's. On behalf of all past, present and future retail employees: We don't care what your personal information is. We care about our paycheck and about following the rules of the job.

            I agree that it should only take one polite refusal to avoid having to give out your information. Just keep in mind that the manager may have to give approval, and in the larger chains, even the manager may not have the power to negate store policy. Either way, the bottom line is even if the manager has the ability to counteract the policy, they don't care. The manager at Best Buy is not sitting at home in a deep depression because you bought your printer at Circuit City instead.

            • by Migraineman (632203) on Thursday July 21, 2005 @09:06PM (#13131039)
              Like it or not, the cashier represents the store during the sale. During my experience at the store, I probably have the most "face time" with the cashier, and checking out ends up being the part of the sale that tends to stick in my mind. I want it to be pleasant and hassle free.

              Asking for personal information will get you a polite but terse "no." I have no intention of justifying my response to you or anyone else. Pressing the matter restults in me getting annoyed. Pressing *again* puts you in risk of losing the sale, and yes, I'm going to tell the manager why. I recognize that the cashier doesn't set the store policy. I don't think I've ever yelled at a cashier for that very reason. However, unless the store management hears about the cheesed customers and the lost sales, the store policy won't change.

              I vote with my wallet and my feet. Yelling and screaming just gets you written-off as a whackjob. Telling the manager why you're taking your business elsewhere, and then doing so, punishes the crummy vendor and rewards the competitor who doesn't have the crappy policy.
              • I vote with my wallet and my feet. Yelling and screaming just gets you written-off as a whackjob. Telling the manager why you're taking your business elsewhere, and then doing so, punishes the crummy vendor and rewards the competitor who doesn't have the crappy policy.

                Unfortunately, that has the same problem as I was discussing in my original post - the store manager doesn't care either, in most cases. The store manager in a major chain gets paid a few dollars more an hour than the cashier, has a lot

        • Boy, you sure showed them.

          Here's how I handle it:

          Cashier: May I have your phone number?
          Me: Sure! It's $(friend's ex-wife's phone number), and I'll love to hear more about other promotions you may have in the future.

        • by SatanicPuppy (611928) <Satanicpuppy@g m a i l .com> on Thursday July 21, 2005 @04:29PM (#13128717) Journal
          My ability to make up fake phone numbers is almost a brainstem response. I accidentally told a mortgage officer a fake phone number once, then had to do the lame, "Uhhh, wait that's my old number" thing.

          Whenever someone asks for info they don't need, lie. It's the only safe thing to do. I hit one of those surveys where they ask you for your computer password in exchange for a 5 dollar gift certificate.

          They said, "We'd like to offer you a free gift certificate for coffee in exchange for your password."

          And I said, "What a coincidence, my password is 'Il1k3fr33c0ff33'." I'm not sure they got it, but I got my fr33 c0ff33.

    • by Enigma_Man (756516) on Thursday July 21, 2005 @03:16PM (#13127691) Homepage
      I have a similar story. I design / manage the website for a company, and we had a reasonably big problem with using cookies for internal "tracking" purposes. Not to track customers in the "evil" way, but just to keep track of things in their shopping cart, and other similar info to what you stated. The problem we had was with people having cookies shut off. At first, we'd just not track them at all, and the shopping cart would ask them to turn on their cookies, and gave some quick directions, and links to detailed directions for different browsers. A lot of people seemed to be totally turned off by this, based on the amount of people that read the instructions and then didn't even start shopping.

      What we ended up doing was using alternate methods for tracking users as they browse around our site, mainly using links with generated tails attached to them that were unique to each visitor. Like, instead of linking to index.cfm in the navigation window, It would be index.cfm?user=5012345, and we'd keep track internally. Obviously this isn't a safe use for a shopping cart type thing, but we used other methods to secure that.

      Mainly, I just wanted to say that there are methods other than cookies that work just as well.

      -Jesse
    • Does that still make me evil?

      Yes.

      The reason for yes is because you are advocating sane uses for cookies. The marketers complaining about the loss of their cookies aren't complaining because they can't tweak their site as easily. They're complaining because they feel -- rightly or wrongly -- that they are more effective when they can track customers regardless of how the customers themselves feel about it!

      The customers are voting with their feet, or in this case their Cookie Cutters. 40% are alrea

    • But, even then their site history was really only incidently linked to their contact info because we never correlated the data together. Why would I? Knowing that "John Smith" visited our site 3 times a week isn't really any more insightful that knowing that "User #5233258" visited us 3 times a week. The data was only useful in aggregate.

      Except then you take your list of customers, and sell those lists for targeted spam (or just a valid address), or let third party sites use that cookie to deliver targete
    • Ok, you're obviously running a site that is not insignificant if you have an eCommerce application, GUID numbers and tracking individuals as they visit different pages. There are other ways to do this outside of cookies that gather non-aggregated data without putting anything on the user's machine.

      The simplest example I can think of is one Java based web application I was one of the deveopers for. We had to deal with secure logins, we had eCommerce and a variety of other things that are mostly irrelevant.
  • Maybe now... (Score:2, Interesting)

    by Miros (734652) *
    Maybe now marketing companies will try to discover new ways of generating usage statistics beyond catching, tagging, releasing, and tracking innocent internet users via cookies. This could be an excellent opportunity for innovation in the space resulting in better privacy and better statistics.
  • Sadly (Score:2, Insightful)

    If someone has money, you have no privacy.

    Its a mircale that marketing firms are not claiming to 'own' the cookies and sue you if you delete them for destruction of property.
    • Hmmm (Score:2, Interesting)

      by DarthVeda (569302)
      Seems like there was some lobbying effort once upon a time to make them the company's property. Obviously it did not get anywhere. Or maybe I'm dreaming, but I could swear I remember something along these lines in the past...
    • by tktk (540564)
      Yeah...and then we sue them back for tresspassing on private property.
  • Try getting rid of cookies on a daily basis. I know of at least 2 people who used the "saved password" feature in IE6, and had their password stolen. I tell them to first use Firefox. Then I tell them to never save anything. Leave the smallest cookie/cache possible. Delete at will.

    • Re:Monthly basis? (Score:5, Insightful)

      by phasm42 (588479) on Thursday July 21, 2005 @03:59PM (#13128256)
      And how exactly did this happen. I have not deleted my cookies for a couple YEARS since I last reloaded my computers, and have yet to have a single problem with stolen passwords or any of these other problems that evil cookies are supposedly causing.

      There is the possibility that a large enough group of companies collaborating could use the information to link purchases and browsing habits together. But I really don't care. They want to try to personalize my ads, that's fine too. Why? Because it's a free lunch. They think they're convincing me to buy stuff, when in fact I don't give a fuck. As long as the illusion is maintained, I'm happy to let them think they're learning valuable information about me. If this avenue is cut off to advertisers, either the free lunch will end or something more insidious will take its place.

      Most companies only care about using cookies to keep track of visitors to their site anyway, and this can be useful to improve the site. A site that uses tracking information to see what other sites you visit (which is difficult without having their ads directly on other sites, which usually isn't the case because someone else usually hosts the images) and sells your email address is probably not one you want to continue purchasing from.
  • So wait... (Score:5, Insightful)

    by DrEldarion (114072) on Thursday July 21, 2005 @03:06PM (#13127542)
    Hrm? They track you through the cookies, yet comparisons to "spyware" are unjustified?
  • I blame the Atkins craze for the sudden diminishing of cookies. On a side note, as a general rule, I'm pretty happy with any behavior that makes marketer's lives more difficult. Just one of those rules of thumb.
  • Don't delete cookies (Score:5, Informative)

    by i.r.id10t (595143) on Thursday July 21, 2005 @03:09PM (#13127577)
    I don't delete 'em. I log in to various sites that use them (that I want to use them), then I close the browser and then make the cookies.txt file read-only (chmod or chattr, or attrib). Get the benefit for sites I want the customizations on, don't get the tracking
  • by Rosco P. Coltrane (209368) on Thursday July 21, 2005 @03:11PM (#13127610)
    Flash-based tracking system is mentioned

    It doesn't seem to have dawned on marketers that many, many people already associate Flash with "annoying advertising", "high CPU usage for nothing" and "general nuisance", and that it is disabled in many browsers as a consequence.

    Speaking for myself, Flash is disabled. When I need it occasionally (that is, when I happen to want to play this [princeofpersiagame.com] about once a year), I re-enable it. But otherwise, I've yet to see a website sporting Flash that doesn't use it for useless eye-candy or advertising.
  • by dpbsmith (263124) on Thursday July 21, 2005 @03:11PM (#13127612) Homepage
    Cookies were intended to allow sites to serve users by providing a convenient method of preserving client-side state.

    They're intended to do legitimate things like let a site remember who you are so you don't need to log in every time you visit it, or assign a transaction code to make it easy for things like shopping carts to work... and prevent you from double-ordering if you click the "Order" button twice.

    They were never intended for the purposes to which marketers have misappropriated them.

    It's just another example of information being ostensibly collected for a purpose the user approves of, and then being secretly used for purposes the user is unaware of and might not approve of, and it justifiably makes people angry.
    • And PSP UMD disks were never intended to illegitmate things like porn. And PSP was never intended to play MAME. People should never misappropriate things, they should only do things that are strictly in accordance with the original author's world view.
      • Cookies weren't thought out in much detail when the spec was designed, and as you say they were mainly intended to make it easier to maintain state (as opposed to building ugly URLs to encode the state in.)
      • HTTP-REFERER lets an HTTP request indicate what page linked to the one you're requesting now. That means that a request for a banner ad contains the URL for the page that had the ad on it, so the banner ad company can track what page the ad was on. This not only wasn't thought out well, it wasn't ev
  • The same United Virtualities that caused me to enter into my hosts file because it kept crashing firefox (1.03 with FlashBlock 1.2.9)?

    127.0.0.1 sp21.unitedvirtualities.com

    I can't wait.
  • that Internet marketers are worried about the decreasing persistence of cookies.

    And this is a good thing, make no mistake! I don't exist simply to be prey for marketers, regardles of how they may want to feel about it! Anything that disrupts them is good.

  • "Life from the marketer's perspective" goes something like this, perhaps?

    Exploit others ...
    Exploit others ...
    Exploit others ...
    Gotta pee ...
    Exploit others ...
    Oooh! Something shiny! ...
  • Most antispyware utilities also remove tracking cookies by default, and most users never change the defaults, so tracking cookies are being removed. If there wasn't so much truly dangerous spyware out there today, the nuisance caused only by tracking cookies wouldn't be the effort to fix. But as long as users bought something that cleans it all up they're going to use it.

    Also, unscrupulous antispyware companies are sometimes using tracking cookies to scare users into buying something. Just put "spyware" in
  • Fun with Cookies (Score:5, Interesting)

    by RagingChipmunk (646664) on Thursday July 21, 2005 @03:19PM (#13127732) Homepage
    Every once in awhile I like to toy with the cookies. I'll edit their content - flip some bytes, add lots of corrupt text, delete sections. Occasionally, I'll flip all the cookies to "Read Only". Its fun to see a site occasionally puke from bogus cookie data.

  • I thought the point of deleting cookies was to screw up marketing and people leaving pieces of themselves on your computer that you don't want?
  • [suitwank]
    It's tough enough getting rich without people hiding. Don't those cookie-deleters know that it's all about relationships? What do they think, we'll sell information about them to a spammer? We use only legitimate email marketers.
    [/suitwank]

    I don't want a relationship with an online vendor. I don't want a relationship with a car salesman. I just want to be shown a product and given a price. I'll decide if I want it.

    I don't mind good service, but that's not what the suitwankers [wikipedia.org] want to

  • by base3 (539820) on Thursday July 21, 2005 @03:21PM (#13127764)
    "That cookie shit makes me nervous."
  • Almost 40% of surfers delete them on a monthly basis, says Jupiter Research -- a fact one marketers attributes to incorrect associations with spyware and privacy invasion.

    We really want to track where you've been but IT'S not spyware or privacy invasion. Really!
  • ...just ask sessions. I think there needs to be a term defining the difference between reality and the responses on Slashdot. Of course computer nerds are going to be up in arms about using cookies to track info, the rest of the planet, however, is wondering why a computer site has an article referring to baked goods.
  • Too Bad (Score:5, Insightful)

    by kenp2002 (545495) on Thursday July 21, 2005 @03:27PM (#13127852) Homepage Journal
    I hear many people complaining about EVIL marketers. Most marketing companies are rather decent people trying to find you the customer who wants their product. A VERY small % of marketing companies are shady info-whoring bastards. Targetted marking is a rather nice thing as far as I am concerned. When offered to provide interests, and the resulting ads, I find myself visiting the link. WHAT I HATE is misdirected market, you know assholes that call you about new siding on your house when you live in an apartment, or my favorite (being a married old fart) getting ads for tapons and crap like that (because the wife occassionally does some surfing under my ID).

    It's too bad a small group, as usual, ruins it for the majority.
  • What pisses me off the most about cookies is that they accumulate. Why?

    Take a look in your cookies pref page / file. Look at the expiration dates. I've found a huge percentage of sites, especially advertisers, use a date at least 10 years in the future.

    I'm unlikely to be using the same computer in 3-4 years, much less 10. Some sites even go for "2040". WTF? What's the point? If I don't visit your site within 6 months, I'm unlikely to gripe too much about having to reenter a username/password...s

  • As soon as I saw the headline something jogged my memory. Sure enough, it was a story that was rejected in March [business2.com] which had almost the same information and which I've had posted in my Journal since then.

    My favorite quote from the original story (and probably the same exact study) was from Eric Peterson of Jupiter Research:

    "If consumers adopted a friendlier attitude toward cookies, the Internet would be a better place overall."

  • by Nom du Keyboard (633989) on Thursday July 21, 2005 @03:29PM (#13127880)
    If you think this is bad, then you should plan on being very scared of IPv6 since that will have the ability to give every device a permanent non-NATted IP address that will uniquely identify you. No need for cookies on your machine. Just a central site where everyone in the sharing of information pool can go to see what user 111.111.111.111.111.111.111.111.111.111.111.111.11 1.111.111.111 has done recently, and what we should serve him up next.

    And depending on how they're assigned, they may well know your actual address as well, just from the number.

  • They abused phone calls, and that brought about the national Do Not Call list.
    They abused TV commercials, and that brought about "commercial skip" VCRs and TiVo.
    They abused pop-ups, and that brought about pop-up blockers.
    They abused Flash to make more attention-getting (read: obnoxious) banner ads, and that brought about Flashblock.
    They abused cookies, now people obsessively delete them if they allow them to be created at all.

    Am I the only one who sees a pattern here?

    ~Philly
  • 3rd party cookies (Score:5, Informative)

    by Avohir (889832) on Thursday July 21, 2005 @03:32PM (#13127921)
    I keep 3rd party cookies blocked... that keeps everything nice and clean.

    For the layman, the way these tracking cookies work is when you're visiting site A, site A has a banner from site Z. If you have 3rd party cookies enabled, not only can site A set a cookie to your harddrive, so can site Z. Now, you go to site B which also uses site Z's ads... and site Z can see you were also at site A. Block 3rd party cookies however, and you cant get a cookie from site Z unless you actually VISIT site Z.

    Disabling 3rd party cookies lets you keep their useful functions (login information at ebay, etc) and restrict the illegitimate ones (tracking my useage).

    Mike Healan from Spywareinfo.com has a good article about cookies and their spyware-esque function here: http://www.spywareinfo.net/july20,2005#cookies [spywareinfo.net]
  • Well, tough .... (Score:5, Insightful)

    by gstoddart (321705) on Thursday July 21, 2005 @03:45PM (#13128080) Homepage
    Too bad if the marketers don't like that people delete cookies.

    Companies like doubleclick and the ones who seem to only serve up annoying advertising have no expectation that I will a) accept their cookie (if you're not the site I'm visiting, why do you get a cookie?) or b) even if I did accept their cookie, that I would keep it.

    The real world would be tagging your clients. Someone comes in to browse, you snap an ear collar on him. You walk into another store, someone wants to stamp the back of your hand indicating that you've shopped there.

    I had a person at my door asking if I'd received my flyers -- when I told her than if I had I'd tossed them in the bin, she wanted my name and phone number. What part of I'm not interested in your flyer, and you don't need my contact info to respond to this?

    I wouldn't accept K-Mart putting a radio tracking collar on me, WTF do on-line marketers think they're any different?
  • what we need (Score:3, Insightful)

    by happyemoticon (543015) on Thursday July 21, 2005 @03:52PM (#13128171) Homepage
    is a rider on the next Iraq spending bill that makes deleting cookies and blocking popups illegal.
  • by Vellmont (569020) on Thursday July 21, 2005 @03:53PM (#13128179)
    Should web marketers really be surprised that constantly tagging people and most of the time and giving them no benefit at all makes them nervous? What if you had your hand stamped with invisible ink every time you went into a store, and received nothing for it? How many people would want to allow that?

    The thing is that these marketers want something for nothing. I enable the "ask for each cookie" option in mozilla, and generally click "allow for session" on 99% of most sites because they offer me NOTHING in return for tagging me. On sites like Amazon.com I can add things to my wish list without logging in, or on slashdot I can login without typing in passwords. Tvguide.com will show me my local listings, cool. I've gotten a benefit from the site knowing who I am, so I'm much more likely to allow them to know that.

    Most sites that hand out cookies give you nothing for identifying you. Why should I give them somthing they want for nothing? I certainly don't trust the average marketer to not do skeevy things like targeted pricing (looks like I visit bmw.com a lot.. I must be rich. Raise my prices by 10%).
  • Cookie Monsters (Score:5, Interesting)

    by Doc Ruby (173196) on Thursday July 21, 2005 @03:56PM (#13128210) Homepage Journal
    A client/server system without persistent client state is unuseably crippled. Cookies are a simple way to get that. If users are flushing them once a month, but need not, they must be balancing the convenience of persistence with their perceived "privacy". If just the marketers are complaining, I don't care. When the engineers complain that no persistent client state is crippling our apps, then I care.

    Marketers could stop complaining, and fund better UIs that decrease the false perception that cookies are bad. Their stealth makes them sinister, and their unmanageability makes people throw out the benign majority with the tiny malign minority. But only a generation of marketdroids could taint the deep-seated pleasant associations with "cookies" into fear of deadly poison. If they rechanelled their complaints into better UIs, they'd be "engineers", not marketdroids. So they're doomed. If only they were as doomed as the cookies they mourn.
  • by taustin (171655) on Thursday July 21, 2005 @06:57PM (#13130209) Homepage Journal
    It wouldn't be so bad.

    In theory, having cookies to track where you go and what you do is a good thing. It allows marketers to target ads at you for stuff you are actually interested in. If they actually did that.

    Unfortunately, they don't. They use it to bombard you with constant, endless ads for "related stuff", to the point where you can't actually see the content on the web page you want to read.

    Or they decide that looking at Corvette pictures means you think your penis is too small, and therefore "natural male enhancement" is a "related product."

    To hell with 'em all.
  • by scode (22551) on Thursday July 21, 2005 @07:21PM (#13130395) Homepage
    Alright, fine. Some types of cookies can be easily exploited, but there is one type of cookie that you DON'T want to turn off (and don't want people in general to turn off), and that is the session cookie.

    All this 'anti cookie' propaganda is really getting out of hand. Session cookies are a great way to securely identify a series of otherwise unrelated requests as belonging to the same session. By turning off cookies one is also disabling this very valuable feature.

    "But it doesn't matter" you say, because web sites can use URL rewriting instead. Well, think about it:

    * If URL rewriting is used, exactly how is this better, from a privacy stand-point, than a session cookie? The exact same information is propagated, so nothing is gained in terms of privacy. In addition, the "evil" people whom everybody is presumably trying to prevent from tracking a user's session can also use this technique.

    * On the issue of security and technical convenience however, you are making it worse. URL rewriting is inherently less secure in the fact of 'accidents' such as paste:ing a link (which the average joe won't understand contains sensitive information) to a work collegue sitting behind the same NAT:ing gateway. And how about referrer URL:s making it into web server logs? (There is no guarantee that the session identifier is encoded such that a security conscious browser can spot it, and refrain from sending it as part of a referrer URL to another web server.)

    Overall, session cookies are vastly superior to URL rewriting in a number of different situations. But this overzealous anti-cookie paranoia is forcing people to use URL rewriting *anyway*. In tryng to increase privacy, it has actually been lessend - along with security!

    Just to give one example of how the ACP (anti cookie paranoia) can interact with web pages: I was recently involved in a situation where some browsers would disable cookies (even session cookies) for requests that were made as part of an IFRAME on a page hosted on another domain (presumably for privacy concerns). This resulted in, for practical purposes, a total inability to use cookies on that site. URL rewriting is now used instead, to a detriment of security and privacy.

"Success covers a multitude of blunders." -- George Bernard Shaw

Working...