Net Marketers Worried as Cookies Lose Effectiveness 556
Saint Aardvark writes "The Globe and Mail reports that Internet
marketers are worried about the decreasing persistence of cookies.
Almost 40% of surfers delete them on a monthly basis, says
Jupiter Research -- a fact one marketers attributes to incorrect associations with spyware and privacy
invasion. United
Virtualities' Flash-based tracking system is mentioned as a possible
substitute...though they don't mention the Firefox plugin that removes
them, or talk in any meaningful way about why people
might want cookies gone. Still, the article is a good overview of
life from the marketer's perspective."
The other side of things. (Score:5, Informative)
I used to be the web architect for a
All this stuff was entirely anonymous unless they purchased something from us. But, even then their site history was really only incidently linked to their contact info because we never correlated the data together. Why would I? Knowing that "John Smith" visited our site 3 times a week isn't really any more insightful that knowing that "User #5233258" visited us 3 times a week. The data was only useful in aggregate. For example, knowing that the last page 20% of people visited was our contact page, yet only 10% of those people actually submitted the form would make me reevaluate that page. Maybe the contact form wasn't very user friendly? So, I'd tweak it and then recompare the metrics.
The whole point of my tracking was to better serve our visitors and eventual customers. I wanted to make it easier for them to do what they came to our site to do. Or it would help us target our advertising for effectively. If a lot of people clicking through from a banner ad we had on Site A tended to buy Widget B, we'd decide to modify the banner ad to specifically highlight Widget B. Maybe my attitude is different than most, but I can't be unique. I never looked down upon our visitors, feeling that I was hearding cattle together to be slaughtered, or at least ripped off. Quite the opposite. These visitors wanted to be on my site, elsewise they wouldn't have dropped by. It felt pretty cool that so many people were coming to a site that I was responsible for managing. These people were supplying my paycheck and I had to make sure that they preffered our site to our competitors'. If a lot of visitors deleted that single cookie I used, that made that job much more difficult.
Does that still make me evil?
Don't delete cookies (Score:5, Informative)
That's not the intended purpose of cookies (Score:5, Informative)
They're intended to do legitimate things like let a site remember who you are so you don't need to log in every time you visit it, or assign a transaction code to make it easy for things like shopping carts to work... and prevent you from double-ordering if you click the "Order" button twice.
They were never intended for the purposes to which marketers have misappropriated them.
It's just another example of information being ostensibly collected for a purpose the user approves of, and then being secretly used for purposes the user is unaware of and might not approve of, and it justifiably makes people angry.
Re:The other side of things. (Score:5, Informative)
What we ended up doing was using alternate methods for tracking users as they browse around our site, mainly using links with generated tails attached to them that were unique to each visitor. Like, instead of linking to index.cfm in the navigation window, It would be index.cfm?user=5012345, and we'd keep track internally. Obviously this isn't a safe use for a shopping cart type thing, but we used other methods to secure that.
Mainly, I just wanted to say that there are methods other than cookies that work just as well.
-Jesse
Dynamic IP's. (Score:5, Informative)
Cookies have their place... (Score:2, Informative)
Re:The other side of things. (Score:3, Informative)
Re:The other side of things. (Score:5, Informative)
-Jesse
3rd party cookies (Score:5, Informative)
For the layman, the way these tracking cookies work is when you're visiting site A, site A has a banner from site Z. If you have 3rd party cookies enabled, not only can site A set a cookie to your harddrive, so can site Z. Now, you go to site B which also uses site Z's ads... and site Z can see you were also at site A. Block 3rd party cookies however, and you cant get a cookie from site Z unless you actually VISIT site Z.
Disabling 3rd party cookies lets you keep their useful functions (login information at ebay, etc) and restrict the illegitimate ones (tracking my useage).
Mike Healan from Spywareinfo.com has a good article about cookies and their spyware-esque function here: http://www.spywareinfo.net/july20,2005#cookies [spywareinfo.net]
Non issue (Score:1, Informative)
And by the way, it is increasingly cheap to share this information with third parties. It used to be a big slowdown to communicate with other webservers (like those owned by marketing companies) over http using protocols like SOAP or XML-RPC. With processing, memory and bandwidth cheaper than ever, it's not a big issue to send your tracking information behind the scenes, further eliminating the need for tracking cookies.
By turning off your cookies, you are simply making a little tougher to track you, ensuring only that larger more sophisticated sites can operate with viable business plans. So in "protecting your privacy" you are actually squeezing out small and marginal media competitors and preserving the Web for large corporations. Congrats!
Re:Flash tracking? like hell (Score:4, Informative)
Re:That's not the intended purpose of cookies (Score:2, Informative)
It just seems like you're getting in a huff because cookies have somehow been "perverted" from their original intended use. I'd suggest that cookies didn't have any "official" intended use, but were created as a way to retain persistent information across a stateless protocol, which is what they do. Whether they're used for good or evil is another matter entirely, just like any technology.
Re:The other side of things. (Score:3, Informative)
Better yet, large organizations, (AOL especially but not exclusively), will do a madnening thing with Poxy hopping. User A might come from 3 different IP's during a single 15 minute session, tracking without some form of cookie is almost impossible, and worse yet locking a session to an IP for security fails horrendously.
Re:Why not? (Score:5, Informative)
The only time they can get this information is if a third party has an Ad, or some other content on both sites (which is what makes cookies from ad sites more dangerous).
So really, when you go to the gas station, the attendant doesn't have to put a tracking device on your car. Just record your license plate (after all, isn't that all a GUID is?) Your car always has it's license plate, and so they can see who it is. Then they can track your usage at the gas station.
Cookies can provide useful information to the site developer. You like visiting well designed websites right? Getting information that will help you streamline the site is a good reason to track those statistics.
You are being too paranoid. Get adblock, only allow cookies to be set by the originating website and use a hosts file that blocks most ad sites and then you won't have to worry about it.
Re:Tracking customer behavior (Score:4, Informative)
Whenever someone asks for info they don't need, lie. It's the only safe thing to do. I hit one of those surveys where they ask you for your computer password in exchange for a 5 dollar gift certificate.
They said, "We'd like to offer you a free gift certificate for coffee in exchange for your password."
And I said, "What a coincidence, my password is 'Il1k3fr33c0ff33'." I'm not sure they got it, but I got my fr33 c0ff33.
Paranoia Haven (Score:1, Informative)
Most of the discussion I'm seeing is "let those dirty marketing bastards choke on this!" As if the sole purpose for using cookies is malicious and couldn't actually be beneficial to both sides.
First off, if you really believe large coorporations are analyzing each of the individual millions of visitors they get each day to try to identify them personally, wringing their hands and laughing manicly in backrooms as they discuss all the ways to scam money out of you, you are a true paranoid and should seek counseling immediately. You would have to hire an entire staff who's sole purpose was to attempt to make personal connections between hundreds, thousands, even millions of tracked data and the real person, which is usually impossible, unless that visitor has registered with personal information to the site anyway, in which case the visitor obviously feels comfortable enough to let the company know who they are in the first place, and it doesn't really do that company any good to go through their specific records to see everything they did on the site... there's no benefit I can identify with doing that! It'd be EXTREMELY time consuming and probably wouldn't be effective.
In cases with large coorporations it's impossible to find a valid reason to sift through each and every visitor to see what they did and how they could be exploited... utter rubbish! That data is used for looking at visitor trends IN GENERAL, to figure out what problems the site or campaign may have to make them better. This results in a better site UI so that people can find what they're looking for quickly and easily, as well as a better all around experience for the visitor (and MAYBE even lower prices). The data can be analysed for a product page, for example, to see how many people are browsing it and following through to purchase, and how many people are leaving. This could be an indication of the product's popularity vs the purchase ratio which could signify that the price needs to be lowered or that there is a UI problem with checkout.
I don't know about you, but I purposefully leave my cookies turned on because I believe that in general they IMPROVE the web, not worsen it. There are ALWAYS going to be people trying to exploit everything technological, but they are the rare not the norm. By the same logic most of you are following, we should get rid of computers in general because people are using them for identity theft, fraud, and exploitation in general. Does that make sense?!
Makes me mad when I see the posts by paranoid masses that follow this line of logic because it's just not well thought out. And I really don't like stupid people.
Re:The other side of things. (Score:3, Informative)
Please stop the cookiephobia (Score:4, Informative)
All this 'anti cookie' propaganda is really getting out of hand. Session cookies are a great way to securely identify a series of otherwise unrelated requests as belonging to the same session. By turning off cookies one is also disabling this very valuable feature.
"But it doesn't matter" you say, because web sites can use URL rewriting instead. Well, think about it:
* If URL rewriting is used, exactly how is this better, from a privacy stand-point, than a session cookie? The exact same information is propagated, so nothing is gained in terms of privacy. In addition, the "evil" people whom everybody is presumably trying to prevent from tracking a user's session can also use this technique.
* On the issue of security and technical convenience however, you are making it worse. URL rewriting is inherently less secure in the fact of 'accidents' such as paste:ing a link (which the average joe won't understand contains sensitive information) to a work collegue sitting behind the same NAT:ing gateway. And how about referrer URL:s making it into web server logs? (There is no guarantee that the session identifier is encoded such that a security conscious browser can spot it, and refrain from sending it as part of a referrer URL to another web server.)
Overall, session cookies are vastly superior to URL rewriting in a number of different situations. But this overzealous anti-cookie paranoia is forcing people to use URL rewriting *anyway*. In tryng to increase privacy, it has actually been lessend - along with security!
Just to give one example of how the ACP (anti cookie paranoia) can interact with web pages: I was recently involved in a situation where some browsers would disable cookies (even session cookies) for requests that were made as part of an IFRAME on a page hosted on another domain (presumably for privacy concerns). This resulted in, for practical purposes, a total inability to use cookies on that site. URL rewriting is now used instead, to a detriment of security and privacy.
Slight clarification (Score:2, Informative)
Cookies + HTTP-REFERER = Unintended Consequences (Score:3, Informative)
Re:The other side of things. (Score:4, Informative)
Because that will inevitably lead to session hijacking. Either through a proxy or people sharing bookmarks.
Cookies for session ID storage reduce the first problem (but don't remove it totally), and eliminate the second.
They also reduce code, and remove session id's from URLs which is not where they belong for most URLs (why should the "aboutus" page need a session id, how is that useful, but if passing session id's on the url then it's required even though "aboutus" couldn't care less).
EPIC Page on Flash Cookies (Score:1, Informative)
It argues that the direct marketing company is overstating the capabilities of the Flash Cookie.