Net Marketers Worried as Cookies Lose Effectiveness 556
Saint Aardvark writes "The Globe and Mail reports that Internet
marketers are worried about the decreasing persistence of cookies.
Almost 40% of surfers delete them on a monthly basis, says
Jupiter Research -- a fact one marketers attributes to incorrect associations with spyware and privacy
invasion. United
Virtualities' Flash-based tracking system is mentioned as a possible
substitute...though they don't mention the Firefox plugin that removes
them, or talk in any meaningful way about why people
might want cookies gone. Still, the article is a good overview of
life from the marketer's perspective."
The other side of things. (Score:5, Informative)
I used to be the web architect for a
All this stuff was entirely anonymous unless they purchased something from us. But, even then their site history was really only incidently linked to their contact info because we never correlated the data together. Why would I? Knowing that "John Smith" visited our site 3 times a week isn't really any more insightful that knowing that "User #5233258" visited us 3 times a week. The data was only useful in aggregate. For example, knowing that the last page 20% of people visited was our contact page, yet only 10% of those people actually submitted the form would make me reevaluate that page. Maybe the contact form wasn't very user friendly? So, I'd tweak it and then recompare the metrics.
The whole point of my tracking was to better serve our visitors and eventual customers. I wanted to make it easier for them to do what they came to our site to do. Or it would help us target our advertising for effectively. If a lot of people clicking through from a banner ad we had on Site A tended to buy Widget B, we'd decide to modify the banner ad to specifically highlight Widget B. Maybe my attitude is different than most, but I can't be unique. I never looked down upon our visitors, feeling that I was hearding cattle together to be slaughtered, or at least ripped off. Quite the opposite. These visitors wanted to be on my site, elsewise they wouldn't have dropped by. It felt pretty cool that so many people were coming to a site that I was responsible for managing. These people were supplying my paycheck and I had to make sure that they preffered our site to our competitors'. If a lot of visitors deleted that single cookie I used, that made that job much more difficult.
Does that still make me evil?
Re:The other side of things. (Score:3, Insightful)
Why do companies think that it is important to not tell a user up front that they are going to get a cookie w/o logging in?
Yeah, they might have been paying your wages and you were just doing your job but I don't see how aggregating statistics need to be d
Re:The other side of things. (Score:3, Insightful)
Nope. Thanks to the prevalence of proxies, log data should be considered nearly useless.
Re:The other side of things. (Score:3, Insightful)
Re:The other side of things. (Score:3, Insightful)
Re:The other side of things. (Score:3, Interesting)
I think you make some really interesting points. From one aspect, you are tracking users by depositing information on their computer. While you claim this information could not be used to identify them elsewhere, it's certainly a concern with less careful web developers at the cookie helm.
Cookies cannot be accessed by sites that did not put them there in the first place. The carefulness of web developers has nothing to do with anything.
Advertising companies that embed ads in the web pages you surf ca
Re:The other side of things. (Score:4, Insightful)
You'd hope that would be true, but historically that has not been the case. A google for "cookie exploits", "cookie migration" and even a browse of IE "domain" bugs shows this to be true.
The carefulness of web developers has nothing to do with anything.
Really? Some years ago I noticed that the FriendsReunited.co.uk website set a cookie after I'd logged in, along the lines of "confirmeduser=23959".
What happened if I modified the cookie? Yep, you guessed it... ability to modify somebody elses details.
As a web developer, I know that cookies are a good solution to the problem of maintaining state in a stateless medium
If the medium is stateless there is no solution. You mean "as a lazy developer, cookies work most of the time"?
As a web developer
I'm guessing you claim cookies to be "good" because your development environment/web-server is not configured to allow anything else? Why not just append a "&sessionid=[big binary data]" to all your page links? I'm guessing that, despite being a "web developer" you are not given the ability to do so
Re:The other side of things. (Score:4, Informative)
Because that will inevitably lead to session hijacking. Either through a proxy or people sharing bookmarks.
Cookies for session ID storage reduce the first problem (but don't remove it totally), and eliminate the second.
They also reduce code, and remove session id's from URLs which is not where they belong for most URLs (why should the "aboutus" page need a session id, how is that useful, but if passing session id's on the url then it's required even though "aboutus" couldn't care less).
Re:Store Clerk vs. Web Admin (Score:3, Insightful)
The same goes for the website you visit.
It's not a privilege to collect your data, it's a necessary part of sending you the information you've requested. Your HTTP request contains plenty of valuable data that you claim infringes on your privacy. Though I'm a privacy nut myself, I think your complaints go too far.
You can either accept the logging/tracking/analysis or you can stop using the web. It's pretty simple.
Yes, yes it does. (Score:5, Insightful)
Does that still make me evil?
Yep.
If you have the *ability* to do it, then somebody in your organization eventually will decide that it sounds like a good idea.
This is why all my browsing is cookie-free (or rather, cookies being allowed on a whitelist basis and everything else removed on browser shutdown). I don't want you to have that ability to track what I do on your site for very long. Regardless of whether you use that ability or not, I don't trust you to behave properly with that information. Why should I? I don't know you.
Re:Yes, yes it does. (Score:5, Insightful)
Why not? (Score:2, Insightful)
Why not? Buying things online means, at worst, giving out info from a credit card. If they prove untrustworthy, then I call up the credit card company and reverse the charge. Trust does not have to be involved to engage in a purchase. You buy from people you don't any basis of trust for all the time.
However, WTF would he need to know I came back to his site later? WTF would he need to know that I visited his sit
Re:Why not? (Score:2, Insightful)
Re:Why not? (Score:5, Insightful)
When I go to the gas station, the attendant does not put a tracking device on the car that keeps track of everything I look at in the store and allows him to take note of whether I stop off for gas with one of his competitors.
Here's the problem: companies are impersonal. So are websites. No amount of "tracking" will make a website seem like a conversation with anohter person. If you want my opinion, ask for it. Either way, I will be deleting cookies from your website every day.
Re:Why not? (Score:5, Informative)
The only time they can get this information is if a third party has an Ad, or some other content on both sites (which is what makes cookies from ad sites more dangerous).
So really, when you go to the gas station, the attendant doesn't have to put a tracking device on your car. Just record your license plate (after all, isn't that all a GUID is?) Your car always has it's license plate, and so they can see who it is. Then they can track your usage at the gas station.
Cookies can provide useful information to the site developer. You like visiting well designed websites right? Getting information that will help you streamline the site is a good reason to track those statistics.
You are being too paranoid. Get adblock, only allow cookies to be set by the originating website and use a hosts file that blocks most ad sites and then you won't have to worry about it.
Re:Why not? (Score:3, Insightful)
Holy crap that's a lot of work. I simply changed my preferences to "delete cookies at shutdown" and then add sites I want to remember me on a site-by-site basis.
Far, far simpler. Far, far more effective. When I find a new site and decide I want them to remember me, I simply add that new site to the whitelist. No hosts file slowdown (and no need to m
Re:Why not? (Score:5, Insightful)
Well, Sherlock, we're talking about the marketers like Doubleclick here. Doubleclick has banners on countless websites. Each banner's picture has the website it's displayed on encoded in the URL. Additionally, they set cookies from the domain doubleclick.net. Now what happens? Doubleclick can track you because each of their banners on all sites they have a banner on can read the cookie.
Re:Why not? (Score:3, Funny)
You must be new here.
Re:Why not? (Score:3, Insightful)
Right. And guns don't kill people.
The only time they can get this information is if a third party has an Ad, or some other content on both sites
Exactly. And the only time a gun is dangerous is when it is loaded and pointed at you.
Your car always has it's license plate, and so they can see who it is.
No one tracks license plates. The benefits of tracking them are far outweighed by the costs.
You like visiting well designed websites right?
You like candy, don'
Know their customers?!? (Score:4, Insightful)
But they don't know me. They will never know me.
"Knowing me" means knowing my name, shaking hands, asking me about things we've discussed in the past. That's being friends with somebody. That's knowing them. That's what your idea of the "clerk who recognizes your face" is about, no? The little guy running the corner market, sort of thing.
Some dude running a website on the opposite side of the country will never know me. At best, he'll know what I've bought from him and other website owners that he shares information with or advertises with. Knowing what I buy doesn't mean he "knows me". It means he's treating me as an impersonal entity to be exploited, somebody to attempt to get more money from. It doesn't mean he's treating me as a fellow human being deserving of respect and friendship.
No, fuck that, I'll remain a stranger to that guy across the country running a website, and I'll know the guy who sells me my fresh fruit down on the corner market, and I'm quite comfortable with that and don't see it as a conflict whatsoever.
Re:Know their customers?!? (Score:3, Insightful)
You are not valuable, your information is, but not on its own, nobody is sufficiently important to warrant any company to change its habits based on one customer. Once information is collated and processed, it be
Re:Why not? (Score:5, Interesting)
If they know their customers a little better, they can improve their business, just as any salesman who recognized a regular customer would.
To the benefit of whom? I feel no incentive to assist in this process.
But if you feel better always being a stranger then I dont see any problem with that. A stranger to whom? To doubleclick.net? Yes please! And let us not forget the resale value of aggregated marketing data. I think I'd like to remain a stranger to a lot of people online.
But not everyone. I don't post as an AC for example. I think I can manage my own privacy thank you.
But ultimatly, most users would probably enjoy the massive improvments in customer expierience that could be achieved using this information.
"could" being the significant term. I have no confidence that this information would be utilised to improve my life. What they going to do? Give me targetted ads? Adverts that more closely match my interests? Only an adman thinks of that as a benefit.
And I've yet to hear mention of any other
Re:Why not? (Score:3, Interesting)
Worse still, you'll grow a second head, become really unpopular with girls, and inevitable become sucked into a life of violent crime, culminating in an death row jail cell.
Seriously, your argument could just as easily work the other way. "This one bought some expensive stuf
Re:Yes, yes it does. (Score:3, Insightful)
Contemporary life does not provide us with the option of trusting every entity with whom we interact. Do you trust your electric utility and their outsourced billing department? What about the clerk behind the counter at the gas station who now has your credit card number, license plate and photograph? What about that cable company and their computing hardware embedded in your home?
The parent recognizes that some
Re:Yes, yes it does. (Score:3, Interesting)
Marketeers often forget that the user actually has some say in the process as well. Just as services like Paypal allow you to mask your credit data from a vendor, eventually anonymous buying services will provide the ability to mask your identity completely. Imagine a service, say, BuyMaster.com, combined with a new AnonyShip service from UPS or FedEx where you can purchase through them and all the vendor site knows about the purchase is it was placed through BuyMaster and then must turn the product over
Re:Yes, yes it does. (Score:3, Insightful)
Do you insist the security tapes are turned over when you shop at stores? Do you pay only in cash? Its hard to pay cash online, but presumably you use credit cards. Why do you trust them with your info? Its easy to track where you shop with that.
Do you know the people at your bank? At Visa/MC? The processor? How about the people at the stores you shop at? Do you not use any of those shopper cards at the grocery store (I don't)? No Costco membership, or library card?
You know, you're logge
Re:Yes, yes it does. (Score:5, Funny)
They have editing abilities?
Re:Yes, yes it does. (Score:2)
If I thought it feasible, yes, I would. It's not feasible, so no, I don't.
Do you pay only in cash? Its hard to pay cash online, but presumably you use credit cards. Why do you trust them with your info? Its easy to track where you shop with that.
I trust my credit card company, because hey, it's their money I'm spending. If they decide to be bastards, then I'll just not freakin' pay 'em.
Do you know the people at your bank?
Tinfoil hat security... (Score:5, Insightful)
Why should I? I don't know you
Do you know your bank? I mean apart from the front-end office that takes your money?
Do you know VISA, AMEX, Mastercard or whatever credit card you use?
If you have the *ability* to do it, then somebody in your organization eventually will decide that it sounds like a good idea.
And this is paranoia on crack... it assumes that people will ALWAYS do the wrong thing and will ALWAYS try and screw you about, and that customer profiling NEVER results in a better service.
Feel happy in your paranoia, me I just assess risk on a site by site, and business by business basis.
Re:Tinfoil hat security... (Score:3, Interesting)
I fail to understand why people like you refer to corporations as people. I will trust any single individual more than I will ever trust any corporation. Corporations exist to extract as much money from me as possible. That's it.
I think it is a safe assumption that corporations will *always* end up doing some
Re:The other side of things. (Score:4, Interesting)
Then why isn't user 123.456.789.012 good enough?
Dynamic IP's. (Score:5, Informative)
Re:Dynamic IP's. (Score:2, Interesting)
Well, then get the marketers to push for IPv6 - which has absolutely no support for dynamic addresses. Plus, with a delete-age of almost 40% I imagine that using your IP is just as effective as a cookie.
Re:The other side of things. (Score:5, Funny)
(Although I completely agree with the general idea.)
Re:The other side of things. (Score:5, Informative)
-Jesse
Re:The other side of things. (Score:3, Funny)
Re:The other side of things. (Score:3, Insightful)
I would bet 50% or more of the current web traffic is aggregated behind those 2 items. Makes IP based tracking useless.
Re:The other side of things. (Score:3, Informative)
Better yet, large organizations, (AOL especially but not exclusively), will do a madnening thing with Poxy hopping. User A might come from 3 different IP's during a single 15 minute session, tracking without some form of cookie is almost impossible, and worse yet locking a session to an IP for security fails horrendously.
Re:The other side of things. (Score:2)
Re:The other side of things. (Score:3, Interesting)
Re:The other side of things. (Score:3)
Re:The other side of things. (Score:2, Interesting)
Your presumption that it is OK to do so and that because you want to make your site better you somehow have the right to presume that is arrogant and misled. I'm an anonymous visitor and I wish to remain anonymous. I do not want you recording any information on my IP, me, my browser, cookies, where else I've been on your site and how long I was there. I do not want to be given a customer number or an entry
Re:Tracking customer behavior (Score:5)
Cashier: May I have your phone number?
Me: No.
Cashier: It's only for customer satisfaction purposes
Me: What part of "no" was ambiguous?
Cashier: We need your phone number to improve customer service
Me: Get your manager over here right now so I can explain why you're losing this sale, and all future sales
Cashier: {types in store phone number}
I get amazingly cheesed when businesses fail to respect my privacy (whether I have a "right" to privacy is a whole separate rant.)
Re:Tracking customer behavior (Score:5, Insightful)
I went to his competitor up the street, bought the same printer. I told the story to the store manager there, who had a nice laugh and was happy to get my money.
Re:Tracking customer behavior (Score:5, Insightful)
However, PLEASE try and remember something. The people you talk to and buy things from are not the store owners. In fact, they're lucky if they've ever even met the franchise owner of the store, let alone the owner of the company.
You are taking out your annoyance on someone who has: a) No real interest whatsoever in whether or not you buy X piece of crap (unless they get commissions on sales) and b) No control over the policy, the system, and in most cases, the cash register either. They might be able to get around it (as the clerk did in the OP's post), but that's not the point
The point I'm making here is this: don't get pissed at some clerk or manager at a chain store for following store policy, or expect them to change it for you, even if it's a dumb policy.
I've worked at department stores and grocery stores, etc - it sucks. And you know what? The only people I ever really disliked when I worked any retail job were the people who thought it was MY store and MY decision to harass them for a phone number/address, whatever. These are the people that expect you to break the rules for them (c'mon, you can just give me the discount, I forgot my coupons), then treat you like shit when you follow the rules of the company that puts the paycheck in your hand at the end of the week.
It was store policy to ask for a phone number, the register prompted for it, and we're supposed to ask. If we got shopped by a "secret shopper" or a manager caught us ignoring it, that's our ass, not the customer's. On behalf of all past, present and future retail employees: We don't care what your personal information is. We care about our paycheck and about following the rules of the job.
I agree that it should only take one polite refusal to avoid having to give out your information. Just keep in mind that the manager may have to give approval, and in the larger chains, even the manager may not have the power to negate store policy. Either way, the bottom line is even if the manager has the ability to counteract the policy, they don't care. The manager at Best Buy is not sitting at home in a deep depression because you bought your printer at Circuit City instead.
Re:Tracking customer behavior (Score:5, Interesting)
Asking for personal information will get you a polite but terse "no." I have no intention of justifying my response to you or anyone else. Pressing the matter restults in me getting annoyed. Pressing *again* puts you in risk of losing the sale, and yes, I'm going to tell the manager why. I recognize that the cashier doesn't set the store policy. I don't think I've ever yelled at a cashier for that very reason. However, unless the store management hears about the cheesed customers and the lost sales, the store policy won't change.
I vote with my wallet and my feet. Yelling and screaming just gets you written-off as a whackjob. Telling the manager why you're taking your business elsewhere, and then doing so, punishes the crummy vendor and rewards the competitor who doesn't have the crappy policy.
Re:Tracking customer behavior (Score:3, Interesting)
Unfortunately, that has the same problem as I was discussing in my original post - the store manager doesn't care either, in most cases. The store manager in a major chain gets paid a few dollars more an hour than the cashier, has a lot
Re:Tracking customer behavior (Score:3, Funny)
Here's how I handle it:
Cashier: May I have your phone number?
Me: Sure! It's $(friend's ex-wife's phone number), and I'll love to hear more about other promotions you may have in the future.
Re:Tracking customer behavior (Score:3, Funny)
Re:Tracking customer behavior (Score:4, Funny)
Re:Tracking customer behavior (Score:4, Informative)
Whenever someone asks for info they don't need, lie. It's the only safe thing to do. I hit one of those surveys where they ask you for your computer password in exchange for a 5 dollar gift certificate.
They said, "We'd like to offer you a free gift certificate for coffee in exchange for your password."
And I said, "What a coincidence, my password is 'Il1k3fr33c0ff33'." I'm not sure they got it, but I got my fr33 c0ff33.
Re:The other side of things. (Score:5, Informative)
What we ended up doing was using alternate methods for tracking users as they browse around our site, mainly using links with generated tails attached to them that were unique to each visitor. Like, instead of linking to index.cfm in the navigation window, It would be index.cfm?user=5012345, and we'd keep track internally. Obviously this isn't a safe use for a shopping cart type thing, but we used other methods to secure that.
Mainly, I just wanted to say that there are methods other than cookies that work just as well.
-Jesse
Re:The other side of things. (Score:3, Informative)
Re:The other side of things. The Reason (Score:2)
Yes.
The reason for yes is because you are advocating sane uses for cookies. The marketers complaining about the loss of their cookies aren't complaining because they can't tweak their site as easily. They're complaining because they feel -- rightly or wrongly -- that they are more effective when they can track customers regardless of how the customers themselves feel about it!
The customers are voting with their feet, or in this case their Cookie Cutters. 40% are alrea
Re:The other side of things. (Score:2)
Except then you take your list of customers, and sell those lists for targeted spam (or just a valid address), or let third party sites use that cookie to deliver targete
Re:The other side of things. (Score:3, Insightful)
The simplest example I can think of is one Java based web application I was one of the deveopers for. We had to deal with secure logins, we had eCommerce and a variety of other things that are mostly irrelevant.
Re:The other side of things. (Score:3, Informative)
Maybe now... (Score:2, Interesting)
Sadly (Score:2, Insightful)
Its a mircale that marketing firms are not claiming to 'own' the cookies and sue you if you delete them for destruction of property.
Hmmm (Score:2, Interesting)
Re:Sadly (Score:2)
Monthly basis? (Score:2)
Re:Monthly basis? (Score:5, Insightful)
There is the possibility that a large enough group of companies collaborating could use the information to link purchases and browsing habits together. But I really don't care. They want to try to personalize my ads, that's fine too. Why? Because it's a free lunch. They think they're convincing me to buy stuff, when in fact I don't give a fuck. As long as the illusion is maintained, I'm happy to let them think they're learning valuable information about me. If this avenue is cut off to advertisers, either the free lunch will end or something more insidious will take its place.
Most companies only care about using cookies to keep track of visitors to their site anyway, and this can be useful to improve the site. A site that uses tracking information to see what other sites you visit (which is difficult without having their ads directly on other sites, which usually isn't the case because someone else usually hosts the images) and sells your email address is probably not one you want to continue purchasing from.
Comment removed (Score:5, Insightful)
Personally... (Score:4, Funny)
Don't delete cookies (Score:5, Informative)
Flash tracking? like hell (Score:5, Insightful)
It doesn't seem to have dawned on marketers that many, many people already associate Flash with "annoying advertising", "high CPU usage for nothing" and "general nuisance", and that it is disabled in many browsers as a consequence.
Speaking for myself, Flash is disabled. When I need it occasionally (that is, when I happen to want to play this [princeofpersiagame.com] about once a year), I re-enable it. But otherwise, I've yet to see a website sporting Flash that doesn't use it for useless eye-candy or advertising.
Re:Flash tracking? like hell (Score:4, Informative)
That's not the intended purpose of cookies (Score:5, Informative)
They're intended to do legitimate things like let a site remember who you are so you don't need to log in every time you visit it, or assign a transaction code to make it easy for things like shopping carts to work... and prevent you from double-ordering if you click the "Order" button twice.
They were never intended for the purposes to which marketers have misappropriated them.
It's just another example of information being ostensibly collected for a purpose the user approves of, and then being secretly used for purposes the user is unaware of and might not approve of, and it justifiably makes people angry.
That's not the intended purpose of my daughter (Score:2)
Cookies + HTTP-REFERER = Unintended Consequences (Score:3, Informative)
My Hosts File Thanks You (Score:2)
127.0.0.1 sp21.unitedvirtualities.com
I can't wait.
Good Thing (Score:2)
And this is a good thing, make no mistake! I don't exist simply to be prey for marketers, regardles of how they may want to feel about it! Anything that disrupts them is good.
Marketer's perspective? (Score:2)
Exploit others
Exploit others
Exploit others
Gotta pee
Exploit others
Oooh! Something shiny!
Re:Marketer's perspective? (Score:3, Funny)
Wanna buy it?
The spyware-cookies connection (Score:2)
Also, unscrupulous antispyware companies are sometimes using tracking cookies to scare users into buying something. Just put "spyware" in
Fun with Cookies (Score:5, Interesting)
Re:Fun with Cookies (Score:4, Interesting)
maybe some smart "cookie" can code one up in an afternoon...
Isn't that the point? (Score:2)
Pity the poor suitwankers. (Score:2)
[suitwank]
It's tough enough getting rich without people hiding. Don't those cookie-deleters know that it's all about relationships? What do they think, we'll sell information about them to a spammer? We use only legitimate email marketers.
[/suitwank]
I don't want a relationship with an online vendor. I don't want a relationship with a car salesman. I just want to be shown a product and given a price. I'll decide if I want it.
I don't mind good service, but that's not what the suitwankers [wikipedia.org] want to
Tony Soprano said it best. (Score:3, Funny)
Self-contradictory (Score:2)
We really want to track where you've been but IT'S not spyware or privacy invasion. Really!
Cookies have their place... (Score:2, Informative)
Too Bad (Score:5, Insightful)
It's too bad a small group, as usual, ruins it for the majority.
too long expiration dates (Score:2)
Take a look in your cookies pref page / file. Look at the expiration dates. I've found a huge percentage of sites, especially advertisers, use a date at least 10 years in the future.
I'm unlikely to be using the same computer in 3-4 years, much less 10. Some sites even go for "2040". WTF? What's the point? If I don't visit your site within 6 months, I'm unlikely to gripe too much about having to reenter a username/password...s
Thought this sounded familiar (Score:2)
My favorite quote from the original story (and probably the same exact study) was from Eric Peterson of Jupiter Research:
"If consumers adopted a friendlier attitude toward cookies, the Internet would be a better place overall."
Be Very Scared of IPv6 (Score:3, Interesting)
And depending on how they're assigned, they may well know your actual address as well, just from the number.
Marketers have only themselves to blame (Score:5, Insightful)
They abused TV commercials, and that brought about "commercial skip" VCRs and TiVo.
They abused pop-ups, and that brought about pop-up blockers.
They abused Flash to make more attention-getting (read: obnoxious) banner ads, and that brought about Flashblock.
They abused cookies, now people obsessively delete them if they allow them to be created at all.
Am I the only one who sees a pattern here?
~Philly
3rd party cookies (Score:5, Informative)
For the layman, the way these tracking cookies work is when you're visiting site A, site A has a banner from site Z. If you have 3rd party cookies enabled, not only can site A set a cookie to your harddrive, so can site Z. Now, you go to site B which also uses site Z's ads... and site Z can see you were also at site A. Block 3rd party cookies however, and you cant get a cookie from site Z unless you actually VISIT site Z.
Disabling 3rd party cookies lets you keep their useful functions (login information at ebay, etc) and restrict the illegitimate ones (tracking my useage).
Mike Healan from Spywareinfo.com has a good article about cookies and their spyware-esque function here: http://www.spywareinfo.net/july20,2005#cookies [spywareinfo.net]
Well, tough .... (Score:5, Insightful)
Companies like doubleclick and the ones who seem to only serve up annoying advertising have no expectation that I will a) accept their cookie (if you're not the site I'm visiting, why do you get a cookie?) or b) even if I did accept their cookie, that I would keep it.
The real world would be tagging your clients. Someone comes in to browse, you snap an ear collar on him. You walk into another store, someone wants to stamp the back of your hand indicating that you've shopped there.
I had a person at my door asking if I'd received my flyers -- when I told her than if I had I'd tossed them in the bin, she wanted my name and phone number. What part of I'm not interested in your flyer, and you don't need my contact info to respond to this?
I wouldn't accept K-Mart putting a radio tracking collar on me, WTF do on-line marketers think they're any different?
what we need (Score:3, Insightful)
No benefit to consumers, then no cookies (Score:4, Interesting)
The thing is that these marketers want something for nothing. I enable the "ask for each cookie" option in mozilla, and generally click "allow for session" on 99% of most sites because they offer me NOTHING in return for tagging me. On sites like Amazon.com I can add things to my wish list without logging in, or on slashdot I can login without typing in passwords. Tvguide.com will show me my local listings, cool. I've gotten a benefit from the site knowing who I am, so I'm much more likely to allow them to know that.
Most sites that hand out cookies give you nothing for identifying you. Why should I give them somthing they want for nothing? I certainly don't trust the average marketer to not do skeevy things like targeted pricing (looks like I visit bmw.com a lot.. I must be rich. Raise my prices by 10%).
Cookie Monsters (Score:5, Interesting)
Marketers could stop complaining, and fund better UIs that decrease the false perception that cookies are bad. Their stealth makes them sinister, and their unmanageability makes people throw out the benign majority with the tiny malign minority. But only a generation of marketdroids could taint the deep-seated pleasant associations with "cookies" into fear of deadly poison. If they rechanelled their complaints into better UIs, they'd be "engineers", not marketdroids. So they're doomed. If only they were as doomed as the cookies they mourn.
If they did what they said they would do . . . (Score:3, Insightful)
In theory, having cookies to track where you go and what you do is a good thing. It allows marketers to target ads at you for stuff you are actually interested in. If they actually did that.
Unfortunately, they don't. They use it to bombard you with constant, endless ads for "related stuff", to the point where you can't actually see the content on the web page you want to read.
Or they decide that looking at Corvette pictures means you think your penis is too small, and therefore "natural male enhancement" is a "related product."
To hell with 'em all.
Please stop the cookiephobia (Score:4, Informative)
All this 'anti cookie' propaganda is really getting out of hand. Session cookies are a great way to securely identify a series of otherwise unrelated requests as belonging to the same session. By turning off cookies one is also disabling this very valuable feature.
"But it doesn't matter" you say, because web sites can use URL rewriting instead. Well, think about it:
* If URL rewriting is used, exactly how is this better, from a privacy stand-point, than a session cookie? The exact same information is propagated, so nothing is gained in terms of privacy. In addition, the "evil" people whom everybody is presumably trying to prevent from tracking a user's session can also use this technique.
* On the issue of security and technical convenience however, you are making it worse. URL rewriting is inherently less secure in the fact of 'accidents' such as paste:ing a link (which the average joe won't understand contains sensitive information) to a work collegue sitting behind the same NAT:ing gateway. And how about referrer URL:s making it into web server logs? (There is no guarantee that the session identifier is encoded such that a security conscious browser can spot it, and refrain from sending it as part of a referrer URL to another web server.)
Overall, session cookies are vastly superior to URL rewriting in a number of different situations. But this overzealous anti-cookie paranoia is forcing people to use URL rewriting *anyway*. In tryng to increase privacy, it has actually been lessend - along with security!
Just to give one example of how the ACP (anti cookie paranoia) can interact with web pages: I was recently involved in a situation where some browsers would disable cookies (even session cookies) for requests that were made as part of an IFRAME on a page hosted on another domain (presumably for privacy concerns). This resulted in, for practical purposes, a total inability to use cookies on that site. URL rewriting is now used instead, to a detriment of security and privacy.
Re:Flash cookies (Score:2, Insightful)
Re:Cookies are good (Score:3, Interesting)
Oh yeah? I have my Mozilla configured to ask me, if a site wants to install a cookie, whether I want to let it or not. Usually, I just click DENY more or less automatically. Once in a while though, I do that and a realize the site doesn't work without cookies so I go and explicitely re-enable cookies for it.
How often does that happen? I'd say about 10 times this year, no more. And I can tell you, I c
Re:Cookies are good (Score:2)
Re:DNC List (Score:2)
Actually, such a thing (in reverse) would probably make a good Firefox plugin. We'd need someone(s) with enough bandwidth to host the global list of evil cookie users but then when people report someone as abusing the cookie capability everyone would get to benefit.
Spyware and Image Cookies (Score:4, Interesting)
Spyware abuse generally occurs when a big company (doubleclick, valueclick, etc) want to track your usage between sites. The spyware fears generally arise with third party cookies.
These cookies generally come attached to images. For example the image ad on top of this slashdot page might access cookies that get used to build a profile of my slashdot usage.
Preventing spyware is a matter of blocking third party cookies.
Personally, I can't see any real reason why images (the IMG tag) should be allowed to set cookies.
When the main page sets a cookie, it is almost always to provide service to the end user. When an image sets a cookie, it is almost always so marketers can build profiles. My ideal browser would not allow third party cookies nor would it allow cookies to be set by img tags.