Slashdot Log In
Delete Cookies, Inflate Net Traffic Estimates
Posted by
kdawson
on Tue Apr 17, 2007 12:29 PM
from the throwing-them-off dept.
from the throwing-them-off dept.
eldavojohn writes "In my browser, I regularly go to the tools menu and clear my private data. This includes my cookies. As a result, people like me who destroy cookies by the thousands may be inflating estimates of Web traffic by up to 150 percent. People have good reasons for clearing out cookies — we've heard about bad cookies before (and I think the FCC is still investigating the issue). But every time you delete cookies, many of the sites you've visited count you as a new visitor next time."
Related Stories
[+]
FCC Meets To Investigate Cookie Abuse 159 comments
PreacherTom writes to tell us BusinessWeek is reporting that the FCC and the Center for Digital Democracy plan to meet in order to discuss abuses with regard to cookies. From the article: "Online advertisers have a sweet tooth for cookies. Not the kind you bake, but the digital kind — those tiny files that embed themselves on a PC and keep tabs on what Web sites are visited on which machines. But cookies could have a bad aftertaste for consumers. Privacy advocates say the files are being force fed in large quantities to computer users, and they're demanding that the government put some advertisers on a diet."
[+]
IT: The Dangers of Improper Cookie Use 191 comments
shifted89 writes "Over the last year, the security community have exposed web application security for what it is — extremely lacking. However, for all the focus on XSS, CSRF, history stealing, etc., not much attention has been given to the cookie. Unfortunately, cookie misuse can be just as dangerous, if not more so than XSS attacks and InformIT illustrates why. In short, the author clearly demonstrates what can happen when a website improperly uses cookies for customer tracking — including a working illustration."
[+]
IT: Point-and-Click Gmail Hacking Shown at Black Hat 260 comments
not5150 writes "Using Gmail or most other webmail programs over an unsecured access point just got a bit more dangerous. At Black Hat Robert Graham, CEO of errata security, showed how to capture and clone session cookies very quickly over connections without encryption. He even hijacked a shocked attendee's Gmail account in the middle of his presentation. 'While Ou was typing, Graham was running Ferret and sniffing all the cookies that were being sent from Ou's laptop and Google. Graham then clicked on Ou's IP address and Gmail page, complete with Ou's recently sent message on the screen. We photographed both Graham's and Ou's laptop at that time and posted it to the picture gallery. You'll see that the contents are exactly the same.'"
This discussion has been archived.
No new comments can be posted.
Delete Cookies, Inflate Net Traffic Estimates
|
Log In/Create an Account
| Top
| 217 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
On the other hand... (Score:2, Informative)
(http://www.guardian-hyuga.net/)
Re:On the other hand... (Score:5, Interesting)
(http://dattaway.us/)
That way no one has visited but another web spider!
Re:On the other hand... (Score:5, Funny)
Oh boy... (Score:5, Funny)
So, you're the little bastard who keeps forwarding me that crap.
This year... no presents for you!!!
Sincerely,
Santa H. Claus
santa@northpole.net
Re:On the other hand... (Score:5, Interesting)
(http://www.simusic.com)
After all,
1) it's geeks who tend to both use FF *and* block cookies
2) the FF extension architecture makes it easy to use selective cookie blocking tools
3) FF settings allow automatic cookie deletion each time it exits, unlike IE (=IE6, at least)
All in all, I suspect that (*IF* the subject article is accurate) FF users probably account for a disproportionately large chunk of those "re-visits".
I bet M$FT hates that.
Re:On the other hand... (Score:4, Funny)
(http://www.mentallyretired.com/)
On the other hand, this is slashdot and that kind of behavior is not allowed here. We demand you say something funny.
...And? (Score:2, Funny)
(http://xlsior.org/)
Re:Not users fault (Score:4, Insightful)
What you say there is absolutely correct, but it begs the question: How would it ever be the fault of the user in any possible case? I have a newsflash for the advertisers -- you do not have a God-given inalienable right to store data on my computer. It's mine, I paid for it, and I will selectively accept or freely remove any data that you attempt to place on it, for any reason or for no reason at all. The world does not owe anyone a reliable way to track the Web surfing of others.
This and DRM are two categories where marketers act like my personal property is theirs to do with as they please, and I'm sick of the way the average "consumer" puts up with this concept or anything resembling it.
Any Web site owner who doesn't like this can feel free to block me from their Web site; since it is theirs after all, I certainly do not dispute their right to do that (they would do so to find that I can live quite well without them). But please, let's dispose of this idea that some marketer not being able to track me is somehow my fault or my problem.
I say that if your business model relies on the ability to effectively spy on people, often without their knowledge or consent, then your business model is flawed and any difficulties you encounter are well-earned. I further say that the current situation exists only because of widespread ignorance; that is, if every single person who ever went online were a thoroughly educated uber-geek and fully aware of all tracking techniques used, then no one or practically no one would ever allow any of it and the marketers would have to come up with a more reasonable way to make money.
150%? Please (Score:1)
Re:150%? Please (Score:5, Funny)
(http://www.alumni.caltech.edu/~woody)
No surprise (Score:4, Insightful)
(Last Journal: Saturday November 10, @01:52PM)
Brilliant.
Disabled Cookies? (Score:1)
(http://people.cs.uct.ac.za/~mgallott/)
So what? (Score:3, Insightful)
Re:So what? (Score:4, Informative)
(Last Journal: Friday November 10 2006, @02:16PM)
This is why there is research out there to use methods other than cookies and IP addresses to identify users -- see this article [slashdot.org] from last September.
I'm sure this concept can get some VC if companies begin distrusting current traffic anlayses -- it would be a useful adjunct to traditional traffic monitoring.
150%? (Score:5, Informative)
I don't do it because it is a pain to constantly log back in everywhere. But I seriously doubt more than 2% of the non-slashdot crowd does it.
FTC, not FCC (Score:4, Informative)
(http://www.brouhaha.com/~eric/ | Last Journal: Monday September 26 2005, @08:55PM)
Re:FTC, not FCC (Score:4, Informative)
http://yro.slashdot.org/article.pl?sid=06/11/15/1
Re:FTC, not FCC (Score:4, Informative)
The worst part is that they didn't fire Cookie Monster him until the letter Q and the number 4 pulled their sponsorship. Of course, I think he didn't need to go on Bert and Ernie's talk radio program either because they're hypocrites themselves.
At last! (Score:1)
(http://ubersoft.net)
What I do in my computer is my business (Score:5, Insightful)
(Last Journal: Wednesday October 31, @08:33AM)
Re:What I do in my computer is my business (Score:4, Insightful)
Small businesses (Score:1, Informative)
And believe me, you're not making a rich man richer, you're making a middle-class man better able to support his family.
CookieSafe is my current favourite (Score:4, Informative)
Cookiesafe allows me to keep my permanent cookies to a minimum, yet allow me all the functionality of session cookies. Of course, it does inflate the stats as the article mentions. In my previous job I worked with stats quite a bit (using WebSideStory/Hitbox), and it is such an inexact science that it ranks right up there with Lies and Damn Lies.
https://addons.mozilla.org/en-US/firefox/addon/249 7 [mozilla.org]
Anyone have other suggested software they prefer?
Totally agree -- though hard to believe the extent (Score:1)
(Last Journal: Thursday November 16 2006, @02:27PM)
Not a surprise (Score:3, Insightful)
(http://www.hyperborea.org/journal/ | Last Journal: Tuesday September 11, @05:30PM)
Anonymous user stats are always going to be an estimate. Cookies aren't reliable, because people clear them. IP addresses aren't reliable, because some are dynamically generated, some are shared, and people move around.
You can only really know how many users you have if (a) they're registered and (b) they visit the site while logged in. (And even then, people could be sharing accounts -- bugmenot, anyone?)
Personally, I don't think this is a problem, as long as you're willing to look at the estimates for what they are and not treat them as if they were precise.
Hmm... how long before someone claims that Firefox's/Opera's/Safari's stats are inflated because they make it easier to wipe cookies than IE?
just plain wrong (Score:2, Funny)
(http://www.s5h.net/)
Visitors vs. Unique Visitors..anyone? (Score:2, Insightful)
(http://www.securityzone.org/)
people are self-reporting anyway, so what? (Score:1)
The effect of this is what?
It Probably Evens Out (Score:1)
(http://thelazysci-fiauthor.blogspot.com/)
Inflate the estimate? (Score:2)
(http://www.timeforplanb.net/smokee)
It would be like saying you don't count as traffic for streets you've previously driven on.
Umm... So? (Score:3, Insightful)
(Last Journal: Monday April 03 2006, @07:23PM)
I have Firefox clear my cookies on browser close... So I look like a new visitor every time I visit a site.
Perhaps someone would explain to me why I should care about this? The only use I can see for unique visitor counts (other than the trivia value) involves ad revenue - And I aggressively block almost all adverts, so don't care about that, either.
Stats... (Score:1)
(http://www.everybodysucksbutme.com/)
Huh? (Score:2)
Huh? Isn't the entire POINT of cookies pretty much so sites recognize you when you return? Sorry, but this statement wins todays "No Duh" award.
Obviously doesn't consider p2p, VOIP, video or... (Score:1)
(Last Journal: Wednesday April 25 2007, @08:46AM)
server's fault, not the user (Score:2)
Well... ok (Score:1)
Geez... (Score:1)
wait (Score:2)
yes, deleting your cookies may cause the server to user more resources (because it will have to add another row to it's "unique visitors" table in the database), but that is not "web traffic".
the only bandwidth i could possibly think of is that which is being used to specifically send the cookie to the client. and that's only going to happen when the client didnt send the cookie to the server. so a web site that requies everyone to have a cookie is going to have 1 cookie transaction for every request+response: either the client sending it or the server sending it.
Fine by me (Score:1)
(http://fnarg.com/)
Every time you delete cookies... (Score:5, Funny)
Re:Every time you delete cookies... (Score:5, Funny)
(http://www.dubbele.com/)
Let's assume that the idiom is talking only about male masturbation. Let's further assume, highly conservatively, that males do not start masturbating until they reach age 15. Of the total U.S. male population, 107,199,356 [census.gov] would then be masturbation-age males. Again, let's conservatively estimate that teenagers masturbate no more frequently than adults, and that all men masturbate an average of 20 times [wikipedia.org] each month or 240 times per year. This means that each man in the United States masturbates approximately every 1.5 days. It also means that there are approximately 25,727,845,440 male masturbation sessions in the United States each year.
There are nearly 26 billion male masturbation sessions in the U.S., yet there are fewer than five million kitten deaths annually. Far from a one-to-one correlation, there are 5401.5 masturbation sessions for every single kitten death. This means that the average American man can masturbate regularly for 22.5 years before he is responsible for the death of a single kitten. Indeed, with a life expectancy of less than 75 years, the average man will be responsible for only two or three kitten deaths in a lifetime of vigorous masturbation.
That's nothing, think of people use muliple PC's (Score:4, Insightful)
And another one at home, well even two sometimes.
And a smart phone equipped with a browser.
So I inflate web usage statistics with 100 to 300%?
And then there are people sharing the same PC/account deflating the stats...
All of us who host websites know how unreliable statistics are. Nothing new there...
X.
Yeah, we know (Score:3, Insightful)
(Last Journal: Friday November 09, @01:18PM)
Oh boo hoo, cry me a river. Produce something people want and they'll come back time and again and you won't have to worry about your traffic.
Privacy is an illusion (Score:3, Informative)
(http://www.josephguhlin.com/blog/)
There's a few fingerprinting companies out there, track you by stuff plugins give away(dates, versions, etc.. anything the plugin will give up). I've even heard of a company using the time offset from your computer from your web browser(which passes the time back in milliseconds since 1970, IIRC) and combined with some other methods it really helps you track people down. Not to mention you can combine all this with your IP address and you're pretty good. But deleting cookies doesn't really help you, it's more of a minor inconvenience to the small companies who don't really care to track you that much, and a tiny hurdle to larger companies who do care and who are already doing it and some that even know you before the cookie. (Don't accept cookies? Check for that, and IP address, flash version, time offset(if it's possible), what plugins are installed via navigator.plugins and you're pretty close to a positive ID. Of course there are many other ways and I don't know any of them. So, delete your cookies if you want, but realize it's not much of a help.
Adblock is, and ultimately those who really want to track you probably can.
So what? (Score:1)
So what? Not my problem. And if sites didn't go so far out of their way to invade my privacy with cookies, I probably wouldn't feel compelled to clear them out as often and they'd have better stats. So I say again-- so what? They've made their bed, let 'em lie in it and stop complaining. Or else maybe work out a deal to get the RIAA to sue people who clear their tracking cookies...
Why would I care? (Score:3, Insightful)
(http://www.apacheadmin.com/)
Cookies by the FCC? (Score:2)
(http://www.valerieandevi.be/)
That explains quite a bit. (Score:1)
Has anybody thought of the consequences? (Score:2)
Every time you delete a cookie god kills a kitten.
-dZ.
not me (Score:1)
(http://www.idiotproofwebsite.com/)
Insignificant compared to windows re-installs (Score:1)
So how many cookies are sent with the HTTPRequest? (Score:1)
If I delete my cookies (and assuming the server doesn't just send me a whole bunch of new ones), aren't I lessening internet traffic? All your cookies for a given domain, path and protocol (http or https) will be sent with each and every request you make - and that includes image requests etc. made while rendering HTML. Surely the less cookies you transmit the better.
Following on from that, the less requests you make the better. At work we found that the number of individual requests made by an old-school internet page (tables & spacer images) with poor HTTP header caching values amounted to some ungodly bandwidth, and after we fixed the caching headers for the images etc, the load dropped off enormously. It goes to show how many requests your browser makes for you and also how many times it'll transmit all your relevant cookies to the server.
So get deleting...
Cheers
Mike
IPA Registry? (Score:1)
Re:... and (Score:2)
(http://babelfish.alt...%2F%2Fslashdot.jp%2F)