Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Businesses Privacy The Almighty Buck The Internet

The Slow Death of the Internet Cookie (axios.com) 97

Sara Fischer, writing for Axios: Over 60% of marketers believe they will no longer need to rely on tracking cookies, a 20-year-old desktop-based technology, for the majority of their digital marketing within the next two years, according to data from Viant Technology, an advertising cloud. Why it matters: Advertising and web-based services that were cookie-dependent are slowly being phased out of our mobile-first world, where more personalized data targeting is done without using cookies. Marketers are moving away from using cookies to track user data on the web to target ads now that people are moving away from desktop. 90% of marketers say they see improved performance from people-based marketing, compared with cookie-based campaigns.
This discussion has been archived. No new comments can be posted.

The Slow Death of the Internet Cookie

Comments Filter:
  • >Advertising and web-based services that were cookie-dependent are slowly being phased out of our mobile-first world, where more personalized data targeting is done without using cookies. Don't mobile devices have cookie support? Or do mobile devices provide tracking features that are better than what cookies provided?
    • I'd assume they will make you log in every time then save your data on their servers?
    • by doug141 ( 863552 )

      "people-based marketing," which is all the services you need to log in to use. Fitbit, amazon, facebook, alexa....

    • I'm not sure what they are talking about either.

      My guess is some use of local storage [mozilla.org].

    • My bet: Third-party location-based tracking. Moral: any app you download, turn off location access. This started by ad-supported apps asking for your location to target ads based on your current location, but has turned into snarfing your location history and targeting based on analysis of that (e.g. correlation with other people, where you sleep, etc) which is insanely invasive.
    • Browser extensions and similar offerings with 'anonymous usage data used to enhance user experience', which is corporate-speak or 'it reports everything you do back home for resale of the data.'
    • Or do mobile devices provide tracking features that are better than what cookies provided?

      Far better. Why do you think every website wants you to download their app?

      Shoot, until iOS 10.3, you had to turn off allowing apps to access your MAC address (well, it was hashed with a few other values). And I believe Android still allows it.

  • The cookie is what really is the so-called pay-'wall' of the New York Times, Washington Post, The Guardian etc.
    Delete them and you can read as much as you want.

  • by unixcorn ( 120825 ) on Tuesday March 06, 2018 @11:36AM (#56216559)

    So the cookie is dying. The article says nothing about how we will be tracked in the future. Or how we are being tracked now when I reject cookies.

    • by havock ( 42287 )

      Browser fingerprinting is quite reliable when you reject cookies. Canvas, Font, GPU, CSS API's are all good sources of identifiable data. Of course if you turn off Javascript *and* Cookies, there isn't much left to fingerprint.

      • The browser fingerprint my Firefox 58 on Windows 10 gives is certainly different than what Silk on my Fire tablet gives. Which makes it totally useless for figuring out that I'm the same person using both browsers. On the other hand, the fact that I access the same Amazon shopping cart from both browsers... dead giveaway.
    • Cookies are still going to be critical to any user tracking, I'd think. It's just that advertisers won't be relying on their OWN cookies to do the work. Because if they set a cookie on each browser and platform you use, they then have to figure out how to correlate all *your* cookies after the fact. And if you're logging into your same GMail account at work, at home, on your phone, on a tablet, etc, it's better for them to figure out a way to latch onto that. But Google is still going to be using a cookie a
    • So the cookie is dying. The article says nothing about how we will be tracked in the future. Or how we are being tracked now when I reject cookies.

      They now have new and much more invasive HTML5 mechanisms of tracking you that people aren't as aware of, and thus less likely to turn off or protect against.

  • by Anonymous Coward on Tuesday March 06, 2018 @11:36AM (#56216561)

    It means they've found easier ways to fingerprint you. [PDF] [digiday.com] Marketers don't want generic "cookies" they want specific, verified identification.

    They're going to have a better spy network than is legal for most governments to have.

    • They're going to have a better spy network than is legal for most governments to have.

      Your use of the future tense is cute.

    • by Falos ( 2905315 )

      They prefer verified, but they're more than happy to casually bridge causality. Even to establish "verified". Courts may admit than IP != identity (usually...) but the bigdata team (who need to have some material to present at the quarterly review or whateverthefuck) doesn't care.

      Geolocation = Fact! https://xkcd.com/713/ [xkcd.com]

      I think the real preference is moving up the skill curve. Cookies are pretty user-controlled, browsers/mods/etc are happily handing over tools. Other fingerprints are beyond the reach of sur

  • by bahwi ( 43111 ) on Tuesday March 06, 2018 @11:48AM (#56216649)

    Fingerprinting is replacing tracking and has been for at least 10 years when I was very peripherally involved with testing a company that did it for work.

    It's one way they get you with cookies once you've "cleared" them and they are able to reattach the same ones as before.

    EFF has testing: https://panopticlick.eff.org/ [eff.org]

    And yes, multiple fingerprints can be attached to a single user. You have 10 unique devices and all 10 of those fingerprints get attached to you after logging into a site or account. It can take awhile, but you can't block it.

    Slight changes are accounted for, profiles updated. It's not as "fool-proof" as cookies, but that's not really a requirement.

    • by jetkust ( 596906 )
      This, and they are also selling hoards of information about you between themselves. I wonder if for any company that keeps my fingerprint in a database, could I legally request any data associated with that fingerprint. It doesn't seem all that unreasonable to me.
      • by gl4ss ( 559668 )

        In EU you can.. and few months down the line now if they disagree they can't avoid it.

        this is why facebook etc already let you download all your data. you can also request the data to be removed.

    • With JavaScript off, they're limited to my agent-string and resolution (and IP address, and other headers).

      • by bahwi ( 43111 )

        Yeah, selective NoScript is a good alternative too. I've been using pi-hole for my DNS as well.

        • I assume pi-hole is a Rasp. Pi distro? I looked into setting SQUID up on a Pi, but that seemed to be a chore.

          Question: Can you set it up to intersect HTTPS requests (assuming you stick a self-signed cert on the Pi Hole?) And if so, how do you get it to check the certificate authority of who it is man-in-the-middling?

          • by bahwi ( 43111 )

            Not a distro, but works best on Raspbian IIRC, but works on any linux box now I believe.

            It acts as a dns server, and has a large block list (mine is 640k domains) which resolve to the raspberry pi's address, which it gives a quick explanation, or in the case of HTTPS, connection refused. It's not the best solution in the world but works really well.

            So, no need for SSL certs, since it's just blocking. Hope that helps!

  • I'm getting concerned that browser-makers, in the interests of privacy and security, are clamping down so much on what websites can do with cookies, local data, and iframes, that they're weakening the power of the open Web relative to mobile apps that ask, and almost always get, permission to do all sorts of powerful things. Perhaps it's time for cookie and iframe permission requests to pop-up when a website is first used, so that trusted sites can still do powerful things.
  • You know you're on a mainstream news site when nobody objects to the term "Internet cookie". Jesus. What's next, Internet pages?

  • I work in tech support, and after years and years of scare pieces on the news, this has been a long time coming. A large percentage of the people I work for are paranoid about all cookies. Cookies are bad! Cookies will destroy your computer! Some of these people clear out ALL their cookies daily or weekly, even though I've told them they only need to be concerned with scanning for tracking cookies.

    Not that we should cater to ignorance, and not that this problem won't go away once there are no more Boomers

  • by zarmanto ( 884704 ) on Tuesday March 06, 2018 @12:22PM (#56216857) Journal

    It seems to me that there's an awful lot of misinformation here. Cookies have been given a bad name, because the moment they sprung into existence, they were misused and/or abused by advertisers and marketers. The reality is, cookies aren't going away at all... they're just being used more inline with their original intent, that's all. A cookie gives any standard web browser (including those on mobile devices) the feature of storing small chunks of identifying personal data ("login" data) for the user currently using that browser, in order to allow that user to personalize their experience on any given website. (If you're using a mobile app instead of a browser, than that app obviously doesn't need cookies; it can just use local memory natively to store your login credentials.) The abuse started when advertisers realized that they didn't need you to actively "login" to their service, in order to identify you and track you with cookies. Naturally, people don't like it when someone tracks them without first asking for permission... but that's not the cookies fault; they're just tools. A hammer is still intended to be used on nails, even when someone with no scruples uses it on your toes -- but nobody ever blames the hammer for that, and rightly so.

    So in other words, "people based marketing" just means that the service you're actively logging into (such as Google, for example) has successfully established themselves as the primary marketer, and they've made arrangements to sell all of your activity to advertisers. Likewise, those advertisers no longer see much return-on-investment in doing the heavy lifting of attempting to gather all of that activity data themselves, in part because so many people have gone to great lengths to stop those advertisers from doing so. Which brings us back to simple the fact that: you're really the product that's being marketed, and the advertisers are the customers. (Which is just as it has always been, really.)

    The more things change, the more they stay insane.

    • I can recall that one of the Easter eggs in Fallout 1 or 2 was the cookie. If you ate one, your hard drive seeked and the light blinked (no other item had this action). This was back in the day when games werenâ(TM)t reading constantly from the disk, and hard drive seeks were noisy, so it was noticeable.
  • by Anonymous Coward

    Once I had access to server-side processing, like ASP and PHP, I found the use case for cookies to be really small. That would be, basically, using the cookie to keep track of sessions. Besides that, the 4KB limit really hindered what you could do, as all of the metadata (property names, expiration dates, etc) counted towards the limit. I'd hit all sorts of edge cases like where it would partially store or unexpectedly forget stuff. Not really worth the trouble.

    • by tepples ( 727027 )

      Once I had access to server-side processing, like ASP and PHP, I found the use case for cookies to be really small. That would be, basically, using the cookie to keep track of sessions.

      Whether the cookie stores the raw data or a session ID matters little. It's common practice for each adtech provider to establish a long-lived session for each viewer who visits a site that uses that adtech provider. Viewing a single document might cause several dozen sessions to be automatically established, one for each adtech provider.

  • Justifying Firefox (Score:5, Interesting)

    by freeze128 ( 544774 ) on Tuesday March 06, 2018 @12:40PM (#56216953)
    This sounds like an article that is justifying what Firefox is doing: dropping cookie management from the newest version. I don't agree, and I insist that Firefox keep some sort of cookie management facility.
    • If the browser drops it someone will write an add-on of some sort to allow you to manage them -- or you can just find the subdirectory they're in and delete them yourself.
      • by fisted ( 2295862 )

        If the browser drops it someone will write an add-on of some sort to allow you to manage them -- or you can just find the subdirectory they're in and delete them yourself.

        And then a new Firefox version appears which happens to break all addons.

        • What's your point exactly? The add-on will just get updated. Are you looking for a conspiracy where there is none or something?
          • by fisted ( 2295862 )

            What's your point exactly? The add-on will be abandoned

            FTFY. Some time later, somebody will write a new addon, and the cycle repeats.

            Are you looking for a conspiracy

            No.

            or something

            I'm looking at an astonishingly long series of exceptionally bad design decisions.

            Now if you'll excuse me, I have to watch some videos on youtube. Oh wait, I can't because fuck the audio backend that has worked well for everybody for the last decade, let's add a hard dependency on pulseaudio; the hordes of people having issues with it are probably just using it wrong.

            this is covered by

            • by fisted ( 2295862 )

              Oops, last line should've read "this is covered by Hanlon’s Razor though, so I don't think it's a conspiracy"

    • That's really an ignorant way of justifying it. 99% of the websites i visit have a banner somewhere saying "this website is using cookies". Cookies aren't going away anytime soon. While some marketers/spammers may use more advanced techniques, most will remain using cookies for the foreseeable future.

  • Reality is that they have all the info they need on you already. Awhile back it was said that 81% of adult Americans who use the internet have a Facebook account Google, FB, Amazon, already have a data model on you which is pretty accurate, and likely will match pre-established trends as you get older, have a family, retire, whatever. Your credit card data, your geo-physical presence via cell phone (Google maps), your cell provider tracking your browsing, its all there

    And yes, there are several clever,

  • The article does not say they aren't tracking us anymore, they instead say the cookies are obsolete.

    But it failed to mention what is replacing cookies.

    That's far more important than the death of cookies.

    • The thing that has replaced cookies is the "tracking pixel." https://en.ryte.com/wiki/Track... [ryte.com]

      Every Web company's marketing department gets their software team to include these on their sites. They only too happily send your info to Facebook, Google, and others. Every click, every page load.

No extensible language will be universal. -- T. Cheatham

Working...