NEW YORK — The National Security Agency's Internet site has been placing files on visitors' computers that can track their Web surfing activity despite strict federal rules banning most of them.
These files, known as "cookies," disappeared after a privacy activist complained and The Associated Press made inquiries this week, and agency officials acknowledged Wednesday they had made a mistake.
Nonetheless, the issue raises questions about privacy at a spy agency already on the defensive amid reports of a secretive eavesdropping program in the United States.
"Considering the surveillance power the NSA has, cookies are not exactly a major concern," said Ari Schwartz, associate director at the Center for Democracy and Technology, a privacy advocacy group in Washington, D.C. "But it does show a general lack of understanding about privacy rules when they are not even following the government's very basic rules for Web privacy."
Until Tuesday, the NSA site created two cookie files that do not expire until 2035 — likely beyond the life of any computer in use today.
Don Weber, an NSA spokesman, said in a statement Wednesday that the cookie use resulted from a recent software upgrade. Normally, the site uses temporary, permissible cookies that are automatically deleted when users close their Web browsers, he said, but the software in use shipped with persistent cookies already on.
"After being tipped to the issue, we immediately disabled the cookies," he said.
Cookies are widely used at commercial Web sites and can make Internet browsing more convenient by letting sites remember user preferences. For instance, visitors would not have to repeatedly enter passwords at sites that require them.
But privacy advocates complain that cookies can also track Web surfing, even if no personal information is actually collected.
In a 2003 memo, the White House's Office of Management and Budget prohibits federal agencies from using persistent cookies — those that aren't automatically deleted right away — unless there is a "compelling need."
A senior official must sign off on any such use, and an agency that uses them must disclose and detail their use in its privacy policy.
Peter Swire, a Clinton administration official who had drafted an earlier version of the cookie guidelines, said clear notice is a must, and "vague assertions of national security, such as exist in the NSA policy, are not sufficient."
Daniel Brandt, a privacy activist who discovered the NSA cookies, said mistakes happen, "but in any case, it's illegal. The [guideline] doesn't say anything about doing it accidentally."
The Bush administration has come under fire recently over reports it authorized the NSA to secretly spy on e-mail and phone calls without court orders.
Since The New York Times disclosed the domestic spying program earlier this month, President Bush has stressed that his executive order allowing the eavesdropping was limited to people with known links to Al Qaeda.
But on its Web site Friday, the Times reported that the NSA, with help from American telecommunications companies, obtained broader access to streams of domestic and international communications.
The NSA's cookie use is unrelated, and Weber said it was strictly to improve the surfing experience "and not to collect personal user data."
Richard M. Smith, a security consultant in Cambridge, Mass., questions whether persistent cookies would even be of much use to the NSA.
They are great for news and other sites with repeat visitors, he said, but the NSA's site does not appear to have enough fresh content to warrant more than occasional visits.
The government first issued strict rules on cookies in 2000 after disclosures that the White House drug policy office had used the technology to track computer users viewing its online anti-drug advertising. Even a year later, a congressional study found 300 cookies still on the Web sites of 23 agencies.
In 2002, the CIA removed cookies it had inadvertently placed at one of its sites after Brandt called it to the agency's attention.
Friday, December 30, 2005
White House Crumbles a Cookie
White House denies security specialist's claim that its web site issues cookies in possible violation of government policy.
December 30, 2005
The White House on Friday denied published reports that it uses small programs, called cookies, to track the movement of visitors on the White House web site.
Web software security specialist Richard M. Smith and the Associated Press reported that the White House web site, through a web analytics contractor called WebTrends, was using cookies that were specifically banned by a two-year-old directive issued from the Office of Management and Budget.
David Almacy, the White House Internet director, denied that the White House web site is issuing cookies to any visitors to its Web site, but confirmed the site does keep track of what pages are viewed and for how long with the help of WebTrends. He blamed Mr. Smith’s software, called a packet sniffer, for the confusion.
“What was happening was that users that visited other WebTrends sites picked up WebTrend cookies from these other sites,” said Mr. Almacy. “Mr. Smith’s packet sniffer program then assumes that because we use WebTrends our site placed the cookies on his hard drive.”
Mr. Smith dismissed the White House responses as “very predictable” and called it a “do not inhale excuse.” He noted that such third-party cookies still allow tracking across multiple sites.
Associated Press writer Anick Jesdanun wrote that while the White House doesn’t issue cookies, it employs a tiny graphic image called a “web bug” sent by WebTrends that allows the company to know when a specific page is viewed on the White House site.
“The only information we track is what pages are being viewed and we count site visits and the length of time each visitor spends on our site,” said Mr. Almacy. “We don’t track any personal information about the user.”
Mr. Smith and the AP reported earlier this week that the National Security Agency’s web site was issuing cookies to web visitors (see NSA Caught Serving Cookies). The NSA said that the cookies were being distributed unbeknownst to the NSA staff because of a recent software upgrade. The agency said it had taken care of the problem.
Cookie Assurance
Cookies are small files placed on computers by web programs residing on sites visited by those computers. They were originally designed to hold identifying information to make web surfing easier and faster.
Today cookies are used to store all kinds of information, including the content of a web surfer’s electronic shopping cart. Many web surfers are concerned about the lack of privacy involved in the surreptitious placement of cookies on their computer hard drives.
They are helpful, for the most part, but they carry the potential for abuse because they can monitor and document the activities of web surfers.
“No information is gleaned from cookies on a user’s computer on our web site,” said Mr. Almacy.
“We are not allowed to use some of the advanced web technology available to others because of the privacy concerns that we are committed to.”
December 30, 2005
The White House on Friday denied published reports that it uses small programs, called cookies, to track the movement of visitors on the White House web site.
Web software security specialist Richard M. Smith and the Associated Press reported that the White House web site, through a web analytics contractor called WebTrends, was using cookies that were specifically banned by a two-year-old directive issued from the Office of Management and Budget.
David Almacy, the White House Internet director, denied that the White House web site is issuing cookies to any visitors to its Web site, but confirmed the site does keep track of what pages are viewed and for how long with the help of WebTrends. He blamed Mr. Smith’s software, called a packet sniffer, for the confusion.
“What was happening was that users that visited other WebTrends sites picked up WebTrend cookies from these other sites,” said Mr. Almacy. “Mr. Smith’s packet sniffer program then assumes that because we use WebTrends our site placed the cookies on his hard drive.”
Mr. Smith dismissed the White House responses as “very predictable” and called it a “do not inhale excuse.” He noted that such third-party cookies still allow tracking across multiple sites.
Associated Press writer Anick Jesdanun wrote that while the White House doesn’t issue cookies, it employs a tiny graphic image called a “web bug” sent by WebTrends that allows the company to know when a specific page is viewed on the White House site.
“The only information we track is what pages are being viewed and we count site visits and the length of time each visitor spends on our site,” said Mr. Almacy. “We don’t track any personal information about the user.”
Mr. Smith and the AP reported earlier this week that the National Security Agency’s web site was issuing cookies to web visitors (see NSA Caught Serving Cookies). The NSA said that the cookies were being distributed unbeknownst to the NSA staff because of a recent software upgrade. The agency said it had taken care of the problem.
Cookie Assurance
Cookies are small files placed on computers by web programs residing on sites visited by those computers. They were originally designed to hold identifying information to make web surfing easier and faster.
Today cookies are used to store all kinds of information, including the content of a web surfer’s electronic shopping cart. Many web surfers are concerned about the lack of privacy involved in the surreptitious placement of cookies on their computer hard drives.
They are helpful, for the most part, but they carry the potential for abuse because they can monitor and document the activities of web surfers.
“No information is gleaned from cookies on a user’s computer on our web site,” said Mr. Almacy.
“We are not allowed to use some of the advanced web technology available to others because of the privacy concerns that we are committed to.”
Tuesday, December 6, 2005
A better way to count clicks?
Web publishers may soon have to change the way they count visitor traffic, whether they like it or not.
An Internet standards body is hammering out new rules for tallying traffic numbers on Web sites and their content partners, in an initiative called the Nomenclature Project. Under changes proposed by the Interactive Advertising Bureau (IAB) and its members, publishers will have to work under more stringent rules about what can and can't be counted as part of their site.
One prominent issue comes down to branding. For example, sports news site ESPN.com attracts an estimated 15 million unique visitors a month, according to the audience-metric firm Nielsen NetRatings. Included in its traffic are an estimated 1.2 million unique visitors from content partner Active.com, an activity event site that displays a small logo from ESPN.com at the top right-hand corner of its pages.
Theoretically, under proposed rules that are still being worked out, ESPN would have to change Active.com's pages in order to count that traffic. In fact, ESPN must be the dominant brand on the page, or comprise 75 percent of the brand attribution, in order to count it, according to proposed rules. ESPN could not be immediately reached for comment.
Everybody suffered a little pain, but it's for the gain of the overall industry and the audience measurement business.
--Leo Scullin,
vice president, IAB
This change could affect ESPN.com's rivalry with the likes of No. 2 sports-news site, FoxSports.com, which according to Nielsen, draws about 13 million unique visitors monthly. However, FoxSports.com, a channel on MSN, might have to change branding on one of its popular sites, Scout.com, for it to retain the same traffic figures. "I'm keenly interested and support this project," said Andrew Hossom, director of marketing at FoxSports.com.
Why is this important? In one word--advertising. The sites with a bigger audience can command more advertising dollars. And up to now, there's been no one way that everyone agrees to tally that Web traffic. Nomenclature Project organizers hope the changes, which are not yet finalized and should go into effect in the middle of next year, will help Web publishers and their advertisers get a better understanding of how many people are visiting which sites, and how often.
"The measurement companies have had different hierarchies, and each partner site was able to roll up traffic in different ways, causing great consternation around the industry," said Leo Scullin, an IAB vice president who is driving the initiative.
The project has been in the works for the last two years. Scullin agrees that it could cause problems for some publishers, but he believes those issues have been identified well before the rules changes takes place.
"Everybody suffered a little pain, but it's for the gain of the overall industry and the audience measurement business," Scullin added
A maturing medium
IAB company members are working on the project with audience measurement firms including ComScore and Nielsen. Other IAB members include Yahoo, MSN and CNET, publisher of News.com. Nielsen declined to comment for the story and ComScore did not return a request for comment.
The initiative is part of a long-running campaign by the Web publishing industry to cast the Internet as a mature, accountable medium for advertising. More importantly, it's designed to make Web ads easy for advertisers to buy, so that traditional advertisers of TV, print and radio will be comfortable shifting their spending to the Internet.
The changes come at a time when industry ad sales are steadily growing. Interactive ad sales are rising at roughly 25 percent
annually, according to estimates. To keep the momentum, executives believe they need to smooth out kinks in the system.
"The way traffic is measured today is a very top-line view of the quality and loyalty of a given audience," said Adam Gerber, a former director of innovation at ad agency MediaVest Worldwide who's now handling advertising for Brightcove, a service that helps companies bring video online. "A media buyer needs a much clearer view of how audiences (find a specific site) because the Web is so dynamic."
Some would argue that agreed-upon metrics are a long time coming.
The online ad industry took more than a few lumps during the dot-com bust because it looked so complex to digital newcomers on Madison Avenue. Web advertising's appeal was not only in the promise that it could deliver a targeted ad to the right buyer at the right time--which didn't pan out then--but also in its measurability. For the first time, advertisers could see data on when a visitor "clicked" or responded to their ad.
A blessing and a curse
But the Internet's measurability turned out to be a blessing and a curse. Publishers had various methods of tracking clicks, ad delivery, visitors and page views (the number of people who look at a page), much to the bafflement of advertisers. Wading through the various data often taxed the patience of ad buyers. And advertisers were often disappointed in the response to their ads.
On the flip side, Web publishers have long been disgruntled over discrepancies in traffic figures from their own records and those of the audience-metric companies, the main supplier of figures to advertisers. Companies like Nielsen NetRatings rely on relatively small representative panels to estimate total traffic to a Web site. For example, it monitors roughly 20,000 people at home and 4,000 people at work to extrapolate figures. Publishers typically draw data from in-house analytic tools that measure actual traffic to their sites.
Related to that issue are variations in how publishers and metric firms count traffic, as well as how they "roll up" various Web sites into their properties.
"Traffic assignment is a huge issue," said Mark Friendler, CEO of GameDaily, a gaming news and download site.
"A lot of companies are rolling up any sites that will assign them their traffic to have the largest possible number to be on the radar" of an advertiser, he said.
Since the Internet bust, industry leaders have been trying to clean up the messy spots. One project finalized this past year, for example, pushed to create new standards for counting advertisements as they are delivered to a page. In that instance, the Web publishing industry reached consensus on counting ad "impressions" as when the visitor has the opportunity to see the ad on the page, or when the graphic is fully loaded on the page, as opposed to when the graphic is merely sent from an ad server. Some top sites are still changing their pages to meet the standard.
George Ivy, of the Media Ratings Council, an organization that looks at media measurement and accuracy across all media, is working on the standardization project with the IAB. He said that the ultimate goal of the project is to develop common methods for how to count the number of unique visitors to a site. Before that can be accomplished, he said, the task force must devise rules for what counts as a page view--can it be counted twice or only once for content partners?--and how digital tags known as "cookies" play into it.
For example, a certain number of visitors can be identified as "persistent" when they have a browser cookie set and associated with their computer. But many other visitors delete cookies and change computers. "How do you identify traffic from people that don't use cookies?" Ivy said.
Traffic from co-branded Web sites will also be a focus. Publishers that supply content to third parties would have to forgo traffic they used to count on their books. So regardless of whatever short-term pain the project causes, boosters are adamant that it will be a long-term gain for the Web publishing industry.
"It's a great project," said Gerber. "That's because it's going to drive organization and standardization for how content is effectively reported and measured."
An Internet standards body is hammering out new rules for tallying traffic numbers on Web sites and their content partners, in an initiative called the Nomenclature Project. Under changes proposed by the Interactive Advertising Bureau (IAB) and its members, publishers will have to work under more stringent rules about what can and can't be counted as part of their site.
One prominent issue comes down to branding. For example, sports news site ESPN.com attracts an estimated 15 million unique visitors a month, according to the audience-metric firm Nielsen NetRatings. Included in its traffic are an estimated 1.2 million unique visitors from content partner Active.com, an activity event site that displays a small logo from ESPN.com at the top right-hand corner of its pages.
Theoretically, under proposed rules that are still being worked out, ESPN would have to change Active.com's pages in order to count that traffic. In fact, ESPN must be the dominant brand on the page, or comprise 75 percent of the brand attribution, in order to count it, according to proposed rules. ESPN could not be immediately reached for comment.
Everybody suffered a little pain, but it's for the gain of the overall industry and the audience measurement business.
--Leo Scullin,
vice president, IAB
This change could affect ESPN.com's rivalry with the likes of No. 2 sports-news site, FoxSports.com, which according to Nielsen, draws about 13 million unique visitors monthly. However, FoxSports.com, a channel on MSN, might have to change branding on one of its popular sites, Scout.com, for it to retain the same traffic figures. "I'm keenly interested and support this project," said Andrew Hossom, director of marketing at FoxSports.com.
Why is this important? In one word--advertising. The sites with a bigger audience can command more advertising dollars. And up to now, there's been no one way that everyone agrees to tally that Web traffic. Nomenclature Project organizers hope the changes, which are not yet finalized and should go into effect in the middle of next year, will help Web publishers and their advertisers get a better understanding of how many people are visiting which sites, and how often.
"The measurement companies have had different hierarchies, and each partner site was able to roll up traffic in different ways, causing great consternation around the industry," said Leo Scullin, an IAB vice president who is driving the initiative.
The project has been in the works for the last two years. Scullin agrees that it could cause problems for some publishers, but he believes those issues have been identified well before the rules changes takes place.
"Everybody suffered a little pain, but it's for the gain of the overall industry and the audience measurement business," Scullin added
A maturing medium
IAB company members are working on the project with audience measurement firms including ComScore and Nielsen. Other IAB members include Yahoo, MSN and CNET, publisher of News.com. Nielsen declined to comment for the story and ComScore did not return a request for comment.
The initiative is part of a long-running campaign by the Web publishing industry to cast the Internet as a mature, accountable medium for advertising. More importantly, it's designed to make Web ads easy for advertisers to buy, so that traditional advertisers of TV, print and radio will be comfortable shifting their spending to the Internet.
The changes come at a time when industry ad sales are steadily growing. Interactive ad sales are rising at roughly 25 percent
annually, according to estimates. To keep the momentum, executives believe they need to smooth out kinks in the system.
"The way traffic is measured today is a very top-line view of the quality and loyalty of a given audience," said Adam Gerber, a former director of innovation at ad agency MediaVest Worldwide who's now handling advertising for Brightcove, a service that helps companies bring video online. "A media buyer needs a much clearer view of how audiences (find a specific site) because the Web is so dynamic."
Some would argue that agreed-upon metrics are a long time coming.
The online ad industry took more than a few lumps during the dot-com bust because it looked so complex to digital newcomers on Madison Avenue. Web advertising's appeal was not only in the promise that it could deliver a targeted ad to the right buyer at the right time--which didn't pan out then--but also in its measurability. For the first time, advertisers could see data on when a visitor "clicked" or responded to their ad.
A blessing and a curse
But the Internet's measurability turned out to be a blessing and a curse. Publishers had various methods of tracking clicks, ad delivery, visitors and page views (the number of people who look at a page), much to the bafflement of advertisers. Wading through the various data often taxed the patience of ad buyers. And advertisers were often disappointed in the response to their ads.
On the flip side, Web publishers have long been disgruntled over discrepancies in traffic figures from their own records and those of the audience-metric companies, the main supplier of figures to advertisers. Companies like Nielsen NetRatings rely on relatively small representative panels to estimate total traffic to a Web site. For example, it monitors roughly 20,000 people at home and 4,000 people at work to extrapolate figures. Publishers typically draw data from in-house analytic tools that measure actual traffic to their sites.
Related to that issue are variations in how publishers and metric firms count traffic, as well as how they "roll up" various Web sites into their properties.
"Traffic assignment is a huge issue," said Mark Friendler, CEO of GameDaily, a gaming news and download site.
"A lot of companies are rolling up any sites that will assign them their traffic to have the largest possible number to be on the radar" of an advertiser, he said.
Since the Internet bust, industry leaders have been trying to clean up the messy spots. One project finalized this past year, for example, pushed to create new standards for counting advertisements as they are delivered to a page. In that instance, the Web publishing industry reached consensus on counting ad "impressions" as when the visitor has the opportunity to see the ad on the page, or when the graphic is fully loaded on the page, as opposed to when the graphic is merely sent from an ad server. Some top sites are still changing their pages to meet the standard.
George Ivy, of the Media Ratings Council, an organization that looks at media measurement and accuracy across all media, is working on the standardization project with the IAB. He said that the ultimate goal of the project is to develop common methods for how to count the number of unique visitors to a site. Before that can be accomplished, he said, the task force must devise rules for what counts as a page view--can it be counted twice or only once for content partners?--and how digital tags known as "cookies" play into it.
For example, a certain number of visitors can be identified as "persistent" when they have a browser cookie set and associated with their computer. But many other visitors delete cookies and change computers. "How do you identify traffic from people that don't use cookies?" Ivy said.
Traffic from co-branded Web sites will also be a focus. Publishers that supply content to third parties would have to forgo traffic they used to count on their books. So regardless of whatever short-term pain the project causes, boosters are adamant that it will be a long-term gain for the Web publishing industry.
"It's a great project," said Gerber. "That's because it's going to drive organization and standardization for how content is effectively reported and measured."
No More Milk and Cookies for Santa Claus?
New Lactose Intolerance Diagnosis Makes Dairy Less Merry for Santa This Year
FORT WASHINGTON, Pa., Dec. 5 /PRNewswire/ -- Millions of Americans will soon participate in the time-honored Christmas Eve tradition of leaving milk and cookies out for Santa Claus. But this year, that glass of milk may present a problem for Saint Nick, who recently shared that he suffers from lactose intolerance.
According to The LACTAID® Brand(1) holiday survey, 48% of adults who have left something for Santa have offered up the traditional plate of cookies and a glass of milk. However, like the estimated 30 to 50 million other Americans who are lactose intolerant(2), Santa Claus can no longer digest the milk sugars found in dairy and often experiences unpleasant side effects as a result. This means that drinking all of those glasses of milk each Christmas Eve can result in a very uncomfortable ride back to the North Pole.
"For years, I've felt ho-ho-horrible after my night-time milk and cookie stops, but I always thought I'd just eaten one too many holiday goodies," said Santa Claus in a recent interview from his workshop. "Now that I know that I'm lactose intolerant, I'll be looking for something else to wash down my favorite sweet treats this year."
Lucky for Santa, lactose intolerance is one of the most common digestive disorders and symptoms can be easily and effectively managed without eliminating dairy. With a little help from the makers of LACTAID® Brand Products, Mrs. Claus has stocked Santa's workshop with his favorite lactose-free milk, new holiday eggnog, and ice cream products.
With Christmas Eve rapidly approaching, Santa asks all Americans to be sensitive to his new condition and spread the word: If you're going to offer up some holiday tidings this year, make Santa's glass of milk lactose-free. With nearly half of Americans believing that milk is Santa's favorite beverage(1), a few cartons of LACTAID® Milk will make for a much more pleasant sleigh ride home -- and maybe a few extra stocking stuffers from a very grateful Saint Nick.
FORT WASHINGTON, Pa., Dec. 5 /PRNewswire/ -- Millions of Americans will soon participate in the time-honored Christmas Eve tradition of leaving milk and cookies out for Santa Claus. But this year, that glass of milk may present a problem for Saint Nick, who recently shared that he suffers from lactose intolerance.
According to The LACTAID® Brand(1) holiday survey, 48% of adults who have left something for Santa have offered up the traditional plate of cookies and a glass of milk. However, like the estimated 30 to 50 million other Americans who are lactose intolerant(2), Santa Claus can no longer digest the milk sugars found in dairy and often experiences unpleasant side effects as a result. This means that drinking all of those glasses of milk each Christmas Eve can result in a very uncomfortable ride back to the North Pole.
"For years, I've felt ho-ho-horrible after my night-time milk and cookie stops, but I always thought I'd just eaten one too many holiday goodies," said Santa Claus in a recent interview from his workshop. "Now that I know that I'm lactose intolerant, I'll be looking for something else to wash down my favorite sweet treats this year."
Lucky for Santa, lactose intolerance is one of the most common digestive disorders and symptoms can be easily and effectively managed without eliminating dairy. With a little help from the makers of LACTAID® Brand Products, Mrs. Claus has stocked Santa's workshop with his favorite lactose-free milk, new holiday eggnog, and ice cream products.
With Christmas Eve rapidly approaching, Santa asks all Americans to be sensitive to his new condition and spread the word: If you're going to offer up some holiday tidings this year, make Santa's glass of milk lactose-free. With nearly half of Americans believing that milk is Santa's favorite beverage(1), a few cartons of LACTAID® Milk will make for a much more pleasant sleigh ride home -- and maybe a few extra stocking stuffers from a very grateful Saint Nick.
Monday, December 5, 2005
Cookies Misunderstood by Consumers, According to BlueLithium
Ad Network Identifies a Need for Further Education to Ease Web Surfers' Privacy Fears
SAN JOSE, Calif.--(BUSINESS WIRE)--Dec. 5, 2005--Many Internet users do not understand the benefits behind cookies. Web surfers mistakenly believe cookies invade privacy, according to an online poll recently conducted by BlueLithium, a San Jose-based direct response and brand marketing ad network.
The poll of more than 150 Internet users suggests that consumers have a universal privacy misconception of cookies, the backbone of behavioral optimization technology. Cookies enable online advertisers to determine useful demographic information about their online audiences. Sixty-four percent of online users surveyed are uninformed in believing cookies invade privacy.
Cookies are small text files that store non-invasive user actions, allowing a web site to better fulfill advertiser requests. Cookies cannot read or store personal or identifiable data stored on a user's computer. Only basic information such as the type of browser used, date and time a web site is visited and connection speed is available. BlueLithium and other online advertisers are reversing consumers' distrust by educating them on the benefits of cookies.
Poll results also reveal that 39 percent of respondents delete their cookies and temporary internet files on a weekly basis, making it difficult for online advertisers to target audiences according to online behavior. In addition, 52 percent of Internet users surveyed disable cookies needlessly before shopping online.
"Consumers incorrectly assume cookies allow the outside world to peek into their private lives and personal data," said Gurbaksh Chahal, CEO of BlueLithium. "A common misconception has developed among consumers that cookies are related to spyware and adware. We are changing this theory. Cookies do not invade privacy, and are actually beneficial to online users."
BlueLithium's behavioral optimization technology uses cookies to deliver information on products and services relevant to Internet users, advertisers, and publishers. This technology allows BlueLithium to bridge the gap between web site content and advertisements -- creating a more relevant Internet experience.
SAN JOSE, Calif.--(BUSINESS WIRE)--Dec. 5, 2005--Many Internet users do not understand the benefits behind cookies. Web surfers mistakenly believe cookies invade privacy, according to an online poll recently conducted by BlueLithium, a San Jose-based direct response and brand marketing ad network.
The poll of more than 150 Internet users suggests that consumers have a universal privacy misconception of cookies, the backbone of behavioral optimization technology. Cookies enable online advertisers to determine useful demographic information about their online audiences. Sixty-four percent of online users surveyed are uninformed in believing cookies invade privacy.
Cookies are small text files that store non-invasive user actions, allowing a web site to better fulfill advertiser requests. Cookies cannot read or store personal or identifiable data stored on a user's computer. Only basic information such as the type of browser used, date and time a web site is visited and connection speed is available. BlueLithium and other online advertisers are reversing consumers' distrust by educating them on the benefits of cookies.
Poll results also reveal that 39 percent of respondents delete their cookies and temporary internet files on a weekly basis, making it difficult for online advertisers to target audiences according to online behavior. In addition, 52 percent of Internet users surveyed disable cookies needlessly before shopping online.
"Consumers incorrectly assume cookies allow the outside world to peek into their private lives and personal data," said Gurbaksh Chahal, CEO of BlueLithium. "A common misconception has developed among consumers that cookies are related to spyware and adware. We are changing this theory. Cookies do not invade privacy, and are actually beneficial to online users."
BlueLithium's behavioral optimization technology uses cookies to deliver information on products and services relevant to Internet users, advertisers, and publishers. This technology allows BlueLithium to bridge the gap between web site content and advertisements -- creating a more relevant Internet experience.
Cookies Pegged as Privacy Threat
NEW YORK Well over half of users believe Internet tracking cookies invade their privacy, according to a new poll.
In a survey of 150 Internet users, 64 percent said cookies represent an invasion of their privacy. The poll was conducted by online ad network Blue Lithium, which recruited participants through banner ads.
The survey is the latest sign of trouble for Internet cookies, which are employed by Web advertisers and publishers to anonymously track users to target ads and measure their effectiveness.
Web advertisers and publishers have held that consumers concerned about cookies invading their privacy don't fully understand how they work. The Blue Lithium survey, however, found 83 percent of respondents claim they are familiar with cookies. Many consumers are not aware of the benefits of cookies, which can be used to keep passwords and personalization features at Web sites: 52 percent said they preferred to use the Internet with cookies disabled.
Various surveys have pegged the cookie-deletion rate by users at between 39 percent and 50 percent. Thirty-nine percent of respondents to Blue Lithium's survey said they deleted their cookies on a weekly basis and 25 percent do so monthly. Fifty-two percent said they disabled cookies before shopping online, fearing they could be used to collect personal data.
In a survey of 150 Internet users, 64 percent said cookies represent an invasion of their privacy. The poll was conducted by online ad network Blue Lithium, which recruited participants through banner ads.
The survey is the latest sign of trouble for Internet cookies, which are employed by Web advertisers and publishers to anonymously track users to target ads and measure their effectiveness.
Web advertisers and publishers have held that consumers concerned about cookies invading their privacy don't fully understand how they work. The Blue Lithium survey, however, found 83 percent of respondents claim they are familiar with cookies. Many consumers are not aware of the benefits of cookies, which can be used to keep passwords and personalization features at Web sites: 52 percent said they preferred to use the Internet with cookies disabled.
Various surveys have pegged the cookie-deletion rate by users at between 39 percent and 50 percent. Thirty-nine percent of respondents to Blue Lithium's survey said they deleted their cookies on a weekly basis and 25 percent do so monthly. Fifty-two percent said they disabled cookies before shopping online, fearing they could be used to collect personal data.
Tuesday, November 8, 2005
Choose Party Of First Part
THE LATEST REPORT ABOUT COOKIES from JupiterResearch advises that Web sites would do well to stop relying on tracking cookies placed by third parties for analytics. That is, sites should serve cookies from their own domains to keep track of data ranging from passwords to which pages users viewed. "Aggressive anti-spyware applications .... are widely deployed and extremely effective in removing third-party tracking cookies," states the report, written by Eric Peterson. "Although adopting first-party cookies is not a panacea, site operators are strongly encouraged to do so immediately."
It's not just Jupiter Research that's urging less reliance on third-party cookies. Yesterday, business and technology journalist Adam Penenberg wrote a column in online magazine Slate.com calling for marketers to eliminate tracking cookies.
First-party cookies generally remember information about users' behavior on the site that serves them. For instance, the cookies served by Amazon.com remember users' names, billing addresses and pages viewed within the site.
But third-party cookies potentially keep track of information about users as they surf a variety of Web sites. Among other uses, these types of cookies can be used to categorize users based on their Web-surfing behavior--a technique that some ad executives rely on, but that consumers seem to increasingly view with misgiving.
That misgiving is playing out as cookie deletions. Until this year, many in the online industry took for granted that consumers didn't give cookies much thought one way or the other. Certainly, few harbored the notion that consumers bothered deleting cookies. But in a Jupiter Research report from this spring, Peterson showed that users actually were erasing cookies, with around four in 10 deleting cookies monthly.
While it doesn't require much computer sophistication to delete cookies manually, consumers also use software programs to erase cookies--and those programs especially target third-party cookies, according to the report.
Still, despite the erasures, large media and e-commerce companies continue to use third-party cookies to a surprising degree. Of 12 leading Web sites examined by Jupiter Research, just two--Amazon.com and Travelocity.com--only used first-party cookies.
It's not just Jupiter Research that's urging less reliance on third-party cookies. Yesterday, business and technology journalist Adam Penenberg wrote a column in online magazine Slate.com calling for marketers to eliminate tracking cookies.
First-party cookies generally remember information about users' behavior on the site that serves them. For instance, the cookies served by Amazon.com remember users' names, billing addresses and pages viewed within the site.
But third-party cookies potentially keep track of information about users as they surf a variety of Web sites. Among other uses, these types of cookies can be used to categorize users based on their Web-surfing behavior--a technique that some ad executives rely on, but that consumers seem to increasingly view with misgiving.
That misgiving is playing out as cookie deletions. Until this year, many in the online industry took for granted that consumers didn't give cookies much thought one way or the other. Certainly, few harbored the notion that consumers bothered deleting cookies. But in a Jupiter Research report from this spring, Peterson showed that users actually were erasing cookies, with around four in 10 deleting cookies monthly.
While it doesn't require much computer sophistication to delete cookies manually, consumers also use software programs to erase cookies--and those programs especially target third-party cookies, according to the report.
Still, despite the erasures, large media and e-commerce companies continue to use third-party cookies to a surprising degree. Of 12 leading Web sites examined by Jupiter Research, just two--Amazon.com and Travelocity.com--only used first-party cookies.
Thursday, November 3, 2005
Cookies (the Online Kind) Can Be Good for You
NEW YORK -- Judging from the rising number of computer viruses, online phishing scams and incidents of Web-based identity theft, it is little wonder that consumers are growing increasingly frightened of becoming a victim on the Internet. This widespread fear among consumers has caused many Web users to become wary of even the most trusted Web sites they visit, as well as some of the basic technologies that for years have served to enhance the Web experience.
In fact, one of the clear victims of this wave of fear has been the much-maligned Internet cookie.
Cookies are small elements of data that Web sites store on visitors’ Web browsers in order to provide them with a more tailored user experience. Cookies recognize a user’s Internet browsing behavior and can be used to display information in response to this behavior, as well as remember Web site passwords and preferences, and personalize specific pages, content, banner ads, and promotions that appear on the site. Perhaps most importantly to an Internet user, cookies are used by advertisers to limit the number of times that a particular user sees the same ad creative, and by Web publishers to limit the number of pop-up or pop-under ads that a user receives per day.
For example, cookies can reduce the chance that a 25-year-old single male is served an ad for diapers when he goes to his favorite sports site. Web sites also use cookies to better understand Internet traffic patterns so they can enhance the user experience and provide more relevant information about their products and the content available on their site.
Cookies are not dangerous or malicious, but widespread confusion has lead many consumers to view them as just that. In fact, a survey conducted in early 2005 by JupiterResearch found as much as 39% of U.S. Web surfers delete cookies from their computers at least once a month, with 17% erasing cookies once a week and 10% cleaning them out daily.
Many in the online advertising industry believe the reason so many consumers are taking precious time to eradicate cookies from their system is simply misinformation or lack of understanding. In fact, marketers at a recent Network Advertising Initiative conference in New York identified consumer education as central to proactively addressing the issue of cookie deletion.
“The popular misconceptions consumers have about cookies have lead them to be unfairly associated with spyware and other malicious software,” explains David J. Moore, chairman and chief executive officer of 24/7 Real Media, a provider of global online advertising services.
“Average consumers don’t understand the purpose and benefits of cookies, nor do they the basic limitations of the information they can provide, so they mistakenly label cookies as something that is bad,” Moore adds. “The bottom line is that cookies play an important role in creating a positive Internet experience, and the online advertising industry must to do a better job of educating consumers that cookies are good for you online.”
According to Moore, here are some of the most prevalent myths about cookies:
Myth #1: Cookies, like worms and viruses, are harmful to Web users and their computers.
Fact: Cookies are not harmful. Unlike worms and viruses, cookies cannot damage your computer or the data saved on your hard drive. They are simply tiny text files, placed on a computer by a Web server and are only readable by the same server that placed them.
Myth #2: Cookies are another form of spyware bent on stealing sensitive personal information and invading a Web user’s privacy
.
Fact: Cookies contain only basic information such as a user’s browser type and IP address, or information that the user has voluntarily supplied, such as a stored passwords or preferences to customize a favorite site. Unlike spyware or computer viruses, cookies cannot be configured to do anything more than track anonymous Web user behavior.
Myth #3: Disabling or deleting cookies results in a safer, more enjoyable Web experience.
Fact: This is not true – in fact, cookies are what make the Web a more enjoyable, personalized experience. Without cookies, Internet users would have to remember all the passwords to all the different sites they visit. They would not be able to receive customized content, such as news, stock prices, sports scores or weather, and online shopping would be very cumbersome -- if not impossible. Instead, consumers would receive irrelevant information and content, such as advertising that fails to correspond with their personal interests and needs. In addition, disabling or deleting cookies does not make Web users safer from viruses or other similar online threats.
Myth #4: Cookies only serve the interests of online advertisers.
Fact: Cookies are beneficial to all Internet users -- advertisers, online content providers and consumers -- but in different ways. Like TV and radio, much of the Internet is supported by advertising. To keep content on the Web free for consumers, online publishers need to generate advertising revenue, and advertisers need to reach the right audience. Cookies help to do this more effectively while making sure that consumers are not getting bombarded with irrelevant or duplicative ads, content or promotions that can diminish the quality and value of the Web surfing experience.
“Consumers need to understand that retaining cookies will provide them the optimum online experience and foster the continued improvement and positive evolution on the Web,” Moore says. “As online publishers’ revenues increase, so will the quality and quantity of the site content they make available to consumers. The increased retention of cookies will also help ensure that the sites people visit remain free of subscription charges – something most consumers will agree is good for everyone on the Web.”
Source: ARA Content
In fact, one of the clear victims of this wave of fear has been the much-maligned Internet cookie.
Cookies are small elements of data that Web sites store on visitors’ Web browsers in order to provide them with a more tailored user experience. Cookies recognize a user’s Internet browsing behavior and can be used to display information in response to this behavior, as well as remember Web site passwords and preferences, and personalize specific pages, content, banner ads, and promotions that appear on the site. Perhaps most importantly to an Internet user, cookies are used by advertisers to limit the number of times that a particular user sees the same ad creative, and by Web publishers to limit the number of pop-up or pop-under ads that a user receives per day.
For example, cookies can reduce the chance that a 25-year-old single male is served an ad for diapers when he goes to his favorite sports site. Web sites also use cookies to better understand Internet traffic patterns so they can enhance the user experience and provide more relevant information about their products and the content available on their site.
Cookies are not dangerous or malicious, but widespread confusion has lead many consumers to view them as just that. In fact, a survey conducted in early 2005 by JupiterResearch found as much as 39% of U.S. Web surfers delete cookies from their computers at least once a month, with 17% erasing cookies once a week and 10% cleaning them out daily.
Many in the online advertising industry believe the reason so many consumers are taking precious time to eradicate cookies from their system is simply misinformation or lack of understanding. In fact, marketers at a recent Network Advertising Initiative conference in New York identified consumer education as central to proactively addressing the issue of cookie deletion.
“The popular misconceptions consumers have about cookies have lead them to be unfairly associated with spyware and other malicious software,” explains David J. Moore, chairman and chief executive officer of 24/7 Real Media, a provider of global online advertising services.
“Average consumers don’t understand the purpose and benefits of cookies, nor do they the basic limitations of the information they can provide, so they mistakenly label cookies as something that is bad,” Moore adds. “The bottom line is that cookies play an important role in creating a positive Internet experience, and the online advertising industry must to do a better job of educating consumers that cookies are good for you online.”
According to Moore, here are some of the most prevalent myths about cookies:
Myth #1: Cookies, like worms and viruses, are harmful to Web users and their computers.
Fact: Cookies are not harmful. Unlike worms and viruses, cookies cannot damage your computer or the data saved on your hard drive. They are simply tiny text files, placed on a computer by a Web server and are only readable by the same server that placed them.
Myth #2: Cookies are another form of spyware bent on stealing sensitive personal information and invading a Web user’s privacy
.
Fact: Cookies contain only basic information such as a user’s browser type and IP address, or information that the user has voluntarily supplied, such as a stored passwords or preferences to customize a favorite site. Unlike spyware or computer viruses, cookies cannot be configured to do anything more than track anonymous Web user behavior.
Myth #3: Disabling or deleting cookies results in a safer, more enjoyable Web experience.
Fact: This is not true – in fact, cookies are what make the Web a more enjoyable, personalized experience. Without cookies, Internet users would have to remember all the passwords to all the different sites they visit. They would not be able to receive customized content, such as news, stock prices, sports scores or weather, and online shopping would be very cumbersome -- if not impossible. Instead, consumers would receive irrelevant information and content, such as advertising that fails to correspond with their personal interests and needs. In addition, disabling or deleting cookies does not make Web users safer from viruses or other similar online threats.
Myth #4: Cookies only serve the interests of online advertisers.
Fact: Cookies are beneficial to all Internet users -- advertisers, online content providers and consumers -- but in different ways. Like TV and radio, much of the Internet is supported by advertising. To keep content on the Web free for consumers, online publishers need to generate advertising revenue, and advertisers need to reach the right audience. Cookies help to do this more effectively while making sure that consumers are not getting bombarded with irrelevant or duplicative ads, content or promotions that can diminish the quality and value of the Web surfing experience.
“Consumers need to understand that retaining cookies will provide them the optimum online experience and foster the continued improvement and positive evolution on the Web,” Moore says. “As online publishers’ revenues increase, so will the quality and quantity of the site content they make available to consumers. The increased retention of cookies will also help ensure that the sites people visit remain free of subscription charges – something most consumers will agree is good for everyone on the Web.”
Source: ARA Content
Wednesday, November 2, 2005
Privacy for Sale
When you surf the Internet, you leave footprints everywhere you go. Google conceivably knows every term you've searched for and every e-mail you've sent and received. Cookies greet you when you return to a site and track your movements when you stay within its pages or visit affiliated sites. Your ISP knows who you are and where you live or work whenever you get online.
This tracking continues far from your computer. The hundreds of publicly and privately owned surveillance cameras within a 10-block radius of my office capture my image when I buy a falafel or read a book in Washington Square Park. If you talk on a cell phone or send text messages from your PDA, your provider knows where you are. The same goes for when you pay for socks with a credit card or get cash from an ATM.
As the battle to provide ads better-targeted to online consumers intensifies, our information becomes more valuable to online marketers and publishers. Web surfers also fear that identity thieves are on the prowl for their personal data. The government is a potential bogeyman, too: As fears over terrorism intensify, the feds may find your personal data irresistible. In 2003, Congress scuttled the Total Information Awareness program, which would have enabled the Pentagon to mine millions of public and private records to search for indications of terrorist activity. But that doesn't mean the effort to combine databases has stalled—it's just been redirected.
So, how can we protect ourselves? We're going to have to pay for it. In the same way we fork over a few extra bucks a month for caller ID block and an unlisted phone number, we'll pay for anonymity in other areas. Privacy has become a commodity. The more our personal information gets out there, and the more valuable it becomes, the more incentive there will be for companies to shield it on our behalf.
There's a good chance you already have a personal firewall or a spyware remover installed on your machine. But there are loads of other products that can do everything from masking your IP address—kind of like driving in a car with a fake license plate—to scrambling your data so that anyone trying to intercept it will encounter gibberish, to services that claim to expunge your personal information from a whole range of databases and search engines. Some do what they say they can do. Others don't.
For $29.99, Acronis Privacy Expert Suite will wipe your hard drive of all traces of Web surfing. Anonymizer.com offers an array of products that do everything from masking your identity by routing your Web traffic through secure servers to encrypting your wireless connection. GhostSurf, a competing product, provides "an anonymous, encrypted Internet connection" that erases any trace of your surfing "to Department of Defense standards." Encryption schemes like PGP will let you send e-mail securely so that even if hackers intercept it upstream, they won't be able to read it. A program called SafeHouse will fully encrypt your hard drive to ensure that if your laptop is stolen, your data won't be.
Not everything that comes at a price can do the job. A new service called DeleteNow vows to expunge your personal information from search engines, databases, and directories for $2.99 a month. The company says it uses searchbots and a "deletion module" to search for and destroy information in databases and on the Web that its client doesn't want dispersed in the ether. But DeleteNow's claims are a bit exaggerated. It can't simply delete information from third-party Web sites—all it does is automate the process by which any user can ask that a page gets removed from a particular search engine. Believe me: If Google didn't remove its CEO Eric Schmidt's personal information from search results after the company raised a stink with CNET, it's not going to remove yours.
Not all privacy enhancers cost money. Some free Web-based services help those who simply want to control their information because they don't want "The Man" to have it—marketers, the government, whoever. Bugmenot offers communal logins and passwords—the password "liberalmedia" for the New York Times and the e-mail nypostisfuckingretartedforrquiringregistration@suckme.com to access the New York Post, for example—that allow users to avoid providing personal information at sites that require free (but annoying) registration. But the model that Hushmail, which offers snoop-proof e-mail, has adopted will probably hold sway in the future. The company gets you in the door by offering free e-mail accounts but then offers a number of different services that cost money.
Of course, it's possible that these services go too far. Do most of us really need to encrypt our hard drives so that pictures of our kids don't fall into enemy hands? The most important question, though, is whether it's right that individuals have to bear the economic burden of protecting their anonymity online. Shouldn't our own personal default settings be set on privacy?
Perhaps, but consider that the free flow of information online lowers the cost of doing business. It makes it easier and more cost-effective for marketers to find us and for publications to target ads based on our interests, which lowers prices for everyone. Those who opt out of receiving cookies, for example, are altering what has become the natural state of the Internet. Just like you don't assume you'll be anonymous when you walk down the street, you shouldn't assume you will be in cyberspace. No one would expect to get a funny-looking hat and a pair of dark sunglasses for free. You shouldn't expect to get the digital equivalent without paying for it, either.
This tracking continues far from your computer. The hundreds of publicly and privately owned surveillance cameras within a 10-block radius of my office capture my image when I buy a falafel or read a book in Washington Square Park. If you talk on a cell phone or send text messages from your PDA, your provider knows where you are. The same goes for when you pay for socks with a credit card or get cash from an ATM.
As the battle to provide ads better-targeted to online consumers intensifies, our information becomes more valuable to online marketers and publishers. Web surfers also fear that identity thieves are on the prowl for their personal data. The government is a potential bogeyman, too: As fears over terrorism intensify, the feds may find your personal data irresistible. In 2003, Congress scuttled the Total Information Awareness program, which would have enabled the Pentagon to mine millions of public and private records to search for indications of terrorist activity. But that doesn't mean the effort to combine databases has stalled—it's just been redirected.
So, how can we protect ourselves? We're going to have to pay for it. In the same way we fork over a few extra bucks a month for caller ID block and an unlisted phone number, we'll pay for anonymity in other areas. Privacy has become a commodity. The more our personal information gets out there, and the more valuable it becomes, the more incentive there will be for companies to shield it on our behalf.
There's a good chance you already have a personal firewall or a spyware remover installed on your machine. But there are loads of other products that can do everything from masking your IP address—kind of like driving in a car with a fake license plate—to scrambling your data so that anyone trying to intercept it will encounter gibberish, to services that claim to expunge your personal information from a whole range of databases and search engines. Some do what they say they can do. Others don't.
For $29.99, Acronis Privacy Expert Suite will wipe your hard drive of all traces of Web surfing. Anonymizer.com offers an array of products that do everything from masking your identity by routing your Web traffic through secure servers to encrypting your wireless connection. GhostSurf, a competing product, provides "an anonymous, encrypted Internet connection" that erases any trace of your surfing "to Department of Defense standards." Encryption schemes like PGP will let you send e-mail securely so that even if hackers intercept it upstream, they won't be able to read it. A program called SafeHouse will fully encrypt your hard drive to ensure that if your laptop is stolen, your data won't be.
Not everything that comes at a price can do the job. A new service called DeleteNow vows to expunge your personal information from search engines, databases, and directories for $2.99 a month. The company says it uses searchbots and a "deletion module" to search for and destroy information in databases and on the Web that its client doesn't want dispersed in the ether. But DeleteNow's claims are a bit exaggerated. It can't simply delete information from third-party Web sites—all it does is automate the process by which any user can ask that a page gets removed from a particular search engine. Believe me: If Google didn't remove its CEO Eric Schmidt's personal information from search results after the company raised a stink with CNET, it's not going to remove yours.
Not all privacy enhancers cost money. Some free Web-based services help those who simply want to control their information because they don't want "The Man" to have it—marketers, the government, whoever. Bugmenot offers communal logins and passwords—the password "liberalmedia" for the New York Times and the e-mail nypostisfuckingretartedforrquiringregistration@suckme.com to access the New York Post, for example—that allow users to avoid providing personal information at sites that require free (but annoying) registration. But the model that Hushmail, which offers snoop-proof e-mail, has adopted will probably hold sway in the future. The company gets you in the door by offering free e-mail accounts but then offers a number of different services that cost money.
Of course, it's possible that these services go too far. Do most of us really need to encrypt our hard drives so that pictures of our kids don't fall into enemy hands? The most important question, though, is whether it's right that individuals have to bear the economic burden of protecting their anonymity online. Shouldn't our own personal default settings be set on privacy?
Perhaps, but consider that the free flow of information online lowers the cost of doing business. It makes it easier and more cost-effective for marketers to find us and for publications to target ads based on our interests, which lowers prices for everyone. Those who opt out of receiving cookies, for example, are altering what has become the natural state of the Internet. Just like you don't assume you'll be anonymous when you walk down the street, you shouldn't assume you will be in cyberspace. No one would expect to get a funny-looking hat and a pair of dark sunglasses for free. You shouldn't expect to get the digital equivalent without paying for it, either.
Experian's 13 steps to get and keep safe online
1) Buy a recognised anti-viral program and set it to auto-update regularly. Free software is also available but carries no warranty.
2) Use anti-spyware software to protect against Spyware and Trojan software. Also, set your browser preferences only to accept cookies you recognise and wish to install. Many cookies are quite legitimate but others can act as spyware or Trojans – you can often tell from the name, which might contain words such as access, ad, tracker, backdoor, burrow or exe.
3) A personal firewall helps prevent Other users accessing your PC while you’re connected to the internet - but ensure it is swithched on.
4) Regularly install any operating system patches and fixes to keep your system security in place – you should be able to instruct your computer to check regularly.
5) Only use WiFi or Bluetooth in places, and with devices, you trust. Many wireless networks are not encrypted, so anyone with a little knowledge could eavesdrop. Keep your device in non-discoverable mode when you are not using WiFi or Bluetooth and use a personal identification number (PIN) to keep the device secure. Do not connect into non-secure access points in public places. If you must, do not send any sensitive information, such as your login details.
6) Do not reply to phishing e-mails, which are designed to look as though they come from your bank or an on-line service provider. They may ask you to confirm your account details, such as account number and password. They are always fakes- no reputable organisation will ever ask you to send this type of information. If you get an e-mail, never reveal this information and if you want to tell the organisation that is being imitated, call them using the official number on their legitimate website or use a directory enquiries service – the numbers on a phishing e-mail or fake website will be false, too.
7) If you receive mail from people or organisations you do not know, delete them and, if possible, inform your e-mail supplier that they are spam. Do not open any attachments – these are likely to carry viruses. Your anti-viral software should alert you or automatically delete any virus carrying messages. Never reply to these messages because that alerts spammers that the e-mail address is valid and you will be bombarded with more messages from more senders.
8) Microsoft Office programs such as Word, Excel and PowerPoint can contain a lot of hidden information that you had no intention of sharing with other people. Some versions of Word, for example, can track any alterations and changes that have been made while writing a document, which can be revealed later. Another example is a chart embedded in a PowerPoint document that can include the entire Excel workbook containing the chart’s data. Use plug-ins to strip documents of hidden content or convert them into pdfs. Check on the Microsoft site, www.microsoft.co.uk, for available plug-ins for your version of Office. There are several free pdf makers available and Apple Macintosh users will find a pdf maker built-in to OS X.
9) Information does not disappear when you place it in your computer’s waste basket or recycle bin. Buy and use a clean-up utility to overwrite the disk space of your discarded information. Delete sensitive and personal information if you need to send your PC to a supplier for a health check or upgrade.
10) Strangers can recover the contents of unwanted hard drives, disks and tapes from old equipment. The only completely safe way of preventing others from recovering the data is physical destruction. Contact your local council recycling centre for safe disposal.
11) Portable storage devices, such as USB key rings, are not secure, so keep them as safe as you would your passport or credit cards.
12) Most of us are dependant on our PCs now, so it makes sense to copy important documents on to a CD and keep it somewhere secure.
13) Buy a home shredder to destroy anything with your name and/or address or financial information on it, including unsolicited mail. These documents could be used to steal your identity or financial details. Making this small investment in privacy means that you can recycle your paper safely – so you are doing your bit for the environment, as well as being security-minded.
2) Use anti-spyware software to protect against Spyware and Trojan software. Also, set your browser preferences only to accept cookies you recognise and wish to install. Many cookies are quite legitimate but others can act as spyware or Trojans – you can often tell from the name, which might contain words such as access, ad, tracker, backdoor, burrow or exe.
3) A personal firewall helps prevent Other users accessing your PC while you’re connected to the internet - but ensure it is swithched on.
4) Regularly install any operating system patches and fixes to keep your system security in place – you should be able to instruct your computer to check regularly.
5) Only use WiFi or Bluetooth in places, and with devices, you trust. Many wireless networks are not encrypted, so anyone with a little knowledge could eavesdrop. Keep your device in non-discoverable mode when you are not using WiFi or Bluetooth and use a personal identification number (PIN) to keep the device secure. Do not connect into non-secure access points in public places. If you must, do not send any sensitive information, such as your login details.
6) Do not reply to phishing e-mails, which are designed to look as though they come from your bank or an on-line service provider. They may ask you to confirm your account details, such as account number and password. They are always fakes- no reputable organisation will ever ask you to send this type of information. If you get an e-mail, never reveal this information and if you want to tell the organisation that is being imitated, call them using the official number on their legitimate website or use a directory enquiries service – the numbers on a phishing e-mail or fake website will be false, too.
7) If you receive mail from people or organisations you do not know, delete them and, if possible, inform your e-mail supplier that they are spam. Do not open any attachments – these are likely to carry viruses. Your anti-viral software should alert you or automatically delete any virus carrying messages. Never reply to these messages because that alerts spammers that the e-mail address is valid and you will be bombarded with more messages from more senders.
8) Microsoft Office programs such as Word, Excel and PowerPoint can contain a lot of hidden information that you had no intention of sharing with other people. Some versions of Word, for example, can track any alterations and changes that have been made while writing a document, which can be revealed later. Another example is a chart embedded in a PowerPoint document that can include the entire Excel workbook containing the chart’s data. Use plug-ins to strip documents of hidden content or convert them into pdfs. Check on the Microsoft site, www.microsoft.co.uk, for available plug-ins for your version of Office. There are several free pdf makers available and Apple Macintosh users will find a pdf maker built-in to OS X.
9) Information does not disappear when you place it in your computer’s waste basket or recycle bin. Buy and use a clean-up utility to overwrite the disk space of your discarded information. Delete sensitive and personal information if you need to send your PC to a supplier for a health check or upgrade.
10) Strangers can recover the contents of unwanted hard drives, disks and tapes from old equipment. The only completely safe way of preventing others from recovering the data is physical destruction. Contact your local council recycling centre for safe disposal.
11) Portable storage devices, such as USB key rings, are not secure, so keep them as safe as you would your passport or credit cards.
12) Most of us are dependant on our PCs now, so it makes sense to copy important documents on to a CD and keep it somewhere secure.
13) Buy a home shredder to destroy anything with your name and/or address or financial information on it, including unsolicited mail. These documents could be used to steal your identity or financial details. Making this small investment in privacy means that you can recycle your paper safely – so you are doing your bit for the environment, as well as being security-minded.
Tuesday, November 1, 2005
Cookies that don't crumble
Security is an onion that keeps growing ? and ?Smart cookies? are another ring.
Browser cookies are a simple means of tracking how a browser is interacting with a website. Each one carries some history of such events, but also basic elements of software identification.
They’ve long been a target for fraudsters intent on “cookie poisoning” (impersonating a browser session) for this reason. But make them more hardened and might they also be a good way of authenticating an actual user?
One company, Digital Resolve, claims they can, and have invented “smart cookies” which can be used as an extra layer of user authentication with a claimed high degree of security.
The deeper recesses of a smart cookies are an industrial secret, but the company will tell us that each one contains information unique to that user’s browsing, which cannot be spoofed. These would include login access patterns, married to data from the http headers.
The cookie has an “expiration system” to overcome attempts to get round it by stealing or reusing it.
It’s a great idea in principle, but you do need a system at the back end – called Fraud Analyst - to make sense of these cookies. It is transparent to the user, but not entirely transparent to the company using this sort of technology. Equally, all authentication systems have a back-end cost, so that’s not a disadvantage as such.
Solving the security conundrum posed by phishing-type fraud is going to be messy, multi-faceted, and probably quite expensive.
Browser cookies are a simple means of tracking how a browser is interacting with a website. Each one carries some history of such events, but also basic elements of software identification.
They’ve long been a target for fraudsters intent on “cookie poisoning” (impersonating a browser session) for this reason. But make them more hardened and might they also be a good way of authenticating an actual user?
One company, Digital Resolve, claims they can, and have invented “smart cookies” which can be used as an extra layer of user authentication with a claimed high degree of security.
The deeper recesses of a smart cookies are an industrial secret, but the company will tell us that each one contains information unique to that user’s browsing, which cannot be spoofed. These would include login access patterns, married to data from the http headers.
The cookie has an “expiration system” to overcome attempts to get round it by stealing or reusing it.
It’s a great idea in principle, but you do need a system at the back end – called Fraud Analyst - to make sense of these cookies. It is transparent to the user, but not entirely transparent to the company using this sort of technology. Equally, all authentication systems have a back-end cost, so that’s not a disadvantage as such.
Solving the security conundrum posed by phishing-type fraud is going to be messy, multi-faceted, and probably quite expensive.
Back Off, Adware Firms
ADWARE COMPANIES HAVE LONG COMPLAINED about software removal firms deleting their ad-serving programs. The companies argue that consumers have chosen to download the programs, which serve pop-up ads based on Web-surfing behavior, and that software removal companies shouldn't interfere in that decision. To listen to some of the companies talk, you'd think software removal programs sneak onto consumers' hard drives, hijack their systems and then delete all traces of adware when no one's looking.
Now, the adware company Direct Revenue has joined the chorus of voices calling for software removal programs to be reined in. Direct Revenue CEO Jean Maheu recently told OnlineMediaDaily that his company's end-user license agreement warns consumers that the company might intervene should a software removal company try to stop Direct Revenue from serving pop-ups.
Doing so would be a very bad idea.
If adware companies agree that consumers have the right to delete any unwanted programs, what difference can it make whether they do so manually or through a software removal program?
The only answer that makes sense is that software removal programs are more efficient than consumers at deleting adware--which, of course, is precisely why consumers purchase software removal tools.
Adware companies also should remember that, in other contexts, they have defended their business model by championing the idea that consumers ultimately control their hard drives. When adware companies came under fire from publishers who argued that pop-ups unfairly competed with their ads, one of the adware companies' responses was that consumers, not publishers, own their desktops. If consumers chose to receive pop-ups, they argued, publishers had no place interfering.
But, by the same token, if consumers choose to use software removal programs to delete adware, the adware companies should back off from any attempts to stop that process.
Now, the adware company Direct Revenue has joined the chorus of voices calling for software removal programs to be reined in. Direct Revenue CEO Jean Maheu recently told OnlineMediaDaily that his company's end-user license agreement warns consumers that the company might intervene should a software removal company try to stop Direct Revenue from serving pop-ups.
Doing so would be a very bad idea.
If adware companies agree that consumers have the right to delete any unwanted programs, what difference can it make whether they do so manually or through a software removal program?
The only answer that makes sense is that software removal programs are more efficient than consumers at deleting adware--which, of course, is precisely why consumers purchase software removal tools.
Adware companies also should remember that, in other contexts, they have defended their business model by championing the idea that consumers ultimately control their hard drives. When adware companies came under fire from publishers who argued that pop-ups unfairly competed with their ads, one of the adware companies' responses was that consumers, not publishers, own their desktops. If consumers chose to receive pop-ups, they argued, publishers had no place interfering.
But, by the same token, if consumers choose to use software removal programs to delete adware, the adware companies should back off from any attempts to stop that process.
Sunday, October 16, 2005
Tips for avoiding 'smash and grab'
The Victorians dubbed it "smash and grab" - a thief strolls into a jewelry store, breaks a display case with hammer, grabs what he can and runs like heck. No class in comparison to bypassing an alarm system in the dark of night - but highly effective.
Much the same technique can be applied to any computer to which others have physical access. Walk away from your PC for lunch, and a moderately savvy podmate can strip-search your hard drive. In fact, he might even set it up for further exploits.
For our last two columns, we explored the classy approach to hacking with what I call commercial hackware - increasingly popular, user-friendly tools including boot disks that break system passwords and programs and hardware that steal your keystrokes. Today we're going to look at some of the quick and dirty stuff the bad guys use when they do get access - and what you can do about it.
Passwords are a key target of opportunity, since many kinds of personal financial data are accessed from PCs. Not only Web bank accounts or credit card accounts are of interest; investments, 401(k) retirement funds, even air mileage programs can be easily compromised and turned into cash. A hacker also can capture the passwords of your e-mail accounts or instant messaging.
The vulnerability is a function of Microsoft, Web site operators and lazy users. In Windows, Microsoft builds in an "autocomplete" utility that, among other things, remembers account names and passwords. Type in one or two letters of the account name and Windows obligingly fills out the rest. Some Web sites plant files called cookies on your computer that accomplish much the same thing. Thus, if a hacker knows your name and manages to get physical access to your computer, he can gain access to many of your accounts, since most of us use our last names for account names.
But wait, you say: Windows hides passwords (or, as the pros say, "suppresses" passwords) by overtyping them with asterisks - and a hacker exposes himself to arrest if he spends a lot of time in front of my computer. Thanks to password suppression, he can't write down the passwords and use them from another computer. Not the greatest security, but not too shabby.
Sorry, Charlie, that doesn't cut it. There are several easy-to-use utilities, one of which we will call "Utility X," that display suppressed passwords. I'd love to give you the name of the company that sells it, but my editor is nervous about handing out burglary tools. Worldly me, on the other hand, is rarely shocked by this sort of thing. But I did find it unsettling that a company is giving away this particular tool to promote a line of hacking tools it sells for cracking password security in such programs as Microsoft Word, personal finance and accounting systems, and even good old Winzip. Besides compressing files, Winzip is relied on for locking up files users don't want others to see.
The so-called Utility X has other nifty uses, too. If you check your e-mail program, you'll note that it, too, contains a suppressed password, the one for your remote mail server. The hacker can access your e-mail from any location, in a way that leaves no trace that the mail has been read - and even send mail in your name. (Along these same lines, I also tested a Utility Y, which recovers the stored passwords for instant messaging programs. I'll leave its potential to your imagination.)
So what do we do? You have to assume that any password that's stored on your computer can be read. And unless you can physically lock up your computer, you should not save passwords. You can deal with the worst offenders from inside Internet Explorer:
Go to Tools, Internet Options and select the "Content" tab (interestingly enough, not the "Security" tab). Hit the "Autocomplete" button. Up pops a screen with some options. Uncheck "User Names and Passwords," then hit the "Clear User Names and Passwords" button. You can also remove personal data and Web site trails by unchecking the other boxes and clearing those settings, too.
Sometimes individual applications, as per mail programs, store passwords internally. In most cases you can disable this feature and log in manually every time you use the program - though it's not practical if you're accustomed to checking your e-mail every five minutes. Your call.
Passwords to certain network resources are stored with user account data. Go to the Control Panel, select "User Accounts," then select yours. Under "Related Tasks," select "Manage My Network Passwords." You'll get a dialogue box: Delete any sites that would present a problem if compromised.
Some Web sites store access permissions by placing a "cookie" on your computer, a little file that identifies you when you access the site. High-security sites (think banking) usually know better, but you'll run into this system with magazines and newspapers that are collecting information about registered users. The key here: Use a low-security password for a low-security site. And if for some reason your bank offers to save your password, say no.
Much the same technique can be applied to any computer to which others have physical access. Walk away from your PC for lunch, and a moderately savvy podmate can strip-search your hard drive. In fact, he might even set it up for further exploits.
For our last two columns, we explored the classy approach to hacking with what I call commercial hackware - increasingly popular, user-friendly tools including boot disks that break system passwords and programs and hardware that steal your keystrokes. Today we're going to look at some of the quick and dirty stuff the bad guys use when they do get access - and what you can do about it.
Passwords are a key target of opportunity, since many kinds of personal financial data are accessed from PCs. Not only Web bank accounts or credit card accounts are of interest; investments, 401(k) retirement funds, even air mileage programs can be easily compromised and turned into cash. A hacker also can capture the passwords of your e-mail accounts or instant messaging.
The vulnerability is a function of Microsoft, Web site operators and lazy users. In Windows, Microsoft builds in an "autocomplete" utility that, among other things, remembers account names and passwords. Type in one or two letters of the account name and Windows obligingly fills out the rest. Some Web sites plant files called cookies on your computer that accomplish much the same thing. Thus, if a hacker knows your name and manages to get physical access to your computer, he can gain access to many of your accounts, since most of us use our last names for account names.
But wait, you say: Windows hides passwords (or, as the pros say, "suppresses" passwords) by overtyping them with asterisks - and a hacker exposes himself to arrest if he spends a lot of time in front of my computer. Thanks to password suppression, he can't write down the passwords and use them from another computer. Not the greatest security, but not too shabby.
Sorry, Charlie, that doesn't cut it. There are several easy-to-use utilities, one of which we will call "Utility X," that display suppressed passwords. I'd love to give you the name of the company that sells it, but my editor is nervous about handing out burglary tools. Worldly me, on the other hand, is rarely shocked by this sort of thing. But I did find it unsettling that a company is giving away this particular tool to promote a line of hacking tools it sells for cracking password security in such programs as Microsoft Word, personal finance and accounting systems, and even good old Winzip. Besides compressing files, Winzip is relied on for locking up files users don't want others to see.
The so-called Utility X has other nifty uses, too. If you check your e-mail program, you'll note that it, too, contains a suppressed password, the one for your remote mail server. The hacker can access your e-mail from any location, in a way that leaves no trace that the mail has been read - and even send mail in your name. (Along these same lines, I also tested a Utility Y, which recovers the stored passwords for instant messaging programs. I'll leave its potential to your imagination.)
So what do we do? You have to assume that any password that's stored on your computer can be read. And unless you can physically lock up your computer, you should not save passwords. You can deal with the worst offenders from inside Internet Explorer:
Go to Tools, Internet Options and select the "Content" tab (interestingly enough, not the "Security" tab). Hit the "Autocomplete" button. Up pops a screen with some options. Uncheck "User Names and Passwords," then hit the "Clear User Names and Passwords" button. You can also remove personal data and Web site trails by unchecking the other boxes and clearing those settings, too.
Sometimes individual applications, as per mail programs, store passwords internally. In most cases you can disable this feature and log in manually every time you use the program - though it's not practical if you're accustomed to checking your e-mail every five minutes. Your call.
Passwords to certain network resources are stored with user account data. Go to the Control Panel, select "User Accounts," then select yours. Under "Related Tasks," select "Manage My Network Passwords." You'll get a dialogue box: Delete any sites that would present a problem if compromised.
Some Web sites store access permissions by placing a "cookie" on your computer, a little file that identifies you when you access the site. High-security sites (think banking) usually know better, but you'll run into this system with magazines and newspapers that are collecting information about registered users. The key here: Use a low-security password for a low-security site. And if for some reason your bank offers to save your password, say no.
Sunday, September 25, 2005
Cookie News: Will you pay me to stop deleting my cookies?
Last night someone in the Web Analytics Forum posted a comparison of browser cookies and RFID devices based on their read of this post in Wired. I thought the post was particularly well written and it got me thinking about the missing piece of the puzzle, incentive.
In the Wired post, Bruce Sterling speculates that consumers will fear RFIDs because they're technologically complex and their use is obscured to the consumer. Sound familiar? It's basically people's complaint about cookies. Consumers simply don't understand what cookies are for and failing to derive any direct, tangible value from their use, they "vote" against cookies and remove them from their computers.
This reminded me of Walt Mossberg's rant on the subject in which he was making the case that cookies fit the definition of spyware. While many disagree with his central thesis, Walt said one thing that seemed kind of crazy at the time but appears less-so with every passing day:
"Rather than trying to legitimize tracking cookies with pressure and marketing campaigns, I suggest that, if they really believe tracking cookies are legitimate, the companies that use them simply go straight. They should ask a user's permission to install the cookies, pointing out whatever user benefits they believe the cookies provide. They might even offer users compensation for allowing tracking cookies on their machines."
I gleefully allow my grocer to compile data about my culinary preferences in exchange for a small discount on some purchases, I happily allow my credit card agency to track my buying habits in exchange for the ability to defer purchases and I enthusiastically provide the airlines insight into my travel patterns in exchange for the occassional upgrade or free flight. But what do I ** personally ** get in exchange for accepting browser cookies?
Nothing.
While I'm sure everyone would blanch at the prospect of being asked about accepting cookies at every site one visits (try it, it's painful) the notion that sites could provide incentive to consumers who keep their cookies is not that bad an idea. Cookies could be spun up as the "new loyalty card" and consumers could gain benefits as their cookies progressively age (e.g., are not somehow deleted.)
Site operators may want to consider how they can provide incremental value to consumers who opt to keep their specific cookies in their browsers. Assuming the use of first-party cookies, confirming the age of cookies is trivial from a technical standpoint. Sites could offer additional access/value/savings to their site visitors as they're able to confirm a long-standing relationship with said visitor. Considering this would help sites determine the actual value of cookies to the site, forcing the site to answer the question "How much are we willing to give consumers who keep our cookies?"
Retail sites could offer free shipping to "loyal" customers (as tracked by cookies), media properties could offer access to more/better/unique content for "loyal" visitors and marketing sites could make promotions available to prospects who keep their cookies. Cookies would develop a new, positive buzz in the consumer market. Average people would proactively switch to anti-spyware applications that don't delete cookies. Analytics measurement and advertising tracking would improve and consumers would feel like they were getting something of value out of the arrangement.
Cookies would be saved.
I welcome your thoughts on the subject
In the Wired post, Bruce Sterling speculates that consumers will fear RFIDs because they're technologically complex and their use is obscured to the consumer. Sound familiar? It's basically people's complaint about cookies. Consumers simply don't understand what cookies are for and failing to derive any direct, tangible value from their use, they "vote" against cookies and remove them from their computers.
This reminded me of Walt Mossberg's rant on the subject in which he was making the case that cookies fit the definition of spyware. While many disagree with his central thesis, Walt said one thing that seemed kind of crazy at the time but appears less-so with every passing day:
"Rather than trying to legitimize tracking cookies with pressure and marketing campaigns, I suggest that, if they really believe tracking cookies are legitimate, the companies that use them simply go straight. They should ask a user's permission to install the cookies, pointing out whatever user benefits they believe the cookies provide. They might even offer users compensation for allowing tracking cookies on their machines."
I gleefully allow my grocer to compile data about my culinary preferences in exchange for a small discount on some purchases, I happily allow my credit card agency to track my buying habits in exchange for the ability to defer purchases and I enthusiastically provide the airlines insight into my travel patterns in exchange for the occassional upgrade or free flight. But what do I ** personally ** get in exchange for accepting browser cookies?
Nothing.
While I'm sure everyone would blanch at the prospect of being asked about accepting cookies at every site one visits (try it, it's painful) the notion that sites could provide incentive to consumers who keep their cookies is not that bad an idea. Cookies could be spun up as the "new loyalty card" and consumers could gain benefits as their cookies progressively age (e.g., are not somehow deleted.)
Site operators may want to consider how they can provide incremental value to consumers who opt to keep their specific cookies in their browsers. Assuming the use of first-party cookies, confirming the age of cookies is trivial from a technical standpoint. Sites could offer additional access/value/savings to their site visitors as they're able to confirm a long-standing relationship with said visitor. Considering this would help sites determine the actual value of cookies to the site, forcing the site to answer the question "How much are we willing to give consumers who keep our cookies?"
Retail sites could offer free shipping to "loyal" customers (as tracked by cookies), media properties could offer access to more/better/unique content for "loyal" visitors and marketing sites could make promotions available to prospects who keep their cookies. Cookies would develop a new, positive buzz in the consumer market. Average people would proactively switch to anti-spyware applications that don't delete cookies. Analytics measurement and advertising tracking would improve and consumers would feel like they were getting something of value out of the arrangement.
Cookies would be saved.
I welcome your thoughts on the subject
Friday, September 23, 2005
Give Consumers a Choice
COOKIES, AND BY DEFAULT THE online advertising industry, have taken their share of punches lately. Industry trade publications and mainstream media outlets have written endlessly about reports that show large numbers of consumers are routinely deleting cookies from their computers. Then Walt Mossberg, one of the most well respected technology reporters in the country, weighed in via his Wall Street Journal column and registered his strong dislike for what he calls "tracking" cookies.
As Dave Morgan pointed out in his MediaPost column, our industry has to work on educating consumers about the need for and benefits derived from cookies. Consumers need to understand that an Internet without a cookie-enabled targeted advertising model will inevitably lead to more and more content accessible only by subscription or micro-payments.
I would, contend, however, that changing and altering consumer knowledge is an expensive and lengthy proposition. We could spend inordinate amounts of time, energy, and money, and barely move the needle on consumer perception of cookies. Lowest-common-denominator reporting in national broadcast media only makes this challenge more imposing. Cookies are inaccurately lumped into much larger articles that I would describe as sensationalized, Internet scare stories: "Beware of cookies. Marketers are watching you," etc.
As an industry, we need to provide consumers with an informed choice -- to opt-out of cookies. I would further argue that this choice shouldn't be buried deep within an ad network's site or privacy policy, but should be offered to consumers within every single ad that we serve them. Anti-spyware companies, which have a huge impact on the cookie deletion rate, also need to give consumers an informed choice. Currently some of those software programs label most third-party cookies as potential threats. Anti-spyware companies don't offer consumers the information that they need to make an informed choice about deleting cookies. Following the labeling of third-party cookies as threats, most consumers delete them without knowing how this practice affects their online experience.
Why won't anti-spyware companies give consumers more information so they can make an educated choice about which cookies to delete? The reason for this is clear: it's currently in the economic interest of anti-spyware companies to demonize cookies as harmful. With many spyware and adware companies changing their policies and business models in the face of pending legislation, the rationale for anti-spyware software has begun to fade. The response of anti-spyware companies has been to attempt to prove the usefulness of their software by labeling and defining cookies as harmful threats.
If the online ad industry were to adopt a strong opt-out policy and give consumers a choice regarding third-party cookies, it would create a stronger argument for anti-spyware companies to stop labeling third-party cookies as threats. If we, as an industry, give consumers a choice at every opportunity to opt-out from third-party cookies, the vendors of anti-spyware software will no longer have a legitimate or logical argument for labeling these cookies as threats.
When anti-spyware companies refuse to provide consumers with specific information about cookies, they do consumers a disservice by erasing cookies that are used to identify consumers who have opted out. Imagine the following scenario after we enable cookie opt-out directly from our banners: Angry consumers will contact ad networks or other companies that employ behavioral targeting technology to find out why they are still receiving targeted ads after opting-out. When that happens, we'll explain to consumers that their anti-spy software deleted the opt-out cookie without informing them which cookies correlate with each ad. Consumers will quickly learn that it's better not to erase cookies using their anti-spyware software or browsers, but instead to opt-out only from the ads they find offensive by using the opt-out links within the ads while leaving the other cookies untouched.
As an industry we claim that we provide consumers with a service. If we really believe in the service that we're providing, we should also allow consumers who don't like our service to opt-out.
As Dave Morgan pointed out in his MediaPost column, our industry has to work on educating consumers about the need for and benefits derived from cookies. Consumers need to understand that an Internet without a cookie-enabled targeted advertising model will inevitably lead to more and more content accessible only by subscription or micro-payments.
I would, contend, however, that changing and altering consumer knowledge is an expensive and lengthy proposition. We could spend inordinate amounts of time, energy, and money, and barely move the needle on consumer perception of cookies. Lowest-common-denominator reporting in national broadcast media only makes this challenge more imposing. Cookies are inaccurately lumped into much larger articles that I would describe as sensationalized, Internet scare stories: "Beware of cookies. Marketers are watching you," etc.
As an industry, we need to provide consumers with an informed choice -- to opt-out of cookies. I would further argue that this choice shouldn't be buried deep within an ad network's site or privacy policy, but should be offered to consumers within every single ad that we serve them. Anti-spyware companies, which have a huge impact on the cookie deletion rate, also need to give consumers an informed choice. Currently some of those software programs label most third-party cookies as potential threats. Anti-spyware companies don't offer consumers the information that they need to make an informed choice about deleting cookies. Following the labeling of third-party cookies as threats, most consumers delete them without knowing how this practice affects their online experience.
Why won't anti-spyware companies give consumers more information so they can make an educated choice about which cookies to delete? The reason for this is clear: it's currently in the economic interest of anti-spyware companies to demonize cookies as harmful. With many spyware and adware companies changing their policies and business models in the face of pending legislation, the rationale for anti-spyware software has begun to fade. The response of anti-spyware companies has been to attempt to prove the usefulness of their software by labeling and defining cookies as harmful threats.
If the online ad industry were to adopt a strong opt-out policy and give consumers a choice regarding third-party cookies, it would create a stronger argument for anti-spyware companies to stop labeling third-party cookies as threats. If we, as an industry, give consumers a choice at every opportunity to opt-out from third-party cookies, the vendors of anti-spyware software will no longer have a legitimate or logical argument for labeling these cookies as threats.
When anti-spyware companies refuse to provide consumers with specific information about cookies, they do consumers a disservice by erasing cookies that are used to identify consumers who have opted out. Imagine the following scenario after we enable cookie opt-out directly from our banners: Angry consumers will contact ad networks or other companies that employ behavioral targeting technology to find out why they are still receiving targeted ads after opting-out. When that happens, we'll explain to consumers that their anti-spy software deleted the opt-out cookie without informing them which cookies correlate with each ad. Consumers will quickly learn that it's better not to erase cookies using their anti-spyware software or browsers, but instead to opt-out only from the ads they find offensive by using the opt-out links within the ads while leaving the other cookies untouched.
As an industry we claim that we provide consumers with a service. If we really believe in the service that we're providing, we should also allow consumers who don't like our service to opt-out.
Thursday, September 22, 2005
Brad Berens chats with Safecount board member Mike Zeman about the fight to save cookies.
Safecount board member Mike Zeman is the director of insights and analytics for Starcom IP. In this role, he oversees the consumer insight and accountability research initiatives of all Starcom IP clients, which include Allstate, Kellogg's, Miller Brewing, Morgan Stanley/Discover Card and the U.S. Army. In addition to client-specific research, the insights and analytics function is also charged with the ideation and development of Starcom IP proprietary resources and tools.
iMedia: Let's start with the basics: we covered the launch of Safecount back in April, and then you named a board of directors in June. Now, six months post-launch, how would you describe Safecount? What is its mission? Who are its members? And, more generally, does the membership slant toward a particular population of agencies, publishers or vendors?
Mike Zeman: Safecount's mission remains the same as it was at inception, which I think is critically important. We must not lose focus of the task at hand which, both simply and complicatedly, is to enable a set of online measurement protocols that consumers can not only live with, but also appreciate and benefit from.
Certainly many of the folks in our industry and beyond have a vested stake in that mission, which is why Safecount's members span the agency, research company, ad-server, publisher and marketer arenas. And what's great is that there really isn't a majority stake by any of the above groups in terms of supporter composition. In fact, it's that heterogeneity that really ensures that all parties are forced to see the issues at hand from multiple angles.
iMedia: How would you describe Safecount's activities, triumphs and challenges of the last six months? Anything you're particularly proud of or disappointed by?
Zeman: In terms of triumphs, there have been many. First and foremost is that we've established this central forum for people in the industry to engage in a dialogue around these issues. Second would have to be the support we've received across the industry. On Safecount.org, there is an index of supporters, which is 11 scrolls down on my screen (approximately 400 people). I think that says a lot. Third, is the fact that we have helped (with others like NAI and CMOR) educate the Washington legislators that are grappling with the issues around spyware and spyware removal. Fourth, that we are gaining alignment on the buy and sell side to begin the very difficult but necessary task of having a direct dialogue with consumers around these issues. And lastly, we are proud that we have helped to push and secure behavioral-based studies of cookie-lifespan through the ARF and the IAB.
iMedia: So much of the time, we internet folks -- and the even slimmer subsection of internet marketing/advertising folks -- speak our own language, so it can be difficult for outsiders to understand. The difference, for example, between adware and spyware is clear to us, but often invisible to others. What has the experience of the Safecount folks been with this? Have you had to translate for civilians? And, if so, has the necessity of doing so been illuminating?
Zeman: We are currently going through that process. Some Safecount members have conducted research, some already public, some about to be. I would say a common theme is that consumers overall are certainly not crystal clear about cookies (even some people in that slimmer subsection of the industry are not). The real challenge, though, is that many of the misguided ones think that they are. Clearly, some education is needed, and what I can tell you is that when that education is initiated, we will be speaking through a consumer filter. Meaning, ample pre-testing will be done to ensure that our message is in a language that the average internet user can understand, and that consumers actually helped to develop.
iMedia: Is Safecount making any effort to get anti-spyware tools like Ad-Aware and WebRoot to whitelist some cookies and remove them from the spyware list? Reclassification would be one easy way of addressing the cookie perception problem? If so, what sort of cookies should be whitelisted? And what success have you had?
Zeman: What you're talking about is half of the Safecount equation. So we've got the consumer side, which largely rests with education and trust-building initiatives, and then we've got the business side. And, indeed, the end-goal there is to establish a list of cookies (and associated companies) that abide by a particular set of consumer-friendly protocols. In other words, these are cookies that should not be pooled in with those that represent potentially malicious software. Of course, enabling such a system is going to take time, but we think we are making progress.
I think we've cleared the first hurdle in that at least spyware detection companies are recognizing that a cookie in and of itself isn't an inherent danger. The next step is the formulation of what types of cookies should be whitelisted, so to speak. I can't guess what the breakout will be among company type, but, again, I think the key here is that they will be cookies worthy of consumer trust, and third-party blessed as such.
iMedia: On an individual level, do you have a sense of why the consumers who don't like cookies don't like them? These are, often enough, the same folks who will gladly sign away all their private information at the grocery store to save 10 cents on toilet paper... so why is a 4K piece of software so threatening?
Zeman: Well, I think you've really got two sets of people deleting cookies on a regular basis: 1) People who don't understand cookie technology/protocol and believe that they are malicious and invasive. 2) People who simply don't like the idea that their behavior is captured and stored in any way. In both cases, these folks are willing to sign away personally identifiable information in situations where no potential threat is perceived. Of course, it's going to be a lot easier to change the thinking of the first group (in terms of when a threat is real versus perceived) than the second, but I think the positive news is that the ratio of the two groups is probably 10 to one.
iMedia: On the same theme, Safecount talks a lot about changing the consumer and legislative mindset about cookies, but what about changes in cookies themselves. Are there technological changes on the horizon? Do you ever foresee a day when cookies would be permission-based as a default -- where as a matter of course a browser would ask before dropping a cookie?
Zeman: You know, it's hard for me to think of a situation where cookies would be opt-in on an ad-hoc basis. Reason being, you can pretty much already control the cookies that are being dropped on your machine via your browser settings. And, I don't think the opt-in versus blanket approach would alter behavior all that much given that consumers see the situation in a pretty black-and-white way. I also don't think consumers would be very receptive to the idea of having cookie permission pop-ups interrupt their internet usage on a continuous basis.
Regardless, I don't think the cookie technology is the thing that we need to be centered on. I think we must place our focus on gaining a consumer appreciation of the benefits of the type of tracking that cookies represent. As Nick Nyhan says, we don't want to get into a technological arms race with the consumer. That is simply a lose-lose situation.
iMedia: What should the industry look forward to from Safecount in the next six months?
Zeman: The industry at large will very shortly (i.e. in the next month or two) be hearing about what we feel is the beginning of the consumer education and trust-building process.
Look, we're realistic in terms of the frequency and continuity that we'll need to have in order to get this message across. But we've got to start somewhere, and we feel like we've got an approach that's going to, if nothing else, certainly be noticed by a very large portion of online consumers and will get people talking. As I mentioned, we'll also continue to work on the business side of the equation in parallel.
iMedia: Finally, what sort of help does Safecount need? What should the interested do to pitch in?
Zeman: Clearly we all stand to benefit from both the consumer and business initiatives that Safecount is pushing. So whether you are an ad-server, agency, marketer, research company, et cetera, there are certainly ways to chip in on one or both sides of the equation. There's a good chance that if you are in the industry we'll be reaching out to you. However, for those that are not contacted, please reach out to someone on the board of Safecount -- we'd love to get you involved. Additionally, if people have not already voiced their support on Safecount.org, we encourage them to do so. One group of constituents that we'd particularly like to see with a bit more representation on the support list is the marketer community.
Brad Berens is the executive editor for iMedia Communications.
Safecount board member Mike Zeman is the director of insights and analytics for Starcom IP. In this role, he oversees the consumer insight and accountability research initiatives of all Starcom IP clients, which include Allstate, Kellogg's, Miller Brewing, Morgan Stanley/Discover Card and the U.S. Army. In addition to client-specific research, the insights and analytics function is also charged with the ideation and development of Starcom IP proprietary resources and tools.
iMedia: Let's start with the basics: we covered the launch of Safecount back in April, and then you named a board of directors in June. Now, six months post-launch, how would you describe Safecount? What is its mission? Who are its members? And, more generally, does the membership slant toward a particular population of agencies, publishers or vendors?
Mike Zeman: Safecount's mission remains the same as it was at inception, which I think is critically important. We must not lose focus of the task at hand which, both simply and complicatedly, is to enable a set of online measurement protocols that consumers can not only live with, but also appreciate and benefit from.
Certainly many of the folks in our industry and beyond have a vested stake in that mission, which is why Safecount's members span the agency, research company, ad-server, publisher and marketer arenas. And what's great is that there really isn't a majority stake by any of the above groups in terms of supporter composition. In fact, it's that heterogeneity that really ensures that all parties are forced to see the issues at hand from multiple angles.
iMedia: How would you describe Safecount's activities, triumphs and challenges of the last six months? Anything you're particularly proud of or disappointed by?
Zeman: In terms of triumphs, there have been many. First and foremost is that we've established this central forum for people in the industry to engage in a dialogue around these issues. Second would have to be the support we've received across the industry. On Safecount.org, there is an index of supporters, which is 11 scrolls down on my screen (approximately 400 people). I think that says a lot. Third, is the fact that we have helped (with others like NAI and CMOR) educate the Washington legislators that are grappling with the issues around spyware and spyware removal. Fourth, that we are gaining alignment on the buy and sell side to begin the very difficult but necessary task of having a direct dialogue with consumers around these issues. And lastly, we are proud that we have helped to push and secure behavioral-based studies of cookie-lifespan through the ARF and the IAB.
iMedia: So much of the time, we internet folks -- and the even slimmer subsection of internet marketing/advertising folks -- speak our own language, so it can be difficult for outsiders to understand. The difference, for example, between adware and spyware is clear to us, but often invisible to others. What has the experience of the Safecount folks been with this? Have you had to translate for civilians? And, if so, has the necessity of doing so been illuminating?
Zeman: We are currently going through that process. Some Safecount members have conducted research, some already public, some about to be. I would say a common theme is that consumers overall are certainly not crystal clear about cookies (even some people in that slimmer subsection of the industry are not). The real challenge, though, is that many of the misguided ones think that they are. Clearly, some education is needed, and what I can tell you is that when that education is initiated, we will be speaking through a consumer filter. Meaning, ample pre-testing will be done to ensure that our message is in a language that the average internet user can understand, and that consumers actually helped to develop.
iMedia: Is Safecount making any effort to get anti-spyware tools like Ad-Aware and WebRoot to whitelist some cookies and remove them from the spyware list? Reclassification would be one easy way of addressing the cookie perception problem? If so, what sort of cookies should be whitelisted? And what success have you had?
Zeman: What you're talking about is half of the Safecount equation. So we've got the consumer side, which largely rests with education and trust-building initiatives, and then we've got the business side. And, indeed, the end-goal there is to establish a list of cookies (and associated companies) that abide by a particular set of consumer-friendly protocols. In other words, these are cookies that should not be pooled in with those that represent potentially malicious software. Of course, enabling such a system is going to take time, but we think we are making progress.
I think we've cleared the first hurdle in that at least spyware detection companies are recognizing that a cookie in and of itself isn't an inherent danger. The next step is the formulation of what types of cookies should be whitelisted, so to speak. I can't guess what the breakout will be among company type, but, again, I think the key here is that they will be cookies worthy of consumer trust, and third-party blessed as such.
iMedia: On an individual level, do you have a sense of why the consumers who don't like cookies don't like them? These are, often enough, the same folks who will gladly sign away all their private information at the grocery store to save 10 cents on toilet paper... so why is a 4K piece of software so threatening?
Zeman: Well, I think you've really got two sets of people deleting cookies on a regular basis: 1) People who don't understand cookie technology/protocol and believe that they are malicious and invasive. 2) People who simply don't like the idea that their behavior is captured and stored in any way. In both cases, these folks are willing to sign away personally identifiable information in situations where no potential threat is perceived. Of course, it's going to be a lot easier to change the thinking of the first group (in terms of when a threat is real versus perceived) than the second, but I think the positive news is that the ratio of the two groups is probably 10 to one.
iMedia: On the same theme, Safecount talks a lot about changing the consumer and legislative mindset about cookies, but what about changes in cookies themselves. Are there technological changes on the horizon? Do you ever foresee a day when cookies would be permission-based as a default -- where as a matter of course a browser would ask before dropping a cookie?
Zeman: You know, it's hard for me to think of a situation where cookies would be opt-in on an ad-hoc basis. Reason being, you can pretty much already control the cookies that are being dropped on your machine via your browser settings. And, I don't think the opt-in versus blanket approach would alter behavior all that much given that consumers see the situation in a pretty black-and-white way. I also don't think consumers would be very receptive to the idea of having cookie permission pop-ups interrupt their internet usage on a continuous basis.
Regardless, I don't think the cookie technology is the thing that we need to be centered on. I think we must place our focus on gaining a consumer appreciation of the benefits of the type of tracking that cookies represent. As Nick Nyhan says, we don't want to get into a technological arms race with the consumer. That is simply a lose-lose situation.
iMedia: What should the industry look forward to from Safecount in the next six months?
Zeman: The industry at large will very shortly (i.e. in the next month or two) be hearing about what we feel is the beginning of the consumer education and trust-building process.
Look, we're realistic in terms of the frequency and continuity that we'll need to have in order to get this message across. But we've got to start somewhere, and we feel like we've got an approach that's going to, if nothing else, certainly be noticed by a very large portion of online consumers and will get people talking. As I mentioned, we'll also continue to work on the business side of the equation in parallel.
iMedia: Finally, what sort of help does Safecount need? What should the interested do to pitch in?
Zeman: Clearly we all stand to benefit from both the consumer and business initiatives that Safecount is pushing. So whether you are an ad-server, agency, marketer, research company, et cetera, there are certainly ways to chip in on one or both sides of the equation. There's a good chance that if you are in the industry we'll be reaching out to you. However, for those that are not contacted, please reach out to someone on the board of Safecount -- we'd love to get you involved. Additionally, if people have not already voiced their support on Safecount.org, we encourage them to do so. One group of constituents that we'd particularly like to see with a bit more representation on the support list is the marketer community.
Brad Berens is the executive editor for iMedia Communications.
Nielsen/NetRatings Seeks MRC Nod
Nielsen/NetRatings, is officially seeking accreditation for its audience measurement procedures from the Media Rating Council.
Nielsen claims to be the only online measurement organization to have applied for such accreditation from the MRC, a non-profit organization that typically weighs in on the credibility of traditional media research. Nielsen is owned by Mediaweek parent VNU.
Initially, two Nielsen//NetRatings panels will be evaluated: the NetView panel, which is recruited using Random Digital Dial methodology, and the MegaPanel, which is based on monitoring actual users Web surfing habits. The MRC will also examine the how Nielsen integrates its various sources of data.
With this move, Nielsen appears to be hoping that accreditation will provide some distinction in an arena that is crowded and lacking a true leader, as companies like comScore Media Metrix and Hitwise also vie for a position of authority in the minds of media planners. Nielsen has recently been working closely with the Interactive Advertising Bureau in developing measurement standards in the industry, including how often users delete cookies, and how that effects the validity of audience data.
Nielsen claims to be the only online measurement organization to have applied for such accreditation from the MRC, a non-profit organization that typically weighs in on the credibility of traditional media research. Nielsen is owned by Mediaweek parent VNU.
Initially, two Nielsen//NetRatings panels will be evaluated: the NetView panel, which is recruited using Random Digital Dial methodology, and the MegaPanel, which is based on monitoring actual users Web surfing habits. The MRC will also examine the how Nielsen integrates its various sources of data.
With this move, Nielsen appears to be hoping that accreditation will provide some distinction in an arena that is crowded and lacking a true leader, as companies like comScore Media Metrix and Hitwise also vie for a position of authority in the minds of media planners. Nielsen has recently been working closely with the Interactive Advertising Bureau in developing measurement standards in the industry, including how often users delete cookies, and how that effects the validity of audience data.
Friday, September 9, 2005
Lost in the Cookie Debate--What About Data Harvesting?
AMID THE HUBBUB ABOUT COOKIES and their uses over the summer, one element of the debate seems to have been lost in the mix. Ironically, it is among the more prevalent uses of cookies, and also among the more potentially dangerous uses for publishers.
I'm talking about the instantaneous data harvesting that occurs routinely in the online ad buying/delivery process. Here are two types that have made a few companies and individuals extremely wealthy, while remaining predominantly under the radar of this debate.
Ad Broker Networks--these companies (like Advertising.com, Fastclick, Undertone Networks, and others) place cookies on consumer browsers as part of their ad buys. They typically capture and store information about where the person was surfing when the ad was delivered (such as the technology section of USAToday.com), what they just surfed before reaching that site (the referrer's Web site), who the advertiser is and what type of business/or offer is involved (i.e., Sprint, mobile telecom offer).
Additionally, this cookie obtains a great deal of technical information (the type of browser, browser plug-ins, machine brand, time of day, connection bandwidth, and IP-based geo-location), and finally, whether or not the surfer clicked on the ad.
These ad brokers capture this information to optimize the space that they bought (their business is to buy low and sell high) with CPA offers. However, they typically keep this information (both on the cookie and in a database, most likely), and re-use it whenever they see the user again. For example, they may routinely make large, multi-billion monthly page view buys on MSN or Yahoo! at a very, very low CPM--maybe for less than 40 cents. If they know that a user visits tech content at a major publisher site, is located in New York City, and has responded favorably to a mobile telecom offer recently, they could deliver that person a very high-value Verizon Wireless ad with an effective CPM of $10.
Essentially, the broker is able to leverage cookie-based data that they captured from one publisher on an earlier buy (which paid for itself) into a massive arbitrage on a subsequent buy solely because they were able to capture and re-use cookie-based data.
This is one of the major ways that ad brokers make money, of course. Rarely do publishers ever ask or require that these networks disclose which cookies they will be setting when they make buys. Nor do they require knowing what data the brokers will be capturing, or what they will do with it.
In fact, many times, the broker that buys the remnant space will not be the one that actually fills it. For example, a company like Drive Performance Media (DrivePM) may buy space from a publisher. They may have their ad server called first. If they don't see a cookie that they recognize, they may "hand-off" the space to Blue Lithium, who may do the same thing. They will look for one of their cookies. If they don't see one, they may hand it off to Right Media, who may resell the space again.
This kind of tactical data harvesting is almost always undisclosed to the publisher, and is certainly unknown to the consumer. Is it bad? Well--for publishers, it may be. But many publishers are happy to part with their remnant inventory under these terms. Is it bad for consumers? As eCommerce grows and the Web marketing model expands, that would be an even more difficult case to make.
Should it be more transparent? That's what I'm hoping to hear from you readers on. I think it needs to become more transparent--and soon. But I'm assuming many of you will disagree with me on that point.
The second type of Data Harvesting I'd like to examine here is done by Third-Party Ad Servers. Some third-party ad servers set a unique cookie in their own domain on all browsers of all campaigns that they see. This way, they are able to see this cookie in the future when they see the same user again, assuming that the user has kept the cookie.
Some third-party ad servers routinely keep technical information about the user with this cookie (browser type, etc.). Some third-party ad server contracts include as a standard default clause the right to keep and re-use certain anonymous data about the campaign. For example, they may keep information about what category of ad was displayed and how the user responded. They may keep information about what type of Web site or section or page the user was surfing or referred from when the ad was delivered. They might keep information of the frequency of visits or how recently they have seen the user. Some of these companies then re-use that data for campaign optimization as part of proprietary "optimization" that they charge advertisers for. They may also use this data much like the ad broker networks, and buy remnant inventory to then optimize it against CPA campaigns.
Atlas DMT, for example, may make purchases like those aforementioned on MSN to optimize their inventory, or they may just offer the optimization as a service. Essentially, they are able to convert the consumer data that they captured from publishers and from advertisers or other agencies that use their services into media arbitrage.
As consumers, are you aware that this is going on in your hard drive and vis 'a vis the sites you visit? More to the point, if you're a Web publisher, did you have any idea where your user data has been going and who else has been monetizing your users?
For years, I've been saying that the cookie/privacy issue is far more of a business matter than a consumer privacy matter, and I think that is truer still today than ever before.
But until Web publishers get the same kind of transparency from their affiliates that consumers are demanding from the publishers themselves, there will be far less industry awareness than is needed in this debate.
Thursday, September 1, 2005
Tech Q&A: What are cookies, and are they dangerous?
By Anick Jesdanun, The Associated Press
Q. I've been hearing a lot lately about "cookies" on my computer. What are they, and are they really dangerous?
A. Cookies have been getting a bad reputation lately because some are linked to spyware and adware, programs that often sneak onto your computers. Many anti-spyware programs identify cookies as threats because Web sites can use them to target ads based on your surfing habits.
But cookies are much more than that.
Fundamentally, cookies are small data files your Web browser uses to help sites remember who you are. They were invented at Netscape Communications Corp. a decade ago and incorporated into the then-reigning Netscape Navigator browsers to make Web surfing more efficient. Other browsers soon adopted cookies, too.
Without cookies, each interaction with a Web site would be treated as a new visit. The site would have no way of knowing that the page you just called up and the one you called up five minutes ago were summoned by the same person.
That's often not a problem for basic Web pages.
But for commercial Web sites, it can be.
By Anick Jesdanun, The Associated Press
Q. I've been hearing a lot lately about "cookies" on my computer. What are they, and are they really dangerous?
A. Cookies have been getting a bad reputation lately because some are linked to spyware and adware, programs that often sneak onto your computers. Many anti-spyware programs identify cookies as threats because Web sites can use them to target ads based on your surfing habits.
But cookies are much more than that.
Fundamentally, cookies are small data files your Web browser uses to help sites remember who you are. They were invented at Netscape Communications Corp. a decade ago and incorporated into the then-reigning Netscape Navigator browsers to make Web surfing more efficient. Other browsers soon adopted cookies, too.
Without cookies, each interaction with a Web site would be treated as a new visit. The site would have no way of knowing that the page you just called up and the one you called up five minutes ago were summoned by the same person.
That's often not a problem for basic Web pages.
But for commercial Web sites, it can be.
Thursday, August 25, 2005
Major Publisher Discusses Targeting
USA Today's Vice President of Sales Lorraine Ross discusses behavioral targeting with iMedia's Neil Perry.
Coming soon from iMedia Communications is a new report, "Demystifying, Defining and Profiting from Behavioral Targeting." For the report, iMedia Vice President Neil Perry interviewed a wide range of industry experts, including USA Today's Vice President of Sales Lorraine Ross. While some of her most important insights appear in the soon-to-be-released report, here we present an extended excerpt from the interview.
Neil Perry: Who is your provider for behavioral targeting, and how long have they been doing it?
Lorraine Ross: The provider is TACODA, and we have been doing it since … I think we launched it September 2003.
Perry: What is the benefit to USA Today of behavioral targeting?
Ross: The benefit to us is it helps us optimize our inventory by putting the focus on the characteristics of the audience, regardless of where they are on the site. You create value by identifying the audience, not just the content they are reading. And, so, you multiply the value. It is not like you are abandoning the value of the contextual relevance; but you are able to say, "Oh, and in addition, we know this about this person."
The less anonymous our reader is to the marketers, the more valuable he or she becomes.
So, it optimizes the inventory. It also helps to drive rates, because you are, to a certain extent, profiling. You are able to profile me, the reader … you are able to get more for exposing the marketer to that reader, that audience member.
Perry: What about for the marketer? How do you serve it up to the advertiser? What is the benefit to them?
Ross: Well, better targeting. I think that there is … the ability to provide more and more targeting against the individual, not necessarily in a [direct response way], you know clickthrough, or take-action kind of way; but, just in terms of being able to identify demographics, behavior (meaning sort of intention, or mindset), geography -- all of these things are incredibly valuable to a marketer, because they are able to speak directly either their best customers, or best prospects.
Perry: All right, now how satisfied would you say you are with the success of your behavioral targeting program?
Ross: I am very satisfied. It is still in its infancy, though. I think that behavioral targeting still has a long way to go as we continue to, first of all, grow our audience and collect and aggregate information about our readers. You know, for example, we have a mortgage calculator on our site. We have looked at creating a behavioral segment around it, because certainly that kind of purchase intent is ... to be able to identify that is phenomenal -- it is phenomenally valuable. But, we don't have enough people at any one time really using the mortgage calculator on our new site, (because we are not a financial site specifically), for it to really make sense for us now.
But, as our audience, as our site continues to grow, or we link into other sites, then that potential is really there to create those segments. So, we are very satisfied with the contribution that behavioral targeting has made so far. But, I think we continue to look out to say, "All right, what else can we do with identifying our readers? How else can we do that? And, how can we even cross path the characteristics? Can we layer things on top of one another to make it that much more specific?"
Perry: Have the marketers who are utilizing it gotten a little skittish of late, with all of the HR29 [anti-spyware legislation] related stuff that is going on out there, and all of the focus on cookies? Or, are they still pretty actively engaged in behavioral targeting?
Ross: They seem to be actively engaged. They care about their success metrics. And, from what I can tell, there is full movement away from rigid adherence to success metrics, such as, "Well, we need people. We don't care how you do it, Mr. Publisher. But, we need people to visit our site and go through three page views, or we don't consider it to be a success." So, they are really, really still very, very busy evaluating on the back end. If we could do it by only serving ads on Tuesdays, and that got them their success metrics, that would be fine with them. It is really the publisher that is saying, "I think I know what would work for you." We are trying to answer the marketer's problem. But, the marketers … I don't even think they care how the problem gets solved. It is really up to the publisher. But, they recognize logically behavioral targeting makes sense as a way to attack that problem.
Perry: Approximately what percentage of your campaigns are behavioral targeted, or include a behavioral targeting piece? And, where do you think it is going to go next year?
Ross: I think there is never a campaign that is solely behavioral targeting. That is largely because we are trying to optimize a client's campaign. They come to us, and we say, "Okay, a little of this, and a little of this, and a little of this." A little contextual, a little behavioral, a little demographic targeting. And, then that gives the publisher the flexibility to, when the marketer comes back and says "This part is really working, but this part is not," you are able to really hold them to the buy. But you know, you start out with three different options, three different choices. So, there is an inherent expectation that the client is going to come back to want to optimize.
But, to answer your question, and what I will do is I will go back to finance and ask for the percentages, because the [estimated] amount of … the number of proposals, or IOs [insertion orders], that actually contain a behavioral targeted component is about 50 percent. But, the amount from behavioral targeting very, very specifically and narrowly stated is maybe, you know, 10 to 15 percent.
Neil Perry: What are your thoughts, and your company's thoughts, about all of the broo ha ha over cookies, and the deletion of cookies, et cetera.?
Lorraine Ross: You know, we have read the Jupiter survey, and I keep up on all of my newsletters, and … I think they are right. I think that there are an awful lot of people who are deleting their cookies, even inadvertently by using AdAware or Spybot. Keeping your PC clean of viruses has become, I think, critical to consumers. And, if by using those products you are wiping out cookies, then, yeah, I think cookie counts are incredibly unstable. So, I think that there is a real issue there. I do. And, I think that it is really problematic. It sets us back, because it prevents us from really understanding a lot of things -- the total size of your audience, frequency -- all of these things are compromised when users are aggressively deleting their cookies. I mean, you run the risk of asking them again for registration information, and it is just … you know, you really get worried about that.
Perry: Yeah. The consumers are getting, I think, much more reluctant to offer up that information, just because those one or two times you get taken advantage of it is just a nightmare.
Ross: Well, and then you … especially when the registration process is a little bit, somewhat onerous. Then, your cookie gets wiped out because you are using an AdAware program because you are trying to eliminate viruses. And, then you go back to your favorite site, and they want the same information all over again. And so it is a slippery slope.
Perry: Yeah, like when you ask just to get a copy of an article, and six screens later you are still filling out some forms, and you start realizing …
Ross: Yeah, I think that that is really a problem. That is why we have made a conscious decision not to go … and here is where the difference is: I think the companies that are contact companies exclusively are going to have a really tough time maintaining a customer information database and asking people for information. I think companies that are utility based, and I mean media companies like Yahoo! … well, you are really going there to use a tool, and the contact is really a nice side business for them. But, you are really going there because that is where your email is. Or, you are going to, you know, you are going to use a tool. Then, I think that they have a better chance of … you would be more likely, more inclined, to go ahead and put that information back in again.
I also think that … (I forgot to mention this earlier) one thing we have done is we have undertaken what we call the "perceptive cookie project" here, where we try to … you probably can only host, I guess it is anywhere up to 20 cookies, at any one time. And, so the cookies will get bumped off if new cookies are being introduced. You just can't host that many. So, we also have tried to do that where certain cookies will be made persistent. It is almost like you put a timestamp on the really important ones. And, you push those to the front of the line. It doesn't eliminate the problem of cookie deletion. But, at the very least, you can take the most important cookies to you … or, the ones that are, you know, site designated, and then make sure that they are the freshest cookies so that they never expire and get bumped off of a browser.
Perry: What advice do you have to either marketers or advertisers that are considering behavioral targeting?
Ross: Ummm … advice. What really works best is when marketers come to us with broadly stated issues, and they help us to solve the problem with them. Because, most of the time, we don't have a canned segment created for them. But, if we apply our brains and some technology we can come up with a customized solution. I think increasingly sites will be required to really come up with more customized approaches to a marketer's problems. And, behavioral, I would include in that. Some of these solutions are only going to work if the site is gigantic -- like one of the portals. But, that is the advice I would give: when you receive directions from clients that are really very tactical … and I get really worried about behavioral standards, because I think, well, one size is not going to fit all. I mean, we might be able to solve your problem without necessarily adhering to an arbitrary standard that you are setting for the behavioral segment. Let us try some different things with you, to try to solve that problem.
Perry: Thoughts on the future?
Ross: Where it is going to go to next is, I think, really interesting, because publishers are increasingly … technology is being developed, software is being developed, that allows publishers to database all of their information and metatag all of their information. And, increasingly, publishers are moving in this direction. We will be able to take advantage of some of the … not so much Google's business model, if you will, by observing the behaviors, on a nuance level on our site. So, for example, publishers are moving towards the dynamic display of information.
So, you come to my site, and you are looking for information about a certain band, say, in the music section. And, the publisher at this point will be able to, very soon, offer you up a page -- and, it really doesn't even exist on our site, but because you requested information about a specific band, we are able to dynamically compose a page of relevant articles, photos, video … you know, links right in front of you.
And, I think where behavioral targeting goes after that is that now I know that you have this interest. And, you have used my site in a way that maybe you formerly would have used a search engine … to be, just to be entertained and get your information. And, that is going to provide publishers with much more insight into their behavior and purchase intent, rather than just, "Well, what did you tell me in your ZAG [ZIP Code, Age, Gender] registration form? And, have you gone to the travel section, you know, a couple of times in the last 30 days?" So, I think publishers, and the publishing model, are really shifting in an interesting way that will allow us to -- without invading anybody's privacy -- be able to really infer a lot more about our readers and be able to offer that kind of relevant advertising that everyone says that they are interested in. So, that is going to change, and I look forward to that, because it is better targeting, better targeting, better targeting!
Perry: Yeah, and really, that is the strength of our business. And, we are really starting to assert our muscle, right now, in that area. So, it is great.
Ross: Yeah, I mean, publishing is changing, and that is going to have a direct impact on our ability to understand readers and serve them better advertising.
Perry: Yeah. Great. Well, listen, I really enjoyed this conversation, and I appreciate you taking the time.
Ross: All right, take care.
Coming soon from iMedia Communications is a new report, "Demystifying, Defining and Profiting from Behavioral Targeting." For the report, iMedia Vice President Neil Perry interviewed a wide range of industry experts, including USA Today's Vice President of Sales Lorraine Ross. While some of her most important insights appear in the soon-to-be-released report, here we present an extended excerpt from the interview.
Neil Perry: Who is your provider for behavioral targeting, and how long have they been doing it?
Lorraine Ross: The provider is TACODA, and we have been doing it since … I think we launched it September 2003.
Perry: What is the benefit to USA Today of behavioral targeting?
Ross: The benefit to us is it helps us optimize our inventory by putting the focus on the characteristics of the audience, regardless of where they are on the site. You create value by identifying the audience, not just the content they are reading. And, so, you multiply the value. It is not like you are abandoning the value of the contextual relevance; but you are able to say, "Oh, and in addition, we know this about this person."
The less anonymous our reader is to the marketers, the more valuable he or she becomes.
So, it optimizes the inventory. It also helps to drive rates, because you are, to a certain extent, profiling. You are able to profile me, the reader … you are able to get more for exposing the marketer to that reader, that audience member.
Perry: What about for the marketer? How do you serve it up to the advertiser? What is the benefit to them?
Ross: Well, better targeting. I think that there is … the ability to provide more and more targeting against the individual, not necessarily in a [direct response way], you know clickthrough, or take-action kind of way; but, just in terms of being able to identify demographics, behavior (meaning sort of intention, or mindset), geography -- all of these things are incredibly valuable to a marketer, because they are able to speak directly either their best customers, or best prospects.
Perry: All right, now how satisfied would you say you are with the success of your behavioral targeting program?
Ross: I am very satisfied. It is still in its infancy, though. I think that behavioral targeting still has a long way to go as we continue to, first of all, grow our audience and collect and aggregate information about our readers. You know, for example, we have a mortgage calculator on our site. We have looked at creating a behavioral segment around it, because certainly that kind of purchase intent is ... to be able to identify that is phenomenal -- it is phenomenally valuable. But, we don't have enough people at any one time really using the mortgage calculator on our new site, (because we are not a financial site specifically), for it to really make sense for us now.
But, as our audience, as our site continues to grow, or we link into other sites, then that potential is really there to create those segments. So, we are very satisfied with the contribution that behavioral targeting has made so far. But, I think we continue to look out to say, "All right, what else can we do with identifying our readers? How else can we do that? And, how can we even cross path the characteristics? Can we layer things on top of one another to make it that much more specific?"
Perry: Have the marketers who are utilizing it gotten a little skittish of late, with all of the HR29 [anti-spyware legislation] related stuff that is going on out there, and all of the focus on cookies? Or, are they still pretty actively engaged in behavioral targeting?
Ross: They seem to be actively engaged. They care about their success metrics. And, from what I can tell, there is full movement away from rigid adherence to success metrics, such as, "Well, we need people. We don't care how you do it, Mr. Publisher. But, we need people to visit our site and go through three page views, or we don't consider it to be a success." So, they are really, really still very, very busy evaluating on the back end. If we could do it by only serving ads on Tuesdays, and that got them their success metrics, that would be fine with them. It is really the publisher that is saying, "I think I know what would work for you." We are trying to answer the marketer's problem. But, the marketers … I don't even think they care how the problem gets solved. It is really up to the publisher. But, they recognize logically behavioral targeting makes sense as a way to attack that problem.
Perry: Approximately what percentage of your campaigns are behavioral targeted, or include a behavioral targeting piece? And, where do you think it is going to go next year?
Ross: I think there is never a campaign that is solely behavioral targeting. That is largely because we are trying to optimize a client's campaign. They come to us, and we say, "Okay, a little of this, and a little of this, and a little of this." A little contextual, a little behavioral, a little demographic targeting. And, then that gives the publisher the flexibility to, when the marketer comes back and says "This part is really working, but this part is not," you are able to really hold them to the buy. But you know, you start out with three different options, three different choices. So, there is an inherent expectation that the client is going to come back to want to optimize.
But, to answer your question, and what I will do is I will go back to finance and ask for the percentages, because the [estimated] amount of … the number of proposals, or IOs [insertion orders], that actually contain a behavioral targeted component is about 50 percent. But, the amount from behavioral targeting very, very specifically and narrowly stated is maybe, you know, 10 to 15 percent.
Neil Perry: What are your thoughts, and your company's thoughts, about all of the broo ha ha over cookies, and the deletion of cookies, et cetera.?
Lorraine Ross: You know, we have read the Jupiter survey, and I keep up on all of my newsletters, and … I think they are right. I think that there are an awful lot of people who are deleting their cookies, even inadvertently by using AdAware or Spybot. Keeping your PC clean of viruses has become, I think, critical to consumers. And, if by using those products you are wiping out cookies, then, yeah, I think cookie counts are incredibly unstable. So, I think that there is a real issue there. I do. And, I think that it is really problematic. It sets us back, because it prevents us from really understanding a lot of things -- the total size of your audience, frequency -- all of these things are compromised when users are aggressively deleting their cookies. I mean, you run the risk of asking them again for registration information, and it is just … you know, you really get worried about that.
Perry: Yeah. The consumers are getting, I think, much more reluctant to offer up that information, just because those one or two times you get taken advantage of it is just a nightmare.
Ross: Well, and then you … especially when the registration process is a little bit, somewhat onerous. Then, your cookie gets wiped out because you are using an AdAware program because you are trying to eliminate viruses. And, then you go back to your favorite site, and they want the same information all over again. And so it is a slippery slope.
Perry: Yeah, like when you ask just to get a copy of an article, and six screens later you are still filling out some forms, and you start realizing …
Ross: Yeah, I think that that is really a problem. That is why we have made a conscious decision not to go … and here is where the difference is: I think the companies that are contact companies exclusively are going to have a really tough time maintaining a customer information database and asking people for information. I think companies that are utility based, and I mean media companies like Yahoo! … well, you are really going there to use a tool, and the contact is really a nice side business for them. But, you are really going there because that is where your email is. Or, you are going to, you know, you are going to use a tool. Then, I think that they have a better chance of … you would be more likely, more inclined, to go ahead and put that information back in again.
I also think that … (I forgot to mention this earlier) one thing we have done is we have undertaken what we call the "perceptive cookie project" here, where we try to … you probably can only host, I guess it is anywhere up to 20 cookies, at any one time. And, so the cookies will get bumped off if new cookies are being introduced. You just can't host that many. So, we also have tried to do that where certain cookies will be made persistent. It is almost like you put a timestamp on the really important ones. And, you push those to the front of the line. It doesn't eliminate the problem of cookie deletion. But, at the very least, you can take the most important cookies to you … or, the ones that are, you know, site designated, and then make sure that they are the freshest cookies so that they never expire and get bumped off of a browser.
Perry: What advice do you have to either marketers or advertisers that are considering behavioral targeting?
Ross: Ummm … advice. What really works best is when marketers come to us with broadly stated issues, and they help us to solve the problem with them. Because, most of the time, we don't have a canned segment created for them. But, if we apply our brains and some technology we can come up with a customized solution. I think increasingly sites will be required to really come up with more customized approaches to a marketer's problems. And, behavioral, I would include in that. Some of these solutions are only going to work if the site is gigantic -- like one of the portals. But, that is the advice I would give: when you receive directions from clients that are really very tactical … and I get really worried about behavioral standards, because I think, well, one size is not going to fit all. I mean, we might be able to solve your problem without necessarily adhering to an arbitrary standard that you are setting for the behavioral segment. Let us try some different things with you, to try to solve that problem.
Perry: Thoughts on the future?
Ross: Where it is going to go to next is, I think, really interesting, because publishers are increasingly … technology is being developed, software is being developed, that allows publishers to database all of their information and metatag all of their information. And, increasingly, publishers are moving in this direction. We will be able to take advantage of some of the … not so much Google's business model, if you will, by observing the behaviors, on a nuance level on our site. So, for example, publishers are moving towards the dynamic display of information.
So, you come to my site, and you are looking for information about a certain band, say, in the music section. And, the publisher at this point will be able to, very soon, offer you up a page -- and, it really doesn't even exist on our site, but because you requested information about a specific band, we are able to dynamically compose a page of relevant articles, photos, video … you know, links right in front of you.
And, I think where behavioral targeting goes after that is that now I know that you have this interest. And, you have used my site in a way that maybe you formerly would have used a search engine … to be, just to be entertained and get your information. And, that is going to provide publishers with much more insight into their behavior and purchase intent, rather than just, "Well, what did you tell me in your ZAG [ZIP Code, Age, Gender] registration form? And, have you gone to the travel section, you know, a couple of times in the last 30 days?" So, I think publishers, and the publishing model, are really shifting in an interesting way that will allow us to -- without invading anybody's privacy -- be able to really infer a lot more about our readers and be able to offer that kind of relevant advertising that everyone says that they are interested in. So, that is going to change, and I look forward to that, because it is better targeting, better targeting, better targeting!
Perry: Yeah, and really, that is the strength of our business. And, we are really starting to assert our muscle, right now, in that area. So, it is great.
Ross: Yeah, I mean, publishing is changing, and that is going to have a direct impact on our ability to understand readers and serve them better advertising.
Perry: Yeah. Great. Well, listen, I really enjoyed this conversation, and I appreciate you taking the time.
Ross: All right, take care.
Fixing the Cookie Mess
LIKE IT OR NOT, IF the growing controversy surrounding the misuse of cookies by our industry and their deletion by consumers is to be solved, it will be up to the publishers to do it. I had the great fortune to spend Monday in Toronto at the AdMonsters conference debating the issue on a panel with Walt Mossberg of The Wall Street Journal, Esther Dyson of Release 1.0, Kiumarse Zamanian of Yahoo!, and Bowen Dwelle of AdMonsters. In attendance, and very much part of the debate, were the heads of ad operations from almost all of the 50 largest ad-supported sites on the Web. It was quite a session. In spite of the fact that each of us has historically taken positions quite opposite from the others, everyone largely agreed almost immediately on a couple of key points. (Disclaimer: I can't speak for the panel and the audience, so this is my version of the discussion.)
The online ad industry is facing a large and growing problem with consumers not understanding or trusting cookies that are placed on their browsers, equating them with spyware. This problem is not going away. It is only going to get worse.
It doesn't matter if cookies are not executable software like spyware; consumers don't understand the differences and don't care. They are now in charge. As long as they continue to perceive that a problem exists, they will continue to use software tools and other means to delete cookies and anything else that identifies and tracks them without their consent.
Consumers will only be happy and well served if every company that tracks and uses consumer information is fully transparent about what data is being tracked, how it is being used, and if consumers are given the opportunity to consent to participate in the process.
Publishers are the ones that will have to lead the effort for transparency and consent, as well as police the process, since they are the ones with regular, recurring, and direct relationships with consumers and are the "gatekeepers" that advertisers and their agencies pay to contact and engage those consumers.
Trackable consumer data is becoming a very powerful driver in the digital marketing arena. If publishers do a good job of getting consent and providing value to consumers in exchange for data, they can probably build very large and profitable businesses doing it. Thus, it may not only be good public policy, it is probably good business.
All of these points are certainly still subject to debate by many, but for publishers, the debate must end now. It is easy to look at all of the logistical challenges of providing consumers with notice and an opportunity to consent when cookies are used -- I outlined many of them in my last column -- however, we can't forget that it is the publisher that provides the consumer access for advertisers and their service companies. If publishers don't take the lead, if publishers don't police the use of cookies that capture and exploit consumer data, who will?
How should publishers start? Here are my thoughts.
Notice and consent. Publishers must develop a policy to provide clear and transparent information about how they use cookies or similar technologies. Putting this information in their privacy policies is only the first step, not the last. Basically, publishers should establish themselves as the consumers' trusted partner for data-targeted advertising.
Information and control. Publishers must begin to understand and control how their sites are being used by others to cookie their consumers. They must recognize that their media has and continues to be the channel of choice for spyware companies and brokering companies that place cookies as part of campaigns to "harvest" those cookies. At the least, publishers should institute a policy that requires all advertisers and agencies to disclose to them: 1) a list of all cookies that will be placed on consumers' browsers as part of a campaign, together with the domains within which they will be set; 2) a description of what data will be captured and appended to cookies or a related database; and a description of what the captured data will be used for and for how long it will be kept.
Will there be challenges? Yes. Will ad buyers and service companies push back? Of course they will. Most ad agencies and advertisers don't even know all of cookies they and their service providers set. The cookies that agencies and their service providers set can change frequently between campaigns and during campaigns, so keeping track of all of these will be challenging, for sure. Collecting and monitoring cookie deliveries will make publishers' lawyers worry that they are taking on new liabilities, and may counsel against this. And, it could impact revenue. Since there are a number of large online advertisers that buy media for the primary purpose of capturing consumer data for reuse, it is likely that some of them will balk at disclosure, or refuse to advertise if disclosure is required.
What's the answer? Do it together. If publishers work together on this, they will have enough clout to get it done. Be loud. Be persistent. If you do it right, consumers and their advocates like Walt Mossberg, will be on your side. They will support you; they will reward you with their loyalty.
The online ad industry is facing a large and growing problem with consumers not understanding or trusting cookies that are placed on their browsers, equating them with spyware. This problem is not going away. It is only going to get worse.
It doesn't matter if cookies are not executable software like spyware; consumers don't understand the differences and don't care. They are now in charge. As long as they continue to perceive that a problem exists, they will continue to use software tools and other means to delete cookies and anything else that identifies and tracks them without their consent.
Consumers will only be happy and well served if every company that tracks and uses consumer information is fully transparent about what data is being tracked, how it is being used, and if consumers are given the opportunity to consent to participate in the process.
Publishers are the ones that will have to lead the effort for transparency and consent, as well as police the process, since they are the ones with regular, recurring, and direct relationships with consumers and are the "gatekeepers" that advertisers and their agencies pay to contact and engage those consumers.
Trackable consumer data is becoming a very powerful driver in the digital marketing arena. If publishers do a good job of getting consent and providing value to consumers in exchange for data, they can probably build very large and profitable businesses doing it. Thus, it may not only be good public policy, it is probably good business.
All of these points are certainly still subject to debate by many, but for publishers, the debate must end now. It is easy to look at all of the logistical challenges of providing consumers with notice and an opportunity to consent when cookies are used -- I outlined many of them in my last column -- however, we can't forget that it is the publisher that provides the consumer access for advertisers and their service companies. If publishers don't take the lead, if publishers don't police the use of cookies that capture and exploit consumer data, who will?
How should publishers start? Here are my thoughts.
Notice and consent. Publishers must develop a policy to provide clear and transparent information about how they use cookies or similar technologies. Putting this information in their privacy policies is only the first step, not the last. Basically, publishers should establish themselves as the consumers' trusted partner for data-targeted advertising.
Information and control. Publishers must begin to understand and control how their sites are being used by others to cookie their consumers. They must recognize that their media has and continues to be the channel of choice for spyware companies and brokering companies that place cookies as part of campaigns to "harvest" those cookies. At the least, publishers should institute a policy that requires all advertisers and agencies to disclose to them: 1) a list of all cookies that will be placed on consumers' browsers as part of a campaign, together with the domains within which they will be set; 2) a description of what data will be captured and appended to cookies or a related database; and a description of what the captured data will be used for and for how long it will be kept.
Will there be challenges? Yes. Will ad buyers and service companies push back? Of course they will. Most ad agencies and advertisers don't even know all of cookies they and their service providers set. The cookies that agencies and their service providers set can change frequently between campaigns and during campaigns, so keeping track of all of these will be challenging, for sure. Collecting and monitoring cookie deliveries will make publishers' lawyers worry that they are taking on new liabilities, and may counsel against this. And, it could impact revenue. Since there are a number of large online advertisers that buy media for the primary purpose of capturing consumer data for reuse, it is likely that some of them will balk at disclosure, or refuse to advertise if disclosure is required.
What's the answer? Do it together. If publishers work together on this, they will have enough clout to get it done. Be loud. Be persistent. If you do it right, consumers and their advocates like Walt Mossberg, will be on your side. They will support you; they will reward you with their loyalty.
Monday, August 22, 2005
Cookie Facts: Your Recipe for Success
WE IN THE INTERNET ADVERTISING business are fond of cookies. We need them. We want to keep them. We use them all the time. But we are, undoubtedly, an interested party. Cookie critics, meanwhile, claim that they are just plain bad, while the personal privacy and security software vendors give users the impression that they are the same in quality or intent as the spyware that infests a computer with pop-ups, or the dialer downloads that secretly call a number in Uzbekistan for $5 a minute. But are they really instruments of the devil? Should cookie servers really be tarred with the same brush as the criminals?
First, the basic facts: Cookies are not, and cannot become, executable programs, let alone self-executable ones. They are tiny text files, placed on a computer by a Web server and readable only by the server that placed them. Aside from basic anonymous information like browser type and IP address, cookies contain nothing that the user has not voluntarily supplied. They cannot be configured to do more - if they tried, the user's browser would reject them.
Cookies are, in fact, no more than the innocent lubricant without which the Web's machinery would come grinding to a halt. When you buy things online, a cookie is what makes your shopping basket function. When you return to the site to reorder the same things, a cookie is what tells the site which database record to access to call up details of your past orders. In fact, whenever you go online and experience any degree of personalized experience, a cookie is probably responsible. But, unless you have actively provided personal information to the site that placed the cookie on your computer, it can convey none.
The basic act of delivering a cookie to your computer and later accessing it never involves, and is intrinsically unable to involve, the gathering of any personally identifiable information about you. A tracking cookie can, indeed, be used to gather information about pages viewed on your computer (but only on sites with which that cookie is associated), and that information can be used to serve you ads or content that more closely match your interests - but the information gathered is completely anonymous and utterly untraceable to any individual.
The immediate beneficiaries of tracking cookies served by ad companies are, it's true, advertisers and publishers. But what does that mean? If advertisers are happy, publishers get paid. And if publishers get paid, they have the money to produce the high-quality content that attracts the visitors to their sites, who in turn attract the advertisers. Site visitors, then, are equal beneficiaries. But without the refinement in targeting made possible by the use of cookies, that advertising would be far less valuable and the quality of the content would inevitably suffer.
In fact, if cookies were crippled, you could expect that users trying to navigate the Web would be assaulted by a succession of permission-demanding dialogues, probably in the form of pop-ups, as they did so. Their progress would be slowed to a near halt and many sites would be rendered effectively unusable. The Web in its current form might well collapse, as users would be unable to reach the content and advertisers would be unable to reach the audiences that they each wanted.
At its most basic, it comes to this: Should Web sites remain mostly free and continue to get better? Or should cookies be crippled and the entire commercial sector of the Web be put at risk? My answer is that not only are cookies incredibly useful, but that accepting them on one's computer is the negligible payment one makes for a free service (i.e. the Web) of enormous richness and variety.
First, the basic facts: Cookies are not, and cannot become, executable programs, let alone self-executable ones. They are tiny text files, placed on a computer by a Web server and readable only by the server that placed them. Aside from basic anonymous information like browser type and IP address, cookies contain nothing that the user has not voluntarily supplied. They cannot be configured to do more - if they tried, the user's browser would reject them.
Cookies are, in fact, no more than the innocent lubricant without which the Web's machinery would come grinding to a halt. When you buy things online, a cookie is what makes your shopping basket function. When you return to the site to reorder the same things, a cookie is what tells the site which database record to access to call up details of your past orders. In fact, whenever you go online and experience any degree of personalized experience, a cookie is probably responsible. But, unless you have actively provided personal information to the site that placed the cookie on your computer, it can convey none.
The basic act of delivering a cookie to your computer and later accessing it never involves, and is intrinsically unable to involve, the gathering of any personally identifiable information about you. A tracking cookie can, indeed, be used to gather information about pages viewed on your computer (but only on sites with which that cookie is associated), and that information can be used to serve you ads or content that more closely match your interests - but the information gathered is completely anonymous and utterly untraceable to any individual.
The immediate beneficiaries of tracking cookies served by ad companies are, it's true, advertisers and publishers. But what does that mean? If advertisers are happy, publishers get paid. And if publishers get paid, they have the money to produce the high-quality content that attracts the visitors to their sites, who in turn attract the advertisers. Site visitors, then, are equal beneficiaries. But without the refinement in targeting made possible by the use of cookies, that advertising would be far less valuable and the quality of the content would inevitably suffer.
In fact, if cookies were crippled, you could expect that users trying to navigate the Web would be assaulted by a succession of permission-demanding dialogues, probably in the form of pop-ups, as they did so. Their progress would be slowed to a near halt and many sites would be rendered effectively unusable. The Web in its current form might well collapse, as users would be unable to reach the content and advertisers would be unable to reach the audiences that they each wanted.
At its most basic, it comes to this: Should Web sites remain mostly free and continue to get better? Or should cookies be crippled and the entire commercial sector of the Web be put at risk? My answer is that not only are cookies incredibly useful, but that accepting them on one's computer is the negligible payment one makes for a free service (i.e. the Web) of enormous richness and variety.
Monday, August 15, 2005
Wary Consumers Ward Off Tracking Cookies
The State of Online Measurement
By Seana Mulcahy
If you think the digital world represents a sliding landscape, it does. Part of the constant movement is measurement. Online tracking and analytics has been cooed at by most of us for over a decade now. We love to tell clients and prospects that we can track users from online advertising to search to e-mail and the like. We employ all sorts of third-party ad serving (3PAs), including filters, clicks, tracer tags et al. Our lunch hours, dinners, cocktail parties, boondoggles, seminars, and conferences are laden with talk of impressions, reach, frequency capping, click, and conversions.
If you are reading this you probably know I have been in this space since the first online ad was sold. What you may not know is that this is the same banter, rhetoric, and debate we've been having since 1994. Don't get me wrong. I'm not saying nothing has changed. Companies have built successful and profitable businesses within the space. Technology has advanced, but the market has splintered a bit. It seems like everyone is offering some sort of tracking and optimization service these days. Sites do it. Third-party ad servers have built businesses on it. Heck, even rich media companies offer it.
The world of tracking and measurement is so out of whack that marketers and advertisers don't want to pay for it. It's true. Look around. Sites offer pretty good metrics in regard to your campaigns. 3PAs have been beaten up so severely that they have been forced to succumb to offering dirt-cheap prices. Cost per thousand (CPM) pricing is at an all-time low for serving. Agencies threaten 3PAs by saying if they don't rate cut, they will get a lower price elsewhere, and they can. Rich media companies have some of the most robust tools offering metrics. Great you think? No, because of this stigma they have been giving it away. Now that "rich media" has become a de passé term (and all online ads should be "rich"), what do these companies do with all the tools and services they've built for reporting, tracking, and measurement?
Analytics are important, sometimes even critical - but are we splitting hairs? Do we track too much? Well this writer shouts YES from the top of her soapbox. I'm not saying chuck the whole concept. I'm urging advertisers and marketers to be smart about it. Tools and technology providers need to realize the value of what your company has and notice that you may have shot yourself in the foot by giving it away.
According to the 2004 DoubleClick Adserving Research Trend Report, there is still a debate in regard to how performance should be measured. Ad serving data confirms the idea that online advertising, just like advertising in all other media, has both direct and in-direct response potential. It is important to measure beyond the click. Publishers who sell on click performance are not getting the full value of the ad.
Geotargeting has been on the rise as have view-through and conversion tracking. Behavioral targeting is also on the rise.
So tell me what you think. Are we tracking too much? Are we looking at too many metrics? Perhaps we are looking at the wrong metrics? Post your opinions to the SPINboard. In the meantime, we'll be downloading boatloads of data into CSV formats trying to make strategic decisions about it.
By Seana Mulcahy
If you think the digital world represents a sliding landscape, it does. Part of the constant movement is measurement. Online tracking and analytics has been cooed at by most of us for over a decade now. We love to tell clients and prospects that we can track users from online advertising to search to e-mail and the like. We employ all sorts of third-party ad serving (3PAs), including filters, clicks, tracer tags et al. Our lunch hours, dinners, cocktail parties, boondoggles, seminars, and conferences are laden with talk of impressions, reach, frequency capping, click, and conversions.
If you are reading this you probably know I have been in this space since the first online ad was sold. What you may not know is that this is the same banter, rhetoric, and debate we've been having since 1994. Don't get me wrong. I'm not saying nothing has changed. Companies have built successful and profitable businesses within the space. Technology has advanced, but the market has splintered a bit. It seems like everyone is offering some sort of tracking and optimization service these days. Sites do it. Third-party ad servers have built businesses on it. Heck, even rich media companies offer it.
The world of tracking and measurement is so out of whack that marketers and advertisers don't want to pay for it. It's true. Look around. Sites offer pretty good metrics in regard to your campaigns. 3PAs have been beaten up so severely that they have been forced to succumb to offering dirt-cheap prices. Cost per thousand (CPM) pricing is at an all-time low for serving. Agencies threaten 3PAs by saying if they don't rate cut, they will get a lower price elsewhere, and they can. Rich media companies have some of the most robust tools offering metrics. Great you think? No, because of this stigma they have been giving it away. Now that "rich media" has become a de passé term (and all online ads should be "rich"), what do these companies do with all the tools and services they've built for reporting, tracking, and measurement?
Analytics are important, sometimes even critical - but are we splitting hairs? Do we track too much? Well this writer shouts YES from the top of her soapbox. I'm not saying chuck the whole concept. I'm urging advertisers and marketers to be smart about it. Tools and technology providers need to realize the value of what your company has and notice that you may have shot yourself in the foot by giving it away.
According to the 2004 DoubleClick Adserving Research Trend Report, there is still a debate in regard to how performance should be measured. Ad serving data confirms the idea that online advertising, just like advertising in all other media, has both direct and in-direct response potential. It is important to measure beyond the click. Publishers who sell on click performance are not getting the full value of the ad.
Geotargeting has been on the rise as have view-through and conversion tracking. Behavioral targeting is also on the rise.
So tell me what you think. Are we tracking too much? Are we looking at too many metrics? Perhaps we are looking at the wrong metrics? Post your opinions to the SPINboard. In the meantime, we'll be downloading boatloads of data into CSV formats trying to make strategic decisions about it.
Subscribe to:
Posts (Atom)