Web cookies getting tougher
Computer tracking programs become more advanced
By Matt Marshall
Knight Ridder Newspapers
These aren't your Grandma's cookies.
And they aren't your traditional electronic cookies that created a file on your computer's hard drive when you visited a Web site. This file, or cookie, would record data about you, perhaps your password and preferences. More than a third of users have learned to delete these cookies from their computers each month.
Now there's a different batch of cookies -- they're newer, they're tougher and they stay around a lot longer. They come with PIE, or Persistent Identification Element, a little-known technology that evades cookie deletion. PIE hides within a little-known corner of your computer. And PIE re-creates itself even after a user deletes a cookie by making a backup copy.
Introduced in early April, PIE is the latest escalation in the cookie wars, and it's already creating a controversy among Web site operators and other industry players. Many are outraged, saying such aggressive tactics will spur users to distrust all cookies, and take drastic measures that will worsen the Web experience.
The furor started in March, when Eric Peterson, an analyst at Jupiter Research, revealed a survey that showed as many as 39 percent of online users may be deleting "cookies" from their primary computer at least monthly. Users aren't just doing it manually.
They're downloading anti-spyware software, which also erases many cookies, bringing the cookie deletion rate as high as 58 percent of users in a year, according to Jupiter.
Web sites use cookies for different things. They can simply assign a user number, or they include lots of things, like shopping cart information, so that you don't have to type it all in again when you return.
Trouble is, the spike in cookie deletions -- and it's a growing trend -- is causing alarm among Web site operators, who depend on the personal information to track crucial business metrics: customer count, number of return-visitors, their habits and preferences, performance by ads and a customer's reaction to them.
The advertising industry is facing some of the biggest impact from cookie deletions. Advertisers depend on "third-party" cookies, or those put on your hard drive by a partner of the Web site you visit -- such as advertisers. Anti-spyware software programs are increasingly deleting these.
"We're trying to get a handle on this," said Kevin Lee, founder of Did-it.com, which helps companies advertise online. He concedes there's a growing deletion trend, but says his company is still studying its magnitude. Still, he argues it's bad for users, who may be duped into thinking cookies are bad, when in fact most of them are good. "If the sky is really falling with cookies, the question is: If not cookies, then what?"
He and others point out that cookies only collect data from use of the site where the cookie was deposited from. But if users volunteer their name, sites can create an individual profiles of the users. Their privacy policies then govern what they do with that information, including information picked up from watching you surf other sites.
Lee's woes may seem irrelevant to users, many of whom couldn't care less about advertisements, and don't want anyone else tracking their behavior either. Most people do trust a few sites, though, including their favorite news site, shopping portal or banking institution. So why not just delete all cookies except for these trusted sites? Well, it isn't that easy.
Enter PIE.
It sounds cute, but PIE is a technology reviled by many, offered by a New York company called United Virtualities. Founder Mookie Tenembaum says he has already signed up "more than 10" customers using it.
Delivered by cookie, PIE hides in the "local shared objects" feature of the Macromedia Flash Player, a technology loaded on more than 98 percent of computers. It protects other cookies by making backup copies even if they are deleted.
PIE can only be shut off if a user decides to reject all cookies at the outset, Tenembaum says. But such a blanket rejection policy, which can be implemented by tinkering with a browser's settings, is a draconian step for most users; it means shutting down cookies for their favorite sites, too.
Which is why many people, including San Francisco's Macromedia, are fuming at United Virtualities' claims. "If they're saying they want to track people that don't want to be tracked, that's outrageous," said David Mendels, Macromedia executive vice president.
Jupiter analyst Peterson said he doesn't want to criticize a specific company, but said: "It tries to pull the wool over the consumers' eyes all over again."
One potential result, Peterson and others say, could be that consumers become so suspicious of all cookies, including the "flash cookies" on Macromedia's player, most of which are benign, that they will demand anti-spyware software programs that erase everything, flash cookies included.
But the local shared objects in Macromedia's Flash are in some ways superior to cookies for storing large amounts of legitimate information -- for example, storing video data of a sweater a user may have looked at while shopping online, so they can pull it up quicker if they go back.
Granted, United Virtualities' technology, announced March 31, is still young, and there is considerable confusion about its capabilities.
For example, Macromedia's Mendels insists the Flash Player gives you the option of rejecting all local shared objects, which presumably would include PIEs, though Macromedia couldn't guarantee that. (This would be the safest option: Once a user chooses it, they then might get prompts from their trusted sites when they visit again, asking for permission to deposit a shared object for that site only.) Tenembaum, meanwhile, declines to comment on whether or not PIEs can withstand Macromedia's blanket rejection setting. A spokesman said such information is "proprietary."
Macromedia also gives users a way of blocking particular sites, but there is no way yet of reliably knowing whether a site uses PIE. Most sites seeking a user's trust presumably wouldn't.
But many of the sites that create cookies or local shared objects have names that are difficult to recognize and researching information about them can be tedious. Few users have the patience to read a Web site's privacy policies, let alone do research on sites hidden in places like the Flash Player.
Still, Macromedia and other players say they're moving quickly to combat the confusion. Macromedia has issued directions to users on how they can control their settings (www.macromedia.com/go/flashprivacy), and has embarked on talks with the major browser developers, Microsoft and Mozilla, to find a way to give users a single place to adjust all their settings.
Did-It's Lee has called upon his colleagues in the online ad industry to urge an informational campaign to help users understand the technology.
Web "analytics" companies, which help corporations analyze their Web traffic, are scrambling, too. Jason Palmer, vice president of marketing and product management for WebTrends, says his company has shifted to a technology that doesn't rely on cookies.
When a cookie is deleted, WebTrends follows a user's behavior for a single session at a site by tracking their browser. It then factors in other things, like the user's so-called Internet Protocol address, and browser version. Together, the data can help a Web site make intelligent estimates of how many unique users they get over a short period -- say, a couple of weeks.
WebTrends has also found a way to shift the third-party cookies it has on clients' sites into first-party cookies by allowing clients to operate the cookies themselves -- thus avoiding the ire of anti-spyware software.
Tenembaum says United Virtualities' technology is doing its part, too. Anti-spyware companies have a financial incentive to hype the danger of cookies, so that they can sell more software -- something he says PIE aims to combat. Without cookies, sites will no longer be able to limit the number of times a user gets shown a particular ad, he argues. "I always celebrate people who disagree, even cursingly, about our technology," he said.
Tenembaum says he screens customers, turning away anyone he thinks would use the technology for dubious or unethical purposes. He has already rejected two ad network companies and one online publisher, he says.
No comments:
Post a Comment