IT HAS BEEN A TOUGH couple of weeks for cookies. That's what happens when you run afoul of Walt Mossberg, the venerable personal technology columnist for The Wall Street Journal. Not only did he devote an entire column and part of another to issues that he has with some cookies, but he also took the time to respond to a high-profile blog post critical of his column.
Basically, Walt doesn't like the fact that some Web sites set "tracking cookies" on his browser as he surfs the Web. While he is fine with cookies that he can identify, like those that perform tasks such as remembering his password, he does not see value in what he terms "secret" cookies placed by advertising service companies or other companies he does not know. He feels violated by the use of these cookies, since he did not give permission to the companies to place these "tracking cookies."
While there is certainly a story in itself on the changes in the media landscape that now require one of the world's most important personal technology pundits to spend part of his Friday evenings reading and reacting to the blogosphere, suffice it to say that Walt's concerns about the use of cookies is a big thing to anyone in the online industry. Not only did Walt's column incite dozens of critical responses, but it also has sparked a number of stories on the subject in general consumer media publications as well. This story is going to get much bigger before it goes away.
I disagree with Walt's position, but not for the same reasons that many others have. While I may think that several of his concerns about cookies are based on imperfect perceptions, I believe that the blame for the misplaced concerns lies clearly with the industry, and not with consumers or critics like Walt.
Before I begin, I must disclose my biases. First, my company uses behavioral targeting and the cookies that Walt complains about to deliver online advertising solutions. Second, I am a huge fan of Walt, and since my 1997 purchase of a VIAO, have bought a number of machines and PDAs only because Walt recommended them.
My first issue with his analysis is his attempt to break cookies into two classes, "good" cookies and "tracking" cookies. Let's be perfectly clear: ALL cookies are "tracking" cookies. Whether the cookie is placed to remember a person's password, to localize their weather report, to permit a site to recognize them as they browse, by an advertiser ensuring the same user doesn't see the same ad more than three times--whatever it is, they all "track" the user.
Segregating a limited group such as "tracking" cookies and labeling them as bad is wrong. Cookies are not inherently bad because they track browsers. That is what they all do. If cookies did not exist, much of the Web experience that users have today would not work. It would be sort of like removing the unique ID from the chip in your cell phone. It might make you feel impervious to any potential for privacy violations, and I suppose you might be able to save money, since the phone company wouldn't know who to bill when you used the phone. Of course, it would probably make your phone useless, since the network wouldn't be able to recognize you or your number when either you tried to make a call or someone was trying to call you. I suspect that is why, unlike the way cookies are treated in browsers, you don't have the ability to delete the unique ID features in you phone. The unique ID is there for a purpose, and the purpose is not inherently bad.
Why is this important?
The cookies that concern Walt are not "secret," nor are they delivered without the user's permission. For all reputable sites, including WSJ.com, their use is fully disclosed in their privacy policies. In fact, many argue that they are an implicit part of the "Terms of Service." In other words, if you want free content, you must accept the fact that the site is going to try to place cookies. You can block them. You can delete them. But you can't say that you didn't expect them. In addition, users control cookies. All of the major browsers have features that can be set to notify users every time a cookie is set, or to block cookies according to pre-set rules.
The problem is that no one has taken the time to educate consumers about what their cookies do and what to expect from them. Of course, before the days of browser-based cookie controls and anti-spyware software, this didn't matter. Cookies just happened in the background, and consumers rarely saw them or played with them.
Now, however, the game has changed. Consumers are in control. They are all like Walt. If they don't know what these things are, they assume the worst. Now is the time for those that place cookies to step up and fill this void. Now is the time for the industry to step up. Walt is just the messenger. Don't shoot him. Listen to him. Inform him. Delight him with what cookies can do for his browsing experience.
Thursday, July 28, 2005
Thursday, July 21, 2005
The Web cookie is crumbiling - and marketers feel the fallout
Internet cookies used to be a treat for marketers looking for ways to measure advertising response, but lately they've become a lot less tasty.
Cookies are tiny text files exchanged between Web servers and browsers. They're stored as files on an Internet user's computer to anonymously identify the sites where people surf and shop. Lately, however, the effectiveness of cookies is being threatened, and experts say that could have a damaging effect on on-line marketing in general.
A recent study by international research advisory organization JupiterResearch has found that nearly 60 per cent of American Internet users have deleted cookies from their primary computers, with 39 per cent doing so on a monthly basis. According to the report, as more and more people block or delete cookies, it could cause the long-term measurement of consumer Web surfing behaviour to be "severely compromised."
"The effect that this will have on on-line marketers is fairly substantial," says Eric Peterson, a senior analyst with JupiterResearch and author of the report. "People doing affiliate marketing [revenue sharing between site publishers and advertisers], those with long lead times between marketing response and actual purchases, and any site that depends on cookies to identify users over multiple sessions is affected by this problem."
"The more people that delete cookies, and the more frequently that cookies are deleted, the more it will adversely affect campaign performance," echoes Jay Aber, president of ad network 24/7 Canada Inc., which sells advertising on more than 250 Canadian sites, including Lycos and YellowPages.ca. Mr. Aber notes that publishers and advertisers primarily use cookies to accurately measure a campaign's reach and effectiveness, limit the number of times a consumer sees a specific ad, and deliver "targeted" advertising to users based on their surfing habits and preferences.
Among the problems associated with deleting cookies, they say, is that repeat visitors can mistakenly be counted as new ones, skewing site and campaign statistics that marketers rely on to gauge audience reach and return on investment. Advertisers also stand to waste marketing dollars and irritate potential customers by repeatedly delivering the same ad to the same Internet user.
According to Mr. Peterson, the increase in cookie deletion can largely be attributed to consumers associating what he calls "harmless little text files" with spyware and the invasion of their privacy on-line.
"The attitude is there is something wrong with [cookies], when really they are benign," he says.
Jeff Fox, senior project editor with Consumer Reports Magazine, agrees. "Cookies aren't spybots hanging around people's computers," he says. "They are passive data files. Their only problem is that there's nothing to stop marketers in the future from associating anonymous information with personal information."
The proliferation of anti-spyware is exacerbating the problem for marketers. These programs routinely identify cookies as spyware, prompting users to delete them.
But while the usefulness of cookies may be crumbling, technology providers have already begun developing alternative tracking techniques. In March, United Virtualities (UV), a New York-based digital marketing company, became one of the first to release a substitute.
"It gives you accurate counting of users, impressions and clicks," company founder Mookie Tenembaum says of the Persistent Identification Element (PIE). The technology, which is already being used by UV clients, both restores original cookies and places Macromedia Flash MX files on users' computers that can't be as easily deleted.
"Cookies still work as usual, this is just insurance," Mr. Tenembaum says.
Ad networks such as 24/7 Canada are also working to find an alternative to cookies. Mr. Aber says the organization has upgraded its analytics tool in conjunction with its U.S. counterpart to include proprietary "Visitor Determination Methodology" that ensures more accurate tracking when cookies are deleted.
JupiterResearch analyst Mr. Peterson says that besides making things easier for marketers and research companies, there are spinoff benefits for Web surfers if they stop deleting cookie files. "Cookies are just designed to help marketers make better websites," he maintains.
The Internet marketing industry hopes Internet users will bite.
Cookies are tiny text files exchanged between Web servers and browsers. They're stored as files on an Internet user's computer to anonymously identify the sites where people surf and shop. Lately, however, the effectiveness of cookies is being threatened, and experts say that could have a damaging effect on on-line marketing in general.
A recent study by international research advisory organization JupiterResearch has found that nearly 60 per cent of American Internet users have deleted cookies from their primary computers, with 39 per cent doing so on a monthly basis. According to the report, as more and more people block or delete cookies, it could cause the long-term measurement of consumer Web surfing behaviour to be "severely compromised."
"The effect that this will have on on-line marketers is fairly substantial," says Eric Peterson, a senior analyst with JupiterResearch and author of the report. "People doing affiliate marketing [revenue sharing between site publishers and advertisers], those with long lead times between marketing response and actual purchases, and any site that depends on cookies to identify users over multiple sessions is affected by this problem."
"The more people that delete cookies, and the more frequently that cookies are deleted, the more it will adversely affect campaign performance," echoes Jay Aber, president of ad network 24/7 Canada Inc., which sells advertising on more than 250 Canadian sites, including Lycos and YellowPages.ca. Mr. Aber notes that publishers and advertisers primarily use cookies to accurately measure a campaign's reach and effectiveness, limit the number of times a consumer sees a specific ad, and deliver "targeted" advertising to users based on their surfing habits and preferences.
Among the problems associated with deleting cookies, they say, is that repeat visitors can mistakenly be counted as new ones, skewing site and campaign statistics that marketers rely on to gauge audience reach and return on investment. Advertisers also stand to waste marketing dollars and irritate potential customers by repeatedly delivering the same ad to the same Internet user.
According to Mr. Peterson, the increase in cookie deletion can largely be attributed to consumers associating what he calls "harmless little text files" with spyware and the invasion of their privacy on-line.
"The attitude is there is something wrong with [cookies], when really they are benign," he says.
Jeff Fox, senior project editor with Consumer Reports Magazine, agrees. "Cookies aren't spybots hanging around people's computers," he says. "They are passive data files. Their only problem is that there's nothing to stop marketers in the future from associating anonymous information with personal information."
The proliferation of anti-spyware is exacerbating the problem for marketers. These programs routinely identify cookies as spyware, prompting users to delete them.
But while the usefulness of cookies may be crumbling, technology providers have already begun developing alternative tracking techniques. In March, United Virtualities (UV), a New York-based digital marketing company, became one of the first to release a substitute.
"It gives you accurate counting of users, impressions and clicks," company founder Mookie Tenembaum says of the Persistent Identification Element (PIE). The technology, which is already being used by UV clients, both restores original cookies and places Macromedia Flash MX files on users' computers that can't be as easily deleted.
"Cookies still work as usual, this is just insurance," Mr. Tenembaum says.
Ad networks such as 24/7 Canada are also working to find an alternative to cookies. Mr. Aber says the organization has upgraded its analytics tool in conjunction with its U.S. counterpart to include proprietary "Visitor Determination Methodology" that ensures more accurate tracking when cookies are deleted.
JupiterResearch analyst Mr. Peterson says that besides making things easier for marketers and research companies, there are spinoff benefits for Web surfers if they stop deleting cookie files. "Cookies are just designed to help marketers make better websites," he maintains.
The Internet marketing industry hopes Internet users will bite.
Wednesday, July 20, 2005
Third-Party Cookies Going Stale for E-Tailers
Retailers would be wise to use first-party rather than third-party cookies if they want a more complete view of online visitor behavior, Coremetrics suggests, issuing findings from its LIVEmark Index, a benchmark performance-tracking service. ClickZ reports that the research found anonymous traffic accounts for 13.8 percent of traffic on retail websites using third-party cookies, whereas those that have adapted first-party cookies have an average of 0.6 percent anonymous traffic.
In May, Coremetrics competitor WebTrends released similar findings on third-party cookie deletion and plans to publish updated research.
"We are identifying the top three verticals most affected, one of which is retail," Corey Gault, public relations manager at WebTrends, told ClickZ News, adding that upcoming research would include statistics on sites using first- and third-party cookies simultaneously.
Coremetrics offers a solution for clients to migrate from third- to first-party cookies yet retain older profiles of customers.
In May, Coremetrics competitor WebTrends released similar findings on third-party cookie deletion and plans to publish updated research.
"We are identifying the top three verticals most affected, one of which is retail," Corey Gault, public relations manager at WebTrends, told ClickZ News, adding that upcoming research would include statistics on sites using first- and third-party cookies simultaneously.
Coremetrics offers a solution for clients to migrate from third- to first-party cookies yet retain older profiles of customers.
Monday, July 18, 2005
Tracking cookies crumble privacy
Suppose you bought a TV set that included a component to track what you watched, and then reported that data to a company that used or sold it for advertising purposes. Only nobody told you the tracking technology was there or asked your permission to use it.
You would likely be outraged at this violation of privacy. Yet that kind of Big Brother intrusion goes on every day on the Internet, affecting millions of people. Many Web sites, even from respectable companies, place a secret computer file called a "tracking cookie" on your hard disk. This file records where you go on the Web on behalf of Internet advertising companies that later use the information for their own business purposes. In almost all cases, the user isn't notified of the download of the tracking cookie, let alone asked for permission to install it.
Luckily, the leading Windows antispyware programs can detect and remove these tracking cookies. It is the best defense a user has against this tactic.
Now, though, some of the companies that place these files on your hard disk are complaining about that defense. Some are urging the antispyware software companies to stop detecting and removing tracking cookies. They assert that the secret placement of these tracking mechanisms is a legitimate business practice, and that tracking cookies aren't really spyware or aren't harmful.
Unfortunately for consumers, this twisted reasoning is having some impact. In the most notable case, Microsoft disabled the detection and removal of tracking cookies when it purchased an antispyware program from a small company called Giant and turned it into Microsoft Windows AntiSpyware. That is a big reason why I can't recommend the Microsoft product, which still is in the test phase but is available for anyone to download.
Microsoft says it still is evaluating how to treat tracking cookies in the program's final release. I believe it is important for consumers to know who is on their side right from the start and who may be being swayed by companies that do things to your computer without telling you.
The antispyware program I use and recommend, Spy Sweeper from Webroot Software, still detects and removes tracking cookies. So does another antispyware program derived from some of the same computer code as the Microsoft product - CounterSpy, by Sunbelt Software. I haven't tested the latter program, but it has received good reviews elsewhere. There are other antispyware programs as well that still treat tracking cookies as spyware.
To understand the tracking-cookie issue, you have to know something about cookies overall, and you have to know what spyware actually is.
Cookies are small text files that Web-site operators - and third-party companies that insert ads into Web sites - place on a user's computer. Many types of cookies are harmless or even helpful. For instance, a cookie might help a Web site remember your preferences for what news topics you chose to see. With your permission, it might store your login information, so you don't have to type it in each time you visit a particular site. Antispyware programs aren't designed to detect or remove these helpful cookies.
Tracking cookies shouldn't be confused with these other cookies. They have no user benefit except the vague promise that the ads you get as a result may be better tailored to your interests.
What is spyware? There are many definitions, but here is mine, in two sentences: Spyware - and a related category called adware - is computer code placed on a user's computer without his or her permission and without notification, or with notification so obscure it hardly merits the term. Once installed, spyware and adware alter the PC's behavior to suit the interests of outside parties rather than those of the owner or user.
Examples of spyware and adware include programs called "browser hijackers," which reset the home page or search engine your browser uses so it is diverted to the sites of the spyware and adware companies or their clients. Others record your activities and report them to outside parties. Still others push ads in your face, even when you aren't using the Web.
Some tracking-cookie purveyors say their cookies aren't really spyware because they aren't full-fledged programs and they aren't as outrageous as spyware programs such as "key loggers," which record and report every keystroke you enter.
Rather than trying to legitimize tracking cookies with pressure and marketing campaigns, I suggest that if they really believe tracking cookies are legitimate, the companies that use them simply go straight. They should ask a user's permission to install the cookies, pointing out whatever user benefits they believe the cookies provide. They might even offer users compensation for allowing tracking cookies on their machines.
Until that happens, here is my advice: If you don't like the idea of tracking cookies, run an antispyware program that detects and removes them, along with all the other indefensible computer code some companies think they have the right to install. After all, it is your computer.
Walter Mossberg writes about personal technology for The Wall Street Journal.
You would likely be outraged at this violation of privacy. Yet that kind of Big Brother intrusion goes on every day on the Internet, affecting millions of people. Many Web sites, even from respectable companies, place a secret computer file called a "tracking cookie" on your hard disk. This file records where you go on the Web on behalf of Internet advertising companies that later use the information for their own business purposes. In almost all cases, the user isn't notified of the download of the tracking cookie, let alone asked for permission to install it.
Luckily, the leading Windows antispyware programs can detect and remove these tracking cookies. It is the best defense a user has against this tactic.
Now, though, some of the companies that place these files on your hard disk are complaining about that defense. Some are urging the antispyware software companies to stop detecting and removing tracking cookies. They assert that the secret placement of these tracking mechanisms is a legitimate business practice, and that tracking cookies aren't really spyware or aren't harmful.
Unfortunately for consumers, this twisted reasoning is having some impact. In the most notable case, Microsoft disabled the detection and removal of tracking cookies when it purchased an antispyware program from a small company called Giant and turned it into Microsoft Windows AntiSpyware. That is a big reason why I can't recommend the Microsoft product, which still is in the test phase but is available for anyone to download.
Microsoft says it still is evaluating how to treat tracking cookies in the program's final release. I believe it is important for consumers to know who is on their side right from the start and who may be being swayed by companies that do things to your computer without telling you.
The antispyware program I use and recommend, Spy Sweeper from Webroot Software, still detects and removes tracking cookies. So does another antispyware program derived from some of the same computer code as the Microsoft product - CounterSpy, by Sunbelt Software. I haven't tested the latter program, but it has received good reviews elsewhere. There are other antispyware programs as well that still treat tracking cookies as spyware.
To understand the tracking-cookie issue, you have to know something about cookies overall, and you have to know what spyware actually is.
Cookies are small text files that Web-site operators - and third-party companies that insert ads into Web sites - place on a user's computer. Many types of cookies are harmless or even helpful. For instance, a cookie might help a Web site remember your preferences for what news topics you chose to see. With your permission, it might store your login information, so you don't have to type it in each time you visit a particular site. Antispyware programs aren't designed to detect or remove these helpful cookies.
Tracking cookies shouldn't be confused with these other cookies. They have no user benefit except the vague promise that the ads you get as a result may be better tailored to your interests.
What is spyware? There are many definitions, but here is mine, in two sentences: Spyware - and a related category called adware - is computer code placed on a user's computer without his or her permission and without notification, or with notification so obscure it hardly merits the term. Once installed, spyware and adware alter the PC's behavior to suit the interests of outside parties rather than those of the owner or user.
Examples of spyware and adware include programs called "browser hijackers," which reset the home page or search engine your browser uses so it is diverted to the sites of the spyware and adware companies or their clients. Others record your activities and report them to outside parties. Still others push ads in your face, even when you aren't using the Web.
Some tracking-cookie purveyors say their cookies aren't really spyware because they aren't full-fledged programs and they aren't as outrageous as spyware programs such as "key loggers," which record and report every keystroke you enter.
Rather than trying to legitimize tracking cookies with pressure and marketing campaigns, I suggest that if they really believe tracking cookies are legitimate, the companies that use them simply go straight. They should ask a user's permission to install the cookies, pointing out whatever user benefits they believe the cookies provide. They might even offer users compensation for allowing tracking cookies on their machines.
Until that happens, here is my advice: If you don't like the idea of tracking cookies, run an antispyware program that detects and removes them, along with all the other indefensible computer code some companies think they have the right to install. After all, it is your computer.
Walter Mossberg writes about personal technology for The Wall Street Journal.
No comments:
Keywords:
advertising,
behavioral targeting,
cookies,
delete cookies,
google,
privacy,
yahoo
Keywords:
advertising,
behavioral targeting,
cookies,
delete cookies,
google,
privacy,
yahoo
What does Google know about you?
NEW YORK -- Google is at once a powerful search engine and a growing e-mail provider. It runs a blogging service, makes software to speed Web traffic and has ambitions to become a digital library. And it is developing a payments service.
Although many Internet users eagerly await each new technology from Google Inc., its rapid expansion is also prompting concerns that the company may know too much: what you read, where you surf and travel, whom you write.
"This is a lot of personal information in a single basket," said Chris Hoofnagle, senior counsel with the Electronic Privacy Information Center. "Google is becoming one of the largest privacy risks on the Internet."
Not that Hoofnagle is suggesting that Google has strayed from its mantra of making money "without doing evil."
Rather, some privacy advocates worry about the potential: The data's very existence -- conveniently all under a single digital roof -- makes Google a prime target for abuse by overzealous law enforcers and criminals alike.
Through hacking or with the assistance of rogue employees, they say, criminals could steal data for blackmail or identity theft. Recent high-profile privacy breaches elsewhere underscore the vulnerability of even those systems where thoughtful security measures are taken.
Law enforcement, meanwhile, could obtain information that later becomes public, in court filings or otherwise, about people who are not even targets of a particular investigation.
Although Google's privacy protection is generally comparable to -- even better than -- those at Microsoft Corp., Amazon.com Inc., Yahoo Inc. and a host of other Internet giants, "I don't think any of the others have the scope of personal information that Google does," Hoofnagle said.
Plus, Google's practices may influence rivals, given its dominance in search and the fierce competition.
"Google is perhaps the most noteworthy right now by the simple fact that they are the 800-pound gorilla," said Lauren Weinstein, a veteran computer scientist and privacy advocate. "What they do tends to set a pattern and precedent."
The concerns reflect Google's growing heft. As startups get bigger and more powerful, scrutiny often follows.
Google says it takes privacy seriously.
"In general, as a company, we look at privacy from design all the way (through) launch," said Nicole Wong, an associate general counsel at Google.
That means that product managers, engineers and executives -- not just lawyers -- consider the privacy implications as new technologies are developed and new services offered, Wong said.
She also said that Google regularly seeks feedback from civil liberties groups such as the Center for Democracy and Technology and the Electronic Frontier Foundation, both of which credit Google for listening even if it doesn't always agree.
Google's privacy statements specify that only some of its employees have access to personal data -- on a need-to-know basis -- and such access is logged to deter abuse.
Google Chief Executive Eric Schmidt says a trade-off exists between privacy and functionality, and the company believes in making fully optional -- and seeking permission beforehand -- any services that require personally identifiable information.
"There are always options to not use that set of technology and remain anonymous," Schmidt told reporters in May.
But what is meant by personally identifiable information is subject to debate.
Google automatically keeps records of what search terms people use and when, attaching the information to a user's numeric Internet address and a unique ID number stored in a Web browser "cookie" file that Google uploads to computers unless users reconfigure their browsers to reject them.
Like most Internet companies, Google says it doesn't consider the data personally identifiable. But Internet addresses can often be traced to a specific user.
Here's just some of the ways Google can collect data on its users:
One of Gmail's selling points is its ability to retain e-mail messages "forever."
Google's program for scanning library books sometimes requires user names to protect copyrights.
The company is testing software for making Web pages load more quickly; the application routes all Web requests through its servers.
Google also provides driving directions, photo sharing and instant messaging, and it is developing a payments service that critics say could add billing information to user profiles.
Because storage is cheap, data from these services can be retained practically forever, and Google won't specify how long it keeps such information.
Without elaborating, Google says it "may share" data across such services as e-mail and search. It also provides information to outside parties serving as Google's agents -- although they must first agree to uphold Google's privacy policies.
Much of the concern, though, stems from a fear of the unknown.
"Everybody gets worried about what (Google) could do, but what they have done to date has not seemed to violate any privacy that anyone has documented," said Danny Sullivan, editor of the online newsletter Search Engine Watch.
Eric Goldman, a cyberlaw professor at Marquette University in Milwaukee, believes that the focus ought to be on the underlying problem: access by hackers and law enforcement.
"We still need to have good technology to inhibit the hackers. We still need laws that make hacking criminal. We still need restraints on government surveillance," Goldman said. "Google's database doesn't change any of that."
Anne Rubin, 20, a New York University junior who uses Google's search, Gmail and Blogger services, says quality overrides any privacy concerns, and she doesn't mind that profiles are built on her in order to make the ads she sees more relevant.
"I see it as a trade-off. They give services for free," she said. "I have a vague assumption that things I do (online) aren't entirely private. It doesn't faze me."
Larry Ponemon, a privacy adviser, says research by his Ponemon Institute found that Google consistently getting high marks for trust.
By contrast, Microsoft, whose software sometimes crashes and regularly gets violated by hackers, didn't fare as well despite what Ponemon and others acknowledge are improvements in its approach to privacy.
"People confuse customer service with obligations to maintain privacy," Ponemon said. "Google has a product that seems to work. It gets almost like a free ride on privacy."
That's changing.
Google, a perennially secretive company, may share some of the blame. It goes out of its way to strip its privacy statements of legalese so that they are easier to read. But the statements remain vague on how long the company keeps data.
In an interview, Wong, the Goggle lawyer, said the company had no set time limits on data retention; such determinations are left to individual product teams. She said the information helps Google know how well it is doing -- for instance, are users getting the results they want in the first five, 10 or 100 hits?
"We keep data that's collected from our services for as long as we think it's useful," she said.
Google says it releases data when required by law, but its privacy statements offer few details. Wong said Google doesn't surrender data without a subpoena, court order or warrant. But she would not offer any details on how many requests it gets, or how often, and federal law bars Google from disclosing requests related to national security.
For civil lawsuits, Wong said, Google warns users before it complies so that they can file objections with a court -- a fact that the company doesn't publicize.
Mark Rasch, who was a Justice Department prosecutor in the 1980s and has since advised companies on getting data from Internet companies, says electronic records will only become more relevant for investigators searching for evidence of intent and knowledge.
"As Google becomes more involved in parts of your lives, including chats and blog, then it's going to get lots more subpoenas," he said.
"It's a lot more than just a search tool."
THE WORLD ACCORDING TO GOOGLE
Personalized search. Google is testing an optional service in which results are based partly on your past searches. The service is tied to the same user name employed to access e-mail through Gmail, post on Google Groups discussion boards and maintain shopping lists at Froogle. Users may inspect and remove specific entries from the list of past searches. However, separate logs are kept for auditing, regardless of any removal.
Gmail. Google's generosity in free storage means users never have to delete anything. Company computers scan a user's messages to build profiles for targeting ads. But there is that deep data store. Gmail users can delete messages, but Google says that for technical reasons the actual e-mails may not be eradicated immediately.
Web accelerator. Google is testing software for making Web sites load more quickly, accessing copies of pages previously accessed by other users rather than fetching new ones every time. To work, all Web requests must go through -- and get logged by -- Google's servers, much like an Internet service provider.
Print. As Google scans millions of library books into its search engine index, it is sometimes requiring user names to limit access and protect copyrights. But Martin Garnar, chairman of an American Library Association's subcommittee on privacy, warns that "Google as a business doesn't have to abide by the same patron confidentiality rules that libraries do." To protect people's rights to read unpopular opinion anonymously, Garnar said, most library computers automatically delete personal information when a book is returned.
Groups. Users wishing to respond to Usenet discussion posts, either by adding a message to a group or contacting an item's author directly, now must create accounts and route messages through Google because e-mail addresses have been hidden as a spam-prevention measure.
Payment service. Google has yet to share details, but critics say it could add billing information to user profiles.
Although many Internet users eagerly await each new technology from Google Inc., its rapid expansion is also prompting concerns that the company may know too much: what you read, where you surf and travel, whom you write.
"This is a lot of personal information in a single basket," said Chris Hoofnagle, senior counsel with the Electronic Privacy Information Center. "Google is becoming one of the largest privacy risks on the Internet."
Not that Hoofnagle is suggesting that Google has strayed from its mantra of making money "without doing evil."
Rather, some privacy advocates worry about the potential: The data's very existence -- conveniently all under a single digital roof -- makes Google a prime target for abuse by overzealous law enforcers and criminals alike.
Through hacking or with the assistance of rogue employees, they say, criminals could steal data for blackmail or identity theft. Recent high-profile privacy breaches elsewhere underscore the vulnerability of even those systems where thoughtful security measures are taken.
Law enforcement, meanwhile, could obtain information that later becomes public, in court filings or otherwise, about people who are not even targets of a particular investigation.
Although Google's privacy protection is generally comparable to -- even better than -- those at Microsoft Corp., Amazon.com Inc., Yahoo Inc. and a host of other Internet giants, "I don't think any of the others have the scope of personal information that Google does," Hoofnagle said.
Plus, Google's practices may influence rivals, given its dominance in search and the fierce competition.
"Google is perhaps the most noteworthy right now by the simple fact that they are the 800-pound gorilla," said Lauren Weinstein, a veteran computer scientist and privacy advocate. "What they do tends to set a pattern and precedent."
The concerns reflect Google's growing heft. As startups get bigger and more powerful, scrutiny often follows.
Google says it takes privacy seriously.
"In general, as a company, we look at privacy from design all the way (through) launch," said Nicole Wong, an associate general counsel at Google.
That means that product managers, engineers and executives -- not just lawyers -- consider the privacy implications as new technologies are developed and new services offered, Wong said.
She also said that Google regularly seeks feedback from civil liberties groups such as the Center for Democracy and Technology and the Electronic Frontier Foundation, both of which credit Google for listening even if it doesn't always agree.
Google's privacy statements specify that only some of its employees have access to personal data -- on a need-to-know basis -- and such access is logged to deter abuse.
Google Chief Executive Eric Schmidt says a trade-off exists between privacy and functionality, and the company believes in making fully optional -- and seeking permission beforehand -- any services that require personally identifiable information.
"There are always options to not use that set of technology and remain anonymous," Schmidt told reporters in May.
But what is meant by personally identifiable information is subject to debate.
Google automatically keeps records of what search terms people use and when, attaching the information to a user's numeric Internet address and a unique ID number stored in a Web browser "cookie" file that Google uploads to computers unless users reconfigure their browsers to reject them.
Like most Internet companies, Google says it doesn't consider the data personally identifiable. But Internet addresses can often be traced to a specific user.
Here's just some of the ways Google can collect data on its users:
One of Gmail's selling points is its ability to retain e-mail messages "forever."
Google's program for scanning library books sometimes requires user names to protect copyrights.
The company is testing software for making Web pages load more quickly; the application routes all Web requests through its servers.
Google also provides driving directions, photo sharing and instant messaging, and it is developing a payments service that critics say could add billing information to user profiles.
Because storage is cheap, data from these services can be retained practically forever, and Google won't specify how long it keeps such information.
Without elaborating, Google says it "may share" data across such services as e-mail and search. It also provides information to outside parties serving as Google's agents -- although they must first agree to uphold Google's privacy policies.
Much of the concern, though, stems from a fear of the unknown.
"Everybody gets worried about what (Google) could do, but what they have done to date has not seemed to violate any privacy that anyone has documented," said Danny Sullivan, editor of the online newsletter Search Engine Watch.
Eric Goldman, a cyberlaw professor at Marquette University in Milwaukee, believes that the focus ought to be on the underlying problem: access by hackers and law enforcement.
"We still need to have good technology to inhibit the hackers. We still need laws that make hacking criminal. We still need restraints on government surveillance," Goldman said. "Google's database doesn't change any of that."
Anne Rubin, 20, a New York University junior who uses Google's search, Gmail and Blogger services, says quality overrides any privacy concerns, and she doesn't mind that profiles are built on her in order to make the ads she sees more relevant.
"I see it as a trade-off. They give services for free," she said. "I have a vague assumption that things I do (online) aren't entirely private. It doesn't faze me."
Larry Ponemon, a privacy adviser, says research by his Ponemon Institute found that Google consistently getting high marks for trust.
By contrast, Microsoft, whose software sometimes crashes and regularly gets violated by hackers, didn't fare as well despite what Ponemon and others acknowledge are improvements in its approach to privacy.
"People confuse customer service with obligations to maintain privacy," Ponemon said. "Google has a product that seems to work. It gets almost like a free ride on privacy."
That's changing.
Google, a perennially secretive company, may share some of the blame. It goes out of its way to strip its privacy statements of legalese so that they are easier to read. But the statements remain vague on how long the company keeps data.
In an interview, Wong, the Goggle lawyer, said the company had no set time limits on data retention; such determinations are left to individual product teams. She said the information helps Google know how well it is doing -- for instance, are users getting the results they want in the first five, 10 or 100 hits?
"We keep data that's collected from our services for as long as we think it's useful," she said.
Google says it releases data when required by law, but its privacy statements offer few details. Wong said Google doesn't surrender data without a subpoena, court order or warrant. But she would not offer any details on how many requests it gets, or how often, and federal law bars Google from disclosing requests related to national security.
For civil lawsuits, Wong said, Google warns users before it complies so that they can file objections with a court -- a fact that the company doesn't publicize.
Mark Rasch, who was a Justice Department prosecutor in the 1980s and has since advised companies on getting data from Internet companies, says electronic records will only become more relevant for investigators searching for evidence of intent and knowledge.
"As Google becomes more involved in parts of your lives, including chats and blog, then it's going to get lots more subpoenas," he said.
"It's a lot more than just a search tool."
THE WORLD ACCORDING TO GOOGLE
Personalized search. Google is testing an optional service in which results are based partly on your past searches. The service is tied to the same user name employed to access e-mail through Gmail, post on Google Groups discussion boards and maintain shopping lists at Froogle. Users may inspect and remove specific entries from the list of past searches. However, separate logs are kept for auditing, regardless of any removal.
Gmail. Google's generosity in free storage means users never have to delete anything. Company computers scan a user's messages to build profiles for targeting ads. But there is that deep data store. Gmail users can delete messages, but Google says that for technical reasons the actual e-mails may not be eradicated immediately.
Web accelerator. Google is testing software for making Web sites load more quickly, accessing copies of pages previously accessed by other users rather than fetching new ones every time. To work, all Web requests must go through -- and get logged by -- Google's servers, much like an Internet service provider.
Print. As Google scans millions of library books into its search engine index, it is sometimes requiring user names to limit access and protect copyrights. But Martin Garnar, chairman of an American Library Association's subcommittee on privacy, warns that "Google as a business doesn't have to abide by the same patron confidentiality rules that libraries do." To protect people's rights to read unpopular opinion anonymously, Garnar said, most library computers automatically delete personal information when a book is returned.
Groups. Users wishing to respond to Usenet discussion posts, either by adding a message to a group or contacting an item's author directly, now must create accounts and route messages through Google because e-mail addresses have been hidden as a spam-prevention measure.
Payment service. Google has yet to share details, but critics say it could add billing information to user profiles.
Cookies Are Spyware, According to The Wall Street Journal
Cookies Are Spyware, According to The Wall Street Journal
By Mark Naples
So, be sure to disable your cookies, all you WSJ subscribers. That's clearly what the Journal would have us do. Seriously? Well, maybe. Walter Mossberg's essay - which ran on Thursday - contains so many inaccuracies that it reminds me of a ruse from a different industry a couple of decades ago. But, perhaps he has an agenda.
Remember the Bottle Bill? The Bottle Bill was created by urban environmentalists and nurtured by the plastics industry because it necessitated returning beverage containers to retailers. In states that passed Bottle Bills, everyone knew that glass and aluminum containers were going to be replaced by unbreakable, larger, easier to handle plastic ones and that more comprehensive recycling programs would suffer. The nine states that have bottle bills today don't have more comprehensive statewide programs since the whole packaging mix was subverted by the 2-liter plastic container.
Enough detail on that. Here's the connection: Almost every major paper in the United States supported Bottle Bills. Most major publishers lobbied hard for them state by state. Of course, this is because newspapers comprise maybe 30 percent of the waste stream while beverage containers comprise maybe 3 percent. Newspapers just wanted to take the spotlight off their own bad litter and waste story. In nine states, they succeeded. Do you know how much post-consumer content is in that copy of the WSJ you read this morning? Not a lot, especially when compared to those beverage containers.
Well, if you read the WSJ online, recycled content is obviously not a concern. But, subscriber dilution is a concern to its publishers. Newspapers as a whole are terribly worried about online, even those newspapers like The Wall Street Journal that have done great things to make money and protect their brand digitally. Talk to enough newspaper publishers about the relationship between their print and online assets and the word you will hear is "cannibalize," because they feel that online readership's erosion of their traditional subscriptions is cannibalizing their share of the advertising market.
That's the first thing I thought of when I read Mossberg's piece. Obviously, The Wall Street Journal depends on the cookies it places on its subscribers' hard drives, just as every reputable media company does. Unfortunately, spyware companies can use cookies and IP targeting to locate and target users' hard drives too; so can companies that track users across multiple sites. While tracking users across sites (with full disclosure and without sharing their PII) is okay with me, these same users deserve to know that they're being tracked across media, just as they do in the non-digital world. The fact that they're afraid of it, is our fault as an industry, not theirs as consumers.
The point here is that what companies do with cookies is what we should be talking about, not the cookies themselves. Mossberg seems woefully misinformed - but it's not his fault. His is not the first anti-cookie piece I've seen in a major newspaper, although it's the worst-informed, and it appeared in the most influential outlet. What may be happening here is that newspapers are perhaps posturing toward a role that is somewhat similar to their role in the Bottle Bill debacle 20-some years ago.
Tired of bleeding money online, newspapers are buying marketing companies and many publishers are doing deals with Google, of all companies, to generate more page views and text links. Do you think that newspapers wouldn't rather be the ones managing their own optimization instead of farming it out to the new monolith, and subordinating their brands both nationally and locally?
Well, of course they would - only they haven't figured out how to do so yet. Mossberg wants cookies to be banned because if cookies are gone, all meaningful online measurement is thrown in the air and newspapers are at less of a disadvantage. Or, maybe he thinks - like many others in the print world - that fomenting fears of online media might bring newspapers readers back to traditional newspapers.
Understand that I'm ascribing to this subversive notion because I'm giving him credit for knowing his business. If this agenda were not his intention, then he's just plain wrong and the Journal's publishers should be embarrassed for editorially shooting themselves (and their advertisers) in the foot. Honestly, if this is not his agenda, then it's akin to a major sports league skipping a full season, essentially telling its consumers and sponsors to stick it. I mean, who would be so...so...dense?
What the Debate Should Properly Be About The Network Advertising Initiative (NAI) will be hosting a major industry retreat near its headquarters in York Harbor, Maine next week. From their invitation: "Since the debate over spyware has created such an urgent need for those of us in the online industry to identify and support best practices for adware and online advertising..." the best and brightest among our privacy officers and some c-level executives will gather for a two-day workshop to hammer out definitions of what is and is not spyware and adware.
As with any properly drafted restrictive regulation, please note that the NAI workshop will focus on best practices. Cookies aren't the villain here any more than the ads that support our salaries (including yours, Mossberg) or the text links in the galleys of our pages. However, what companies do with cookies, with what's lurking behind those text links can be villainous.
Remember, what users give up to cookies online - in terms of information on them or their behavior - is a small fraction of what they give up to credit card companies they do business with or when they subscribe to The Wall Street Journal newspaper.
What matters here is not the technology, but the behavior. It's no more or less true in online media than it is in traditional media. Next time the Journal's parent, Dow Jones, sells a subscriber db-segment to one of its direct mail partners, that behavior must be above-board. It will be enabled by technology not unlike cookies. Traditional media companies sell these records every day. What matters is how they sell them and to whom - the behavior, not the technology.
Let's face the fact that, as an industry, we've failed to make it clear to consumers that cookies are not the problem. Now - it seems - we can add newspapers themselves to our list of opponents, joining marketers of spyware removal products, who started this mess in the first place by identifying all cookies as spyware. I hope I'm wrong. But, as much as I trust the beleaguered cookies on my hard drive, these days I always suspect an agenda from anyone turning cookies into the villain.
The best chance this industry has for combating the sort of uniformed fears that Mossberg's piece will nurture gathers in York Harbor, Maine next week. If you're not familiar with what the NAI is up to, ask the top companies in our industry who participate. More importantly, ask the Congressional committees writing the laws we're all going to be following soon. When it comes to these matters, they look to the NAI too.
Mark Naples is Managing Partner, WIT Strategy.
By Mark Naples
So, be sure to disable your cookies, all you WSJ subscribers. That's clearly what the Journal would have us do. Seriously? Well, maybe. Walter Mossberg's essay - which ran on Thursday - contains so many inaccuracies that it reminds me of a ruse from a different industry a couple of decades ago. But, perhaps he has an agenda.
Remember the Bottle Bill? The Bottle Bill was created by urban environmentalists and nurtured by the plastics industry because it necessitated returning beverage containers to retailers. In states that passed Bottle Bills, everyone knew that glass and aluminum containers were going to be replaced by unbreakable, larger, easier to handle plastic ones and that more comprehensive recycling programs would suffer. The nine states that have bottle bills today don't have more comprehensive statewide programs since the whole packaging mix was subverted by the 2-liter plastic container.
Enough detail on that. Here's the connection: Almost every major paper in the United States supported Bottle Bills. Most major publishers lobbied hard for them state by state. Of course, this is because newspapers comprise maybe 30 percent of the waste stream while beverage containers comprise maybe 3 percent. Newspapers just wanted to take the spotlight off their own bad litter and waste story. In nine states, they succeeded. Do you know how much post-consumer content is in that copy of the WSJ you read this morning? Not a lot, especially when compared to those beverage containers.
Well, if you read the WSJ online, recycled content is obviously not a concern. But, subscriber dilution is a concern to its publishers. Newspapers as a whole are terribly worried about online, even those newspapers like The Wall Street Journal that have done great things to make money and protect their brand digitally. Talk to enough newspaper publishers about the relationship between their print and online assets and the word you will hear is "cannibalize," because they feel that online readership's erosion of their traditional subscriptions is cannibalizing their share of the advertising market.
That's the first thing I thought of when I read Mossberg's piece. Obviously, The Wall Street Journal depends on the cookies it places on its subscribers' hard drives, just as every reputable media company does. Unfortunately, spyware companies can use cookies and IP targeting to locate and target users' hard drives too; so can companies that track users across multiple sites. While tracking users across sites (with full disclosure and without sharing their PII) is okay with me, these same users deserve to know that they're being tracked across media, just as they do in the non-digital world. The fact that they're afraid of it, is our fault as an industry, not theirs as consumers.
The point here is that what companies do with cookies is what we should be talking about, not the cookies themselves. Mossberg seems woefully misinformed - but it's not his fault. His is not the first anti-cookie piece I've seen in a major newspaper, although it's the worst-informed, and it appeared in the most influential outlet. What may be happening here is that newspapers are perhaps posturing toward a role that is somewhat similar to their role in the Bottle Bill debacle 20-some years ago.
Tired of bleeding money online, newspapers are buying marketing companies and many publishers are doing deals with Google, of all companies, to generate more page views and text links. Do you think that newspapers wouldn't rather be the ones managing their own optimization instead of farming it out to the new monolith, and subordinating their brands both nationally and locally?
Well, of course they would - only they haven't figured out how to do so yet. Mossberg wants cookies to be banned because if cookies are gone, all meaningful online measurement is thrown in the air and newspapers are at less of a disadvantage. Or, maybe he thinks - like many others in the print world - that fomenting fears of online media might bring newspapers readers back to traditional newspapers.
Understand that I'm ascribing to this subversive notion because I'm giving him credit for knowing his business. If this agenda were not his intention, then he's just plain wrong and the Journal's publishers should be embarrassed for editorially shooting themselves (and their advertisers) in the foot. Honestly, if this is not his agenda, then it's akin to a major sports league skipping a full season, essentially telling its consumers and sponsors to stick it. I mean, who would be so...so...dense?
What the Debate Should Properly Be About The Network Advertising Initiative (NAI) will be hosting a major industry retreat near its headquarters in York Harbor, Maine next week. From their invitation: "Since the debate over spyware has created such an urgent need for those of us in the online industry to identify and support best practices for adware and online advertising..." the best and brightest among our privacy officers and some c-level executives will gather for a two-day workshop to hammer out definitions of what is and is not spyware and adware.
As with any properly drafted restrictive regulation, please note that the NAI workshop will focus on best practices. Cookies aren't the villain here any more than the ads that support our salaries (including yours, Mossberg) or the text links in the galleys of our pages. However, what companies do with cookies, with what's lurking behind those text links can be villainous.
Remember, what users give up to cookies online - in terms of information on them or their behavior - is a small fraction of what they give up to credit card companies they do business with or when they subscribe to The Wall Street Journal newspaper.
What matters here is not the technology, but the behavior. It's no more or less true in online media than it is in traditional media. Next time the Journal's parent, Dow Jones, sells a subscriber db-segment to one of its direct mail partners, that behavior must be above-board. It will be enabled by technology not unlike cookies. Traditional media companies sell these records every day. What matters is how they sell them and to whom - the behavior, not the technology.
Let's face the fact that, as an industry, we've failed to make it clear to consumers that cookies are not the problem. Now - it seems - we can add newspapers themselves to our list of opponents, joining marketers of spyware removal products, who started this mess in the first place by identifying all cookies as spyware. I hope I'm wrong. But, as much as I trust the beleaguered cookies on my hard drive, these days I always suspect an agenda from anyone turning cookies into the villain.
The best chance this industry has for combating the sort of uniformed fears that Mossberg's piece will nurture gathers in York Harbor, Maine next week. If you're not familiar with what the NAI is up to, ask the top companies in our industry who participate. More importantly, ask the Congressional committees writing the laws we're all going to be following soon. When it comes to these matters, they look to the NAI too.
Mark Naples is Managing Partner, WIT Strategy.
Spyware Worries Web Users
NEW YORK The threat of spyware has caused consumers to be warier of music-downloading programs, e-mail attachments and some Web sites, according to a report.
The Pew Internet and American Life Project reported that spyware concerns have caused a shift in Internet user behavior for 91 percent of Web visitors. Over 80 percent told Pew they have stopped opening e-mail attachments; 48 percent do not visit Web sites they think might install spyware; and 25 percent have ceased using peer-to-peer networks.
Pew surveyed 2,001 adults for the study.
Pew found many were unclear of how it differed from adware, software that serves pop-up ads based on user Web behavior. Just over half of all those surveyed said they understood what adware is. Of those reporting they had adware installed on their computers, 90 percent said software makers should provide better disclosure that adware will come with downloads.
While adware makers point to disclosures in license agreements as proof consumers consent to the software, Pew found small numbers of consumers read disclaimers. Only 25 percent said they always read disclaimers before downloading software, while 53 percent answered they read terms sometimes to never.
Some top adware makers have made efforts to address their critics, hiring privacy officers and clarifying their disclosure practices. The space has received a dose of legitimacy recently, due to reports that Microsoft is considering a $500 million bid to buy leading adware maker Claria and WhenU.com attaining $15 million in venture capital financing.
The Pew Internet and American Life Project reported that spyware concerns have caused a shift in Internet user behavior for 91 percent of Web visitors. Over 80 percent told Pew they have stopped opening e-mail attachments; 48 percent do not visit Web sites they think might install spyware; and 25 percent have ceased using peer-to-peer networks.
Pew surveyed 2,001 adults for the study.
Pew found many were unclear of how it differed from adware, software that serves pop-up ads based on user Web behavior. Just over half of all those surveyed said they understood what adware is. Of those reporting they had adware installed on their computers, 90 percent said software makers should provide better disclosure that adware will come with downloads.
While adware makers point to disclosures in license agreements as proof consumers consent to the software, Pew found small numbers of consumers read disclaimers. Only 25 percent said they always read disclaimers before downloading software, while 53 percent answered they read terms sometimes to never.
Some top adware makers have made efforts to address their critics, hiring privacy officers and clarifying their disclosure practices. The space has received a dose of legitimacy recently, due to reports that Microsoft is considering a $500 million bid to buy leading adware maker Claria and WhenU.com attaining $15 million in venture capital financing.
Sunday, July 17, 2005
Ajax May Undermine Web Advertising, Analytics Models
Ajax, a do-it-yourself approach using a hodgepodge of JavaScript, Dynamic HTML, and XML to create faster and more interactive sites, may soon cause web publishers, online advertisers and web analytics firms to change how they function, writes TechWeb's Fredric Paul (via paidcontent), adding: "Ajax shatters the metaphor of a web 'page' upon which much of web publishing and advertising is based." It has already become so popular that Microsoft plans to build an Ajax tool, code-named Atlas, and it is in use at Google Maps and Yahoo's Flickr.
Ajax reduces the need for an entire webpage to reload to show fresh data: "It questions the assumptions of why do I have to do a page refresh to do anything," according to Adaptive Path's Lane Becker.
"If sites track traffic and sell ads based on pageview impressions, everything changes when users start interacting with the site and making multiple changes without ever refreshing a page. Does all of that count as a single page view? Or do we need to count clicks, or use a stopwatch to time how long they spend on each 'page'?" Paul writes.
Traffic metrics are also affected by the technology, because most sites measure traffic in terms of visitors and pageviews. Though visitor counts are unaffected, Becker says "this blows away the page-view metaphor. Click paths have to be measured differently."
Ajax reduces the need for an entire webpage to reload to show fresh data: "It questions the assumptions of why do I have to do a page refresh to do anything," according to Adaptive Path's Lane Becker.
"If sites track traffic and sell ads based on pageview impressions, everything changes when users start interacting with the site and making multiple changes without ever refreshing a page. Does all of that count as a single page view? Or do we need to count clicks, or use a stopwatch to time how long they spend on each 'page'?" Paul writes.
Traffic metrics are also affected by the technology, because most sites measure traffic in terms of visitors and pageviews. Though visitor counts are unaffected, Becker says "this blows away the page-view metaphor. Click paths have to be measured differently."
First Step in Defending Cookies is Refuting Disinformation
On Friday, Mark Naples covered a piece written by The Wall Street Journal's Walter Mossberg that likened cookies to spyware. Mossberg's article contains what I would consider to be mischaracterizations of how marketers and online publishers use cookies at best, and inaccurate facts at worst.
For one, Mossberg's article characterizes cookies as non-permission based when he asks that companies that make use of cookies "go straight." He suggests that companies that use cookies "should ask a user's permission to install the cookies, pointing out whatever user benefits they believe the cookies provide." A quick check of The Wall Street Journal's privacy policy and separate cookie disclosure statement, linked from the home page, shows that the use of cookies is indeed disclosed and several benefits are explained as well.
The fact is that ad servers that make use of cookies have gone well out of their way to abide by the rules. They've deliberately steered clear of linking cookies to Personally Identifiable Information (PII) in the wake of the controversies of the past, and they've offered consumers the ability to opt out of the program on their Web sites. I can't think of a reputable site that makes use of cookies and doesn't disclose how they are used.
Mossberg also uses what I would consider to be a grossly unfair analogy for cookie tracking, likening cookie-based systems to a television that tracks what consumers watch and reports the data back to marketing companies. In reality, advertising-side ad serving systems concern themselves not with what content is consumed, but with which ads are displayed where, to which anonymous users, and whether or not a sale or a request for more information was logged.
As industry insiders, we know how these systems work and what is done with them. And we know that characterizations like Mossberg's are inaccurate representations. But the average consumer doesn't know what we know, and the fear of intrusion by marketing folks is understandable. Mark Naples on Friday suggested that perhaps there was an agenda behind Mossberg's piece. I'd like to suggest that there might be other forces at work.
There are companies out there who would like nothing better than to instill a culture of paranoia when it comes to online marketing. Companies that produce anti-spyware software label the tracking of cookies an act of spyware in part because labeling cookies as a threat gives a consumer yet another reason to buy anti-spyware software. And the software that can identify the most potential threats is the software that usually gets the highest marks from consumers who want their PCs protected. That much is simple.
What isn't simple is how the online marketing industry should respond to a growing number of consumers who are learning to hate cookies. My informal conversations with other industry professionals have yielded suggestions ranging from educational campaigns to higher-profile disclosures to ignoring the problem altogether. Disagreement about how to handle the problem may lead to inaction or the inability to get traction in dealing with it.
One thing that we can get going on in the meantime is to correct the Mossbergs of the world when they mischaracterize cookie tracking. Disinformation doesn't do anybody any good. So when you see articles published that don't characterize our use of cookies well, or contain factual errors, it would help all of us to respond to them in a way that corrects the inaccuracies.
Write letters to the editor. Post your opinion to blogs. Submit a piece to your favorite industry trade magazine or Web site for publication. But whatever you do, don't let disinformation slide. Articles like Mossberg's, when left unchallenged, have this nasty way of providing ammunition for those perpetuating the culture of paranoia in the ensuing discussions about the issue. You don't have to tackle the entire problem right now, but you could help to make sure that writers get their facts straight, so that any debate on the issue isn't tainted by incorrect facts.
For one, Mossberg's article characterizes cookies as non-permission based when he asks that companies that make use of cookies "go straight." He suggests that companies that use cookies "should ask a user's permission to install the cookies, pointing out whatever user benefits they believe the cookies provide." A quick check of The Wall Street Journal's privacy policy and separate cookie disclosure statement, linked from the home page, shows that the use of cookies is indeed disclosed and several benefits are explained as well.
The fact is that ad servers that make use of cookies have gone well out of their way to abide by the rules. They've deliberately steered clear of linking cookies to Personally Identifiable Information (PII) in the wake of the controversies of the past, and they've offered consumers the ability to opt out of the program on their Web sites. I can't think of a reputable site that makes use of cookies and doesn't disclose how they are used.
Mossberg also uses what I would consider to be a grossly unfair analogy for cookie tracking, likening cookie-based systems to a television that tracks what consumers watch and reports the data back to marketing companies. In reality, advertising-side ad serving systems concern themselves not with what content is consumed, but with which ads are displayed where, to which anonymous users, and whether or not a sale or a request for more information was logged.
As industry insiders, we know how these systems work and what is done with them. And we know that characterizations like Mossberg's are inaccurate representations. But the average consumer doesn't know what we know, and the fear of intrusion by marketing folks is understandable. Mark Naples on Friday suggested that perhaps there was an agenda behind Mossberg's piece. I'd like to suggest that there might be other forces at work.
There are companies out there who would like nothing better than to instill a culture of paranoia when it comes to online marketing. Companies that produce anti-spyware software label the tracking of cookies an act of spyware in part because labeling cookies as a threat gives a consumer yet another reason to buy anti-spyware software. And the software that can identify the most potential threats is the software that usually gets the highest marks from consumers who want their PCs protected. That much is simple.
What isn't simple is how the online marketing industry should respond to a growing number of consumers who are learning to hate cookies. My informal conversations with other industry professionals have yielded suggestions ranging from educational campaigns to higher-profile disclosures to ignoring the problem altogether. Disagreement about how to handle the problem may lead to inaction or the inability to get traction in dealing with it.
One thing that we can get going on in the meantime is to correct the Mossbergs of the world when they mischaracterize cookie tracking. Disinformation doesn't do anybody any good. So when you see articles published that don't characterize our use of cookies well, or contain factual errors, it would help all of us to respond to them in a way that corrects the inaccuracies.
Write letters to the editor. Post your opinion to blogs. Submit a piece to your favorite industry trade magazine or Web site for publication. But whatever you do, don't let disinformation slide. Articles like Mossberg's, when left unchallenged, have this nasty way of providing ammunition for those perpetuating the culture of paranoia in the ensuing discussions about the issue. You don't have to tackle the entire problem right now, but you could help to make sure that writers get their facts straight, so that any debate on the issue isn't tainted by incorrect facts.
Friday, July 8, 2005
Longtime online users most likely to delete cookies, Jupiter says
The longer a consumer has been online, the more likely he is to report manually deleting cookies, according to a recent report from JupiterResearch. Jupiter found that only 34% of users online for less than a year say they delete cookies, compared with 60% of consumers with more than five years of online tenure.
In addition, men are slightly more likely to act against cookies then women, according to Jupiter. 56% of men say they manually delete cookies, 30% say they use applications that delete cookies, and 31% say they actively block cookies. That compares with 47%, 24% and 20% of women, respectively, Jupiter says.
Attitudes toward cookies also changed with age. Jupiter found that 28% of those ages 18 to 24 years old believe cookies are an invasion of online privacy and security, compared with 36% of those ages 25 to 34, 39% of those 35 to 44, 42% of those ages 45 to 54, and 43% of those ages 55 and older0
In addition, men are slightly more likely to act against cookies then women, according to Jupiter. 56% of men say they manually delete cookies, 30% say they use applications that delete cookies, and 31% say they actively block cookies. That compares with 47%, 24% and 20% of women, respectively, Jupiter says.
Attitudes toward cookies also changed with age. Jupiter found that 28% of those ages 18 to 24 years old believe cookies are an invasion of online privacy and security, compared with 36% of those ages 25 to 34, 39% of those 35 to 44, 42% of those ages 45 to 54, and 43% of those ages 55 and older0
Subscribe to:
Posts (Atom)