10 Comments

Summary:

Cookies as a user tracking mechanism have come under fire recently — partly due to privacy concerns and partly because they simply aren’t very useful in a mobile world. Here are some alternatives.

What will become of the humble cookie? The tiny data files sent from websites to browsers have come under much scrutiny recently, particularly from privacy advocates and policy makers. Even advertisers agree that the web needs a viable alternative that balances privacy concerns with marketers’ desire to target users effectively.

As investors focused on the advertising technology space, we’ve paid close attention to the discussions surrounding cookies and other tracking mechanisms, given their importance to the ad ecosystem. In this post, we’ll summarize these discussions and touch on emerging tracking technologies that may ultimately replace cookies.

Third-party cookies (i.e., cookies set by someone other than the website being visited) have enabled digital advertising to flourish into the multi-billion dollar industry it is today. They are used to run retargeting campaigns, enable real-time bidding exchanges, and reconcile user-specific demographic data across multiple sources. And they’re everywhere–nearly 85 percent of the top 1,000 sites have cookies set by a third party, according to a study by the UC Berkeley Center for Law and Technology.

Yet many industry leaders have grimly declared “the death of the cookie” sometime within the next few years. What’s the cause of their cynicism? Here are some of the most common critiques:

Privacy concerns: Critics argue that third-parties collect and store excessive data on consumers, often without their knowledge. Consumers agree–57 percent of Internet users are either “concerned” or “very concerned” about their online privacy, according to a recent study by analytics firm Annalect. Law makers are concerned as well, and have floated potential legislation to limit the scope of tracking by third-party advertisers. They’ve tasked industry and consumer groups with defining a browser-based “Do Not Track” standard that would allow users to easily opt out of tracking.

Limited reach: Cookies aren’t effective in mobile environments (third-party cookies are blocked by default on iOS devices, for instance). This can be limiting for advertisers, given that we spend more time on mobile devices than we do laptops and PCs. Additionally, many desktop browsers including Firefox, Safari and Internet Explorer have chosen to preemptively opt users out of accepting third-party cookies.

Poor cross-device tracking: Cookies can’t provide cross-device targeting capabilities (i.e. targeting the same user across mobile and desktop devices). As consumer attention continues to bifurcate across devices, the value of desktop-only cookies starts to decline.

Photo from Thinkstock/bestdesigns

Photo from Thinkstock/bestdesigns

Stacking up the alternatives

So what’s next? What’s the magic bullet that balances privacy considerations with sophisticated cross-device tracking capabilities? Some interesting cookie alternatives have emerged, each with their own benefits and drawbacks. We can classify these identifiers into three buckets: known, stable and statistical.

Known identifiers are typically associated with some form of personal information, such as a name or email address. Large consumer internet companies have access to millions of known IDs, across both desktop and mobile. These IDs have some important advantages over third-party cookies:

  • Known IDs are highly accurate given that we typically pass highly accurate demographic and interest data to social media companies like Facebook and Twitter. Known IDs have large mobile and cross-device reach (persistent login across desktop and mobile devices)
  • Privacy concerns may be mitigated by giving users ample control over the how/when the ID is passed to advertisers
  • Both Facebook and Twitter are expected to begin allowing advertisers to use their known IDs outside of their “walled gardens” (Twitter’s acquisition of MoPub has many industry observers predicting that this will happen on mobile in the near future).

Stable identifiers are typically associated with a specific device or browser. Apple’s IDFA (“identifierForAdvertising”) used on iOS devices is a good example of a stable ID. These IDs are typically persistent (don’t expire or erase), anonymous and allow for user opt-out.

Most notably, Google is rumored to be developing a stable ID system, known as AdID. The AdID would be a unique identifier associated with the Chrome browser and Android devices that persistently identifies users. It would be anonymously passed to advertisers approved by Google, while giving users greater control over how they are tracked online (such as the ability to opt-out or block specific advertisers). The AdID could also include “known” data for users logged in to Google products like Gmail and Google.

Details on AdID are sparse, but its implications are vast given Google’s massive reach and scale. See Ari Paparo’s excellent post for some predictions on how the AdID may be designed.

Finally, statistical IDs attempt to bypass cookies entirely by using other attributes to identify users, such as IP address, device type, and browsing patterns. Using these attributes, companies like Drawbridge, TapAd and AdTheorent can probabilistically determine whether two devices are connected (for instance, your phone and PC). The resulting statistical ID can then be used for ad targeting. Here’s a more detailed description of the technology.

Although promising, the technology is still in its early days; most statistical IDs are typically only 60 to 70 percent accurate. Nonetheless, many within the industry are optimistic about the potential of statistical IDs because they allow for cross-device targeting, are anonymous (quelling some privacy concerns) and aren’t owned by a single large player like Google or Facebook.

Nima Wedlake is an analyst at Thomvest Ventures, focusing on advertising technology. Follow him on Twitter @nimajw.

  1. I cannot understand why (consumer prerogative) the business has any legitimate access to information that is not part of their transactions! Just because they can easily steal information does NOT make it right.

    1. I agree. They are only taking information because they can and always have since the internet is still the wild west. Cookies are as bad as putting a tracking device on someones car to see where they drive.

  2. Andrey Gerasimenko Monday, March 31, 2014

    I am not privicity concerned, my browsers just block 3-d party cookies and ads. Over the years I can remember, I have made exactly one purchase based on Internet ads. An online store had a banner ad for itself presenting 5 New Year presents. I new 4 were great products and the 5th turned out to be great too. They did not need any targeting to achieve that. I do not understand why that billions are spent, it looks like underground financing of advanced tech companies like Google to me.

    The statistical approach must be best, maybe identifiers make it even better. I am a different person when doing different things or being in different mood or using different devices or even when visiting different web sites. A tracking company may claim that they know how my behaviors correlate, but I doubt that claims may be true in principle. Statistical approach alone allows to target “me at home thinking hardware” better than any ID alone.

  3. Barry Fleming Monday, March 31, 2014

    Geo-specificity and real world social circles. We develop strategic insights & solutions for executives, IT organizations, business intelligence, market research, digital analytics, product development, advertising & marketing, customer care, etc. and can optimize solutions, communications, content, segmentation, and targeting for ‘profit potential density’ specific to geo-locations, regardless of the availability of cookie data (i.e. ‘Do Not Track’).

  4. All forms of advertising are parasitic and, as such, should be confined by default to those situations where their existence is at worst “symbiotic.” In other words, only when the USER indicates a desire to receive advertising should the parasite be allowed entry. In addition, I feel that since today’s advertisers are using storage space on my computer, they should be required to pay for that space. Say $0.05 per byte. If the data is put there without my knowledge/consent, the price should – by law – increase to $50.00 per byte. After all, the purpose of advertising is to make money, so why not guarantee that someone (the user) always profits?

    1. Agreed. I have to pay for my data: $100 per 10GB (due to my current situation I have to use a wireless mobile network dongle to connect my PC to the net).
      Why should advertisers be allowed to use up a portion of my data allowance at no cost to them.
      To save money and keep them from bleeding my account dry over the space of a few days, I have had to use a hosts file to block the majority of advertising\banner sites.
      I also no longer look at YouTube or play simple online games because they also bleed data.
      One site I was having some fun with burnt 15mb per 20 minutes with no graphical content updates. I still get emails asking me to come back.

      1. Good point. I know a few who use wireless and don’t even consider the ads chew up part of their 10GB and contribute to ioverage charges.

  5. All use of private information on demographics and habits should be voluntary. In many parts of our lives this is a mandate now, e.g. HIPPA regulations on medical information. Information captured about you by a third party should not be theirs without your approval and a payment of your specific fee. When advertisers buy lists from Dun & Bradstreet and others they pay for that information. The difference is that D&B’s lists are private until a fee is paid to purchase them.

    What is the definition of private information? What are reasonable privacy regulations and penalties? What fees should be allowed? What responsibility should advertisers and other have to comply with the laws established? What agencies (government and private) should be established to regulate privacy and enforce the laws?

    Because the internet is still a frontier in many parts of our lives, even though it is very purvasive, issues like those in the above paragraph have not been fully addressed yet. If I walk by a sports retailer store window and see and ATV I want, I cannot just drive it off. If I browse to a site then why should an advertisor have the right to capture my demographic information and habits for free? I see these as similar and just not regulated yet as they need to be.

    Could Facebook or Google or Yahoo have amassed their wealth if they had paid for the information they amassed? If they had paid for this information would millions of others benefited fairly rather than a select few? If it had been clear that these sites were capturing free information they intended to resell to advertisers, would they have had the visitors they did without paying visitors a fee for the demographic data kept?

    I see this as a very serious issue that may create a big-bang for the internet in the near future. Let’s go towards some of the real benefits of the internet: facilitating information and knowledge sharing, assisting us explore the world around us. assisting the handicapped, assisting education and learning activities, enhance entertainment media, etc.

    The internet and the information it contains should be free but not at the expense of personal privacy and freedom of choice. If the privacy issues continue to fester and the power of companies growing from this continue, when will we be losing too much freedom?

  6. Philip Schweizer Tuesday, April 1, 2014

    Great post, thanks. I think we need to find a balance, and personally I feel it will still take a long time until there are widely adopted regulations. A good part of the power lays with the above mentioned companies, and the problem is that they still have an interest in some sort of control. A simple wizard after installing Firefox, or after a next release, giving the surfer opt-out/in options in 3 steps can already give the user more control. Lastly I think we must after all not forget that there are definitely also upsides for surfers receiving tailored content on the websites they visit, especially since there is just a massive overload of information on the web. Btw a question; does anyone know how companies have access to Known ID’s?

  7. if I may present the other side, as I am a content creator.

    if we drop out all advertising, then what would be the purpose of the internet ? Back in 1993 the internet didn’t have a lot of sites. Advertising didn’t yet exist. Brick and Morter businesses started to use it as a way to promote their business to the new people buying computers. (website functioned like a business card)

    Why would I spend 100hrs of hours a week creating content with no monetary reward ?

    If I create new lines of coding that will save other coders 20 hrs to figure out, then I post it on my blog, share it, and allow you to use it with no cost with no ads, sounds great. Only thing is this then will cost me 5 bucks a month, until i run out of funds, then my site is down. So i am paying to help you code better.

    So I ask, how do you believe content creators should be able to make money or if they are allowed to make money ?

Comments have been disabled for this post