Death of Cookies, Spyware Greatly Exaggerated?

securitas writes "The New York Times' Bob Tedeschi interviews several Internet marketing leaders who debate recent reports that Internet users are deleting cookies en masse and causing serious problems for advertisers. Among the interviewed is Eric Peterson, co-author of the Jupiter Research report that claims 39 percent of Internet users delete cookies. Slashdot has recently had stories about this supposed trend in June and July. A shorter version of the article at IHT. Who is telling the truth and who is deleting cookies? Are you?"

Yes

[It doesn't come easy]

[...]who is deleting cookies? Are you?

Routinely and automatically. I don't need any help in remembering my ID, password, or credit card number, thank you. And I don't want any company tracking my every move on the net just so they can turn around and sell information about my personal habits, whatever those habits may be.

Here's a challenge for all the companies (and individuals) out there who think it's perfectly acceptable to track and profit from every personal detail you can get your hands on of the people who interact with you. I'll let you track and profit from everything I do if you let me track and profit from everything you do. Complete discloser in both direction. Anything less is unacceptable.

40% of the market is a problem

[Thanatopsis]

If 40 % of the market is deleting their cookies (no doubt as part of a regular anti spyware cleaning) that's a problem no matter what spin you put on it.

I, for one, don't bother with cookies anymore

[BlackCobra43]

I simply deleted all my cookies, visited every site I *want* a cookie from and then set my cookies to be read-only. Worry-free AND all the benefits of good cookies!

I usually don't delete cookies ...

[maxwell demon]

... because I already don't let the browser set them.

Does the advertising industry also "lose" money because it cannot track if I am watching their ads on TV?

Re:Yes

[Anonymous Coward]

I don't bother to delete cookies ever. I really just don't give a shit whether I'm "tracked" or not. I block most advertising anyway, it really doesn't matter.

I choose

[mporcheron]

I set my settings in my browser to ask before saving a cookie, most I deny but some, for example, logins I allow. You'd be amased how many websites set a cookie every time you visit their website and how many times. Advertisments are the worst, because they always set several cookies per advert but now I've go into the trend of just blocking whole domains, I hate the feeling that some body is sitting at a computer monitoring how many different people are seeing his adverts/

Personally, i do.

[domipheus]

But not because of security concenns, it is mostly because I have got into a nervous habit of clearing my cache and cookies every day.

A few months ago this was a different story, seeing about 400MB of cache/cookies taking up around a gig on the hdd because the files were so small changed it; and I dont mind having to re-login to sites every time, it means I am less likely to forget my various passwords!

Mangage THIS, yuppie scum!

[Le Marteau]

"So cookies are a really good thing for managing the user's experience" says a USA Today markedroid.

Clueless. Absolutly clueless. This goes straight to the heart of the matter. They can't understand why people don't want their 'experience managed'.

I can manage my own goddamned experience, thanks anyway. Keep your filthy paws offa me.

No, but...

[lilmouse]

I don't allow cookies in the first place; that kind of obviates the need to delete them.

I accept cookies from about 10 sites (and yes...slashdot is one of them). And even those get deleted when I close firefox!

When I set up others' computers, I only allow cookies from the orinating website, so that cuts down on cookie retention as well.

No one needs to track me!

--LWM

Let's put it like this

[Moraelin]

Let's put it like this: when you have someone whose very revenue depends on "detecting wolves", they'll cry "wolf!" All the time. They'll cry "wolf" at the neighbour's "alsacian wolf" dog even. I'm talking about anti-spyware and other "security" companies. Do they delete cookies? Well, I briefly had McAffee installed, and among other problems (such as being a piss-poorly programmed POS) it did exactly that. It tried to protect me from all those supposedly dangerous cookies, storing such "personal details" as the session ID on some site. I'm not kidding. Using half the sites that required logon (such as Gamespy's Fileplanet) was suddenly impossible. So based on that I'd say the concern is genuine. But it's probably not the users going through the menus to delete cookies. Joe Average probably wouldn't even know or care what a cookie is. But Joe Average likely has some POS security software installed that deletes the cookies for him

Re:Purge the evil

[Exter-C]

Within firefox you can setup cookie control fairly well. There are also extensions that allow you to do even more things from what I have been told Although I have not verified the extensions.

Cookieculler

[Dr.Opveter]

I use Cookieculler [mozdev.org] to protect those cookies I value (cause not all cookies are out there useless) and I delete the rest frequently.

Re:Not that it would matter, but

[Dogers]

Some don't actually EVER expire..

Some, like Googles cookie, don't expire for ages!

(Googles cookie implodes some time around January 2039)

Firefox has poor cookie management

[plover]

Out of the box (or out of the 'download' folder, I should say) Firefox has really poor cookie management. I have it set to prompt, but once I deny a site permission and realize I want to do business with them it takes many mouseclicks and a lot of stupid scrollbar searching to hunt down the cookieblock and delete it.

There are some cookie management extensions out there, but for "normal" people to better manage their privacy (or even to realize they have privacy right that they can manage) I'd like to see "prompt always, deny third party" turned on by default, and a cookie toolbar/rightclick option that allows you to accept/decline/delete them. As a matter of fact, that would be a nice option for the Firefox installer: a checkbox that says something like "[ ] Help me manage my privacy rights online." We could debate whether or not it should be on or off by default.

Or, weirder yet, what about something like the infamous Clippy? "Hi, I'm Foxy, and I'm here to help you with online privacy so you don't become a victim of identity theft, or a pawn of corporate marketing strategies!"

Re:Mangage THIS, yuppie scum!

[kevin_conaway]

Clueless? I don't think so.

The majority of their users probably DO want (or don't care about) their "experience managed". They most likely think that the small majority of people who oppose it will go ahead and block the cookies anyway.

I suspect the percentages of people deleting cookies are not people that are actively deleting them because they are worried about their privacy. Its most likely that the cookies are getting caught up in a spyware removal tool.

In short, they are saying: If you don't like them, delete them.

Re:40% of the market is a problem

[Anonymous Coward]

That's ironic. He gets labeled informative and doesn't tell why it's a problem.

I don't see any problems, aside from advertising dollars drying up. But that's a moot point considering bandwidth is so cheap and if you want to throw up some kind of large, bandwidth consuming site you can generally run it on donation. That, and anywhere that has a decent product or service seldom needs to advertise it and when they do they don't make the big bright flashy "YOU WON A FREE PIECE-OF-SHIT" bouncing all over the screen in a flash ad game bullshit.

I hate advertising. I hate the way it advertises to women to destroy their bodies and then lie about who they are, I hate the way it advertises to men to be shovanistic dominating fucks, I hate the way it exploits need and social trust to enslave people into a process of consumption, I hate the way it educates kids about using their products for percieved, non-existant needs.
I hate the way the marketing books are written from a psychologists point of view.

Marketing works upon the communist dogma; build 1000 tracters, 1 works, rebuild the other 999 and get another working tracter, then do it again. You advertise to a kid to eat unhealthy food and watch TV, and to partake in stimulation culture. 15 years later, they're fat, unhealthy, and they're depressed becuase they can't stimulate themselves enough to get happy again (true happyness comes from controlling your wants). So you fix the situation with antidepressants, lyposuction, and a new diet and motivate them with images of supermodels and after even more money, they're to that level again. They become stupid, get pregnant, fake marrage, then what's the solution to that? Diapers, house, carpeting, divorce lawyers...and the kids get left infront of a television the whole time.

    Why? Because it destroys people. Even if I like something, I still hate advertising because once you're sold it becomes redundant.

Someone who does marketing is incapable of telling the truth. At least a lawyer can try.

A simple way to do automated cleanup

[caudron]

All I did was write a simple script that cleans out my cookies and cache. I've set it to run daily on logout. Change $user to your username and $profile with your profile string and use it:

echo "drop firefox cache and history"
shred -u /home/$user/.mozilla/firefox/$profile/Cache/*
shred -u /home/$user/.mozilla/firefox/$profile/history.*

echo "grab all valid firefox cookies"
cat /home/$user/.mozilla/firefox/$profile/cookies.txt |grep slashdot >/home/$user/.mozilla/firefox/$profile/cookiesnew. txt
cat /home/$user/.mozilla/firefox/$profile/cookies.txt |grep mapquest >>/home/$user/.mozilla/firefox/$profile/cookiesnew .txt
cat /home/$user/.mozilla/firefox/$profile/cookies.txt |grep mywebgrocer >>/home/$user/.mozilla/firefox/$profile/cookiesnew .txt
cat /home/$user/.mozilla/firefox/$profile/cookies.txt |grep news.google >>/home/$user/.mozilla/firefox/$profile/cookiesnew .txt
cat /home/$user/.mozilla/firefox/$profile/cookies.txt |grep netflix >>/home/$user/.mozilla/firefox/$profile/cookiesnew .txt

echo "get rid of all cookies not explicitly kept above"
shred -u /home/$user/.mozilla/firefox/$profile/cookies.txt
mv /home/$user/.mozilla/firefox/$profile/cookiesnew.t xt /home/$user/.mozilla/firefox/$profile/cookies.txt

echo "done"

Just add a new line for each cookie that you want kept in the "grab all valid firefox cookies" section just as I did (noting the > vs >> piping).

I mean, it works for me, at least. Why do I shred instead of rm? Because I'm one of the lunatic fringe that likes the idea of actually deleting files that I tell to be deleted.

Coupled with Firefox's AdBlock add-on, I'm pretty comfortable with my browsing experience.

Re:Yes

[sporktoast]

Both accepting every cookie (as the marketers would prefer) and blindly deleting them all, (the simplest response) are just too extreme. The sweet spot for me is in the middle.

My cookie file is read-only at the file system level. It has fewer than 10 cookies in it, all of them hand filtered. This effectively makes every other cookie a session-based cookie, without having to to be nagged about it every time.

Each time I come across a site that offers me the opportunity to remember my login, I consider whether to add it to the list. I explore the site, to see whether it is actually worth it. I inspect the cookie for what else it contains, and maybe it goes in.

Outside of that, I have the usual Preferences-based options selected for security. (Allow from originating site only, etc.) I also hand-edit cookies like Google's to nullify unnecessary GUIDs. On a few of them, (Slashdot, NYT) I actually delay the expiration date so that I don't have to fiddle with them every year.

I'd say that I add maybe one new cookie a year, and update another one to accomodate some site's change in cookie format.

Re:Yes

[dajak]

If I own something that has value and someone else takes it and prevents me from profitting myself from it, that is theft, plain and simple.

: The concept that someone who is taking the effort to aggregate the behavior of millions is stealing from you personally is stupidity.

It's just as nonsensical as the concept of advertisers losing money if people delete cookies. Or the concept of losing money on non-sales because of piracy. No money is changing hands, and no goods are stolen. Just business models that reach the end of their useful life.

Re:cookie swapping?

[Madcapjack]

Who needs to delete cookies? I just have a little program that overwrites the text with random text. Why? Well, spyware companies suck that's why. But you're not kicking them in the gut if you just delete the cookies. Nah, feed their databases with crap. That's what I say.

Re:No, but...

[revmoo]

More like leaving your keys in the car while it sits in a locked garage.

Block 3rd party cookies and allow the rest and you should have nothing to worry about. Unless you enjoy the paranoia.

Re:I usually don't delete cookies ...

[Urchlay]

With digital cable and satelite the way it is now, can't these companies track what you are watching (given that you use their provided cable/satelite boxes) and, therefore, determine if you are tuning into their ads?

How can they tell if I'm in the kitchen making a sandwich, or in the bathroom... or for that matter, whether I'm even home? I know a lot of people who leave the TV on 24/7 (maybe muted) whether they're even in the same room or not...

For that matter, what if I turn off the TV itself, but don't bother to turn off the cable box? Can it "tell" whether the TV is on?

I'm in the "hate all ads" camp, BTW... I use Firefox's Adblock extension aggressively. It's my screen, my bandwidth, and my eyes... and if I'm not going to buy whatever they're selling (which I'm not), what difference does it make whether I look at the ad (some sort of tree-falling-in-forest thing?)

...but cookies can be useful. They're a tool, a mechanism for imposing state on a stateless protocol. Like any tool, they can be used for good or evil... and like any client-supplied data, can be folded, spindled, and mutilated without the server's consent or knowledge.

If you really, really hate marketers tracking data, maybe you could start a "p2p cookie-sharing service". It'd create a pool of shared, effectively random cookies, and browsers could send a different one in each request... of course you'd need a way to stop it from sending garbage cookies for e.g. session cookies that you actually need...

This would be the WWW equivalent of people swapping frequent shoppers cards...

Re:No, but...

[techno-vampire]

Since when should you trust a site not to annoy you with ads, block popups and use Adblock and Flashblock.

You and I have much the same way of dealing with ads. However, the idea is that if you are going to see ads, you should see a different one each time. That way, instead of having one product shoved under your nose over and over, you get one look at a large number of products. This increases the chance that you will find at least one of the ads useful and lowers the chance that you will get so fed up you block them all.

As I see it, you have two sensible choices. Either you block all ads or you allow the cookies. Blocking cookies and accepting ads just gets you bombarded with endless repititions of the same thing and that's the worst outcome.

Re:No, but...

[murukusu]

I'm only accepting cookies from few sites and blocking all but google's text ads. I must say that since I started to surf like this, my user experience has improved vastly.