Cookies were invented in 1994 by Lou Montulli and John Giannandrea, at that time an employees of Netscape Communications. Since then cookies become an inseparable element of every ad technology.
Why cookies are so important? Where do they fit in today’s advertising ecosystem? Are they replaceable? What is the future of cookies?
Cookies were used widely for the first time in advertising by DoubleClick (which at that time was called Internet Advertising Network) back in 1995 in order to rotate banners (today we would call it frequency capping - limiting number of times showing the same ad to one visitor) and quickly become adopted by other players on ad technology market.
How cookies are used in advertising and web tracking?
The scope of usage of cookies, against consumer privacy concerns, widened pretty fast. The most popular cases for using cookies are:
- behavioural targeting and ad personalisation (displaying personalised ads to users based on visited websites, search queries and other online habits tracked),
- re-targeting (targeting ads to users who already visited given site and match certain criteria such as position in sales funnel),
- frequency capping (limiting number of times showing the same ad to a user through given time, e.g. no more than 3 times per 24 hours),
- visitor profile building (gathering more information about user, e.g. by connecting behavioural data with demographics information filled in by user during registration on the website),
- matching visitor profiles (gathering and combining visitor profiles from different publishers/data sources – it’s usually done by DMPs - Data Management Platforms),
- audience data trading (trading visitor profile information, DMPs sell data directly or through ad exchanges to advertisers, so that they can better target their ads),
- web analytics (learning more about users visiting given website).
What is stored in the cookie?
In ad technologies and web trackers in general, the most common approach is to store in the cookie unique identifier of the visitor (usually UUID, but not necessarily). All information gathered about this particular visitor (called Visitor profile) is stored on server side in a format optimised for fast lookups, e.g. in a key-value/nosql database, a memory cache or at least an indexed column in sql database.
Visitor profile consists of information valuable to the advertiser, publisher or other ad ecosystem party (check out this interactive ad ecosystem map). Depending on tracking system it can range from timestamp of latest visits to the website, list of visited pages, time spent on pages, list of viewed/clicked ads as well as those ads that user engaged with (e.g. with interactive content), up to demographic profile, behavioural data and any other, useful for targeting and/or statistics information.
What are today’s challenges in using cookies?
Cookies are widely used in advertising for nearly 2 decades, but they become less reliable, and there are more and more issues with using them, such as:
- EU legislation, called “EU Cookie Law”, requiring websites to ask user consent before setting a cookie or using other tracking technologies,
- consumer privacy concerns, which began along with creating cookie standard, but recently they become much more visible in media,
- cookie blocking and delation, a lot of cookies are deleted after a session, or are rejected,
- browser extensions such as Ghostery or AdBlock help users to stay not tracked,
- browsers disable 3rd party cookie support by default (e.g. Safari for iPhone has it disabled by default, or IE’s DNT (Do Not Track) enabled by default)
- multiple device usage, web vs apps usage, users start using multiple devices, some experience moves to apps – it’s impossible to track user behaviour across all of these with cookies.
However, there are techniques to track visitors regardless of cookies, such as browser fingerprinting – see the Panopticlick experiement to check how unique is your browser (mine is unique in 2.6+ millions!), or cookie respawning, a technique in which in case cookie was not found (user possibly deleted it) tracker logic tries to restore it from alternative places where it saved the visitor profile id such as flash cookies or HTML5 local storage.
There are already (not yet desperate) efforts to look for alternatives. IAB (Internet Advertising Bureau) have it’s own Advertising Technology Council (ATC) with The Future of the Cookie Working Group working on cookie alternatives that would be more reliable, universal (suitable for use not only within web/mobile web, but also for in-app advertising) and can be easily widely adopted by ad technology suppliers as well as do not raise privacy concerns. See presentation below for more information:
That’s not it!
This is the first post in the series of online tracking and exploring today’s ad ecosystem, stay tuned for more!
- Article: Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1898390
- Panopticlick experiment. How unique and trackable is your browser? https://panopticlick.eff.org
- Online Advertising History – Flash by name, Cookie by nature by Dean Donaldson http://nothingtohide.us/2008/01/31/online-advertising-history-flash-by-name-cookies-by-nature/
- Wikipedia: HTTP_Cookie, Web_bug