Alternatives to cookie tracking: April 26, 2013 by Maciej Zawadziński Chief Executive Officer
Cookies are a fundamental mechanism used in advertising industry for ad personalisation and behavioural targeting, re-targeting, frequency capping and much more (see my earlier post about how cookies are used in today’s internet).
Nowadays, majority of ad technology providers that are disrupting* advertising industry are still relying on cookies to a great extent.
With recent bad publicity around cookies, new european legislation (so called Cookie law) and new default settings in various web browsers (e.g. enabled DNT headers in Internet Explorer, blocking 3rd party cookies in Firefox and Safari), it is becoming critical to start looking for alternatives and implementing them.
(*) In my opinion there isn’t much disruption happening, rather slow progress, but that’s another story about how crippled advertising industry is.
In usual tracker/ad server implementation, only a unique identifier of the vistor profile is stored in the cookie, and the rest of the data lies on the server. Most commonly ad technology relies on 3rd party cookies (that are set in other domain than the website that user visited). Their big advantage over 1st party cookies is that the ad tag loaded from same (ad server’s) domain on different sites still has the same cookie passed by the browser – this is an easy way to track the user across websites that he has visited, ads he has seen etc.
The problem that ad technologies face is that cookies from year to year become less persistent (due to blocking/rejection or automatic deletion), and especially 3rd party cookies persistence is declining the fastest.
What are alternatives? Let’s look through the methods available via which we can deterministically get a unique identifier of the visitor in every request to the server:
There are systems using hybrid approaches which use several of above techniques for tracking. This method is called respawning, which is a way to restore http cookie by reading flash cookie, ETag or HTML5 local storage.
Even using a hybrid approach to manage cookies (which basically means storing visitor’s unique id via multiple methods listed above and trying retrieving it from any available at the time), still do not work in 100% cases.
Additionally, users start using multiple devices to interact with online services and content. Above tracking techniques are not able to tackle the problem of cross-device tracking.
Let’s start with ideal properties of method for tracking visitors.
What could be potentially satisfy all of these properties? I haven’t seen yet anything that would be at least close to that.
We already have at least several unique identifiers that we use in internet, e.g.:
Although, none of above provide a way to anonymize or reset user identifier, and each could easily be linked to a person which raises a lot of privacy concerns.
There is obviously a lot of issues with cookies, but due to their wide adoption, the change will be very hard.
IAB already created a The Future of the Cookie Working Group working on alternatives that would be more reliable, universal and can be easily widely adopted by ad technology suppliers.
The new standard shall on one hand guarantee reasonable privacy for users, and on the other hand provide a reliable tracking mechanisms. I can hardly see win-win situation, but a good consensus between publishers, advertisers and consumers.
Consumers has plenty to say in today’s internet, but I hope that it won’t end up with a ridiculous solution like the one forced by European Cookie Law which littered websites with meaningless notices about usage of cookies.
Post illustration credit: gegen-den-strich