Anna Pragman

Reimagining Cookies

Where did the cookie come from and what would we do without them?

Main Content

Unfortunately we won't be discussing the kind of cookies made from sugar, butter and chocolate chips, instead we will be focusing on the kind of cookies concerning advertising, online data tracking and transparency. The advertising landscape that has relied on cookies and detailed user profiles for over 30 years is rapidly changing.

What are cookies and how are they used?

The inventor of the internet cookie Lou Montulli explains why he originally created cookies to protect a user's anonymity and reflects on how they have been used to violate users data privacy in an interview with NPR, “Third-party cookies and the fight for personal data” from their Planet Money channel with Alexi Horowitz and Sarah Gonzalez. Montulli discusses how 30 years ago the internet was mostly accessible through platforms like AOL which interacted with curated portions containing news, emails and games. As a recent computer science student Montulli joined Netscape, a new company setting out to create a new web browser that would provide a smooth experience and easy to use. Montulli and Netscape looked for the unstoppable force of capitalism to expand the connectedness of the accessible internet. However the current landscape was not suitable for online stores, there was one prominent problem - the internet did not have a memory yet. This means that nothing could be saved to your cart and if you wanted to buy multiple items, you'd have to buy them all individually. Montouli envisioned a clever solution to the memory problem: to give every website user a unique ID code and then every time you visited the website your information would be stored and the site was tailored to the user.

This marks the creation of the cookie - a small piece of data stored in a user's web browser used to identify your device and track your session and activity.

How does a cookie work?

As a user, when you visit a site for the first time the website puts a cookie on your device which has its own unique identification code, specific to each website.

After the implementation of the cookie Netscape grew exponentially. This success kicked off Microsoft's Internet Explorer, which included cookies as well allowing it to become an integral part of how the internet works. However, this solution unleashed another problem - it had just become significantly easier to track user activity on the internet.

How might they be dangerous and how are they helpful?
  • Cookies as helpful technology

    For website owners cookies can be useful to track site visitor count and collect more accurate data about their traffic. Small businesses may find them useful to determine their audience and adjust their brand identity.

    As users, cookies may be convenient to us by remembering our login information to sites, displaying items we tag, favorite and add to a cart, suggesting similar items based on our activity.

  • Why weren't they removed if they are dangerous to users? (Cookies participating in user privacy violations.)

    Companies saw incredibly lucrative opportunities in advertising on the internet. Companies like DoubleClick would attach cookies or ID codes to ads allowing them to track ads across multiple websites and learn about what users are doing online, creating a detailed profile of their interests from their browsing activity.

    Lou Montulli says he saw this as a “violation of the spirit of cookies” (Horowitz, and Gonzalez 2022) because he had designed them to hide users' identities in the spirit of user control. However he faced a moral dilemma in taking down the cookie. Ad tracking enabled a significant amount of revenue. If they disabled ad tracking they would destroy around 90% of the earnings generated by the web. So Montulli compromises: Websites are legally obligated to ask for permission to install a cookie, where they must inform the user what they use the information for. Users also have the option to clear all the cookies off their browser whenever they pleased. However the second part of this compromise allowed ad tracking to continue. Tech giant Google then acquired the digital marketing company DoubleClick and ad tracking became one of their fundamental profit engines. This then allowed the level of ad targeting to become more and more sophisticated. A dangerous part of the unregulated ad targeting system is nothing stops advertisers from targeting users with ads related to sensitive topics.

How might the future of a cookie-less digital advertising system look?
  • Where data privacy is headed / Growing concerns for data privacy.

    The GDPR, General Data Protection Regulation, was seen as the first effective force of data protection for users. The GDPR argues that users should be more clearly informed that they are being tracked and should have the right to make clear decisions of what tracking they allow.

    Third-Party Cookies are now in danger of death due to public awareness and rising security and privacy concerns. In 2020 Safari became the first major browser that blocked third-party cookies by default, Firefox then followed soon after.

    However, ad tracking as a system will not be going away. Google has stated that it will not disable the cookie until it can create a replacement for it. This company is also proposing sorting users into interest-based buckets based on behavior for ad targeting as opposed to detailed user profiles. Earlier Google had declared its goal to ban ad tracking cookies by 2022 and has now moved this goal to 2024 due to pushback from data rights activists on their replacement proposals.

  • Imagining a solution (Current options and my own solution)

    Digital Marketers are preparing for a marketing future without third-party cookies.(Kerner 2021)

    There are four main alternatives being considered,

    • Zero Party Data

      Users voluntarily provide their information to a website or a platform. This also involves the user having very clear access to the information of who has their data.

      An example A bookstore website allowing customers to share information about their interests and their age group by checking off corresponding boxes. The aforementioned enables businesses to put tailored content in front of their customers without building an individual profile.

    • Identity Providers

      Publishers and marketers work with ID providers- when a user visits a publishing or marketing site, they give permission to use their information. The publisher or marketer then shares that users consent with the ID provider, creating an ID for ad targeting.

      Examples of Identity providers include: Google, Apple, Fitbit, Facebook, Microsoft and Amazon web services.

      The use of identity providers still put people's data at risk “sensitive information is still being handed over to a third party, albeit a reliable one. There is always the risk that the identity provider could be hacked or lose control over the information it possesses through poor data hygiene” (Lutkevich, n.d.)

    • Device Fingerprinting

      Enables a site operator or marketer to collect information about a user's device or browser - similar to a third party cookies BUT cookies are stored client side, device fingerprints are stored server-side in a database.

    • Contextual Targeting

      This tactic relies on the context of the site for targeting and will show ads in a similar context.

Imagining Protected Personalized Advertising
A level System and Informed User Agency

In a perfect world, we should be able to choose the level of personalization in the ads we receive. I'd like to imagine a perfect system that would give users agency and provide data transparency. In this system the user will be able to select their level of participation as a customer in digital advertising on a scale from 0 to 3. Each level varies in the customization of advertisements shown AND the amount of information taken from the user's behavior. The most important part of the level system is including a comprehensive description for the users, they must understand that they have the right to know where their information goes to be able to make an informed decision on what level to choose. Users would select their level through their browser when setting up a device and be able to access it at any time, the level they selected would then be honored on any browser and any device associated with the user through the use of cookies. Users can choose exactly what their websites remember, checking off boxes to include login information and tagged, favorited items or added to a cart. Every system is designed to protect users and restrict violation on the part of platforms, websites and ad and tech companies.

If zero - General Net Ads - These advertisements will be similar to billboards in the way that they involve the least audience targeting. Companies may purchase limited slots through advertisers for their ad to be shown on websites and platforms before ad rotation due to a very strict view limit of 50 times per user in order to avoid a monopoly.

If one - Contextual Targeting - Selecting this level will allow advertisers to show ads related to the website context. If someone is looking at womens boots, then they will get ads on that site for womens boots. Websites either should identify their context with digital advertising companies or their context will be interpreted by an AI system. If the site context is not provided or cannot be determined, then general net ads from level zero will be displayed for that site.

If two - Zero Party Data Forms - Users will have the ability to identify their ad interests and add them to a customizable list. This way users can avoid any triggering topics and enjoy ads that fit their interests.

If three - Protected Personalized Advertising - Here users can select which cookies they want applied to their user identity. Along with the intensity of tracking, users will see a plainly worded description to ensure they understand how this technology works.

As internet users we should aim to understand where our data is going. However, over individual responsibility, we must pressure our governing forces to create and enforce regulations to keep our data safe.

And that's how the (third party) cookie crumbles.

Create a Pro Website. 2019. “What Are Cookies? And How They Work | Explained for Beginners!” YouTube. https://www.youtube.com/watch?v=rdVPflECed8

Alexi Horowitz, and Sarah Gonzalez. 2022. “Third-party cookies and the fight for personal data : Planet Money.” NPR. https://www.npr.org/2022/11/18/1137657496/third-party-cookie-data-tracking-internet-user-privacy.

Kerner, Sean Michael. 2021. “The death of third-party cookies: What marketers need to know.” Tech Target. https://www.techtarget.com/whatis/feature/The-death-of-third-party-cookies-What-marketers-need-to-know?utm_source=youtube&utm_medium=video&utm_campaign=102021
COOKIE&utm_content=COOKIE&Offer=OTHR-youtube_OTHR-video_OTHR-COOKIE_2021Oct15_COOKIE.

Lutkevich, Ben. n.d. “What is an Identity Provider? Definition from SearchSecurity.” TechTarget. Accessed November 25, 2022. https://www.techtarget.com/searchsecurity/definition/identity-provider.

“Netscape.” n.d. Wikipedia. Accessed November 25, 2022. https://en.wikipedia.org/wiki/Netscape

“Who Made America? | Innovators | John Wanamaker.” n.d. PBS. Accessed November 25, 2022. https://www.pbs.org/wgbh/theymadeamerica/whomade
/wanamaker_hi.html.

"Cookie (School Project)" (https://skfb.ly/6toBB) by Ole Gunnar Isager is licensed under Creative Commons Attribution (http://creativecommons.org/licenses/by/4.0/).