Netscape instituted cookies as a means to help websites gather user
state information during a web visit. That’s because a web server,
unlike a business application such as a shopping cart, is not able to
recollect who a visitor is or what transactions took place.
A server simply sends out web pages when requested but does not
record any data on who requested the page, where it went or any
associated user behavior. So cookies were created to save this
information. Cookies are used to enhance the browser experience, improve
usability for customer interactions, increase purchase behavior and
improve commercial website performance.
Cookies are either 1st party or 3rd party, depending on the type of
website that sets them. A 1st party cookie is set by the site that the
user is visiting, e.g., a hypothetical website called MySite.com. A 3rd
party cookie is set by a third party site providing a service to the
main website, e.g., a web analytics vendor or an ad network.
A 1st party cookie can contain personal information such as user name
and a login ID, thus the user is automatically recognized when s/he
visits a site. If cookies did not store this data, websites would have
to request it every time the user returns to the site.
Third-party cookies are less valuable to the user. A web analytics
vendor cookie tracks a visitor’s path through MySite.com so it can
identify which pages work and which don’t, optimizing for better site
performance. The ad network cookies track user behavior across multiple
sites, helping them classify user behavior. This facilitates the
targeting of ads to user segments. For instance, frequent visitors of
sports sites are served sports relevant ads. While anonymous, this
multi-site aggregation of visitor information is what has caused a furor
in the ongoing privacy controversy.
Deleting 3rd Party Cookies: Browsers give users
various options for deleting cookies. This, and the proliferation of
anti-spyware, has resulted in the increasing deletion of 3rd party
cookies. Cookie rejection is also enabled by new software mechanisms
that block cookies from ever being set on users’ computers.
Jupiter Research estimates that 3rd party cookie deletion runs 39
percent per month. The cookie rejection rate rose to 12.4 percent in
April 2005 from 2.84 percent in January 2004. Naturally, this can
distort key metrics, artificially inflating unique visitor counts and
undercounting repeat visitors. Mass cookie deletion and rejection can
make it appear that a website’s new visitors are increasing while
returning visitors are decreasing, a change in visitor behavior that is
Solutions for the Cookie Dilemma: To counteract the
skew, client-side web analytics vendors have enabled their cookies to
be set by their client’s website, making them 1st party cookies, which
are less frequently deleted. While not preventing all inaccuracies
(users can still delete all cookies or use different computers), this
seems to be stemming the tide.
An alternate solution suggested by Jupiter Research is to use
Macromedia Flash Local Shared Objects (LSOs) as a cookie replacement or
backup. Similar to a cookie, an LSO is a text file that can be read only
by the website creating it. There’s an extra benefit to using LSOs –
browsers and anti-spyware programs can’t delete them, and most users
don’t know how. While this works for now, it won’t be long before
privacy advocates educate users on how to eliminate these as well.
The solution to the cookie dilemma may be in changing the
nomenclature to better describe cookies since some users see cookies as
adding to the browser experience while others see them as an invasion of
privacy. It’s easy to get confused between 1st Party and 3rd Party
cookies – like, which is helpful and which is of questionable value? In
the end, every user has to decide for him/herself whether or not to
delete cookies while weighing the pros and cons.