American in Spain

Cookies Are Not Evil

October 5, 2011

The Real Cookie Monster, by Jeremy HoffmanThere's been a bit of an online privacy storm lately over the fact that Facebook doesn't remove all the cookies from your browser when you log off. Every three or four months, there's a big "OMG!! Facebook is EVIL and breaching my privacy!" wave that runs over the online community before everyone forgets it and keeps using the service.

A cookie is a tidbit of information that a website gives your computer so that your computer can identify itself the next time it talks to the website. You see, the way web browsing works is that your computer (the client) requests a certain page from a certain computer (the server), and the server returns the page to the client. That's it. The connection is closed and there is no agreement that any more communication will take place. Each page request is discrete.

Cookie, AnyoneThis worked fine when the World Wide Web first began back in the 90s, when it was just pages of information linking to other pages of information, much like Wikipedia is now (but much uglier). But then people wanted to start making web pages do more than display a simple page of text. To make a web application, the web server must know who the client is from request to request. The only way to do this is for the web server to give the client a special "key", a unique number or series of characters, on the first request, so that the client can give the key back with the next request to identify itself.

Cookies are a bit like those membership cards that grocery stores give you. Your card has a unique number on it, so whenever you come back to the store, they can swipe the card and know that you are the same you that bought milk at the other franchise across town last week. That's all cookies do.

If You're Not Paying For It, You Are The Product

This business trick was probably originally conceived by the newspaper industry, but it was perfected by the radio and television industry. It really is a win-win-win situation for all three parties: the content producers, the advertisers, and the audience. The best internet example of using free products to get an audience to sell to advertisers has to be Google. They wrote the best search engine, the best online email platform, and the best online RSS reader...and they gave it all away for free. Why were they successful? Because people found their products useful and their ads non-intrusive. That's what's so great about this system: it uses the free market of internet users to reward excellence and punish mediocrity.

Facebook and You

Why track users?

I work at a company that makes e-commerce websites, and we use cookies to track users for a variety of reasons. The primary reason is to remember where visitors that buy products came from, in other words, how they heard about us, or what they clicked on to get to us. Most visitors find us by doing an internet search on a certain type of product they are interested in buying. Why do we want to know this? Well, it helps us better target our advertising, i.e. not waste money on advertising that does not work. If we spend money on ads with the words "jet powered tricycles" and no one makes a purchase after searching for that phrase, then we can stop marketing that phrase. If, however, we sell lots of products to people searching for "speedy trikes", then we know to focus on those words.

It's not "tracking" in the sense of a private detective who knows where you were and who you were with last night. It's just anonymous "79 people saw ad X, 32 of them clicked on it, and 2 placed an order" kind of data. The corporations don't care who you are; they just want you to give them your money.

Where can you be tracked?

Assuming you haven't installed some sort of browser plugin by an advertising agency, a website can only track you when your computer is making requests to that company's servers. So why are everyone's panties in a bunch about Facebook? In making such an excellent sharing platform, Facebook has also created an incentive for me, as a content provider, to make it as easy for visitors to share my content as possible, such as placing a Facebook "like" button right on my website. And what does the "like" button do? It makes your computer contact Facebook's servers every time you view a page on my website, thereby enabling them to – dum! dum! DUM!! – know you are visiting my website!

Bloodhound TrackingSo what can you do about it? Well, there are several browser features and plugins that allow control over "third party cookies" (cookies not coming from or being read by the website you are actually on). There are many, but one that I've recently discovered and like is Ghostery. It gives fine control over which tracking services you will allow to track you and which not. Why would you want to allow some services? Mainly so that the social sharing buttons – which are useful sometimes – will actually work.

The other option is to use a "private browsing" feature of your web browser to open up an anonymous browser window. Safari, Firefox and Chrome will all do this. Of course then you'll be logged out of all internet services and you won't have any of the benefits that cookies have been providing you. Go try out private browsing mode and notice how the internet works differently, and you'll understand what cookies help do.

Targeted Ads

As I mentioned earlier, Facebook is an expert in targeting ads. But here's an offline example to compare online ad targeting to.

Today in the mail, we received a coupon for some wet wipes designed for kids learning to use the toilet and wipe themselves. As far as targeted marketing goes, that was a hit right on the bullseye! The advertising agency probably got our address because my wife signed up for a store membership card when we bought a changing table almost three years ago. Has my privacy been breached? Hardly.

All Facebook or Google might learn from you visiting this page is that perhaps you like Spain, and they can infer to offer you some all inclusive deals for a Spanish vacation or something. Not such a bad thing.


Yes, companies like Google and Facebook can track you in the same way that a credit card or a store membership card can track you. If you're an undercover spy or terrorist or something, then you probably already know not to use any of these internet services with your real name anyway. If you're planning on murdering your spouse with cyanide, then you might want to consider taking some steps to protect your anonymity before Googling how to get your hands on the stuff. But for the rest of us, the tracking that cookies provide is actually a good thing, in that it tailors ads to stuff you might actually be interested in. I don't need to see ads for rifle scopes or parakeet cages because I'm never going to buy one. Why not choose see stuff you are interested in?

I'm aware that the "privacy doesn't matter if you have nothing to hide" argument is totally vacuous, but I don't think a hardline stance against all cookies and social networking is a reasonable extreme, either.