.jpg)
Understanding Cookies
Speak to a Web Analytics Expert Today!.jpg)
WebSight Newsletter.jpg)
Newsletter Archives
WebSight NewsletterNewsletter ArchivesIn this issue:
- Temporary Versus Persistent
- Limitations/Confidentiality
- First-Party vs. Third-Party Cookies
- The Cookie Debate
- Conclusion
Cookies are a popular topic currently in web analytics. Using cookies enables a web analytics program to collect rich data on the navigation of a website; however, cookies seem to be a bit of a confusing topic for those who are not immersed in the technical side of web analytics daily. There are different types of cookies as well as different ways to deliver cookies and the terminology can be confusing. In addition, the press has recently been negative on cookies implying infringement on confidentiality of users. In an attempt to help dispel some of the confusion, we have taken this month's newsletter to define the relevant terms as well as explain some of the intricacies of cookie-based identification.
A cookie is a small amount of text data given to a web browser by a web server. The data is then stored on the visitor's hard drive and returned to the specific web server each time the browser requests a page from that server. The main purpose of cookies is to assign a unique identifier to each visitor to a specific website, which allows that website to track that visitor as they navigate through that site. The name cookie is derived from UNIX objects called magic cookies. These are tokens that are attached to a user or program and change depending on the areas entered by the user or program.
Temporary Versus Persistent
Cookies can be either temporary or persistent. A temporary cookie, commonly referred to as a session cookie, is stored only as long as the user is actively using the website. Once the browser is closed or the session is expired the cookie is deleted from the local hard drive. In contrast, a persistent cookie is stored on the user's hard drive even after the browser is closed. If the user returns to the website in the following days, the server would recognize the cookie and be able to combine the data from the previous visit with the data from the current visit.
Limitations/Confidentiality
Cookies are truly an important tool. Cookies allow users to conveniently store passwords and other information. They also allow companies to understand the navigation of their site in order to improve the site to meet users' needs. However, in the effort to dispel confidentiality fears, it is important to note what cookies cannot do.
- Cookies cannot execute programs on a users' computer.
- Cookies cannot collect confidential personal information such as name, phone number, email address, or gender unless the user specifically shares this information with the website. For example, a user might share personal information with a website by filling out a form or by actually making a purchase. The website could then store this information in the cookie and retrieve it should the user return on a later date.
First-Party vs. Third-Party Cookies
Cookies can be delivered to the user's local hard drive by the actual website being navigated (first-party) or another website (third-party). The distinction is important in that browsers default values and spyware tend to handle the cookies differently. Microsoft defines first and third-party cookies as:
- A first-party cookie either originates on or is sent to the website the user is currently viewing. These cookies are commonly used to store information, such as that user's preferences when visiting that site.
- A third-party cookie either originates on or is sent to a website other than the one the user is currently viewing. When a website has advertising that is served by a third-party ad server, or when a website is using a third-party survey or promotional tool provided by an application service provider (ASP), those sites commonly serve cookies along with their ad, survey or promotion. A common use for this type of cookie is to track web page usage for advertising or other marketing purposes. Third-party cookies can either be persistent or temporary.
The Cookie Debate
Any discussion of cookies would be remiss without a note on the current "cookie debate". Web analytics vendors commonly use first and/or third- party cookies for tracking activity on websites.
Over the past few years, internet users have become increasingly concerned about confidentiality, identity fraud and other security issues. As a result, anti-spyware was created in an attempt to protect users from unwanted programs, as well as information theft.
It is the perception of the anti-spyware industry that third-party cookies are potentially more intrusive than first-party cookies. The fear is that the information stored in a third-party cookie could be passed to sites other than the one the user had been navigating at the time the cookie was initially put on the hard drive. That having been said, it is not uncommon for anti-spyware and/or browsers to recommend that users block third-party cookies but allow first-party cookies.
As an example, our client, Designer Linens Outlet, moved from third party cookies to first party cookies. In doing so, they experienced a reduction in rejected cookies from almost 18% of total visitors to less than 0.5%. As a net result, this has allowed Designer Linens to significantly increase the accuracy of the latent effects of their marketing campaigns. For more information on this, click here.
Over the past few years, internet users have become increasingly concerned about confidentiality, identity fraud and other security issues. As a result, anti-spyware was created in an attempt to protect users from unwanted programs, as well as information theft.
It is the perception of the anti-spyware industry that third-party cookies are potentially more intrusive than first-party cookies. The fear is that the information stored in a third-party cookie could be passed to sites other than the one the user had been navigating at the time the cookie was initially put on the hard drive. That having been said, it is not uncommon for anti-spyware and/or browsers to recommend that users block third-party cookies but allow first-party cookies.
As an example, our client, Designer Linens Outlet, moved from third party cookies to first party cookies. In doing so, they experienced a reduction in rejected cookies from almost 18% of total visitors to less than 0.5%. As a net result, this has allowed Designer Linens to significantly increase the accuracy of the latent effects of their marketing campaigns. For more information on this, click here.
Conclusion
Jupiter Media released a report in March 2005 that indicated that 39 percent of web users acknowledged deleting cookies at least once a month. While this research is interesting, it continues to be industry best practice to use cookies as a means to improve analytics data.*
Cookies do indeed have weaknesses and inaccuracies. Even first-party cookies can be blocked and/or deleted. However, despite these problems, cookies enable analytics programs to collect invaluable, rich information and should be used. The problems of the cookies should obviously be taken into consideration when analyzing the data and as already mentioned third-party cookies should be avoided in favor of first-party cookies.
* Although the focus of this newsletter is cookies, authenticated usernames (the use of a login name and password), is a superior method of visitor identification if it is possible and practical. Just as with cookies, authenticated usernames allow the analytics program to compile multiple visits by the same visitor; however, it also allows a site to track visitors from multiple browser and or computers and does not suffer from the same issues relating to cookie deletion or blocking. Although this methodology is preferred to cookies as a visitor identification method, it is often impractical for sites to implement a security model that requires a login. Even in cases where authenticated usernames are available, it is common for sites to offer both logged in and non-logged in sections of the site. In this case, a combination of user identifications methodologies would be the best practice.
Cookies do indeed have weaknesses and inaccuracies. Even first-party cookies can be blocked and/or deleted. However, despite these problems, cookies enable analytics programs to collect invaluable, rich information and should be used. The problems of the cookies should obviously be taken into consideration when analyzing the data and as already mentioned third-party cookies should be avoided in favor of first-party cookies.
* Although the focus of this newsletter is cookies, authenticated usernames (the use of a login name and password), is a superior method of visitor identification if it is possible and practical. Just as with cookies, authenticated usernames allow the analytics program to compile multiple visits by the same visitor; however, it also allows a site to track visitors from multiple browser and or computers and does not suffer from the same issues relating to cookie deletion or blocking. Although this methodology is preferred to cookies as a visitor identification method, it is often impractical for sites to implement a security model that requires a login. Even in cases where authenticated usernames are available, it is common for sites to offer both logged in and non-logged in sections of the site. In this case, a combination of user identifications methodologies would be the best practice.
.jpg)
Josh Manion Chief Executive Officer
Stratigent, LLC
For more information please call 877-427-2900 or email info@stratigent.com.