I don’t know about you, but after how much I ate this Sunday for Easter, I don’t want to hear the word ‘cookies’ for a long time. Imagine my dismay when I found out what our latest blog topic is?
Alright, who am I kidding– I love cookies. First party, third party, I’ll take them all. What am I talking about? Internet cookies, of course! Internet cookies, when loaded onto our browsers, are how ad networks track online browsing behavior to show us advertisements relevant to the things we’re interested in. For me, it’s how ad networks know to show me ads that are probably related to makeup, casserole dishes, and Beyoncé.
So how do they work, exactly? Every time your browser loads a page, a cookie, (a small text file), places its data in your HTTP header and informs the server if there is any customization currently in place. For web analytics, cookies often remember and record user interactions. When you visit a website, the web analytics sends two type of cookies: ‘session’ and ‘user’ cookies. Session cookies group the clicks of your web session, while ‘user’ cookies simply stay in your browser history for a specified time and track your browsing habits. These cookies help to provide information on your browsing behavior and the topics you’re interested in to show you content that is tailored to what you actually want to see.
These ‘user’ (also called ‘persistent’) cookies can stay in your browser for a long time. For example, the Google Analytics cookie (“_utma”) that determines new and returning visitors has an expiration time of 2 years. It stays on your browsers for the full specified time unless you either delete it, re-install your browser or clear your cookies.
You may have came across at least one website that asked for your consent to store or retrieve any information on your computer, smartphone or tablet. In fact, the new EU cookie law requires all websites owned in the EU or targeted towards EU citizens to do this to comply with the law.
This new government legislation has shaken online industries. This has led to browsers now trying to add additional features for user privacy, as well as twist the rules of handing out cookies.
Here is how some major browsers currently handle cookies:
Chrome: Currently allows all cookies.
Internet Explorer: Cookie permissions currently vary by P3P compact policy. In practice, almost all third-party tracking cookies are allowed.
Safari: Currently, first-party content has cookie permissions. Third-party content only has cookie permissions if the content already has at least one cookie set.
Firefox: Currently, if content has a first-party origin it has cookie permissions, but if content is from a third-party origin, then it only has cookie permissions if its origin already has at least one cookie set.
As third party cookie blocking is becoming universal, IAB General Counsel Mike Zaneis actually compared it to a nuclear strike against the online ad industry.
Firefox to block 3rd party cookies? http://t.co/lZiKawX2lc. This default setting would be a nuclear first strike against ad industry
— Mike Zaneis (@mikezaneis) February 23, 2013
So, what’s the difference between first-party and third-party cookies?
First party cookies are set using the domain of the website which users visit. Many websites use this kind of cookie for the user behavior data collection. For example, if somebody visits netelixir.wpengine.com, NetElixir creates a cookie using the domain ‘netelixir.com’ – which makes those cookies first party.
However, most of the online ad serving platforms, especially those using remarketing/ retargeting ads, don’t have a choice but to use third party cookies. For instance, DoubleClick cookies are associated with the doubleclick.net domain. Therefore, for a visitor on another website, it is seen as a third party cookie. Third party cookies are important because they can read and carry over browsing data. For example, when you visit site-A, then visit site-B or site-C, the third party cookie placed in your browser during your visit to site-A will still be able to show relevant ads on site-B or site-C. However, while they are helpful in delivering relevant ads, this also means that third party cookies can also be seen as a privacy concern.
Third party cookies being blocked completely is concern for all third party ad networks, DSP, SSP and retargeting players. However, the bigger players are already seeing it as an opportunity. The programmatic buying industry can start a certified ecosystem of major ad networks, and allow smaller third party players to piggyback on their user identification services. Google already sends unique user ids for every ad click, so in theory that ID can be shared in the future with affiliated partner ad networks.
As for what the future will hold for online cookies, we will have to wait and see how concerns over privacy play out. As for me, suddenly I need a snack.