|I've always been puzzled by the divergent attitudes of anti-spyware programs towards advertising cookies. Some anti-spyware programs take their criticism to the extreme, with terms like "spy cookies" and serious overstatements of the alleged harm from cookies. Others ignore cookies altogether. In between are some interesting alternatives -- like ignoring cookies by default (but with optional detection), giving users an easy way to hide cookie detections, and flagging cookies as "low risk" detections.|
I understand why some users are concerned about cookies. It's odd and, at first, surprising that "just" visiting a web site can deposit files on a user's hard disk. Cookies are often hard or impossible to read by hand, and ad networks' cookies offer user no direct benefit.
Unrequested arrival, no benefit to users -- sounds a lot like spyware? So say some, including the distinguished Walt Mossberg. But that's actually not my view. Unlike the spyware I focus on, cookies don't interrupt users with extra ads, don't slow users' PCs, can't crash, and require only trivial bandwidth, memory, and CPU time.
Cookies do have some privacy consequences -- especially when they integrate users' behavior on multiple sites. But such tracking only occurs to the extent that the respective sites allow it -- an important check on the scope of such practices. That's not to say shared cookies can't be objectionable, but to my eye these concerns are small compared with more pressing threats to online privacy (like search engine data retention). Plus, ad networks usually address privacy worries through privacy policies limiting how users' data may be used.
All in all, I don't think cookies raise many serious concern for typical users. Still, I know and respect others who hold contrary views. It seems reasonable people can disagree on this issue, especially on the harder cases posed by certain shared cookies.
|By default, anti-spyware programs from the two largest security vendors (Symantec and McAfee) do not detect cookies, and neither does anti-spyware software from Microsoft. Other vendors all detect at least some cookies -- but with substantially fewer detections by Spybot than by others."|
|Why the Fuss?|
Advertisers' and Ad Networks' Perspective
|Alternatives to Network Cookies |
Ad-network cookies are not the only means of tracking user activities. Many advertising systems could accomplish their objectives without using network cookies, i.e. by using URL parameters to tell a merchant where its traffic is coming from. Having received origin information as a URL parameter, a merchant could set its own cookie to store the origin of a given user.