Understanding Browser Cookies – Part 1

Browser cookiesAs a data analytics evangelist and advocate of learning about web and mobile properties by watching the fingerprints of those who use it, I’m always interested in helping people understand browser cookies and help dispel the fear and uncertainty surrounding their use.

What is a cookie?

Cookies are very small scripts that are placed on your browser (if allowed) that have the ability to do anything from:

  • keeping you logged in to a website as you navigate
  • acting as a beacon to track navigation between pages
  • watching you move from site to site
  • attempting to sell you on that tracked persuasion  (To name just a very few functions.)

With such varied functionality, it is difficult to apply a single hard and fast rule about whether to keep or remove cookies without knowing more about each one:

Is this cookie anonymous?

Almost all cookies use an anonymous identification number or token to assign to a given user’s browser.  That’s all that is needed as that element provides a unique identifier.

That said, as a common and completely legitimate way of doing business, it is normal on the web to offer something like a trial offer, or promotion, to engage a prospect.  When that prospect is interested enough to complete a registration form and (usually) confirm an email address, a different kind of cookie is usually set on that browser.

This cookie stores an ID number that is linked to a record in a sort of ‘database of prospects’ that holds the information about this particular user.  That record could be your first and last name, email, phone, city, state, etc. and this cookie watches as you visit the site – how frequently, what pages you are looking at, etc.

During this period it is assessing your interest level and if you are concentrating on a certain a product or service offered. The important thing to remember is that you are no longer anonymous to a company when you supply registration data.

Is this cookie a “Third Party Cookie”?

What the “Third Party” indicates is whether or not the cookie being set on your browser is coming from the same server as the website you are viewing or if it is from another website.

Ultimately this is probably originating from a server that is part of a network of sites.

Have you ever gone to say, the JC Penney site, and when you are done reading about your favorite shoes you look for recipes on what to cook tonight and BAM… like some sort of e-serendipity – there’s an advertisement for a JC Penney sale.  And those shoes are to die for!

That is how many advertising networks work, in conjunction with potentially millions of sites.  These are often called ‘web bugs’ or ‘bugs’ for the simple reason that they do follow you and target your interest based on the pages on their site that you have visited.

Some other functions they provide on behalf of the advertiser:

  1. Can serve up a sequence of banner advertisements (Placed in a given order)
  2. Estimate how many people have seen the advertisement, and calculate the response per visitor
  3. Limit the number of times each is shown, and on what properties for that user

The list goes on.

When does this cookie expire?

Earlier I mentioned a few different uses for a cookie and two examples I gave were keeping a user logged in, and watching them move between sites.

  1. Session Cookies – This cookie will expire either at the end of the current visit to the website, up to maybe 24 hours later.  Many times these are written to create a smoother web experience overall.  (Remember, without any type of recognition a website will forget who you are from one page to the next.  Cookies are the simplest, most ubiquitous technology used for this identification by web designers everywhere.)
  2. Persistent Cookies – The expiration of this cookie is set for a longer time period.  It might be used to track between websites on the network I mentioned in the JC Penney example, or to keep track of how many times you come back to that site (Are you a regular?) or even in the form that you filled out for the ‘non-anonymous’ cookie.

There is an ongoing debate, at times a fierce one, about how to handle the user’s intention.  There are several modifications to emerging technologies to guard users against activity that may compromise their privacy.

One of these has to do with a ‘Do Not Track’ option that is passed through every header call from a browser.  There are a multitude of problems with this, not the least of which is that it makes the broad assumption that users can’t make these decisions for themselves.  It also dangerously relies on the honor system for compliance by web site mangers.  (Which in my opinion, could lead to a false sense of security on the part of the user.)

To a large extent, the development of browsers further complicated this issue by burying these options deep in their “advanced” settings, thus adding to the FUD element and setting the technology back.

The lion’s share of cookies help deliver a better web experience with more targeted advertising.  That said, there are also reasons to be careful, as information that is gathered can be abused.  Look for more info on that in my next post on browser plugins and settings to best manage cookies.

Let us know what you think!