Notice: This blog is no longer updated. You may find a broken link or two

You can follow my new adventures @mikeonwine

What’s really in my cookie cache?

February 27th, 2007

So, time and time again you see people rant and rave about how your privacy is being seriously compromised by the use of cookies. I must say, if you just read around on google, advertiser cookies are one of the most misunderstood beasts out there. Nowadays, practically every spyware removal program flags advertiser cookies as ‘SPYWARE/ADWARE’. Try it, google up tribalfusion cookie, or yieldmanager cookie, etc. etc.

Take this SpywareNuker page:

Some of the Cookie.Advertising.com components are listed below. The list is compiled as a reference. The list might not be complete and it doesn’t represent instructions for manual removal. We DO NOT recommend manual removal. Incorrect removal of certain software might make your computer unstable or even unusable.
Removal of adware component might affect the related ad-supported software.

Sorry to say, but this is total bullshit. Ad.com’s cookie doesn’t infect a thing and can be removed easily and safely by yourself. So what are adserver cookies and what’s stored in them? The most basic information that most adserver will want to know is:

  • which ads you’ve seen, and how many times you’ve seen them
  • which ads you’ve clicked on
  • which ads you’ve converted on

Yes — that’s right, adservers know when you buy things after clicking on an ad — but that’s another post. Now more advanced behavioral companies will also want to track which sites you’ve been to and what behaviors (or segments) you belong to. Allowing adservers to track you using cookies means you won’t repeatedly see the same ad, and you should see more relevant ads to your interests as you continue your path along the internet.

So how do companies store this information? There are two ways — client-side or server-side. Client-side involves storing all the information about you in your cookie whereas server-side the cookie simply stores an ID and all information about you is stored on some database somewhere. Doubleclick as seen in the below screenshot seems to have gone the server-side route and simply stores my “id” which maps to some data they have on me in their databases. The server-side route is great if the advertiser wants to store a lot of data since there are size limiations on cookies and you don’t necessarily want to transfer 10kb back and forth on every ad call. It’s not so great as it requires some serious database infrastructure to handle 10-100k read/writes per second to a single database.

Doubleclick Cookie

Burst seems to have gone the client-side route and stores all ads I’ve seen from them directly in my cookie files. It’s actually interesting to note that the cookie data from Burst is not-encrypted (big nono!).

Burst Cookie Files

Ok, so what does this all mean for the end-user? Well, indeed, there are companies out there that are tracking most of everything that you do online. Ad companies like Tribal Fusion know what you’re interested in and what you like to browse for. Hell, if Google succeeds in pushing Checkout to the world they’ll know everything you’ve bought, how much you paid for it and much more! All in all this sounds scary but it really shouldn’t be. Why?

First off, none of the information _should_ be personally identifiable. Cookies are tied to your computer, not your name. So if you switch machines often, or clear your cookies, all history is immediately erased. Now, some argue that if your browsing history is stored it should be possible to figure out exactly who you are. Lets be honest, why go through all the trouble if there are much easier ways of figuring out what you’re doing online? If you’re worried, go download an anonymous browsing tool (there are plenty), or visit the little known-of ‘opt-out’ pages that almost all online advertising companies have. Some examples: Advertising.com Opt-out, Yieldmanager Opt-out, Doubleclick Opt-out. If you do go the opt-out route, don’t clear your cookies because that’s the only way they’ll know you don’t want them to track you!

So whichever route you take, don’t forget that the websites you visit can provide you with free content because of the money they receive from advertisers. Cookies are one tool that advertisers use to help track revenue and regularly clearing them can cost your favorite sites money. My personal choice? I clear my cookies every month or so but am perfectly happy to let companies track my behavior to show me more relevant ads. Hell, I’d much rather look at an ad for some new tech gadget than ‘punch the monkey’!

Related Posts:


Digg this story Posted by Mike Filed in adserver, burst, cookie, doubleclick, online advertising, privacy, tribal fusion, yieldmanager
9 Comments »

  • http://www.conversionrater.com/index.php/2007/02/27/learn-about-your-ad-cookies/ Learn About Your Ad Cookies » Conversion Rater – web analytics, online advertising, and website publishing.

    [...] It looks like Mike is aiming to uncover mysteries and dispel some of the common myths about things in the ad business, and his first major post is a good one that teaches people about what’s in an advertising cookie. [...]

  • http://blog.immeria.net S.Hamel

    Good post Mike, and it’s amazing how people are still uneducated about cookies, ad networks and web analytics. There is no evil (sadly, to be honest, we’ve seen some companies abuse the technology).

    If that might be of any help to your readers, I’ve been working on a Firefox extension called WASP (for Web Analytics Solution Profiler) that shows information about various ad networks and web analytics solution. It shows cookies and information being passed trough the URL in order to track user behavior.

    I’m making this tool for two primary reasons: 1) help practitioners improve their tagging 2) show the casual surfer that web analytics (or ad networks) isn’t doing anything wrong!

    S.Hamel
    http://blog.immeria.net

  • Mike

    Hamel,

    Looking forward to that extension! Currently I’m stuck with Tamper Data (great extension btw), but it’d be awesome to have a tool specifically designed towards analyzing & tracking advertisements.

    Let me know if you need anyone to test it out as I’ve spent many many hours tracking down ads & making sure things are working correctly!

    -Mike

  • http://www.pcdoctorsgroup.com/blog/2007/03/03/what%e2%80%99s-really-in-my-cookie-cache/ PCdoctors provide on-site spyware removal. » Blog Archive » What’s really in my cookie cache?

    [...] click here for article [...]

  • http://localhost dich

    your perspective on the ads seems very strange/scary to me. so a company gathers data about my surfing habits and whatever actions i do, and what do _I_ get in return? Longer load times, ugly flash clips, and bloody kilobytes of useless javascripts in every page. So i take a proactive approach to this, every time i see an ad, and its not too often, i see where it comes from and add a an entry to my hosts file, effectively routing that adress to localhost. I also enjoy editing my cookies, and changing number variables to letter variables in them and vice versa :)

    The so called ad business is only a good thing for all the people making money off it, and consumers, not people who actually use internet to get information they need. As i see it, if you want to advertise useless consumerist garbage in hope someone with more money then braincells buys it, make a website exclusively for that. Oh, noone would visit such a website, so we put ads on every other page… get a clue!

  • http://www.mikeonads.com/2007/08/19/gaining-consumer-trust-for-ads/ Mike On Ads » Blog Archive » Gaining consumer trust for ads

    [...] the most interactive form of advertising has the worst reputation of all. Take this comment on my post about cookies: your perspective on the ads seems very strange/scary to me. so a company gathers data about my [...]

  • http://imagesmut.com/ Webmaster Mikey

    Thanks for the article!
    People really need to understand that cookies are no big deal. The other day while in the coffee shop, I overheard some woman talking to tech support asking how she could better protect herself because tons of spyware kept infecting her computer. After she got off the phone, I asked her about it.

    The vast majority of the spyware her checker was finding were harmless browser cookies. Incredible that they would be flagged as such, and really shameful of software development houses to spread such FUD to sell their wares.

    My recommendation – don’t worry about the cookies. Once a month or so simply clean them out if you want to. Reject the domains (ie 2o7.com) that have a habit of sending large numbers of cookies.

    The real issue is malicious client-side scripts – so run the FireFox NoScript extension, and surf happy.

  • Blargh23

    I find a router blacklist a much more effective way of “opting out.”

  • http://www.zip-repair.org/ Repair ZIP Software

    Thanks for sharing with us.