Notice: This blog is no longer updated. You may find a broken link or two

You can follow my new adventures @mikeonwine


Back in March I wrote a post titled “Battle over the Cookie. I’m going to quote myself real quick — (I know, kind of tacky)

So why the title “Battle over the Cookie”? Well, people are starting to catch on that if they own the cookie, they own the market. Think about it, if one exchange succeeds in capturing a massive percentage of the market, the barriers to entry will be practically insurmountable. What value is your exchange if you can’t provide services like global frequency caps, cross publisher behavioral targeting, etc. etc.

So who’s fighting? Well, my employer (Right Media) for one. Doubleclick is said to be launching a marketplace, AdECN is another. I’d expect others to start soon — as long as someone hasn’t won, there’s still a chance.

Well, as we all know, Right Media has been bought by Yahoo (if you hadn’t heard yet, the deal closed today), Google is buying DoubleClick, etc. etc. etc. So how are these developments changing the battle over the cookie?

There won’t be a single cookie

That’s right. It ain’t happening. At the minimum there are going to be three different marketplaces, three different adservers and hence three different cookie domains. Think about it — Google/Yahoo/Microsoft are arch-rivals and even though some may build more open solutions than others they are most definitely not going to be fully integrated, and they most definitely won’t be sharing a single cookie space. Add on to that the remaining independent adservers (e.g. AdECN, Zedo, OpenAds) and I don’t see any way in which there will be one unified marketplace.

To be honest, this saddens me quite a bit. One single marketplace would have been extremely beneficial to both publishers and advertisers, but of course there are simply too many people fighting to control the means by which ads are transacted. Ok, so now what?

What’s next?

To be honest — it’s too soon to really tell how this new battle is going to unfold. I don’t think it’s very clear what Microsoft, Yahoo or Google (how about we call them MYG) are going to be doing with their new acquisitions. One thing is clear, it’s going to be difficult to get access to inventory without working with MYG. Advertisers should benefit from consolidated buying. I imagine that networks not working with MYG will find it difficult to survive without a really compelling story and publishers should benefit from increases in both innovation and competition.

In the next couple posts I will be digging into how companies should prepare for this new online advertising landscape — How will ad-networks continue to grow over the next couple years? How can large publishers increase rates by leveraging the new marketplaces? How will behavior work without a single cookie? CAN behavior work cross-platform?

Battle over the Cookie

March 5th, 2007

The latest craze in online advertising nowadays seems that everyone wants to build an ‘exchange’ or a ‘marketplace’. Sure, there are certain efficiencies that a marketplace provides, but in all honesty, it’s all about the cookie.

You see, there’s no need for more marketplaces, there are plenty of them — Adsense,, Tribal Fusion, and any other ‘ad-network’ that you can think of. The problem with each of them is that they are ‘closed’ marketplaces. Not just from a ‘business’ perspective, but from a technology perspective as well. Sure, anybody with credit and a legitimate offer can buy from any ad-network, but lets say you want to buy based on your own data. It’s simply not technically possible to do that today. Well, sorry, it is technically possible, just a royal pain in the a$$ if you do.

Lets say you’re a marketer and you have some information about a set of online visitors that is extremely valueable. E.g., lets say you know for a fact that they want to buy a car because they took part in one of your promotions. Now, first off, lets just assume that every network has behavioral capabilities (which they don’t). If you wanted to buy your users when they hit inventory that’s available on one of the many marketplaces (networks) out there, you would have to pass that data into your users’s cookie for each marketplace’s cookie. You see, when you come to this site, you get a cookie from I can write whatever I want into that cookie. I can’t see any of your others cookies nor can anybody see my cookie when you go to other sites. So, how do you get data into each Marketplace’s cookie? Sadly, this is not something you can “push out” to the user, you can only set or change cookie information when a user comes to you. E.g., if after-the-fact you decide you want to work with Marketplace D when you’re already working with A,B & C, then the only way in which you can tell put your data into Marketplace D’s cookie is when the user comes BACK to your site!

So how do you actually set information in another person’s domain if you can only access information in your own cookie space? Rather simple actually, anywhere on your page you include a link to a tiny 1×1 gif image to the 3rd parties server with some information attached to it. For example, you could put: would then interpret that as “marketer1″ just told me that this user “likescars”, let me store that in my cookie. Can you imagine putting 20 pixels on your promotion page just to gather data? Well, that sounds like a pain doesn’t it? Well it is — and hence, most people don’t do it. So, you say, I hear there are these new ‘exchanges’ out there (e.g. Right Media has one, DoubleClick is building one, and several others are trying). Well, what really defines an exchange? It’s a platform that lets buyers, sellers and brokers all work together using the same system. And what is the only way that will work in online advertising — a single cookie domain.

If all the mini-marketplaces out there worked on the same platform, then our marketer earlier wouldn’t have much of an issue reaching his audience. He would simply put his data into the exchange cookie and then buy from whichever sellers on the exchange have ads to show to his users. It’s not just behavioral targeting that benefits from an exchange, many other factors as well.

Lets say a second marketer wants to reach as many unique users as possible with his new ad campaign. So, he goes out to all the major ad networks and places a buy with the top 10 networks and portals and informs each of them that they are only to show each user his ads once and only once. Well, ignoring the fact that some people clear cookies and hence they lose the ‘frequency cookie’, how many different ad networks serve you ads on a given day? If you go to one site, they might be working with, another with Tribal Fusion, etc. etc.. Well, if this marketer is paying big bucks, each network will choose to show you this ad, but only once of course! The problem is, none of these mini marketplaces knows about the other, so nobody will know if you first saw the ad on the NY-Times from when you show up on Yahoo. The end result, you might actually end up seeing the same ad many times! Guess what — a unified cookie solves that problem!

So why the title “Battle over the Cookie”? Well, people are starting to catch on that if they own the cookie, they own the market. Think about it, if one exchange succeeds in capturing a massive percentage of the market, the barriers to entry will be practically insurmountable. What value is your exchange if you can’t provide services like global frequency caps, cross publisher behavioral targeting, etc. etc.

So who’s fighting? Well, my employer (Right Media) for one. Doubleclick is said to be launching a marketplace, AdECN is another. I’d expect others to start soon — as long as someone hasn’t won, there’s still a chance.

Doesn’t it sound scary that an entire industry is so dependent on a little piece of data that many users hate? How many spyware-detection programs flag cookies as ‘desktop software’? Well, in case it hasn’t gotten to you, it’s terrifying and the industry is scared. If Congress were to pass a law that said 3rd party cookies are illegal, what would we do? There are some interesting technology solutions out there that claim they can identify you by your computer ‘fingerprint’ that might be able to help, but in the near-term, the industry would be screwed.

So kids… hate online advertising? Clear your cookies. Like the websites you vist? Keep ‘em =).

How do behavioral networks work?

February 28th, 2007

I really wanted to write a post about the difficulties in monetizing small websites but I realized to best have that discussion I would have to explain behavioral networks first! So, here goes.

A few months ago I was trying to explain to my girlfriend how advertising works. After a couple discussions she said a rather interesting thing — “How come the travel industry seems to be the biggest advertiser out there? All I see are travel ads, no matter where I go!”. Well, turns out my girlfriend is a travel fanatic and it’s behavioral networks that have picked up on the fact and no matter what the content of the site she’s visiting they manage to find a relevant travel related ad to show her. Try it, go to and click through to a couple articles. Then go to a random section of the site, say ‘health’, and chances are you’ll see a travel ad! (see screenshot below) Sounds like voodoo or big brother right? Wrong!

NYT Travel Behavioral
Second behavioral ad on the new york times.

And peeking into my cookies, indeed there is some travel related fun in there (hard to tell what all means, since most cookies are encrypted):

NYTimes Cookie Data

There are many different behavioral players out there in the world each with varied success. Perhaps the most successful behavioral company on the internet is this small company based out of California called Yahoo. There are also a couple ad-networks that dabble in this space, one of the most popular is Tribal Fusion. Each approaches the challenges in a different way, but the core of how it works is the same for all.

So how does it work? It’s actually an amazingly simple concept. Lets say we have four websites:


I am a user, and I visit each of these websites. Each of these websites also works with a brand new (not real of course) behavioral network called “BigBrother2.0″. On every page of these sites there is a little thing known as an ad tag that points to BigBrother’s adserver and requests an ad. Just for fun, lets assume that gizmodo also know your age & gender and passes that information to BigBrother. So you visit the first page, and an adrequest goes to BigBrother as follows:

When your browser requests the URL above, the following sequence of events happens:

  1. Browser Requests content from
  2. Server requests cookies (if any)
  3. Browser sends over cookies
  4. Server does some crunching, picks and ad
  5. Server returns new cookie data & url to get get ad
  6. Browser shows ad

Now the magic here is in the cookies. Even though you are visiting the site, the cookie is under the domain ‘’. In step 5 where the server returns new cookie data, they’ll put in there when you last visited and how many times you’ve been there today.

Now lets say I spend the morning checking out my tech-news, all the while receiving ads from Each page I view gives them a little bit more information about me, and even though I’m on three separate sites, because the cookie spans all three they get a holistic view of what I”m doing.

So now I go to This is a big site. Normally it’d be difficult to pick a good ad to show you. You’re one of the 18 billion myspace users and all you really do is upload photos and post silly comments about your friends on their blogs. BUT, when Myspace decides to let BigBrother2.0 show an ad something interesting happens. Lets walk through the steps of this new ad call in more detail:
  1. Browser Requests content from
  2. Server requests cookies (if any)
  3. Browser sends over cookies
    1. Cookie contains your age & gender (25 & male) (encrypted)
    2. Cookie shows you visited 12 times this morning
    3. Cookie shows you visited 3 times this morning
    4. Cookie shows you visited once this morning
  4. Server does some crunching, picks and ad
    1. Server plugs user data (25, male, 16 visits to tech sites) into a ‘profile engine’
    2. Profile engine spits back ‘categories’, lets say ‘male, technology’
    3. Server looks for ad campaigns targeted to ‘male & technology’
    4. Server picks highest paying ‘male & technology’ targeted campaign
  5. Server returns new cookie data & url to get get ad
  6. Browser shows ad

Instead of showing you a random ‘punch-the-monkey’ ad, BigBrother is able to show you a highly relevant and targeted advertisement that you are far more likely to click on. The end result? Better ads for you and more money for the websites that you visit.

You can see from the above that building a behavioral adserver really isn’t the most difficult thing in the world. All you need to do is track history & have some sort of ‘mapping engine’ that says that is a tech site. The real challenge for behavioral companies is the classic chicken & egg problem. Without a rich user-base, the ad-network won’t be able to sell deals. Without deals the network won’t be able to convince publishers to put their tags on pages. This makes it very difficult for new behavioral players to enter the marketplace, although emerging marketplaces such as the RMX will make it easier in the future.

So what’s my opinion on all this? As long as the data that is being stored is encrypted and no Personally Identifiable Information (PII) is stored I’m all for behavioral targeting. As I mentioned before, the more relevant the ad is to my interests, the more pleasant my browsing experience is going to be.

So, time and time again you see people rant and rave about how your privacy is being seriously compromised by the use of cookies. I must say, if you just read around on google, advertiser cookies are one of the most misunderstood beasts out there. Nowadays, practically every spyware removal program flags advertiser cookies as ‘SPYWARE/ADWARE’. Try it, google up tribalfusion cookie, or yieldmanager cookie, etc. etc.

Take this SpywareNuker page:

Some of the components are listed below. The list is compiled as a reference. The list might not be complete and it doesn’t represent instructions for manual removal. We DO NOT recommend manual removal. Incorrect removal of certain software might make your computer unstable or even unusable.
Removal of adware component might affect the related ad-supported software.

Sorry to say, but this is total bullshit.’s cookie doesn’t infect a thing and can be removed easily and safely by yourself. So what are adserver cookies and what’s stored in them? The most basic information that most adserver will want to know is:

  • which ads you’ve seen, and how many times you’ve seen them
  • which ads you’ve clicked on
  • which ads you’ve converted on

Yes — that’s right, adservers know when you buy things after clicking on an ad — but that’s another post. Now more advanced behavioral companies will also want to track which sites you’ve been to and what behaviors (or segments) you belong to. Allowing adservers to track you using cookies means you won’t repeatedly see the same ad, and you should see more relevant ads to your interests as you continue your path along the internet.

So how do companies store this information? There are two ways — client-side or server-side. Client-side involves storing all the information about you in your cookie whereas server-side the cookie simply stores an ID and all information about you is stored on some database somewhere. Doubleclick as seen in the below screenshot seems to have gone the server-side route and simply stores my “id” which maps to some data they have on me in their databases. The server-side route is great if the advertiser wants to store a lot of data since there are size limiations on cookies and you don’t necessarily want to transfer 10kb back and forth on every ad call. It’s not so great as it requires some serious database infrastructure to handle 10-100k read/writes per second to a single database.

Doubleclick Cookie

Burst seems to have gone the client-side route and stores all ads I’ve seen from them directly in my cookie files. It’s actually interesting to note that the cookie data from Burst is not-encrypted (big nono!).

Burst Cookie Files

Ok, so what does this all mean for the end-user? Well, indeed, there are companies out there that are tracking most of everything that you do online. Ad companies like Tribal Fusion know what you’re interested in and what you like to browse for. Hell, if Google succeeds in pushing Checkout to the world they’ll know everything you’ve bought, how much you paid for it and much more! All in all this sounds scary but it really shouldn’t be. Why?

First off, none of the information _should_ be personally identifiable. Cookies are tied to your computer, not your name. So if you switch machines often, or clear your cookies, all history is immediately erased. Now, some argue that if your browsing history is stored it should be possible to figure out exactly who you are. Lets be honest, why go through all the trouble if there are much easier ways of figuring out what you’re doing online? If you’re worried, go download an anonymous browsing tool (there are plenty), or visit the little known-of ‘opt-out’ pages that almost all online advertising companies have. Some examples: Opt-out, Yieldmanager Opt-out, Doubleclick Opt-out. If you do go the opt-out route, don’t clear your cookies because that’s the only way they’ll know you don’t want them to track you!

So whichever route you take, don’t forget that the websites you visit can provide you with free content because of the money they receive from advertisers. Cookies are one tool that advertisers use to help track revenue and regularly clearing them can cost your favorite sites money. My personal choice? I clear my cookies every month or so but am perfectly happy to let companies track my behavior to show me more relevant ads. Hell, I’d much rather look at an ad for some new tech gadget than ‘punch the monkey’!