Crumbling

Online retailers have long relied on cookies to give them insight into their customers’ wants and needs. Those small pieces of software downloaded onto consumers’ computers enable e-merchants to track how often customers visit their sites, what they do on the sites and what they do before and after visiting.

But cookies’ value as a measuring tool is diminishing. Recent studies show that a large number of consumers, spurred on by privacy concerns, are deleting cookies at an alarming rate—some as often as daily, according to one study. If the trend continues, the results could be devastating for online retailers and advertisers, observers say.

The enabling technology

“Cookies in large part are the enabling technology that ties what people are looking at, how they’re browsing through merchandise, to the actual purchases and the lifetime value of customers,” says Eric T. Peterson, analyst at Jupiter Research. “There are lots of things that cookies are used for, all of which essentially are at risk.”

Until now, cookies have been low on most e-retailers’ radar screens. But a cookie uproar erupted in March, when Jupiter Research released a report showing that as many as 39% of online users could be deleting cookies at least monthly. 17% deleted cookies weekly; 12%, monthly; and 10%, daily. Based on that data, Jupiter concluded that cookie deletion is crippling sites’ ability to track users and make critical marketing measurements such as the number of returning visitors and how many times the average shopper visits before making a purchase.

Hard on the heels of the Jupiter report was a May report from WebTrends Inc. that found the average third-party cookie rejection rate increased more than four-fold, from 2.84% of visitors in January 2004 to 12.4% in April 2005. WebTrends’ analysis of 5 billion visitor sessions found that on average, 12% of Internet user traffic blocked or rejected third-party cookies. Retailers experienced a cookie-rejection rate of 16.9%, higher than the other 11 online industries.

Most observers attribute the cookie-deletion problem to the proliferation of anti-spyware technology and upgrades to Microsoft’s Internet Explorer, both of which remove unsolicited software from computers. But consumer attitudes, stemming in part from publicity about spyware and identity theft, may play a larger role.

Privacy concerns

Concerns about privacy are a leading reason for consumers to delete cookies, according to a study released in June by Burst Media. The study found that 38.4% of those surveyed delete Internet cookies once a month.

When asked by Burst Media, an Internet ad services and online ad sales rep company, why they delete cookies, 44.9% of consumers surveyed said they remove all unsolicited downloads and 44.6% said they don’t want their web-surfing activities monitored.

Consumers also said they delete cookies because they don’t feel personal information is safe when cookies are on their computers (34.6%), because their spyware program suggested they should (31.6%), and because they don’t want anyone to know when they’re on a web site (22.1%).

Jupiter also found that consumer attitudes are driving cookie removal. “Consumers are constantly hammered with concerns, fear, uncertainty, and doubt about their privacy and security,” Jupiter’s Peterson says. “So you give them this very easy thing to do—turn cookies off, disable cookies or use anti-spyware to delete cookies—and they’re going to do it.”

What frustrates marketers and advertisers most is that consumers believe cookies fall into the same category as spyware and adware. “People lump everything together,” says Jarvis Coffin, Burst Media cofounder and CEO. “They think we’re all part of some big evil machine.”

But cookies are much less invasive than a grocery store loyalty card, Coffin says. “Consider what consumers are willing to trade in exchange for swiping frequent-shopper cards at the supermarket,” he says. “Cookies are benign.”

No cookies, but pie

Cookies mark the computer, not the consumer, and gather no data other than tracking the user’s online behavior. “Privacy is a legitimate concern of consumers, but when they properly understand the issue of cookies, they’ll also understand that this is not an invasion of privacy,” Coffin says.

Because of marketers’ and advertisers’ heavy reliance on cookies, the industry is looking for a replacement. United Virtualities, a marketing services provider, has developed PIE—the persistent identification element—a measurement application based on Macromedia Flash. PIE restores the original cookie when a visitor returns to the site, says Mookie Tenembaum, company founder.

When a consumer first visits a PIE-enabled site, the site downloads a cookie to the user’s computer but then also attaches a tag with unique identification information to the visitor’s browser. If the original cookie is not present when the person returns to the site, the user is hit with a PIE, which activates a back-up of the original cookie based on the additional identifier that the retailer placed on the consumer’s machine. “They do the same thing they were doing before they used PIE but instead of just having 20% to 50% of the people with cookies, they go back to 100% of the people with cookies,” Tenembaum says.

IRCE 2008 Conference Multi-Media CD-ROM

Tenembaum admits PIE doesn’t address consumers’ concerns about privacy. “If you don’t like cookies, you don’t like cookies, whether you get them in the normal way or with PIE,” he says. “The only difference is that by using PIE, they are very, very difficult to erase and anti-spyware programs can’t touch them.”

Peterson, however, thinks that cookie substitutes—such as PIE—will encounter the same problems as cookies—and smart software developers won’t let the market go unaddressed for long. “If somebody builds a technology-based proxy for cookies, the anti-spyware guys will just go through and delete those files as well,” he says.

The sampling method

But the value of cookies lies not only in knowing when a customer returns to a site and how soon they buy. Retailers also use them as the basis for calculating various metrics and detecting trends that can help them enhance their web sites and marketing campaigns.

Jupiter is advising retailers to work with their vendors to quantify the deletion effect, giving them a starting point for those calculations. “You’re dealing with a sample but very few companies have a good idea of how large that sample is,” Peterson says. “They don’t know if it’s 39% or 25% or 15% of people deleting cookies on a monthly basis. Unless they know those numbers, they can’t very well do the statistics and figure out how things really look.”

Peterson says he envisions a day when a company or an organization like the Interactive Advertising Bureau publishes cookie deletion rates for different vertical markets, such as online retail, travel or financial services. “Marketers can then use those published rates to better understand how their advertising dollars are really spent,” he says.

Others believe cookies continue to be reliable tools, because retailers still are getting large enough data samples to produce valid results. “Even if the world is as Jupiter paints it, it doesn’t mean it’s the end of the world and it doesn’t mean people can’t rely on their conversion reporting, or their behavioral targeting or reach and frequency reports,” says Young-Bean Song, director of analytics for Atlas Institute, which serves ads and tracking pixels for more than 1,000 advertisers across thousands of sites.

In fact, a recent study by Atlas Institute, whose services represent 100 billion impressions, clicks, and page-views each month, found that even though behavioral data confirms that people are deleting cookies on a regular basis, there are remarkable disparities between users’ responses to cookie deletion and their actual behavior. For example, four out of 10 respondents who claimed to delete their cookies weekly or monthly actually had cookie life spans of more than double their survey responses, Atlas says.

Atlas bases its reach and frequency analyses on stable and long-lived cookies, rather than on every cookie in a log file, according to Song. “It’s basically sampling methodology, but you’re still talking about enormous samples of tens of millions of cookies,” he says. “There’s still a lot of very valid, solid cookie data.”

The short-term metric

Even short-lived cookies can be useful, Song says. “In a world where people are deleting their cookies once a week, the type of metrics marketers really care about are still valid and you’re going to capture the majority of the behavior there,” he says. For example, Atlas’ time-to-convert analysis has consistently found that between 70% and 90% of conversions occur within a 24-hour window of the corresponding click or impression.

Nevertheless, while some see a continuing role for cookies, others are looking for replacement techniques for tracking users. One alternative to using cookies is requiring visitors to log in or register before entering a site, a model once used by many retailers, Peterson says. When executed well, a user’s unique identifiers can be passed on to most web measurement applications, he says.

But this might not be a good option for retailers because many consumers don’t want to register or create an account with an online merchant, Peterson says. “If the driving force is accuracy and visitor counts, then it’s a good idea to do,” he says. “But if your driver is to sell more, it probably just creates an impediment, in which case you would want to opt for the revenue over the accuracy.”

Some hold out hope they can convince consumers of the value of cookies. But that will take an orchestrated campaign by online providers—such as content publishers Yahoo, MSN and AOL—that have close relationships with their customers and, therefore, the best chance of building trust, Song says.

Halting the war

One such industry effort is Safecount.org, an organization of agencies, advertisers, publishers, and technology companies whose goal is to develop accurate online measurement practices that protect the privacy and security of consumers. On its site, Safecount.org states that it “wants to prevent a cold war with consumers and find a middle ground.”

The newly created group plans to audit companies, compiling a list of those using all the best practices associated with online data collection, says Song, a member. The group also plans to educate the public and government about the benefits of online measurement such as cookies, Song says. Safecount has not released any details on those education campaigns.