The Interactive Advertising Bureau proposes ‘cookie’ alternatives

Tracking activity across the Internet is far from straightforward in the age of multiple browsers, devices and applications consumers use to access the web. Yet cookies dropped into browsers are still the main way advertisers target ads to consumers online. The IAB suggests alternatives that may protect consumer privacy while also improving marketers’ ability to make use of their web activity data.

Amy Dusto

The Girl Scouts isn’t the only organized group to use cookies for badges. Cookies are the dominant way advertisers effectively “badge” a consumer’s web browser to serve her relevant ads online based on the sites she visits and what she does on them. However, with the sundry types of devices, browsers and applications consumers are using to access the Internet today, the cookie’s utility has crumbled, according to the Interactive Advertising Bureau (IAB), a trade group for the digital advertising agency. In a new report, the IAB outlines how cookies’ flaws came about, and the ways the industry may be able to respond using new technologies.

A cookie is a small piece of code that an advertiser or publisher—such as a retail web site—inserts into a consumer’s web browser after she visits a particular site. This code keeps track of that browser’s unique identity so that the site recognizes her when she returns and can serve her content related to her past browsing. Additionally, if the same advertiser or retailer identifies the cookie “badge” it gave to the consumer’s browser when she arrives on a different site, it can use her activity there to serve her targeted ads elsewhere, too. That’s why a shopper might see an ad for Best Buy Co. on another web site after leaving BestBuy.com, for example.

In 2012, the IAB, which creates formats for online ads that are widely used as standards, formed the Future of the Cookie Working Group to discuss the problems that have cropped up with cookies and to develop a framework for creating cookie alternatives. The group recently outlined five classes of technologies for tracking consumers’ activities and allowing them to manage their preferences in a report titled “Privacy and Tracking in a Post-Cookie World.”

 “Since they cannot be shared across devices, cookies lack the ability to provide users with persistent privacy and preferences as they jump from smartphone to laptop to tablet, and more,” says Anna Bager, vice president and general manager for the IAB’s mobile marketing center of excellence. That also means advertisers and publishers are less able to customize the content or ads they display to a consumer, she says, because they have less information about her web-wide activity. For example, if a shopper looks at a TV on BestBuy.com from a computer, when she moves to a smartphone Best Buy would not know to show her an ad for a TV on a return visit, or on another site. Beyond devices, differences in how a consumer receives the Internet—for instance, via 3G, 4G, LTE or Wi-Fi—and accesses it—such as via a mobile or web browser,  or a smartphone or smart TV app—complicate the matter further.

The cookie’s problem also has much to do with the way web site content is assembled on a page today, adds Steve Sullivan, the IAB’s vice president of advertising technology. Most web pages load content associated with other web domains, which means that when a consumer visits one, her browser isn’t interacting with only data originating from that page, but also from potentially hundreds of other ones, too, he says. For instance, the page for a story on a newspaper’s web site might have ads served by other web domains (belonging to the advertisers), plug-ins from social media sites (which the page loads from those domains) and various, invisible pieces of code that the advertisers and the newspaper’s analytics vendors have added to keep tabs on how long the reader stays, where she clicks and other data.  

“When a consumer wants to register a preference, for instance to opt out [of receiving targeted ads], that’s a message now that the consumer has to share with every single domain with which she interacts over the course of browsing the web,” Sullivan says. A decade ago, that would have been limited to just the number of web sites a consumer visits, he says. But today, after just a few web pages, a consumer’s browser may have interacted with hundreds or thousands of external domains to load all their content and tracking pixels.

That’s less than ideal for consumers, advertisers and content publishers. (An online retailer may at times be both an advertiser and a content publisher.) For example, a shopper might generally prefer to see ads that are relevant based on her browsing activity, but as a non-drinker, she never wants to see ads for alcohol, Sullivan says. Today, there’s no way for her to tell that to all web advertisers at once—the only mass move she can really make is to opt out of all behavioral ad targeting, he says. And not all advertisers participate in opt-out programs.

“Today if I wanted to say to advertisers, ‘Please don’t send me any Coca-Cola ads,’ that would be impossible to do,” he says. “Even if it was possible with one publisher, there’s no way for that preference to be persistent across the whole industry.”

Consumer privacy and cookies’ flaws—and attempted workarounds to them—have been receiving increasing attention. For example, Google Inc. has said it is working on a single “super cookie” that would track how consumers browse and shop online across any Google properties, including the Chrome browser on a desktop and the Android mobile operating system. However, only Google would have access to that data, which wouldn’t be of much help to advertisers or retailers, Sullivan says, unless Google makes that data available to them. So far, the Google ID is only used to serve consumers targeted ads within Google Play apps, and those consumers are able to reset or opt out of the tracking, according to the Android Developers’ Blog.

Meanwhile, new reports suggest consumers are becoming more wary of their privacy on the web, including how they are tracked, especially in light of recent data breaches

“All solutions are not equal in terms of if and how they meet the needs of [consumers, advertisers and publishers],” Sullivan says. “It’s not just finding ways to track more, but a system that engenders better communication between consumers and the industry, and therefore a higher degree of trust.”

Other than the cookie, the IAB puts forth the following categories for web activity tracking:

•          Device IDs—digital signatures attached to each device a consumer uses to access the Internet. She can set whether she shares her IDs with the advertising industry or not. For instance, if she shared her laptop ID with all advertisers, both Amazon.com Inc. and eBay Inc. would recognize her as the same shopper as soon as she visited their sites based on the fact that she was on her laptop, Sullivan says. Today, Amazon and eBay recognize consumers via their own, separate cookies. The advantage for the consumer is that she would be able to register preferences with her device that push to all web sites—for instance, telling her laptop to not share her identity with any web sites, versus telling each one “do not track” manually.

•          Client IDs—the same idea as device IDs, but using a consumer’s browser, app or operating system to keep track of her preferences and share that information with web sites. Today, the Apple and Android operating systems both offer consumers an “advertising ID” to set preferences about how their browsing activity is tracked on mobile. However, those IDs are used only within those operating systems.

•          Network IDs—putting a “middleman” server between a consumer’s device and the servers where web sites are hosted. The middleman keeps track of a consumer’s ID and manages how her preferences are shared with the servers her device is calling to load web pages.

•          Cloud IDs—consumers, advertisers and publishers agree to use one centralized, web-based service for managing consumers’ IDs and associated preferences. Sullivan points out that this isn’t the same as storing all a consumer’s personal information in the cloud; rather, it’s a cloud-based service that manages how information is shared between parties. A consumer could, perhaps, log into the service to adjust settings about when and how her identity is revealed to publishers and advertisers, as in “never from my smartphone browser, but OK through my apps.”

Some companies and organizations have begun work on new technologies that fit into the IAB framework, Sullivan says. Besides the work by Google and Apple on their own advertising IDs, he says, personalization technology company Phorm is developing a network ID.

It will be years before we can expect the deployment of a new cookie alternative that can fully address all the publishers’, advertisers’ and consumers’ needs outlined in the report, Sullivan says. The purpose in clearly defining the problem and setting up a framework around potential solutions now is to help the industry begin to discuss how it might coordinate creating a broadly applicable cookie alternative. One factor will be whether the advertising industry decides on standards for how IDs might be created, used and managed, Sullivan says. 


Anna Bager, Best Buy, cookies, Google, Interactive Advertising Bureau, marketing technology, Mobile marketing, Steve Sullivan