DEATH OF THE COOKIE: How The Web's All-Seeing Tracking Device Could Meet Its End

Grim reaper death cookie

Cookies — the small pieces of code that websites drop onto your internet browser in order to track your activity, usually for advertisers — have gotten a bad rap recently.

Apple, Microsoft and Mozilla (which makes the Firefox browser) now all plan to launch browsers with default settings rigged to reject cookies or to signal that the user does not want to be tracked.

That’s a threat to online advertising, which is largely dependent on cookies. Advertisers don’t like launching ads without knowing what a web surfer wants to look at.

A huge business has grown up around cookie-based advertising: For instance, some analysts believe Facebook’s cookie-based real-time bidding ad exchange, called FBX, could generate $1 billion or more in revenues.

But some in the business are talking about the death of the cookie. Paul Cimino, VP/GM Brilig Digital Data Solutions at Merkle, told AdExchanger recently that he gives cookies “five years at the most“:

We’ve found that the third-party cookie is dying as the number of machines that you can see on the Internet versus the number that you can cookie has been dropping over the last three years. It’s now at around 50%.

Most experts believe the cookie is safe, for now.

But we decided to describe the potential scenarios that might, ultimately, lead to the death of the cookie — and the return of anonymity on the web.

First, let's define our terms. What exactly is a cookie?

As we already said, cookies are the small pieces of code that web sites drop onto your browser as you surf the web. They record what sites you've looked at.

If you've been shopping for shoes, you might start to see ads for shoes on the next web page you visit -- because advertisers are targeting your cookies.

Cookies don't give away any personally identifying information about you.

But they might give advertisers an idea of what your interests are -- you're shopping for shoes online, for instance -- where you live, and what demographics you fit into.

Almost every web site serves a cookie, especially if you have to log into it, like when you check your bank account.

The cookie tells the bank's web site that you have logged in with the correct password. If it wasn't there, the web site wouldn't know that when you click through to a different account, you're still the same person. It might assume you were a new browser -- and lock you out of your account.

Those are first-party cookies -- cookies served by the page you're looking at right now. The web basically doesn't work without them.

Third-party cookies are the ones that are under threat.

The cookies that annoy people are 'third-party cookies,' which are served by other companies via the web page you're looking at -- advertisers, usually.

The bank's web site might allow dozens of third parties to drop cookies onto your browser. When you go to another web site after the bank's, those cookies will signal to other advertisers that a person with a recent history of checking their bank account has arrived, and financial services advertisers can target them.

They make it feel like web sites can read your mind.

A description of how weird that tracking can feel -- these web sites are psychic! -- can be found in Business Insider writer Walter Hickey's story about how Facebook suddenly knew he was interested in collecting fossils.

Companies that make web browsers are increasingly switching off cookies.

New versions of Safari, Firefox, and Internet Explorer are being launched with settings that have cookies turned off by default, or with Do Not Track signals on by default.

As Paul Cimino, the VP/GM at Brilig Digital Data Solutions at Merkle, told Ad Exchanger:

... The browsers are getting stingy -- like Safari and Firefox. They're coming with the third-party cookie turned off.

When cookies are turned off, they lose their value.

The more web users who look at the internet with third-party cookies turned off, the fewer users there are for advertisers to target.

Advertisers need a critical mass of cookie-carrying users to target. If a majority of web traffic becomes third-party-cookie-free, then the quality of the audiences being delivered to advertisers could stop being worth the money.

Without adequate demand from advertisers, the cookie environment becomes non-functional.

Mobile devices mostly don't have cookies — and web traffic is moving from the desktop to mobile gadgets.

Cimino says:

35-40% of traffic is not from computers. ... non-cookieable devices -- phones and iPads, Kindles and the like -- are generating traffic somewhere between 35% and 40% of our overall traffic.

Again, if a majority of users can't be tracked, then advertisers will withdraw the budgets they currently spend targeting cookies.

Third party cookies have a lot of enemies.

Privacy advocates hate them, because they carry information about what you search for on the web.

organisations like the Electronic Privacy Information centre and Abine have anti-cookie stances because, as EPIC puts it, 'a cookie is a mechanism that allows a web site to record your comings and goings, usually without your knowledge or consent.'

Many web users no longer tolerate cookies as a result.

Three in 10 users delete their cookies on a regular basis.

The regulatory environment is getting stricter: The FTC is already tightening the rules regarding cookies on web sites for kids. It could do so for all web sites.

See a summary of the new rules on Media Post.

The Senate believes the industry is dragging its feet in a rearguard action to save cookies from extinction.

Worst-case scenario: Users sue in a massive class action lawsuit targeting advertisers who ignore 'Do Not Track.'

Microsoft's new Internet Explorer browser will send a Do Not Track (DNT) signal by default. But as we reported last year, it's merely a signal, not an actual cookie blocking mechanism -- and advertisers have already vowed en masse to ignore it.

An imaginative plaintiffs' lawyer could easily craft a class action suit on behalf of users targeted against their will by advertisers when they believed they were not being tracked because of DNT.

Cookies lack defenders. The market is already moving away from third-party cookies.

Big media publishers -- like the New York Times or Yahoo or Business Insider -- would quietly welcome the death of third-party cookies.

Without advertiser cookies, the only cookies available for targeting are first-party cookies, which belong to publishers.

Facebook has no interest in supporting cookies.

Facebook mostly does not use cookies for its advertising. Buyers instead target users based on Facebook's own unique data.

(Facebook does use cookies in its FBX exchange, but that is not the bulk of Facebook's business.)

Big publishers are already prioritizing 'native ads' over cookie-based ads.

It's the same with a lot of big publishers. Advertisers can only get the premium placements (homepage takeovers, front page placements, etc.) if they pay for specially designed, 'native' ad units that are unique to that site.

Those deals are not cookie based.

The iPhone doesn't support cookies, either.

Apple has its own IFA tracking device for advertisers -- which users can switch off.

Apple would love it if the cookie died because a huge part of Google's business is dependent on third-party cookies.

Africa and Asia could kill the cookie.

If Apple made a cheap version of the iPhone -- which might catch fire in Asia, Africa and the developing world -- then it could doom the cookie.

About 50% of the mobile phone market is smartphones. The other half of users -- who have feature phones (or dumbphones) -- have yet to switch to iPhone and Android.

If Apple were to make a cheap iPhone it could dominate developing markets, where users access the web largely from phones rather than computers.

That's a lethal combo for cookies: a majority of users on non-cookie mobile devices in a larger environment that's hostile to the remaining minority of third-party cookies.

A combination of factors could ultimately kill the cookie.

Privacy, legislation, publishers, mobile use, and demand for native advertising are working against third-party cookies.

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.