Adam Posted May 19, 2011 Share Posted May 19, 2011 I'm sure most of you will have heard about the new EU privacy law, set to come into effect on the 25th May. The law will require users to give consent to websites for storing cookies on their computer. What will happen with tracking software? Surely not every other page you visit you'll have pop-ups requesting to create some cookies? It's going to be a usability nightmare, or the end of accurate cookie-based tracking. I also love it how in the UK we've got the "Department for Culture, Media and Sport" in-charge of producing the guidelines, who apparently are leading the way in Europe and are quoted saying: "The advertising market is good at circumventing technology-specific laws." So the EU has collectively created this law, only for each country to find ways around it? What's the point? Who thought this was a good idea? Quote Link to comment Share on other sites More sharing options...
fugix Posted May 19, 2011 Share Posted May 19, 2011 I'm sure most of you will have heard about the new EU privacy law, set to come into effect on the 25th May. The law will require users to give consent to websites for storing cookies on their computer. What will happen with tracking software? Surely not every other page you visit you'll have pop-ups requesting to create some cookies? It's going to be a usability nightmare, or the end of accurate cookie-based tracking. I also love it how in the UK we've got the "Department for Culture, Media and Sport" in-charge of producing the guidelines, who apparently are leading the way in Europe and are quoted saying: "The advertising market is good at circumventing technology-specific laws." So the EU has collectively created this law, only for each country to find ways around it? What's the point? Who thought this was a good idea? wow, i think thats a bad idea, will only create problems Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted May 19, 2011 Share Posted May 19, 2011 It will be one of those things that becomes law but no-one will really give a crap about. As they haven't even figured out how they are going to enforce it, it is just plain ridiculous. Reminds me of the fact that it is actually illegal in the UK to rip a CD that you own to store the tracks on your MP3 player or computer as it infringes copyright law. However, there has not been a single case brought to court. Quote Link to comment Share on other sites More sharing options...
ignace Posted May 19, 2011 Share Posted May 19, 2011 Don't know if this holds true for other countries but in Belgium as an employer you have to pay for playing music on the work floor. Guess what I'm bringing to work every morning? A nice shiny headset! One can also be charged when playing music to a crowd that is not family such as on a train/bus when your cellphone goes off. The company behind these CRAZY rules has an hidden agenda, if you inform them you are having a party with non-existing artists they'll charge you nevertheless while technically they can only charge for artists that signed up with the before mentioned company to protect their rights. Quote Link to comment Share on other sites More sharing options...
ignace Posted May 19, 2011 Share Posted May 19, 2011 If they do pass the law, how will they enforce Firefox/Chrome/Opera/IE/Netscape/Maxthon/.. all update their browser and enforce their users to update their browsers? Whenever they do pass the law, I'm installing Windows XP and start using IE6 Quote Link to comment Share on other sites More sharing options...
Philip Posted May 19, 2011 Share Posted May 19, 2011 Yeah, its been a pretty big topic of discussion at my workplace. We specialize in web analytics, and although we don't think it'll make a huge difference in the accuracy, its still a big pain in the ass. This is what happens whenever uneducated (in this subject) people make laws in places they shouldn't be poking their nose into. Guess we'll see what becomes of this though... :-/ Quote Link to comment Share on other sites More sharing options...
Maq Posted May 19, 2011 Share Posted May 19, 2011 This is what happens whenever uneducated (in this subject) people make laws in places they shouldn't be poking their nose into. My exact thoughts. I actually have heard of this until now, interesting. Quote Link to comment Share on other sites More sharing options...
spiderwell Posted May 20, 2011 Share Posted May 20, 2011 interesting artical, and stupid law! maybe it will stop ebay and youtube suggesting things I really dont want to buy or watch, i doubt it Quote Link to comment Share on other sites More sharing options...
448191 Posted May 21, 2011 Share Posted May 21, 2011 A lot of noise about nothing: "An exception exists where the cookie is "strictly necessary" for the provision of a service "explicitly requested" by the user – so cookies can take a user from a product page to a checkout without the need for consent. Other cookies will require prior consent, though." Bottom line is this: while this law might it harder to implement services like Google Analytics, it'll mostly be "same diff". Many forms of tracking are already illegal with current privacy laws. Just be glad someone is making an effort to protect your personal privacy. That said, this measure is pretty pointless. On implementation by the owner of a website, the cookie used for "strictly necessary" functionality can easily be used for tracking services as well. There's no technical limitation on using the same cookie for more than one purpose. Not to mention "strictly necessary" is about as a subjective term as they come. Again, pretty pointless. Quote Link to comment Share on other sites More sharing options...
448191 Posted May 21, 2011 Share Posted May 21, 2011 In addition, I seriously doubt this law will effectively limit usage of tracking cookies. Considering the vague terms, I do not think the multi billion business of behavioural tracking will be limited in any significant degree. It's a typical example of a "electoral motivated law", it looks good to the masses but has no real effect. Quote Link to comment Share on other sites More sharing options...
Adam Posted May 21, 2011 Author Share Posted May 21, 2011 *bangs snooker cue on floor* .. well said guys. Crock of sh*t this law.. and as Neil said, it's probably going to just get forgotten about in no time. I'm just glad the large percentage of my wage deducted every month is going to a good cause... Quote Link to comment Share on other sites More sharing options...
cs.punk Posted May 22, 2011 Share Posted May 22, 2011 Huh? Where am I? Who are you? Oh look cookies! nomnomonomnomonmonmomomo Quote Link to comment Share on other sites More sharing options...
fugix Posted May 22, 2011 Share Posted May 22, 2011 *bangs snooker cue on floor* .. well said guys. Crock of sh*t this law.. and as Neil said, it's probably going to just get forgotten about in no time. I'm just glad the large percentage of my wage deducted every month is going to a good cause... lol...right Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted May 25, 2011 Share Posted May 25, 2011 Deferred for 1 year. http://www.bbc.co.uk/news/technology-13541250 Just shows that someone never really thought it through. I would put money on the end result being that websites have to state exactly where they use cookies within their terms, and if the user does not want to accept the cookies it will be down to them to disable within their web browser preferences. Lets face it, some website owners may have used an off the shelf solution that is no longer supported. They are not developers. If that system were to use cookies to function correctly how would the owner know or even be aware of what a cookie is in order to pay a developer to modify in order to comply with the proposed law. Ludicrous! Quote Link to comment Share on other sites More sharing options...
freelance84 Posted May 25, 2011 Share Posted May 25, 2011 Hmm... isn't this gonna just mean the big sites will just throw up a question... "can we store cookies... yes or no" Answer yes and proceed answer no and no access. Or it's just gonna lead to the permanent storage of tracking data on server hdd's which could essentially be worse as the user could no longer delete their cookies... which i suppose in turn would lead to the worlds biggest 1984, one super giant bank of tracking information... hmm, i'm gonna start building, i foresee this being very profitable. Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted May 25, 2011 Share Posted May 25, 2011 Hmm... isn't this gonna just mean the big sites will just throw up a question... "can we store cookies... yes or no" Answer yes and proceed answer no and no access. That's the issue. They want to give the users the choice but will ruin the Internet if every site has to adopt some kind of popup confirmation. It is not just big sites, it is all sites that use cookies. It will be law. They passed this law with no clue on how to tackle the technical aspect. Or it's just gonna lead to the permanent storage of tracking data on servers Eh? Data is already stored on servers in databases. You cannot delete it. It is the cookie that is used to identify the user and pull data from the server or save it. Quote Link to comment Share on other sites More sharing options...
freelance84 Posted May 25, 2011 Share Posted May 25, 2011 ooohhhh... yea that makes sense. Really... what about sites which logged where you had been, what products you looked at... this info surely isn't stored in a database is it? What happens when the user wipes their history... does that info just lay dormant in the database forever? // Wow... just realsied how dum that last post of mine was... how the hell can you link a user to a db without a cookie or member details.... duh! Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted May 25, 2011 Share Posted May 25, 2011 Really... what about sites which logged where you had been, what products you looked at... this info surely isn't stored in a database is it? What happens when the user wipes their history... does that info just lay dormant in the database forever? A web company may store how many times something has been searched for, how many results are returned on searches, that kind of thing. The actual products you look at on a website may be placed in a cookie file so relevent adverts are displayed to you on other sites. Google is a master at this when you do searches and then watch something on youtube. Data that is saved in their databases will be when you click on adverts, also visits to pages on a website are probably tracked and stored for a period of time. They are then compiled and stored in a form that can be analysed over periods. There are a few analytics people on this forum who may jump in and clarify. It is not really my area. Quote Link to comment Share on other sites More sharing options...
freelance84 Posted May 25, 2011 Share Posted May 25, 2011 Hmm, well thats makes a lot of sense. I wonder if it would be possible to have some sort of "super super global variable". One accessible by all sites opened in the browser then one could have a general "advertisement" login, not just to an individual site but to the WWW. This way, sites would not require a cookie to identify the client but refer to the super super global. Although this cookie ban is bad for the present setup, i know lots and lots of people who know very little about computers, they never wipe their history, there knowledge of AV programs are slim let alone their knowledge of spyware, as a result some of them think that the expected life of a laptop is two years! But when you look in more detail at their situ, they say this simply because it takes around two years of 'internet crap build up' to render an average run of the mill laptop useless. If sites could not store cookies this would surely be a step in the right direction. Which i'm sure must be the overall goal of the 'cloud owners'.... so maybe that one corp ruling all again... ahh i dunno. Quote Link to comment Share on other sites More sharing options...
Maq Posted May 25, 2011 Share Posted May 25, 2011 I wonder if it would be possible to have some sort of "super super global variable". One accessible by all sites opened in the browser then one could have a general "advertisement" login, not just to an individual site but to the WWW. This way, sites would not require a cookie to identify the client but refer to the super super global. Something like that would be a huge security & privacy issue. Quote Link to comment Share on other sites More sharing options...
.josh Posted May 25, 2011 Share Posted May 25, 2011 Oye, here's another tl;dr, brought to you by CV... Summary People are grossly mis-informed about cookies and being tracked and their privacy in general. Some people out there are making a mountain out of a molehill about privacy issues, and in the end, the only people who are gonna get hurt by it are the same people they are supposedly trying to "protect" : the end users. What tracking tools do not do First, let me clear up the air here. All of the major tracking tools anybody cares about (GA, YWA, WebTrends, Omniture, etc..) have their own rules about privacy already in place. Some will track more than others, but none of them officially sanction personally identifiable information. So what constitutes "personally identifiable information"? Let me use Google Analytics (GA) as an example, since it is the one most people know about and are probably most concerned about, and because unlike some of the other tracking tools, GA is part of Google, and Google extends much farther than just website tracking GA ToS states that you cannot send any data to GA that personally identifies a visitor. This means no IP address, no email address, no phone number, physical address, real name, etc... In addition to that, they take it a step further and say that you are not allowed to even send data to GA that can link GA to personally identifiable information in your own DB. For example, if you have a db table on your own server that stores personal information (stuff mentioned above) and then a unique user id associated with it, you cannot send that id to GA. Okay fine, but there is no official law, no way to enforce something like that "Fine and dandy, but no official laws mean they don't have to do it, therefore someone out there will not." Fair enough. But I want to point out that in my experience, there is a certain amount of self-policing that goes on with clients and the tracking tool companies. Two words: "Competitive Intelligence." In most cases, all of the coding as far as getting data from point A to point B is done virtually 100% client-side. That means that data is exposed to whoever wants to grab it. The bottom line is that nobody wants to broadcast your personally identifiable info because it gives their competitors a chance to grab that info and steal their (potential) business. So companies have a vested interest in not sending your personal info to tracking tools like GA. But I see stuff in ads that I've previously searched for! Okay first off, let's clarify something here: When you are fapping to midget pr0n on some smut site and then later on see an ad inviting you to ride 3 foot cowboys hung like horses..that is not personally identifiable information. Having said that, when you do see something like that...let's clarify another thing here: some of that is not because of these open-to-the-public tracking tools. In-House-Advertising There is a lot of "in-house" tracking going on. If for instance you go to amazon.com and register and buy something, and then go back again later to shop around, amazon.com will indeed show you targeted advertisements, even if you aren't officially logged back in yet. But this is based on their own cookies, drawing from their own database, etc... This has nothing to do with tracking tools like GA. Slapping lots of stupid rules on tracking tools like GA will do nothing to stop this kind of targeted advertising. In fact, there is currently no way to legally create laws to keep companies from keeping a record of your previous transactions, because there are already laws in place (mostly tax laws) that require them to keep those records. Now...making laws that tell companies whether or not they can leverage their own data to further advertise to you is another story. But I somehow doubt anybody is going to ever make a law that prohibits websites from doing something like that. It is your choice to register and by from xyz.com. It is your choice to go back there. It's as if I were to invite you over to my house and you ask for some tea and then you come over the next day, and me not being allowed to offer you any tea, based on my previous knowledge of you liking tea. It's your choice to come over to my house in the first place. And how would you even go about proving that I'm not just offering you tea because that's all I have, vs. specifically offering you tea because of past history? Sure, with websites its a bit different...you can look at their code and see the algorithms..but do you really think anybody will ever pass a law expecting websites to expose their proprietary code like that? Cross-site-advertising freelance84 wrote, and Maq responded: I wonder if it would be possible to have some sort of "super super global variable". One accessible by all sites opened in the browser then one could have a general "advertisement" login, not just to an individual site but to the WWW. This way, sites would not require a cookie to identify the client but refer to the super super global. Something like that would be a huge security & privacy issue. This is in essence what most people are really bitching about, when they talk about privacy concerns (when they are not busy thinking companies are sending their CC#'s to GA, that is). Google has a complex system involving 1st and 3rd party cookies and affiliate systems and tools (GA, Adsense, their main search engine, etc...) and lots of server-side code and databases etc, that tie all of them together. This complex system Google has setup is basically the environment where that "super super global variable" you are speaking of would live. Why? If it helps, think of it in terms of trying to best describe the "root" of the internet. What would you describe as the "root" of the internet (from an average end-user PoV)? In theory, there is no "root" to speak of. In practice however, it's the search engines - they are the lowest common denominators of the internet. So in practice, this is where a "super super global variable" would live. And this complex system of tools and cookies is that "super super global variable" you speak of. And google isn't the only company out there doing this; Yahoo does it too, and so does Microsoft. But very few companies actually do this, because very few companies have all these systems that lots of people use and sites register with, etc... so when we are talking about a battle over "privacy," it's really only against a handful of companies, because there are only a handful of companies out there big enough and have the resources and tools to do this sort of thing. Not even companies/tools like WebTrends, Omniture or Piwik can be put in this bucket, because site tracking tools are just one piece of the puzzle. But back to the point: what do you see in those ads? Do you see your name popping up? Do you see your phone number or address? No! You for example go to site A and search for computer books and then go to site B and then see ads related to books or computer books - non-personal information. And yet, people are bitching about this. Granted, a lot of it is unfounded fears of people thinking more than just that is being tracked, as well as fears that if more that is tracked in the future, there's currently no law to prevent it, but people are still lumping it all into one top level category of "zomg privacy breach." Which brings me too... Tracking non-personal information Why the are people complaining about this? All day long people bitch and moan about how it's hard to find stuff online. You wanna buy a new phone and you spend forever trying to find what you are looking for because of horrible UX issues. This is ultimately what these tracking tools are for: improving UX. Before the internet came along, it was really easy to buy something. For most people, your choices included going to whatever stores happened to be in your physical area. Walk into the store, find your item, pick it up, read the label, shake it around, put it into your basket. Maybe hit up another store that sells the same thing first, but at that point in time, it boils down to which store sells it cheaper. This is not how the internet works. More accurately, the internet has a lot more to it than that. When you go online to try and search for or especially buy something, you do not want to spend hours on end trying to find what you want. You do not want to spend forever trying to figure out whether or not it's even the right item. But you can conceivably end up doing just that, because your perception of the "right item" is not based on what you are physically holding in your hands, but in how the site chooses to display information they decide is associated with the item. bestbuy.com can list their computers under lawn furniture if they want. Or show shitty pictures, or leave out half the info you wanna know about, that some other site does list. So how do you know you're comparing apples to apples? There's got to be some common denominator. And yes there usually is, stuff like UPC codes or product IDs and model numbers and shit. But who shops like that? Tech people? In case you haven't noticed, most people aren't tech people. There needs to be some kind of system in place that lets me shop around from site to site for a widget and gives me some kind of clue that I'm comparing apples to apples so that I don't spend all this extra time trying to figure that shit out, and that's more or less the goal of tracking your online activity. It is essence someone out there saying "Hey, I notice you just went to somesite.com and you're searching for xyz, let me help you find it, show you what others are offering." Is that really so bad? We spend all day bitching about making things easier to do online. Easier to search for relevant stuff. Easier to buy relevant stuff. Easier to filter out the bad or half-assed stuff and get the good stuff. But we are individuals, so in order to find stuff relevant to us as individuals, a paper trail must be made and analyzed. You cannot find the next step without first establishing the pattern. So what do companies do with the information collected? An online company is like any other company in that the ultimate goal of the company is to make money. Whether they accomplish this by selling a product or service or being a resource or <insert whatever> is irrelevant to the point. The point is that every site out there is ultimately trying to make money, even the "public" or "non-profit" places. It takes money to run the site, etc.. and whether they get if from selling something or ads or donations...the point is, they need money in order to run, and the goal is always to make more money, because that's the fertilizer that makes companies grow. Therefore they need a system in place to get that money, and also a system in place to see how users go through that system in order to make it more streamlined, efficient, etc.. (UX). All tracking for this stuff falls under 3 general categories: General tracking This is where tracking tools come in, using GA or the like. GA enables companies to see where you are at on the site, how far into the process you get. What if a lot of people aren't purchasing something on their site because one of the steps in the process was poorly designed? With tracking in place, they can setup points of conversion ("events" or "actions") and see where people are dropping off. They can for instance see that "Hey, we have 5 pages in a registration form, and everybody is leaving after the 3rd page...let's go investigate page #3...maybe there's a coding issue, maybe instructions on that page are unclear, maybe they don't like that posted disclaimer about them selling their soul to us...". So how do they do that? It boils down to using a uniquely generated ID the same principle as a session id, for sessions. In fact, "visit" and "session" are often used interchangeably. All these tools do is make up a unique session/visit ID and pass that along each request so that they can see things like paths taken on the site. Other information they pass are URLs or designated custom values like "page names" or "site sections". None of this information personally identifies you, and as mentioned, tools like GA already have in place strict rules about what information you can pass to them. UX testing Tracking tools like GA help you see bottlenecks in your site's flow, or what pages people are actually going to on your site, etc.. You identify those bottlenecks and then move on to testing with tools such as Google Website Optimizer (GWO), which is basically a tool that lets you display alternate versions of an image, copy, whole page, etc.. and see which ones ultimately yield more conversions. This is good for you because it helps make your time on their site easier. Web developers generally understand this concept (UX in general), though maybe not so much the details about the tracking/testing stuff. But normal users don't know any of that shit. All they know is they go to xyz.com and can't figure anything out and then they get the vague impression someone is watching them because they are starting to see targeted ads and shit, and then read articles from jackasses making out like companies are trying to track and pass off to everybody their personal information. Behavioral tracking This really falls under the general tracking, but this deserves its own section, because this is the core of what drives cross-domain advertising, and what people are specifically worried about. First off, yes, behavioral tracking does take place. Analysts and Marketing folks are interested in knowing things like how often you visit certain sections or pages of a website, because it helps them better gage how interested and/or serious you are about something. For example, let's say you randomly for the hell of it start looking around for a computer. With no history, there's little incentive or motivation for companies to invest time and effort and money into offering discounts or advertisements or anything at that point in time. But if for instance, it is determined that in the last week you have done a search on "buy computer" (or similar), visited several sites that sell computers, etc.. this means there is a good chance you are seriously considering buying a computer soon, and this gives companies more incentive to try and offer you some kind of discount or special package or something "better" than the other guy, so that you will buy from them instead of that other guy. So here's the secret nobody seems to understand about behavioral tracking and targeted advertising: The more we enable companies to engage in this sort of thing, the less we will see random spam, and the better those discounts will be for us. How is that possible, you ask? Think about it...companies are going to advertise regardless. They can't just sit there and hope people will magically come to their store, especially on the internet. The only way they can get people in the door is by going out there and telling people there is a door to go to. Incidentally, if you are a website owner hoping to make money from banner ads, getting like 1/100th of a penny per impression or some stupid shit, lack of behavioral tracking is the core of the reason why you barely make anything. Companies are not willing to pay Google very much to feature their banner ads on other peoples' sites when there is literally almost 0% chance someone will actually click on it, and Google in turn passes that lack of paying on to you. That's why targeted advertising yields you more $$. Google knows there is a higher % chance a user will click on that banner ad if it's something relevant to them, and companies know that if users are being directed to their site because they are actively looking for something, there is a higher chance of them buying it, so they in turn are willing to pay Google more $$ to have their banner ad displayed. It's common sense: I don't care if you're offering me a $1000 computer for $500 (and it's not a scam): if I don't need a computer, I'm not going to go buy it, regardless of how good the deal is. Okay some people will, but that's an issue with compulsive buying. Most of us aren't like that. If we were, random banners ads would yield higher conversions, and you would be getting extra $$ passed on to you from having them on your site. Point is, there is a greater chance of me clicking on a banner ad if I'm actively searching for something, even if there is no specific "discount" or "offer", than just randomly offering me "good deals" when I don't even need the product or service. Or...banner ads showing summer items to a region/country of the world when they are in the middle of their winter season. It makes no sense and wastes everybody's money and guess who gets to make up for that cost in the end: you. And that is the core of what behavioral targeting is all about...looking at trends in activities, finding the patterns and placing bets on the next step in the pattern. This saves everybody time and money and guessing and that makes its way down to us, in the form of being able to find what we are looking for easier, and getting things cheaper in general. But we are too stupid to look at this bigger picture, and are shooting ourselves in the foot. The bottom line Concerns of "privacy" boil down to a whole lot of misunderstanding about what information is actually being tracked, and the motives behind it, and a lot of it is rooted in a fundamental difference in understanding of what "non-personal information" is. We want the internet to be vast and unending, full of limitless possibilities and information and product choices, and yet we also want it to be easy to find the things we want. Well we can't have our cake and eat it too. The internet is too big. There are too many choices, and those choices aren't just about you holding a physical item in your hand, it's you also trying to figure out if you're even comparing apples to apples, where arbitrary people are giving arbitrary descriptions of those apples. And companies recognize that problem as well. They want a standardized, guided way of you getting from point A to point B. They want to make it super easy for you to find what you are looking for, because it means you are spending money, either directly or indirectly. And like all companies, they want you to spend you money on them. Companies aren't interested in broadcasting your personal information to the world, because tracking and broadcasting your personally identifiable information to 3rd parties or the world in general gives their competition a chance to put your money in their pocket. But they do recognize that they have to work together with other companies in order to help you find what you are looking for to begin with, and that is where 3rd parties like Google and tracking non-personal information come into play. And in order to even make all this investment worth it, there has to be things like behavioral tracking, because flipping a coin is no way to run a business. The point is, the more we bitch about our "privacy" (that we really aren't losing), the more we push to make laws that create anonymous surfing the norm, the more we are just hurting ourselves. Do we really prefer massive, untargeted spam or even targeted spam, vs. ads striving to show us deals on stuff we are actively looking for? I for one do not, and this tracking and "privacy" crap is going in the opposite direction. Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted May 25, 2011 Share Posted May 25, 2011 Very good informative post. I said someone would clarify cookie tracking. The point is, the more we bitch about our "privacy" (that we really aren't losing), the more we push to make laws that create anonymous surfing the norm, the more we are just hurting themselves. Do we really prefer massive, untargeted spam or even targeted spam, vs. ads striving to show us deals on stuff we are actively looking for? I for one do not, and this tracking and "privacy" crap is going in the opposite direction. The funny thing is in this argument is that users are happy to give all their private information to sites such as Facebook which makes most of its revenue from targeted advertising based on the information that you have given it, and then there is all this hype on how privacy is such a big thing and it should be protected at all costs from sites on the Internet. As CV states, there is no personal data being collected when users are browsing and searching websites. Having your cake and eating it is the perfect analogy. Quote Link to comment Share on other sites More sharing options...
gizmola Posted May 26, 2011 Share Posted May 26, 2011 It may be time to cut off the UK's interweb. That will learn em. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.