
Web Giants Threaten End to Cookie Tracking - dohertyjf
http://online.wsj.com/news/articles/SB10001424052702304682504579157780178992984
======
HyprMusic
"Facebook's new ad service, launched earlier this month, gets around the
traditional third-party advertising cookies by doing the tracking on its own.
When a person visits a website selling shoes on a work PC, a piece of Facebook
code placed on that site—Facebook's own cookie—recognizes that the person has
logged into Facebook using that browser before. The shoe seller can then send
the person an ad for the shoe on Facebook's mobile app—even if that person
never registered with the shoe seller."

This highlights the dangers of the seemingly harmless social widgets. Anyone
who doesn't already, I highly recommend using a plugin such as ghostery[1] to
block them.

[1][https://www.ghostery.com/](https://www.ghostery.com/)

~~~
webjprgm
On my personal blog I made a button to disable/enable all the social media
plugins. I don't know if anybody uses it (my readership is approximately zero,
so no point in tracking clicks or A/B testing), but I figured I'd give users
the option out of courtesy.

It does use a cookie to track your preference. The default is to enable them
(since most users are not tech savvy enough to know they want them off, and
those same users wouldn't easily find a button to turn them on).

~~~
icebraining
Instead of tracking by default, consider the approach taken by a few sites,
where you have "dumb" images with the various social networking logos, that
are replaced by the real button when clicked.

------
angersock
Wait, what?

 _" On Wednesday, Microsoft quietly announced in a blog post that the company
will give marketers the ability to track and advertise to people who use apps
on its Windows 8 and 8.1 operating system on tablets and PCs. The company will
do this by assigning each user a number—a unique identifier—that monitors them
across all of their apps. (The system doesn't block cookies in Microsoft's
Internet Explorer Web browser.) Industry players think Microsoft-powered
smartphones and Xbox game consoles will be a natural extension of the system,
but Microsoft kept mum on the question."_

~~~
aw3c2
Did you omit the following sentence on purpose?

 _Earlier this year, Apple Inc. also began offering advertisers the ability to
trail and target users through a unique ID on smartphones and tablets._

~~~
pilif
In case of Apple, the ID isn't shared between apps though. Every app now gets
their own ID and even that can be reset across all apps in the privacy
preference pane.

In earlier versions of iOS, people were using the device UUID which allowed
tracking across apps, but using the UUID isn't possible any more, so tracking
is now only possible within one app.

~~~
dunham
Just to clarify, in the newer iOS versions there are two classes of identifier
that replace the UUID:

identifierForVendor is not shared across vendors, but it is shared across apps
from the same vendor.

identiferForAdvertising is shared across all apps, but it is not shared
between devices and can be reset at any time by the user. (I think the user
can suppress it altogether, but I'm not 100% sure.)

------
ebbv
This is one of those articles where you really wish the author had a better
grasp of technology. From what I could decipher the really story here isn't
ending of Cookie Tracking but supplementing/replacing it with unique
identifiers for users. Which, if you're logged into Google's system at the
moment, I'm pretty sure is already the case. Google knows who you are
throughout all of its systems. What it doesn't allow is advertisers to know
who you are. If they're considering allowing advertisers access to unique data
about each user, that would be a really big story.

Facebook requires you to be logged in to do anything, so there's nothing new
here.

Microsoft assigning unique IDs to its Surface devices doesn't really matter
because nobody uses them.

~~~
7952
Letting the browser generate the unique ID (such as a guid) may actually have
benefits for users. As long as the identifiers are kept secret you would have
the benefit of a login without the site needing to store any personal
information. This gives much more positive control to users than an opaque
cookie. It is also easier to make legislation around as you could mandate that
the user supplied unique ID is the only information (along with basic browser
details) that can be stored.

~~~
webjprgm
And then remove the existence of cookies altogether, I infer. Since only a
unique identifier is necessary, with all other session data and preferences
being stored on the server.

I notice in a comment further up that Apple has two separate IDs. One for
advertising and one for tracking users of a vendor's applications. Should this
browser ID system have two separate IDs, one for securely identifying a user
and another for advertising? The secure ID would have to be unique per
website, otherwise phishing schemes just became ridiculously easy.

~~~
7952
I suppose you could implement a browser plugin that maintains separate cookies
for separate combinations of sites. So that buzzfeed + facebook would be put
in one bucket, and cnn + facebook in another bucket. You could then ask the
users permission to use real cookies.

------
thaddeusmt
So, this isn't so much about the "end" of using cookies to track users as it
is about the "rise" of enhanced methods enabled by the fact we are constantly
logged in to services like Facebook, Google, Microsoft, etc.

The thing is, even Google services (Search, Analytics, etc) and Facebook (the
Like Button, etc) use cookies to track users. It's still fundamentally the
same thing. The difference is that by logging in to the same service (Google,
Facebook, etc) on difference devices and browsers, they can "link" the cookie
data together for a more complete picture of your online activity.

Adding to this cross-cookie data, these services can include data from their
actual services (Google Search, the Facebook Social Graph, etc), and are
starting to include data about the Apps you use (in their respective
ecosystems). It's a nice bundle of data they can sell to advertisers
(indirectly, via ad targeting).

The scarier question is: will the tracking be enabled at the client/device
level? Will your Google or Microsoft web browser (or OS) directly collect and
track information about your browsing? Or will it still be limited to "web
tracking" (with enhanced ability to connect cookie data across multiple
devices)?

------
jezclaremurugan
Now I am badly rooting for Mozilla - both its browser and OS for mobiles, for
now a VPN and virtualbox or incognito combo will have to suffice.

------
glenjamin
It's worth noting that the EU "Cookie Law" doesn't actually explicitly refer
to cookies.

Its wording is broad enough to include alternative approaches of individually
tracking users.

~~~
bolder88
It's a ridiculous nonsensical law full of gaping holes.

If I visit your website, you'll log details about what I'm doing. That's kinda
how it works.

This "pop up a massive cookie warning on every fucking website" is worse than
advertising that start up playing sound. Worse than the original 'problem'.

BTW The EU are now planning to ban powerful vacuum cleaners in their ever
further reaching quest to limit freedom.

------
selectnull
There is no mention of Yahoo in the article at all. The article's title is
"Web Giants Threaten End to Cookie Tracking". HN's title is misleading.

~~~
wingspan
I think swapping out Microsoft for Yahoo is probably not a bad tactic for
garnering more upvotes on HN.

------
devx
Will they use EME/DRM to make them undeleteable, too?

[http://blog.notevencode.com/posts/html5-eme-is-not-a-drm-
sta...](http://blog.notevencode.com/posts/html5-eme-is-not-a-drm-standard/)

------
endianswap
"Cookies let advertisers reach digital audiences, but the trail stops at
smartphones and tablets, because cookie technology doesn't work well on them."

Is there something here I'm missing? I spend more time browsing the web on my
Android phone than my PC and I've never ran into any issues with "cookie-
driven" features.

~~~
krallin
I think that what they wanted to say is one of: cookies don't really work for
in-app tracking, cookies don't carry over from laptop to smartphone.

Cookies obviously work in mobile browsers, but browsers are only a part of the
picture on mobile.

------
mcfunley
The story seems to be that these companies want to do ad attribution across
devices. Example: I click on an Adword on my phone, and come to your site. I
then come back later on my desktop computer and buy something. Google would
like you to consider this when you evaluate the ROI of that ad campaign. The
author of the story sounds completely clueless.

------
theboss
Google is bluffing... They never would end online cooking tracking because
that is how they effectively target ads.

If people stop getting their money's worth with advertising on Google then
Google will lose money.

~~~
cpeterso
Google would need cookies for tracking Firefox and IE users, but, as the
article says, Google is adding its own user ID header to Chrome and Android.

------
EGreg
I think they are talking about 3rd party cookies only. Cookies aren't going
away, otherwise most of the web will break.

And they are already severely limiting 3rd party cookies. Even Mozilla's in on
the action:
[http://www.computerworld.com/s/article/9240218/Mozilla_again...](http://www.computerworld.com/s/article/9240218/Mozilla_again_postpones_Firefox_third_party_cookie_blocking_this_time_for_months)

------
josephlord
Interestingly it sounds like MS is going the opposite way to Apple which has
been taking steps to stop apps (and probably ads too) from tracking the device
(although you can track across different apps from the same developer).

------
LandoCalrissian
I assume they will use some kind of browser fingerprinting.

[https://panopticlick.eff.org/](https://panopticlick.eff.org/)

~~~
jieqin
that's an 'ok' alternative when cookie is unavailable, definitely not a
replacement technology.

