Third Party Cookie browser warning and it’s impact
29 April 2008 – 9:21 amJangmeister, I observed some friends shopping the other week, and learned something interesting, and would like to get your take on it, as well as your visitors. In some newer browsers, there’s a third party cookie warning icon that shows in the status bar. IE’s icon is an eyeball with the international symbol for no (red circle with angled slash in it). Two of three shoppers I recently observed, when they saw the icon, they volunteered to me (I didn’t point it out to them) that the site was “spying” on them by using cookies. They said if the site wasn’t one that they trusted (like Amazon), they’d bail on providing any information, like any purchase or signup. So, of late, I’ve become very aware of it’s presence.
Your blog here uses two services that try to load a third party cookie - seesmic.com and lijit.com. I was using a social tag (addthis.com) that was doing the same thing on a site of mine. Having heard these shoppers reaction to the icon (one called it the “do not spy” symbol), I took down the service.
I have an affiliate site that serves up merchant images and that merchant was kind (sarcasm) enough to try to set a third party cookie when the image is called. I am planning to host the images on my own server, which I want to do for speed anyhow, given the adwords quality scoring issue regarding page load time - but doing so will also solve my third party cookie issue on this site.
So, question is, am I concerned (calling it worried would be an overstatement) about nothing here? Does my small sample size of my shopping observations have me over tweaked on this issue?
Assuming visitor’s behavior is affected by it, and since seo algo’s build in things that consumer’s care about, do you believe there’s an seo impact likely attached to having third party cookies called?
Most modern browsers default to block them anyhow, so should we contact these parties (addthis, lijit, etc) as webmasters and say “hey dudes/dudettes, knock the cookie calls off, you won’t get data anyhow and you’re thirst for data ain’t helping us, and might even pimple our butt cheeks now and then”? Or do you think the data collection lust has become such a strong pull (Alexa comes to mind), that it’d be pointless to ask?
This post was submitted by Pat Grady.
If you enjoyed this post, please subscribe to my RSS feed
Pat, first of all, thanks for submitting this post. I created this post submission form for a different purpose, but would love it if some readers contributed some commentary and/or questions worthy of discussion. I can't think of a better first submission.
Personally, I tend to not worry a whole lot about this stuff. Maybe that's to my own peril. I'll dig in if I hear about it, meaning that it's prominent enough to hit the radar, but otherwise, treat it as a "cost of doing business".
That said, that stupid, creepy eyeball and circle-slash pissed me off from the first day I saw it. Thanks Microsoft for freaking people out more than they need to be. Maybe you could have used the Eye of Sauron or something for the maximum impact.
Services like lijit are tracking user activity as part of the service, so I'm guessing that they sort of need the tracking in place. Perhaps they should allow the webmasters to configure this, but like me, I think they'd rather just not worry about it.
As for SEO impact, I'd be surprised. I doubt the search engines share the over-board paranoia that the guys at Symmantec and apparently Microsoft's IE team seem to have.
I'd rather the Microsoft knock it off than ask these third party widget providers cripple themselves.
You should, however, set your privacy policy such that you explain that these things are happening. Google seems to at least care enough about that to require it for Adsense publishers.
Of course all my lack of concern comes from the perspective that these guys are doing nothing wrong with the data. By putting Lijit and others on my site, I inherently trust them with that. I do know, from my own widget development efforts, that there's a good amount of information available to these third parties. Not so much about the visitor as about your own website and traffic, particularly the sources of traffic.
I'm much more concerned about that, and for that reason would be cautious about putting third party widgets and such on my affiliate websites. (That's a subject for another post.)
I sent the Lijit folks this post, so hopefully they'll chime in with their thoughts.
Nice post, Pat. I agree with Jangro that there probably won't be any SEO impact. However, I'm sure there is a portion of visitors who are scared off by the Eye of Sauron. But are those the types of people willing to hand over their credit card for a conversion anyway?
Sam
The two I interviewed that answered that way were, but my experiment was totally unscientific and certainly not representative of things. But, I want to mention again, that the vast majority of browsers will block these cookies today, so even if our loss is teeny tiny, it's in exchange for nothing. Not a good trade off for any marketer.
With AddThis, I could have chopped their code to drop their widget, but I assume that wouldn't fit their terms. To put things in perspective, this problem wasn't important enough to me to even review their terms for that possibility.
:-)
"Eye of Sauron", hehehee, exactly! They could have made it clearer (spying ain't happening) and therefore less threatening.
I like your take on making sure your privacy policy reflects these things, good call there for sure.
As to the seo, I doubt with the prevalence of widgets, that it hurts seo directly... but what I worry about is that some seo algorithms use consumer stay time and activities as part of their scoring... so if consumers alter their behavior, some seo algo's may pick up the connection and incorporate third party cookies as part of their scoring. I'd guess any filter like that would be domain dependent, meaning if Adsense loads a landing page cookie, no repercussions, but the less mainstream the third party gets, the more likely it'd have an effect on both the consumer, the browser warning system and some seo algo's.
In any case, thanks for posting about this, enjoyed reading your thoughts on it.
I'm an IE guy on my current office machines... what does firefox display (if anything) for these cases?
Firefox doesn't display anything that I've ever seen.
Good point on the indirect impact that slow response and high bounce rates may have on quality scores and such. Widget slowness can contribute, but there's the added 'fear factor' I suppose.
I also use Firefox and I don't see anything. I agree with Scott in saying that if you go so far as to put them on your website then you already trust what they're doing to a certain extent.
I usually only use widgets that I've seen elsewhere so I can ask people their experiences. I think that kind of back up & research on using a widget is key...and more important than any random cookies.
Sorry I didnt post this comment yesterday, but I wanted to make sure that I had a real answer, so I asked one of our developers at Lijit. Here was his response (would love to hear your thoughts):
Why Lijit uses them:
We use cookies to not only track whether someone is a Lijit user(allowing them to login etc), but also to allow us to match up a blog/widget visitor to any searches they may perform through our widget. This allows us to provide valuable metrics to our publishers in the form of stats, which in turn allows publishers to give their readers better content.
In general, to get the best functionality out of the Lijit widget, third party cookies should be allowed from lijit.com .
Historically, advertisers were the primary users of third-party cookies. This would allow them to track your viewing behaviors across any properties where their ads appeared. Some people disliked this since there was no real value to the web user, and the advertisers got free data. This was perceived as not only a security issue , but also pushed the perception of third party cookies into a grey area. This drove browser developers to disable these cookies by default.
In the current world of social media , distributed web services, and widespread widget adoption, the value to the user has changed. There are many services, Lijit included, that offer value to the user during their browsing session, versus just “tracking” them. The key, is that the web user is informed about what sites they visit, and the kind of content they allow in their browser. It is important for companies to disclose how they use the information they collect, and Lijit does this in our privacy policy (http://www.lijit.com/privacy_policy) .
Overall, the message should be about awareness and consumer education. The value of enabling third party cookies can actually be additive now, vs. being a cause for concern in the past. We ask users to enable third party cookies to get the most value out of our services. Modern browsers allow you to whitelist services you trust, and there are many services on the web that deserve that trust.
Thanks for coming by to answer questions about lijit.
As a former product manager for 6 years at an affiliate network, an industry that relies on third party cookies to track transactions, I totally understand where you're coming from. (not to mention the more recent developer of a social network that has widgets to track visitors.)
The difference with social media is that the behavior is more visible to the users. People like you and me understand that cookies are actually good and enable the functionality in something like lijit.
The good news is that it feels like the hysteria around cookies and privacy is somewhat subsiding. Unfortunately, I'm no longer in the position to measure this stuff with any volume.
Do you have any recent numbers on percentage of people who have third party cookies blocked?
"an industry that relies on third party cookies to track transactions"
I too appreciate the Lijit folks chiming in, and I certainly agree (as a consumer as well as a marketer) that cookies are good, and are relively benign, almost completely so.
But "third party" is being used here too loosely, cuz it's both a noun and a technical term. Third party can mean someone else besides the visitor and the site their on ("on" being the key word) -or- we can be referring to whether a browser considers a cookie to be a third party. Yes, these things are closely related, but there's some nuance in there... aff tracking sends the person through the network / tracking domain, so when that cookie is written / read, it's not really a third party cookie at that point (hence no eye of sauron). True, when it's read on the merchant's cart, it's a third party cookie requiring a script to run to complete the sale's tracking, but a little different than running that third party script on every page that contains a widget.
I'm not disagreeing that folks like Lijit provide useful and meaningful services, and that to do so means data collection is required, but I strongly suspect that the majority of visitors to this site today will block the Lijit cookies. So my question remains, what is the price that the website owner pays for this situation? I suspect, as others have posted here, that as long as your privacy policies are updated and followed, the impact is probably on the order of magnitude of a drop or two in a quart of milk.
As a seasoned webmaster, I view my efforts as the summation of the roughly 10,000 drops that it takes to make a quart, and I seek to avoid any that may be sour ones.
I suspect since cookies are innocuous, and because browsers can easily block them, that there's very little chance they can turn the quart sour... but I thought I'd bring it up with others.
Lastly, it's not so much that I fear cookies of any sort (I don't), it's the view of relationships to other sites is our interlinked Internet world... folks like siteadvisor (by McAfee) use these relationships to make judgements about the nature of sites...
http://www.siteadvisor.com/sites/jangro.com
So, if connected sites get in trouble, it will reflect on me. Mantra in all of this is... and it's SO very old school and brick and mortar'ish... and my Mom taught it to me way back... you are the company you keep.
I have noticed that there is a lot of "cookie stuffing" going on . Some of these Black hat types are getting pretty clever at covering their tracks.
Hi, I'm web designer and I just want to tell you how great your blog is, there's some very inspirational stuff here. I'm certainly going to bookmark it now and will come back when I get one of those creative blocks.
Keep up the good work.
Ken
I'm also a web designer and I have to ditto Ken's response. Great work man! Also, I doubt your SEO will be affected by this at all - that's the last thing I'd worry about.
I do believe that most online surfers aren't technically savvy enough to be concerned about the "spying eye" icon. For something like this, i think it would be difficult to get 3rd parties to remove cookie calls from their applications. Gathering market demographics is just too important for them to drop without a major user revolt.