W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

Re[2]: Unverifiable Transactions / Cookie draft

From: Eric Holstege <Eric_Holstege@broder.com>
Date: Tue, 18 Mar 1997 12:48:55 -0800
Message-Id: <00022216.1407@broder.com>
To: http-wg@cuckoo.hpl.hp.com
Perhaps I am misunderstanding this issue, but it seems to me that these are the
facts:

1) DoubleClick etc. use cookies to track users across domains
2) This allows small sites to participate in selling ad space by just including
inline image URLs that point to DoubleClick's ad server
3) THIS permits small sites to generate ad revenue by merely adding some HTML to
their pages
4) The current cookie spec prevents this scheme
5) DoubleClick, et al can continue to do what they do now, BUT they will need
their member sites to run a CGI script that they would provide to track users.

Effects:
1) no increase in privacy - there's just a CGI-based mechanism instead of a
cookie-based mechanism
2) small sites have problems because they need more technical know-how, and more
CPU power to run the DoubleClick ad tracking CGI on each ad view
3) sites that actually reside on ISPs which don't allow CGIs also have problems
and can no longer particpate

Summary:
You have not helped privacy, you have just redistibuted income from small sites
to big sites. Selfishly speaking, this to my advantage because I have a big
site, but for the general health and future of the web, it seems unfortunate.

There are a lot of small sites that make a few $100 a month from banner ads (NOT
DoubleClick, but ad barter networks and small volume networks) and this revenue
helps support small specialty sites that otherwise would not exist. This
promotes diversity on the web, which is perhaps beyond the scope of the goals of
the spec, but which we might agree is a "good thing".


____________________Reply Separator____________________
Subject:    Re: Unverifiable Transactions / Cookie draft
Author: hardie@thornhill.arc.nasa.gov (Ted Hardie)
Date:       3/18/97 9:58 AM

On Mar 18, 11:32am, Steve Madere wrote:
> Subject: RE: Unverifiable Transactions / Cookie draft
>
> I think it is important to remember that what DoubleClick, FocalLink,
> and GlobalTrack use cookies for is to deliver controllable advertising.
>
> Advertising is what will pay for most of the useful services on the
> web.  I think most people recognize this now.  It is important to
> advertisers to be able to know the number of unique individuals who
> see their message and to be able to control it.  (eg:  show this ad
> three times to each person)
>
> One does not have to know who the user is to accomplish this.  All one
> needs to know is that they are the same person that was already shown
> this ad three times so we should show another one now.
>
> There is no need to violate anybody's privacy to achieve this goal.  This
> is in fact exactly what is achieved with a serial-number cookie.  Now,
> if you take away the auto-cookie capability, sites will be forced to
> require users to register and "login" to get this kind of control.
>

There is nothing in the spec which forces you back to a "login" method
to track unique users.  The spec requires that you make sure that the
same cookies are not used across domains; it allows you to do what you
want *within a domain*.  If you want to make sure that a dejanews user
sees an advert three times and then gets moved to a different ad, you
are welcome to use cookies to do so.

If you wish to use cookies to make sure that a user sees an advert
three times *at any site* before moving on to a different ad, sorry.
Because the use of the same cookie across sites allows for the
creation of very invasive clicktrail analysis, that has been ruled out.
there is
something which says that if you are using cookies, you need to manage
them within your domain.



> Any site that lives off of advertising will soon depend heavily on cookies
> for their whole revenue model.  In case you haven't noticed, this includes
> basically *all* of the most useful resources on the web.

I might dispute whether the most resources on the web are advertising
supported or not, but I won't.  What I will dispute is the idea that
cookie-based advertising *requires* third-party management of the
cookies.  It doesn't.  There are several other ways of doing this,
most of which have already been given by others in this thread.
You presume in what follows this section that sites which do not
use third-party management systems will have to homegrow a system,
sell their own advertisements, and die of the increased costs.

This is one heck of a presumption.  I will counter presume that
a development effort to provide a workable and auditable management
system for small sites will produce a reasonably-priced or
free management system within a year, and that small scale sites
will be able to create an electronic market for their own goods,
thus avoiding ceding part of their profits to third-party management
systems.

Both scenarios are possible--and your participation in the development
efforts could significantly increase the likelihood of one or the
other outcome.  You choose.

                                regards,
                                        Ted Hardie
                                        NASA NIC




-- 
Received on Tuesday, 18 March 1997 12:57:07 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:31 EDT