- From: Eric Holstege <Eric_Holstege@broder.com>
- Date: Tue, 18 Mar 1997 12:48:55 -0800
- To: http-wg@cuckoo.hpl.hp.com
Perhaps I am misunderstanding this issue, but it seems to me that these are the facts: 1) DoubleClick etc. use cookies to track users across domains 2) This allows small sites to participate in selling ad space by just including inline image URLs that point to DoubleClick's ad server 3) THIS permits small sites to generate ad revenue by merely adding some HTML to their pages 4) The current cookie spec prevents this scheme 5) DoubleClick, et al can continue to do what they do now, BUT they will need their member sites to run a CGI script that they would provide to track users. Effects: 1) no increase in privacy - there's just a CGI-based mechanism instead of a cookie-based mechanism 2) small sites have problems because they need more technical know-how, and more CPU power to run the DoubleClick ad tracking CGI on each ad view 3) sites that actually reside on ISPs which don't allow CGIs also have problems and can no longer particpate Summary: You have not helped privacy, you have just redistibuted income from small sites to big sites. Selfishly speaking, this to my advantage because I have a big site, but for the general health and future of the web, it seems unfortunate. There are a lot of small sites that make a few $100 a month from banner ads (NOT DoubleClick, but ad barter networks and small volume networks) and this revenue helps support small specialty sites that otherwise would not exist. This promotes diversity on the web, which is perhaps beyond the scope of the goals of the spec, but which we might agree is a "good thing". ____________________Reply Separator____________________ Subject: Re: Unverifiable Transactions / Cookie draft Author: hardie@thornhill.arc.nasa.gov (Ted Hardie) Date: 3/18/97 9:58 AM On Mar 18, 11:32am, Steve Madere wrote: > Subject: RE: Unverifiable Transactions / Cookie draft > > I think it is important to remember that what DoubleClick, FocalLink, > and GlobalTrack use cookies for is to deliver controllable advertising. > > Advertising is what will pay for most of the useful services on the > web. I think most people recognize this now. It is important to > advertisers to be able to know the number of unique individuals who > see their message and to be able to control it. (eg: show this ad > three times to each person) > > One does not have to know who the user is to accomplish this. All one > needs to know is that they are the same person that was already shown > this ad three times so we should show another one now. > > There is no need to violate anybody's privacy to achieve this goal. This > is in fact exactly what is achieved with a serial-number cookie. Now, > if you take away the auto-cookie capability, sites will be forced to > require users to register and "login" to get this kind of control. > There is nothing in the spec which forces you back to a "login" method to track unique users. The spec requires that you make sure that the same cookies are not used across domains; it allows you to do what you want *within a domain*. If you want to make sure that a dejanews user sees an advert three times and then gets moved to a different ad, you are welcome to use cookies to do so. If you wish to use cookies to make sure that a user sees an advert three times *at any site* before moving on to a different ad, sorry. Because the use of the same cookie across sites allows for the creation of very invasive clicktrail analysis, that has been ruled out. there is something which says that if you are using cookies, you need to manage them within your domain. > Any site that lives off of advertising will soon depend heavily on cookies > for their whole revenue model. In case you haven't noticed, this includes > basically *all* of the most useful resources on the web. I might dispute whether the most resources on the web are advertising supported or not, but I won't. What I will dispute is the idea that cookie-based advertising *requires* third-party management of the cookies. It doesn't. There are several other ways of doing this, most of which have already been given by others in this thread. You presume in what follows this section that sites which do not use third-party management systems will have to homegrow a system, sell their own advertisements, and die of the increased costs. This is one heck of a presumption. I will counter presume that a development effort to provide a workable and auditable management system for small sites will produce a reasonably-priced or free management system within a year, and that small scale sites will be able to create an electronic market for their own goods, thus avoiding ceding part of their profits to third-party management systems. Both scenarios are possible--and your participation in the development efforts could significantly increase the likelihood of one or the other outcome. You choose. regards, Ted Hardie NASA NIC --
Received on Tuesday, 18 March 1997 12:57:07 UTC