Implications of Blocking 3rd Party Cookies?

Posted by & filed under , , , , .

iStock_000015348015XSmall online privacy and securityNow that I wrote the previous post about blocking 3rd party cookies and the (famous) Firefox release which triggered my reaction, I keep thinking about where is the online world going from here. I know a few groups in the industry are working on various approaches but I’m constantly being followed by one idea which can ruin it for a lot of us: popups!

It might all be because I’m old enough to have lived through the 90’s and the extremely annoying culture of popup windows that pretty much every other website at the time proliferated. Or it might be that actually from a business perspective it’s a damn good idea — and an easy way to get to track user, even if it is the result of a hijack!

Let’s do a quick recap of what the story with this blocking of 3rd party cookies is in browsers like Safari and Firefox: they block 3rd party cookies from sites you haven’t visited, while allowing cookies from 3rd party sites from which you have cookies already. So Google, Facebook and the usual suspects still track you (seriously, do you ever log out of your Google or Facebook account???) — while the smaller sites can’t do that easily.

Whether that’s fair or not I disputed in my previous post and I’m not getting back into that discussion — as I said, it’s a different implication of this mechanism I’m approaching in this post. As my explanation above goes, in order to be able to track users on 3rd party websites, all a site has to do is to somehow miraculously get the user to visit the website (so it’s a 1st party visit!) and drop a cookie in this process. Once that cookie is there, these (stupid) browsers will open up your online privacy to that site like there’s no tomorrow and allow exchange of cookies from here to eternity.

Right, so having that 1st party cookie there in the first place becomes now the holy grail of online advertising, wouldn’t you say? As an advertising platform you are going to pay whatever it takes to have the first cookie on the user’s browser — this can mean a few things:

  • increase in search terms in Google and the likes and a higher CPC for search term — buy more Google stock as big G’s gonna love this! (Ahem, wouldn’t be surprised if someone in Google didn’t exchange some brown envelope down some dark corridors in Mozilla ๐Ÿ˜‰ )
  • increase in fake search terms and SEO — this might not be possible in the likes of Google that easily as they monitor that your site does fall in the category you buy your keywords in but I bet you there will be smaller search engines which will allow advertising platforms to buy keywords like “download” just to get a direct visit from a user and get that cookie in.
  • Dreaded popups! Rather than try to attract the user to my website through SEO, search terms, affiliate marketing and who-knows-what, all I have to do is find a network of decent size websites and spend a fortune in a popup advertising campaign. (Let’s face it, those do exist still and while budgeting might be small, I bet we’ll start seeing an increase in those.)

While the 1st and 2nd aren’t perhaps that bad — and I’m referring here to the user experience, of course they are bad in terms of the budget increase implications and the likes! — the 3rd one can be terrible and I think it deserves a bit more attention.

Why do I think popups are risking a comeback? Well as I said, advertisers will need to get that first direct visit from a user and cookie the user in the process — so they can later on re-cookie or track the user on 3rd party websites. It’s known that people are spending fortunes occasionally on malware — and sites are taking those tags on and pushing them to the public just as often! — so you think they won’t be spending fortunes on something less malicious than that? Just a simple popup and 1st party cookie? Apart from a user annoyance, they won’t get slated like they do when they push malware to start with, secondly if they manage to get to the user with the standard popup penetration techniques, the user will just close the window with a slight annoyance, unaware in most cases of the fact that the 1st party cookie has been dropped and now s/he is open to tracking from the advertiser. In other words, it will be the same annoyance they get nowadays when they close a popup, without the whole 3rd party cookie blocking being in place.

There are companies like SAY!Media who built entire productsets based on showing interstitials and popups. (Note to self: buy more stock in these guys!) Nothing is to say there won’t be a new ad unit promoted by these guys where they allow you to embed a tiny html page hosted of your domain in an IFRAME in their interstitials (I believe IFRAME’s would still qualify as 1st visits?) — and voila, you got your 1st party cookie. Charge for it as much as you want, if you’re the first out there you’ll be raking the market and eat everyone’s lunch. (SAY!Media, if you’re reading this and not end up building a product like that you’re a bunch of morons — and I know that not to be the case as 2 of my mates work there! ๐Ÿ˜‰ )

Or simply fall back onto our “beloved” popups — rather than opening up a popup hosted by the advertising platform (SAY!Media in this case), open up a URL hosted under the advertiser’s domain, then you can 1st cookie the user and open the door to 3rd party tracking from there! Actually, one can take this idea even further perhaps: let’s say we have an advertiser liviutudor.com who wants to end up tracking users online (I know, I know, I’m showing my stalking side ๐Ÿ™‚ ) — now my advertising domain (where my advertising platform runs) will be something like ads.liviutudor.com. I might have a liviutudor.com where my techies blog about technical “stuff” and of course a www.liviutudor.com which is typically managed by my marketing department. Now all I have to do is to set up a domain say.liviutudor.com and delegate the management of that to the likes of SAY!Media — these guys will set up a mini-site on it and even create the HTML pages needed for hosting the contents of popups and/or IFRAME contents. Then these pages will be referenced and included in their advertising system and spread to users on various websites such that these pages they manage for me under say.liviutudor.com end up dropping 1st party cookies onto users on the net — however, they will be dropping cookies under the top-level domain liviutudor.com! This means, from there on, any of my subdomains (including ads.liviutudor.com) will be able to access those cookies as well as drop more cookies under top-level domain liviutudor.com! And from there on I’m back to where I wanted to be but with a higher cost to me (liviutudor.com) — though a nice little earner for SAY!Mediaย  — and a bit of annoyance to the users who keep seeing these popups and interstitials now everywhere.

The concept above is simple — and relatively easy to execute too! The more I think about it, the more I can’t stop thinking that there will be a handful of startups emerging to fill in this space right away and blast the shit out of us with popups and interstitials — you thought YouTube pre-rolls were annoying? Welcome back to the 90’s popups! Thanks, Firefox and Safari!

One Response to “Implications of Blocking 3rd Party Cookies?”