Tag Archives: Cookies

The End of Tracking Cookies in Europe?

Posted on by
3

The Council of the European Union has approved a law ending the current use of tracking cookies in the EU within 18 months. The EU directive will now be turned into national laws. In detail, the new regulation will require that a cookie can be stored on or accessed from a user’s computer only if that user “has given his or her consent, having been provided with clear and comprehensive information.”

There is only one exception to the rule: Permission to store or read cookies is not mandatory when their use is “strictly necessary” for the provision of an “explicitely requested” service. That means, if a user is clicking through an online shop and puts items in the virtual shopping basked, the site may use cookies. However, the site may not read or write cookies for the purpose of third-party advertising as users don’t explicitely ask for the display of advertising. In theory that means that any site serving ads will need to ask for users’ consent.

Full version here: DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws

If the laws will actually be enforced it will mean the end for a lot of business. Many sites out there derive their revenues from consent-less advertising only. This also includes Facebook, YouTube and so on. As most ad servers out there are completely based on cookies, these companies would have to ask their users for permission to show them “well-chosen offers of partners”. This would also give users the option to choose an ad-free YouTube or Facebook. Who is going to be paying for the service then? Will casual communities introduce subscription fees just like LinkedIn?

The consent requirement for the use of browser cookies also applies to analytics. All sites using Google Analytics, Omniture etc. will need to ask for explicit permission to store and read cookies too. This however isn’t all that bad. No matter which website I visit, I always see Google Analytics requests in the status bar of the browser. They can track a user across the whole internet which is quite scary actually. At this time nobody is asking for my permission.

I’m not sure if the directive will really become effective national laws. There is too much money in online advertising and I think a lot of companies will begin some heavy lobbying soon. The new regulation would kill some of the greatest innovators out there. The other question is how the authorities will actually be enforcing the laws. Anyhow, cookie-less tracking techniques will become more and more important.

“That sale is mine” or The Need To Abolish the Last-Cookie-Counts Principle

Posted on by
2

As online marketers we often preach that online and mobile are so much better than traditional/offline marketing because we can track everything and measure all marketing activities correctly. The truth is that most companies base their decisions on invalid data about their online activities. Some of them are aware of it, most of them are not.

Back in the dark ages of online marketing it was alright to associate an online transaction with the last traffic source previous to that purchase. Having some data was better than having nothing. But customer behavior and online marketing techniques have evolved. Also, online marketing budgets are significantly higher these days, so we need to be a lot more acurate now. All this lets the principle of “last cookie wins” look antiquated.

Here are some facts I picked up at the latest a4uexpo affiliate marketing conference in London. During the “Affiliate Apocalypse Panel” Julia Stent of Vodafone UK shared some insightful data with us:

  • In general there is a 20% overlap between affiliate and paid search traffic.
  • In only 21% of all affiliate sales, the affiliate is the only person involved in generating that sale.
  • For 72% of online sales in the travel industry where a user has visited an affiliate site at some point, affiliates were not rewarded due to the last-cookie-principle.

Currently we attribute a transaction (lead or sale) to one traffic source only. But given the previous facts, that actually ignores valuable data and leads us to miss the bigger picture completely. All marketing activities are inter-related. That goes for offline vs. online and also for within the online sphere.

However, today’s world, especially in online marketing, is still driven by the old principle of “that sale is mine.” In numerous companies I’ve seen internal fights about this, display vs. search vs. affiliate managers. Instead of cooperating they often work against each other, accusing each other of stealing sales. It’s usually the affiliate marketing people that have to defend their affiliates and themselves.

“That sale is mine” can no longer be our mindset. Instead we need to find ways to distribute commissions among all parties involved in the decision-making and buying process in a fair manner. We need to measure the true influence of an advertising channel and the parties involved instead of relying on the last-cookie-counts principle.

This would also remove the issue of chasing the last click, something that affiliates have become extremely good at through coupon sites or cookie spamming in the form of layer ads, pop-up windows, adware and other forms of forced clicks.

What we need is cross-channel tracking on the side of merchants and affiliate networks turning more into technical solution providers. We need to be able to split commissions for the same transaction among several traffic sources. Something we probably won’t see anytime soon, but this is where it needs to go.

Small Networks Set The Standards

Posted on by
Reply

Usually the larger an institution gets the less innovative it becomes. There are a few exceptions, but generally the big players of an industry don’t drive innovation.

After UK-based AffiliateFuture the German 2nd-tier affiliate network belboon has also introduced a tracking technology based on local shared objects, also widely known as “Flash cookies”. Back then AffiliateFuture observed a 7% increase in conversions. I’d be really interested to see belboon’s figures.

I haven’t heard of any large affiliate network implementing something similar. For example Commission Junction has become so slow over the years. I take these types of networks are going extinct like the dinosaurs at some point.

Flash cookies are somewhat similar to regular browser cookies. Essentially they are files stored on a user’s computer. The main differences are:

  1. Traditional browser cookies are stored in separate folders for different browsers. Flash cookies are always stored in the same folder, no matter which browser you’re using. That way the tracking works even if a user switches between browsers.
  2. The browsers can only delete the cookies in “their” folders. They don’t auto-delete the Flash cookies.
  3. Unless users block Flash elements, the tracking still works even if they run their browsers in a super-privacy mode.
  4. Traditional cookies follow an open standard. Flash cookies are controlled by one company: Adobe.

The End of Cookie Tracking?

Posted on by
Reply

Concerns about data protection have inspired publishers of web browsers to come up with “stealth” modes. Especially traditional browser cookies are under attack now. Today a large percentage of the online advertising business is based on these cookies. What are the implications?

Internet Explorer

The current version 7 of IE blocks all third-party cookies by default. That means that pages loaded via frames cannot drop cookies at all if their domains are not equipped with a proper P3P policy. Many advertisers haven’t taken care of that, so all the iFrame affiliates will have more and more difficulties.

Internet Explorer 8 is going to introduce a private browsing mode. Cookies are not rejected right away but are treated as session cookies and deleted when the user closes the browser window. Some people refer to it as the “porn mode” but it was originally designed for the use of the internet on somebody else’s machine. Another new feature is giving users the ability to delete all cookies except those of bookmarked websites.

Mozilla Firefox

The current Firefox does not block third-party cookies. But it’s very easy to tell the browser to delete all cookies on closure. And a lot of people actually do this. Also, there are many plugins that filter out banners and cookies today already. The funny thing is that sometimes these impressions are still counted by the delivering ad networks even though nothing is being displayed.

Google Chrome

This sucker is quite ironic. It allows users to switch to a “stealth” mode making it difficult for ad networks to re-target ads and track conversions. However, the browser software itself collects data and passes it back to Google. As a result Chrome only allows Google ads to work, the other ad networks can be blocked. In my mind Chrome is the biggest spyware ever, nicely packaged I have to admit. I hope they’ll get sued over this.

Solution for Online Advertising Networks

For many years the effect of rejected/deleted cookies has been unkown. Now we finally have a profound data basis. AffiliateFuture, an affiliate network based in the UK, observed a 7% increase in tracked conversions after they introduced flash cookies. I think with the introduction of new browser generations the effect will be much higher.

Online advertising networks can’t rely on traditional browser cookies alone anymore. They must also incorporate technologies such as finger-print tracking and the use of flash cookies. Not one of these methods alone will work. They have to be used simultaneously.

Mobile Tracking

A lot of browsers on mobile phones do not support cookies, Javascript and Flash. So none of these methods can be used to track well on the mobile internet. That’s why for example Google’s conversion tracking is useless for mobile ad campaigns. The way to go on mobile is server tracking on the side of the advertiser and batch imports to the ad network.

easyCredit gegen Cookie Spammer

Posted on by
2

So langsam merken weitere Merchants dass Ihnen der ganze Layer-Mist keine zusätzlichen Konvertierungen bringt sondern nur Cookies überschreibt. Nun geht auch easyCredit, gemanagt von 3GNet, gegen die Spammer vor:

Das Erzeugen von Cookies ist ausschließlich dann erlaubt, wenn ein Werbemittel eingesetzt wird, dieses sichtbar ist und der Erzeugung des Cookies ein bewusstes Anklicken durch einen Nutzer vorausgeht. Grundsätzlich ist Cookie-Dropping sowie das parallele Aufrufen der easyCredit-Seite ohne den Einsatz eines Werbemittels verboten.

Zum Mitschreiben: Cookies nur bei absichtlichen Clicks, also nicht bei PopUp, iFrame, Layer usw.

Hier noch einmal explizit:

Generell ist den Partnern untersagt iFrames, Pop-ups, Pop-under und Layer einzusetzen, die ein easyCredit-Werbemittel oder den easyCredit-Internetshop laden und ein Cookie beim Nutzer ohne dessen Mitwirkung setzen.

Arcor gegen Cookie Spammer

Posted on by
3

Das von sunnysales gemanagte Partnerprogramm von Arcor geht nun gegen die Cookie-Spammer unter seinen Affiliates vor. In den neuen Teilnahmebedingungen steht u.a. folgendes:

Untersagt ist für den Partner die unsichtbare Einbindung des Arcor- Internetshops, um ein Cookie beim Nutzer zu erzeugen. Generell ist Arcor-Partnern untersagt, iFrames, Pop-ups, Pop-under und Layer einzusetzen, die ein Arcor-Werbemittel oder den Arcor-Internetshop laden und ein Arcor-Cookie beim Nutzer ohne dessen Mitwirkung setzen. Postviewtracking ist untersagt, soweit von Arcor keine ausdrückliche schriftliche Zustimmung zum Einsatz dieser Methode erteilt worden ist. Sollte eine schriftliche Zustimmung von Arcor vorliegen, gilt, dass für die Postviewauslieferung maximal ein Cookie gesetzt werden darf.

Arcor will also die Konvertierung steigern indem die Qualität der Klicks verbessert wird. Cookie-Spammer die mit Popups, Layern und unsichtbaren iFrames arbeiten sind somit unerwünscht.

iLove gegen Cookie Spammer

Posted on by
1

Das Affiliate-Programm von iLove führt bei Affilinet, Tradedoubler und Zanox neue Teilnahmebedingungen ein:

Affiliate Partnern ist es ab sofort nicht mehr gestattet, iLove Cookies zu setzen, ohne iLove Werbemittel oder iLove Content darzustellen. Pop Up’s und Pop Down’s dürfen selbstverständlich mit Cookies ausgeliefert werden, wenn die iLove Webseite oder das Werbemittel erscheint.

Was steckt dahinter?

In meinem Beitrag zum Cookie Tracking habe ich die Funktion und Bedeutung von Cookies für das Affiliate Tracking erläutert. Über Tracking Cookies ist es möglich Affiliates auch für Transaktionen zu vergüten die erst Wochen nach Einblendung oder Klick auf das Werbemittel erfolgen.

Leider wird die Möglichkeit des Setzens von Tracking Cookies durch einige Affiliates in zweifelhafter Weise ausgenutzt. Diese Cookie Spammer schicken User auf Seiten auf denen eine oder mehrere Webseiten unsichtbar über Tracking-Links aufgerufen werden. Das geschieht in der Regel unsichtbar, z.B. durch die Verwendung von Frames.

Benutzer fangen sich somit unbemerkt und ungewollt Tracking-Cookies ein. Im Ergebnis wird ein Affiliate provisioniert obwohl er den User durch unsichtbare Werbung nicht auf den Merchant aufmerksam gemacht haben kann. Dass der User beim Merchant kauft ist nicht Ergebnis der Aktivitäten des Affiliates sondern Zufall. Für solche Transaktionen möchten die Programmbetreiber natürlich keine Provision zahlen.

Aufgepasst bei Frames und Cookies

Posted on by
10

Wer Tracking-Links mittels Frames einbindet könnte Probleme mit dem Tracking bekommen. Es kann sein dass bei Aufruf einer Seite der erforderliche Tracking-Cookie nicht geschrieben wird. Grund sind die Sicherheits- und Datenschutzeinstellungen der Web-Browser, insbesondere des Internet Explorer 7. Bindet man über Frames (iFrame oder Frameset) eine Seite einer fremden Domain ein, betrachten die Browser das als sogenannte Third-Party. Viele Browser blockieren solche Cookies von Dritten standardmäßig. Für Affiliates bedeutet dies, dass bei Einsatz von Frames ein großer Teil von Tracking-Cookies blockiert wird

Die Lösung dieses Problems heißt P3P. Hier wird über den HTTP-Header eine Datenschutzrichtlinie mitgeliefert, so dass der Browser letztlich auch Third-Party-Cookies durchlässt. Hier sind die entsprechenden Codes:

PHP
header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"')

Java
response.addHeader("P3P","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"")

ASP.net
HttpContext.Current.Response.AddHeader("P3P", "CP=\""IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""")

Es ist auch möglich, eine XML-Datei mit der Datenschutzrichtlinie zu erstellen, die im Head-Teil der HTML-Datei eingebunden wird.

Die komplette Empfehlung der W3C ist hier zu finden:
http://www.w3.org/TR/P3P/

Cookie-Gültigkeit nur gut für Spammer?

Posted on by
1

Cookies sind bekanntlich wichtig um auch für Transaktionen vergüten zu können, die ein User erst bei einem wiederholten Besuch der Webseite eines Merchants tätigt. Je länger die Cookie-Gültigkeit eines Merchants ist desto höher ist diese Rückkehrspanne. Wer etwas Hintergrund-Wissen benötigt kann noch einmal meinen Artikel zum Cookie-Tracking lesen.

In mehreren Blogs wurde in den letzten Tagen über die sogenannte “Cookie Lüge” geschrieben. Hintergrund ist dass einige Programmbetreiber mit 30 Tagen Cookie-Gültigkeit werben aber eigentlich nur Session-Tracking anbieten. Mit anderen Worten sie betrügen Affiliates.

Die Bedeutung der Cookie-Gültigkeit hängt sehr stark von der Werbeform hab. Beim Suchmaschinenmarketing suchen die Leute aktiv und sind tendenziell eher bereit sofort Geld auszugeben. Der Anteil von Cookie Sales ist hier also recht gering. Bei Banner-Kampagnen ist es schon mehr. Ganz schlimm ist es bei Popup- oder Layer-Kampagnen. Hier jubeln die Affiliates der ganzen Welt ihre Cookies unter und hoffen dass genügend User innerhalb der Rückkehrspanne des Partnerprogramms beim Merchant kaufen. Ohne Cookies könnten sie nicht arbeiten.

Eine lange Cookie-Gültigkeit nutzt also primär den Spammern dieser Welt. Wer qualitativ hochwertigen Traffic hat der wird den Unterschied nicht so stark merken. Hier ist der Anteil von Cookie-Transaktionen unter 10%.