Cookies Detected by Anti-Spyware Programs: The Current Status

Which anti-spyware programs detect which cookies? The subject occasionally prompts discussion. (1, 2, 3) Several groups have surveyed users' views of cookies (Burst Media, InsightExpress, JupiterMedia, The Pew Internet & American Life Project, Ponemon / Revenue Science, and WebTrends), generally finding that 30%-60% of users say they distrust cookies and say they delete cookies at least occasionally. On this basis, eMarketer urged online marketers to convince users of cookies' benefits, and Safecount.org called for enabling accurate advertising measurement while protecting consumer privacy.

Despite these many cookie-related efforts, it seems there has been no detailed hands-on testing of which anti-spyware programs (a primary means by which users delete cookies) detect and delete which cookies. Program-by-program testing is widely used to compare anti-spyware programs' detection of spyware and other unwanted software (1, 2, 3), but it seems no such testing has been performed as to cookie detections. This piece reports the results of such testing.

The treatment of cookies by anti-spyware programs poses important practical questions. If, as some vendors and privacy advocates allege, cookies present serious privacy concerns, users ought to know which programs best protect them from this threat. Conversely, because deleting cookies interferes with certain advertising measurements and payments, online advertisers and their partners might reasonably want to know which cookies are being deleted -- for example, to adjust their payments to make up for commissions lost by cookie-deletion.

Even the absence of consensus deserves investigation. Where security companies look at the same facts but reach different conclusions, their differing decisions may inform analysis of what characteristics make (or don't make) a given practice objectionable to security experts.

Why the Fuss?

Advertisers' and Ad Networks' Perspective

Advertising systems use cookies for a mix of purposes, but primarily to track which users have seen which ads. Such tracking helps show ads more effectively -- e.g. by avoiding showing the same ad repeatedly to a single user. Such tracking also measurement of ad effectiveness -- to determine which ads yield purchases, and often to adjust payments accordingly.

While advertisers face significant design decisions in choosing exactly how to use cookies, cookies are the only clear method to track user behavior over an extended period (i.e. longer than a single browsing session). Without cookies, advertisers might not know which ads work best at getting new customers. Furthermore, sites that show ads might not be credited for all the customers they had sent to advertisers -- causing the sites to be underpaid. Hence the advertising industry's concern at the suggestion of users widely blocking or removing cookies.

Click here to read more....