Notice: This blog is no longer updated. You may find a broken link or two

You can follow my new adventures @mikeonwine


So, time and time again you see people rant and rave about how your privacy is being seriously compromised by the use of cookies. I must say, if you just read around on google, advertiser cookies are one of the most misunderstood beasts out there. Nowadays, practically every spyware removal program flags advertiser cookies as ‘SPYWARE/ADWARE’. Try it, google up tribalfusion cookie, or yieldmanager cookie, etc. etc.

Take this SpywareNuker page:

Some of the Cookie.Advertising.com components are listed below. The list is compiled as a reference. The list might not be complete and it doesn’t represent instructions for manual removal. We DO NOT recommend manual removal. Incorrect removal of certain software might make your computer unstable or even unusable.
Removal of adware component might affect the related ad-supported software.

Sorry to say, but this is total bullshit. Ad.com’s cookie doesn’t infect a thing and can be removed easily and safely by yourself. So what are adserver cookies and what’s stored in them? The most basic information that most adserver will want to know is:

  • which ads you’ve seen, and how many times you’ve seen them
  • which ads you’ve clicked on
  • which ads you’ve converted on

Yes — that’s right, adservers know when you buy things after clicking on an ad — but that’s another post. Now more advanced behavioral companies will also want to track which sites you’ve been to and what behaviors (or segments) you belong to. Allowing adservers to track you using cookies means you won’t repeatedly see the same ad, and you should see more relevant ads to your interests as you continue your path along the internet.

So how do companies store this information? There are two ways — client-side or server-side. Client-side involves storing all the information about you in your cookie whereas server-side the cookie simply stores an ID and all information about you is stored on some database somewhere. Doubleclick as seen in the below screenshot seems to have gone the server-side route and simply stores my “id” which maps to some data they have on me in their databases. The server-side route is great if the advertiser wants to store a lot of data since there are size limiations on cookies and you don’t necessarily want to transfer 10kb back and forth on every ad call. It’s not so great as it requires some serious database infrastructure to handle 10-100k read/writes per second to a single database.

Doubleclick Cookie

Burst seems to have gone the client-side route and stores all ads I’ve seen from them directly in my cookie files. It’s actually interesting to note that the cookie data from Burst is not-encrypted (big nono!).

Burst Cookie Files

Ok, so what does this all mean for the end-user? Well, indeed, there are companies out there that are tracking most of everything that you do online. Ad companies like Tribal Fusion know what you’re interested in and what you like to browse for. Hell, if Google succeeds in pushing Checkout to the world they’ll know everything you’ve bought, how much you paid for it and much more! All in all this sounds scary but it really shouldn’t be. Why?

First off, none of the information _should_ be personally identifiable. Cookies are tied to your computer, not your name. So if you switch machines often, or clear your cookies, all history is immediately erased. Now, some argue that if your browsing history is stored it should be possible to figure out exactly who you are. Lets be honest, why go through all the trouble if there are much easier ways of figuring out what you’re doing online? If you’re worried, go download an anonymous browsing tool (there are plenty), or visit the little known-of ‘opt-out’ pages that almost all online advertising companies have. Some examples: Advertising.com Opt-out, Yieldmanager Opt-out, Doubleclick Opt-out. If you do go the opt-out route, don’t clear your cookies because that’s the only way they’ll know you don’t want them to track you!

So whichever route you take, don’t forget that the websites you visit can provide you with free content because of the money they receive from advertisers. Cookies are one tool that advertisers use to help track revenue and regularly clearing them can cost your favorite sites money. My personal choice? I clear my cookies every month or so but am perfectly happy to let companies track my behavior to show me more relevant ads. Hell, I’d much rather look at an ad for some new tech gadget than ‘punch the monkey’!