Results tagged “Cookies” from IABlog

IAB and the Future of the Cookie: Evolving to meet Market Realities

| | Comments | TrackBacks (0)
A few years ago, the demise of the cookie was the chief worry on everyone’s mind. Marketers, agencies and publishers all struggled to imagine a future where they were able to continue delivering the seamless, connected experiences (that consumers have come to expect) in a world where the core technology supporting these strategies (the cookie) no longer existed. 

In 2012 the IAB formed the Future of the Cookie Working Group to address these issues - adding to them, the context of consumer privacy, publisher control, and other principles. 

In the “Privacy and Tracking in a Post-Cookie World” whitepaper, the group established five technology classes that described existing and emerging state management technologies, and evaluated their impact on consumers, publishers, and other industry participants. Thanks in part to the important work of this group, industry adoption and comfort with a variety of state management technologies, including the cookie, has become the norm.  

As we look ahead to 2015 and the current discussion and needs of the market, two main streams of work remain. In response to this and our members’ needs, the IAB is sun setting the Future of the Cookie Working Group to tackle these two streams of work more efficiently:  

1.  Data

Now that buyers and sellers have become more familiar with cookie-replacement technologies, and many are choosing to create their own proprietary solutions, a larger business and process discussion about audience engagement and the usage of audience data has emerged. Where the need was previously to understand the available technology choices, now many in the market are focused on gaining clarity around the new techniques, and best practices, for use and control of audience data in this developing cross-platform landscape. Including, but not limited to, the use of audience identifiers - the IAB’s Data Council will be home to continued discussions and guidance for how we can all be good data stewards. This will undoubtedly include timely issues such as data quality, protection, control and using data to inform an overall digital strategy. 

2.  Technology

Understanding the available technology has been a core effort of the Future of the Cookie working group.  With the IAB Tech Lab, we have a natural forum for continued evaluation of state management technologies, and the opportunity to bring together technical experts to develop resources and guidance for implementation.  

The IAB Tech Lab spearheads the development of technical specifications, creates and maintains a code library to assist in rapid, cost-effective implementation of IAB specifications and guidelines, and establishes a test platform for companies to evaluate the compatibility of their technology solutions with IAB protocols.   

As we move forward, these two groups will address the breadth of technologies that are available for understanding audience behavior and continue to provide guidance and leadership in those realms. So with that, we would like to extend a sincere and hearty “THANK YOU” to the more than 200 individuals, companies, members and non-members who contributed to the Future of the Cookie initiative. Also worth some praise are our stellar initial cast of co-chairs who truly contributed blood, sweat, and more acronyms than we can mention here:

  • Jordan Mitchell, VP Product, Rubicon
  • Amy Kuznicki, Associate Director, Verizon
  • Susan Pierce, Engineering Manager, Google
  • Matt Tengler, SVP Product, Millennial Media
  • Phillip Smolin, SVP Market Solutions, TURN

About the Authors

Anna Bager

Anna Bager

Anna Bager is Senior Vice President and General Manager of the Mobile Marketing Center of Excellence at the IAB. You can tweet her @AnnaBager.


Scott Cunningham

Scott Cunningham is Vice President of Technology and Ad Operations at the Interactive Advertising Bureau


On Tuesday, January 28th, the Wall Street Journal posted an article focused on the release of an IAB paper “Privacy and Tracking in a Post-Cookie World.” The story on originally contained three errors related to fundamental aspects of the IAB’s membership, technical ramifications of described technology and the nature of the document discussing current technological alternatives to the cookie. We appreciate the Journal’s willingness to make those fixes resulting in a decidedly more accurate representation of the IAB and the digital advertising industry. However, I would still like to address a few instances of language selection that could be easily misinterpreted by an average reader.


First, I would like to explain what a cookie is and how it works, since the description in the Wall Street Journal wasn’t on the mark.

The IAB’s Wiki calls it “a string of text from a web server to a user’s browser that the browser is expected to send back to the web server in subsequent interactions.” Yes, the cookie is also the means by which tracking and preference management happens today in digital advertising, but “code” is another word for software that implies active functionality. As anyone familiar with web or internet technology knows, a cookie is just a marker like a security badge (the analogy given in our whitepaper) or a supermarket customer loyalty card.

Second, within the article, there is an implication that client-generated state management (device IDs) could consolidate online tracking in the hands of specific vendors.

In fact those vendors would only control the underlying mechanism that creates the IDs and not the nature of the way those IDs are used by the industry. This is equivalent to saying that the phone company has control over your supermarket loyalty program data because in that case the ID is your phone number. In fact, within this particular solution class, we have seen two very privacy-centric implementations by Apple and Google in their respective mobile operating systems.

The third potential misinterpretation comes from the statement that device IDs solve the problem of cross device tracking.

Since client-generated state is created within a specific operating environment (such as a device operating system or a browser) it does not enable cross-device tracking. In fact, no current implementations of client-generated state allow automatic industry-wide cross-browser or cross-device tracking. This can and should only ever be possible at the bequest of the user.

Lastly, the cloud solution class described in the document is meant to be a connector between different state management technologies, not a warehouse of personal data, as asserted in the article. 

In fact, the cloud technology envisioned in the whitepaper could become the technology that enables a user to synchronize their advertising preferences across devices and domains. 

In fairness to the journalist, I recognize that this is rather technical for a general business audience. But, we at the IAB feel it is important to accurately represent technology and prevent the perpetuation of misunderstanding for the purpose of easy readability.

About the Author

Steve-Sullivan-headshot.pngSteve Sullivan 

Steve Sullivan is VP of Advertising Technology at the IAB, and on Twitter at @SteveSullivan32.

Enhanced by Zemanta

On May 31, Kevin Conroy, the President of Digital and Enterprise Development for Univision Communications, one of the largest premium Hispanic media companies in the United States, wrote a heartfelt plea in Advertising Age titled, “The Third-Party Cookie Divide Is Debilitating the Industry.”  Pegged to the controversy aroused by the Mozilla Corporation’s announcement that it intended to block third-party cookies by default, Mr. Conroy correctly noted that “third-party cookies are not all bad or all good.”

“The companies behind these controversial tools are established members of the digital-advertising supply chain that provide an array of services, and their relationships with other industry participants should not be defined or determined with one broad stroke,” he added. “All-or-nothing proclamations and actions on this matter represent a dangerous over-simplification that’s creating conflict and putting the industry at risk. This face-off must be replaced with thoughtful and productive discussion recognizing the subtleties of the marketplace, the individual interests of businesses, and the true north that all parties invested in this discord and its resolution share: the desire to deliver value to consumers that is dependent upon trust, comfort and control over their privacy.”

We have taken Mr. Conroy’s admonitions to heart, not just because he is a member of the IAB’s Board of Directors, but because he is right. Conversation is better than isolation; negotiations trump obstinacy; “win-win” is preferable to “you lose.” So we were heartened when Mozilla executives started reaching out to advertising, media, and ad technology industry companies, professing to want to include them among the stakeholder groups whose opinions matter as Mozilla goes about reconfiguring its Firefox browser, which controls 20 percent of the world’s access to the Internet.

Unfortunately, a review of Mozilla’s latest scheme for blocking third party cookies shows it to be worse than its earlier proposals. While Mozilla executives say they are taking in criticism from multiple stakeholders, the company’s own statements and explanations indicate that Mozilla is making extreme value judgments with extraordinary impact on the digital supply chain, securing for itself a significant gatekeeper position in which it and its handpicked minions will be able to determine which voices gain distribution and which do not on the Internet. 


The Cookied Web

Third-party cookies are an essential part of the Internet content supply chain, and date to the earliest days of the commercial Web, in the mid-1990s. Stored inside a user’s Web browser, they help the browser remember the user’s previous activity. While first-party cookies, as Wikipedia notes, “are cookies set with the same domain (or its subdomain) as your browser’s address bar,” third-party cookies “are cookies set with domains different from the one shown on the address bar.” 

Although third-party cookies have been controversial mechanisms - their privacy implications, particularly the concern that they could be used to maintain identifiable dossiers of consumers and consumer activities, were subjects of Federal Trade Commission hearings in 1996-1997 - they have been part of the way Internet advertising has been delivered, measured, analyzed, optimized, and compensated for more than 15 years. Were they to be embargoed tomorrow, billions of dollars in Internet advertising and hundreds of thousands of jobs dependent on it would disappear.

On June 19, Mozilla - which is both a nonprofit foundation and a for-profit corporation - announced a new plan for blocking third-party cookies in Internet content distribution. In collaboration with Stanford University’s Center for Internet and Society, it said it would establish a “Cookie Clearinghouse,” a body that would “develop and maintain an ‘allow list’ and ‘block list’ to help Internet users make privacy choices as they move through the Internet.”

The Cookie Clearinghouse replaced Mozilla’s earlier concept for controlling the use of third-party cookies: a patch to its Firefox browser which essentially would have blocked all third-party cookies except those specifically allowed by the user. After an uproar from Internet advertising and retail organizations, including the IAB, Mozilla put that plan on hold, announcing that it produced too many “false positives” and “false negatives.”  Specifically, it would block third-party domains even if they share the same owner and operator as a primary domain - an almost pure act of business interference - and failed to block cookies on sites users went to by accident. Mozilla Chief Technology Officer Brendan Eich said “the only credible alternative” to the blunt, poorly designed Firefox patch was “a centralized block-list.”

Centralized solutions may, in fact, be necessary to improve performance, user control, and the safety of the Internet advertising and media supply chain.

We believe the “open source” Internet advertising supply chain, while a foundation for enormous innovation, also introduces vulnerabilities into the advertising and media ecosystem, and we are eager to work with legitimate participants to improve the functioning and safety of this supply chain.  IAB already participates in several such centralized solutions. A prominent one is the Digital Advertising Alliance’s self-regulatory program for online behavioral advertising. This program allows consumers to see how they are being tracked online and by which advertising-related companies, and to selectively opt in and opt out of such tracking. In February 2012, Jon Leibowitz, the then-Chair of the FTC, called the DAA program “a significant step forward.”  Today, trillions of ad impressions a year carry the DAA’s notification icon; millions of consumers have clicked on it and visited the DAA’s site; and hundreds of thousands have opted in and out of various forms of targeting via the DAA program.

And just this week, the White House praised another IAB initiative, our Quality Assurance Guidelines, a centralized compliance program that, among other things, will help combat the piracy of intellectual property in digital advertising environments.

So our initial opposition to the new Mozilla announcement was not based on hostility to centralized solutions. It was based on our skepticism about Mozilla’s motives and with its ability to follow through on its commitments.

Anti-Business Bias

Mozilla executives say they are not opposed to advertising. Indeed, at the same time the organization is threatening to choke off the ability of Long Tail publishers to monetize their advertising inventory, it is  testing the market for a new advertising product of its own - a suspicious confluence of events, to say the least.

But that aside, the company’s civic positioning and public character are heavily freighted with antipathy toward advertising and the commercial Internet. For example, Mozilla is the world’s largest distributor of Adblock Plus, a browser add-on that impedes advertising delivery on the Internet. Adblock Plus boasts nearly 15 million Firefox users, and is the browser’s no. 1 add-on by far, with more than twice as many users as its no. 2 add-on, Video Download Helper.

Like the piracy of music and movies online, ad blocking appears to be a victimless endeavor, but in fact is a possibly illegal activity that deprives a cascading chain of legitimate enterprises of income. In some markets, Adblock Plus is responsible for stopping as much as 50 percent of mainstream publishers’ ads, significantly harming their revenue stream. For small publishers, the effect is devastating. Niero Gonzalez, the proprietor of the gamer site and a member of the IAB’s Long Tail Alliance, says that half his users are blocking ads. “This means we’re working twice as hard as ever to sustain our company,” he has written.

When asked about this, Mozilla executives give a figurative shrug and say they are merely responding to their users’ interests, and that Firefox add-ons are community contributions, about which Mozilla does not pass moral judgments.  But of course, this is, at best, a rationalization, and perhaps wholly disingenuous. Like all organizations, Mozilla makes choices and passes judgments every day, which reflect the organization’s values. Mozilla’s active, prominent promotion of Adblock Plus suggests a value system hostile to advertising and the businesses and people dependent on it. If the organization felt strongly about the economic impact of ad blocking on small Web publishers and retailers, it could curb it - or at least cease aiding and abetting it.

An organization’s values also are represented by those with whom it chooses to associate. Here again, Mozilla’s values reflect an aversion toward advertising and the consumer economy to which it is central. The Cookie Clearinghouse launched by Mozilla with Stanford is led by Aleecia M. McDonald, the Director of Privacy at Stanford’s Center for Internet and Society. Dr. McDonald co-chaired the Worldwide Web Consortium’s Tracking Protection Working Group, a body that was supposed to join stakeholders from industry, academic institutions, NGOs, and regulators in developing standards for browser-based mechanisms to enable users to opt out of tracking. Dr. McDonald’s leadership of the group was widely perceived as unsuccessful, in no small part because of her Manichaean point of view that pits privacy interests against business interests, and her impatience with alternative perspectives on the W3C Task Force.  Last July, for example, she said, “Whatever standard the W3C produces will put a number of third parties out of business, but that is okay because that will be a good day for privacy.”  Only since her departure from the W3C has the body managed to struggle closer to a consensus standard.

Dr. McDonald’s insensitivity was on display again last month, when she chose an anti-business extremist for the Advisory Board of her Clearinghouse - Jonathan Mayer, the Stanford graduate student who designed the cookie-blocking patch, and whose intemperate public opposition to the ad industry, consensus-generating processes, and stakeholder negotiations led Mozilla, in a May industry forum, to publicly disavow its connections to him. That Mozilla would subsequently turn to such people to lead a body that will make decisions regarding the life and death of businesses is an indication of the organization’s indifference to the economic stakes involved in its efforts to unilaterally reconfigure the Internet advertising supply chain.

But at least as telling as the presence of anti-business radicals on Mozilla’s “cookie court” is who and what is absent. There are no publishers on it - the people whose livelihoods depend on the sale of digital advertising. There are no executives from ad networks - the companies that are almost solely responsible for helping small publishers earn any income. There are no executives from brand marketers, ad agencies, retailers, e-tailers, or ad technology companies - not a single representative from an ecosystem responsible for creating 5.1 million jobs in and contributing $530 billion annually to the U.S. economy.

In light of this criticism, Mozilla may lean on Stanford to change the composition of its Cookie Clearinghouse, but that alone cannot change the character or complexion of Mozilla or the Stanford Center for Internet and Society, which appear to be those of elitist organizations that hide under the shield of populism to make value judgments about who is worthy of earning a living in the digital age.

The Atomized Individual

We saw this anti-business value system reflected again in the operating details Mozilla has begun to unveil for its Cookie Clearinghouse. These specifics have been doled out sparingly in blog posts and in a sparsely attended discussion Mozilla convened on July 2 at its San Francisco headquarters.

At first blush, Mozilla’s ideology seems inarguable. “We simply believe that when personal data is collected to deliver these [personalized Internet] services, the collection should be done respectfully and with the consent of the consumer,” the company said on its Mozilla Blog on May 10. Its decision to block third-party cookies by default was made “to strike a better balance between personalized ads and the tracking of users across the Web without their consent.” 

Seemingly benign, Mozilla’s ideology is weighted down with counter-historical presumptions. The entire marketing-media ecosystem has subsisted on purchase-behavior data and other forms of research being available without individuals’ consent. R.L. Polk & Co. receives automotive ownership data from some 240 sources, including state governments, auto manufacturers, and financing companies, to create profiles of nearly every vehicle on the road and the people driving them. This data has been central both to the health of the auto industry and to improvements in cars, driving, and auto safety over the years.  

U.S. Census data, too, is a foundation of U.S. economic development. The U.S. Census Bureau maintains a site full of case studies describing how this most personalized data source of all can be used by businesses that want to “gauge the competition,” “calculate market share,” “locate business markets,” “design sales territories and set sales quotas,” and engage in myriad other activities. Not only is this use of anonymous, personal data central to the American economy - it is protected by the U.S. Constitution.

Were such sources of data suddenly to become unavailable - or if they were to shift from default-available to default-closed - whole industries would suffer, and along with them the people they employ and the communities in which they operate.

This is exactly what Mozilla is proposing to do - and what its self-styled libertarian patrons are (paradoxically) urging it to do.

Words like “privacy” and “respect” seem incontestably clear and insistent. Yet they have no single meaning. They are social constructions - and different social constructions have different trade-offs, one of which is the diversity of content, and ideas, on the Internet.

At this moment in the evolution of the Internet, third-party cookies are the technology that makes small publishers economically viable. Their elimination will concentrate ad revenues in a shrinking group of giant media and technology companies. It is incumbent on Mozilla, which claims to defend openness and diversity on the Internet, to reconcile its public values with the diminution in diversity that is bound to occur from its proposed actions.

The Mozillan Ideology

There are four major ideological presumptions underlying Mozilla’s decision to block third-party cookies through its Cookie Clearinghouse:

  • It presumes that blocking third-party cookies by default is better than allowing them by default. 
  • It presumes that an Internet supply chain dependent on a centralized clearinghouse will continue to operate equitably. 
  • It presumes that human involvement only during counter-challenges to the Clearinghouse’s decisions is reasonable and scalable.  
  • It presumes that the establishment of a centralized body to determine which third parties should be exempt from this default behavior is consistent with Mozilla’s mission. 

All of these presumptions are questionable.

Blocking third-party cookies by default is neither better nor worse than allowing them by default- but it does reflect a value judgment which affirms that the sanctity of the individual, in any way he or she chooses, transcends all other values, including important functions of civil society.

Consider, for example, the role of commerce - the freedom to engage in which was a fundamental spark to the American Revolution. Although it may not be as apparent as when a customer enters a physical store, visiting a web site is a commercial act, during which a value exchange occurs.  Consumers receive content, and in exchange are delivered advertising.  The value of the delivered ad is currently calculated based on two essential points of data - where the ad is being delivered, and to whom.  By blocking third-party cookies by default, Mozilla is turning off the anonymized but behaviorally relevant “who” signal, thereby reducing the value of most ads.   The user effectively has been granted a right to engage in a commercial transaction without anyone knowing anything about that transaction, including the other party to the transaction.  This social decision carries costs. By reducing the value of advertising, consumers and businesses will shoulder higher prices, in the form of more ads, more intrusively delivered. Or they will pay more for content. Or they will be asked for more explicitly personal information in return for the content.

The same would be true if another source of prevalent, anonymized, personal data - bar codes and retail scanners - was suddenly embargoed. Costs in the retail supply chain would skyrocket, as stores, distributors, and manufacturers struggle to maintain optimal stocks of goods. No one would benefit - margins would decline everywhere, and consumer prices would rise - but the worthiness of the individual, and his freedom from intrusive inspection of his anonymized toothpaste purchases, would be sanctified.

As the internet becomes further entrenched in modern life, assuring sufficient consumer control grows in importance.  Yet simply flipping a default preference for all consumers does nothing to empower them. Instead, it degrades the opportunities businesses have for delivering conveniently available high quality content, and it promises to raise various kinds of consumption costs on consumers.

Social costs also factor into the equitability of Mozilla’s proposal for a centralized Cookie Clearinghouse. At this time, Mozilla hasn’t made clear the formats for its proposed “block-list” and “accept-list.”  The accept-list is to contain a list of third parties that are exempt from the blanket ban on third-party cookies. This accept-list has two possible implementations of which we are aware:

  1. It could list the domains that are allowed to use cookies in a third party context.  For example, “XYZ can set cookies in a third party context.” 
  2. It could list the domains that are allowed to use cookies in a third party context, and specify which domains on which they are allowed to do so.  For example, “XYZ can set cookies in third party context, but only on ABC and DEF.”  

The first possible implementation introduces a fixed cost to anyone who would want to use third-party cookies for any reason.  This cost would have a higher proportional impact on smaller players, thereby increasing the barriers to entry for new competition.  Depending on the criteria used to evaluate exceptions, this may block several existing business models - those of advertising networks and data brokers, certainly, but also such functions as web analytics, on-page social sharing buttons, and other widgets. 

The second possible implementation introduces significant scaling costs to anyone who would want to use third-party cookies.  It will definitely block social widgets, “share” buttons, “like” buttons, and any other popular business model that depends on user interactions with cookies while the user is away from the first-party “proprietor” site.  At best, the centralized clearinghouse skews towards the incumbent, reducing the opportunity for small innovators to gain a foothold and compete.  At worst, it completely eliminates certain business models. 

Another troublesome, complex, and socially costly feature of Mozilla’s Cookie Clearinghouse involves the use of human intervention to determine which cookie-settings are acceptable and which are not. As currently drafted, the clearinghouse proposes an automated handling of most requests through a “challenge” process, and a manual handling of any contested request through a “counter-challenge” process.  This is troubling, for it empowers unscrupulous actors to leverage the clearinghouse as a tool for disruption of service and to gain competitive advantages.  Specifically, without human oversight, the following situations may occur:

  • An attacker can counter-challenge the exception for a legitimate third party, thereby temporarily blocking the ability of that third party to set cookies. 
  • Multiple attackers can counter-challenge a wide range of legitimate third parties, thereby overloading the staff of the Cookie Clearinghouse, further damaging those legitimate third parties. 
  • Multiple attackers can file challenges as well as counter-challenges to those same challenges, to further increase the workload of the Cookie Clearinghouse staff. 
  • An unscrupulous actor can indicate that it is a legitimate third party, thereby gaining the ability to set third party cookies, and can then migrate to a new domain as soon as a counter-challenge is raised. If done in tandem with a persistent attack on the ability of the Cookie Clearinghouse staff to review counter-challenges, this advantage may be longstanding. 

The creation of a centralized, automated “toggle” exposes all web sites that depend on third party resources to potential disruption.  However, staffing to validate each and every challenge manually is not feasible, either.  By attempting to enhance individual isolationism on the Web, Mozilla could instead turn it into a bureaucratic war zone of competing interests.

Firefox’s Henhouse

For years, Mozilla has portrayed itself as one of the good actors on the Wild West of the Web - a digital Jimmy Stewart out to tame the evil-doing Liberty Valance’s of the virtual world, making it safe for the citizenry to raise barns and families and towns.  “Our mission,” Mozilla proclaims, “is to promote openness, innovation & opportunity on the Web.”

Underlying this mission is a declaration of sorts, something the California foundation labels “The Mozilla Manifesto.” Among its 10 principles are:

2.       2. The Internet is a global public resource that must remain open and accessible

6.       6. The effectiveness of the Internet as a public resource depends upon interoperability (protocols, data formats, content), innovation and decentralized participation worldwide.

The creation of a centralized gate to participation in the digital economy seems to run counter to the goals of an open, accessible, decentralized Internet.  Deciding centrally what is best for consumers - and rendering explicit judgments that individual isolationism is preferable to a diversity of information on the Internet - appears to defy Mozilla’s charter.

Perhaps worse is the organization’s blindness to its own potential, as it evolves inside a cocoon spun by techno-libertarians and academic elites who believe in liberty and freedom for all, as long as they get to decide the definitions of liberty and freedom. By dealing exclusively with the issue of controls around cookies, Mozilla is missing a great opportunity to talk about the options for identity management and safety in a larger scope.  A solution that empowers consumer choice in both the mobile OS and desktop browser spaces would bring significantly more value to all involved parties, and allow Mozilla to promote thought leadership with its nascent Mobile OS.

We’d like to work with Mozilla and other browser makers to get there. In fact, Mozilla should consider this an open, public invitation to join the IAB. We’ll even waive its annual dues for the first year, just to get its people participating in what we do and understanding more deeply the concerns of the digital advertising industry. The same goes for the browser teams at Apple, Google, and Microsoft. These companies already are members of the IAB, some of them highly participatory, but their browser teams remain generally uninvolved in what we do. We are looking to these browser makers, and the other would-be gatekeepers of the Internet, to work with us to resolve a critical social, economic, and cultural dilemma - how to balance the desire for privacy with the value of cultural diversity. 

Unfortunately, the new proposal from Mozilla is not that resolution. Rather, it and other browser makers continue to fight their solo war against each other, leaving the rest of us as potential collateral damage.

So to summarize, here’s what we would like to see from Mozilla:

  • Block the ad-blockers, and turn your backs on those who delight in destroying others’ livelihoods.
  • Don’t align yourself with individuals and groups whose history shows them unwilling to strive for consensus among multiple stakeholder groups.
  • Strive to protect user privacy and anonymity, but understand that these are different than user isolationism.
  • Show publishers, agencies, and marketers that you care about their businesses, and work toward solutions that help content get distributed and fairly compensated.
  • Elevate the diversity of Web content to your highest value of all. And work with us to achieve it.

About the Author
sp_rothenberg_randall_100x134.jpgRandall Rothenberg

Randall Rothenberg is President and Chief Executive Officer, Interactive Advertising Bureau.

Last week, after a round of visits with advertising organizations and private declarations that its cookie-blocking plan was not a “done deal,” Mozilla Foundation, the lucrative nonprofit whose Firefox browser controls 20 percent of the world’s access to the Web, launched a new proposal to “address privacy concerns related to third party cookies in a rational, trusted, transparent and consistent manner.”

But Mozilla’s “Cookie Clearinghouse”  is neither new nor a proposal, inasmuch as the no. 2 browser-maker seems hell-bent on implementing on a tight deadline cookie-blocking by fiat. It is not a clearinghouse for cookies - it is a kangaroo cookie court, an arbitrary group determining who can do business with whom.  It replaces the principle of consumer choice with an arrogant “Mozilla knows best” system. It is not “independent,” as Mozilla claims, but is stocked with self-interested academic elites with whom Mozilla has long histories. Nor is it rational, trusted, or transparent, as I will describe below. 


But oh, is it consistent - consistent with the history of large technology providers with substantial market shares wielding the indisputably virtuous concept of “consumerism” as a weapon to fight competitive battles. These browser warriors are indifferent to the collateral damage they might create among the small publishers, retailers, and other businesses that employ more than 5 million Americans, account for 3.7 percent of U.S. gross domestic product, and define the Internet’s richness and diversity.

In February 2012, the IAB and the other groups comprising the Digital Advertising Alliance agreed eagerly with the White House and the Federal Trade Commission to work with the major browser companies to honor browser-based choice for the DAA Principles - principles that underlie a successful self-regulatory mechanism to enable consumers to manage their data in digital environments, including the management of third-party cookies. That agreement, which involved several stakeholder groups, earned praise from the Obama Administration, the Commerce Department, and the FTC. It contrasted sharply with the ongoing challenges experienced by the Worldwide Web Consortium (W3C), the NGO that manages the Internet’s underlying technical standards, in developing similar consensus-based consumer-choice mechanisms for the management of data, privacy, and “do not track” options.

Mozilla’s “Cookie Court” is just another blatant attempt by a powerful tech company to destabilize efforts by multiple stakeholders to reach consensus about how lives and livelihoods should be aligned in the Internet era. Mozilla is reassembling the players whose inexperience and antipathy to negotiation and consensus have subverted the early W3C processes. Its members have blithely gloated about their willingness to “put a number of third parties out of business.” They include technological totalitarians who dismiss negotiations with the haughty declaration that “it’s very difficult to see a long-term consensus approach,” and who equate corporate imposition of “the technologies at the browsers’ disposal” with “the consumers’ side.” 

We admit we were hopeful when Mozilla proffered that its new system for managing cookies would make exceptions for “sites complying with DAA opt-out and supporting DNT.” But its proposal does nothing of the sort. Hundreds of companies, representing thousands of Web sites, belong to the DAA program; yet their advertising will be peremptorily blocked by Mozilla’s system.  Tens of millions of consumers who have visited the DAA site and affirmatively opted to do nothing — effectively choosing to allow ads relevant to them to be delivered — will find their choice sabotaged.  And Mozilla’s argument that sites “supporting DNT” may still be able to deliver relevant advertising is disingenuous.  Since there is not yet a consensus definition for DNT - partly because Mozilla allies have so mismanaged or undermined the process for reaching consensus - it’s not currently possible for sites to support it. 

Worse, there is nothing in the Mozilla system that recognizes, let alone offers solutions for, the particular needs of the many thousands of small publishers and retailers that depend on the Internet supply chain and the third-party cookies that, however imperfectly, are a central component of it. By making it punishingly difficult for advertisers to reach highly engaged audience segments through small publishers dependent on this third-party-cookie supply chain, Mozilla’s new system will prompt marketers to concentrate their ad buys among a tiny handful of giant Internet companies that dominate the deployment of first-party cookies. This fear has led almost one thousand “long tail” Internet companies to sign a petition asking Mozilla to reconsider its determination to block third-party cookies by decree.

The open-source Internet supply chain is a wellspring of strength; it has fostered one of the greatest fast waves of economic and cultural innovation in modern history. It is also a source of weakness, because it creates vulnerabilities in securing individuals’ and companies’ data and in assuring their desire to keep certain activities and interests private. But acknowledging and correcting for those weaknesses doesn’t require taking a blunt sledgehammer and destroying the digital supply chain. Rather, we need rational, consensus solutions that will meet all major stakeholders’ needs.

That Mozilla doesn’t understand this is unsurprising. After all, it represents nobody. It is part of a global distribution cartel whose members have been in a perpetual state of war with each other for 15 years. Browser makers should not be dictating the kind of economic and cultural policies Mozilla is trying to implement any more than television set manufacturers should be deciding which shows make it to your home.

The IAB, our constituents, and our partners in the DAA, have engaged in a serious effort to participate in consensus-building around the complex issues of protecting consumer choice and privacy while enabling the commercial activity that supports a diverse and robust internet.  We welcome other serious participants. We do not welcome Mozilla’s proposed kangaroo court led by the very people who have thwarted consensus in the past … and who have evinced not an iota of concern for the publishers, small businesses, and hundreds of thousands of people that depend on Internet advertising for their livelihood.

About the Author
sp_rothenberg_randall_100x134.jpgRandall Rothenberg

Randall Rothenberg is President and Chief Executive Officer, Interactive Advertising Bureau. 

Enhanced by Zemanta
blog-header-public-policy.gif cookies.jpg

The Chairman of the Federal Trade Commission has finally come clean. After all the pushing and pulling about consumer privacy, he has spilled the beans on what really irks him about the Internet: He doesn’t like cookies. Recently, on C-SPAN’s The Communicators, FTC Chair Jon Leibowitz, in dismissing our argument that the Commission’s push for browser controls over data would involve the “re-architecting” of the World Wide Web, described the IAB as a “lobbying organization for companies that like to put third-party cookies in consumers’ computers, so they’re doing what they do.”

Then last week, Chairman Leibowitz indicated he had inside knowledge about the inner workings of the interactive industry. “There is a schism brewing within the Internet advertising community and perhaps even within the IAB” on the subject of third parties, he told The Huffington Post.

Actually, the FTC Chair doesn’t know the half of it. The IAB is indeed a lobbying organization—not just for companies that place third party cookies on peoples’ computers, but for every major first-party publisher on the Internet as well—from the A&E Television Network to, with several hundred in-between. And I assure you, there is no schism within the IAB when it comes to cookies and their crucial role in the architecture of the Internet. Just to make sure, we asked them. Here is what a cross-section of IAB members told us cookies allow them to do for their advertisers and their consumers:

“First and foremost, cookies allow Univision dot com to capture and analyze information on our users interests thus guiding our content creation and web site navigation so our users find the information and content they seek and enjoy.”

      - Jim L’Heureux,

“AOL uses cookies to remember things for our users, such as location for weather information; with advertising, we’ll use cookies to limit the amount of times the same ad is shown to a person.”

      - Chuck Gafvert, AOL

“Third-party cookies allow me to employ four people and I’m hiring 10 more. How many businesses are you aware of in this economy doing that? They also allow me to deliver highly targeted solutions, in the form of quality products and service providers, to the 55,000 consumers that visit my site each day.”

      - Tim Carter,

“Cookies allow us to ensure that consumers receive relevant and customized ads without the use of personally identifiable information.”

      - Chris Pirrone, Traffic Marketplace Display

“If it were not for cookies, our registered users would have to enter their log-in and password every time they come to our websites and try to access valued content. Imagine having to do so several times a day after reading your favorite newsletters and trying to access some research, white papers, profile settings and more.”

      - Carine Roman,

“Using HTTP cookies, we can calculate: Total audience size, audience turnover, user frequency histogram over a period of time, user lifetime histogram, day-to-day audience overlap and site-to-site audience overlap”

      - Michael Griffiths,

“Cookies are an important core Internet browser technology, comparable to your barber recognizing you each time you visit, that enables sites like ours to efficiently deliver a growing suite of services based on the ability to know and remember our users between visits.”

      - Bill Irvine,

“Cookies enable us to keep content and advertising relevant to consumers both in terms of content and timing, and they ensure the delivery of this content and advertising without compromising anyone’s privacy.  Unlike traditional media, interactive media need not know a consumer’s name, address, or credit card information to deliver the right content at the right time.  That’s what cookies enable.”

      - Jay Habegger,

“Cookies enable my website to provide timely and useful information to expectant moms during pregnancy and beyond.”

      - Neil Street,

“Media6Degrees delivers offerings for advertisers to the people who will respond best to them. To do this we purchase media from publishers across the Internet in a manner which would be impossible without using 3rd-party cookies to identify the audiences that our advertisers are interested in addressing. In addition, we rely on 3rd-party cookies to control the flow of advertisements which provides a better user experience by limiting the number of times an individual sees a particular advertisement.”

      - Alec Greenberg,

“Cookies allow me to reach the users who like to play games and connect them to my game site and applications. I am disabled, and thanks to the internet and cookies I am able to support myself and my family and stay off of Social Security and welfare.”

      - Katherine Girod,

“Cookies allow me to provide a better experience to my visitors by storing their preferences and using them as they navigate through my website. This helps them to avoid constant inconveniences of providing their preferences on every page.”

      - Amol Vyavhare,

“Cookies help me operate the world’s best website on defense and security issues.”

      - John Pike,

“We would be unable to provide these FREE services or feed our families without the use of cookies.  They allow us to provide a better customer experience to our viewers, which could not be done without cookies.”

      - Andy Robinowitz, 

“Cookies help me get my products in front of the customers who actually want to buy our products, thereby assuring our business continues to grow and provide employment opportunities to the community.”

      - Richard Sexton,

“Since my site is geographically specific, local advertisers can have their messages appear on the site where the largest potential customer base exists. Without the cookies used in serving banner ads, this process would go away, and possibly prevent those messages from reaching the target audience. The cookies make what is delivered to online reader relevant.

      - Perry Klaussen,

“Cookies allow me to create a better user experience for my website, making it easier for my readers to access information quickly and efficiently, plus be a bigger part of the community.”

      - Jon Berlinghoff,

“Cookies allow us tailor information that helps them use our site much more efficiently.”

      - Greg Brown,

“Cookies enable my community to exist as a free and streamlined platform for individuals to discuss prescription drugs with one another.”

      - Nick Jabbour,

“Cookies allow me to deliver advertising in an effective manner and that allows me to make a living and provide a valuable service to my readers at no charge.”

      - Ron Lemon,

“Cookies allowed me to build the best place online for people to find more information about parenting and how to get your child into acting without being taken advantage of.”

      - Steve Shurak,

“Our community uses cookies to manage personal logins across three travel sites which feature expert reviews, trip blogs, or forum Q&As, allowing consumers to make more informed decisions about their next family vacation destination.”

      - Kyle McCarthy,

“I prefer patronizing a store that knows me and recommends something they know I’ll like versus an impersonal store that recommends whatever they’ve got on the shelf. Happily, cookies allow that same familiarity and make the web a friendlier and more relevant place to shop.”

      - John Knapp,

“Cookies let my customers access their private data securely without having to log in again every time.”

      - John Manoogian,

“Part of my business model is utilizing affiliate advertising which realizes on the honest use of cookies to generate revenue. We serve our dedicated customers by providing quality content and provide ways to purchase products and services through our affiliates.”

      - Jason E. Renda,

We’re publishing these comments—many of them from independent entrepreneurs whose “long tail” retail and ad-supported sites would not be possible without the use of cookies and other core elements of the Internet’s infrastructure—because we think the Government is engaging in unfortunate game-playing.

We are not refuting, contradicting or picking at the FTC’s concern for consumer privacy on the ad-supported Internet. Indeed, we are as passionate about it as the Federal Government and the so-called “privacy advocacy groups.” We support vigorous FTC enforcement of privacy regulations and the pursuit of violators, and we appreciate the FTC’s continuing support for industry self-regulation as the most effective means for assuring that consumer privacy rights and expectations are honored.

Here’s where we part ways: The IAB believes with equal passion that the ability to advertise legal products and services is central to the functioning of a capitalist economy, and an essential support structure for the news media that underpin American democracy. And we find abject attacks on whole categories of technology a form of technological McCarthyism that has little place in a sophisticated debate about how best to protect consumers and companies together.

We welcome the opportunity to bring technology experts from IAB member companies to the Commission to discuss it with them, rather than politic it on cable TV.

Randall Rothenberg is President & CEO of the IAB


Recently, the European advertising community, lead by IAB Europe, publically condemned the “re-spawning” of cookies used in the practice of online behavioral advertising (OBA). We would like to recognize their leadership and take this opportunity to restate the U.S. advertising industry’s longstanding opposition to such practices.

There has been a recent spate of media coverage about the use of local shared objects, colloquially described as “flash cookies”, in the collection of data for the purpose of delivering behaviorally target advertisements to consumers. We have heard about advanced versions of such technologies, including Super, Ever, and Zombie Cookies. But whatever the name, one tenet of the industry remains clear, appropriate consumer notice and choice applies to all targeting technologies and techniques. This means that companies must always provide transparency to the consumer about their data collection and use practices and that third party OBA practices must empower consumers to exercise an effective choice.

Our industry has always endorsed technology neutrality in the application of best practices. IAB has long supported the Network Advertising Initiative’s mandatory principles which apply uniformly to all OBA practices, no matter the technology implementation. Similarly, the comprehensive new self regulatory program announced this week by the IAB and our partner trade associations program applies to data collection and use practices, regardless of the technologies and techniques employed.

Meeting consumers’ privacy expectations is a top priority for the interactive advertising industry and our obligations cannot be sidestepped by technological means. The industry will continue to condemn practices that diminish transparency or frustrate consumer choice.

We welcome discussion on this matter in the comments below.

Mike Zaneis is Vice President, Public Policy for the IAB.