Putting Cookies Into Context

• Tweet
• Buffer

Everyone keeps complaining about cookies, and I'm tired of it. Moreover, the debate seems to be how to deal with first-party versus third-party cookies and other highly technical ideas users don't understand. Today, we'll look at a different way to approach the cookie problem, one based on what cookies are used for, not how they arrived on your computer.

Perhaps the biggest issue is users simply don't understand what cookies are and what they can (and can't) do. Plus, just when we thought we educated consumers enough, we started making highly technical differentiations between cookies: first and third party. To control how cookies are handled in Internet Explorer, one's confronted with a dialogue box that treats these cookie types separately, with no explanation of what they are.

In previous columns, we've talked about the need for a taxonomy to describe products. Using jewelry as an example, metadata in the taxonomy might include metal type (gold, silver), stone (diamond, sapphire), and karat. A similar taxonomy needs to exist for cookies. Once we differentiate cookies by their use and function, and not the technology underpinning them, we'll make headway in the war against cookie deletion. We will also give users an unprecedented amount of understanding and control. The OPS (define) and P3P (define) standards include a category that can be attributed to data, but these standards aren't specifically geared toward cookies.

Asking "What," Not "How"

Cookies are currently defined by how they arrive on your computer. Are they put there by the site you're visiting (first party), or does that site use a different site to generate the cookie (third party). This is a somewhat arbitrary distinction, because how the cookie lands on your computer says nothing about its purpose.

To contextualize a cookie, we must create a simple taxonomy for understanding a cookie's purpose. Here are a few simple examples:

• Analytic cookies: Cookies from analytics companies that help companies understand traffic patterns
  
  
• Login cookies: Cookies that keep you logged into a Web site
  
  
• Advertising cookies: Cookies that enable ad networks to serve you ads

These are just examples. A real taxonomy would be more robust and contain more in-depth information. If users understand the purpose of each cookie type, they'll fear them less. Further, they'll be able to determine which types of cookies they want to keep -- or not.

User Control

Once cookies are formalized into a taxonomy, browsers such as IE must change their front ends to enable users to determine how to respond to these cookie types.

Instead of asking (as it currently does) how the user wants to treat first- and third-party cookies, the browser can ask if they want to allow analytic cookies, login cookies, advertising cookies, and so on. Further, it would allow users to choose to delete a certain cookie type. If users want to delete all advertising cookies, they don't have to delete every cookie on their machines to do so.

Taking a Bite of the Cookie Problem

All this talk about first-party versus third-party expenses seems rather pointless to me. The technology behind cookies isn't the problem. Where a cookie comes from isn't the problem. No technology-centric means of controlling cookies will be correct for all cookies. We must stop looking at the technology and start looking at each cookie's context and purpose. Then we can create rules around how each cookie category is treated.

Thoughts? Let me know.

Until next time...

Jack