Archive for 'Cookies'

Thanks to Tim Evans I was alerted to a report about the Commerce Department weighing in on privacy issues online.  Suffice to say I agree with the direction Commerce is giving the Obama administration.  Specifically the idea that, according to CNN’s Money, “the government ‘enlist the expertise and knowledge of the private sector’ to create ‘voluntary codes of conduct that promote informed consent and safeguard personal information.’”

More or less exactly what John Lovett and I proposed back in September of this year.

I have started reaching out to the media on this point — that we in the digital measurement community are already taking matters into our own hands and stepping up — but we could use your help! Please, if you know anyone in the press, send a link to this blog post along to them and help spread the word that as a community we can take responsibility for our own actions and we are willing to do what is right for consumers around the globe.

This issue affects all of us in the digital measurement sector — vendors, consultants, and practitioners alike. Please help us create awareness about our efforts.

Here are links to the relevant background materials:

• We have become our own worst enemy … a call to action!
• Proposed “Web Analysts Code of Ethics”
• Update to the “Web Analysts Code of Ethics”

Here is the link to the near-final draft of the Web Analysts Code of Ethics:

• Last chance to shape the Web Analysts Code of Ethics (WAA Blog)

The Standards sub-committee for the Code of Ethics met yesterday and as I publish this blog post John Lovett is presenting the final version to the Web Analytics Association Board of Directors.  We expect the Code to be available to sign at the WAA web site in the coming weeks.

As the hubub around consumer privacy continues I was gently prodded by a friend to pipe up in the conversation.  While my feelings about how we have ended up in this position are pretty clear, and while my partner John and I have proposed what we believe is a step in the right direction regarding online privacy and the digital measurement community, it seems that some type of ban or limitation on online tracking is becoming inevitable.

Without getting political or debating the reality of what we can and cannot know about online visitors I have a single word response to the FTC:

Whatever.

Before you accuse me of changing my stripes or going completely nuts consider this: If the FTC is able to somehow pull off the creation of a universal opt-out mechanism, and if the browser developers support this mechanism despite clear and compelling reasons not to, and if consumers actually widely adopt the mechanism — all pretty big “ifs” in my humble opinion — then I believe the digital measurement industry will do what I have already described as inevitable:

We will hold a revolution!

Since my tenure at JupiterResearch back in 2005 I have been telling anyone who would listen to stop worrying about counting every visitor, visit, and page view and instead start thinking about statistically relevant samples, confidence intervals, and the algorithmic use of data to conduct analysis.  Yes, you need to work to ensure data quality — of course you do — but you don’t have to do it at the expense of your sanity, your reputation, or your job …

See, it turns out in our community it doesn’t really matter whether we are able to measure 100% of the population, 90% of the population, or even 80% of the population — what matters is that we are able to analyze our visitor populations and that are able to draw reasonable conclusions from that analysis.  Oh, we have to be empowered to conduct analysis as well, but that’s a whole other problem …

Statistical analysis of the data … trust me, it’s going to be all the rage in a few years. I’m not saying this simply because I have a white paper describing the third generation of digital measurement tools that will empower this type of analysis … although I would encourage you to download and read “The Coming Revolution in Web Analytics” (freely available thanks to the generous folks at SAS!)

I’m saying this because every day I see the writing on the wall.  Data volumes are increasing, data sources are increasing, and demands for insights are increasing, all while professional journalists, politicians, and political appointees are supposedly protecting our “God-given right to surf the Internet in peace” without any regard to the businesses, employees, and investors who depend to a greater or lesser degree on web-collected data to provide a service, pay their bills, and make a profit …

Okay, sorry, that was editorializing.  My bad.

Still, rather than wring our hands and gripe about how much the credit card companies know (which is a silly argument given that credit card companies provide tangible value in exchange for the data they collect … it’s called “money”) I believe it is time to do three things:

1. Suck it up.
2. Hold yourself to a higher standard.
3. Buy “Statistics in Plain English” and start reading.

The good news is that we have access to lots and lots of great statistical analysis of sampled data today — we just might not realize it.  Consider:

• Google Analytics has their “Analytics Intelligence” report which was brilliant to begin with and recently got a big-time upgrade with their “Major Contributors” functionality;
• Smart vendors like Scout Analytics are solving point solutions such as revenue optimization for digital products;
• The Voice of Customer vendors, including our good friends at ForeSee Results and OpinionLab, have long made incredibly valuable insights available to business owners working from sampled populations and statistics;
• The Customer Experience Management vendors, including the fine folks at Tealeaf and Clicktale, have long leveraged both sampled populations and, more recently, the algorithmic discovery of frustration and struggle on the part of site visitors;
• The Testing and Optimization vendors, including Google (Web Site Optimizer), Omniture (Test & Target) and SiteSpect, more or less make their entire living off of  statistical analysis of the behavior of sampled populations;
• The Adaptation and Recommendation engines, including Baynote, Certona, and Rich Relevance, all also more or less depend completely on algorithms to determine how to adapt content to suit a particular visitor’s likely needs;

Have I mentioned Excel, Tableau, and R?  Hopefully by now you get the gist … statistics is already all around us all the time, perhaps just not exactly where we expect it or, in the context of lower rates of data collection, where we will ultimately need it to be.

Perhaps the most encouraging evidence that we will be able to make this shift is the increasing attention the digital world is getting from traditional business intelligence market leaders like Teradata, FICO, IBM, and SAS.  I, for one, am more or less convinced that the gap between “web analytics” and “Analytics” is about to be closed even further … and here’s one guy that seems to agree with me.

We don’t need to thumb our noses at the privacy people — quite the opposite, and to this end John and I will be sitting down with a representative from the Center for Democracy and Privacy and Adobe’s Chief Privacy Officer MeMe Rasmussen at the next Emetrics in San Francisco! We also don’t need to stick our head’s back in the sand and hope this issue will simply go away — it won’t, trust me.

We need to prepare.

Prepare by committing yourself to not being that scary data miner that consumers are supposedly so afraid of; prepare by improving your data quality to the extent that you are able; and prepare by starting to communicate to leadership that it really doesn’t matter if you can count every visitor, every visit, and every page view — what matters is your ability to analyze data using the tools at your disposal to deliver value back to the business.

If you’re not sure how to do that, call us.

Viva la revolution!

DISCLOSURE: I mentioned and linked to lots of vendors in this post which I normally do not do. Some are clients of Web Analytics Demystified, others are not. If you have concerns about why we linked to one company and not another please don’t hesitate to email me directly.

Those of you paying close attention to issues regarding consumer privacy on the Internet are probably at least a little familiar by now with Flash Local Shared Objects (also called Flash “Cookies” by some.) I wrote a white paper on the subject Flash objects’s use in web analytics on behalf of BPA Worldwide back in February and had to update the blog post I wrote when I noticed  that Adobe had wisely written a letter to the Federal Trade Commission regarding the use of Flash to reset browser cookies.

After writing that update I got in contact with Adobe’s Chief Privacy Officer, MeMe Rasmussen, who politely agreed to answer a few questions that I had about their letter and Adobe’s position on the use of Flash as a back-up strategy for cookies.  Given that Scout Analytics is now reporting that Flash “Cookies” are increasingly being deleted by privacy-concerned Internet users I figured it was a good time to publish my questions and MeMe’s responses.

The following are my questions (in bold) and Mrs. Rasmussen’s responses verbatim.

Flash Local Shared Objects (LSOs) have been around for a long-time and I have been aware of their use as a “backup” for browser cookies for reset and other calculations for a few years.  What made you write your letter to the FTC now?  Was there a specific event or occurrence?

The topic of respawning browser cookies using Flash local storage was publicized after research conducted by UC Berkeley on the subject was published in August 2009.  The topic was also raised at the FTC’s First Privacy Roundtable in December, so when the FTC announced that its Second Roundtable would focus on Technology and Privacy, we felt it was the appropriate opportunity for Adobe to describe the problem and state our position on the practice.

While I believe the position you outlined in your letter to the FTC is the correct one, you have put many of your customers in an uncomfortable position by condemning an act that they have been using for quite some time — essentially issuing negative guidance where none had been previously issued (to my knowledge.)  What has the response to this been if I may ask?

We have not received any comments or concerns from customers about our Comment Letter to the FTC.  Adobe’s position specifically condemns the practice of using Flash local storage to back up browser cookies for the purpose of restoring them after they have been deleted by the user without the user’s knowledge and express consent.  We believe companies should follow responsible privacy practices for their products and services, regardless of the technologies they choose to use.

On page 8 of your response to the FTC you discuss Adobe’s commitment to research the extent of this (mis)use of Flash LSOs.  Given the extent to which LSOs are being used perhaps “not as designed” and the sheer popularity of Flash on the web this seems quite a task.  Can you describe how you have started going about this effort?

We are currently in the process of defining the research project and are working with a well-respected consumer advocacy group and university professor.  At this time, the specific details of the project have not yet been finalized.

Within the web analytics community many have commented that your position on Flash LSOs may impact some of what Mr. Nayaren and Mr. James have said about the integration of Omniture and Adobe products like Flash.  Specifically some of the commentary suggests a tight integration of Omniture’s tracking and Flash.  Does your position on LSOs as a tracking device change the guidance the company has issued to common customers?

No, the position we outlined in the FTC Comment on condemning the misuse of local storage, was specific to the practice of restoring browser cookies without user knowledge and express consent.  We believe that there are opportunities to provide value to our customers by combining Omniture solutions with Flash technology while honoring consumers’ privacy expectations.

One of the suggestions I made in the white paper with BPA Worldwide that you cited was to use Flash LSO as a back-up tracking mechanism but NOT to use it to re-spawn cookies.  From a measurement perspective there are a handful of good reasons to do this … does Adobe have a position on that strategy that you can outline?

The point we made in our FTC Comment was that we considered the practice of using Flash local storage to respawn HTML cookies without user consent or knowledge to be an inappropriate privacy practice.  In your white paper, you identified some uses of Flash local storage whereby browser cookies are rest but the use is given clear notice and an opportunity to consent.  We believe that technology should be used responsibly and in ways that are consistent with user expectations.  The example you presented in your white paper was an example of a Web site that, by giving notice and control to the user, implemented our technology in what appeared to be a responsible manner.

(Thanks again to MeMe and the team at Adobe for getting these responses back to me! As always I welcome your comments and questions.)

When I first saw the news of Google’s opt-out browser plug-in spread around Twitter I thought “hmm, I wondered when we’d see this” and moved on since opt-out is more or less an non-issue — basically because in the grand scheme of things nobody really opts-out. For all the hand-wringing and navel-gazing people do on the subject of privacy online, I have never, ever seen any data that indicates that web users actively opt-out of tracking in significant numbers.

Never.

If you have it, bring it on as I’d love to see it. But in my experience the only people really truly and actively interested in browser- or URL-based opt-out for tracking are privacy wonks, extreme bit-heads, and some Europeans. The privacy wonks and bit-heads are who they are and are unlikely to ever change; the Europeans have privacy concerns for other reasons but I will defer to Aurelie to try and make heads or tails of what those reasons are.

Still, it has been interesting to see some bright folks like Forrester’s Joe Stanhope offer some explanations about why Google might be doing this and what the ramifications might be. And it has been less interesting to see some of the fear mongering and hyperbole offered by Marketing Pilgrim’s Andy Beal in his post “Why your web traffic is going to nosedive thanks to Google” although I found Econsultancy balances things out with their straightforward and tactful post “Will opt-out threaten Google Analytics?”

What Andy, Patricio, and to some extent Joe, apparently didn’t notice is that Google Analytics is about to make a big, big push into Federal Government web sites, and this browser-based opt-out is just a check-box requirement to satisfy the needs of said privacy wonks who for better or worse have the Administration’s ear (or some body part, you choose!)

Yep, the browser opt-out isn’t actually for anyone … except for perhaps the Electronic Freedom (sic) Foundation and their ilk. Google is somewhat brilliantly checking a box now so that when the Office of Management and Budget (OMB) releases all new Federal guidelines for browser cookie usage later this year any Federal site operator who wants can immediately dump their existing solution and go directly to Google Analytics.

You do remember that Google Analytics comes at the amazing deficit reducing price of ABSOLUTELY FREE. Even a Republican can get his or her arms around that price tag, huh?

You betcha.

“Hey wait,” you say, “what about the fact that Federal web sites will probably never get permission to track visitors over multiple sessions?” Good point, except did you know you can override Google Analytics _setVisitorCookieTimeout() and_setCampaignCookieTimeout() variables and set their values to zero (“0″) which effectively converts all Google Analytics tracking cookies to session-only cookies?

Yep.

Not to mention that the little birds who sing songs in only hushed tones suggest that OMB is about to take a much more reasonable stance on visitor tracking anyway. This is not a done deal, but the situation that most Federal site managers work under today — one where many sites are more or less forced to use out-of-date log file analyzers and most are hamstrung in their ability to analyze multi-session behavior — seems to fly directly in the face of President Obama’s efforts to make government more transparent and effective.

I said as much just after he was elected, and then I said it again when I pointed out that Barack Obama should not fear browser cookies! Federal managers need modern, easy-to-use tools to improve the overall quality of government web sites.

Now, I could be wrong about all of this — I am human, and like Joe Stanhope I have not heard word-one from Google about the opt-out app — but I am pretty good at connecting dots and these are big, obvious dots:

1. Google loves data
2. Feds have tons of data
3. Feds have requirements necessitating privacy controls
4. Google builds privacy controls
5. Google gets Feds data

This is actually pretty brilliant of Google if you think about it. Assuming you’re with me in my belief that Google Analytics isn’t about AdWords or Analytics or anything other than Google’s desire to have all the world’s data, then you’ll surely see that providing Federal web site operators a web analytics solution that simultaneously solves a multitude of analysis problems AND saves money is, well, pretty freaking brilliant.

Don’t take my word for it. Here’s a list of sites in the .gov domain that people are tracking using our free, browser agnostic web analytics solution discovery tool. We have about 100 sites total, the majority of which don’t appear to have any kind of tracking code at all, and of these:

• 12% are using Google Analytics exclusively already
• Another 3% are using Google Analytics with Omniture (1%) or Webtrends (2%)
• 6% are using Omniture (one, GSA.gov in tandem with Webtrends)
• 15% are using Webtrends (including GSA.gov in tandem with Omniture)
• 63% appear to have no hosted analytics of any kind

If I’m right the evidence will be obvious as more of these “no hosted analytics” sites begin to have Google Analytics tags. Sites like Census.gov, the EPA, FCC, FEMA, HUD, and even FTC might all start to take advantage of Google’s largesse (and willingness to provide a browser-based opt-out, don’t forget that!)

What do you think?

As always I welcome your thoughts, observations, reaction, and even anti-tracking-pro-privacy rants. If you are you a Federal site manager with insight to share but unable to voice your position publicly then out of respect I am happy to have you post anonymously as long as you provide a valid email address that I will confirm and then convert to “anon@anonymous.gov” to protect your identity.

One of the biggest problems we face in web analytics today is our industry’s lack of standards and common definitions. And while a great number of incredibly bright folks have put a ton of energy into solving these problems, in my humble opinion we are more or less where we started years ago — agreeing politely to disagree. Those of you who have been reading my blog for awhile know that I’m not shy about disagreement — perhaps more than anything my analyst’s mind loves a spirited debate — but I also am somewhat anxious about creating tangible outcomes.

To this end I am incredibly excited about two huddles at X Change 2009, one that was just added! The first is Forrester’s John Lovett’s “Web Analytics Standards (or a Lack Thereof)” in which John will be leading us through the current state of industry standards, proposed definitions and our collective understanding of analytics terminology. The second, and one just added to the X Change, is Jim Hassert’s “When is a Visitor Not a Real Person?” huddle in which Jim will take John’s huddle one step further and drill-down into the often irreconcilable differences found in the seemingly harmless “visitor” metric and dimension.

Last year I was forced to miss a lot of good huddles. This year a team of wild horses couldn’t keep me from missing these two.

While I have little doubt that both of these huddles will live up to the spirit of the X Change my hope is that they will go one step further. I would love to see both produce some kind of actionable outcome, something that we can carry forth into our careers and the wider conversation about our industry. Given that some serious talent is already signed up for the X Change — including some of the brightest minds in the practitioner and vendor community — I have little doubt that we have the brain power … now all we need is the resolve to do something and not just push words around on paper.

If you’re a reader of this blog and want to join us at the X Change I’m happy to help you out.  If you act before July 31st I am offering a 15% discount on the registration (a $300 savings!)

Come to the X Change. Agree to do more than “politely disagree” — take a stand, defend your ideas, and help shape tangible and positive outcomes.