Cookies (Not the Good Kind)

Cookies (Not the Good Kind)#

Not the sort your grandma makes with chocolate chips, though I wish these cookies were that delicious occasionally. These are small text files that websites place on your computer like digital breadcrumbs. But instead of helping you find your way home, they keep track of where you’ve been, what you’ve clicked, and presumably that humiliating google search you wish you could forget.

The main notion is that websites keep small bits of information about you in your browser so they can remember who you are and what you’ve done. It sounds harmless enough, doesn’t it?

What Cookies Really Do#

When they’re useful, they:

  • Remember your login so you don’t have to type your password 47 times a day

  • Keep items in your shopping cart when you leave the site

  • Save your preferences (like dark mode, language, and that pizza order you always change the same way)

  • Maintain your session so the website knows you’re still you as you click around

When they’re not as useful:

  • Keep track of all the sites you visit

  • Create profiles of how you browse

  • Follow you across the internet with retargeting advertisements

  • Tell advertisers about your spending habits

The Two Types of Cookies

There are many kinds, much as in the cookie department at Whole Foods (which is a hazardous place, by the way). But these don’t have nutrition facts on them.

First-party cookies (the ones that are useful)#

The website you’re actually browsing sets this. These cookies are performing real work: keeping you logged in, remembering your cart, and maintaining your site preferences.

Example: You go to CNN.com. When you visit CNN, a cookie is put on your browser that states, “This is user_12345. They like dark mode and have already closed the newsletter popup.” That cookie comes from the first party, and it really is useful.

These are necessary for websites to work. First-party cookies are usually in the “strictly necessary” category that you can’t decline when you see those awful cookie consent popups (thanks, GDPR).

Third-Party Cookies (the ones that track you)

Set by someone other than the website you’re on, such ad tech companies, analytics platforms, or social media widgets that are built into the page.

Example: You go to that identical article on CNN.com. But also on that page? There are Facebook’s tracking pixel, Google Analytics, DoubleClick ad tags, and a dozen additional trackers. Every one of them drops their own cookie. You are now being watched by 15 companies that you have never been to.

This is how you look for “best running shoes” on one site and then see advertising for running shoes follow you around for the next two weeks on news sites, blogs, recipe pages, and wherever else you go. That’s how third-party cookies are supposed to function.

What Third-Party Cookies Let You Do#

Third-party cookies are like gold to advertisers:

Cross-site tracking: Following you from one site to another to learn more about your interests.

Retargeting - Show you advertising for things you looked at but didn’t buy (like those shoes again) - Group you with other people who act the same way - Limit the number of times you see the same ad (in theory; in fact, this often doesn’t work) - Measure how well the ads work - Keep track of whether advertising lead to sales

For people? It feels strange. And more and more, regulators agree.

Cookies made the modern world of online advertising possible. They are the basis for most of how targeting, measuring, and attributing ads works. That’s why their creeping dying is causing so much trouble in the business.

Next, we’ll talk about why cookies are breaking and what’s next.