I was unaware of those optional cookie settings. When I read that second paragraph I almost left the article to make the privacy change before I realized that I was already using Safari.
I can almost guarantee that, if asked, most users would request that their browsing not be tracked some ad company you have no knowledge of. An interesting case where Apple's policy is far more reasonable than Google's.
I can almost guarantee that, if asked, most users would request that their browsing not be tracked some ad company you have no knowledge of.
I think that depends on how you frame the issue. "Do you want to have your privacy invaded by evil marketing companies?" vs. "Would you help Google to know you better, so it can serve you better ads?"
For me, ads are a necessary evil because I don't want to ever pay for every content I consume on the internet. So, If third party cookies are used to serve me better ads, ads that actually interest me, then I'm all for it.
Just this past week I finally decided to move my blog from Dreamhost to a Managed WP Hosting company, and it was all because of their ads following me all over the internet. I'm thankful to Google that it showed me those ads and not something about beer or hip-hop music or macrame or whatever I don't care for.
Let's suppose you didn't deliberately bias the question. I think Gruber is right. Arguing that if you slanted the question you could slant the result is beside the point.
Second, if Google can't do a good job of showing me relevant ads in gmail -- and it can't -- I don't think its cookies will help it. You're assuming facts not in evidence.
Three, there's also no evidence that making ads better targeted has been good for the ad industry (whose overall revenues have if anything fallen) or ad quality (when's the last time you saw a great online ad? I've seen plenty of great print and tv ads).
What do you mean "no evidence that making ads better targeted has been good"? You mean no evidence as in you A/B tested your on app and found no reasonable increase? Or you mean no evidence, as in you never bothered looking for evidence?
Judging from my personal anecdote with A/B testing targeted ads, there's a lot of evidence that it's good for both advertisers and users. Just try running tests and you'll see it for yourself.
Nice how you left off part of my sentence. Targeting ads is good for (some) advertisers (whether it's good for customers is debatable) but I said "good for the ad industry".
If a/b testing increases conversions all that demonstrates is you can get more revenue per ad dollar. Whether any "good" occurs is an entirely different matter. You might be selling penis enlargement pills.
Your second point really hits home for me; honestly, I would love to know what Google (or most any other modern ad company) /is/ doing with its cookies, as it never seems like any of the ads I see are even remotely well-targeted.
> For me, ads are a necessary evil because I don't want to ever pay for every content I consume on the internet.
I can understand, sort of (even though the parts of the Internet I use most are community supported, not ad supported so I don't think less effective ads will suddenly destroy the Internets even if a large majority currently is ad supported)
> So, If third party cookies are used to serve me better ads, ads that actually interest me, then I'm all for it.
But this I do disagree with. I surf the Internet a lot, and there's already more than enough stuff distracting me that I wasn't looking for. No matter how useful it may seem to be, it cuts deeply into my productivity if every venture into some research or just surfing gets sidetracked by extremely interesting ads. Extremely interesting (but non-relevant to the topic at hand) links are already enough of a problem, slurping bits off my willpower to not click them, that I don't need any ads hypertargeted at my personality to draw away my attention from what I was looking for in the first place.
No really, I prefer ads that don't apply to me at all.
This just my personal opinion, but in the case of a "like" button, it relies on you having interacted with Facebook, having previously accepted their cookies.
In the case of most ad networks, no one knows who they are, no individual visits their site directly. Now in the case of Google, I don't know why they couldn't just serve ads from google.com and still get around this issue, since most people would have accepted cookies from them already.
Exactly. Having spoken a lot about these issues to regular people, I would bet most people would give up privacy for better ads. Just as most people would give up privacy for a safer world.
I think you're right, but only up until that point where people see concrete, actual consequences of giving up their privacy.
A friend of mine was not very happy when he discovered that he was served ads about "how to lose weight!", and "struggling with depression?". Of course, I don't even know if those were targeted to him. Maybe the next ad he'll see is "struggling with paranoia?" :)
What are better ads? If I want something specific to buy, I can search 1000 million places on the web and find it with unprecedented ease. So why I need "ads" at all? (and much less "better ads").
Plus, if I searched Google or visited sites for "depression", "dildos", "flatulence problems", "David Hasselholf CDs", "weight loss", "quit your job" etc, I sure as hell WOULDN'T want to see "better ads" targeting me for such topics --especially when I'm browsing with other people around me.
Better ads are ads with higher click-through rates, which provides more dollars for the site whose content you are freely consuming.
Higher click through rates come from a better match between the user's interests and what the ad is offering. It is good for the advertiser (since they get more customers), and the site (since they get more ad revenue), and the user (since they see relevant ads instead of garbage).
Better ads are ads with higher click-through rates, which provides more dollars for the site whose content you are freely consuming.
Well, I'd happily pay to get rid of the ads, given the chance.
Higher click through rates come from a better match between the user's interests and what the ad is offering. It is good for the advertiser (since they get more customers), and the site (since they get more ad revenue), and the user (since they see relevant ads instead of garbage).
It sure as hell isn't good for me. I don't want to see "relevant ads".
For one, they are just there to make me spend more.
And second, as I said above, I ABHOR relevant ads shown when I browse, especially with other people around, that can guess that all those "adult diaper" ads I'm being shown have something to do with what I was searching for in private.
I have run w/ 3rd party cookies disabled in Firefox and Chrome for some years now. A few sites used to break now and then and now it's practically non-existent.
It's difficult to picture many people wanting this at all. I agree with Gruber 100% on this.
I think the biggest issue is the growing number of online publications using third party messaging / discussion forums like Facebook or disqus. AFAIK require third party cookies to work. Then again, it made me question whether it was really worth commenting on a story...
I have had third party cookies disabled for years and only ran into problems a few times, but that was years ago.
Disabling third party cookies seems like a sensible default to me. You can have an argument about which option is better and there are good arguments for either of them – but neither of the two options seems outrageous to me if you were to pick them as the default.
> I was unaware of those optional cookie settings. When I read that second paragraph I almost left the article to make the privacy change before I realized that I was already using Safari.
Some browsers have an even tighter setting, between "first-party only" and "no cookies": prompting for every cookie being set.
That's what I use in Camino. It is more expensive as I'm prompted every time I browse as site for the first time, but the default dismiss via "[ESC]" is to deny the cookie, and to set a deny rule in the browser.
That way, I only accept cookies on sites in which I want to log in, and (depending on the site) sesion-only cookies of sites which require cookies.
@stuntmouse, I wrote that comment after the down votes, but edited it with the current text (thus the "edit" in the comment). I probably should have kept the original, but it was not why I got the down votes. That comment was actually up voted.
Anyway, I'd just like to hear an opposing view as they seem to be out there.
If you frame the question as, "Would you like to continue receiving free services from Google, like Maps, Gmail, and Search, in exchange for targeted advertising?" I think most people would say yes.
>"Would you like to continue receiving free services from Google, like Maps, Gmail, and Search, in exchange for targeted advertising?"
That's also a framed question, because it's a false dichotomy. You don't need targeted ads (and thus, tracking) to make money of ad income. I'm not even sure (as others have pointed out) if targeted ads are more profitable. Even assuming that non-targeted ads are less profitable than targeted ones, then so be it. I don't think that the business model and/or profit margin of a company (Google or not) is a valid argument when considering privacy, which I would consider a fundamental right.
Sure, framing the question that way might garner a different result, as would framing it thus:
"Would you feel comfortable giving away information regarding your online activities in exchange for free web services like Google Search, Maps, and Gmail?"
Using the phrase "targeted advertising" is misleading. It's not that the advertising is targeted that people oppose, it's the insight into your online activities is exposed without you having any control over that information's use.
How about: "Would you like to pay $5 a month for services from Google, like Maps, Gmail, and Search, for an advertising free experience, better privacy and the entitlement to being the actual customer of Google resulting in better service and fewer surprises down the road"?
I realize it's an ad hominem, but I'm surprised Gruber didn't further emphasize the fact that Battelle runs an ad network. Of course it's in his best interest to be able to set 3rd-party cookies. Understanding that puts Battelle's argument in a different light.
Given that Mozilla claims they "fight for the users," is there a reason Firefox doesn't also default to only allowing first-party cookies? (Perhaps it has something to do with the massive deal with Google that represents 90% of their revenues?)
It mentions: "Some websites (e.g. Microsoft's Hotmail, MSN, and Windows Live Mail webmail) use third-party cookies for purposes that are not necessarily privacy concerns, and disabling third-party cookies may cause problems with those sites."
May cause? Not necessarily? Seriously? Anyone with third party cookies disabled ever had a problem with a web mail service?
Mozilla is willing to break html5 video for all intents and purposes because h264 isn't open enough (but this oddly helps Google) and allow third party cookies by default of reasons that make no sense (but this oddly helps Google) and it gets it's money from... Oh that's weird.
Have you read it? They're saying that some websites use them for purposes that are not privacy concerns. As long as Google doesn't do this - by which I mean, as long as they only use third-party cookies for tracking - they're irrelevant, because Mozilla would shut them down anyway.
It's only sleazy if you see it as an attack and not a simple explanation.
I'm guessing that MS is using the cookie for a purpose that it was not intended for. That's not to say it's inappropriate, but it's up to them to understand the risks and make sure the app works in both states.
The third party cookie blocking in Firefox is different from the feature available in Safari. Safari's policy is designed to block third-party cookies unless you already have a first-party relationship with the site. So, unless circumvented, it will block ad networks from tracking you but won't prevent things like the Facebook "like" button from working. The Firefox policy will prevent use of third-party cookies always, even for sites where you have a pre-existing relationship.
The Safari policy was designed to pick a tradeoff of privacy vs. compatibility that would let it be enabled by default. Since most users never change default settings, this arguably gives more privacy benefit to the typical user, at the expense of a bit more control for experts.
Side note: the Chrome third-party cookie blocking setting behaves roughly the same as that in Safari, but is not on by default, so it has less privacy impact than either the Safari or Firefox approaches.
but I'm surprised Gruber didn't further emphasize the fact that Battelle runs an ad network
Everyone has an agenda. Gruber is an very pro-Apple/anti-Google advocate. He could also be credibly classified as anti-web (where the argument suits his prior agenda. As I'm sure many will call shenanigans, I could happily reference at least a dozen examples of his misinformed anti-web sentiment). Did Gruber declare any of that in his observations? Did the submitter?
Given that Mozilla claims they "fight for the users," is there a reason Firefox doesn't also default to only allowing first-party cookies?
To most people the benefit of third-party cookies outweighs the detriments. Outside of the functional benefits, the economic foundation of most of the content that people rely upon depends upon third-party cookies.
Firefox isn't an irrational group. They realize that undermining the platform doesn't do much for their users. Apple, on the other hand, has no advantage helping the economic cause of the web as a whole. Quite the opposite, in fact. Which is how they chose a default that is contrary to every other web vendor. If you want to monetize users you'll just need to wrap that HTML up into a WebView and submit it to the app store -- be sure to add some iAd support.
What bothers me here is that Google broke a contract. Since there is no way to determine between people who intentionally set that preference and those who are just using the default settings, I guess they consider us "collateral damage."
They could have gone public with the issue. They could have alerted users and given them the option to change the defaults. They could have found some interesting ways to make allowing 3rd-party cookies more advantageous to the consumer.
Instead, they coded a hack to intentionally ignore your privacy settings. Maybe it's not a huge action, but I can't hold that action in my head together with the mantra of "do no evil." I just can't. And I'm truly saddened by that.
I agree with Gruber here, in that most people, if randomly sampled, would prefer only the sites they are explicitly visiting, track them - and not some underlying ad-network that just happened to appear on the web page.
That is - I might visit nyt.com, and have no problem have them tracking who I am, (I.E. that I have a subscription and can see more than 20 articles / month) - but I would prefer that the underlying advertisers not be able to track me from site to site just because they happen to be one of the advertisers on nyt.com (and whatever other web pages I visit - eventually they would start to build a pretty significant profile around me)
It may be the case that there are some legitimate (and useful) cases where third-party cookies are useful - but, if that's the case, I'd rather _explicitly_ allow that use, rather than have it allowed by default.
Hard to imagine very many people who would prefer the third-party tracking by default - and I vote for inconveniencing that small group of people, in order to protect the privacy of the much larger group who don't even know what a "cookie" is or how it works.
Good story, but there's one thing missing: Safari on iOS does not block 3rd party cookies by default. It blocks them until you interact with a 3rd party element on the site. Then it accepts them. And Google exploited that by faking an interaction with a 3rd party element.
This "3rd party cookie only on interaction" is a setting that most desktop browsers don't have. You can either accept or deny 3rd party cookies. So, in that regard Safari on iOS is different than the rest. But I'd argue that it's a very sane default setting and I hope that normal browsers everywhere start adding this setting too. I'd use it!
Gruber makes an assumption that the only thing that third party cookies are used for is ad networks and tracking. A whole bunch of common (especially the new social tools) you use rely on third party cookies.
Its not 3rd party cookies to blame, its their use. There are legitimate uses for third party cookies. If I care about blocking ad networks, I use an ad blocker. I just dont go ahead and limit the functionality that these cookies offer.
> Gruber makes an assumption that the only thing that third party cookies are used for is ad networks and tracking.
I think it'd be more fair to say that this particular use-case is the one that he's emphasising. And, in the context of privacy, it's the one that regular users are going to care about the most.
> If I care about blocking ad networks, I use an ad blocker. I just dont go ahead and limit the functionality that these cookies offer.
That might work for you, as an individual, but Apple couldn't do it without copping a lot of flak. Imagine if they suddenly blocked ads by default—the web would go crazy.
I would posit a guess that there are more sites out there that need ad revenue to survive than there are sites that need third-party cookies to survive.
More people want their FB likes than you know. If you dont want, you should not start generalizing that the mass population doesnt. Also, half your favorite sites will disappear without those evil ad networks. A large number of people choose ad driven products than subscribing/paying for a service.
The question, I suppose is why I need to opt-out of these 'legitimate uses'? Why is the assumption that I'd like to freely give my browsing history to everyone that throws together an ad network or social site of the month? How are +1 and Like buttons any better than DoubleClick?
I had a pretty embarrassing meeting after opening a blog in Safari plastered with lingerie ads during a presentation. Near as I can tell, my wife opened mail from them in GMail and that was enough association to serve the ad.
So, who is to blame? The ad service for serving something inappropriate, my browser for having a bad default privacy setting, or myself for not changing the privacy setting and lending my wife the laptop to check her email?
No more 3rd party cookies for me. It's rather shameful that these ad networks have seen fit to work around a sensible default. It's worth a mention that this isn't new - flash cookies have been a workaround for ages.
Would you prefer they had absolutely no knowledge about you, and they just randomly showed you lingerie ads? Because that's going to happen in a future where the ad networks can't track the user at all anymore. Totally random ads.
I think what most people would prefer is that faceless ad companies not have a list of all the porn sites they've visited along with whatever real world info they could gather on me sitting in plaintext on some unpatched server in Cutrateistan.
I'm pretty sure you want that too but please continue with this utopian straw man about how this is only about better ads.
They don't need cookies to track you when your browser footprint is unique enough (http://panopticlick.eff.org/).
So you still need a tool like Ghostery (http://www.ghostery.com/) to disable the snippets that can track you.
But then again: when everybody is blocking Google and Facebook, how would they earn there money?
I think that endgame is obvious, they bribe users to let them track them.
Information about TV and radio habits is very lucrative for companies like Nielson -- they pay quite well for participation and diary keeping. Even taking short surveys over the phone is rewarded with $25-50+ checks.
A company like Google is in a unique position to automate this process -- opt in to tracking and receive a tiny percentage of the more lucrative ads google is able to get. Win-win, tell your friends and almost everyone signs up.
Assumption: targeted advertising is more lucrative than indiscriminate advertising. (I'm not sure this is true, but it seems to be accepted common wisdom.)
If I were to run FB or Google, and discovered ads of any type were being blocked, I'd naturally try to change the minds of my users the old-fashioned way: money.
The problem is the entire "free through advertising" model. Once you set the price of something as "free" (ala Gmail/Google search) you have a tremendously hard time charging people for it. Sure you can provide "premium" features (ala the freemium model) but how can you do that with search?
Can anybody name a specific situation in which they've been inconvenienced by not allowing third-party cookies? I've always had them turned off, and I don't think I've ever not been able to do everything I've wanted to. I realize that this is a hassle for people like facebook/google, who want to be able to track us as we move from site-site, but I'm wondering how often it negatively impacts the individual user?
I don't think it's universal but I've been on sites where I've been forced to enable it to use their commenting platform (cant recall if disqus or intensedebate).
It's either no longer a problem or depends on a site's implementation though because I've used both platforms without 3rd party cookies recently.
I think that might happen if you try to log into StackOverflow with an StackExchange account. I swear I've seen the message Please turn on 3rd party cookies somewhere on that page... It's a very simple thing, but I really can't try it now! I'd be grateful if you could test it.
>In short, Apple’s mobile version of Safari broke with common web practice, and as a result, it broke Google’s normal approach to engaging with consumers.
I’d have used “tracking” in place of “engaging with”, but that’s semantics
Actually, it does break Google's way of engaging with consumers. +1 buttons (as well as Facebook Like, Diqus comments etc) require 3rd party cookies.
Actually, no it doesn't, because people only need to see those buttons if they already have a relationship with the service in question.
Example: I don't have a Google+ account, so I don't need to see the +1 button. If you have a Google+ account, you would have a cookie, and thus be able to see the +1 button.
In need of more emphasis is the fact that while many have received these cookie settings unaware and may prefer wide open settings, Google and others have no way to discern the difference between those users and those that legitimately want to opt out.
An interesting problem about 3rd party cookies is this: Google offers users to control their privacy settings using the Ad Preferences Manager (http://www.google.com/ads/preferences/). Now if a user has 3rd party cookies disabled, Google does not know the user, and thus cannot apply her preferences.
An alternative solution on the browser side (and I think I saw this before somewhere) would be to only send cookies to a 3rd part site if the user has visited that site 1st party style before; i.e. don't accept 3rd party cookies if they are new. That's a pretty weak signal in the case of Google (who doesn't visit that page?), but at least for many other websites it could improve the status quo ante. If I've never visited some ad network's site, they should probably not be able to track me. Ads could then display inline a "Customize Ads" link that allows users to opt in to targeted advertisement.
"User has visited 3rd party host somewhen" is probably too bad a signal. We'd need something like "User wants to use 3rd party website". That's probably not possible to build with the tools we currently have.
What might Google do if Mozilla bundled the Ghostery privacy extension with Firefox? Or even AdBlock Plus? Google would still receive search referrals from Firefox, but tracking Firefox users across the web would be more difficult.
"Don't want to be tracked by advertisers? Use Firefox, not that browser built by the web's largest advertising network."
"I’d have used “tracking” in place of “engaging with”, but that’s semantics."
"Sounds wrong, or is wrong?"
Gruber on Apple's storage of GPS data:
"[It's] either due to a bug or, more likely, an oversight."
I don't mean to rip on the guy directly. Gruber's a competent writer, and in the technology world, that's rare. But I don't understand why his opinion on Google's cookie debacle are "news" when his agenda is so obvious; what Apple does is good, what Google does is bad.
I think in this situation, it's a question of intent. I don't think anyone has suggested that Apple was trying to do anything other than make it easy for you to acquire GPS lock by saving your location information, and the long backup history was an oversight. In the case of Google bypassing your browser security - it was clearly not a case of oversight - they went to a lot of effort to deliberately override the browser intent.
One was an error of incompetence, the other was willful.
I tend to agree with him, and I really don't call that a double standard. Apple is not really in the business of collecting data about people for showing them targeted ads, but Google is (it's their primary source of revenue). So, when something iPhone's cell tower location tracking happened, I think the probability of Apple telling the truth (it was a mistake) is much greater than the opposite.
Google, Facebook and many other companies are different though. Collecting data is their primary source of revenue (unlike Apple & Microsoft that sell hardware and software).
We have a major problem in this industry with bloggers and journalists collecting an indirect paycheck from large corporations. Here we have Gruber, who collects an indirect paycheck from Apple (Apple's provision of indirect access to inside knowledge drives traffic and authority to Gruber's blog), squaring off against Battelle, who collects an indirect paycheck from Google (Gruber wrote a book that was an overly-positive history of the company -- for which he collected both an advance and ongoing royalties, and he relies upon its executives as guests for his expensive conference).
We can see the practical problems with this situation in that Gruber cannot come out and say the plain truth -- that Battelle's opinion is absurd, and only furthers the case to look at him as a Google shill. Apple's default privacy settings on Safari are to be commended; they are part of why I always suggest Safari as the best option for a WebKit-based browser, regardless of Chrome's bells and whistles. Google's actions in this area cannot be defended by any sane person -- they are clearly subversive, and the notion that Google "knows what's best for consumers who simply didn't know better" is utterly Microsoft-Circa-1990s Evil (with a capital E! This was the whole argument for bundling Internet Explorer, among other things).
By "Inside Knowledge" I presume you mean the 1-week advance review of OS X Mountain Lion. Providing Journalists with advance information under embargo is common in pretty much every industry (Automobile Industry, Camera Industry) - it lets them write their articles so they are ready for release at the same time. The WSJ, NYT, and other outlets all got the same treatment.
I don't believe Gruber has ever written a book.
99% of Gruber's articles are just him providing a (somewhat snarky) view on the industry - it's pretty rare for him to write an article that has any inside knowledge - My guess is that it's less than 1 in 100.
He's been a pretty enthusiast regarding Metro/WP7 recently - as those product appeal to his design aesthetic. I suspect that if Microsoft continues to execute well, that Gruber will be seen as a Microsoft/Apple Design elitist in years to come.
I agree with you -- just presenting a balanced view of the motivations driving both bloggers' posts. Gruber has far less to gain, as Apple isn't going to provide employees for Gruber to interview for a book/conference.
Right, here we have Gruber trying to disprove Battelle's argument when really Gruber should be attacking Battelle's person and motivations?
I kind of like it when the argument is about the idea rather than the person. I wish HN discussions more often would be as well, sadly we rarely afford Gruber that courtesy.
When people have massive financial conflicts of interest, it is very hard to trust their opinion on a given matter. The responsible thing to do in these situations is for someone to simply stay out of a debate; when they choose to passionately jump in and provide an extremely biased view, it is sensible to point out the conflicts. This isn't a personal attack, it's just a factual observation; for example, you wouldn't trust an analysis on "should the US attack China" from a journalist known to be reliant on Chinese funds / access to ruling party members for expensive conferences. The tech industry is filled with reporters reliant on cozy relationships with their subjects, who then provide supposedly unbiased analysis and defense of the company's agenda. It's obnoxious, and it is a disservice to those in our industry who don't have an insider's perspective on who's paying/dating/etc whom; they don't realize they are reading PR nonsense.
I like Michael Arrington's perspective on this (I can't believe I just typed that) - which is there really is no such thing as objectivity, and the best a reader can hope for is as much transparency as possible. I agree, that a lot of these "journalists" rely on their sources for access, and don't want to burn their bridges, so they may give a somewhat biased report (in return for future access). There are also other biases, like David Pogues writing the "Missing Manual" series, while at the same time providing a supposedly unbiased review of the devices he is writing manuals for. I love Pogues Reviews - I just wish he was a little more aggressively transparent when he writes a review for something that he might be gaining financially from.
But, at the very least, most people know where Pogue, Gruber, Siegler are coming from - so we go to them when we want the "Pro-Apple" perspective. The sad thing is how rarely fans of the Apple Aesthetic are willing to go read the "Anti-Apple" perspective (Is there such a source? ) And what about the Objective review? Mossberg has been panning Apple quite a bit recently - maybe he's the objective reviewer...
Gruber hasn't written any book. John Battelle has written a book on Google.
Also, I think it's extremely disingenuous to conflate Gruber's income from his blog with the income Batelle derives from being the founder of Federated Media Publishers. To say that Battelle has an agenda in supporting Google's practice is obvious.
I can almost guarantee that, if asked, most users would request that their browsing not be tracked some ad company you have no knowledge of. An interesting case where Apple's policy is far more reasonable than Google's.