e-Rewards, the survey site that lets you redeem points for miles in a variety of programs (unless you sign up via a specific program, in which case your redemptions are restricted to that program), plans to implement (on or about October 1) some pretty extreme tracking cookies to watch your overall web browsing sessions.
On the whole, I find that their surveys are less rewarding (fewer points for longer surveys) than they were perhaps five years ago. And the opportunity cost of my time has gone up. I rarely find it worthwhile to complete their surveys on the basis of the rewards they’re offering.
But I still complete some surveys because I like to have a small stash of points that I can redeem at-will. The surveys are too cumbersome for, say, the 1000 frequent flyer miles I’ll eventually get. But when I can transfer the points into a program and receive credit from that program for partner activity when there’s a bonus running for having activity with lots of partners, the surveys will have been that much more rewarding.
For instance, I recently redeemed for the minimum transfer to US Airways in order to get a partner credit in their Grand Slam promotion.
So the program is somewhat useful to me but I don’t like the changes one bit. The privacy policy now contains a section on “Advanced Cookies”:
Advanced Cookies
The advanced cookie tracks the patterns of online behavior of e-Rewards Members. The advanced cookie, which may be placed by e-Rewards or a third party, incorporates a key which can identify tags contained in certain online content relating to our clients and their products and services. If an e-Rewards Member views a page containing any content including the tag, the key will send e-Rewards an update confirming that the Member has viewed the page containing this content. Certain Web pages or Web-based advertisements you view may be tracked, and in some cases, this tracking data may be combined with survey answers you provide. The tags are not included in any content which could provide information of a sensitive nature, for example information about religious beliefs or health. The information collected will be used to identify suitable candidates for particular market research studies. Members will have the opportunity to opt out of receiving such advanced cookies on their computers, including those placed by e-Rewards or by a third party, by updating their preferences on their e-Rewards “My Account” page . We do not have access to, nor control over, third party cookies or how they may be used. If you would like more information about third party use of cookies, and about your option not to accept these cookies, please click here. Your access to our Web sites will not be affected if you do not accept cookies placed by third parties.
So they say they’re going to try to track some of the other websites you visit, and compare your actual browsing to your survey answers.
They do offer the ability to opt-out of these cookies, and I have. You can update your contact information and the last option on the page is to opt in or out of these advanced cookies.
I’m not a privacy zealot. Personalized advertising doesn’t bother me, in fact I would prefer to see offers that actually dovetail my interests than those divorced from them. I don’t fear corporations. But they way I think about this is summed up rather well by an apocryphal Winston Churchill story:
Churchill: Madam, would you sleep with me for five million pounds?
Socialite: My goodness, Mr. Churchill… Well, I suppose… we would have to discuss terms, of course…
Churchill: Would you sleep with me for five pounds?
Socialite: Mr. Churchill, what kind of woman do you think I am?!
Churchill: Madam, we’ve already established that. Now we are haggling about the price.
What e-Rewards is doing is sort of creepy, and most importantly they aren’t offering nearly enough rewards for me to agree to give them the information they’re after. If they want these advanced cookies on my machine, they had darn well haggle up the price..
Hate to break it to you, but this sort of advanced ad targeting and tracking is only going to become more popular in the coming years. The conversion rates and click values on these ads are significantly higher than the current level that Google or Yahoo are realizing so there is plenty of motivation to make it happen.
It is hard to put a price on “free” when it comes to things like ads and revenue and content.
This post is a little bit technical. I teach security for a living, and have written books on the topic.
Cookies used to just make browsing simple, by giving back the website some info it just provided, or perhaps keeping track of preferences.
Later, they were used for tracking. Google, for example, assigns a unique number the first time you visit and then uses it to track all of your searches. If you have a google account (gmail, for example) try this link: https://www.google.com/history/ to see what they track about your history. (Results vary based on preferences. Also, the other search engines do the same, they just don’t provide links for you to see what they know about you. For US readers, this is what the Justice department was requesting from the search providers a few years ago).
The next iteration was called “supercookies”. Unlike the originals, which can easily be examined and deleted, these are stored in the user’s registry (in Windows, of course)and are much harder to find. For the typical user, the registry is a fearsome place and the originators of this idea know and depend on that fact. .
Now, we have Evercookies.
This quote comes from a blog I follow. I’ve declined to provide the link because it links to a site that will give you an Evercookie. For professionals who test this on non-persistent virtual machines, there is little risk. For users who click on every link, it turns your browser into a postcard, in terms of privacy. Here are some details:
Evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they’ve removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.
It accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.
Specifically, when creating a new cookie, it uses the following storage mechanisms when available:
* Standard HTTP Cookies
* Local Shared Objects (Flash Cookies)
* Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
* Storing cookies in Web History
* HTML5 Session Storage
* HTML5 Local Storage
* HTML5 Global Storage
* HTML5 Database Storage via SQLite
This is the really, really scary one. As I write this, the defensive software suites (Norton, F-Secure, etc) aren’t trapping them.
Sorry for the long post.
I would imagine that any of us have MANY such advanced tracking cookies already. The only way to get rid of them, it purge everything every once and a while and then selectively add cookies back, it is a pain for a few days but not too big a hassle.
I also always LOG OUT OF GOOGLE after checking email, calendar or reader. And HAVE BEEN KNOWN to use a few browsers for different tasks. One browser, JUST FOR PURCHASES. One just for regular browsing, searching and one daily driver.
Thanks for this, Gary. I never knew!
While I have opted out, as Steve points out this is a larger problem. A while ago, in the early Windows days, I started annual reformatting of my computers and fresh installs of all the software. The proliferation of these tracking programs has made me move this to a rolling schedule. Now I am reformatting a machine every quarter, but at least it is clean.
Conversion tracking is currently a very hot topic in the SEO/online marketing world (I work for a leader in the small to mid level SEO marketplace). Our customers are frustrated by conversion rates and without some enhanced cookie our ability to provide our customers the data they want/need to effectively run their online presence is minimized. Equate it to running a brick and mortar store front. You know when someone comes in and then leaves without buying something. You may even notice what they picked up to look at. Then you notice when they come back into the store to buy something, or even just to look again. In the online world the only way to reliably track if someone had been there before, what they looked at, and when they came back to the site is with a cookie. True, there are cases when that data can be used to pervasively monitor your actions and use that against you, but in most cases it’s so a store can present you what you want when you want it and be able to track your steps in their store. Then they can make more realistic changes to their site, based on the preferences of their customers. If my brick and mortar has a display at the front of the store but nothing is even looked at on it I can either move it to the back of the store or even just get rid of it. I need to hvae that same ability in my online storefront.
Now the problem becomes keeping businesses ethical in their use of that data…
Oh, and as for e-rewards being too much time for the miles, I won’t completely agree or disagree. It’s rarely that I see a survey for less than $5, so 5 of those nets me miles. And it’s not uncommon for me to see a few for more than $10.
I agree it takes a bit of time to complete them, but it’s still worth it, IMO