The cookie conundrum

Over the past 12 months there has been considerable amount of press around cookies and tracking of users with the likes of Microsoft and Mozilla blocking unrelated 3rd parties from tracking users as they browse and tools blocking altogether. 

While there needs to be a move away from the wild west that went before us (which will ultimately benefit the consumer and advertisers alike) some of the current thinking does need to be refined.

We also have to consider that when used correctly cookies can aid with the ‘operational’ side of browsing, making repeat visits to commonly used websites such as banking a far more seamless – so blocking "all" really is not an option. 

And for advertisers the stakes are high with the alternatives to cookies being potentially more intrusive, one such alternative is device fingerprinting. 

Device fingerprinting

To uniquely identify a person 12 points on a finger print are needed – to uniquely identify a device such as your mobile far fewer are required.  Each device has a unique finger print, even same models and manufacturers – web browser, plugins, language settings, IP address of the device when all stitched together can be used by an advertiser to identify you and your device.

And it does not stop there, merging seemingly innocent data sources together can in some cases reveal more then you could imagine. As an example MIT labs were able to reliably identify a user from 1.5 million anonymous cell phone registrations and some twitter data.  Remember, companies such as Apple collect anonymous data for their and other third parties companies use with our consent (each click of those terms and conditions enters our data into that pot) which if used in the wrong way could have dire consequences.

So how could the future look? 

Where ‘big data’ is concerned there are suggestions organisations are the stewards of user data, but are they truly effective at this task?  As an organisation keeping track of both what you are holding, where it was obtained, the usage rights around that data and most importantly when it should be deleted is beyond all but the most advanced companies.

Putting the user back in control

As a user I’m ok with sharing my data for certain uses which are beneficial to me, other times not. The current method of opting in is too simple and does not consider the context in which my data is going to be used now or in the future.

Putting the user back in control of the data may sound daunting, however the alternative of simply blocking everything or having to opt in may quite simply be too basic.

One concept that in the future may hold some promise is the idea of a personal data store. 

Simply put all your data is stored securely in a virtual locker – applications then request access to the data they need, the user at the point of request can either allow or deny access as they deem appropriate and at a later date be able to change.  In a world where transactions are occurring machine to machine, sometimes without our knowledge gaining visibility and clarity can only be a good thing.

Whatever the answer any organisation that manages to earn the trust of it’s users, be clear on what data is being collected, how it’s going to be used, gives easy opt out options and compensation (directly or through some form of value exchange) and is able to leverage data for both it’s own and it’s users advantage will win in the end.

1 comment:

Adnan Khan said...

nice post