Saturday, January 26, 2013

Cookies and Parties!

Most popular web analytics platforms these days utilize cookies as an integral part of their data collection and compilation.  Simply put, cookies are basic text files which are placed on your computer when you visit a web site.  Not as tasty or exciting as the title might indicate...

Web sites can use one of two types of cookies, 1st party or 3rd party (again, not as exciting as it may sound).  1st party means that the domain on which the user is browsing is the same domain which is issuing the cookie.  For example, if I were on and the site issued to me a cookie with a domain of, then this would be a 1st party cookie.  If I were on and recieved a cookie from the site with a domain of, then this is a 3rd party cookie[3].  All very exciting, I know.

1st Party vs. 3rd Party Cookies
So, what's the difference?  Well, generally speaking, the general consensus is that 1st party cookies are considered to be more secure and trustworthy (mostly due to periods of 3rd party cookie abuse by nefarious troublemakers on the web).  In fact, in his book Web Analytics 2.0, Avinash Kaushik offers a rather scathing review of web analytics providers who primarily use or promote third party cookies.  While there are some clear reasons why 1st party cookies may be preferred for many analytics implementations, there are equal reasons for which 3rd party cookies might be the dessert-themed file type of choice.  So, let's take a closer look at the oft-shunned red-headed step-brother of the illustrious 1st party cookie and see what it has to offer the world and why it's so misunderstood. (And to be fair, Avinash is more harsh on the providers which refuse to use 1st party cookies in any situation, even calling for cases where 3rd party cookies have some clear strengths[5])

There are a couple of clear market misperceptions with regards to 3rd party cookies.  First, is that they are less acceptable for analytics deployments and should be avoided.  comScore, a leading digital analytics provider has oft been criticized for its long time promotion of 3rd party cookies, including its cookie of choice,[2].  Unfortunately for those waging the smear against 3rd party cookie usage, they are probably unaware that it is likely that they themselves are also using a leading analytics provider with a 3rd party cookie preference, namely and surprisingly, Adobe Omniture (Site Catalyst).  *Collective gasp*  Truth be told, using 3rd party cookies is quite versitile (cross-domain tracking) and is also likely to be easier both for you and your analytics provider to implement.  In fact, the reason for which comScore has historically been so in favor of the 3rd party cookie is that long before its entrance into web analytics (Digital Analytix- the product), comScore was (and is) an industry leader in digital analytics (the industry).  For anyone unfamiliar with the difference, web analytics deals with site measurement (your data) and digital analytics deals with audience measurement (comprehensive internet collection).  In order to more effectively measure the audience of the internet (a small task...I'll have the numbers over this afternoon...), comScore made public its 3rd party tag to anyone willing to use it.  Combined with a 2 million person panel, this tag allowed accurate audience measurement across all leading internet properties[1].  Simply put, this would not be possible without 3rd party cookies.  Little brother's starting to look just a little cooler...

Security and Privacy
Ok, great, so 3rd party cookies allow easier implementation and cross-domain measurement, but their not secure, so even with the added benefits, I just can't commit to them.  Privacy is simply too important.  Well, yes and no.  Sure, 3rd party cookies have a bad rap due to their abuse.  However, there are still ways of guaranteeing the safety of individual 3rd party cookies.  A few bad apples shouldn't have to spoil the whole batch, #amiright? Today's 3rd party cookie, combined with rigorous and industry certified seals of compliance help to secure validate trusted 3rd party cookies[2].  So, if you're worried about it, take a look at the privacy policy posted on the site, investigate the cookie origin, and look for an industry accepted validation or seal to prove the cookie's security and usage.  I know it's hard to admit, but 3rd party isn't sounding quite so bad now is it?!
Cookie Deletion
Well, then, Mr. 3rd party cookie advocate, what about cookie deletion?  It's a proven fact that cookie deletion rates are higher for 3rd party cookies.  So at the end of the day, even if I trust your 3rd party cookie, it's not going to give me good data., set...

Well, I hate to burst your bubble, but there's an acceptable answer for this one too.  Yes, it is generally accepted by many that deletion rates are higher for 3rd party cookies.  But it's likely that it is not as prevalent or troublesome as has been assumed.  comScore, for example, has done studies (I know, conflict of interest, so you do get me there, 1 point, but keep listening...) which show that cookie deletion rates tend to vary between the two by only 4% or so[1].  To be fair, there are numerous other studies which quote a difference of closer to 20%[3][4].  From my own experience as a Business Consultant for a web analytics provider (I'll let you try and guess which one), I've noticed that the difference is much closer to itdoesn'treallymakeaverybigdifferenceeitherway%.  The honest truth is that web analytics is meant to provide actionable insights.  As long as you can get an idea of what's happening on the other side of the your web servers, the honest truth is that perfect numbers are rarely the answer to any question.  Yes, more accurate data is generally better data, but I have yet to see clear evidence that a 3rd party cookie analytics implementation is any worse at providing those actionable insights than a 1st party cookie implementation, or even that the data is any less accurate or less reliable.  And the honest truth is that you could run a host of unique analytics platforms on your site, both 1st and 3rd party and not a single one of them will provide the exact same numbers to you.  Wait, wha???  That's right, go ahead, give it a two will match up perfect, I can promise it.  So you tell me which one is giving you the "better" data...  Not to add fuel to the flame, but take into account that nearly all leading web browsers come with 3rd party cookie acceptance as default and most people don't mess with their browser settings ("I'm computer illiterate!! Tehehe..."ever heard that??) and it lends a lot less credence to the argument that 3rd party deletion rates are as high as reported.

Conclusion and victory
Now, in the spirit of fairness, 1st party cookies are great.  And they have their place.  And some people need them.  But are they the only answer and the best answer and a gift to security conscious, privacy aware, focused on accuracy analysts everywhere? No.  And are 3rd party cookies the plague, and evil and will ruin your life and the lives of your visitors? Absolutely not.

So go ahead, have another cookie... and switch it up for a change...

Might I suggest a 3rd party cookie?  Try it, you might just like it...


Photo courtesy of: