More About Cookies!

Online marketers are scrambling to protect one of the key tools of their trade: the cookie.

Faced with reports showing that more and more computer users regularly delete the tracking files automatically downloaded by Web browsers, marketers and Web site publishers are launching a "cookies can be good for you" campaign. They argue that cookies -- small files that Web sites use to identify users and to serve up targeted ads -- don't deserve their bad reputation and shouldn't be lumped together with such Web scourges as spyware and viruses.

"There is a culture of fear in the marketplace" when it comes to consumer attitudes toward cookies, says Nick Nyhan, president of New York-based Dynamic Logic Inc., which uses cookies to measure the impact of online ads for companies such as General Motors Corp., PepsiCo Inc. and Yahoo Inc. "The industry needs to respond to that fear."

Mr. Nyhan recently co-founded www.safecount.org, an organization aimed at putting a friendlier face on cookies. Microsoft Corp., a large Web publisher in its own right, is on the group's advisory board. One key goal of the group is to persuade companies that make antispyware programs to spare legitimate cookies when scanning users' computers for lurking threats. Many of these programs remove cookies when sweeping hard drives clean of unnecessary or harmful files.

Other industry groups have started task forces to address the cookie problem and have successfully lobbied Congress to keep cookies out of antispyware legislation. Meanwhile, marketers aren't betting the farm on being able to change attitudes toward cookies. Some companies are experimenting with creative, and sometimes controversial, approaches that would let sites serve up targeted ads even if a user has deleted his cookies.

Cookies date to the early days of the Web, and are important to helping Internet companies know who their users are. But in recent years, the emergence of spyware and viruses has made consumers increasingly suspicious about files that are automatically downloaded to their computers. Cookies are by and large benign compared with spyware, which is malicious software aimed at hijacking a user's computer or stealing personal data. Still, privacy advocates say computer users generally dislike the notion of being tracked online, even if their personal details aren't being used.

Marketers, meanwhile, counter that cookies serve plenty of useful features consumers may not realize -- such as automatically filling in a username on a site that requires logging in, or helping a weather site remember a ZIP Code so that it can show a local forecast on return visits.

Some marketers are starting to talk to Web publishers about the possibility of providing consumers more information about cookies and how they're used. For example, visitors to a Web site might click on a "more information" button next to an ad to find out about cookies. Such information might be helpful, says Charlie Tillinghast, publisher of MSNBC.com, but not if the notices only tell users they'll get more relevant ads if they allow cookies -- a common argument used by marketers to justify cookies. He suggests publishers focus on using cookies to provide personalized content and other information that gives "some real value back to the user."

Another possible strategy for online marketers: target makers of antispyware software who may be misleading consumers about the dangers of cookies, says Trevor Hughes, executive director of the Network Advertising Initiative, an industry group.

Mr. Hughes and others want software makers to draw a big distinction between spyware and cookies. When antispyware programs scan computers, they often turn up lists of hundreds or even thousands of unnecessary files. But the vast majority of those files tend to be cookies that users accumulate from visiting legitimate Web sites, and pose no security threat.

Major Web browsers already include a way for users to manage cookies, including whether to block them. As a default setting, Microsoft's Internet Explorer blocks some "third-party" cookies, which can be used by advertising companies to track users across multiple sites. (Some antispyware programs are more lenient to first-party cookies, or those downloaded directly from the Web site being visited.)

Microsoft's free antispyware program, still in a "beta" test version, doesn't detect cookies. "Since they are files, not programs, they do not pose a potential security threat like spyware and other potentially unwanted software," says Brendan Foley, senior product manager for Windows AntiSpyware. A spokeswoman for Microsoft says its role in Safecount, the pro-cookie group, is not a factor in its decision to not flag cookies in its antispyware program. She says the company continues to evaluate the antispyware program, and changes could still be made.

Safecount wants to create a "good list" of Internet companies that have shown they meet certain standards in their use of cookies, such as not collecting personal information like names, addresses and phone numbers of users. The group hopes to persuade the software makers to ignore such cookies when cleaning users' computers.

But some makers of antispyware programs doubt consumers would go for such a plan. "Most end users mistrust cookies," says Richard Stiennon, vice president of threat research at Webroot Software Inc., which makes a popular antispyware program called Spy Sweeper. He says many users of Spy Sweeper are as interested in removing unnecessary files that may be clogging their hard drives as they are in protecting themselves from scams. Such users aren't likely to distinguish between good and bad cookies.

One Internet marketing-services company that uses cookies, New York-based United Virtualities, says it has chosen to fight fire with fire rather than try to engage antispyware makers in talks. When antispyware companies use a "technology trick" to zap cookies, "the response has to be technological," says the company's founder, Mookie Tenembaum.

The company has begun marketing a technology known as a persistent identification element, or PIE. The tool uses features in Macromedia Inc.'s popular Flash software, which is used for designing and viewing animated online ads, to secretly make backup copies of a user's cookies before they are deleted. A handful of Web publishers and advertising companies are using the technology to track users, according to Mr. Tenembaum, though he declines to name them.

But some online marketers have objected to PIE, saying the practice is deceptive. Eric Peterson, an analyst with Jupiter Research, says the tool isn't the "right thing to do." Mr. Peterson wrote a report this year that drew attention to the problem of cookie deletion in the online ad business. It found that as many as 39% of online users may be deleting cookies monthly.

For its part, Macromedia, which recently agreed to be acquired by Adobe Systems Inc., has not received consumer complaints about the use of PIE, says Kevin Lynch, chief software architect. The company has posted instructions on its Web site to show consumers how to turn off the tracking feature.

Despite increased cookie deletion and cookie blocking, some online marketers say the Internet remains far more effective than other media in allowing marketers to measure consumer behavior. And online advertising continues to grow. In the first quarter, Internet ad revenue rose 26% to a record $2.8 billion, according to the Interactive Advertising Bureau.

"We need to untangle the issue of cookies from the darker regions of Internet mojo," such as spyware, says Jarvis Coffin, chief executive officer of Burst Media LLC, an online advertising broker. But "side by side with other media, I still think the Internet is doing an exceptional job."