I was out on the monthly schnitzel night last night, a periodical gathering of former IMW employees, where we drink beer, eat pork and talk about, amongst other things, the search industry.
JP Jones, former CTO at buy.at Leads, handed me his well used iPhone (he got his hands on it seemingly before Steve Jobs managed too!) on the screen was an email, a press release from Affiliate Future detailing a miraculous but somewhat secret technique of tracking users without cookies.
I find it hard to avoid a challenge, especially one implying other people in search thought of something before me, so I made the promise that I would have this figured out by the end of the following day. I have.
As we all know cookies are evil, so tracking users without them is a good thing, right? Well, not really. Not at all in fact, for a start cookies are not in the slightest bit evil. Yes, they track users, but when you actually think about it, that’s pretty essential. Anti spyware applications block cookies in the name of your ‘privacy’, but this is just utter nonsense they pedal in order to generate a faux “need” for their products. Ok, don’t take that as me saying spyware is not real. It is, and it’s bad, but cookies are not spyware, they are not a violation of your privacy and they do make the internet a much better place to work and play.
So, how is Affiliate Future’s unique and indeed patent pending (which by the way will NEVER stick) tracking system better? In short, it isn’t. It’s worse.
What AF have done is very clever, but it’s just as “intrusive” as a cookie. It still tracks the user across the internet in exactly the same fashion as the common garden cookie, but they do it by employing a devious, although admittedly clever hack. Unfortunately, it’s the same sort of hackory and bending of standards that real spyware writers employ.
Entity Tags, the new cookie?
Busy websites MUST employ some sort of caching system. They need a way to identify if a user has already downloaded a certain file, and then tell them to use that already downloaded version rather than use up bandwidth fetching the exact same content again. A header image or javascript file would be a perfect example of data you would want to be downloaded as little as possible. For very large websites this can save a fortune in bandwidth bills and server/admin requirements.
The “old” way of doing this was by issuing an expiry date for the content (file), and if that date had passed, then browser would request a new version. There are some problems with this method and so the powers that be came up with Entity Tags, or ETags.
Avoiding the essentially unimportant technical implementation, ETags are small chunks of text that uniquely identify a particular file, not by it’s creation date but by it’s content. Something like an MD5 hash would be employed to create a unique reference to the file content.
Upon the first visit, the users browser has no ETag for the file it’s requesting, and so the web server sends it the file, along with the ETag. The users browser then saves this ETag on the local computer, just like a cookie. The next time the user visit the webpage, the browser recognises that it has an ETag for that page, and so when requesting the page it says ‘here is my ETag, is that valid?’ The web server compares the unique identifier supplied by the users browser to the the current version of the file existing on the server. If the ETag matches, the server simply says ‘you already have that content, use your cached version’. If the ETag does not match then the server let’s the browser know and sends the new content, along with the new ETag.
Now, it is possible, as with all HTTP headers (which is what a cookie is) to manipulate (read and write) the data sent. So, instead of of sending a unique identifier for a file, Affiliate Future are sending a unique identifier for that particular user. JUST LIKE A COOKIE.
When the user revisits that site (or any other that includes that ‘trigger’ file) AF intercept the ETag, which instead of being used properly to optimise caching operations, now tells them who the user is.
While this is clever and I really do have to respect their outside of the box thinking here (bravo chaps!), it’s absolutely no better off for the privacy privy user, it still tracks them in just the same way, but anti spyware application users, and users with cookies turned off will be tracked, even though they blatantly don’t want to be. This is a bit of a middle finger to consumers who are, albeit naively, concerned about internet tracking.
Great news for affiliates then, right? They get more tracked sales, brilliant!
Perhaps - in the short term. ETag is not supported in anything but the newest of browsers and now this “technology” has been made public by AF, privacy advocates and anti spyware vendors everywhere will be very quick to jump into action and create ETag filtering plugins for browsers. This might be a route to slightly more tracked sales, but it is without doubt a temporary one.
Essentially what this hack has shown is that ETags can be abused, and if this means people start turning them off (if the option becomes available) then the bandwidth bill for large websites is going to rise, and they’re going to have to pass that cost along to us, the consumers.
4 comments so far...
While flash cookies, etags cookies or whatever you want to do are good, the worst are phone sales.
IMHO, there’s a 10% (or around) leekage with phones numbers, which means a few thousands bucks a year.
Affiliatefuture says they do 7% more with etags cookies, but I know I do 10% when the merchant tracks phone sales. Both are important, but I know where I get more money (travel related).
I almost agree. I’m not comfortable tracking users that blatantly do not want to be. It’s the wrong approach to force, them into it. Instead we should be either making efforts to educate that cookies are not this evil technology that knows what you just did in the bathroom. Forcing them will just make them more annoyed and will produce a quicker reaction, and distrust towards any sort of tracking.
As for tracking phone calls, I absolutely 100% agree. The Search Works, who created Bid Buddy, had an R&D project sometime ago to build a telephone conversion tracking system. A proof of concept was created, and is now know as Diallog. It actually tracks individual PPC keywords!
TradeDoubler, now the owners of TSW, also have a similar product known as TD Talk, but, obviously, that was not built with PPC in mind.
The problem with telephone tracking though, is that no system is transparent to the user or merchant. You need to dial special a number, or enter a special code, or report the outcome of the call which interrupts busy call centre staff, perhaps costing them answering a potentially lucrative call.
Ultimately, why would the merchants go to that effort. They got the sale and made the money. Telephone tracking just costs their staff time, and means they have to then payout commission on the sale.
I think as the industry moves closer and closer to widespread mobile use, we may see some interesting solutions, but don’t hold your breath waiting.
A colleague of mine is a merchant with Affiliate Future. He is having trouble with rogue affiliate(s) who violate the policy against using the merchant’s name as the keyword. AF said they spoke to the affiliate. Then the affiliate sent an email to my friend and I am pretty sure it put spyware on the computer. The affilate was stealing sales — orders entered directly from the company were getting logged to this affiliate! Then my friend put code on the site to verify the IP of the home comuter so this wouldn’t happen - okay for a couple of days. Then all of a sudden, BAM, someone changed stuff in the adwords account so an incorrect landign page is coming up — basically it seems maybe the affilate got into the computer and then did their mischief. I am a lawyer and my friend is asking me to help him on this. Do you think AF is invloved at all? Has anyone experienced this? Please let me know.
With all thats going on in the world in these days, internet privacy is really what the world needs. We don’t need spies, spooks, or governments looking over our shoulders. We can handle our own individualism and can maintain our daily lives without government oversight.
leave a reply