Vinny Lingham’s blog has carried some interesting research into cookie deletion – an area which has not been studied in depth but affects user privacy, as well as advertisers’ measurements and conversion rates.

The research will also be of great interest to affiliates who may not be getting the credit they deserve.  

Conducted by Benjamin Edelman, a PhD candidate at Harvard, the research concludes that some anti-spyware programs detect many more cookies than others – a situation which basically doesn’t suit users or marketers.

Privacy advocates arguing that cookies should be removed by security programmes, it notes, should be concerned by the number of cookies that are overlooked. But advertisers should also be worried by the “inconsistency” of cookie washing across ad systems and anti-spyware vendors.

Edelman says: “In short, cookie-deletion is a blunt instrument. It does not fully protect users’ interests, nor does it fully address users’ reasonable concerns. At the same time, cookie-deletion interferes with marketing practices many users would probably find unobjectionable (or at least of reduced concern) if they learned more.

The research, commissioned by Clicks2Customers, found that while cookies from many smaller networks escape the washing process, more prominent systems are targeted more heavily.

It says cookies from, Aquantive/Atlas, Casale Media, FastClick and MediaPlex are most often detected (by 8 of the 11 anti-spyware programs tested).

It also points out that “anti-spyware programs from the two largest security vendors (Symantec and McAfee) do not detect cookies, and neither does anti-spyware software from Microsoft. Other vendors all detect at least some cookies – but with substantially fewer detections by Spybot than by others.

At the same time, the study notes that cookies from Google – what Edelman calls the net’s biggest ad system, and one that records a lot of sensitive information about users – more than often escape deletion.

Edelman puts this down to scanning difficulties; a need to protect features including automatic login and search history; as well as the fact that deletion would often be pointless.

Many users have Google accounts, e.g. for Gmail or Google’s other login-required services,” he says. “This login data lets Google track a user’s searches even without cookies. As a practical matter, there’s probably little an anti-spyware program can do to protect users from tracking by Google.

Edelman also makes some interesting recommendations – including the separation of cookies into advertiser-specific chunks – either first-party cookies, or path-specific third-party cookies.

This would help both advertisers and users, he says. “In the short run, an interested researcher could prepare a listing of which ad systems use which tracking methods, either based on hands-on testing or on vendors’ submissions, to improve transparency as to practices in this field,” he adds.

Further research would definitely be useful for advertisers, as they are entitled to know what is behind deletion policies and how that affects the value of their investments.

As Vinny points out, it also would help affiliates that often invest in marketing campaigns, only to lose out on compensation by merchants for users that make purchases post cookie-erasure.


More information on users’ attitude towards cookies is available to E-consultancy subscribers in our Internet Statistics Compendium.