The third-party cookie compromise

March 16, 2009

Here’s an important comment we received over the weekend under the headline, “We don’t set cookies?”:

No, but you do allow others to set cookies via your front page, namely, which you will spot has a preceding “.” meaning that all subdomains have access. I think its disgraceful that a site pretending to be pro-consumer choice is far from it. My view is that “” is a site that from the outset intends to mislead its visitors. If your really anti-tracking, then dont allow ANY cookies on your own site.

This highlights an important issue — can use third party cookies to increase the effectiveness of the site?  In what circumstances and with what assurances?

As our FAQ points out (see last question) we include third party cookies for ShareThis (which allows users to help promote us in social networks) and UserVoice (which allows us to collect and respond to suggestions).  I reviewed the privacy policies of each provider, and determined that neither of them is currently using any advertising (so no additional third parties would be setting cookies) and that they use cookies now only for the purpose of delivering their service.  

Nevertheless, my plan is to move away from using ShareThis as soon as possible, since ultimately their business model is likely to include harvesting cross-site information one way or another.  UserVoice, on the other hand, should thrive as a subscription service (and it helps that they have an office right down the hall, which increases their accountability).

This is a great example of the kinds of choices that face any online publisher — when is it okay to expose my users to third party cookies in order to make my service better, or to support it financially?  I don’t think it’s enough just to say, never.  For me, I drew the line ultimately at Google Analytics — it would be enormously helpful to have Google Analytics data in order to improve the experience for the users of privacychoice; but I chose not to because I’m not convinced that that the information Google receives in that process will always be used in a manner consistent with user expecations, particularly for a site like privacychoice.

I suspect this is the first of many difficult compromises for this project.  My goal is to be completely transparent about these questions, and to use this site as an example of the kinds of real tradeoffs publishers must make when they live, as we all do, in Google’s world.


4 Responses to “The third-party cookie compromise”

  1. Cougarten Says:

    many ad-haters will have Adblockers, please make a note near the “Opt Out” button that you need to disable it on

    • Bystander Says:

      This is a great suggestion — it didn’t make it for the rev of the site that we’re doing this morning, but will do so on the next go-round.

  2. Adriana Says:

    Please do that asap. I almost gave up on because it hasn’t worked for me.

    Then I saw this comment and understood why – but the chances of people actually seeing it are low and the kind of people who care enough about their privacy to try you, will also be the kind of people who have AdBlockers installed, so you are looking at a large portion of people you actually want…

    • Bystander Says:

      You’re absolutely right — we going to see if we can’t squeeze this in to the rev we’re doing today. Thanks again!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: