Skip links

The Cookie Fallacy

Analysis. The most common tool in the most common business model of the Internet, is cookie tracking. Some visionary companies are showing the data ethics way with no cookies or with privacy-by-design cookies, and as users realize how easy it is to block cookies, they do it. The web is caught in a Cookie Fallacy.

How come that the shoes I bought are still following me around the web? How come that I got a higher price than my friend, when I booked a hotel in Tokyo? How come Facebook knows that my mother suffers from Alzheimers?

It is all about third party cookies (see explanation in box below).

Most websites – even non-profits and public websites – use them. Either to personalize content and ads to you based on your previous behavior. But more and more Internet users are becoming aware of what these cookies actually do; share data about everything they do online.

As we write in our book ‘DataEthics – the New Competitive Advantage’ (free PDF-dowload here) cookies were the first invention in the history of web tracking. It was the business model that gained most traction and today Google and Facebook make fortunes on it, and the rest, many news media, are fighting about the crumbs after the big ad-tech industry. With the re-targeting advertisement model Google runs, they act as the middle man between the advertiser and the news media.

Most news media even keep on cookie tracking for paid users despite the fact that most (young) users demand either or and a Dutch startup, The Playwall, is providing a solution.

The Blocking Cookies Way
Some visionary companies are showing the way that cookies are going.

Apple is one of them:
“The next version of Safari will explicitly prompt you when a website tries to access your cookies or other data, and let you decide whether to allow it, a welcome step toward explicit choices about online tracking,” according to Wired.

The German company Eyeo, who’s behind the most used adblocker AdblockPlus (and who’ll be speaking at the next European Data Ethics Forum) projects, according to Laura Dornheim, that there’ll be one billion adblock users in 2020. Today there are at least 600 million, especially among the younger generations.

In Mozilla Firefox and Google Chrome you can choose from a bunch of adblockers such as Ghostery, Disconnect that blocks tracking and Findx Privacy Control that in addition will soon let you see and block first party cookies.

The German browser Cliqz (who spoke at the forum last year), partly owned by Mozilla and Burda Media, saves both first and third party cookies but removes Unique Identifiers from third-party cookies.

The European Parliament has suggested that browsing should be private by default, as Apple will do it, but it is not clear yet, what the e-privacy regulation will end up with.

The No Cookies Way
One thing is the end user blocking cookies. Another is just not allowing third-party cookies on your website. Here we see companies dealing with kids go in the front row. LEGO and Edulab, who is teaching kids math, are both not allowing any third party cookies, including Google Analytics, and not So-Me plugins as they don’t want to share data about their users to anybody else. An admirable policy that gave LEGO this headline in Wired: How LEGO Built a Social Network that is Not Creepy.

We are also seeing some public websites getting rid of Google Analytics in favor of e.g. Netminer or Matomo where they are in control of the collected data. But it is a really good questions why many non-profits engage in third party cookie tracking. Of course it is because they collect donations through social media, but have they looked into ways of doing this without having uncontrolled third party activities on their website, compromising its users privacy? Look at with AddThis and Google cookies. Or Just going to these websites give the tracking companies a little piece of the big puzzle of you that you have an interest in this. The Danish Alzheimers website also tells Facebook via cookies that you have an interest in Alzheimers. Is that ethical? I expect patients organizations being the next in line after ethical childrens’ website to abolish third party cookie tracking.

And why are public websites not following suit? They have no ads. And the best data a website can get is data directly from the user – not from a third party, as more and more are not only using adblockers and VPNs (to hide your location), they also obfuscate with data.

So, from a company or public organizations’ point of view it is not only about listening to your customers and stop creepy practises, it is also about business. Data has value and by using third party cookies you indirectly risk sharing information about your customers with your competitors. Is that a good idea?

The Privacy-By-Design Ad Tracking Way
According to PageFair, who’s an authority on adblocking, there is a way of doing advertising online that does no infringe on our privacy. Displaying privacy-by-design advertising does not track identifiable users but can still be relevant and poses no risk to confidentiality of personal data and there are advisertisers willing to pay, e.g. publishers, for that, PageFair tells the European Union regarding the ePrivacy-regulation.

This is also the way that private search engines like FindX, DuckDuckGo and Qwant makes money. Like Google in the beginning: contextual adversiting.

So, is third party cookies no go for companies and websites focusing on data ethics? It certainly depends on what you are dealing with. If it concerns kids, health or medicine, politics, religion and other sensitive stuff, yes, you’re better of getting rid of them. For everybody else the privacy-by-design way is probably not crossing most users’ creepiness line.


Cookies are small text files saved on a computer when browsing the web. They are controlled by the browsers (eg. Chrome and Firefox), and by default both first- and third-party-cookies are allowed. The content of the cookies is often used to identify users by storing information eg. a unique Identifier related to the website visited, and then collect the behavior and usage of the site. A cookie saved in the browser with an expiry date set by the cookie owner is called Persistent cookie. A cookie can also be used only once when visiting a website, and then be deleted once the visit ends it’s then a session cookie – both types can be first- and third-party cookies on a website.

First-party cookies
Cookies set by the site you visit. The website you visit will use a cookie to know if you have visited the website before, what is in your shopping basket from your last visit and other settings that makes your experience a bit more personalized or convenient.
Example: The GDPR in Europe requires consent for the use of personalized content on the website, clicking OK to a consent notice will set a cookie, with information about the consent, and the user wil avoid the popup the next time she visits the website.

Third-party cookies:
Many websites allow third-party solutions on their website to collect usage statistics and optimize advertising based on personal behavior. One of the most known is so-called Facebook-pixel that allows Facebook to track people across the web, but there’s is a large number of other third-party vendors using cookies to collect behavior and usage across the web. It is often used for so-called re-targeting, eg. many news sites use Google (Doubleclick) advertisement on their websites, and since Google tracking is present on many web shops users get personalized ads on the news media web site.
Example: The shoe ad on the news media is the exact same pair as just seen in the online store visited earlier.

New Tracking Methods
And do remember that when almost everybody else is doing something, it will end up becoming useless or even extinct. Therefore big tech has already moved on with more sophisticated ways of tracking such as IP-tracking, ‘listening’ in on your written and spoken conversation and device fingerprinting. One of the better report is from Cracked Labs. Some of that can be blocked with an updated efficient adblocker, some of it demands other tools such as VPNs and you actively turning the microphone off.

If you want to stop websites from tracking you with cookies go to our digital selfdefense site (click the flag for Danish).
If you need advise on which tools to use as a company check this out. (click the flag for Danish).

Illustrations: Jeff Pastorek