Cookies, for those of you not familiar with Web browser minutiae, are small computer files that Web sites can be programmed to download to the computer of everyone who visits them. These files usually contain a unique random number of some sort. The Web site can also check every visitor's computer to see if it has previously downloaded a cookie, and that's how it is determined if a visitor should be counted as unique, and if a visitor has visited previously. More sophisticated Web sites track how a visitor moves through the site by checking and recording the cookie for every Web page that is requested. In a one-to-one relationship between one user and one Web site, cookies are anonymous, harmless and useful.
Where cookies got a bad reputation is that some of the online ad networks figured out that they could plant their own cookies on user's computers, and then check for that cookie at every site in their network, allowing them to build a profile of a specific user's interests and surfing habits. The user might still be anonymous, but the ad network now has powerful information on what ads to target to that user. There's a fierce ongoing debate as to whether this is harmless, or some low-grade version of spyware, and with the growing awareness and concern over spyware, more users than ever are deleting cookies -- just to be safe.
Right on the heels of this study is a press report that Yahoo may be teaming with a company called Almond Net, an online ad network that allegedly is striking secret deals with ISP's to capture information on the Web searches performed by users, to better target advertising to them. Lycos has already inked a deal with Almond Net.
I see this as one more example of search engine hubris, because sensitivity over privacy -- even if misplaced, has killed more than a few promising Web start-ups. Yet in the mad rush to cash in on the online advertising boom, these companies risk getting caught with their hands in the cookie jar and paying a significant penalty for it in the marketplace. The lesson for all of us is that playing fast and loose with one's users, even if it's all technically aboveboard, is simply too dangerous in the current environment.