To comply with new privacy legislations, like GDPR and the Swiss DPA, and to be in line with the now global focus on online privacy, many browsers have started to limit or completely block the setting of cookies. We recently wrote a blog post about this.
Additionally, even if the browser does not block cookies by default, legislation – like GDPR – must provide users a way to block cookies from being set and ask for permission before setting the cookies. With this landscape, we are seeing a trend towards web tracking that does not involve the setting of cookies.
Why Are Cookies Used In Tracking?
For years, cookies have been used as the primary mechanism for identifying a user. This can be to assess a user’s behavior over multiple visits to a website. Or it could be to track a visitor across multiple websites. Differentiating between a New or Returning visitor in Google Analytics is a great example of how cookies are used to track a visitor over multiple visits. An example of tracking someone across multiple sites would be when someone views a particular product on an eCommerce store and then targeted adverts for that product are shown to them on other unrelated sites.
Cookies can be used for legitimate and important business purposes like understanding the behavior of website users in aggregate or the efficacy and performance of advertising programs.
However, cookies can also be used in more problematic ways. They can be used to track users and their behavior around the web. This can lead to serious privacy issues caused by those looking to do criminal harm. It can also lead to the example above where users are targeted with advertising messaging they have not consented to.
Cookieless Tracking with Fingerprinting
The popular browsers are to a greater or lesser degree starting to dictate what cookies can be set and how long they can be set for. In the wake of this, some tools that use cookies are looking for alternative ways to achieve the legitimate things that cookies do. This is done using a methodology called fingerprinting. It uses a combination of various factors – such as the visitor’s operating system, browser and location – to determine whether a visitor has visited the website before and attempts to match the current visit with their previous visits to this site.
It should be noted that fingerprinting, like cookies, can also be used to track users across websites. This is particularly problematic because, unlike with a cookie stored in the user’s browser, there is no way for the user to know if they are being tracked.
The Impact of Cookieless Tracking
The major impact of not having cookies for your analytics data comes into effect whenever you try to measure something across multiple visits and, potentially, across devices. This could be a simple thing like trying to understand the difference in behavior between first time visitors to the site and those that have visited many times. This kind of data can help inform decisions around site design and the like.
An example with a much bigger impact on everyday decisions is the tracking of campaigns. With the help of cookies, a web analytics tool like Google Analytics can determine which campaign brought the user to the site during their previous visit. Here is an example to illustrate the importance of this: A person is searching for your product or service that you offer and clicks on one of your Google Ads. They browse around on your site but then leave to do more research or think over their purchase decision. Later, they come back to the site to make the purchase by typing your URL into their browser. Google Analytics is able to attribute that conversion back to the Google Ad that brought them to the site initially. This means that you are able to get a true understanding of the impact of your advertising program. Without the cookie that persists between sessions this link between the campaign and the conversion cannot be made.
In fact, it does not even need to be from one visit to the next. By being able to identify the visitor using the cookie, you can see whether your advertising has contributed to the conversion, even if the visitor came back multiple times through different channels before purchasing. Fingerprinting attempts to do the same job without using any cookies.
Is Fingerprinting The Solution?
The big question is: Can fingerprinting effectively replace cookies to ensure that you get an accurate picture of your campaigns’ performance?
We do not know the answer yet, but we want to find out for you and for ourselves.
In order to do this, we are running an experiment on our own website data. Along with our primary website analytics tool, Google Analytics, we have setup a tool that, by default, does not use any cookies.
The tool we decided to use is called etracker. This tool is similar to Google Analytics in the way it presents data and in the installation process. However, there are still distinct differences in the design and the focal points of the tool.
One of these focus topics is GDPR. Since no cookies are set by default, the tool does not require a cookie banner or a request for permissions. Additionally, etracker is based in Germany, which means the data never leaves Europe. This is a major topic as the European courts have just ruled that the EU/US privacy shield is not GDPR-compliant.
In our experiment, we will run etracker alongside Google Analytics for some time until we have enough data to make a comparison between them. The comparison will focus on the two major points mentioned above:
- How similar is the ratio of new to returning visitors?
- How well can actions be attributed to campaigns across sessions?
As soon as we have the results of this experiment, we will report them in another blog post, so stay tuned for this update in the near future.