1.0 2o7.net Third Party Tracking Cookies
Users are more aware about privacy and cookies than they ever were before, and they are still concerned about how cookies can be used to profile them.

The following article is reported from "The Wall Street Journal Online" on August 2, 2005.

(From THE WALL STREET JOURNAL) By David Kesmodel The Wall Street Journal Online - Earlier this summer, Uno Bloom, a song writer in Brentwood, Tenn., noticed his home computer appeared to be slowing down. He searched the files on his hard drive in an effort to uncover clutter and found dozens of Internet cookies labeled "2o7.net."

He started monitoring his cookies -- small tracking files that are automatically downloaded when users visit Web sites -- and realized some of the suspicious files were coming from Ameritrade.com, where he trades stocks. He did an Internet search for "2o7," and learned in a computer forum that cookies bearing the name were maintained by Omniture Inc., a Web analytics firm. Omniture helps its roster of high-profile clients, including Ameritrade Inc., eBay Inc., Wal-Mart Stores Inc. and Expedia Inc., study how people use their Web sites.

Mr. Bloom is one of a number of computer users who grew suspicious when they discovered the files on their computers, either through manual searches or by running antispyware programs that flagged 2o7.net for potential deletion. Adding to their concerns: when users plugged www.2o7.net into a Web browser, they got a blank page. A fair amount of Web know-how was required for users to discover that Omniture owned the 2o7.net Web address. Some users have blasted Omniture and its clients over use of the cookies.

The controversy over the 2o7.net cookies highlights the tension that exists between marketing companies like Omniture and Web users who are increasingly aware of, and opposed to, files that are automatically placed on their computers when they surf the Internet. At a time when PCs are under assault by viruses and other nefarious software like never before, users are employing a range of software tools and tactics to protect themselves. Many users don't distinguish between cookies and malicious software that can steal personal information or change PC settings. That has put marketers on the defensive, as they try to get users to spare cookies when wiping computers clean of potential threats.

Mr. Bloom was furious over the 2o7.net cookies, and complained to Ameritrade's customer-support department. He feared the strangely named files were spyware, secretly monitoring his personal information. "When it's dealing with your investments and they are not disclosing that this thing was attaching itself, that is not right at all," he said.

Ameritrade declined to comment on Mr. Bloom's experience, citing a policy of not discussing specific customers. But Chris Blaine, the company's group manager for online advertising, said the cookies are harmless files that shouldn't be confused with malicious programs commonly known as spyware.

Kristi Knight, a spokeswoman for closely held Omniture, said the company understands "the concern that has been raised by some consumers" over difficulty in finding out who was behind the 2o7.net cookies. The company recently updated the 2o7.net site so that instead of showing visitors nothing, it redirects them to Omniture's corporate site (www.omniture.com). Ms. Knight said Omniture also plans to "create specific content for this domain that will serve to educate the consumer on 2o7.net," including information on how the cookies are used.

Omniture said the cookies track users anonymously, and that the information helps its corporate clients enhance their Web sites and study the effectiveness of marketing campaigns. Many Web sites, including The Wall Street Journal Online, use cookies to track user activity and advertising campaigns.

(While the Omniture cookie is broadly referred to as 2o7.net, Omniture clients don't all share the same cookies. The individual cookies include custom strings of characters that end in 2o7.net, and are associated with individual Omniture clients. Omniture said it doesn't share data gathered from one client with another.)

Omniture said there was no particular reason why it chose the 2o7.net domain name, which was registered in 2000. Ms. Knight said the company had sought a short domain of just a few characters to provide "flexibility" as the company evolved.

Still, the naming choice has made it difficult for some users to determine where the cookies came from. "In my opinion, Omniture has hid behind this really weird domain name," said Barry Dorrans, a technology consultant outside London who has criticized the Omniture cookies on his blog.

Mr. Dorrans has complained about PayPal's use of the cookies, writing that he feared PayPal was sharing key information about users' activity with Omniture. He also informed readers that the 2o7.net domain was registered to Omniture. One respondent urged Mr. Dorrans to "keep up the good work."

PayPal spokeswoman Amanda Pires said Omniture can see a user's Internet protocol address -- a unique number identifying a computer connected to the Internet -- but doesn't have access to any personal information. "We take privacy of information very seriously here," she said.

Omniture said it maintains a page on its Web site where Web users can download a file that will prevent them from receiving any Omniture cookies when they visit sites using the company's technology. Still, to know to do that, Web users would have to be aware of Omniture's relationship with different Web sites, which isn't always clear. Some sites disclose that in their privacy policies, while others don't. For instance, PayPal's policy doesn't mention 2o7.net or that it works with Omniture, nor do Wal-Mart's or Expedia's policies. Ameritrade does mention 2o7.net, though it doesn't mention Omniture. An Ameritrade spokeswoman said customers who log in to the site can click on a feature called "security center" that mentions Omniture.

Dan Pollock, a doctoral candidate in mathematics at the University of Victoria in Canada, offers a free computer program on his Web site that users can download to block Omniture and other companies from monitoring their Web browsing. Mr. Pollock said he strongly objects to the 2o7.net cookies. "I don't really feel like I gain anything from allowing people to track this information," he said. "It potentially slows down my Web surfing, and potentially allows them to gather information I might not want them to have."

Omniture executives said they haven't noticed an increase in recent years in consumers blocking or deleting the company's cookies. But Josh James, co-founder and chief executive at the Orem, Utah, company, said he is worried about how cookies are viewed in the marketplace. "It's kind of unfortunate that cookies are getting lumped into a shady cast of characters . . . and a few products and practices have cast an unfortunate light on cookies," he said. Omniture declined to say how many clients it has using the 2o7.net cookies.

Several Omniture customers said the cookies have helped them improve their Web sites by giving them reports on how visitors use sites. They can learn whether customers are leaving certain pages quickly, for example, possibly because information isn't as useful as it could be.

Wine.com Inc. uses Omniture to track which banner ads and promotional emails are leading to purchases by customers on its site. Cookies also help the site remember a returning user's location so the site can tailor wine offerings based on state. "The reason you are shopping online is to find a certain product, and the more we can do to help make that easier, the better," said Jay Shaffer, vice president of customer experience at Wine.com, an Omniture client for almost two years.

Mr. Shaffer and Omniture's Mr. James both blamed makers of antispyware software for creating hysteria around cookies by lumping the files with malicious software. Mr. James said the companies had a commercial reason to create fear about cookies in consumers' minds.

Some antispyware companies have tried to use concerns over cookies as an advertising tool of their own. A search for "2o7" on Google, for example, turns up text ads for several companies that market antispyware programs. ParetoLogic Inc., which makes an antispyware program called XoftSpy, runs ads that promise "2o7 removal."

ParetoLogic's software flags the Omniture cookies and gives users the option of removing them, said Jason-Leo Carvalho, a vice president at the Canadian company. It identifies the cookies because they are "third-party cookies" that can be used to track a user's behavior on multiple Web sites. (First-party cookies are those placed directly by the Web site being visited, rather than by a third-party marketing company with which the site has contracted.) "In general, ParetoLogic believes cookies don't present risks or harms to user privacy," he said. "However, where cookies are used to track user behavior across multiple Web sites, cookies can present privacy concerns."

The popular AdAware antispyware program, made by Sweden's Lavasoft AB, flags 2o7.net cookies as a "tracking cookie" under the "critical objects" category, and gives users the option of deleting the files. Webroot Software Inc., maker of Spy Sweeper, also identifies the Omniture cookies and lets users decide whether to delete them.