Start here -->
1.0 2o7.net Third Party Tracking Cookies
Users are more aware about privacy and cookies than they ever were before, and they are still concerned about how cookies can be used to profile them.
The following article is reported from "The Wall Street Journal Online" on August 2, 2005.
(From THE WALL STREET JOURNAL) By David Kesmodel The Wall Street Journal Online - Earlier this summer, Uno Bloom, a song writer in Brentwood, Tenn., noticed his home computer appeared to be slowing down. He searched the files on his hard drive in an effort to uncover clutter and found dozens of Internet cookies labeled "2o7.net."
He started monitoring his cookies -- small tracking files that are automatically downloaded when users visit Web sites -- and realized some of the suspicious files were coming from Ameritrade.com, where he trades stocks. He did an Internet search for "2o7," and learned in a computer forum that cookies bearing the name were maintained by Omniture Inc., a Web analytics firm. Omniture helps its roster of high-profile clients, including Ameritrade Inc., eBay Inc., Wal-Mart Stores Inc. and Expedia Inc., study how people use their Web sites.
Mr. Bloom is one of a number of computer users who grew suspicious when they
discovered the files on their computers, either through manual searches or by
running antispyware programs that flagged 2o7.net for potential deletion.
Adding to their concerns: when users plugged www.2o7.net into a Web browser,
they got a blank page. A fair amount of Web know-how was required for users to
discover that Omniture owned the 2o7.net Web address. Some users have blasted
Omniture and its clients over use of the cookies.
The controversy over the 2o7.net cookies highlights the tension that exists
between marketing companies like Omniture and Web users who are increasingly
aware of, and opposed to, files that are automatically placed on their
computers when they surf the Internet. At a time when PCs are under assault by
viruses and other nefarious software like never before, users are employing a
range of software tools and tactics to protect themselves. Many users don't
distinguish between cookies and malicious software that can steal personal
information or change PC settings. That has put marketers on the defensive, as
they try to get users to spare cookies when wiping computers clean of potential
Mr. Bloom was furious over the 2o7.net cookies, and complained to
Ameritrade's customer-support department. He feared the strangely named files
were spyware, secretly monitoring his personal information. "When it's dealing
with your investments and they are not disclosing that this thing was attaching
itself, that is not right at all," he said.
Ameritrade declined to comment on Mr. Bloom's experience, citing a policy of
not discussing specific customers. But Chris Blaine, the company's group
manager for online advertising, said the cookies are harmless files that
shouldn't be confused with malicious programs commonly known as spyware.
Kristi Knight, a spokeswoman for closely held Omniture, said the company
understands "the concern that has been raised by some consumers" over
difficulty in finding out who was behind the 2o7.net cookies. The company
recently updated the 2o7.net site so that instead of showing visitors nothing,
it redirects them to Omniture's corporate site (www.omniture.com). Ms. Knight
said Omniture also plans to "create specific content for this domain that will
serve to educate the consumer on 2o7.net," including information on how the
cookies are used.
Omniture said the cookies track users anonymously, and that the information
helps its corporate clients enhance their Web sites and study the effectiveness
of marketing campaigns. Many Web sites, including The Wall Street Journal
(While the Omniture cookie is broadly referred to as 2o7.net, Omniture
clients don't all share the same cookies. The individual cookies include custom
strings of characters that end in 2o7.net, and are associated with individual
Omniture clients. Omniture said it doesn't share data gathered from one client
Omniture said there was no particular reason why it chose the 2o7.net domain
name, which was registered in 2000. Ms. Knight said the company had sought a
short domain of just a few characters to provide "flexibility" as the company
Still, the naming choice has made it difficult for some users to determine
where the cookies came from. "In my opinion, Omniture has hid behind this
really weird domain name," said Barry Dorrans, a technology consultant outside
London who has criticized the Omniture cookies on his blog.
Mr. Dorrans has complained about PayPal's use of the cookies, writing that he
feared PayPal was sharing key information about users' activity with Omniture.
He also informed readers that the 2o7.net domain was registered to Omniture.
One respondent urged Mr. Dorrans to "keep up the good work."
PayPal spokeswoman Amanda Pires said Omniture can see a user's Internet
protocol address -- a unique number identifying a computer connected to the
Internet -- but doesn't have access to any personal information. "We take
privacy of information very seriously here," she said.
Omniture said it maintains a page on its Web site where Web users can
download a file that will prevent them from receiving any Omniture cookies when
they visit sites using the company's technology. Still, to know to do that, Web
users would have to be aware of Omniture's relationship with different Web
sites, which isn't always clear. Some sites disclose that in their privacy
policies, while others don't. For instance, PayPal's policy doesn't mention
2o7.net or that it works with Omniture, nor do Wal-Mart's or Expedia's
policies. Ameritrade does mention 2o7.net, though it doesn't mention Omniture.
An Ameritrade spokeswoman said customers who log in to the site can click on a
feature called "security center" that mentions Omniture.
Dan Pollock, a doctoral candidate in mathematics at the University of
Victoria in Canada, offers a free computer program on his Web site that users
can download to block Omniture and other companies from monitoring their Web
browsing. Mr. Pollock said he strongly objects to the 2o7.net cookies. "I don't
really feel like I gain anything from allowing people to track this
information," he said. "It potentially slows down my Web surfing, and
potentially allows them to gather information I might not want them to have."
Omniture executives said they haven't noticed an increase in recent years in
consumers blocking or deleting the company's cookies. But Josh James,
co-founder and chief executive at the Orem, Utah, company, said he is worried
about how cookies are viewed in the marketplace. "It's kind of unfortunate that
cookies are getting lumped into a shady cast of characters . . . and a few
products and practices have cast an unfortunate light on cookies," he said.
Omniture declined to say how many clients it has using the 2o7.net cookies.
Several Omniture customers said the cookies have helped them improve their
Web sites by giving them reports on how visitors use sites. They can learn
whether customers are leaving certain pages quickly, for example, possibly
because information isn't as useful as it could be.
Wine.com Inc. uses Omniture to track which banner ads and promotional emails
are leading to purchases by customers on its site. Cookies also help the site
remember a returning user's location so the site can tailor wine offerings
based on state. "The reason you are shopping online is to find a certain
product, and the more we can do to help make that easier, the better," said Jay
Shaffer, vice president of customer experience at Wine.com, an Omniture client
for almost two years.
Mr. Shaffer and Omniture's Mr. James both blamed makers of antispyware
software for creating hysteria around cookies by lumping the files with
malicious software. Mr. James said the companies had a commercial reason to
create fear about cookies in consumers' minds.
Some antispyware companies have tried to use concerns over cookies as an
advertising tool of their own. A search for "2o7" on Google, for example, turns
up text ads for several companies that market antispyware programs. ParetoLogic
Inc., which makes an antispyware program called XoftSpy, runs ads that promise
ParetoLogic's software flags the Omniture cookies and gives users the option
of removing them, said Jason-Leo Carvalho, a vice president at the Canadian
company. It identifies the cookies because they are "third-party cookies" that
can be used to track a user's behavior on multiple Web sites. (First-party
cookies are those placed directly by the Web site being visited, rather than by
a third-party marketing company with which the site has contracted.) "In
general, ParetoLogic believes cookies don't present risks or harms to user
privacy," he said. "However, where cookies are used to track user behavior
across multiple Web sites, cookies can present privacy concerns."
The popular AdAware antispyware program, made by Sweden's Lavasoft AB, flags
2o7.net cookies as a "tracking cookie" under the "critical objects" category,
and gives users the option of deleting the files. Webroot Software Inc., maker
of Spy Sweeper, also identifies the Omniture cookies and lets users decide
whether to delete them.