*****

I recently surveyed 100 “internet-savvy” people to understand their attitude towards cookies and whether or not they considered cookies to be a privacy or security concern. As a follow-up, I surveyed another group. This time, my focus was the [...]]]> In another guest post on the Visual Revenue blog, I discuss the results of my second cookie survey.

*****

I recently surveyed 100 “internet-savvy” people to understand their attitude towards cookies and whether or not they considered cookies to be a privacy or security concern. As a follow-up, I surveyed another group. This time, my focus was the general internet user, who would not beexpected to understand the use of cookies. Getting to my target of 100 took slightly more time in this case as the respondents were not as engaged with the subject!  

The survey was posted on a group unrelated to web analytics on LinkedIn.com, on Facebook.com, as comments on some blog posts on the subject of internet privacy, and in 15 random categories on answers.yahoo.com. It was also circulated by email (thanks Andy, Mom, and friends!). To my knowledge, the respondents came from at least 8 countries.

In my previous survey, I asked 5 questions which assumed at least a basic understanding of cookies. In this survey, because I could not make the same assumptions, I asked 6 slightly differently-phrased questions, most of which had a yes/no answer and an optional comment field.

The Results

1) I know that cookies are put on my computer by websites that I visit.

The vast majority of those surveyed knew that cookies were placed on their machines, although several of those who responded “Yes” were under the impression that cookies were only placed by certain types of sites, like forums or social networks.

2) I know what cookies are and understand what they are used for.

Although more than half of the respondents claimed to understand cookies and their usage, quite a few of those who answered “Yes” felt that cookies were solely used for website preferences or helped to load a page faster. The overall understanding seemed rather vague (some considered them to be rather benign viruses) though many grasped the basic concept. It is interesting that although 84% know that cookies are placed on their computers when they visit a website, not all of those have tried to find out what cookies actually are.

3) I know the difference between 1st-party and 3rd-party cookies

Given the fact that 57% of respondents claimed to understand cookie usage, it is interesting to note that only 35% knew the difference between 1st-party and 3rd-party cookies. However, this segment did appear to genuinely understand the difference between the two types of cookie.

4) I have customised my browser settings with regard to the treatment of cookies.

The responses to this question were interesting. Of the 35% who responded that they had customised their browser settings with regard to the treatment of cookies, several admitted that they had customised their settings, but that they had no idea what the settings now were. On the other hand, there were several whose set-up meant that they were prompted for permission every time there was an attempt to set a cookie. Some blocked all cookies while some accepted them all, so there was no one setting that stood out as the most adopted.

The majority, those who responded that they had not customised their browser settings, commented that they had not changed their browser settings for a variety of reasons – because they did not know how to, because they would not know what they should change them to given their understanding of cookies, because they knew the default settings of their browser or because they regularly used an application to clear out cookies. We can infer from this then that most of the respondents use the default browser settings, which are often to allow 1st-party cookies and reject 3rd-party cookies (though not always: Chrome, by default, accepts all – you can then choose to reject all or “restrict how 3rd-party cookies are used” – I haven’t been able to find out exactly what this means (though I can imagine) but would be curious to know).

I asked this same question in my first survey, the response to which was YES: 42% and NO: 58%.

5) When I visit a website, I look for and read the privacy policy.

Though this question is not directly related to cookies, my interest included attitudes towards privacy on the internet and overall security concerns. The overwhelming feeling that I got was that “life is too short” for reading privacy policies. In addition, all privacy policies were considered to be the same and over-complicated with legal jargon which could hide any dubious statements. In general, it seems that privacy policies are considered a nice-to-have element of a website, but not a crucial part of a visitor’s navigation behaviour.

6) I have privacy concerns specifically regarding cookies being set on my computer by websites I visit.

A similar question in my previous survey (I have concerns about cookies being misused to compromise my privacy) generated exactly the same results. In this case, however, the reasons were slightly different – the distrust of cookies centred more around data being sold on, unwanted viral material etc than profiling and targeting. There was also distrust stemming from a lack of understanding of what cookies are and what they can be used for.

In a fascinating twist, quite a few of those who did not have these concerns said that it was because they did not understand what cookies are and what they can be used for!

Generally, knowing what cookies are does not seem to be a barrier to acceptance. In addition, ignorance of what they are does not seem to be a barrier to acceptance. Most of those surveyed did not know of any problems caused on their computers by cookies and for that reason did not fear them. This did not mean that they knew what cookies were or even had much interest in finding out. Again, as in the first survey, to a large degree, convenience is an important consideration – knowledge that, for example “Bebo forgets me if I delete cookies” outweighs any other possible concerns.

So, all in all, good news for the 1st-party cookie (depending on the default browser settings of your website visitor). For the 3rd-party cookie, however, apathy may mean that it is often blocked and largely misunderstood – like me, as a child

***August 2009***

The first on 100 “internet-savvy” people and the second on a more general group of 100 people who would not be expected to know what cookies are. I had a guest spot on the Visual Revenue blog and will compile the results of [...]]]> I’ve just moved to WordPress, so I’ll recycle a couple of old posts here.

***August 2009***

The first on 100 “internet-savvy” people and the second on a more general group of 100 people who would not be expected to know what cookies are. I had a guest spot on the Visual Revenue blog and will compile the results of the second survey soon.
Here’s the text of the first post:

This week, I ran a survey on the subject of cookies, cookie deletion and privacy and the results were quite interesting. The survey was run online and had 100 respondents who can generally be assumed to be at least vaguely Internet-savvy. It was sent out to and passed around by Twitter followers who are, in the main, linked to analytics/SEO/SEM etc; to the IT department of a large bank; to the IT department of a small-town local authority; to the staff in the Yahoo! Web Analytic Hungarian office, most of whom are programmers. Respondents came from at least 6 countries that I know of – very possibly more. I had considered broadening the scope of the survey to include those who use the Internet but cannot be considered to be terribly clued up on issues like targeting, tracking, cookies etc, (which would have led to completely different survey questions), but on a quick verbal survey of a small group of those who would be considered to fall into this category, I felt that the results would lose focus. I.e. most did not know what cookies were, what the difference between 1st- and 3rd- party cookies were, and those that did had were not entirely sure what they were used for. Therefore, for my purposes, I assume that this category would generally leave cookie treatment to their default browser settings. I think this group should be treated in a separate survey, which I will leave for another day.

The survey comprised 5 questions, most of which were Yes / No with an optional “Why?” comment.

The Results

1) I block 3rd-party cookies.

• YES 36%
• NO 64%

Of those who answered “Yes” and commented, the main concern appeared to be around trust and privacy. There was a general consensus that 3rd-party cookies were unsolicited and set by “snoopers“. There was also some concern around the fact that something, however innocuous, was being set on the visitor’s hard drive.
Those who answered “No” were generally far more blasé in their language. 3rd-party cookies were nothing to worry about and could always be deleted if there was some concern about their origin.

2) I block 1st-party cookies.

• YES 6%
• NO 94%

The overwhelming consensus here was that 1st-party cookies did more good than harm. Convenience (in terms of recognition, logins etc) was cited as a major bonus. What is interesting here is that it appears that visitors don’t mind their browsing behavior tracked or monitored as long as they feel they have been given a choice in the matter. I.e. if I go to Site A, I have no problem with Site A knowing what I looked at, what I bought, and who I am, but I don’t want Company B to know the same information. 

3) I manually delete cookies:

• Daily
• Weeky
• Monthly
• Never (never delete cookies manually – don’t know browser settings)
• Never (never delete cookies manually – auto-delete cookies based on my browser settings)
• Other

Unfortunately, due to some over-zealous multi-tasking, “Other” was set not up as a separate choice, but as a comment, which meant you also had to choose one of the time-frames. However, as luck would have it, the vast majority, according to the entries in the “Other” field, indicated that cookies were manually deleted fairly randomly and with no particular pattern (if deleted at all). Most cookie clearances seemed to take place after online financial transactions or if a site visited appeared particularly dubious.
Interestingly, despite the general acceptance that cookies are not insidious pieces of software out to steal your identity, there was quite a high instance of seeing them as having a potential for abuse. I.e. cookies are fine, I love them, I would let my favourite child marry one, but I still wouldn’t trust one set by a site I don’t trust.

4) I have customized my browser settings with regard to cookie blocking and deletion.

• YES 42%
• NO 58%

Due to the high instance of 3rd-party cookie deletion and non-blocking of 1st-party cookies, it can be inferred from these results that many of the respondents know that their browser settings reject 3rd-party cookies while accepting 1st-party cookie and have left these settings be.

5) I have concerns about cookies being misused to compromise my privacy.

• YES 38%
• NO 62%

Of those who answered “Yes”” to this question, the comments indicated an uneasiness with being tracked and targeted by advertising companies. There was also a sense of distrust around the potential for abuse – companies using cookies to personally identify visitors, spyware, information theft, malware etc. However, we can infer that some of those who do not entirely trust cookies and their usage also happily accept 1st-party cookies because of the convenience they offer.
Those who answered “No” were generally very emphatic about the fact that they did not suffer from “paranoia”. Understanding the limitations of cookies and the fact that other forms of “spying” were far more threatening were cited as reasons to discount any perceived menace from cookies. It would appear that cookies can be seen to make life easier and that this convenience outweighs most of the worries those in this particular survey group suffer. Visitor choice is key – if someone chooses to visit a particular site, they choose to accept cookies from that site in order to make that site work better. However, this consent does not necessarily extend past that particular domain.

So, cookies are good as long as they’re not bad.