Study: Users Don�t Understand, Can�t Delete Cookies

The cookie deletion issue will not go away, apparently. Ever since JupiterResearch published a report in April concluding that 39% of consumers said they delete the cookies on their computers at least monthly, other research entities have been busily producing studies to either confirm or undercut that finding. The Jupiter finding was quickly corroborated by evidence from Nielsen/ NetRatings, which found that 43.75 of respondents to a survey reported deleting cookies in the previous month.

That study prompted Atlas Institute to issue its own report, which found that users� behavior doesn�t match their statements: Depositing a cookie among respondents and monitoring its lifespan, the Atlas study concluded that respondents who said they deleted cookies once a week actually held onto them for an average 45 days; those who claimed to delete them once a month actually kept them for almost twice that time.

Now yet another study, this one by Internet marketing research firm Insight Express, finds that there�s many a slip between the hand and the lip: that is, that consumers not only don�t get what cookies can do and how they work, but that many of the people who say they�re getting rid of cookies are not in fact successful at doing so.

The impetus behind this whole cookie kafuffle is more than a quest for empirical truth, of course: Cookies are central to the measurement of many aspects of users� Web behavior, from unique visits and ad targeting to sales conversions. Accelerated cookie deletion means that those metrics contain a certain but indefinable amount of inflation�which could affect the evaluation of Web performance and the return on investment for advertising. Complicating the question is that fact that some Web tracking firms�for example, Nielsen/ NetRatings�use techniques that rely more heavily on panels than on mechanical aids such as cookies to follow user behavior.

For the latest study, Insight Express fielded a pair of surveys in April designed to probe users� understanding of and attitudes toward cookies. What�s more, one of the surveys included an exercise in which users were asked to delete cookies and their performance measured. After all, as important as it is to study the difference between consumers� stated behavior on cookies and their actual practice, it may be equally vital to examine the gap between users� attitudes and their technical ability to put those beliefs into action�in this case, by getting rid of the cookies on their computer.

�We began our research with a hypothesis that many consumers really do not understand what cookies are, what services they provide, what value they provide, and how they function,� says Lee Smith, InsightExpress president and CEO. �We wanted to find out how much consumers knew about cookies.�

Answer: Not much. Although almost 77% of respondents said they knew what a cookie is, when asked to describe it to the best of their knowledge, only about 25% gave answers that were entirely correct. Respondents were allowed to compose their own answers to the question, or to submit that they were unsure. (About 25% took the �don�t know� option.) Many of the incorrect definitions said that cookies were executable files placed automatically on a computer, or �hidden attachments that allow unauthorized access and tracking abilities.� Others stated that while cookies make Web sign-ins easier, they can also let spyware in to infect a hard drive. Some wrong answers confused cookies with cached Web pages or temporary Internet files.

In a second survey, users were asked to pick the most accurate description of cookies from a set of possible choices. Almost 29% chose to say a cookie was �a small file enabling a server to identify a browser end/user�, a reasonably close definition of the term. But another 25% said a cookie was �a program that tracks all of the sites a browser/ end-user visits�, a notion that brings cookies into close relation with spyware. More than 13% said cookies can record users� e-mail and Web activity�, while about 3% said they generate pop-up ads.

The lack of understanding about how cookies work is paired with vagueness about what they do for consumers who are surfing the Web. Asked to characterize the value cookies have for them when using the Internet, only 34% of those polled said they were important. Thirty-nine percent said cookies were not important to them as Web users. Another 27% said they were neither important nor unimportant.

The indication that users are ascribing evil intent to cookies was made clearer in another portion of the InsightExpress survey. Asked to check off all the reasons that they delete cookies, two-thirds of respondents�66.5%-- said they erase cookies to �protect my privacy/ prevent tracking.� That response was the second most widely given in the survey, following only �clean computer/ free up disk or memory�, something 77.4% of those polled said they agreed with.

At least the privacy/ tracking prevention answer has the virtue of being valid. Other choices from the list of reasons to delete cookies show a serious misunderstanding of the technology�s capabilities. About 57.2% said they get rid of cookies to �remove spyware/ adware� from their hard drives. About 43% said doing so �eliminates spam�; 38.7% said it prevents pop-ups; and 33.8% said it prevents computer viruses. Fifty percent of those polled also said they deleted cookies because it was �recommended�.

Where respondents would get such recommendations wasn�t specified in the poll. The advice could be coming from a friend, relative or co-worker. But they could also be picking up on signals in the popular media, where identity theft has been very much in the headlines, and where Internet service providers stress in their ads that the Web is a dangerous place due to recent thefts of personal data from both compilers and retail merchants.

Finally, the InsightExpress survey took a closer look at how effectively average users put their beliefs about cookies into action. The pollsters dropped a cookie into participants� browsers when they logged into the online survey. At the end, respondents were asked if they would be willing to participate further by deleting their cookies. Nearly half agreed to do so, and of that group, nearly 60% reported that they had succeeded.

But as InsightExpress found, only about 35% of the deleter group were actually successful in getting rid of the cookies they had received at the outset of the survey. In other words, almost two-thirds of the deleters failed to erase their cookies�whether they knew it or not.

Since the survey could only track the cookie it deposited on respondents� browsers, there was not way to tell if the successful deleters got rid of all their cookies or only the InsightExpress one. But it could be determined that successfully deleters took a median time of 33 seconds to get rid of the cookie�a second less for Internet Explorer browsers, and a few seconds more in Firefox�while those who failed took a median time of 6 seconds to do (or not do) it. The survey did not reveal if that group stopped too early in the process or just gave up in confusion.

According to Smith, the InsightExpress study reveals that relying on stated consumer behavior to estimate the value of cookies is inherently flawed. �People tend to overstate behavior when it involves something that as personal as a possible threat to their privacy,� he says. �We found that many people do have a misunderstanding of cookies that involves spyware and other threats to personal information on the Web. So those people, at least, will be more likely to exaggerate their behavior in regard to cookie deletion.� The inability of two-thirds of the respondents who tried to delete their cookies adds another variable.

What is clear, Smith says, is the opportunity for consumer education about how cookies work on the Web and what value they add to consumers� online experience. Only one third of Web users grasp the role that cookies play in speeding their Web experience by simplifying log-ins and serving up customized content. �It may be as simple as making sure more Web sites tell visitors that if they enable cookies and change to these settings, they will get such and such benefits,� he says. �If this was done in layman�s terms so that consumers could see clearly the value exchange involved in cookies, I think it could be very successful.�

Smith says he�s optimistic that a campaign to improve consumers� understanding of cookies can succeed, and that in turn can enable cookies to live on as a tool for Web metrics. �You have to present the case for cookies in terms that show their value directly to the consumer, by stressing the enhanced Internet experience,� he says. Several industry groups have either launched efforts to get such information campaigns going or are in discussions to do so. The Interactive Advertising Bureau is considering a public education effort, Smith says. And an affiliation of prominent Internet ad companies called Safecount.org announced its debut last month, with the aim of finding ways to measure online media while protecting consumer privacy. Part of that effort could involve educating the public about the difference between malevolent spyware and cookies, or adware of a more general type.

�The best way to do this kind of consumer education is through coalitions of some of the biggest, most trusted brands on the Internet�Microsoft, Yahoo!, Amazon and the ISPs,� smith says. �It could be analogous to the education process that helped drive e-commerce years ago. Just think where that might be now if Visa and MasterCard had gotten behind online buying right from the start.�