cookie picture.jpg

To Understand Where the Cookie is Headed, Let’s Look at its History

By Bruce Judson

Nov. 17, 2020

Note: This article is the first of a two-part series.



Almost a year ago, Google announced that Chrome would sunset support for third-party cookies by the end of 2021. The discussion of the replacement technologies for "life after cookies" now dominates the industry press. The IAB's Project Rearc, Google via its Privacy Sandbox, and multiple companies (including BritePool) have all developed or pledged to create technologies that will power advertising in the cookieless future.
To develop a perspective on third-party cookies and what should replace them, this is a deep dive into the cookie's history.


Cookies were Developed for MCI's Virtual Shopping Cart


The cookie was created in June 1994 by Lou Montulli, a programmer working at what would become Netscape Communications Corp., best known for its once-dominant web browser.  Montulli was working on an e-commerce app for Netscape client MCI, which had effectively asked for a virtual shopping cart (a novel idea at the time).
Montulli and his team devised a way for the Netscape browser to place small files on a website visitors' computer that 
tracked what each visitor did on that site, allowing the telecom giant to avoid placing the data on its servers.


involved with online advertising have looked with concern at the referendum on "CCPA version 2.0", we have taken comfort, believing a national privacy law is not happening.  Now, to quote the famous line from Jaws, "Just when you thought it was safe to go back in the water…" If the Democrats take the White House and the Senate, national privacy legislation will almost certainly pass in some form.

Grand Ambitions with Inherent Problems


In a 2001 interview with The New York Times, Montulli said that he designed cookies to be a flexible tool, with the potential to be "a next-generation communications system." He said, ''We wanted people to be able to use it for other uses'' besides shopping carts, including ''things we hadn't thought about.''
In April 1995, a working group 
was established to propose a set of standards for cookie usage. David M. Kristol, a scientist at Bell Laboratories, led the group. But the longer the group collaborated, the greater its concerns about how cookies might invade consumer privacy.


Original Restrictions to Protect Consumer Privacy


According to the Times, the engineers developing cookies sought to avoid "a privacy nightmare" by deciding "not [to] identify web users by name" and rejecting "an idea for creating a single ID number that a person's browser would use in all Web explorations." Montulli said, "We didn't want cookies to be used as a general tracking mechanism." Instead, protocols required that sites assign a unique ID number to a visitor's computer, one that could only be read by the issuing site or a sister web property.
At the time, the ability for companies to circumvent this restriction was foreseeable. A Dutch member of the 1995 working group, scientist Koen Holtman, warned that companies could, 
by agreement, place cookies across a network of related sites. Those cookies would be able to track user activities at multiple sites across the web.


Advertising Co-opted the Cookie and Overcame the Inventors Restrictions

Holtman proved prescient as companies began working to do what he predicted. Soon DoubleClick, Engage, and others were serving banner ads across thousands of websites, using a shared cookie that allowed the issuing company to recognize a visitor wherever he or she went on the web. This innovation allowed these companies to control users' ads as they moved from one site to another.


In 1996, to potentially provide privacy protection, Netscape and Microsoft both altered their browsers to distinguish "cookies coming directly from the site being viewed from third-party cookies." This initiative proved meaningless, as consumer browsers automatically accepted third-party cookies by default.
In 1997, in a last-ditch effort to protect consumer privacy, 
Kristol's working group tried to thwart the use of cookies for advertising tracking, recommending that browsers automatically block third-party cookies. This effort failed as Netscape's browser and Microsoft's Internet Explorer continues to embrace the use of third-party cookies.
Montulli described the advent and ascendance of third-party cookies, for advertising tracking, as a surprise. ''That's the one 'gotcha' we had,'' he 
told The New York Times.
Similarly, Lawrence Lessig, a Standard Law School professor and leading expert on the Internet and public policy, made 
this observation, "Before cookies, the web was essentially private. After cookies, the web becomes a space capable of extraordinary monitoring.''


Lessons for Today
This brief history suggests two takeaways for managing the next quarter-century of web advertising:
First, while most of the critical technologies for web operations reflect several generations of development, the cookie, a 1990's technology, has remained the fulcrum for Web advertising delivery. In essence, outdated technology is now central to managing over 
$300 billion in global annual spending on digital advertising.
Second, the initial development of cookies raised privacy concerns, which led developers to deploy safeguards. Subsequently, ad management firms circumvented these restrictions. Hence, it was inevitable that the unchecked and unregulated expansion of web advertising would invade consumer privacy.

Bruce Judson is Vice President of Communications at BritePool. His 1996 book, NetMarketing (Random House/Wolff), was a sleeper bestseller which accurately anticipated the rise of the web as a powerful vehicle for the direct sale and marketing of products and services.

Subscribe to BritePool's In the Eye of the Storm Newsletter

Thanks for subscribing! We have received your information and you will receive the next issue by email.