Prediction: The Future of Cookies in Digital Analytics

I don’t often get to talk about the future of digital analytics. Over the past few years I’ve put quite a bit of thought into what the future may look like. It feels like a golden age of tracking right now (at least in North America) – everyone is using cookies, we’re tying together online/offline data, bridging devices, even collecting user demographic information. Over the past decade or so, trends have shifted… from the centralized data warehouse to A/B testing to channel attribution to tag management. It has never been faster or easier to collect, analyze, and drive decisions from data.

I predict cookies will not be a thing in 2 years. Well, I take that back. They will be – but we’ll take the EU model of requiring user opt-in. Why? To put it simply: misdirection. The revelations from the NSA and the resulting paranoia make cookies a really easy target to convince the public that something is being done to protect privacy. I get that it has very little (or nothing) to do with government spying, but it’s an easy superficial “step forward”. To be fair, this move predates NSA spying; but I believe a call for increased net security is accelerating this move quickly. Users with new versions of Internet Explorer are already prompted to decide whether they would like to opt-out. Despite this only affecting the 12 IE users worldwide, it’s only a matter of time before other browsers follow suit.

With Google, Apple, and other big tech companies cultivating users via universal login systems, they will no longer need to worry about storing/protecting free use of cookies (because to log in, you must have cookies enabled). Additionally, with SSL quickly becoming a requirement for every site – the logical next step in security is to move to cookie opt-in… because why not?

So what are the alternatives? What’s next? The next generation of tracking may actually get a bit creepier. With IPv6, analytics platforms will have the opportunity to collect an IP that is specific to an individual computer/device. In other words – IPv4 would look at every individual on the global WiFi network at Clemson University as the same person while IPv6 would treat them as individuals (yay for individuality?). Currently, only approximately 16% of the networks on the internet even support IPv6 – so it will be a little while before this becomes viable.

The second alternative is HTML5 canvas fingerprinting. This is really neat because it actually exploits an HTML5 canvas element that draws a hidden line and is converted into a token (or some kind of hash). The tricky part about this is that it is not completely unique since it creates the token based on your system hardware. However, even 95% consistency is pretty darn good (it’s not necessarily 95% unique). Another “vulnerability” is that it can be easily blocked by ad blocking software.

However the cookie evolves/devolves, it will be interesting to see how IPv6 and canvas fingerprinting change the way users are tracked. What’s more interesting is how Google and Adobe will pivot to accommodate a changing landscape… or who knows, maybe they won’t have to. After all of this, we may just end up with the opt-in button – but I can see the end of the cookie road approaching quickly.

2 thoughts on “Prediction: The Future of Cookies in Digital Analytics”

  1. Great post. I disagree about cookies going opt-in only, though. The only way the EU was able to do such a thing was because of their regulatory powers, which are quite different than that you see at, say, the FCC. Given that the FCC (let alone Congress) is unable to get meaningful progress on even much less controversial topics right now (ex. net neutrality), I find it pretty unlikely they’d also have the wherewithal to pick a fight with the web advertising and publishing industry.

    I do think that much of ad serving will go towards platform-specific IDs, though – specifically, and obviously, for Google and Facebook. (Maybe Pinterest too.) Perhaps a Google Analytics of the future would give the user some special insight into tracking those IDs, too. But I think the real cookie replacement technology is a few more years off, and will be more in the realm of device signatures or the HTML canvass fingerprinting you mentioned above.

    • Thanks Blair! I’m honestly not as educated on how EU regulations are passed so I’ll take your word on it. I completely agree that the progress (or lack thereof) of net neutrality legislation does support your argument that we will likely not see legislation passed banning cookies – especially before a new technology emerges. Great point. I agree most signs are pointing towards a general shift in tracking methodology, though. During the interim we may see the expansion of browser-prompted cookie opt-in.


Leave a Comment