The anonymous alphanumeric string made and lost fortunes in its short but eventful life. It was best-known for something it wasn’t actually designed to do: targeting ads.
The cookie – originally named “magic cookie” – which single-handedly enabled a generation of ad targeting, measurement and some mayhem, died this year.
Its death came after a long period of failing health and was confirmed by Google in a blog post last December.
The cookie was the last survivor of the Golden Age of ad tech, spanning the years 1995-2015 – a period during which an estimated 400 trillion ads were served to 20 billion web browsers, with an unknown impact on sales.
It was born into a world where the web was stateless by design. This feature made the internet fast and flexible, but gave it a case of permanent amnesia: No webpage remembered anything users did before.
The cookie solved this problem, allowing for shopping carts and pre-filled user IDs – and targeted ads.
It quickly became the go-to ID for ad servers, ad networks, exchanges and retargeters, allowing publishers and ad tech partners to recognize browsers and stitch together partial anonymous profiles.
But how did the cookie come to be and where did it lose its way?
Early life and mission
The cookie was born in October 1994 in the offices of Netscape in Mountain View, California. Its parents were Lou Montulli and John Giannandrea, both talented engineers in their 20s.
Montulli, in particular, took responsibility for the young cookie’s development. Athletic, charismatic and unpretentious, Montulli was runner-up for People’s Sexiest Man Alive title in 1999.
By all accounts, the cookie’s early life was difficult. It was not designed for advertising but to support an in-browser shopping cart feature requested by Netscape’s ecommerce team for its customer MCI. Designed and then redesigned, it was separated into first- and third-party versions.
The question was: Should the third-party cookie be turned on by default – or should the user be required to opt in every time?
In 1996, Montulli himself made what he describes as an “agonizing” decision to enable cookies by default. His reasons were: (1) domains are logged in the browser, letting users see who’s tracking them; (2) users can turn them off, if they want; and (3) without cookies, engineers would be encouraged to develop fingerprinting methods.
Ironically, he designed the cookie to protect a user’s privacy, rather than invade it.
A Dutch computer scientist named Koen Holtman warned a web working group in 1995 about the possibility of cross-site tracking via third parties sharing IDs, a technique Montulli admits he “missed.” Holtman was right.
Microsoft’s Internet Explorer adopted the spec and promptly buried Netscape in the browser race. But Microsoft’s adoption of the cookie ensured its use would accompany the explosive growth of the web. Web traffic grew from 20 million users in 1996 to 260 million in 2000, and digital ad revenue soared 30x.
From the beginning, the cookie’s use drew heated debate, attracting both positive and negative reviews for its performance.
Avid early fans such as DoubleClick (founded the year the cookie was born) and Engage praised its durability and network effects. “DoubleClick’s cookie contains no information about you,” said DoubleClick on its website in 1997. “DoubleClick uses [it] to track ad exposure … to assure a user is not bombarded with the same ad over and over again.”
But there were always detractors. In 2001, the Stanford Law School professor and privacy pundit Lawrence Lessig told the New York Times, “After cookies, the Web becomes a space capable of extraordinary monitoring.”
At one point in 2000, a study found that the average page on a major publisher’s website had more than 100 cookie-setting and -syncing events.
The fall of the cookie
The cookie’s health started to decline in the 2010s. Events like the Cambridge Analytica hearings, data breaches and greater press attention raised the cookie’s fame – and its infamy.
By 2020, surveys were showing that somewhere around 80% of US adults felt they had “little or no control” over the data collected about them and that the “risks outweigh the benefits” of online data collection.
Simultaneously, the economic benefits of cookie-driven targeting and measurement were accruing to fewer market leaders, particularly Google, and a relative handful of major publishers. A study in 2016 showed that only 1% of the entities that placed cookies could follow traffic over 75% or more of the web.
Around that time, the cookie gained a formidable adversary in the European Union, which issued its ePrivacy Directive and then the related General Data Protection Regulation in 2016. California followed with the California Privacy Rights Act of 2020.
In addition to making web browsing less fun across both the Alps and the San Fernando Valley, these data protection measures made everyone in the affected areas aware of the cookie and its essential role in ad tech.
That is to say, people became more aware of the cookie but – as was the case with radon and Snooki – not in a good way.
Then Apple – a competitor of Google’s that had never had a big ad business, despite trying – initiated the cookie’s final scene. With its introduction of Intelligent Tracking Prevention and other measures, starting in 2017, Apple all but assured Google’s capitulation.
Google began its plan to phase out cookies in 2020. Many partial remissions followed, but the cookie’s fate was baked. It passed away in 2024 in an unknown location.
In lieu of flowers, donations of talent and ideas can be forwarded to Prebid and the Privacy Sandbox.
“Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.
Follow Salesforce Marketing Cloud and AdExchanger on LinkedIn.
For more articles featuring Martin Kihn, click here.
