Defining spyware

Walt Mossberg’s WSJ column on Thursday posits that tracking cookies are spyware, according to his definition of the term:

Computer code placed on a user’s computer without his or her permission and without notification, or with notification so obscure it hardly merits the term. Once installed, spyware and adware alter the PC’s behavior to suit the interests of outside parties rather than those of the owner or user.

Now, while you can configure your browser to notify you every time a cookie is set or read, the result is a blizzard of notifications that seriously degrades the user experience, so I would agree that cookies of any kind probably meet the first part of the definition.

However, the second part of the definition is where opinion definitely enters: the judgement has to be made as to whether the PC’s altered behavior “suits the interest” of the user, or of outside parties. Walt defines cookies that help a Web site remember preferences or login status as “helpful cookies,” while cookies that record where you go on the Web on behalf of Internet advertising companies are called “tracking cookies,” and are therefore spyware.

Of course, marketers would respond that tracking cookies are only used to target ads, and more relevant ads “suit the interest” of the user just as much as the advertiser and publisher. They’d further add that tracking cookies are anonymous and that the higher value of targeted ads often allows publishers to reduce ad clutter, another benefit for users.

Personally, I’d say that more relevant ads do indeed suit the interest of the user, especially if the data used is anonymous. However, a big issue is the possible merging of anonymous cookie data with personally identifiable information (PII) in various databases, such as name, address, or email (to be covered in a subsequent post).

Assuming anonymity, it’s hard for me to see tracking cookies as “spyware.” And for anti-spyware programs to target ad network tracking cookies seems silly when almost every publisher site (including the WSJ!) issues its own tracking cookie to use for the exact same purpose: to target ads. At the end of the column, Walt suggests that users be compensated for allowing tracking cookies; the fact is, they already are! As more and more readers move online, targeted ads become an ever more important way for publishers to generate revenue to pay their writers, whose output is then the compensation for allowing tracking.

The key to me is that while adware or browser hijackers “take over” your computer in a jarring and unexpected way, ads are already there and tracking cookies just make them more relevant. A final note: Walt’s column starts by noting how unacceptable it would be for a TV to track what you watch and use the data to target ads. Of course, this is already happening, as discussed in my previous post. There, I also came to the conclusion that the important issues here are anonymity and the difference between PII and preferences…the subject of my next post.

Leave a Reply

Moderation is on, so your comment may not show up right away.