Similarly, visiting https://try.sentry-demo.com I got cookies "sentrysid", "sc", and "sudo".
I also got a player.vimeo.com cookie at some point, but wasn't able to reproduce.
If you're running a complex modern site and decide to do away with cookie banners, you generally need to pair this with browser automation that crawls your site and verifies that you (and your dependencies) are in fact not setting any cookies.
I don't see why it's necessary that that these cookies be set before I actually log into the page? Or, if it is necessary for a non-obvious reason, I don't see why they need to be sent when visiting other pages under sentry.io instead of being scoped to /auth/login/ ?
Correction: any cookies which are not technically required for the basic operation of the site (such as a shopping cart ID).
if I'm a shopping cart website, how do I keep track of you as a user/session enough to identify you and pair you to the contents of your cart on my backend without a cookie?
Cramming a sessionId into localStorage/sessionStorage seems kind of like the same thing? Am I missing somehting?
Is not about cookies, is about their content and purpose.
While the GDPR has added additional restrictions, the basic framework is still in force: you can't store information client-side (cookies, localStorage etc) unless (a) it is "strictly necessary" to fulfill a user request or (b) you get user consent. All the cookies above look to me like they don't meet that bar; the site seems to still fulfill my requests with cookies disabled.
(Not a lawyer.)
It looks like this mostly happens because they lose the conversion signaling which is the most important input to their bidding model, making them pay for 4x as many impressions which still only concert to 1/10th the sales.
Is this the experience that all Google AdWords customers will be waking up to later in 2024? It sounds like Sentry is being pro-active and getting ahead of the curve, and not just cutting their advertising performance for purely benevolent anti-tracking reasons.
When this happened to FB they lost tens of billions of dollars. Will the impact to Google be even greater? If there’s anything that could truly disrupt Google, destroying AdWords ROI has got to be their #1 existential risk.
It’s not like their search experience is even that decent anymore. It would make me quite happy to see Google peak as a company due to internet privacy initiatives winning out over invasive corporate panopticons.
https://gizmodo.com/google-chrome-users-worth-less-money-coo...
Given how many people I know that still type google into the google search bar, I find this number to be extraordinarily high.
I think it's entirely fair that someone track me on their own web property, or within their own application. Cross-site tracking is not wonderful, unless it's between a collection of related products from the same product suite. But overall I think it's a huge misstatement to say that people who are against ads are also rabid anti-track-anything people.
Within product tracking is both useful and important for helping companies improve their products. And often it's crucial for security, to detect attacks and the like.
> 42.7% of internet users worldwide (16-64 years old) use ad blocking tools at least once a month
> 27% of American internet users block ads
...I still couldn't find the source for that. I believe it's a "Digital Trends Report" by Hootsuite but couldn't find it.
I think people might be shocked that access to this RCE backdoor is often given to non-technical roles and even outsourced marketing resources..With no controls in place at all.
Security nightmare.
Maybe try reading it, there's a lot of "what happened" in there.
Sounds like I made the right decision based on other comments.
It (probably) could've easily said, in say one to ten words, what actually happened, in the headline, so that I could decide whether I wanted to read into the details or whether it didn't interest me at all.
With the headline being "something happened" and you'll have to read multiple paragraphs before you find out anything at all, I'm immediately put off. I feel like my time is being wasted.
Entice me by describing an interesting outcome in the headline, that I want to read more about, or inform me, in the headline, that it's not an article for me.
Attempting to artificially drive more traffic and eyeballs to an article, by withholding details in the headline of what it is about, is the definition of clickbait in my book.
Then there are paragraphs like this one:
> We decided to rely on ad engagement retargeting (rather than traditional retargeting) on most of our ad channels which isn’t the same, but still gives us a semblance of a funnel. We tailored our ads that are focused on middle of funnel (MOF) and bottom of funnel (BOF) to this engaged audience.
Which for people like me is a big "WAT?" What does that even mean, what are consequences, why didn't they do this earlier? I am aware of "retargeting", which is really what I want companies to stop doing, I don't care if they do it without cookies.
But yes, this isn't for the technical or privacy focused crowd. This is for marketing people, about how they can adjust their workflows when Chrome starts blocking 3rd party cookies.
Apparently the move is already delayed until Q2 2024 (lots of pushback at the office) [1] However, it's still difficult to believe. Must be an utter nightmare for people who built their entire business stack on cookies.
[1] https://techcrunch.com/2022/07/27/google-delays-move-away-fr...
Performance tanked. Targeting and optimisation dwindled, measurement became directional last click. They still switched to solutions that leverage IP Addresses.
As they burned through their marketing budget, they focused on bogus metrics like dwelltimes and patted eachother on the back.
Fun times ahead.
And as marketing is less efficient, higher budgets are required to drive the same results. We can potentially expect to see these costs gradually passed on to the consumers and watch more businesses fail.
> for certain tracking technology like hashed offline passbacks
The hashed offline part probably refers to hashed email or other PII, so that we can exchange data without actually exchanging data.
Is there any way from preventing under/over reporting of how many referrals were sent? Or is that just implicit in having the hashed identifier
Ooh, they're going after that anti-marketer market. That's a huge market! Look at our research!
https://blog.sentry.io/introducing-the-functional-source-lic...
- Issues you're already having will get worse in 2024 - Cookieless performance marketing is achievable - You will need all your stakeholders aligned - You will need to reimagine how you do things
Here's one conclusion I grabbed, randomly:
"we saw around a 30% increase in our cost per click (CPCs) in Google search."
The average HN user thinks marketers (and MBAs) are stupid, and assumes they can master the industry if only they put it a few days effort.
Maybe you aren't the intended audience?
Is this complaint with GDPR and will it still possible in the future?
GDPR is about consent, not cookies, storage or anything. If you track a user then you need consents. Nothing about GDPR is tied to cookies. They are just one way to generate and keep PII (a tracking ID).
Now if the UTM only identifies the source (user coming from X, FB, ...) and does not identify or reveal the user then you are probably fine. It should even be fine as a cookie, although there have been talks about storing on a users device without consent. Not sure about the current exact legal status, so you might want to set it to never persist the browser close.
It might get a bit more complicated at sign up. You probably would want to disclose that you track and keep this information. But at this point GDPR is active for sure as you have a somehow identifiable user.
Consent is one of six different legal bases for processing personal data. Consent is important, yes, but it's not the be all and end all.
>It should even be fine as a cookie, although there have been talks about storing on a users device without consent
That will require consent, because the use of cookies is regulated not by the GDPR but by a different law (the ePrivacy Directive).
Under the ePrivacy Directive all cookies[0] that aren't strictly necessary to provide the service require consent.
[0] In fact it's even broader than cookies as the law covers storing any information on the user's device, so it includes things like the local storage API and indexed DB.
I skimmed the whole article, read your posting, and even though I know some of these words, I still have no idea if the decision was hurtful to the business, or if it did not move the needle at all, or if it even was a net positive, all things considered.
It took awhile but I finished the article. I don't see much self-gratification in phrases like:
> we saw around a 30% increase in our cost per click (CPCs) in Google search.
Or this:
> This took a TON of back and forth, basically building logic that an out-of-the-box attribution solution already has in SQL, but we finally got to a place where we could salvage around 50% of attribution data.
The self congratulating I saw was
* they decided to try this before it was foisted on them by externalities.
* they worked their asses off to make it work.
* they have a competent BI team.
I don't understand why they also eliminated most first party cookies though. I respect that level of respect for user privacy but it goes beyond my personal expectation for privacy.
That’s why chat GPT is to produce marketing copy that is as good or better than the best ad people can do.
"We at [...] understand that being able to accurately manage [...] while fielding is essential to a successful project."
The entire text was two more sentences and a video. That's just taking the piss. Just say "watch the damn vid." if you really want to add text.
In the early days of the internet, few enough companies wanted to advertise on the internet - advertisers viewed it already as targeted at a certain segment of society - so advertisements were generally very low value i.e. crap. Tracking technology let advertisers know that they could actually find the people didn't realise were using the internet. But nowadays we all know everyone is on the internet, and we tend to use the same sites regularly, so you could get adequately targeted ads (as a set of eyeballs - not necessarily as an advertiser) just by using the internet.
I'm a software developer so of course 90% of the ads I see on fb are for developer courses and no-code solutions to develop software…
On youtube there's often the "meet east european single women" above the list of suggested videos.
----
It's fascinating to me how this org (and so many others) are hard at work, day in and day out, basically shovelling garbage into peoples' faces. They produce absolutely nothing of value (other than, arguably, the parasitic relationship which allows Free Content), but so much money flows through them.
I wonder what effect the exclusion of third party cookies will have on the dark patterns that are so prevalent -- but I doubt it will be much. We may have "free" access to so much information online, but we pay a terrible place as the quality of discourse has devolved into antagonistic feces-flinging in most of the big walled gardens, and majority of the open forums. It seems only the domain-specific, niche places still maintain a quality noise-to-signal ratio.
