Cookies are crumbling.

Every article about digital Advertising nowadays seems to either bemoan or celebrate the demise of cookies. Articles careen between opinions, finger-pointing and technology alternatives. What, in the end, will happen? How will digital advertising work? Is there a middle ground, a grand compromise? Let’s look at some of these questions in more detail.

Cookies aren’t going away

Despite some doomsday predictions, cookies will stay. Many of the services you use store some state in browser cookies. Something mundane like checking your bank balance online uses cookies simply because you don’t want to re-enter your user name and password for every click on your bank’s site. Instead, the bank authenticates your user name and password once, and then, yes, drops a cookie saying it’s okay for you to poke around your bank balance. That cookie resides on the browser you happen to be using at that time, so switching browsers on the same device or using different devices renders the cookie inaccessible and requires you to re-authenticate. Also, the cookie usually expires after an interval your bank sets, so if you idle, the bank forces another login.

Conveniences like these multiplied a hundred times over are part and parcel of our lives. The websites we visit to buy movie tickets, plan travel, read newspaper articles, or shop for loofahs, all use cookies to make our online experiences tolerable. These cookies are called first-party cookies. No one is arguing that these should disappear.

The debate curdles when these websites enable other websites to drop cookies, i.e., third-party cookies. (If you’re wondering who the second party is, the answer is “no one really knows.” In this case, the second party is most likely you, dear reader, and the only cookies you drop are the chocolate chip kind.) Since the 1990s websites have been permitted to embed callouts to other websites, who could promptly drop their own cookies. Those websites could hail yet other websites, who could drop yet more cookies and call even more websites. Open your browser’s settings or preferences, clear your cookies, and surf the web for a few minutes to see cookies proliferate.

Many browsers are purporting to either disallow such third-party cookies outright, or ask users like yourself permission when a website you visit drops third-party cookies (first-party cookies continue unchanged). Given how many cookies are dropped within minutes of web surfing, users (still you) may not want to opt in every single time a third-party cookie was imminently deposited in their browser. The alternative, outright prohibition, seems draconian. Yes, online advertising uses third-party cookies. But third-party cookies have other less-obvious uses as well. For example, if your bank merges with another bank, it is reasonable for the two banks to synch your online accounts. Doing so would require a third-party cookie for the “other” bank. Many websites use analytics to determine which of their pages are popular, or slow, or confusing to users – all using third-party cookies. If you visit your doctor’s web portal, it probably uses third-party cookies to outsource the billing portion of your visit. Doing so is utterly reasonable – you want your doctor’s site to be an expert at diagnosing symptoms, offering advice, and recommending medicine, not spend time mastering credit card checks, payment schedules, discount deals at pharmacies, etc.

Unfortunately, the same technologies that permit utterly boring, legitimate and even desirable sharing, can be used to collect a lot of data about users (like yourself). Some of that data is benign, some coarse-grained, some uninteresting, some flat-out wrong. However, all of it is collected covertly and without consent, which is why it bothers us.

Cookies aren’t the only way to track users

The temptation to wipe the slate clean with cookies is high. However, media companies and companies generally use many data collection tools beyond cookies.

Many of us have heard of mobile device IDs or advertising IDs. Our phone apps may access this ID to collect whatever data we permit. Over the years, mobile device and operating systems manufacturers have attempted to shut the door on that sort of data collection. Users can now wipe the advertising ID on their phone and get a new one. Users can choose which apps use the advertising ID. The phones warn you when apps use your camera, your location, your photos, or your contacts. This is a victory for users, right?

Not quite. You may choose to permit a gaming app to access your contacts, but you cannot control how that app uses those contacts. Giving familiar names for your sparring partners in the game? Great. Contacting your friends to sell them shoes? Less great.

At least you can choose to share contacts or not. Not sharing contacts may result in a less-than-joyful experience in the game or outright denial of service. Those are our choices to make. But what about data collected about your IP address? Internet access at your home or work is channeled through an IP address that is unique and fairly static. In other words, your IP address works as a pretty good proxy for identifying you. However, data aggregated from your home IP address will include internet usage initiated by you, your roommate, your smart thermostat, and your dog. Worse, data aggregated from your work IP address will include internet usage initiated by you, your CEO, Sally from accounting, and your teammate who watches the knitting Olympics live. Every data packet sent over the wire by any of them for whatever reason – web surfing, file upload, email, social media – has your shared IP address.

There’s more. Your phone broadcasts your location all the time. Your IP address can be mapped readily to a zip code (postcode in the UK). The zip code can be used to collect coarse data about its residents: median age, income, education level; dominant race, ethnicity, political orientation, religious affiliation; urban/suburban/rural; etc. These are not secretive databases hoarded by nefarious companies. Most of this data comes from the census bureau. The only real technological skill is in connecting the dots from your IP address to a pretty good guess about your politics.

When you use your grocery store rewards card or the phone number associated with that card on a promotion on their website, you volunteer your ID to the store. Every time you log in to a social media site, a content streaming site, a newspaper or magazine site, you voluntarily tell them who you are. Your user name and password identifies you far more accurately than the pesky cookie that made it convenient to use the website. Put this way, cookies almost seem benign. They are easily deleted, they are usually untraceable to a particular human, and because they are untraceable, the data associated with them is far from accurate. In the ad tech world, it is typical for the faceless human behind a single cookie to be both male and female; young, middle-aged and old; in the market for a luxury car, a cheap car, and a six-pack of inexpensive yoghurt. The other forms of data collection are far more covert because you cannot control them easily.

Companies care about advertising

Most companies need advertising. Some companies may not need to advertise, for some advertising is pointless, some cannot afford to advertise. For the most part, advertising has been inextricably linked with commerce, whether it began with Egyptians pamphleting on papyrus, Greek harlots clinking their availability with nails in their shoes, or Chinese merchants vending candy with bamboo flutes. Advertising lubricates trade as much as paper money does: one enables you to transact goods, the other informs you about what to transact and why in the first place.

Advertising has evolved over the millennia, in form, medium, message and sophistication. The internet has heightened advertisers’ ability to target their audience precisely. Today’s cookie-derived decision to show you an ad for a clarinet is a far cry from the town crier’s clarion call hawking fresh-baked cookies. Advertisers worldwide have cared, and always will care about reaching the right audience for their wares.

Significantly, much of modern advertising underpins our way of life. Until recently, for most companies advertising was a cost of doing business, a revenue-draining expense necessary to earn those revenues in the first place. But today, for some of the best-known companies on the planet, advertising is the revenue. These companies have market valuations that rival or exceed the GDP of most nations on earth. This wealth makes much of the internet free for our use. It lets us search a hundred trillion pages in less than a second for free. It lets us share our vacation photos with our friends for free. It lets us video conference our parents across the globe for free. It lets us plan a road trip with turn-by-turn driving directions, hotel accommodations, rest stops and desirable restaurants for free. It lets us search for videos to solve Rubik’s cube, fix plumbing leaks, learn the piano, or learn about Fermat’s last theorem. It gives us the latest news, the weather forecast, the election results, the ratio of grams to teaspoons to ounces. It lets us play songs, message 140 characters to a million people, bid on second-hand Lego sets. For free.

What is the price for free? Our technological prowess has overtaken our societal capacity to assess its cost.

People want control, consent and compensation

Once, advertising was the cost of earning revenue from whatever product a company sold. Today, for some companies producing something is the cost of earning revenue from advertising. As long as it is advertising that earns the revenue, companies will keep innovating technologies to profit from advertising. Killing off the third-party cookie is a minor sideshow in this larger story. All it achieves is drive the data procurement activities further underground, using more obscure signals, collecting more nebulous data.

One proposed alternative is a panel-based approach. A panel identifies a group of “similar” people, who presumably will see similar ads. Panels are commonplace in polling and traditional TV advertising, so the idea has merit. However, many questions remain unresolved. Who commissions a panel? How fine-grained is a panel? How does a user (still you) know to which panels she belongs? What do you gain or lose by belonging to or renouncing a specific panel? Are panel assignments permanent? Who changes them? Who assigns people to panels?

The history of humans assigning other humans to categories, groups or panels is a discouraging one. Even seemingly-innocent activities such as computing recommended loan rates quickly run into foul territory. Conducting such an activity under the relentless pressure of commerce does not suggest a wholesome outcome.

A different idea may be to open up the conversation with people, or at least their elected representatives or informed consumer advocates. A model such as the one for credit scores may be a template. Your credit score factors are well-known, the score computation is well-defined, the scores and data are transparent yet private, there is a forum to correct errors and redress grievances, there are well-known techniques for improving scores, and the sharing of the information is controlled. The advertising equivalent of that may be a “profile” for a user (like you) that you can access, correct, update and consent to share.

Perhaps that profile is a commodity that the user can sell, for fair compensation. Advertising dollars (pounds, rupees) originate from advertisers, and trickle down through agencies, tech platforms, exchanges, data collectors, media aggregators, content providers and publishers, each taking a “cut” of those dollars. That trickle ends at the eyeballs of the user, by which time it has desiccated to zero: the user gets nothing for the data she sold to see an ad. If the profile becomes a commodity, the trickle of dollars could fall further, ending with a jingle of coins in the user’s purse (still, always, you).