Some appreciate the convenience and customized feel that cookies bring to web browsing. Others prefer a more anonymous existence; foregoing the personalization of their experience –being recognized at favorite destinations– in order to limit the collection of data about their online habits. If your key ring is a fistful of shopper loyalty fobs, you probably don’t care about online tracking. If you fear paper trails, change passwords constantly, keep cash in your mattress, know what an onion proxy is, and avoid daylight’s revealing glare, you’re probably more than a little concerned about privacy (and that knock on the door may be Homeland Security with a demonstration of real tracking). If you’re like most, you rest somewhere in between.

Who’s keeping tabs on you?

One web segment, online publishing, is particularly interested in establishing your demographic data. Coming from the physical world of print, where limited space props up the price of ads and reader demographics add value, their entry into virtual publication scares the ink right off of their fingers; online, users appear anonymous and the inventory is limitless. Traditional video media purveyors share the same concerns. Their saviours are the cookie and the web beacon who together quietly make note of you as you travel the web and construct a profile based upon your habits. The more clearly a publisher can identify you, the more effective their ad placement and the more valuable the ad’s delivery to the advertiser.

Before we get to who, a quick read on how:

COOKIES

A cookie is a text string (typically unreadable by mere humans) that is delivered by a server to your browser which then stores the file for later use when accessing that same server. It’s how Amazon.com calls you by name and Google remembers your searches for vegemite recipes and incontinence supplies. Despite the implication of software vendors hawking the latest panacea for your PC’s ill behavior, cookies are incapable of executing code, acting like a virus, retrieving personal information from the depths of your computer and are neither popups nor alien mind control implants.

Wikipedia entry: HTTP cookie

WEB BEACONS (aka WEB BUGS)

A web bug is an element of a web page that, in order for the page to be rendered, must be loaded from a server (typically a third party server), such as a simple 1 pixel by 1 pixel image or certain HTML objects. When the request for the element is made, the server supplying the element can record information associated with the request: the IP address, time, presence of cookies, browser type, and URLs of the page and element. Assigning unique identifying information via a cookie allows the third party to track the user, usually without their knowledge of a third party being involved.

• Wikipedia entry: web beacon (web bug)
• One source for web bug statistics

TRACKING YOUR ONLINE BEHAVIOR

Again, exactly WHO is keeping tabs on you? Companies with expertise in “behavioral tracking” (aka “BT”), data collection methods, and marketing analysis. The most prominent belong to an industry trade group, the Network Advertising Initiative, self defined as “a vigorous advocate for consumer privacy and responsible online marketing standards and practices… committed to consumer education.” The NAI lists these “Full Compliance Members”:

• Advertising.com, whose Lightningcast (see video about video) offers “pre-roll video, in-banner video - even clickable, out-of-the-box formats for those without commercial spots. For publishers, we fill your premium video inventory with premium video advertising - ensuring you make the most of your video content.”
• Atlas offers a product dubbed VIBE (Visitor Interest Behavioral Engine)
• Doubleclick gained recent attention for the whopping 3.1 billion dollar price tag put on their acquisition by Google.
• x+1 boasts a Progressive Optimization Engine that “leverages sophisticated mathematical models to make optimal segmentation and targeting decisions for online marketers. POE™’s added-value is derived from its ability to make actionable decisions from massive amounts of complex, interacting data. Using a wide variety of data sources, POE™ profiles end-users and anonymously tracks their online behavior and responsiveness.” Whew! Hand them the prize for wonkiest promotional copy.
• Revenue Science, Inc. publishes an extensive client list. Their competitors choose to be more discreet.
• SpecificMEDIA, Inc., whose targeting method “predicts each user’s age and gender based on his or her past online viewing habits… assigns a score related to the likelihood of a purchase in over 3,300 product and service categories… detects each user’s location by IP address and gives advertisers the ability to geographically target down to the zip code level.”
• TACODA, Inc. (just acquired by AOL) declares that they are “the first and largest behavioral targeting advertising network reaching more than 120 million people across 31 discrete audience segments every month.” Their home page presents a parade of demographic profiles accompanied by smiling faces. Bonus points for providing an easily noticed opt-out link on every page of their website.
• 24/7 Real Media Inc. asks, “Would you like to reach single women who own cars and are sports-enthusiasts in Chicago, or maybe Japanese teens that live in the city and buy DVDs?” responding with, “Whoever you want to reach, we have targeting down to a science.”
• Acerno is, according to their site, “reaching over 80% of the internet population on a monthly basis,” asserting that “it’s one thing to locate customers who have actually been to your site. It’s quite another to find the ones who are right for your site, but haven’t yet been there. We’re able to discover those customers through our co-op of like-minded businesses.”
• SafeCount uses cookies in connection with their questionmarket.com site to track your exposure to specific advertisements and correlate that data with market surveys. Safecount provides this page where a Safecount cookie’s cryptic text data, which contains “whether or not a particular ad was displayed on your computer, the time and date that ad was delivered, and whether or not you agreed to take a market research survey,” is decoded and displayed for you.
• AlmondNet “partner[s] with Data-Owners & Media-Owners to facilitate the delivery of relevant, targeted (based on recently-conducted searches for products/services) ads to consumers wherever they go…”

As one gets deeper into this subject, the rewards of cross pollinating online tracking data start to emerge. Think carefully before you choose to accept compensation for allowing a firm like Relevant Knowledge to gather more detailed data about you or install proprietary software on your computer to track you in ways that cookies and web beacons cannot. There are spyware concerns to be considered. See the wrist slap here.

FINDING OUT IF YOU’RE BEING TRACKED AND OPTING OUT

The NAI hosts an opt-out page. Here, you can not only choose to opt out of targeted advertising from each NAI member individually, you can identify whether or not you currently have active cookies from each of the ten member companies. If you want to know if you’re the subject of behavioral tracking, click here.

The NAI site says, “The NAI Opt-out Tool was developed in conjunction with our member advertising networks with the express purpose of allowing consumers to “opt out” of the targeted advertising delivered by these networks.” The process of opting out places a special opt out cookie in your browser’s cookie stash. Hmmmmm… you can opt out of targeted advertising, but did anyone say anything about opting out of behavioral tracking? Perhaps the NAI is taking the stance that if you want to join the tin-foil-hat club they’ll make it easy; “wear this Reynolds Wrap masterpiece and we’ll be able to see you wherever you go.” –wink, wink. Dunno. Would it NOT be of interest to these companies to collect data on how many site visitors have chosen to opt out?

CONTROLLING COOKIES; TAKING A PRIVACY STANCE

As an alternative to the shiny chapeau identifying you as an anti-social, you can take control of your browser’s features and preferences to reject cookies, delete them, or activate temporary privacy modes. Apple’s Safari offers a “Private Browsing” feature; a mode that rejects cookies and keeps no local history of pages visited or auto-fill information from online forms. You must clear your history, browser cache and cookies to before entering Private Browsing mode to start with an entirely clean slate. You could turn the feature on and off as you navigated to sites where you desire the convenience factor of cookies, but that likely to get tiresome. Like all modern browsers, Safari provides a preference to reject all cookies. Firefox provides additional options; the ability to create a custom list of sites for which you will “Block, Allow, or Allow for Session [only]” the use of cookies. Another feature allows cookies to be dealt with one by one, providing a popup with options for each cookie that a site or page attempts to deliver to your browser. Torture by tedium. I find this is an intolerable solution.

Refusing a cookie doesn’t make you completely anonymous on the web; your IP address is easily determined and provides clues to your location. Many online forums log IP addresses to deter abuses. For complete and total anonymity, you’ll need to venture into things like TOR and start geeking up on subject like proxies, SOCKS implementation, etc. I lose interest when looking that deeply into the innards of what really goes on in the nether world of bit wrangling. If you need the dark sunglasses and trenchcoat that badly, the info is out there.

FINDING OUT MORE

If you REALLY want to get into the issues of advertising, adware, spyware, etc. from an academic standpoint, look up Ben Edelman. To lift from his bio, he’s an assistant professor at the Harvard Business School whose current research includes analyzing methods and effects of spyware, with a focus on installation methods and revenue sources. He has documented advertisers supporting spyware, advertising intermediaries funding spyware, affiliate commission fraud, and click fraud. His academic research focuses on Internet advertising. Ben’s recent academic work also includes designing compensation structures to deter advertising fraud, and critiquing online “safety” certifications that fail to adequately protect users.

If you like digging, the websites of the companies listed above reveal their various approaches to providing value to online media publishers and their advertisers. In addition to carefully crafted privacy statements, nearly all have pages dedicated to directly allaying any privacy concerns among consumers, stressing the anonymous character of their data collection.

The information is out there on the web. Read as much as you care to, then determine your privacy needs. With the combination of browser prefs, cookie deletion (either wholesale or selectively), opting out, and cookie identification web pages like that provided by the NAI, users have a tool set that allows them to establish a level of cookie acceptance that matches their desired level of privacy. A few studies on cookie deletion show a relatively narrow range of results: essentially, that between 3 and 4 out of 10 users delete cookies monthly. This clearly skews the data on sites that count unique visitors. I haven’t found data on how regular cookie deletion may skew the results of behavioral tracking, but at least one BT company claims that all it needs is two weeks worth of browsing to create an accurate profile.

Trackback URI | Comments RSS