How do you feel about your Web-browsing activity being tracked?
During a visit to any given website -- including this one -- the average user's browser may execute a dozen or more tracking scripts, each with its own associated tracking cookie, stored on the user's computer. This enables website publishers and ad distribution networks to record a visitor's online activity and then serve up "interest-based" or "behaviorally targeted" ads -- customized messaging based on that activity.
The benefit to website producers is that targeted ads can be sold to advertisers at higher rates because, presumably, they will be more effective than the traditional banner ads that have long been used on websites. Ad networks generally do the tracking by placing a cookie on consumers' computers when they visit a participating publisher's website. The industry refers to these as "third-party cookies" because the ad network is a third party to the relationship between the user and website publisher. Users are typically unaware that they're being tracked -- and that has made the practice controversial.
[Concerned about your privacy? Check out our three-part series: The paranoid's survival guide.]
There are disagreements even among those who depend on website advertising. While digital ad networks and many website publishers push forward with the practice, some publishers remain cautious. "They get more money from more targeted ads, but they also have brand [reputation] considerations," says Justin Brookman, director of consumer privacy at the Center for Democracy and Technology. He's also co-chair of the World Wide Web Consortium's (W3C) Tracking Protection Working Group, which is developing a Do Not Track (DNT) standard for the industry.
"Do they want to be seen as enabling third party tracking?" Brookman asks. "They're a little more cautious around perceptions than are the third-party ad networks."
Here's how the practice of tracking affects both consumers and website publishers -- and what each side of the equation is doing to try to fix matters.
Whys and wherefores of Do Not Track
In 2011, Do Not Track (DNT) technology was introduced as a method to ensure user privacy. DNT is an optional browser feature that signals advertisers to not track the user's Web activity. It does this by sending an HTTP header with the syntax DNT:1 to every website the browser visits.
The W3C working group was supposed to develop a standard to define what DNT means and how ad networks should respond, but made little progress for the first two years. So while the DNT signal was eventually adopted by most major browsers, many Web publishers and advertisers have been ignoring any privacy requests sent by the signal.
That has left consumers who don't want to be tracked with a more drastic option: Turn on the third-party cookie blocking setting in the browser and install special browser add-on software that prevents tracking scripts from running (because not all tracking is cookie-based).
It's not a complete solution, however. Anti-tracking tools defend against tracking only by third-party advertising networks that deliver ads through the content publisher's website -- although the tools do block all third-party requests, whether from ad networks, social media or analytics companies. The tools don't prevent any tracking by a "first party" -- the publisher of the site or any affiliated advertising networks it owns.
In addition, most anti-tracking tools won't work on mobile devices (although one, Disconnect Kids, claims to work on iPhones). Because mobile devices don't use cookies, the operating systems are locked down and mobile apps are isolated from each other, it's difficult to create a mobile app that globally blocks the tracking of your browsing and app activity, says Casey Oppenheim, co-CEO at Disconnect, maker of Disconnect Kids and the Disconnect anti-tracking browser add-on.
Replacing the cookie
While cookies assign a unique identifier to a user's browser, they can't easily be used to track the user's activity across different devices or even across different browsers running on the same computer. New techniques, such as those recently disclosed by Facebook, Google and Microsoft, will assign a unique identifier to each type of device the user has and link those together to track activity across all of the devices the person uses. These new tracking mechanisms, if they catch on, could be used across each vendor's ecosystem -- and beyond.
Other advertising networks have also been working with statistical identification methods -- browser and device "fingerprinting" techniques -- that don't require the presence of a cookie file.
Meanwhile, as user awareness has increased, so has the level of discomfort with the idea of having all of one's online browsing activity recorded -- particularly by third-party advertising networks that consumers don't know and with whom they have no relationship.
And as the number of tracking scripts has increased, so has the bandwidth consumed when the user attempts to load the page. "Up to 26% of bandwidth goes to loading trackers," says Sarah Downey, privacy advisor at Abine, the distributor of a free anti-tracking add-on program called DoNotTrackMe. According to Downey, the percentage comes from a 2012 Web crawling exercise conducted by Abine.