Ad tracking: Is anything being done?

With online tracking on the rise and Do Not Track efforts moving ahead slowly, users and browser vendors have been taking matters into their own hands.

1 2 3 4 Page 3
Page 3 of 4

The gathering of some tracking data, such as screen resolution, IP address and referring URL, is required for the basic operation of the Web. But how much information is acceptable to users, and needed or just wanted by the advertisers who are funding commercial websites? "We're trying to walk through what is the least amount you can collect and retain while still allowing the third-party ad ecosystem to work," Brookman says.

"We don't need to tell the Web server nearly so much as we do right now," says Jonathan Mayer, a Stanford University grad student and former working group member. "We can limit it to the bare bones required for the Internet to do its thing."

Mayer has a strong bias against the retention of tracking data by third-party ad networks and has been at the center of some of the more contentious exchanges within the working group. "I don't want companies I've never heard of keeping track of where I go on the Web," he says flatly.

"One side wants the cessation of data collection for any purpose. The other side wants the status quo. It's difficult to rectify those positions, particularly when those tend to be the loudest voices in the room," says Alan Chapell, president of Chapell & Associates, a consumer privacy law firm serving the advertising industry, and working group member.

Then there's the issue of what actions would be required when the ad network receives a Do Not Track signal -- and at what point DNT policy actually applies. For example, should a Do Not Track policy pertain to tracking for all purposes, including market research by firms such as The Nielsen Company, or just for the delivery of those behaviorally targeted ads?

Big players vs. smaller ones

Suggestions that DNT policy only apply to third-party advertising networks have advocates for those organizations crying foul. Chapell, for one, thinks this gives big players such as Amazon, Facebook and Google a free pass at the expense of independent ad networks and the smaller publishers that use them.

For example, a large Web publisher may have dozens of sites and brands -- Google even has its own third-party ad networks in AdSense and DoubleClick -- but as long as all of those are connected through a common privacy policy they are classified as a first party. "They can take whatever data they have and use it to target ads across the Internet, even when DNT is turned on," Chapell says.

According to the IAB's Zaneis, there is also more potential for privacy violations when you're dealing with the big ecosystems. Major players like Google and Amazon know the identity of each user once that user self-identifies through online account registrations and transactions. They can then combine online data with offline data from aggregators to serve highly targeted behavioral advertising.

In contrast, Zaneis argues, the tracking data that most third-party digital advertising companies collect contains no personally identifiable information.

In addition, Facebook's "Like" buttons -- and other social network buttons that appear on many websites -- actively track user activity on those pages and send data back to the social networks. "It's unclear whether the mere presence of a button on a page gives Facebook or Google first-party status," Chapell says. "We've created these artificial distinctions, but there's no real privacy gain. You'd think the bigger companies would be the ones you'd want to target [with Do Not Track]."

Further complicating matters, the opt-in nature of the DNT program has been "hijacked" by some routers and security packages that automatically turn on the DNT header by default, such as the anti-malware software from AVG, says Zaneis. "Anything that sits between the browser and the website can inject the DNT signal. It no longer represents a consumer choice," he adds.

Zaneis sees Microsoft's decision to turn on DNT by default when users install Internet Explorer in a similar fashion. For this reason, he says, at least one major Web publisher that honors DNT signals from other browsers has declined to do so for IE users.

In the meantime, Mozilla and other browser vendors let users decide whether or not to turn on the DNT signal. "We have no plan to turn on DNT by default in Firefox. It is a representation of the user's preference and not Mozilla's," says Alex Fowler, head of privacy and public policy at Mozilla.

The issues regarding who should be allowed to set a DNT signal -- including the level of explanation that must be provided before a user is deemed to have intended to turn it on -- have been resolved within the emerging technical standard that's about to be put forward, Brookman says.

1 2 3 4 Page 3
Page 3 of 4
5 power user tips for Microsoft OneNote
  
Shop Tech Products at Amazon