Have you ever experienced the creepy suspicion that your browser can read your mind? Perhaps you’ve been browsing the web when an advert pops up that, despite bearing no relation to the site on which it appears, seems to be aimed squarely at you. How does that Ubuntu forum page know you’re a fan of Celtic bagpipes? Weird.
The unseen mechanism that makes this happen has nothing to do with telepathy, but rather relies on the internet’s favourite mustachioed villain: the humble cookie. By tracking your activities across a range of sites during your daily browse, modern marketing technology can determine your interests and serve up adverts to suit – maximising the chances of you clicking, and hence maximising revenue for the advertisement distribution network.
Is this a bad thing? Or – as the online agencies would claim – is more relevant advertising good for the customer, as well as the client? To answer that question we must look at the technology involved, and explore the potential downsides to online tracking.
How online advertising works
The advertisements we see online fall into one of two broad camps – search engine marketing (SEM) and display advertising. SEM presents ads in response to the keywords typed into a search engine, and in practice the business is dominated by Google’s AdWords service. SEM is deemed to be effective because it responds directly to the searcher’s needs: after all, if you Google “Celtic bagpipes”, there’s a good chance you want to buy a set and would therefore welcome links to music shops.
Display advertising encompasses just about everything else – all the ads you see outside of the Google, Bing or Yahoo homepages. This form of marketing includes banner ads, pop-ups, inline ads and those annoying interstitials that prevent you reaching a page until you’ve either viewed them or clicked a button to cancel.
Just as with search marketing, the goal of display advertising is to get clicks, so advertising networks try to match adverts to receptive eyes. But without the benefit of a search term to respond to, the networks are forced to use less direct techniques to decide which ads are relevant.
The simplest approach is contextual placement, which analyses the content of the page containing the ad and uses that to generate a profile of its audience, from which it selects the most relevant ads to display. This is a widely used technique, and doesn’t really raise any privacy concerns due to its associating relevant advertising with relevant content.
The second approach is considered to be much more controversial. Known as behavioural targeting, this approach tries to select advertising that is tailored to your personal interests, by not only looking at the site you’re visiting right now, but also factoring in information about things you’ve previously browsed on other sites. At first glance this may seem fair enough, but some consider that the techniques used to profile individuals online represent an unacceptable compromise of personal privacy.
First- and third-party cookies
Most of us know about cookies – small packets of data that can be deposited on your PC by the websites you visit. Cookies aren’t necessarily harmful: in fact, they’re one of the great enabling technologies of the web. They make it possible for session information such as site preferences and shopping cart contents to persist as you browse a site. Without them, tasks such as online shopping would be impossible (or at least much more complex) to implement
Cookies come in two flavours, however: first-party and third-party. First-party cookies are created and accessed by the site you’re visiting. Their impact on your privacy is small, since they can’t be accessed by other sites.
Third-party cookies are, as their name suggests, created by a website other than the one you’re visiting. Typically, although not always, they come from a server that hosts adverts displayed on that site, such as DoubleClick.
Cookies such as these are more insidious, because they can be accessed by the advertising agency via any site that hosts its ads. So, for example, when you visit site A, DoubleClick might drop a cookie onto your PC recording the visit – which can later be read back and updated when you visit site B. There doesn’t have to be any relationship between the two sites, beyond both hosting adverts from the same agency.
This approach allows the agency to quickly compile a detailed picture of your browsing habits. This can then be used to serve up adverts that are deemed generally relevant to you, regardless of which site you’re actually visiting at the time.