Thin line between advertising and violated privacy

 We live in an information age in which contemporary society is like a sponge that produces and consumes extraordinary amounts of information, at this time the new power is the detention of the most data on whatever is around us. The technological processes of the last decade have influenced, as never before, the experience of every human being to the point of projecting its existence in a dimension called cyberspace, the equivalent of the real world within a digital environment. In reality, the two worlds are closely related and just with the observation of user behavior in cyber space can influence usage and customs in real life.

Every day and every time we are on line we are under observation, every site we visit, every query we make is collected by a group of companies that exchange those data making treasure of this information . Companies like Google an Microsoft Microsoft, but also minor firms, track every movement on the web to understand your needs and tastes to pack a tailored advertising. Discover them is quite simple with browser add on like Collusion.  Collusion is an experimental add-on for Firefox and allows you to see all the third parties that are tracking your movements across the Web. It will show, in real time, how that data creates a spider-web of interaction between companies and other trackers.

You, too, could compile your own list using Mozilla's tool, Collusion, which records the companies that are capturing data about you, or more precisely, your digital self.

Just to give you an idea on the incredible number of companies that collect our data (e.g. Acerno, Adara Media, Adblade, Adbrite, ADC Onion, Adchemy, ADiFY, AdMeld, Adtech, Aggregate Knowledge, AlmondNet ... and many others).  I have found an interesting article which has inspired my post that collect more that 105 companies. The market is extremely interesting as well as profits at stake, and contrary to what one might expect in operating there are a multitude of small companies alongside the names of well-known giants like Facebook and Google.

  • Cookies are used for an origin website to send state information to a user's browser and for the browser to return the state information to the origin site. The state information can be used for authentication, identification of a user session, user's preferences, shopping cart contents, or anything else that can be accomplished through storing text data on the user's computer. Cookies cannot be programmed, cannot carry viruses, and cannot install malware on the host computer.
  • Tracking pixels, or "web bugs," are image tags represented by a 1x1 pixel that are displayed right after a specific action has been performed, such as making a purchase or signing up for a newsletter.

It must be cleared that all this companies MUST work maintaining the total anonymity on user's identity anyway fervent debates have been raised about the technical solution used to gather data related to the user's activities, Let's consider for example what is happened to Google accused to have used code to circumvent privacy protections of Safari browser to gather information on the users.

From several side rumors say that the company has operated in similar way also with Internet Explore’s users.  We’ve found that Google bypasses the P3P Privacy Protection feature in IE. The result is similar to the recent reports of Google’s circumvention of privacy protections in Apple’s Safari Web browser, even though the actual bypass mechanism Google uses is different.  Internet Explorer 9 has an additional privacy feature called Tracking Protection which is not susceptible to this type of bypass. Microsoft recommends that customers who want to protect themselves from Google’s bypass of P3P Privacy Protection use Internet Explorer 9 and click here to add a Tracking Protection List. Customers can find additional lists and information on this page.

But how this companies operate?

Essentially there are three basic categories:

  1. companies specialized in buyers support
  2. companies specialized in sellers support
  3. companies that support both

Many companies use real-time bidding studying how users interact (behavioral) with site, who they are (demographic), where they live (geographic), and who they seem like online (lookalike), as well as something they call "social proximity."

Behavioral Targeting refers to a range of technologies and techniques used by online website publishers and advertisers which allows them to increase the effectiveness of their campaigns by capturing data generated by website and landing page visitors. When a consumer visits a web site, the pages they visit, the amount of time they view each page, the links they click on, the searches they make and the things that they interact with, allow sites to collect that data, and other factors, create a 'profile' that links to that visitor's web browser. As a result, site publishers can use this data to create defined audience segments based upon visitors that have similar profiles. When visitors return to a specific site or a network of sites using the same web browser, those profiles can be used to allow advertisers to position their online ads in front of those visitors who exhibit a greater level of interest and intent for the products and services being offered. On the theory that properly targeted ads will fetch more consumer interest, the publisher (or 'seller) can charge a premium for these ads over random advertising or ads based on the context of a site. 

Behavioral marketing can be used on its own or in conjunction with other forms of targeting based on factors like geography, demographics or contextual web page content. It's worth noting that many practitioners also refer to this process as 'Audience Targeting'.

Another interesting service is called "retargeting" that another A-company, AdRoll, specializes in.

In its most basic form, retargeting serves ads to people more frequently after they have left an advertiser's website. Some companies specialize in retargeting, while other companies have added retargeting to their list of methods of purchasing advertising. Retargeting helps companies advertise to website visitors who leave without a conversion - this accounts for about 98% of all web traffic.[2]
Retargeting is done by displaying ads to the user as they browse the internet, via various ad networks that the agency buys media from on behalf of their Business Customers. Retargeting only serves banner ads to people who have shown at least some amount of engagement in the original brand, which can make it more effective than an untargeted advertising campaign. Where a company has already spent money driving a user to their site in the first place, the term "retargeting" is derived from the concept of marketing to that same user again, in a different manner. Search retargeting, a form of behavioral retargeting, can also be leveraged to drive new customers that have not been to the site before because they are being retargeted based on actions taken on a third-party website.
Studies[by whom?] suggest that a company needs to have seven different 'contacts' with a customer (on average) before they make a purchase. Retargeting is allowing companies to continue the marketing conversation with a customer after they leave a website. This form of behavioral targeting is a growing trend in the online marketing field.

There are many concerns about the privacy front and the major companies operating in the field of advertising campaigns seek to inform their users that their digital identities are not in any way violated by these forms of digital advertising. The industry is constantly evolving and this makes it extremely difficult any regulatory process, in practice we are navigating in sight, following a report of user groups in general the authorities initiate investigative procedures to verify the possible invasion of privacy.

And what about cyber crime?

Of course another aspect to be reckoned with is the management of information and the manner in which they are used. The crime industry is indeed very attentive to the issue and exactly like the official industry develops and proposes new methods to track the habits of potential victims. In the area you are confronted with increasingly sophisticated business models developed with the intent to monetize the information acquired in a more or less legal.
Possible criminal monetization mode are:

  • realization of complex fraud based on the knowledge gained through advertising information. Knowledge of users make most exposed them to offensive attacks, think for example of social engineering attacks.
  • sale of the acquired information through parallel illegal markets .The events of recent years have demonstrated haw vulnerable are many Web sites, and the increasing attention in the information gathered could induce criminal organizations to divert relevant interests in the field.

The information has a high intrinsic value and are "goods" easily exchangeable, expect an increase in criminal activities related thereto.

How to protect our privacy?
Fortunately there are a lot of browser-based "Do Not Track" tools that could avoid user's data gathering and also in several countries many movements of consumer are making pressure to defend their rights. A good example is provided by the NAI coalition.

The NAI is a coalition of over 80 online advertising companies committed to complying with tough self-regulatory standards that establish and reward responsible business and data management practices. Members include industry leaders such as 24/7 Real Media, Akamai Technologies, Inc., AOL Advertising, AudienceScience, BlueKai, Datonics, Dotomi, Google, Microsoft Corporation, ValueClick, Inc., Yahoo! Inc. The NAI requires all member companies to comply with the NAI's Self-Regulatory Code of Conduct, which imposes notice, choice, education, data protection and other requirements with respect to the collection and use of data for online behavioral advertising. The NAI also maintains a centralized choice mechanism that allows consumers to opt out of online behavioral advertising by some or all of the NAI's member companies.

In the field there are two opposing forces on one hand many stakeholders on online privacy, including U.S. and EU regulators, that desire to reduce the obsessive collection of information, on the other hand advertisers companies that want to continue to gather as much data as possible.

The battle promises to be long and hard, especially with an uncertain outcome. Many are convinced that a policy so invasive could have a counterproductive effect causing the user to move away from those sites that somehow show a deep knowledge of its habits and its previous navigations.

Pierluigi Paganini

References

http://securityaffairs.co/wordpress/3011/security/thin-line-between-advertising-and-violated-privacy.html

 

Published by:

Pierluigi Paganini's picture

Name
Pierluigi Paganini

Country
Italy

My website
http://securityaffairs.co/wordpress