So, we all know at this point that advertisers really want to get to know you. They want to know you very, very well. They just don’t want you to know exactly how well they know you, and how they learn everything they know. Let’s pull the curtain back and take a look at how they do this.
In a previous article, I described the three phases advertising networks go through to determine what ads you see. Personally, I thought the last phase was the most interesting, but the first phase, where they build a persona, is arguably the most controversial.
Now, advertisers may not know exactly who you are, but from their perspective, it really doesn’t matter. They want to know everything about you, but knowing that you’re, say, the Chris Lamb who went to Highland High School and graduated in 1990, well, they don’t care so much about that. What they do care about is what you’re willing to buy online, how much you’re willing to spend, what your income is, how you shop, consumables you’re likely to buy, that kind of thing. Basically, they want to know everything about you but your name.
Enter the Tracking Cookie
These have been around for just about as long as we’ve been shopping online. Basically, tracking cookies are small bits of information that an advertising network can tie to a more complete profile. We’re most familiar with the HTML variety, but there are others. And, these others are harder to find and remove.
HTML cookies are pretty straightforward to view and manage. For example, I’m currently using Chrome on Linux, and via the command menu I can bring up developer tools. From there, I can click on the “Resources” button on the developer menubar, and behold, on the right, in the treeview, is a “Cookies” item. I can open that, and see all the cookies installed in this browser, organized by domain. In my case, I’m an active Google platform user, and I’m currently writing this on Google Docs. I don’t have a doubleclick cookie for example, because the Google information I have in my browser can be used in the same way. If I go to, say http://www.cnn.com, it’s a different story.
When I navigate over to CNN, with my cookie tab open, I can watch the cookies drop into my browser. Cookies from doubleclick, outbrain, and advertising.com, among others. But, that’s not all. Just for fun, look at the doubleclick DSID cookie and navigate to http://www.slashdot.com. The DSID doesn’t change. Fun!
HTML cookies were the first technology used for this, but they weren’t the last. Remember, all we really need to keep is a unique identifier that we can use to identify a persona on a browser. There’s plenty of ways to do this—HTML Cookies are just one. We can also use local storage, for example. In fact, we do. Look at http://www.cnn.com again, and open the local and session storage items. You’ll see a variety of sites listed that can store data, though most (if not all) of them are currently empty. This is deceptive—these stores are used much more dynamically than cookie stores. If you navigate around them for a bit, you’ll see information added and removed, then added and removed.
We can also use plugins for data storage. The most popular is Adobe Flash, but we can use other ones too—anything that gives us data storage across sessions. And, data stored in the ancillary systems is much harder to manage. Browsers give you the ability to explicitly manage cookies, but this has no bearing on information stored using something like Flash.
Your Browser as an ID
With all the effort today put into being able to track people using these tricks, it’s become meaningless anyway. We no longer need to store IDs when we can use the browser configuration itself as the ID. Today, we can install an endless number of possible plugins and addons into our browser environments. We can look at the browser resolution, we can examine accepted and submitted HTTP Headers, we can look at fonts and language preferences, and other things, too. Pulling all of this information together, we can uniquely identify most browsers. And, if we tie that to the originating IP addresses, we can uniquely identify just about anybody. Not only can we identify who you are, we can identify where you go. Do you use public wifi? Advertisers can see that. Where do you usually go to use wifi? Advertisers can track that over time. And, they can then target their advertising accordingly. Navigate over to https://panopticlick.eff.org/ to see this kind of fingerprinting in action.
User tracking is not going away. Web advertising is big money, and big money likes to stay big. You can count on advertisers and advertising networks to invest more and more money to increase advertiser revenue and advertising efficiency, and actively pursue whatever tracking technology they need to make that happen.