back to article Real-time ad targeting violates privacy, say US pressure groups

US consumer regulator the Federal Trade Commission (FTC) has been asked by consumer groups to investigate some of the internet's biggest companies in a review of whether users' rights are violated by online advertising systems. The complaint (pdf) claims that ad systems are increasingly based on personalised targeting, that …

COMMENTS

This topic is closed for new posts.
  1. Ian Michael Gumby
    FAIL

    Opt-out BAD, Opt-In GOOD.

    Having said that...

    If these companies actually went to an OPT-IN model, they'd have a high rate of "No Thanks" and very little people willing to give them their permission.

    So 'targeting ads' is a massive fail with respect to a viable business model which complies with the law when it comes to user's policy.

    Its a fail because the companies involved don't want to disclose what they track and how they use it because this is competitive knowledge and will lower the barriers to entry.

    1. Mike VandeVelde
      Go

      business model

      "If these companies actually went to an OPT-IN model, they'd have a high rate of "No Thanks" and very little people willing to give them their permission."

      Yes, in that case they would have offer an incentive to the consumer. ie provide the consumer with some value in trade for the value that the marketer gets from the consumer's personal information. ie offer something besides kittens on YouTube or whatnot "content". ie not just suck you dry of private details simply because you browse the web. Not all websites collect personal details from the people who visit them. Most people wouldn't expect a website they visit to silently collect any personal details from them. The people who do expect it are mostly informed enough to block it. These ad networks that track your online movements are unscrupulously harvesting a valuable resource basically for free, from an unsuspecting public. If they had to pay the fair cost for the value of the data they collect, then that would mean an end to raking in the money hand over fist - how many billions do each of these companies have in the bank? If they actually had to entice people to join their tracking networks, it would mark an end to pillaging this new frontier of valuable resources. Things would get complicated, and they would have to actually work for money. The data would get more scarce, and yet less valuable since it wouldn't represent such a large sample size as they are pilfering right now.

      Yadda yadda yadda. Let's see if the FTC has the stones.

  2. NeoGhostz
    FAIL

    Profiling is not a breach of privacy

    I find this entire compliant a complete diatribe but privacy groups.

    Most Ad Network/Exchanges simply build a profile of user 123456. Said user has been to some mobile and automotive sites from that we gather interest groups for retargeting. At no point is there a distinction that it was John Smith of Soho, London. The compliant is farcical at best.

    1. Steen Hive
      Flame

      At no point is there...

      We only have your word for that, and your word is worthless, unlike our privacy.

      1. NeoGhostz
        Stop

        Sorry how much about online advertisering do you know or understand?

        Sorry at the end of the day we're talking about Ad Networks & Exchanges. Rarely if ever do they actual goes as far as obtaining the personal information of an actual user from a third party site based on their advertisments, its not done and typically this is rarely sold or available. This is the point, its quite discreet in that profiles are built against users identified by a network/exchange specific GUID i'd almost say that Ad Networks barely have the resources to get to the granularity of identifying individuals.

        Give that most networks and of the few exchanges that exists you really only need to be worried about Google, Microsoft & Yahoo's who not only operate in the online advertising space but also own affiliate content sites where you are identified in the form of an account etc.

        This is not about the likes of Phorm which dealt with matching at an ISP layer by where your matched directly as "John Smith". Lets no muddy the waters here and actually look at what is happening.

        Given the handful of Networks & Exchanges I'd suggest you have a look at the cookies that are being dropped and get an idea of the what is actually being tracked.

    2. Anonymous Coward
      Stop

      Location?

      Other than when it also tags the traffic with the location of user 123456 based on their ISP traffic and starts to correlate this with other pieces of information until they have enough informaiton on 123456 to identify them pretty conclusively.

      The aggregation of this data must reach a point where you can pretty conclusively match a name and address to 123456 at which point it is game over for privacy.

      1. NeoGhostz
        Stop

        Have you actually thought of the sheer volume and size of online advertising...even just in the UK?

        The sheer size of the data is huge you're smallest of Ad Network would be dealing in 100

        s of Gb's records of who saw an Ad and when. To do the serialisation and computation on who everyone is also represents little value to a network who doesn't have an affiliate sites/content in which to leverage it with. Only the likes of Google/Yahoo/MS are in a positon to get any actual ROI on leveraging such data but at the sheer cost of processing power i'd very much doubt that level of granularity.

    3. Graham Marsden
      Big Brother

      I've just done a google search

      for NeoGhostz...

      1. Anonymous Coward
        Happy

        neoghostz's is a student at Coventry University

        How's that for privacy '123456'

        Simple google search.

        1. NeoGhostz
          FAIL

          Negative

          I'm actually an Aussie.

        2. John Smith 19 Gold badge
          Unhappy

          How depressing

          Coventry University CS and Engineering students used to be pretty good at IT and politics.

      2. NeoGhostz
        Happy

        Find

        much?

    4. Camilla Smythe

      Parasite

      Sudesh Jog. Head of BT Direct Marketing says that when a Mother buys a War Game it should be removed from her Profile as an Outlier and, ultimately, be clustered around her child.

      https://nodpi.org/forum/index.php/topic,2382.msg25587.html#msg25587

      Strange to say Sudesh Jog may have raced about the place trying to cover up his on-line arse as a result of that revelation......

      Not that he would have anything to hide.

      Presented with shit like your kind RoboCop and ED-209 would call a truce and party on your bodies.

    5. Anonymous Coward
      Stop

      ...without their permission or even knowledge.

      'I find this entire compliant a complete diatribe but privacy groups.'

      A complaint, a diatribe? Why yes, but at least you had the option of avoiding it. Unlike personalised targeting, which follows you around the internet wherever you go. Where I'm from we call that stalking, with penalties for those caught indulging in this SINISTER practice. Still, If people want it make it 'opt in' then they can at least fill in the appropriate Phorms;-)

      In any case, I don't think I can afford to buy a new 'phone or automobile every time I visit a different web-page. There's a credit crunch on wouldn't you know.

      Privacy: don't you just love it NeoGhostz? That is your real name, isn't it?

      1. NeoGhostz
        FAIL

        Retargeting isn't the devil incarnate

        Personalised targeting isn't the the devil spawn.

        The simply fact is that online advertising is so spread out at current you're only going to encounter it if you browse on content sites that are using a common ad network/exchange. It is hardly stalking and you believe in any manner you have anominity on the internet you really need to get upto speed.

        If you take you're stand point you litterally rule out GIS based systems and environments. Some of which you take for granted and more than likely accept as a handy means sophistication, such a example is the redirection you see upon typing in www.google.com where you're redirected to the google location of your country based on your route and IP Address.

        You clearly show a distinct lack of knowledge on GIS and online advertising. As far as to say you simply view them as a form of scope creep or erosion of a false sense of anominity or "privacy" on the internet. Which is a foolish notion to hold onto.

        An Opt In system is not only ineffective it is also not practical.

        How many people are on the Internet in the UK alone?

        How exactly are you meant to Opt In for the 20+ Ad Networks/Exchanges within the UK alone? How is it ever going to be enforceable?

        How are penalities going to equated?

        Do you even understand the cost model within online advertising?

        Its based on a notion of cost per thousand (CPM).

        Do you have any idea of what the typical rates for CPM are across most of the UK Networks & Exchanges?

        Then equate that to some pay structure to yourself for showing an Ad?

        You might as well begin to lobby/campaign that billboard and public advertising also pay you for take up part of your sight during your day.

        Do you not begin to see how said compliant is a farce?

        1. DragonLord
          FAIL

          Re: Retargeting isn't the devil incarnate

          Do you mean like the google adwords that are all over the place, with their tracking cookies, page readers, and such like? or the double click ads that are... erm... also all over the place (2 maybe now 1 largest online ad agrigators in the world). I would guess that around 60 to 70% of web sites have an ad from one of those 2 companies on them. And those companies then know what web page you're on and who you're unique id is.

          There's also been enough studies that have been able to take the annoimised data from ad agencies and put them together to present and actual person (name, address, credit card number, which porn sites they visit, etc. and with the advent of face book and co, what they look like).

          The ad companies don't like the idea of been regulated like that because the more personal information increases the chances of a sale, and so increases the value of their advertising.

          As for billboard and public advertising, If they started putting a bill board advert up outside my house, and at the entrance to the shops I visit trying to sell my wife tampax at the right time of the month, or power tools when I've recently been researching them, then yes you'd have a leg to stand on, but while they are doing more generic adverts that appeal to a specific type of person and putting it in an area where they think that sort of person is more likely to live (i.e. BMW have recently sold 20 cars in this area, so it's a fair bet that people in this area are likely to want a BMW).

          And FYI I do understand more than a little about selling advertising as I program booking systems for companies that sell advertising, so I've had to research it, and more than that, understand it.

  3. Fred 4
    Big Brother

    About time!

    It is about time that "opt out' policies be done away with.

    as for targeted adverts

    Go! FTC Go! -- think speed racer :)

  4. Harry
    Alert

    "At no point is there a distinction that it was John Smith"

    That is not relevant.

    As soon as John Smith requests a page and the advertising system recognises that he has done so, the advertiser has de-facto "identified" the user.

    Whether the advertising system identifies him as a particular John Smith or as "123456" or some other pseudo-identity makes no difference. The system has nevertheless *identified* the user.

    1. NeoGhostz
      WTF?

      Sorry and you're IP Address is what exactly?

      Sorry you're IP Address is what exactly? Nearly all Networks & Exchanges use a combinations of GUID's dropped in cookies and your IP Address as an identifying data set.

      Sure at work you're more than likely coming out through a NAT'ed connection where the IP is shared amongst a number of people. But at home you're still a user identified by a GUID.

      Most networks don't particularly give a damn that you're John Smith, they care about the fact that you've clicked on the last 3 mobile Ads that you've seen and that more than likely you're in the market for a new mobile so why not tailor the ads you seen to be more mobile/comms centric.

      Why do you believe you maintain any form of total anominity on the internet? The idea is a farce

  5. dephormation.org.uk
    Terminator

    Digital Slavery

    It has remarkable similarities to the slave trade.

    People bought and sold as market commodities to the advertising industry without a thought for their privacy, or the consequences of secretly building databases of personal information.

    Part of this is down to taking personal responsibility; don't use untrustworthy businesses, don't trust strangers with your personal data, actively obstruct people who are attempting to track you.

    But practically (because we don't necessarily know in advance whether someone will betray our trust) part of the solution has to be legislative.

    The problem in the UK would be enforcement. Among the organisations you cannot trust to protect personal information is the Information Commissioner, who's job it is to protect your personal information.

    1. This post has been deleted by its author

  6. heyrick Silver badge
    FAIL

    Google's opt-out cookie

    Fail, because if you regularly tidy your cookies, you'll have just opted out of opting out.

    Fail, because the system will need to ask for your cookie to know if you have opted out, and can just as easily ask for your GUID at the same time to ID you all the same.

    Fail because the exact cookie is not documented, so I can't devise any sort of workaround, like perhaps a plug-in to ensure the correct opt-out cookie is already present.

    Mini-fail (this one isn't Google's fault) because it only works for Google and affiliates. As for the rest...

    .

    BTW, if you look in your browser cookie list and think "mmm, that's not so bad", try looking in your Flash cookie list. It's rarely disclosed, impossible to configure (I think you need to visit the Adobe website - when I do I am told I don't have the correct version of Flash, which is a bit bogus - the pop-up menu in Flash itself ought to do this anyway). You'll find the scary truth buried in (under Windows): C:\Documents and Settings\<your name>\Application Data\Macromedia\Flash Player\#SharedObjects\<random string> - Firefox users, "BetterPrivacy" plug-in helps.

  7. Harry
    Alert

    "don't use untrustworthy businesses"

    That becomes rather difficult when companies such as BT, which as a major national institution might otherwise have been expected to be one of the most trustworthy, nevertheless wrongly thought it was perfectly OK to let phorm see what its customers were doing.

    There's a simple answer -- rewrite the Data Protection laws so that companies are required by law to keep all third party information confidential. Information gathered must be only for the company's own internal use and must not be given or sold to any other organisation.

    Take mailing lists, for example. There's a "good way" and a "bad way".

    The good way says that if company A wants to allow company B to write to the small subset of its customers that have agreed to receiving third party information, it is sent *by* company A with a covering letter bearing company A's logo and confirming that company B has not been given addresses or any other personal data.

    The bad way says that company A simply hands over its mailing list and perhaps other information too, leaving the recipient with no way of knowing who leaked the data or who else it has been given to.

This topic is closed for new posts.