Current Issue
This Month's Print Issue

Follow Fast Company

We’ll come to you.

The Shady Ways Advertisers Track You Online

Wednesday Google [GOOG] announced it would begin using behavioral targeting in its online advertisements, renewing discussions about the probity of the practice. There aren't any laws that dictate what kind of information advertisers can collect as you navigate around the Web, making the targeted ad industry ripe for exploitation. How does behavioral targeting work? What's being done to make it safer?

"The Web is still the wild wild west," says Jeff Hirsch, the president and CEO of behavioral targeting platform AudienceScience. His clients include the websites of The Financial Times, The Wall Street Journal, and The New York Times; and on the advertising side, companies like American Airlines, Nestle, and Sketchers. "There aren't a lot of standards," he says. "A lot of parties are doing things that aren't illegal, but that we'd consider inappropriate." One example: let's say you navigate to a site and order something; an unscrupulous site could store the information you enter into text fields, such as a name, address, or query. Does this go on regularly? "Yes, it does," says Hirsch.

Behavioral targeting works like this: when you browse the site of a publisher that offers free content—like, say,—that publisher makes money by selling advertising space on its site. The company that serves the advertisements (who we'll call Ad Company) can put an "cookie" on your computer that notes what kinds of articles you're reading. (On respectable sites like ours, the conditions of the cookies are clearly spelled out in the site's privacy policy.)

Once you move on to a new site, your Ad Company-brand cookie stays in your browser with information on which articles you read (let's say one is about Apple). When you arrive at another site that uses Ad Company for their ads, the new site sees you've been reading articles about Apple, and serves you up an ad for iPods.

The benefits should be obvious: advertisers get exposure only to customers who are theoretically interested in their products, so they don't waste money appealing to people who aren't going to buy from them anyway. Contrast that specificity with the untargeted ads you see on billboards or bus stops; those ads have to appeal to a mass audience, and there's no way to tell if they're working or not. But if you target Apple fanboys directly, you can put together a geekier ad, and you can judge via clickthroughs how well the audience is responding.

"It's about creating relevancy in advertising," Hirsch says. "You want to provide customers with ads that are relevant to things that they're looking for." Targeted ads, he says, are a win-win-win; advertisers, publishers and customers benefit—at least in theory. Advertisers reach a parsed audience, publishers' ad space becomes more valuable, and customers get served up ads that are less annoying and more useful. The latter point depends on your personal conception of useful, of course; as an avid cyclist, I am constantly allured by targeted SALE! ads for spendy new bike parts—much in the same way that cigarette signs beckon just-quit smokers.

The crux of the behavioral targeting is finding an equilibrium between privacy and useful information. "Our cookies don't store information that's personal," Hirsch says, explaining that the data these cookies keep can't be matched to names or locations of users. Still, the potential for abuse by less honest ad platforms has drawn the ire of the Federal Trade Commission, that has demanded that the industry set standards of behavior for itself, or face governmental intervention. That's something that everyone would do best to avoid, says Hirsch. "Legislation isn't a good answer because the people that create it aren't in the industry. That could create a whole host of unintended side effects."

One dubious method that has served as an impetus for the FTC's alarm is something called ISP-based targeting, in which shady ad platforms buy users' behavioral data wholesale from their ISP. That's the difference between being recorded by one camera on the side of a specific highway, and being trailed by a camera-van everywhere you go. Many of the companies that have attempted this have been shut down, Hirsch says, but new methods of inappropriate targeting may yet be derived.

Yet if offline advertisers' behavior is any example, new legislation might not bee too stringent. Credit card companies, for example, routinely sell off customers' names and addresses to direct-mail firms. But while we've become inured to junk mail, the prospect of computer chicanery somehow seems much scarier. "The computer is seen as a very personal device, and things happen very quickly online," Hirsch says.

The problem of privacy is something that needs addressing, because as Hirsch notes, behavioral targeting is critical to advertising. It's a basic media trade-off, he says: "In order to show you content for free, we're going to show you advertising; in order to make that advertising what it needs to be, we're going to need to know a little about your surfing habits." Part of what makes the Web great is its free-everything approach, and behavioral targeting is what makes that approach financially feasible.

To that end, ad companies (AudienceScience included) have come together to form something called the Behavioral Targeting Standards Consortium. AudienceScience is also working with the Interactive Advertising Board, or IAB, and sits on the board of the Network Advertising Initiative. But now that Google has entered the game with a kind of co-op business model, new questions arise: who owns the data that the search giant is collecting from its advertising partners? Who should be compensated for the use of that data? And what do those questions mean for us, the users?