Online Advertising: The End of Cookies?

As marketers, we always hope that the Federal Trade Commission and other governing bodies will let us self-regulate. However, earlier this month, the FTC released a 122 page staff report entitled “A Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.”

The report addresses privacy concerns specifically as they relate to online advertising and makes suggestions as to what we need to do as an industry to address these concerns. It’s like the FTC is telling us, “you guys can’t get it together, let us help you out a little bit.”

What Happened to Self-regulation?

Clearly in this case, our industry has continued to push the envelope with feats of data promiscuity never seen before, prompting privacy watchdogs to start screaming foul (with reason). We have failed to establish guidelines and standards in a timely manner, which is why the FTC made the first move and now this report tells us what they think we need to do as an industry.

The report states that industry efforts to address privacy through self-regulation “have been too slow, and up to now have failed to provide adequate and meaningful protection.”

What’s so Spooky About Cookies?

Nothing’s scary about cookies. Really, cookies are for girl scouts compared to these “new and improved” methods of tracking:

• Device Fingerprinting: This method of tracking is quite different and doesn’t require cookies at all — rather it uses hundreds of data points it can grab from your machine, things such as the difference between the time on your machine in milliseconds and the “real” official time, for example, adds it all up into a device fingerprint which can be used very effectively to track your activity online. This has been used for fraud detection for a while now, but it is obviously finding new potential markets with online marketers.
• History Sniffing: Yes, it’s possible for any given website to snoop into your browser history and use the information it finds there to push ads that it thinks you would like. Obviously this isn’t really “tracking” technology per se, but it does provide website owners access to data you may not want them to have. The FTC is just now asking browser makers to fix this once and for all, so we can expect this exploit to come to an end shortly.
• Evercookies or Super Cookies: “Evercookie” is a JavaScript API website publishers can use to generate super persistent cookies in a browser. It basically identifies browsers that won’t accept standard cookies or Flash cookies, which are the most common methods used for tracking, and uses alternative methods to set cookie type data and store it in fairly obscure locations on the browser. These types of cookies can easily be brought back to life with all of the data that was there even though the user deleted them.
• Deep Packet Inspection: The ultimate form of tracking comes in the form of technology that can track and analyze packets of data travelling from the user’s computer to other computers online. Obviously this is much more powerful than cookies because it not only tracks what you are doing on one given web site using your web browser but also monitors the rest of your online activity, including e-mail. This is the stuff spy agencies use.

But is the “Tracking” Part the Real Issue?

Regardless of how we track, it’s what we do with the data that is the main issue. I don’t know if any of these methods of tracking will replace cookies temporarily in a bid to outplay government regulation, but I do know this: privacy concerns aren’t going away. It’s our responsibility as marketers to use the data we gather in a responsible manner.

When I visited an online privacy website to do research for this piece and the site surrounded itself with three identical banners trying to sell me a product that’s clearly just for Internet marketers, it made me laugh a little.

I haven’t been active in any way as a psychologist for more than 10 years, although my social profiles state I studied psychology. So when another news site pushes ads for the American Psychological Association’s latest report using the Google ad exchange, I know we as an industry have officially crossed the line.