This article summarizes Mikhael Bilenko, Matthew Richardson, and Janice Y. Tsai’s article. The original behavioral targeting pdf file can be download from this link: Targeted, Not Tracked: Client-side Solutions for Privacy-Friendly Behavioral Advertising
Behavioral tracking issues are prevalent in popular media nowadays, mainly because of the rising concern on privacy in online advertising. As such, legislators have come up with the Do Not Track (DNT) solution as a response to pressure from technology and advertising firms, legislators and regulatory bodies.
Do Not Track
There are three kinds of Do Not Track Implementations: HTTP headers, Opt-out Cookies, and Domain Blocking. They all involve giving browsers the capacity to keep third party websites from performing behaviorally targeted advertising. However, DNT doesn’t meet the full criteria required by the Federal Trade Commission on regulation, and most online ad industries now are saying that self-regulation is enough and they don’t need DNT.
Why isn’t DNT successful? Bilenko, et al, suggests that current discussion hurts Do Not Track implementations because the difference between Tracking and Targeting isn’t clear. It is important to differentiate between the two processes because of their importance in the growing financial and technical sophistication of the online advertising system. Policies that do not clearly distinguish the two become dubious.
In addition, one survey shows that more than half of respondents are comfortable with behavioral targeting, while another survey shows that two-thirds of respondents find tracking invasive of their privacy. Given that most users do not have basic understanding on how these processes work, the survey results show that they have different perceptions toward tracking and targeting.
Tracking versus Targeting
According to the Center on Democracy and Technology, “Tracking is the collection and correlation of data about the Internet activities of a particular user, computer, or device, over time and across non-commonly branded websites for any purpose other than fraud prevention or compliance with law enforcement requests.”
On the other hand, targeting is “the use of processed data for personalization in the context of a specific task, such as advertising.” A lot of parties are involved in both tracking and targeting processes, e.g. tracking can be done by the first party, which a user expects to be exchanging data with, or a third party or another operative entity. In other words, delivering targeted ads go through a complicated route, so fully differentiating the concept of targeting and tracking is important.
Mechanics of Tracking
The tracking server collects data about the properties of the page being viewed. These properties may include search terms if the page was visited from a search engine search, or the page’s category. Other forms of data include user data contained in cookies, properties from the browsing activities of a certain user, location and demographics, etc. These data can be stored client-side or server-side.
Mechanics of Targeting
Targeted online advertising becomes more effective when more user data is available to assess a user’s responsiveness to targeted ads. More information regarding browsing behavior, location, demographic, and others, will lead to advertisers being able to modify their ad prices for better ROI.
Information from tracking is utilized by ad platforms in selecting ads. Choosing which ads to display can be done through real-time bidding or RTB platforms. A website publisher requests advertisements from the RTB platforms, which is then forwarded to several ad networks. Tracking data can be collected from the website itself, the RTB platform, or the ad networks. Furthermore, user ID matching adds to the complication of the whole process.
FTC Do Not Track Framework
During 2010, FTC issued a report stating that advertising industries have been ineffective with regards to self-regulation for privacy, so they proposed a framework called “Do Not Track” which basically gives consumers the choice without hampering online behavioral advertising benefits.
The Center for Democracy and Technology states, in its analysis of DNT, that they believe users cannot block “all advertising or prevent all data collection.” The following are the five key parts for a successful Do Not Track mechanism which could be used for self-regulation: Easy to understand and use, Effective and Enforceable, Universal Choice, Opt out of data collection and use, and Persistent consumer selection.
The four major web browsers support DNT solutions in one form or another. Firefox 5.0 supports HTTP Header, Google Chrome has persistent opt out cookies as a plugin, Internet Explorer 9 has both Domain Blocking and HTTP Header, and Safari 5.1 supports HTTP Header. Analyzing these browser-based DNT solutions reveal that not one of them currently meets all of the criteria presented in the previous paragraph, with the most difficult ones to fulfill being Opt-out of Use and Collection, and Effective and Enforceable.
Targeted, but Not Tracked
The paper discusses methods which clearly distinguishes targeting and tracking, and use that for the benefit of both users and advertisers. Users get to keep their own personal data via client-side aggregation, while advertisers can still employ targeting and keep most of their gains. It further discusses three solutions related to this technique: Plug-in Based Client Side Profiling, Native Client-Side Profiling, and Revenue Impact Analysis. These three solutions all involve installation of plugins and representing profiles via topics.