Hidden inside Ashley Hayes-Beaty’s computer, a tiny file helps gather personal details about her, all to be put up for sale for a tenth of a penny.
The file consists of a single code— 4c812db292272995e5416a323e79bd37—that secretly identifies her as a 26-year-old female in Nashville, Tenn.
The code knows that her favorite movies include “The Princess Bride,” “50 First Dates” and “10 Things I Hate About You.” It knows she enjoys the “Sex and the City” series. It knows she browses entertainment news and likes to take quizzes.
“Well, I like to think I have some mystery left to me, but apparently not!” Ms. Hayes-Beaty said when told what that snippet of code reveals about her. “The profile is eerily correct.”
Ms. Hayes-Beaty is being monitored by Lotame Solutions Inc., a New York company that uses sophisticated software called a “beacon” to capture what people are typing on a website—their comments on movies, say, or their interest in parenting and pregnancy. Lotame packages that data into profiles about individuals, without determining a person’s name, and sells the profiles to companies seeking customers. Ms. Hayes-Beaty’s tastes can be sold wholesale (a batch of movie lovers is $1 per thousand) or customized (26-year-old Southern fans of “50 First Dates”).
“We can segment it all the way down to one person,” says Eric Porres, Lotame’s chief marketing officer.
One of the fastest-growing businesses on the Internet, a Wall Street Journal investigation has found, is the business of spying on Internet users.
The Journal conducted a comprehensive study that assesses and analyzes the broad array of cookies and other surveillance technology that companies are deploying on Internet users. It reveals that the tracking of consumers has grown both far more pervasive and far more intrusive than is realized by all but a handful of people in the vanguard of the industry.
• The study found that the nation’s 50 top websites on average installed 64 pieces of tracking technology onto the computers of visitors, usually with no warning. A dozen sites each installed more than a hundred. The nonprofit Wikipedia installed none.
• Tracking technology is getting smarter and more intrusive. Monitoring used to be limited mainly to “cookie” files that record websites people visit. But the Journal found new tools that scan in real time what people are doing on a Web page, then instantly assess location, income, shopping interests and even medical conditions. Some tools surreptitiously re-spawn themselves even after users try to delete them.
• These profiles of individuals, constantly refreshed, are bought and sold on stock-market-like exchanges that have sprung up in the past 18 months.
The new technologies are transforming the Internet economy. Advertisers once primarily bought ads on specific Web pages—a car ad on a car site. Now, advertisers are paying a premium to follow people around the Internet, wherever they go, with highly specific marketing messages.
In between the Internet user and the advertiser, the Journal identified more than 100 middlemen—tracking companies, data brokers and advertising networks—competing to meet the growing demand for data on individual behavior and interests.
The data on Ms. Hayes-Beaty’s film-watching habits, for instance, is being offered to advertisers on BlueKai Inc., one of the new data exchanges.
“It is a sea change in the way the industry works,” says Omar Tawakol, CEO of BlueKai. “Advertisers want to buy access to people, not Web pages.”
The Journal examined the 50 most popular U.S. websites, which account for about 40% of the Web pages viewed by Americans. (The Journal also tested its own site, WSJ.com.) It then analyzed the tracking files and programs these sites downloaded onto a test computer.
As a group, the top 50 sites placed 3,180 tracking files in total on the Journal’s test computer. Nearly a third of these were innocuous, deployed to remember the password to a favorite site or tally most-popular articles.
But over two-thirds—2,224—were installed by 131 companies, many of which are in the business of tracking Web users to create rich databases of consumer profiles that can be sold.
The top venue for such technology, the Journal found, was IAC/InterActive Corp.’s Dictionary.com. A visit to the online dictionary site resulted in 234 files or programs being downloaded onto the Journal’s test computer, 223 of which were from companies that track Web users.
The information that companies gather is anonymous, in the sense that Internet users are identified by a number assigned to their computer, not by a specific person’s name. Lotame, for instance, says it doesn’t know the name of users such as Ms. Hayes-Beaty—only their behavior and attributes, identified by code number. People who don’t want to be tracked can remove themselves from Lotame’s system.
And the industry says the data are used harmlessly. David Moore, chairman of 24/7 RealMedia Inc., an ad network owned by WPP PLC, says tracking gives Internet users better advertising.
“When an ad is targeted properly, it ceases to be an ad, it becomes important information,” he says.
Tracking isn’t new. But the technology is growing so powerful and ubiquitous that even some of America’s biggest sites say they were unaware, until informed by the Journal, that they were installing intrusive files on visitors’ computers.
The Journal found that Microsoft Corp.’s popular Web portal, MSN.com, planted a tracking file packed with data: It had a prediction of a surfer’s age, ZIP Code and gender, plus a code containing estimates of income, marital status, presence of children and home ownership, according to the tracking company that created the file, Targus Information Corp.
Both Targus and Microsoft said they didn’t know how the file got onto MSN.com, and added that the tool didn’t contain “personally identifiable” information.
Tracking is done by tiny files and programs known as “cookies,” “Flash cookies” and “beacons.” They are placed on a computer when a user visits a website. U.S. courts have ruled that it is legal to deploy the simplest type, cookies, just as someone using a telephone might allow a friend to listen in on a conversation. Courts haven’t ruled on the more complex trackers.
The most intrusive monitoring comes from what are known in the business as “third party” tracking files. They work like this: The first time a site is visited, it installs a tracking file, which assigns the computer a unique ID number. Later, when the user visits another site affiliated with the same tracking company, it can take note of where that user was before, and where he is now. This way, over time the company can build a robust profile.
One such ecosystem is Yahoo Inc.’s ad network, which collects fees by placing targeted advertisements on websites. Yahoo’s network knows many things about recent high-school graduate Cate Reid. One is that she is a 13- to 18-year-old female interested in weight loss. Ms. Reid was able to determine this when a reporter showed her a little-known feature on Yahoo’s website, the Ad Interest Manager, that displays some of the information Yahoo had collected about her.
Yahoo’s take on Ms. Reid, who was 17 years old at the time, hit the mark: She was, in fact, worried that she may be 15 pounds too heavy for her 5-foot, 6-inch frame. She says she often does online research about weight loss.
“Every time I go on the Internet,” she says, she sees weight-loss ads. “I’m self-conscious about my weight,” says Ms. Reid, whose father asked that her hometown not be given. “I try not to think about it…. Then [the ads] make me start thinking about it.”
Yahoo spokeswoman Amber Allman says Yahoo doesn’t knowingly target weight-loss ads at people under 18, though it does target adults.
“It’s likely this user received an untargeted ad,” Ms. Allman says. It’s also possible Ms. Reid saw ads targeted at her by other tracking companies.
Information about people’s moment-to-moment thoughts and actions, as revealed by their online activity, can change hands quickly. Within seconds of visiting eBay.com or Expedia.com, information detailing a Web surfer’s activity there is likely to be auctioned on the data exchange run by BlueKai, the Seattle startup.
Each day, BlueKai sells 50 million pieces of information like this about specific individuals’ browsing habits, for as little as a tenth of a cent apiece. The auctions can happen instantly, as a website is visited.
Continue Article
