Estimate: Google interest-based targeting reaches 25% of AdSense sites

It’s been about seven months since Google announced their interest-based ad-targeting program, which gathers consumer behavioral information across the massive AdSense network of independent sites. Google left it up to the individual sites whether or not to participate, but Google stipulated that to do so they must provide new disclosure in their privacy policy and a link to Google’s privacy policy.

Using links to the Google’s privacy policy as a marker, I did some quick and dirty calculations in June to assess adoption. Now in October we’re in a little better position to make a guesstimate. Importantly, we now have a denominator, since Google disclosed in their Q3 2009 earnings conference call that there are at least a million sites in the AdSense network. For the numerator, each search engine provides its own count of the pages that carry the privacy policy link (and it seems reasonable to assume that in general each site carries the link only on one page):

Google June: 93,600  October: 277,000

Yahoo!  June: 78,000 October: 224,000

Taking the average of Google and Yahoo!’s numbers, and assuming there are one million AdSense sites, it looks like Google’s interest-based ad targeting now reaches about one-quarter of the AdSense network. This pace of adoption seems low given the higher revenue expectations for behavioral targeting and Yahoo!’s apparent success with the technology on news sites.

Of course, ultimately it isn’t the sheer number of sites electing to be in the program that matters; it’s the traffic volume and quality of the sites that do choose to opt-in that determines the program’s success (and the scope of consumer information collected). But if three-quarters of AdSense sites are still hesitating, perhaps Google hasn’t shown them the money just quite yet.

As with so many things, only Google knows. But it may be that this slow adoption has something to do with why so few of us appear to have any advertising-worthy interests, at least according to Google’s Ad Preferences Manager. This is the transparency tool Google rolled out to soften privacy concerns about the AdSense targeting program. As explained in a prior post, few folks actually appear to have any interests available to target upon. Is there a vicious circle at work here?

Good trend beginning? interCLICK kills their Flash cookies

interCLICK confirmed this morning they are no longer using Flash cookies for ad targeting, and have conformed their privacy policy accordingly. It sounds like this is part of the NAI’s efforts to rein in the use of this technology among NAI members; even with disclosure, use of Flash cookies just doesn’t line up with consumer expectations about their ability to control ad targeting.

With our own Flash-cookie monitoring underway, we will keep an eye on which networks continue to use them. As a matter of disclosure, ad networks continuing to write Flash cookies for any purpose should make a statement either way as to whether they are used for ad targeting purposes.

Doubleclick’s Flash cookies

Since the next version of the privacychoice opt-out tool will incorporate integrated control of Flash cookies, we’ve developed internal tools to start monitoring the incidence of use of Flash cookies by tracking companies. It’s not news that use of Flash cookies has been widely embraced by ad networks; what is surprising is how few of them explain this in their privacy disclosures, or provide any guidance on how to delete or control them.

The most notable example of missing Flash-cookie disclosure comes from the biggest dog of all: Google’s DoubleClick subsidiary. We’re seeing their Flash cookie, googleads.g.doubleclick.net, on multiple test machines, which raises questions:

1. Is DoubleClick’s Flash cookie used to gather interest information? This is not confirmed one way or another in the privacy policy, but should be. (In fact, a search of DoubleClick’s site reveals no mention of Flash cookies.)
2. If I expressly opt out using the regular DoubleClick browser cookie, and then that opt-out cookie is deleted for any reason, does DoubleClick reconnect my profile with the surviving Flash cookie? Why doesn’t Google just delete the Flash cookie as part of the normal opt-out process?
3. Better yet, if Google is using Flash cookies to enhance the ad serving experience, why not set the user’s opt-out preference with a durable Flash cookie?

My guess is that DoubleClick’s Flash cookies are not used for interest gathering or ad targeting, but in the absence of a clear statement as to how they are used, consumers are left to wonder.

Akamai and Acerno backtrack on retention

Update: As of 10/14 our page checker now reports that Acerno’s policy has changed again to read that information will be kept for one year, not three years. Good news!

Back in August, I posted about Acerno shortening its data retention policy from three years to one year, bringing it in line with its parent company, Akamai, and an emerging one-year standard among the major players.

Now it looks like they’ve reconsidered.

Despite calls from privacy advocates to shorten the retention period for consumer behavioral data, Acerno has now decided that three years seemed just about right, and has modified its privacy policy accordingly.

Oddly enough, Acerno didn’t deem either of the changes to be material enough to highlight in any way, despite an oblique promise (elsewhere in the policy) to at least note the date of an update:

We reserve the right to make changes to this Privacy Policy at any time. While we expect most changes to be minor, there may be changes that are more significant. As such, we will state the date the policy was last updated. We encourage you to review our privacy policy on a regular basis.

At a moment when transparency and consistency should be paramount, it’s a surprise to find Akamai, industry leader and NAI-member, moving (quietly) in the wrong direction.

Hey, Google, where are our interests?

When Google announced the launch of interest-based ad targeting in March, they also opened up their Ads Preferences Manager. Google explained that this console shows any consumer the interests that Google has recorded on them based on their activity across Google’s DoubleClick network. Consumers can even edit their interests within a list of over 2,000 individual interest categories.

Google’s move seemed to provide even more transparency than earlier efforts like those of BlueKai’s consumer preference registry. For many, Google’s offering was taken as a sign of good faith, and perhaps a hint of what might be possible if consumers and advertisers could interact about interests in an informed, win-win way.

I just got around to checking out my own interests at Google, only to find none recorded. Curious (and concerned about whether I really have any interests), I checked with some friends and family members. None of them had any Google interests, either. And out of fifty independent testers recruited on Amazon’s Mechanical Turk, only seven seemed to have any interests recorded with Google (an average of about four interests each).

Obviously, either the scope of Google’s interest gathering is more limited than expected, or Google has more information than they’re showing. Why isn’t more interest information available to us?

To track this issue, we’re running an ongoing survey to count the number of interests that Google has on anybody willing to participate. If you want to help (and you haven’t opted-out of Google’s tracking), please take five seconds to visit this page, use the widget to grab what Google says are your interests and allow those to be counted for the survey.

It’s unscientific for sure, but it will be fun to watch as Google’s mission to organize the world’s information also becomes a quest to catalog the interests of humankind.

Postscript: Be sure to follow Opt-out Man, who similarly lacks interests (as far as Google is concerned).

What a difference a word makes

Here’s a subtle but meaningful change to the privacy policy for XGraph:

Non-PII (anonymous, non-personal information) may be shared with certain parties for the following purposes: (1) to Partners websites in order to help them target relevant advertisements and content and to better understand their online audiences and customers …

Meaningful because now the information may be commercially shared not only with the sites where it is collected, but also any other third parties in the advertising chain.

In the something’s-better-than-nothing department, they also added an explanation of their retention policy:

We retain collected raw data (e.g. anonymous web logs) for up to six months, after which time this data is discarded. Collected data may be anonymously aggregated or correlated and retained in that form for up to three years.

I have no clue what it means for information to be “anonymously correlated.” Just tell me, for how long does any behavioral action remain associated with my XGraph cookie or IP address?

By the way, XGraph is the ultimate minimalist network. Their website consists solely of a contact email, a privacy policy and an opt-out link. Talk about agile!

Should adult activities be out of bounds for behavioral targeting?

In the privacy debate about behavioral tracking and ad targeting, most folks agree that new rules are needed in areas that are considered “sensitive.” Some activities, like researching health conditions or financial planning, will be off limits for tracking once new rules are in place. Companies won’t be able to use information about those activities when compiling user profiles or targeting advertising, and probably will be obligated to delete such data promptly.

This will impose new policies (and probably new operating practices) on many firms engaged in tracking. A substantial majority (65%) of the tracking companies in the privacychoice database make no mention in their privacy statements of special handling for sensitive information.

The larger players are ahead of the curve. With a few exceptions, each of the top ten ad networks already exclude sensitive information from their targeting matrix in some way. In the most typical formulation, “sensitive” information is defined to include government-issued identifiers (like SSN), insurance plan and financial account numbers, your real-time geographic location (via GPS), and “precise information about past, present, or potential future health or medical conditions or treatments, including genetic, genomic, and family medical history.”

A few ad networks go further, also establishing exclusions around sexual identity and adult activities. Google, for example, says it will not associate the omnipresent DoubleClick cookie with information about “sexual orientation.” Clearsight Interactive and AlmondNet will not store information from “adult and gambling sites.” BlueKai does not collect or share data involving “adult behavior such as drinking, politics, or pornographic content.” Exelate promises not to target ads based on “adult related searches or adult content.”

It is easier for an ad network to promise not to use adult activities if they don’t serve ads or collect data on adult sites in the first place. But mainstream ad networks and measurement firms are present on adult sites. Take a look at the Network Privacy Profile for playboy.com, where you will find DoubleClick, Quantcast, Eyewonder and several others. Those networks are in a position to connect visits to adult sites with a user’s overall profile (and any personally identifiable information, if they have it).

Consumers have some privacy protection in the form of anonymous surfing tools, which are now available in all of the major browsers. But although private browsing mode cuts off access to regular browser cookies on your computer, it doesn’t mask IP addresses or block Flash cookies, which are common across all browsers and are favorite tracking tools for many ad networks. There are technical workarounds, but none within reach of an average consumer.

As regulations emerge, here are two predictions:

• Use of sexual orientation will be off-limits in behavioral targeting as a matter of law, but activities on adult sites will not. While advocates want to circumscribe targeting as much as possible, they will pick their battles. (Thus the recent proposal from a coalition of privacy advocates only suggested sensitizing information about sexual orientation and “personal relationships.”)
• In the long run, as opt-out (or even opt-in) choices become more prevalent and robust, companies will extend their definition of sensitive categories beyond non-controversial areas like finance and health. This will be an easy way to make consumers more comfortable, particularly if new rules require companies to show users what’s in their own profiles.

Website analytics and targeting: is there an elephant in the room?

In sampling top websites for the privacychoice service, we see that nearly all of them use hosted website analytics to understand user behavior. Like an ad network, an analytics service works through Javascript code embedded throughout pages on a website. As humans navigate the site, background communications with the analytics server provide complete visibility on behavior, including counting new or repeat users, seeing which search terms they used to find your site, and which of your pages pages are most popular. Using cookies and IP addresses, a user’s multiple sessions can be linked in order to understand user loyalty and behavior over time.

The sheer ubiquity of analytics code raises an obvious question: Is website analytics data used to target advertising?

The question gains importance given the growing overlap between analytics providers and ad networks, where Google is the biggest in each market. It has the widest footprint in selling and serving ads through the AdSense network and DoubleClick. It also also gives away Google Analytics for free to web publishers, which is present on over three-quarters of the sites sampled for privacychoice. For  customers who are also advertisers on Google networks, the appeal is an integrated end-to-end cycle — from ad click through user actions taken on the site — enabling publishers to connect the dots for a more effective ad spend. The other analytics providers include a handful of enterprise-grade platforms like Omniture. Once Omniture becomes part of Adobe, they may have access to a larger web-wide footprint through the huge installed base of Flash applications (also widely used in ads).

Yahoo! also offers its own analytics product to advertising customers, and Yahoo! makes it clear that analytics data is leveraged to target advertising. User activities on sites running Yahoo!’s analytics program can be associated with the user’s account and activities on Yahoo!’s family of sites. For purposes of disclosure, websites using Yahoo!’s service are directed to include specific language in their privacy policies and a link to more information. According to Yahoo! search, around 3,000 sites carry the required language:

“We use third-party web beacons from Yahoo! to help analyze where visitors go and what they do while visiting our website. Yahoo! may also use anonymous information about your visits to this and other websites in order to improve its products and services and provide advertisements about goods and services of interest to you.”

Yahoo! can connect user activities from its analytics network with Yahoo!’s sites or ad networks. Does Google?

The answer is, probably not, if only in light of Google’s other practices. DoubleClick requires each participating website to make a special privacy disclosure about the use of information for ad targeting, and provides an opt-out cookie for consumers. Google Analytics has neither. Also Google analytics collects user information through a different domain (google-analytics.com) than they use for their ad networks (doubleclick.net, googlesyndication.com and others). While this doesn’t mean they can’t use analytics data for ad targeting, it does make it harder as a practical matter.

However unlikely it may be, given the huge but invisible reach of Google Analytics, it’s reasonable to expect an express statement from Google. This could be as simple as: information gathered via Google Analytics is not associated with other Google user information or used to target advertising.

To search of this kind of statement, you can start start by navigating Google’s privacy policies. Which one is relevant is not immediately obvious. Look at Google Analytics for a privacy policy and you end up at the general Google Privacy Center (unlike DoubleClick, which has a separate policy, and 15 other Google services, which have supplements to the general policy).

Google’s general policy is particularly unhelpful in explaining how user information is handled by Google Analytics. In the explanation of data gathering via cookies, IP addresses and such, matters are framed with “when you visit Google’” or “when you access Google services.” Who even knows they are using Google services when they happen to trigger Google Analytics code on a third-party site? But still you will find no express statement about mixing analytics and targeting data.

Turn from the consumer disclosures to the terms of service Google Analytics provides its analytics customers. There you find this express statement about the use of information:

Google and its wholly owned subsidiaries may retain and use, subject to the terms of its Privacy Policy (located at http://www.google.com/privacy.html , or such other URL as Google may provide from time to time), information collected in Your use of the Service.

The policy does go on to say that, although Google may retain and use the information, it will not share any site’s information with third parties. But by implication, Google still can use the information to target ads, so long as it does not disclose the targeting information to advertisers. The fact that Google probably doesn’t use analytics data this way isn’t the point. What is needed is a statement that makes Google accountable for that policy. In crafting privacychoice summaries, this ambiguity in Google’s policies means we cannot assume that users are anonymous to Google when they are on sites using Google Analytics.

This example provides important takeaways for folks writing rules for this industry. To ensure clarity and accountability, any company in the business of collecting and using information about users from across different websites should register each domain they use, and bind it legally to a complete privacy policy that governs the activity. There’s no room — and no reason — for ambiguity.

privacychoice 2.0: the experiment continues

A principal mission of the privacychoice project is to make consumer privacy more understandable. When it comes to behavioral tracking, the biggest barrier to understandability is that the practice is largely invisible to consumers. Your actions may be logged and profiled as you use different websites, and you probably don’t know which companies are doing it or how they promise to handle your behavioral information.

The new version of privacychoice.org aims to help close this information gap. Here’s what’s new:

1. A visual tool that provides a tracking privacy scorecard for several hundred top websites, showing you summaries of selected tracker policies, highlighting those with concerns.
2. A new Firefox add-on called TrackerWatcher, which enables a consumer to see who’s tracking them on any site they visit, and to see the relevant policies and concerns in one place.
3. A set of icons that correspond with five privacy practices that are important for consumers to understand: Anonymity, Sharing, Sensitivity, Deletion and Oversight.
4. A redefined framework for our opt-out add-on, that allows either a complete opt-out (all networks that offer an opt-out) or an opt-out only on those networks with any special concerns in the five practice categories.

The privacychoice project is an experiment to see whether or not online privacy can be understood by consumers; whether complex principles can be reduced to their essence, abstracted and visualized; and whether disparate data sources, policies and processes can be aggregated in a sustainable way. I welcome your feedback and comments!

Rubicon and YuMe step up on opt-outs

In prior posts I’ve mentioned both YuMe, a video ad network, and The Rubicon Project, one of the new intermediary firms that optimizes website ad revenue by selecting the highest yielding ad from across multiple ad networks or exchanges. After wondering out loud about YuMe’s lack of an opt-out and Rubicon’s lack of any privacy statement for consumers, it looks both have taken steps in the right direction in the last few days.

YuMe revised their privacy policy for consumers and added an opt-out cookie process. The disclosures are clear and the process is smooth. Opt-out is now mentioned on YuMe’s homepage (although not prominently).

Rubicon took a different approach, adding a “Transparency” page linked from their homepage (“Privacy” still takes you to B2B disclosures). Here a consumer can opt-out of tracking by Rubicon, and also see what interests Rubicon has associated with their profile.

Although I visited half a dozen websites where Rubicon is installed, including auto, sports and baby sites, I couldn’t get any interests to register on the Transparency page. This piece may not yet be operational, or there may be a lag, but once it is, it will put Rubicon in company with BlueKai, Google and a few others who not only provide preference choices, but also provide the consumer with the contents of their online profile.

This is worthy of praise, but Rubicon’s implementation needs improvement. Suggestions:

1. Consumers who come to Rubicon’s homepage will be looking for information about “privacy” and will end up in the wrong place. Putting the opt-out process below a label like “Transparency” won’t compute for consumers, and renders the exercise largely useless.
2. Showing interests and providing an opt-out are good steps, but they don’t substitute for an actual privacy policy that also addresses questions like data retention, sharing of information with third parties, and method of data collection (cookies, Flash cookies, IP addresses?). The TRUSTe seal appears at the bottom of the Transparency page, implying that the disclosure is covered by TRUSTe’s certification (although it seems rather thin to have qualified).
3. After pressing the opt-out button (with the unnecessary radio button choice), there’s no cue that confirms that the opt-out has been effective, even though a cookie has been written. Also, it isn’t clear whether, by opting out, any affinity profile information that has previously been created will be deleted.
4. There’s no explanation of how the opt-out cookie may be lost if cookies are deleted, nor a link to browser add-ons that can set the cookie permanently (such as those provided by Google, TACO or privacychoice).

It’s good to see more networks beefing up privacy disclosures and making opt-outs available. But for Rubicon and many other tracking companies, the implementation of consumer privacy disclosure and choice still seems half-hearted.