Archive for April, 2009

Progress at Lotame

April 30, 2009

I can report that the folks at Lotame have been quite responsive to the the questions raised in prior posts.  Here’s the update:

First, on the deletion from their privacy policy of the promise not to use “sensitive information” for behavioral targeting, Lotame has confirmed that they do indeed consider themselves bound by the NAI rule.  They will not use such information without “opt-in” consent from the consumer.

Where we still disagree is on whether they should retain the express promise in their privacy statement. Lotame and the NAI are comfortable not including the statement, since a user can find it on the NAI site.  My take is that if that’s the policy, why not say it, since it reassures consumers and establishes a stronger record of the policy? What’s the downside?

How’s this for a compromise — Charles Curran at the NAI should create a single page in human readable form (plain english) that includes the binding NAI rules, and all the NAI members can directly link to it. 

PS I’m not talking about this page, I’m talking about a page that actually summarizes the rules in this document (PDF).  It can’t hurt to have that available for members of Congress and would-be regulators, so they can really see a commitment to consumer understanding and choice. I’ll even volunteer to write the summary!

Second, Lotame has added very useful content to their opt-out process, including links to other opt-out resources (including the privacychoice opt-out wizard).  Highly commendable and, in a competitive sense, smart — if a consumer is opting out of your ad network, why not let them opt out of competing networks as well?

UPDATE:  I just noticed that Lotame also added a very helpful and prominent opt-out button on the top page of their website. They’re setting a terrific example and I hope and expect to see more networks follow them and Media-Six-Degrees.


Flash cookies and behavioral tracking: a proposal

April 29, 2009

After noticing Quantcast’s use of “Flash cookies,” I did some research on this technology as it relates to online privacy and behavioral tracking.   I’ve come to concur with other commentators that Flash cookies present a difficult challenge to meaningful consumer privacy choice, and would like to suggest a proposal.

Not all cookies are created equal

First, some background.  Flash cookies, known more formally as Local Shared Objects, work in much the same way as traditional browser cookies.  When you visit a website (or Flash application) the content server is able to access and store data in a defined place on your machine.  This data is available to servers from that same domain on future visits.  By placing a unique identifier as a local shared object (such as a long number), a tracking firm can capture and profile your activities across different visits and different websites. (See Wikipedia for a good roundup of the issues and links to other research and commentary on the topic.)

Some things to note:

1.  To see your own machine’s set of Flash cookies, visit this page on the Adobe website.  There you will see an interface like this, which shows which sites have stored Flash cookies, and how much space you are permitting them to use.  Key point:  browser applications do not provide direct access or control over Flash cookies in the way that they do over traditional cookies.  To do this easily, you must install a browser add-on like Objection or Better Privacy for Firefox (highly recommended if you are researching how these things work).


2.  Adobe’s special web page shows you the maximum amount of storage space a site can use, and how much they are using, but it does not show you what is being stored there.  In fact, even if you go into the directory structure yourself through the operating system, you will find files that are not easily opened to view.  In practical “opt out” terms, this means you cannot confirm easily that the text consists only of a non-unique looking opt-out cookie, for example. You would need to use an add-on like Objection to see the actual values of the Flash cookies.

3.  Unlike browser cookies, which keep a separate set of cookies for each different browser, a single Flash storage system serves all of the browsers that you may use on one machine.  This means that even if you use two different browsers, your activities in both can be associated with you as a single user.  So-called “private browsing” modes for browsers — which do not store web history or traditional browser cookies — may well still record behavior in Flash cookies.

Given this technical framework, flash cookies are uniquely valuable for behavioral tracking.  They provide all of the same tracking functionality, but unlike traditional cookies, which are regularly deleted by many users, Flash cookies are rarely deleted because (1) users don’t know they are there and (2) the process for managing permissions is practically unusable.

So, who’s using them?  

In light of the persistence and low profile of Flash cookies, you would expect to see tracking companies using Flash cookies.  A quick survey in the machines in my own home revealed Flash cookies being used by the targeters on the following domains (no doubt an incomplete list): (Akamai) (Google) (Quantcast) (Specific Media)

Many of these companies are familiar because they are included in the privacychoice opt-out wizard.  Most of these companies have privacy policies that mention cookie tracking and provide an opt-out.  However, according to a custom search of all of targeting company privacy policiesnone of them mentions “Flash cookies” or “local shared objects” in their privacy policies.  None of them explains how to view, control or delete flash cookies. Nor do they state explicitly whether opting out using traditional opt-out cookie will also serve to opt-out from any tracking via Flash cookies. 

To be fair, we can’t assume that all of these networks are using Flash cookies for tracking purposes, and some of these folks who work in video (like Videoegg) no doubt have non-tracking purposes for Flash cookies (to retain user settings, for example).  But the failure to even mention the use of flash cookies in their privacy policies means they aren’t in compliance with the disclosure rules of  TRUSTe or the Network Advertising Initiative, which requires an explanation of what information is collected about users.  Most likely, many of them are using flash cookies for behavioral tracking, and they just haven’t given much thought to the disclosure and opt-out requirements unique to those methods. 

I’ll be polling them on this question and will update this post with further data.

So now what?

Here’s a conclusion and a proposal:

First, it’s not realistic to suggest that companies simply refrain from using Flash cookies for behavioral tracking. It’s already happening, and thanks to the lousy job Adobe did in implementating flash cookie controls, we’re stuck with a system that is opaque and beyond the average user’s ability to control.

However, any company that does collect any information via Flash cookies (whether for behavioral profiling or otherwise) should update their privacy policies to make this clear, just as they generally do for traditional browser cookies.  This is a another good test of the seriousness of self-regulation in the hands of the NAI and TRUSTe.

Any company that uses flash cookies for behavioral profiling should take one additional step, which is to expressly apply their traditional browser cookie opt-out (already in place with over 70 networks) to also cover the use of flash cookies as well, and to confirm that they are doing so in their privacy policies.  That is to say, any consumer opting out via a traditional browser cookie opt-out should be understood as opting out of all tracking, whether by traditional cookies, Flash cookies, beacons or any other technology that may come down the road.

While this is perhaps not as verifiable (because Flash cookies are difficult to find and read), the fact is that nearly all opt-out cookies require users to trust that the network is honoring the opt-out preference anyway. 

Another possible approach — to create a separate opt-out process that actually writes a Flash version of an opt-out cookie into the local shared objects — is not workable.  Confirmation of the process by viewing a flash cookie is too difficult, and it will be more difficult to aggregate opt-outs for the ease of consumers.  Also, with Silverlight and any number additional browser add-ons that can provide a platform for tracking, it would be unmanageable to support separate opt-out regimes for each.  Rather, a comprehensive, cross-technology opt-out system should build on what has already been put in place with traditional browser cookies.

My suggestion reflects a key underlying philosophy:  Opt-out cookies are nothing more than a statement of the user’s preference, and not a means to actually prevent behavioral targeting. True accountability to honor the user’s preference won’t come through technology, but rather through industry leadership, advertiser oversight and (inevitably) some level of government and legal process.

Quantcast joins the NAI? Uses flash cookies?

April 29, 2009

quantcastlogoQuantcast‘s analytics service has grown rapidly, giving them a footprint (and cookie access) across thousands of websites and 6 billion impressions per day.  They recently launched Quantcast Marketer, which promises advertisers “valuable demographic and interest-based insights about their customers as they are exposed to advertising and/or interact with content or functionality on brand sites.” (emphasis mine)

When I checked for an opt-out on Quantcast’s site earlier this year, I could not find one (even though Omniture and Nielsen offered them), so it was interesting to see that one is now available through their privacy policy page.  

quantcastmenuThe presentation of this opt-out is unusual. The first reference to an opt-out appears on the privacy policy page in a menu on the left, although on the same page there’s no mention of an opt-out in a long paragraph about cookies.  In that text, the only recommendation they offer is to manage cookies through your browser settings.  Also, the label “Opt-out of Quantcast Delivery” is strange (what’s being delivered?). When you click on the link, you get to a pretty standard looking opt-out console.

quantcastnaiIn fact, it looks just like all of the implementations that are collected at the NAI site, although Quantcast is not currently listed as an NAI member.

If I had to guess, I’d say that as Quantcast has moved from simple analytics and into more direct involvement in ad targeting, it has become logical to join the NAI.  To be in the NAI, you must offer an opt-out.  I suspect that this is still in testing, and the rest of the privacy disclosures are just a step behind. Here’s hoping that those are brought in line quicky and that Quantcast puts a prominent opt-out button on the top page of their site, in the true spirit of the NAI.

Now the critique:

First, the cookie itself does not have a name or text content that clearly identifies it as an opt-out cookie, so it’s hard for the user or researcher to feel assured that the opt-out has been effective. I am guessing that the operative cookie is on the quantserve domain and is called “qoo”, but I can’t be sure.

Second, based on trying this on two different machines, it looks like Quantcast is providing unique cookie text for each opt-out, in the form of a long number.  This is poor form, particularly since all the big players (like Google) have moved toward non-unique cookies that, due to their very non-uniqueness, cannot be used for tracking.

One last question for the folks at Quantcast:  tonight I also happened to find a Local Shared Object (flash cookie) on my machine from the domain.  Are you are using these for tracking or targeting purposes?  Will my opt-out be effective for the flash cookie as well?

In my humble opinion, it would be aggressive for Quantcast to use flash cookies for tracking, since consumers don’t understand them and they are difficult to find or remove (perhaps that’s the point). In any case, they aren’t mentioned in the Quantcast privacy policy, whereas browser cookies are discussed extensively.  Since the NAI principles are clear that flash cookies need to be explained as part of “clear and conspicuous” disclosure, we trust that this has already been considered by Charles Curran and his team in Quantcast’s NAI application process, and that appropriate disclosures are on the way.

A practical marketer’s view on behavioral targeting

April 29, 2009

We know that cookies are used to track behavior across websites, to create profiles that are used to optimize advertising and marketing.  But how does targeting really work in practice?

If you’re interested in that question from the perspective of a marketer, read these recent articles by Brian Massey, Behavioral Targeting and the Scientific Method, and A Conversion Professional’s Dream: Behavioral Marketing.

A few interesting things I learned:

  • This is about applying lots of different creative approaches against “lookalike” profiles, to figure out what works best for any given profile.
  • The behavior-based targeting goes beyond the ad on the network; it also affects the experience you have after you click on the ad (landing pages and on).
  • Context is an important behavioral indicator of conversion, which means content still matters.  “Did a visitor watch the video or read the article? This could be a conversion if you know that a piece of content predicts a sale or a lead.”

From a privacy point of view, nothing in those articles offends me.  Those marketing activities don’t involve much more than computers doing their job to wring more efficiency from the system.  Rather, the risks reside in the aggregation over time of an overall behavioral record that might be tied to my personal identity in other ways that I cannot control.

Media6° shows the way

April 28, 2009

After noting that Media6° closed a big financing round, I checked in on their site and was pleased to see something I hadn’t noticed before:  

media6optoutA prominent and clear opt-out function on their homepage, allowing consumers easily to opt out of targeting.  No doublespeak about how this will degrade the service, no hiding it inside the privacy policy two pages down, no oobscure referral to an NAI page.  

Of course, this is by no means perfect — to really be usable at the consumer level, opt-outs must be aggregated as in our wizard and made permanent through a browser add-on to really be effective (we will help with these).  But the Media6 implementation is a reminder of just how easy it is to present an opt-out that truly shows a commitment to privacy choice for consumers.

If you are someone responsible for privacy at an ad network and you’re not taking these simple kinds of steps, you deserve all the regulation that will soon be coming your way!

Still waiting for an opt-out from Visible Measures

April 27, 2009

It was a week ago that we highlighted the absolutely perplexing opt-out process offered by Visible Measures, a video ad analytics and targeting firm that monitors behavior for sites like MySpace and MTV.

Their opt out process consists of an mailto: link on this page, which at first resulted in a bounce, but seems to go through without a bounce.


But what’s going to happen once the email arrives at Visible Measures is still a mystery.  I sent my request on April 20, but have yet to receive any reply or acknowledgment.  I hope I don’t have 83 more days to wait.

Will they send me an opt-out cookie to copy to my browsers?

Will they send me a link to a page where I can get an opt-out cookie?  

Their policy states that they use standard cookies and flash-cookies; will they provide a means to opt out from both kinds of tracking?

Lotame’s new privacy policy: incorporation by reference?

April 27, 2009

As first mentioned in an earlier privacychoice post, Lotame reports the good news that they have joined the Network Advertising Initiative, and as part of that move, is revising the Lotame privacy policy.  Lotame also has been added to the NAI opt out page.


It’s a smart move on Lotame’s part, and one that deserves praise. But as often is the case, I’m still left with a few questions, answers to which  I hope Lotame can provide.  (I’m posting these questions on their site as well.)

Here’s how the policy changes are explained in Lotame’s announcement:

In connection with joining the NAI, we have made some revisions to our privacy policy. Although our prior policy was generally consistent with the NAI’s standards, we simplified our language in some areas of the policy in deference to the more detailed coverage of these points in the NAI principles, which will govern our conduct. In addition, in order to demonstrate our leadership on issues of privacy, we have voluntarily adopted a specific time period of 9 months to limit our retention of the anonymous user data we collect. We are joining only a few other leading companies in our industry in taking on this type of specific and unqualified data retention policy.

Here are some areas requiring clarification:

1. Is Lotame incorporating by reference the NAI policies in their entirety, as written and interpreted by the NAI?  I don’t recall seeing that approach in many other privacy policies.

Substantively, it is of course helpful for consumers to know that a particular ad network is abiding by a standard like NAI’s rules.  But it is not helpful when a consumer has to undertake a research project to figure out what those policies may be. In this case, Lotame’s link to the NAI site still leaves the consumer to find and interpret the NAI’s policy document (a PDF that is, for some reason, buried in the news release section of the NAI site, rather than in the over view of principles). 

In short, incorporating the NAI principles by reference this way is a very weak way to inform consumers of Lotame’s privacy policies.  In fact, it would be hard to say that it satisfies the NAI’s requirement in the policies themselves that each member “clearly and conspicuously” post their policies on their website.

2. A change in the policy that is not mentioned specifically in Lotame’s announcement is the deletion of the following language from the previous policy statement:

In addition, we do not tailor ads based on behavioral categories that are deemed sensitive by the Network Advertising Initiative (NAI).

The NAI policy (in Section II(3)(iv) of the 2008 Principles) requires a consumer opt-in in order to use sensitive information for targeting; so the inference (see discussion above) is that Lotame is now bound by that rule. However, this is important enough to merit a specific statement in Lotame’s privacy policy, particularly in light of the deletion.

The Lotame experience highlights a few lessons when it comes to changes in privacy policies.  Most important, privacy policies should be versioned on websites (as Google now does), and marked to show changes from the prior version. This is particularly important when the date of a policy change may affect acceptable practices with information collected before or after that date, a situation expressly contemplated by the NAI.

Advertisers’ role in privacy policy

April 23, 2009

The privacychoice philosophy (or shall we say, working hypothesis) is that technology can provide consumers with meaningful and actionable choices when it comes to their privacy.  While inevitably there will be a regulatory layer to privacy policy, the depth of that layer depends a lot on how well the media and advertising industries embrace and apply privacy technologies.

So it’s interesting to consider whether all of the “industry players” are pulling their weigh in helping resolve privacy controversy.  The hammer comes down on ad networks, and to a lesser extent, publishers, but where are the big advertisers in all this?

The question comes from Chad Little of Fetchback, writing in MediaPost.

I think that it’s time for advertisers to step up in this privacy debate. Thus far the pressure for disclosure has been placed on networks, behavioral marketing providers and publishers. The key players in those industries have done a good job of becoming more transparent (though there is still work ahead of us), while advertisers haven’t been asked to do anything. Advertisers are clearly benefiting from behavioral marketing, and its time they disclosed what type of behavioral marketing they participate in, and allow customers to opt-out. How they do this is open for discussion: Tag each ad with an opt-out of future ads from the same company? Put a notice on manufacturer’s page with the headline “Did You Know We Are Tracking You?” that links to a kinder, gentler explanation?

It’s an excellent point, and he’s right to think about exactly how this could work in terms of disclosure that happens in the distribution of the advertising itself.  In a sense, is the problem solved in the Google Way, where the landing page explains what tracking is going on, which is naturally associated with the advertiser by virtue of the ad itself?

Lotame’s Revised Privacy Policy: One step up, two steps back

April 22, 2009

Lotame, a behavioral targeter focused on social networks, updated their privacy policy yesterday (see full comparison below).  On balance, the new policy looks less privacy-friendly in important respects.

Here are the details:

1.  They added a reference to the Network Advertising Initiative, although as of the time of this post, they are not listed on the NAI opt-out page.  Perhaps that’s coming soon?

2.  They deleted a promise not to target based on sensitive information, including health-related information.  Pharmaceutical marketing appears to be on Lotame’s radar, having recently sponsored a conference on the topic. If this signals a plan to get more aggressive in behavioral targeting in sensitive areas like health, Lotame is swimming against the tide and tempting the regulators.

3.  On data retention, a promise only to retain user info for as long as the business need continues has been replaced by a promise to keep it only nine months after collection.  (Same question here as we had for BlueKai   — do the profiles constructed with user information live on past the nine month period, even if the cookie-based logs are trashed?)

4.  Finally, maybe this is a detail, but they deleted a statement that said, if they make material changes to their policy, those will only apply to data collected after announcement of the changes.  So, if Lotame’s practices truly have changed as to sensitive information, does this mean that they can now use my sensitive information for targeting even though  they collected it under a prior promise not to use it?

Overall, Lotame gets credit for their earlier adoption of an opt-out process with a non-unique cookie, and (once they complete it) adding their opt-out process to the NAI system.  But these new steps backward are concerning (particularly in the area of sensitive information).  If Lotame is indeed to be added to the NAI group, Charles Curran of the NAI should look closely at these changes.


Last Updated:   March 6April 21, 2009

Lotame and Consumers:  Our services are designed to provide consumers with relevant advertising and content at Web sites you visit. These marketing activities help to underwrite the cost of the content and services made available to you online. 

As part of Lotame’s commitment to respect privacy concerns and implement industry-recognized standards, we are a member of the Network Advertising Initiative (NAI). Lotame complies with NAI’s Self-Regulatory Principles which are designed to inform consumers about data collection and advertising practices across multiple web sites and provide the ability to opt out. For more information or to opt-out of behavioral advertising by Lotame or other NAI member companies, please visit the NAI web site at

 Data We Collect and Use:  To deliver our services, we collect, organize, and use data reflecting your interactions with a variety of Web sites.  The information we use includes items such as the date and time you visited a Web site, your browser information, your IP address, your browsing behavior, and interests you express or imply at social networking sites or other Web sites you visit. We recognize your computer over time by setting a unique browser cookie which your browser relays to our servers when you visit Web sites that are our customers.  We analyze this non-personal information and organize it into anonymous user profiles, groups, and audiences, based on factors such as age, gender, geography, interests and online actions.  We and our customers then use these anonymous user profiles, groups, and audiences to design and deliver targeted advertising campaigns or other relevant content.  We and our customers also use this data for other related purposes (for example, to do research regarding the results of our online advertising campaigns or to better understand the interests or activities of Web site visitors.)

The behavioral categories we use to tailor the ads you may see or for related purposes do not use personal information such as your name, address, e-mail address, phone number, birth date or social security number.  Our technology and services are designed to limit our use of consumer data to anonymous, non-personal information.  In addition, we do not tailor ads based on behavioral categories that are deemed sensitive by the Network Advertising Initiative (NAI).  
Opting Out:  We provide you with the ability to opt-out of our use of information about your previous browsing  to tailor the ads you see.  You can opt-out by clicking here here and following the instructions provided.  Note that after choosing to opt-out, if you use a different computer or a different browser, or if you delete or block browser cookies, you may need to repeat the opt-out steps.  Most web browsers also enable you to block browser cookies. You can refer to your web browser’s documentation to get more information on how to block or delete cookies directly through your browser settings.  
Data Sharing:  When you visit a Web site that shares information about your activity with Lotame, we will use that information to tailor relevant ads to you at that and other Web sites you visit, or for research and analysis.  We may also share non-personal information with companies such as advertisers, agencies, ad networks, or exchanges to enable them to analyze user behaviors or to tailor the ads that you encounter.
There are other limited circumstances in which we may share data.  We may provide access to the non-personal information we collect to service providers who are assisting us with storage, analysis, or other services.  These service providers are subject to confidentiality restrictions, and are not authorized to utilize the information in any way other than to provide their services to us.  If our company is sold, assigned, transferred, merged, files for bankruptcy protection, or undergoes some other change to its corporate form, information may be transferred as part of that transaction or change.  In these instances, we will take steps to ensure that our data is maintained in accordance with this privacy policy.  In special cases, we may also be required to release information in order to comply with requests from law enforcement, government agencies, and similar entities, or to otherwise protect our clients and users.  
Data Retention:  We retain the anonymous user data we collect only for so long as it assists us in fulfillingup to nine (9) months from the business needs described of its collection.    
Security:  Lotame has implemented security measures which are reasonably designed to protect the user data which Lotame collects from unauthorized access, disclosure, or modification.
The Web Site:  Lotame collects non-personally identifiable usage data at, which we use to improve our web site and services.  In response to requests for information, Lotame also collects voluntarily-supplied personal contact information.  We do not share, sell, rent or trade any contact or personally identifiable information with third parties (except with service providers in the manner described above).  If you would like to update, delete, or revise any personal information you submitted to us through, please send your request to  

Changes:  We reserve the right to revise this privacy policy at any time.  If we change the policy, we’ll notify you by posting the new policy here, changing the date at the top, and indicating on our homepage that the privacy policy has been updated.  If we make any material changes to the policy, the material changes will only apply to data we collect after we post and announce the revised policy.  

Contact Us:  To contact us with any questions, comments, or suggestions, please email us at or write to us at the address below.  

Lotame Solutions, Inc.
6085 Marshalee Drive
Elkridge, MD 21075

Proclivity Systems: They know “how much you want to pay” (yikes)

April 22, 2009

Maybe it’s hype, but there’s some pretty bullish talk coming from behavioral targeting firms.  A recent favorite attributable to Sheldon Gilbert CEO of Proclivity:

“We don’t guess, we figure you out and know what you want and how much you want to pay,” said Sheldon Gilbert, 33, CEO and founder of Proclivity, a data tracking system that provides the clients with their customers’ shopping interests, purchasing likelihoods and level of expenditure.

Behavioral targeting not only records the purchase information, it also traces every step of someone’s online activity. “The massive change is to track micro behavior, such as the blogs you read and the community Web sites you browse. We collect the data, and based on your behavior, we analyze you and know what you want before you actually make the purchase.”

via Future of Media: Online Advertising: We Have The Basics Ready (emphasis mine)

sheldonI love how a single quote may inspire wildly different reactions from ad-industry advocates (glee) and privacy advocates (horror). Although I’m all about meaningful choice and self-regulation, I will admit to being quite unnerved by Gilbert’s overt promise to charge me more for something if my behavior indicates willingness to pay. I will gladly sacrifice “more relevant advertising” for lower prices.

Note to self:  after we open up privacychoice2.0 more broadly, we will be working on the “ideal” privacy policy undertaking for behavioral targeting services.  Perhaps it includes an undertaking never to use behavioral data for the purpose of determining a price?

PS This was the first time I visited the Proclivity Systems web site. Couldn’t find a privacy policy.  And of the 44 pages indexed in Google, no mention whatsoever of the word “privacy”.  Okay, so privacy isn’t “top of mind” at Proclivity (or apparently, to their customers), but no policy statement at all?  Do they not collect or handle consumer information?  How about visitors to their website?