Today’s Wall Street Journal coverage (“Website Operators Say It Isn’t Possible to Keep Track of All Tracking Tools”) attributed this quote to Yahoo!’s Chief Privacy Officer, Anne Toth, in yesterday’s Congressional hearings.
It is technically impossible for Yahoo! to be aware of all software or files that may be installed on a user’s computer when they visit our site.
My own Tweet about the article lead was: “Baloney,” to the extent it implied that Yahoo! has no practical way to control third-party tracking on Yahoo! pages.
As it turns out, that reading of the statement was baloney, since (1) it seems to have been taken out of context from Yahoo!’s complete response, and (2) it was made in response to a somewhat loaded question.
The question was whether Yahoo! has perfect visibility as to how third-party advertisers interact with consumer browsers. Yahoo! seems to have answered honestly and correctly: no scalable monitoring system can detect every third-party server interaction which could carry a cookie or local storage artifact. But the rest of Yahoo!’s submission makes it clear that they actively sample and monitor third-party tracking to the extent technically feasible, just as you would hope. (By the way, any site can have access to this kind of scanning through PrivacyChoice.)
It’s great to see the privacy discussion focus not only on the advertisers and ad networks, but also on the publishers who decide which companies can track through their sites. It’s time for big names like Yahoo! and Google to make it a published policy to give tracking access only to companies that are compliant with strong industry guidelines and are subject to regular oversight.
From Yahoo!’s full testimony:
8. Is your company aware of all third-party tracking devices that may be installed on a user’s computer when the user visits your site?
No, it is technically impossible for Yahoo! to be aware of all software or files that may be installed on a user’s computer when they visit our site. When a user visits Yahoo!, we can “see” their Yahoo! cookies which the browser transmits to us. Yahoo! does not have access to other cookies present on a user’s hard drive or all the software that a user may have installed.
As a web site publisher, Yahoo! determines the content feeds and advertisement placements for each of our services and web pages. Nearly every page on Yahoo! is generated dynamically. The content and ads that appear change minute by minute as news headlines, stock quotes, and advertising are all refreshed frequently. An ad that appears when the page initially loads may be replaced by a different ad when the page is refreshed (or reloaded), along with all the content that appears on that page. Yahoo! has relationships with different content and advertising providers. In these agreements, Yahoo! often has performance requirements about how quickly a page element or advertisement must load and these requirements often include limitations on the use of third party cookies on a Yahoo! page as each incremental cookie often results in diminishing page performance.
a) If yes, what evaluations does your company perform to discover such devices? If no, why not?
Yahoo! runs regular scans using internal and external systems to detect third party domains on our web sites that may set or access their own cookies. This is then compared to our list of approved vendors that have completed our compliance program including security, privacy, performance and contractual reviews.
b) What actions does your company take upon discovery of a previously unknown third party tracking device?
If Yahoo! discovers a third party is resident on our properties that has not completed our compliance program, Yahoo! may contact the party or its partners directly to address this issue.