Don't Be Afraid Of The Cookie Monster
There's an early episode of "Law & Order: SVU" (this one) in which detective Stabler is explaining to his teenage daughter why he put a parental control package on her computer and read her emails. It's because, he says pointing to the screen, all those creeps he has to protect her (and society) against, are "coming through there now."
Demonization of the Internet is a popular cultural motif. And I understand why the Web is so scary for so many; it is, as the late senator Ted Stevens famously noted, a "series of tubes."
The Wall Street Journal has recently triggered a lot of hubbub and industry debate about digital privacy with its rather sensationalized, "they're-coming-through-there-now" series, "What They Know."
Randall Rothenberg, president/CEO of the Interactive Advertising Bureau, offered the industry perspective on digital privacy here.
The debate, of course, is about cookies and cookie targeting. And if it's about cookies, then it's an online metrics issue.
We all know that a good part of the digital advertising spend has shifted in the direction of targeting "audience segments" instead of media vehicle audiences. In audience targeting, publishers and their agents (and competitors) encode targeting attributes into cookies, then use those attributes to determine the best ad to serve when that cookie is observed (and decoded) on a computer requesting a piece of ad-supported Web content. This determination, and subsequent ad serving, typically occurs in real time (that is, the determination of what ad to serve is made between the user content request and the delivery of that content -- a fraction of a second.)
Personally I have reservations about the efficacy of this as a publisher business model. I understand the need to monetize perishable unsold inventory, but I think such cookie-targeting "real-time buying" tends to commoditize publishers, while at the same time shifting emphasis away from the creative and messaging strategy (which matters way more than the scientists building optimization models realize), and toward simply getting impressions to cookies as efficiently as possible. I went on about this at some length at OMMA Metrics in San Francisco, which you can see here if so inclined.
But I digress.
Basically, the two sides of the privacy argument go like this. On the one hand, as you'll glean from the Wall Street Journal's coverage, there is some concern about some unseen and nefarious "Big Brother" corporate entity spying on consumers, learning our secrets, using them against us. (Never mind that no one bats an eyelash about, or ponders the science behind, how all those precision-targeted catalogs and credit card offerings show up in our actual physical mail boxes.) The other side, as Randy nicely lays out, is that the technologies for sharing information online are in fact the collective engine that drives the Internet, enabling services for millions of consumers, stimulating the economy, creating jobs, and keeping us competitive globally.
Anyway, all this fuss got me curious. What exactly do "they" know about me?
Most of the major cookie-targeting players provide links where you can review the attributes they associate with your cookie; you can edit these attributes and, if you like, opt out entirely. So I decided to visit the preference management pages for some of the major cookie targeters and take a look.
First I did this from my work computer.
Google tells me they have no interest categories associated with my ad profile so far. (I found myself a little disappointed.) I told them I was interested in "jazz & blues" and in "rock music," so I'd get some targeted ads about music products and services (which, by the way, I'd like.)
Yahoo tells me my browser doesn't currently qualify for interest-based ads. They don't know my age or gender, but they know some of my activities. They have me down as a searcher in the travel vertical, as well as in three travel sub-categories: "Air & Charter," "Europe_Last Minute," and "Vacations." Indeed I book all my business travel from this computer. They also have me down as visiting pages associated with "Finance" (which is probably what I think of as business, and which I occasionally read about in Yahoo! Finance); and "flickr" (what can I say? I've got a cute kid.)
Blue Kai has used my IP to locate me in New York state (correct), Northern New Jersey/Long Island (occasionally correct), California (nope), and specifically the San Jose/Sunnyvale/Santa Clara area (Silicon Valley; I must have used the Internet on a business trip.) They tell me I am in "A/B test group 12" and my language is Spanish (not at all, but I do occasionally visit Spanish language sites as part of my job.
Exelate also doesn't know my age or gender. They show over 150 possible targeting characteristics, and I'm checked off for precisely one: "Hispanic." Dios mio! I corrected that (I am not Hispanic), and added "shopping - Music"; I also checked off "Urban Lifestyle" because I do in fact live in an urban area (Manhattan) and besides, I want to keep it real, yo.
Lotame doesn't know my age or gender either, and has no interests for me.
Now to be fair, one thing you see here is that (special note to my employer) I'm not spending a lot of time surfing or shopping from my work computer, although I am reading business articles and booking travel. This got me to wondering how much detail there would be on my home machine, from which I probably exhibit a broader array of targetable behaviors. So I dashed home at lunchtime to check.
Google had no interests for me on my home machine.
Yahoo had me interested in "miscellaneous news"; 'basketball"; and "football"; and this hierarchal entry: "Technology > Consumer Electronics > Audio > MP3." And under pages and topics I visit, they show "movies."
You get me, Yahoo! You really get me.
At Blue Kai, I found that I'd opted out of tracking. I dutifully opted back in.
Exelate again didn't have my age and gender, but they did have these targeting characteristics ticked off for me: "online music streaming"; "entertainment"; "shopping"; and, the shopping sub-categories "flowers/gifts" and "music."
I inadvertently forgot to check Lotame from my home machine. Sorry; user error.
I'm not overly zealous about cookie deletion. At home I delete my cookies once a week; specifically, I delete them Friday afternoon at 5 p,m. (or rather, Trend Micro does.) At work, I don't think I have any systematic cookie deletion set up.
While I work in the digital space, I'm also a consumer, and I have no trouble separating the two. As a consumer, I found myself, if anything, a little underwhelmed at the extent of the data "they" had on me; certainly, the truth of the targeting data about me fell far short of what my expectations might have been from reading the articles in the consumer and business press. I found nothing there remotely troubling, threatening, frightening or intrusive. In fact, I was motivated to correct errors when I saw them, and to add some targeting categories, because let's face it, if I'm going to see ads, why not exert some control so I see ads for things that might interest me?
I would urge anyone who is interested in online privacy, or in digital tracking, to visit these links for themselves and see exactly what it is we're all talking about. For me it was quite a reality check. Obviously it is in my professional interest for the Internet advertising marketplace to be robust, and I concede that this may color my perspective. But as a consumer I cannot avoid the conclusion that this whole privacy fuss is much ado about practically nothing. I appreciate the diligence and vigilance of the privacy watchdogs. But Randy Rothenberg has it exactly right. Online tracking is, like most database marketing, a benign force that helps enhance the lives of consumers and facilitates commerce, which we capitalists tend to believe is a good thing.
I can't help thinking that there is an inherent fear and paranoia about the Internet that is out of alignment with reality. Offline direct marketing makes greater use of person-level or household-level data than online marketing does, but consumers don't seem to notice, mind, or care. Hopefully, as generations of consumers come of age having "grown up digital," we can look at issues like online privacy through an informed, tech-savvy, 21st century lens.