• by Laurie Sullivan , Staff Writer @lauriesullivan, October 19, 2011

Stanford University computer scientist Jonathan Mayer released a paper recently highlighting the data leakage issues of behavioral targeting. He found Web sites share log-in names and personal information, such as a person's first and last names. Viewing a local ad on Home Depot's Web site might send the information to about a dozen companies.

Mayer's research finds consumers are individually identifiable on the Web using a variety of techniques. "The work we have been doing has a fairly unambiguous, straightforward methodology," he told MediaPost. "We signed up on a bunch of Web sites and looked at what the Web browser sent to both that Web site and others."

The team built a virtual biography of a fictional person and signed up to receive information from a number of Web sites. They looked at the traffic between different Web sites, matched the traffic against the virtual biography, and counted the traffic as a virtual leak if it matched the virtual biography. The study was conducted during a month's span.

Mayer found "lots of identifying information leakage." One statistic, which he said comes with caveats, finds 61% of the Web sites tested leak user name or user identification to a third party, which he points to in his post. This opens the door to false positives and false negatives, he said. The third parties were ScoreCard Research, Google Analytics, DoubleClick, Quantcast, and Facebook.

The most common form of leak came from Web sites that require users to put their name in a URL or in the page title. This is a Web site design that's not totally unreasonable, he says.

Apparently there's disconnects between what the general public thinks and what actually happens with information input online either in search boxes, URL or other places. While I'm not surprise at the data leak, Mayer said it stems back to the ad industry insisting there's nothing to be concerned about because the data remains anonymous. For most in the industry, this shouldn't come as a surprise.