• by Mark Naples , September 9, 2005

Amid the hubbub about cookies and their uses over the summer, one element of the debate seems to have been lost in the mix. Ironically, it is among the more prevalent uses of cookies, and also among the more potentially dangerous uses for publishers.

I'm talking about the instantaneous data harvesting that occurs routinely in the online ad buying/delivery process. Here are two types that have made a few companies and individuals extremely wealthy, while remaining predominantly under the radar of this debate.

Ad Broker Networks--these companies (like Advertising.com, Fastclick, Undertone Networks, and others) place cookies on consumer browsers as part of their ad buys. They typically capture and store information about where the person was surfing when the ad was delivered (such as the technology section of USAToday.com), what they just surfed before reaching that site (the referrer's Web site), who the advertiser is and what type of business/or offer is involved (i.e., Sprint, mobile telecom offer).

Additionally, this cookie obtains a great deal of technical information (the type of browser, browser plug-ins, machine brand, time of day, connection bandwidth, and IP-based geo-location), and finally, whether or not the surfer clicked on the ad.

These ad brokers capture this information to optimize the space that they bought (their business is to buy low and sell high) with CPA offers. However, they typically keep this information (both on the cookie and in a database, most likely), and re-use it whenever they see the user again. For example, they may routinely make large, multi-billion monthly page view buys on MSN or Yahoo! at a very, very low CPM--maybe for less than 40 cents. If they know that a user visits tech content at a major publisher site, is located in New York City, and has responded favorably to a mobile telecom offer recently, they could deliver that person a very high-value Verizon Wireless ad with an effective CPM of $10.

Essentially, the broker is able to leverage cookie-based data that they captured from one publisher on an earlier buy (which paid for itself) into a massive arbitrage on a subsequent buy solely because they were able to capture and re-use cookie-based data.

This is one of the major ways that ad brokers make money, of course. Rarely do publishers ever ask or require that these networks disclose which cookies they will be setting when they make buys. Nor do they require knowing what data the brokers will be capturing, or what they will do with it.

In fact, many times, the broker that buys the remnant space will not be the one that actually fills it. For example, a company like Drive Performance Media (DrivePM) may buy space from a publisher. They may have their ad server called first. If they don't see a cookie that they recognize, they may "hand-off" the space to Blue Lithium, who may do the same thing. They will look for one of their cookies. If they don't see one, they may hand it off to Right Media, who may resell the space again.

This kind of tactical data harvesting is almost always undisclosed to the publisher, and is certainly unknown to the consumer. Is it bad? Well--for publishers, it may be. But many publishers are happy to part with their remnant inventory under these terms. Is it bad for consumers? As eCommerce grows and the Web marketing model expands, that would be an even more difficult case to make.

Should it be more transparent? That's what I'm hoping to hear from you readers on. I think it needs to become more transparent--and soon. But I'm assuming many of you will disagree with me on that point.

The second type of Data Harvesting I'd like to examine here is done by Third-Party Ad Servers. Some third-party ad servers set a unique cookie in their own domain on all browsers of all campaigns that they see. This way, they are able to see this cookie in the future when they see the same user again, assuming that the user has kept the cookie.

Some third-party ad servers routinely keep technical information about the user with this cookie (browser type, etc.). Some third-party ad server contracts include as a standard default clause the right to keep and re-use certain anonymous data about the campaign. For example, they may keep information about what category of ad was displayed and how the user responded. They may keep information about what type of Web site or section or page the user was surfing or referred from when the ad was delivered. They might keep information of the frequency of visits or how recently they have seen the user. Some of these companies then re-use that data for campaign optimization as part of proprietary "optimization" that they charge advertisers for. They may also use this data much like the ad broker networks, and buy remnant inventory to then optimize it against CPA campaigns.

Atlas DMT, for example, may make purchases like those aforementioned on MSN to optimize their inventory, or they may just offer the optimization as a service. Essentially, they are able to convert the consumer data that they captured from publishers and from advertisers or other agencies that use their services into media arbitrage.

As consumers, are you aware that this is going on in your hard drive and vis 'a vis the sites you visit? More to the point, if you're a Web publisher, did you have any idea where your user data has been going and who else has been monetizing your users?

For years, I've been saying that the cookie/privacy issue is far more of a business matter than a consumer privacy matter, and I think that is truer still today than ever before.

But until Web publishers get the same kind of transparency from their affiliates that consumers are demanding from the publishers themselves, there will be far less industry awareness than is needed in this debate.