Posted on 16 Nov 10
Major websites are moving to limit the number of tracking technologies like "cookies" spreading on their sites, hoping to keep lucrative data about visitors for themselves—and avoid privacy risks.
More sites are counting the number of tracking tools—software that can clandestinely monitor people's activities online—that are being installed on the computers of people who visit the sites.
A few sites have dropped companies that install tracking tools, due to practices they consider intrusive.
Other Internet publishers want to sell more ads themselves, relying less on online ad networks that install tracking software.
Many Web publishers are finding that tracking software is operating on their sites without their knowledge. Some worry they are missing out on an opportunity, since others are profiting by selling data about the sites' users for ad-targeting purposes. Sites are also worried outsiders may gain access to sensitive information about their visitors, raising privacy alarms.
MSNBC.com, jointly owned by Microsoft Corp. and NBC Universal, has intensified monitoring of software being installed on visitors' computers. "The sheer volume of activity was greater than we thought," said Kyoo Kim, vice president of sales for the company's digital network. There were "a lot of things happening without our knowledge."
Mr. Kim said MSNBC is reviewing its privacy policies and marketing partners, but declined to discuss specifics.
The Huffington Post site recently removed technology from ad firm Lotame Inc. after The Wall Street Journal reported that Lotame was analyzing comments on the site. A spokesman for Lotame declined to comment.
About a year ago, automotive site Edmunds.com found an unfamiliar company installing tracking cookies on its visitors' computers. Officials determined the company was linked to a technology provider for some advertisers on Edmunds' site.
"It was clear to us that they shouldn't have been there," said Avi Steinlauf, Edmunds' president. "I can't tell you what they were doing, because we can't know."
A new study by technology start-up Krux Digital Inc. found that nearly a third of the tracking tools on 50 popular U.S. websites were installed by companies that gained access to the site without the publisher's permission.
On average, visiting a single page on those sites resulted in 10 trackers being installed or updated on the visitor's computer. Krux found some pages installed or updated 40 trackers.
Krux studied most of the sites the Journal first investigated in its "What They Know" series on Internet tracking. Krux, however, focused on identifying tracking software being installed without the knowledge or permission of the host site.
The Journal's series is investigating the fast-growing industry of tracking Internet users and trading in their personal details. The business stems from advertising based on users' online behavior—putting car ads in front of potential car buyers, for example. Such behavioral ads sell for a premium, which attracts revenue-hungry websites.
Now, site operators are learning the costs of letting ad companies and other data-gatherers track their users.Kirk McDonald, a digital executive at Time Warner Inc.'s Time Inc., said some companies are "pirateering" by selling data generated from other sites' content.
Krux estimates the 50 sites are losing at least $850 million of annual revenue by others selling or trading data about their users without their knowledge. Eliminating some of these middlemen would allow the publishers to make more money from ad sales, it said.
Some publishers are rethinking practices.
Internet conglomerate IAC/InterActiveCorp has enhanced its internal ad-sales technology and reduced its use of outside ad networks. IAC says it now sells directly 30% of the ads that used to go to ad networks; its goal is to sell all of its ads on its own. "We needed to take our destiny in our own hands," said Ali Mirian, vice president of product and technology for IAC Advertising.
IAC owns Dictionary.com, which the Journal found installed more than 200 trackers on a visitor's computer, more than any other site tested. Mr. Mirian said he believes the new approach has reduced the number of trackers installed on visitors' computers.
Time Warner's Turner Broadcasting stopped using ad networks in 2008 to maintain control of which ads appeared where on its sites.Walker Jacobs, executive vice president of Turner/SI digital-ad sales, said many
Web publishers embraced targeting technology without considering the consequences; that allowed others to profit by assembling profiles of the sites' users.
Since then, the chains of data handlers involved in placing ads on websites have grown more elaborate.
When Adam Ross, an Atlanta entrepreneur, recently visited the Huffington Post, at least 12 companies placed or accessed cookies on the computer he used.
The Huffington Post worked directly with two of those companies: Google Inc.'s DoubleClick, which places ads on the site, and PubMatic Inc., which helps maximize revenue from those ads.
When Mr. Ross arrived on the site, DoubleClick instantaneously sent a request to PubMatic, which installed a cookie on his computer, according to computer code reviewed by the Journal.
PubMatic then sent details about an ad slot it was trying to fill to ad buyers and their partners, including AdBrite, AppNexus, Turn and Traffic Marketplace. Each of those companies installed its own cookie on Mr. Ross's computer. An ad appeared on the Huffington Post site just after Mr. Ross went to the webpage.
Traffic Marketplace then pinged five other ad-targeting or measurement companies, some of which placed new cookies or accessed a previously installed one.
"It makes me feel like I need to take a shower," said Mr. Ross. He said he is generally comfortable sharing his data with a site he is visiting and its direct partners, but not with others.
It isn't clear what data on Mr. Ross's Web browsing moved through the chain. A spokesman for Huffington Post said it takes users' privacy concerns seriously and monitors outside ad partners closely. He said the company doesn't share any personally identifiable information with ad partners or data providers.
PubMatic said it didn't use any data about Mr. Ross's Web browsing for ad targeting.
A spokeswoman for AppNexus said it placed a cookie to track how many times its customers' ads were viewed and didn't, in this instance, gather any other data about Mr. Ross.
A Turn spokesman said data collected by its cookie is restricted to a single advertiser, and not shared with others.
A spokesman for Traffic Marketplace said it didn't collect any data from the visit for ad-targeting, because the Huffington Post doesn't allow it.
AdBrite said it uses data gathered from its cookies to create targeting profiles, but those profiles don't identify specific sites a user visits.