Cracker of an Issue

Untangling the Web of Online Advertising and Privacy

Friday, August 26, 2005

Walk the talk to save your Cookies

Dave Morgan of Tacoda, the behavioral targeting company, believes that the ‘cookie mess’ can be fixed by Publishers, because they are the ones with regular, recurring, and direct relationships with consumers and are the "gatekeepers" that advertisers and their agencies pay to contact and engage those consumers. He does have a valid point about how Publishers and not companies that provide online advertising technology and services are in a much better position to drive consumer education efforts regarding cookies. However, by putting the onus on Publishers, it does not mean that companies like Tacoda have no role to play in fixing the cookie problem. After all, Tacoda works with Advertisers and Publishers so aren’t they in a great position to convince their clients about the importance of clear and prominent disclosures regarding the use of cookies?

Lets take a website like (A Publisher client that uses Tacoda's Audience Management Service). Their privacy policy contains the following disclosure regarding Tacoda:

Our websites are currently contracted with Tacoda Systems, a third party, to track and analyze anonymous usage and browsing patterns from our visitors and customers. All data collected by Tacoda on behalf of our websites is owned and used by the New England Media Group alone. We use this information to help provide our advertisers with more targeted advertising opportunities, which means that users see advertising that is most likely to interest them, and advertisers send their messages to people who are most likely to be receptive, improving both the viewer's experience and the effectiveness of the ads. For more information about Tacoda’s privacy policy, including how to opt out, go to

Lo and behold, the above disclosure does not even mention that Tacoda uses cookies! An online user would have to read Tacoda’s privacy policy to realize that Tacoda uses a feature of their browser to set a "cookie" on their computer. Further, Tacoda’s privacy policy contains an opt-out link, which then redirects the user to an NAI opt out page! How many pages is a consumer supposed to navigate through and how many privacy policies is a consumer supposed to read before they can understand what Tacoda does and the choices they have regarding Tacoda’s cookie? If Dave Morgan believes that Publishers must develop a policy to provide clear and transparent information about how they use cookies or similar technologies, why not contractually obligate Tacoda’s clients to prominently disclose that Tacoda uses cookies and why not include a direct opt-out link in the disclosure on the Publisher’s site itself? Maybe these minor changes will not solve the cookie deletion problem, but isn’t it more transparent and consumer-friendly than what is currently being disclosed on a prominent site like Further, as part of its deal with the New York Times Company, Tacoda reportedly also provides behavioral targeting services to and’s Privacy Policy does not even mention Tacoda!

Maybe disclosures in Privacy Policies are not the best way to improve consumer understanding of cookies and why they should not be equated with spyware, but, as of now, they are the only place where consumers can learn more about the use of cookies on websites. I strongly support Dave Morgan’s push for transparency, but I do hope he takes his own advice that “Consumers will only be happy and well served if every company that tracks and uses consumer information is fully transparent about what data is being tracked, how it is being used, and if consumers are given the opportunity to consent to participate in the process....Putting this information in their privacy policies is only the first step, not the last.”

I couldn't have said it better myself.

UPDATE (August 29, 2005): I contacted Dave Morgan of Tacoda after posting this, and here's his response.

"no TACODA cookies are set on or … while they use TACODA’s technology to target their ads, they do not set any TACODA cookies. All of the cookies they use for targeting are set in their own domains, and can not be read or used by third parties. TACODA cookies are only set by sites that participate in our advertising network."

Thanks Dave, this is great, but don't blame consumers for being a little confused about all this. I pretend to understand how online advertising works and I was! (after reading's and Tacoda's privacy policies). I agree with your views that it's all about respecting consumers in the end, and that's why we need better disclosures!

Wednesday, August 24, 2005

Fair exchange: you get content, we need cookies

While the IAB is still working with publishers to gather information to determine the extent of cookie deletion (before they make any concrete efforts to change the industry and consumer perception of cookies), here are some interesting highlights from discussions at Safecount's recent Advisory Board Meeting that outlines their possible strategy of “education & regulation” to save cookies.

Safecount seems to have come up with some very interesting discussion points on how to tackle the problem of cookie deletion and lack of consumer understanding of the value provided by third party cookies. Until now, the online advertising industry has failed miserably at being proactive about consumer concerns and have often reacted (primarily to legislative developments) only in the interest of self-presevation. However, there is still an opportunity for legitimate companies that are likely to be impacted by cookie delection, ad-blocking, anti-spyware tools and poorly drafted laws to step up and be honest and clear about what they do and why no Internet user should be concerned about their business practices. Crafting exceptions in proposed spyware laws and negotiating with Anti-spyware vendors to meet one's own business goals has so far done nothing to combat long-term consumer concerns about the safety of their computers and personal information.

I had not paid much attention to the Safecount initiative until now and the initial progress is very encouraging and some very positive ideas seem to have come out at their Advisory Board Meeting. For example, they seem to recognize that educating the majority of online consumers is a massive task, but eminently doable with major publisher support. Further, although they are supportive of the NAI principles, it appears that their aim is to go a step further, because they boldly admit that having a cookie statement in a privacy policy will not do it (has not done it!). In an effort to add even further credibility to their plans, they accept that education is not enough. Without some way to enforce good principles, everything will remain in a confused state and we will advocate for a certification or regulatory system to be installed.

This is where things get interesting because they seem to be proposing something like a "good cookie" seal as part of the self-regulatory solution. This sounds like a logical solution, but will definitely have its critics who are bound to doubt the effectiveness of such a seal. However, with a good consumer education campaign backing such an effort, it could prove to be a useful mechanism for creating some sort of awareness regarding cookies. Moreover, a cookie seal could play a crucial role by providing a vehicle where online advertising companies can communicate their commitment to best practices and privacy so consumers know which businesses they can trust. The seal could be used to separate out the responsible players and really highlight what they are doing as best practice standards. However, if Safecount is serious about undertaking an honest consumer education and self-regulatory effort it will have to make sure that the self-regulatory aspect of such an initiative should take consumer feedback into consideration and not just the opinions of industry executives in closed door meetings. That has been done in the past and consumers were obviously not informed.

I look forward to something concrete coming out of the Safecount initiative. Let's just hope this is an honest effort that goes beyond merely explaining the "you get content, we need cookies" value proposition and tackles real consumer privacy concerns like behavioral targeting companies aggregating anonymous profiles via cookies and publishers merging them with personal information gathered from its users; cookie-based behavioral targeting using search data collected by ISP's; companies gathering data from adware installations and merging it with data gathered via cookies, etc.

Good luck, Safecount!

Tuesday, August 16, 2005

Future of Internet Advertising- Let consumers control their information?

For decades, advertisers tried incredibly hard to get their message across to the right consumers. Then, the Internet came along and promised a real solution to this challenge by making it easy to know as much as possible about individual consumers. It opened up some fascinating possibilities in targeted advertising, but presented a new challenge of how to leverage consumer data to achieve advertising goals, while addressing consumer privacy concerns.

According to “The Future of Advertising is Here”, Inc. Magazine, August 2005, the power of the Internet is beginning to spread into the real world and perhaps just five years from now, companies will be able to routinely and inexpensively embark on ad campaigns that hit exactly the right prospects -- and hardly anyone else -- with entertaining, hard-to-ignore messages that can follow people via new high-tech media into their cars, offices, living rooms, and bedrooms.

What about consumer privacy?

The above article provides some very interesting information on where advertising might be heading next, but seems to glaze over the privacy challenges that such a future presents. For example, while discussing behavioral targeting services, it accurately points out that these powerful new services do not capture personal information such as names or e-mail addresses -- only surfing habits -- and even then follow only people who have opted in to the tracking (this bit is not entirely accurate). Further, it refers to the results of a 2004 survey by the Ponemon Institute, which found that two-third of Internet users believe better targeted ads would be less annoying, and 45% would share personal information in exchange for that advertising relevance. Although the 2004 Ponemon survey presented some interesting and surprising results, I don’t think it can be used to jump to the conclusion that a majority of Internet users will opt to participate in these sorts of services. Moreover, a new survey has found that although consumers want a more personalized experience online, fewer of them are willing to divulge personal data now than last year.

Further, although behavioral targeting companies proclaim that they allow advertisers to get the right audience without ever identifying individual users, the truth is that such data is often combined with personally identifiable information (PII) about Internet users. For example, this article describes that the more publishers can understand about the people who visit their sites, the better targeting options they can offer to advertisers. Further, what makes services such as behavioral targeting so promising is that it can be combined with personal information which consumers voluntary provide while registering on websites, providing answers to surveys and questionnaires, entering sweepstakes, etc. This data can further be combined with data from external sources to obtain precise profiles of who is on a publisher’s website. Therefore, by merely taking PII out of the picture, behavioral targeting services fail to address the larger concerns with data sharing, data aggregation, and the fact that consumers have little or no control of what is done with their information

Addressing consumer concerns

Although, it is easy to get caught up in the intricacies of whether PII is used and how Privacy Policies are anyway carefully crafted to include myriad forms of data sharing, it is important to not lose sight of the primary consumer concerns that can result in resistance to emerging advertising solutions. If you narrow down privacy concerns of consumers, you can probably conclude that it boils down to the fact that consumers want to be assured that information (whether personally identifiable or not) that is collected about them is:
  • kept secure (so that unauthorized third parties do not get hold of their information);
  • not shared with third parties without their knowledge or consent; and
  • not used to bombard them with annoying marketing messages.
At the crux of the above concerns is a lack of consumer control over their information and a lack of trust in entities that collect such information. Firstly, giving consumers more control over how much data they provide is key to establishing trust. Secondly, consumer education can also play a critical role here and is probably the missing component that could have prevented the debate over cookies from being re-ignited in the age of spyware. Lastly, just as technology based solutions like anti-spyware programs are now allowing consumers to identify and delete unwanted software (and unfortunately cookies too!), wouldn’t it make sense for companies that are breaking new ground with targeted advertising to invest time and resources to design products that allow consumers more control over their information?

Handing back control

Luckily, there might be some help along the way from academia. A recent article regarding UC Berkeley's quest for the ultimate search tool discusses privacy-related research being done at Carnegie Mellon University’s Language Technologies Institute. CMU is reportedly perfecting a technology for personalized search that would solve some of the privacy concerns surrounding search engines. CMU has developed an add-on application that people download to a PC and will allow users to maintain and modify personal information, such as a query history, preferences, and favored sites, within a search profile. A search engine would be able to query the profile, along with the user's search term, to deliver a set of tailored results each time, thereby keeping personal information off the network and on the client's desktop. The technology is expected to be ready within a year and CMU might either offer it as open-source software or license it to industry players.

Such a technology could obviously have implications beyond search engines and if widely adopted and accepted by consumers, could result in targeted advertising that puts consumers in control over what exists in their profiles, without having their information collected, stored, and shared by entities online. Of course, it is not going to be a one-stop solution to online privacy concerns, but could be incorporated into certain online advertising technologies, whereby little or no data is transmitted and stored outside a consumer’s computer.

On the other hand, CMU’s proposed technology could end up having an insignificant impact on privacy concerns related to online advertising. However, if companies that are shaping the future of advertising could only focus some of their pioneering efforts on providing consumers with more, if not complete control over their information, they could pave the way for increased acceptance of new advertising technologies, while alleviating consumer fears and creating a new consumer experience when it comes to online advertising.

Sure sounds like a better future of advertising (at least from a consumer’s perspective).

Friday, August 12, 2005

Contextual Advertising meets Behavioral Targeting

According to this article, Google is supposedly testing a program that will allow AdSense publishers to submit demographic and psychographic data about their audiences, which will be used to determine which ads Google sends. The pilot started late last month, and the objective is to eventually provide it to all AdSense publishers. So, should we expect another privacy backlash when this pilot is rolled out across the web? Probably not. Firstly, it appears that Google will not be tracking behavioral data or using any data of its users for this program. Instead, publishers will be responsible for sharing this data with Google if they choose to do so. The important aspect of this development is that Google has in a small way embraced the potential that behavioral targeting offers and therefore wants to explore what can be done with contextual placements, when they are combined with knowledge of user behavior and interests as well as demographic information.

The competition

Of course, Google is not alone in its endeavors. Yahoo and Microsoft are ramping up efforts to challenge Google’s search advertising initiatives and behavioral targeting is a crucial component being used by both. Yahoo recently expanded its existing Yahoo Publisher Network to include small and medium-sized web publishers and plans to include a feature that enables publishers to suggest certain ad categories that are likely to be relevant for the audience. Further, Yahoo is also testing behavior-based content ads using data collected by Revenue Science.

MSN on the other hand is currently working on a new paid-search solution as part of its MSN adCenter platform, which is being tested in France and Singapore. Currently limited to sponsored search listings, MSN’s adCenter will incorporate demographic information and behavioral targeting and will allow advertisers to know a searcher’s gender, age and lifestyle category (based on the searcher’s psychographic and demographic profile). In what appears to be a bold move, (unlike Google) MSN will get this data from its registered users who sign up for Hotmail, Messenger, or other personalization services at MSN. MSN will eventually give advertisers a self-service platform for the paid-search solution in AdCenter that will rival Google's AdSense program and the Yahoo Publisher Network.

An information sharing explosion

If behavioral targeting is going to play an important role in the fight for dominance between Google, MSN and Yahoo, what does the future hold for consumers? What happens when Yahoo, Google and MSN partner with companies in the behavioral targeting space like Revenue Science, Tacoda, AlmondNet, Accipter , Kanoodle-24/7, aQuantive (who are all looking at expanding their reach). What if you throw Claria in the mix and make adware an integral component of reaching more consumers and learning more about their online behavior? There will be data sharing at so many levels that no consumer can possibly be in control over what information is collected, used, and shared online. Personal information submitted to websites during registration and saved personal preferences will be combined with behavioral data and search terms and search history to build detailed consumer profiles and provide more targeted advertising so that no consumer will ever have to see an irrelevant ad ever again. Sounds a little extreme, but it's an advertiser's dream come true and the biggest nightmare for a paranoid consumer.

Be responsible

Advertisers want more user data, and Google, MSN and Yahoo obviously understand the privacy concerns. Therefore, they are in a great position to be open and transparent about their data collection, use and disclosure practices and can also lead the way in educating consumers about possible benefits of responsible information sharing. However, if these Internet giants don't tread cautiously and fail to keep a tab on consumer sentiment, they are likely to face several roadblocks before they can truly achieve the goal of using the Internet to turn advertising into a targeted, precise and extremely profitable media.

Thursday, August 11, 2005

Adware done right

In the article FTC Wants Adware Dead…Or Alive? | Legally Yours with Mike Sproule, Mr. Sproule seems to be extremely concerned that in the recent settlement, the FTC did not take a stance against adware, and instead merely stated that the sole requirement for the distribution of adware is clear and prominent disclosure that consumers who install the program will receive advertisements. Although the consent order is specific to the facts of the compliant, Mr. Sprule rightfully notes that others will use it as guidance (and the problem here is that the FTC has set a particularly low standard for how to legally distribute adware).

The settlement

Firstly, for a really good analysis of this settlement, read Eric Goldman's post on his blog. Further, I think the FTC has conveyed the right message through this settlement by making it somewhat clear that companies must specifically disclose adware functionality in a clear and conspicuous manner OUTSIDE OF THE EULA. I don't see anything wrong with that approach at all, because the goal is to make sure that consumers are provided with the opportunity to make an informed decision before installing software that is bundled with adware. This means that adware companies can no longer get away with burying their disclosures in EULA's and need to become more transparent during the installation process.

Secondly, Mr. Sproule seems concerned that the FTC in this order does not even require disclosure of the adware’s collection of information about users’ web surfing. This concern seems to be related to data collection practices of adware companies. Firstly, all adware does not 'collect' and track user data to serve ads. Secondly, data collection practices are disclosed in privacy policies and the FTC can use its authority under Section 5 of the FTC Act, to bring cases to enforce the promises in privacy statements. Is Mr. Sproule suggesting that a big concern is privacy and therefore, adware companies should be required to include their privacy policy in the notice they provide to consumers? Wouldn’t that defeat the purpose of trying to encourage disclosures outside of the EULA?

The right approach

My goal here is not to criticize Mr. Sproule’s views, but instead to make the point that adware companies who want to run legitimate businesses should anyway make a sincere effort to exceed standards established by the FTC or any legislation. I think the best practice would be to provide clear and conspicuous notification at the beginning of the download process. This notification should be provided in a separate installation screen and should inform the consumer that they are about to receive adware, along with a brief description of exactly how the adware will function. Further, consumers should consent to a separate EULA that explains in greater detail exactly how the software works and the data collection, use and sharing practices of the adware provider. Of course, there are further steps that can be taken post-installation, such as disclosures in the ads served and obviously providing users with an easy uninstall mechanism, etc.

What is so wrong with the above approach? If the consumer is provided with clear and prominent notice and choice prior to installing the adware, isn't there adequate knowledge and consent? Of course the disclosure provided should clearly describe what the user is getting into and should not include deceptive claims. Now, assuming the disclosure is prominent and honest, what if a consumer has made an informed choice between paying for the software he wants and installing adware so he can get the software for free? Is it impossible that a consumer might recognize the value proposition offered here and choose to actually install adware? I think not, and that's why adware, if done right is definitely a legitimate business model.

The greater challenge adware companies face is ensuring that consumers trust them enough to keep them on their computers. This can be achieved only if consumers have a positive experience after installing the adware. If you want to do adware the right way, you wouldn't want to bombard and annoy users with your ads, but make them fewer but more relevant and ensure that the adware has minimal impact on the user's computer. Further, you would want consumers to know your company better by effectively branding your ads so they can learn to accept and eventually appreciate the value provided. Lastly, for adware that does collect and store behavioral data of users, the privacy risks are greater and such companies should be making an extra effort to communicate their practices not only through their adware itself but also through sincere consumer education efforts.

Think beyond compliance

So; are the current players in the adware space doing any of the above? Yes, and no. However, the one’s that don’t do it right will continue to face enormous churn rates and consumer backlash. The one’s that do it right on the other hand and go the extra mile to ensure that their practices are transparent and designed to deliver the optimum user experience, rather than generating revenue by serving billion ads a day will eventually rise as truly legitimate players in the online advertising space.

Further, as adware players expand and target mainstream publishers by leveraging their installation bases, and merging the capabilities of behavioral targeting across the web, the potential for new revenue streams, as well as further consumer privacy concerns will increase. Adware installed on computers that serve ads on web sites, rather than pop-ups hardly lay to rest consumer concerns regarding excessive data collection and companies building detailed consumer profiles. The companies that will be able to truly succeed will be those that are willing to risk slower growth by first ensuring their practices are well beyond the standards set by the FTC or any pending legislation. Compliance might alleviate legal risks, but building consumer trust will ultimately reap greater rewards.

Wednesday, August 10, 2005

Yahoo! - In search of the perfect online advertising solution?

On May 26, 2005, Yahoo's CEO, Terry Semel announced that developing ways to increase the amount of revenue Yahoo gains from Web-search queries was a top priority for the company in 2005 and that Yahoo had embarked on a large project to make better use of the huge stores of data it has about Web users to help advertisers better target their messages. Less than a month later, it was reported that Yahoo recently expanded its “Yahoo Impulse” program that targets banner ads based on recent search terms entered by a visitor on Yahoo’s sites. The change widened the window during which advertisers can drop targeted banners after a search term is entered from one hour to 48 hours.

Was this a minor upgrade to its ‘Impulse’ marketing product, intended to provide a boost to the targeting efforts of advertisers on Yahoo’s sites? Or is it part of a larger effort by Yahoo to make more profitable use of its user data, while expanding its search marketing offerings by merging the capabilities of personalized search, multi-site behavioral targeting, search-based advertising and contextual advertising? Why are privacy advocates not paying any attention to these developments? What’s next for Yahoo and how might it impact the future of online marketing and consumer privacy concerns?

Yahoo Impulse

The Yahoo Impulse Program is not something new. Yahoo has been using it since 2001 to trigger banner ads based on previous ad clicks and search queries. Further, back in 2002, Yahoo had considered deploying a program called Yahoo Impulse Mail, which would deliver targeted email ads based on what a user searched for. At that point, Yahoo defended privacy concerns by stating that user information would not be shared with third parties, would be used only in aggregate form and users would be able to opt-out by signing out of Yahoo. However, the proposed Impulse Mail program was never official announced by Yahoo and was ultimately never launched.

Yahoo’s new tweak to its Impulse program appears to merely widen the window during which a banner ad can be served, in response to a search term. However, this increase in the window essential means that Yahoo can now make better use of search data by capturing a user's query terms and categorizing them. For example, a user who searches for the term "credit card" will be tagged as someone who is interested in the broader "financial services" category. The user will then be served graphical ads, such as banner ads, from participating advertisers in that financial services category while he/she is in the network of Yahoo sites. The program expands the concept of search-based advertising, by adding a behavioral targeting component that has previously not been attempted by others in the space.

Yahoo Impulse and privacy

Yahoo Impulse tracks search behavior by using cookies and the upgrade to the Impulse program was implemented without making an changes to Yahoo’s existing Privacy Policy, probably because it already contains language that is broad enough to cover this new use of consumer data by Yahoo.

According to Yahoo’s Privacy Policy personal information is collected by Yahoo, from users when:

  • They register with Yahoo;
  • Use Yahoo! products or services (which includes every product and service provided by Yahoo, including Yahoo search);
  • Visit Yahoo! pages or the pages of certain Yahoo! Partners
    Enter promotions or sweepstakes; and
  • Automatically collected in Yahoo’s server logs from browsers, including a user’s IP address, Yahoo! cookie information, and the page requested.

Further, this information about its users may be combined with information obtained from business partners or other companies.

Yahoo uses this information to:

  • Customize the advertising and content users see;
  • Fulfill user requests for products and services;
  • Improve Yahoo’s services;
  • Contact users, conduct research;
  • Provide anonymous reporting for internal and external clients; and
  • Display targeted advertisements based on personal information.

Advertisers (including ad serving companies) may assume that people who interact with, view, or click on targeted ads meet the targeting criteria - for example, women ages 18-24 from a particular geographic area.

The privacy practices for Yahoo search are outlined separately and includes the following information:

  • When visitors conduct a search on a site that uses Yahoo! Search Technology, including Yahoo! and, Yahoo keeps track of which search terms are popular.
  • Advertising shown to users may be related to the search term entered.
  • My Yahoo! Offers the option to save a list of favorite searches. Those are saved, edited, and accessed from a user’s My Yahoo! Page.

As noted above, Yahoo’s privacy policy is extremely broad and fails to address any specific consumer concerns that might arise with regards to the use of behavioral targeting or storing search history. The Policy does not mention the Impulse program, does not specify whether Yahoo associates search history with personal information it has regarding users and does not mention whether or not Yahoo builds detailed user profiles based on such combined information, which can be used to target advertising.

Although presently restricted to ads served on Yahoo’s sites, Yahoo’s new appreciation for understanding consumer search behavior could be a part of a larger effort that impacts its advertising offerings across the web. At present, the Privacy Policy seems unclear on whether search profiles or other behavioral data gathered by Yahoo can be combined with data provided by any of Yahoo’s business partners or other companies to deliver advertisements on third party sites. Based on the broad language in the policy regarding the use of information to customize or target advertising, it appears that Yahoo can do a lot more with its data, on Yahoo sites and on third party sites without violating the terms of its Privacy Policy (which all Yahoo’s registered users and visitors to Yahoo’s site are expected to be familiar with).

Yahoo’s next move: Search marketing and beyond

If recent reports are any indication of where Yahoo is headed next, use of consumer data is going to be at the forefront of Yahoo’s plans. Yahoo is obviously seeking to become a strong competitor to Google in the online advertising space. Launching their own search engine and the acquisition of Overture was just the beginning of Yahoo’s plans to reap the benefits of search marketing. Yahoo’s push to expand its advertising reach comes as the market for search advertising is taking off, and Yahoo is working hard at looking for new revenue sources as it seeks to transform itself into an online media conglomerate and beat Google in the web search game. If overtaking Google in this area is the intention, Yahoo will seek to leverage its two main advantages over Google - its original content and large database with information about millions of registered users. This intimate knowledge of its user base can prove very useful in serving ads with more precise targeting capabilities.

Yahoo currently has a contextual ad product (Overture ContentMatch) that operates a small network, showing text ads on a handful of non-Yahoo sites like,, etc. It also recently launched the beta Yahoo Publisher Network self-service sign-up program for small and mid-sized publishers, as Google does with AdSense. Although currently limited to serving contextually relevant ads, Yahoo has also begun testing a pilot program with Revenue Science, where Yahoo’s cost-per-click text ads would be shown on web pages using behavioral data collected by Revenue Science. However, Revenue Science has not provided further information on the test or how Revenue Science collects the visitor data used to target the ads.

This begs the question: could Revenue Science be making use of Yahoo search data and delivering ads based on what someone has searched for at Yahoo over the past 48 hours? This concept of using search data is not new. AlmondNET has developed a program that delivers advertising following users across the Web dependent on what the user has searched for recently, including (but not limited to) search queries on Google and Yahoo. The company develops profiles of search activities by striking deals with ISPs and adware companies, to collect non-personally identifiable search behavior through cookies. The search data is then used by AlmondNET's Post-Search broker network, which buys low-priced run-of-site inventory from publishers, to display graphical ads tied to previous search behavior.

Yahoo could be attempting to go one step further, by integrating search queries and search-based behavioral data with post-search behavioral data gathered by Revenue Science to develop even more detailed behavior based profiles of users that can then be targeted on non-Yahoo publisher sites. Is that too far fetched? Probably not, because in 2004 Yahoo hired Dr. Usama Fayyad, a data mining pioneer as the company’s first Chief Data Officer and Senior Vice President of the Strategic Data Solutions group. Dr. Fayyad previously co-founded and served as CEO of digiMine Inc. (now Revenue Science) and his professional experience also includes five years spent leading the data mining and exploration group at Microsoft Research and building the data mining products for Microsoft's server division. Further, integral to Revenue Science Audience Search service is search-based targeted advertising, which enables an advertiser to select words that are interesting to its target audience, track the web visitors who have recently visited web pages that contain these interest-based terms, and group the visitors into audience segments. Why leave user queries and behavior on a search engine behind, when users start browsing from search engine results pages? By integrating Yahoo’s search data with post-search behavior, one can target even more effectively. However, if Yahoo combines search data with data gathered by Revenue Science from other publisher sites, they might be entering uncharted territory that will undoubtedly raise the eyebrows of privacy advocates.

If the above plans are true, Yahoo would include this “search advertising meets behavioral targeting” product to the Yahoo Publisher Network, in addition to the existing context based “ContentMatch” program and thereby establish the ultimate online advertising program that incorporates search terms and history, user behavior and contextual placements. Eventually, Yahoo’s Search Marketing product suite could look like this:

  • Sponsored search: Triggered by search terms on Yahoo Search

Yahoo Publisher Network

  • ContentMatch: Contextual graphical and text based ads on the Yahoo Publisher Network (includes large publishers and self-serve sign-up for small and mid-sized publishers)
  • Search + behavioral targeted ads: Uses data gathered through search terms and profiles and web browsing behavior to serve graphical and text based ads on the Yahoo Publisher Network (includes large publishers and self-serve sign-up for small and mid-sized publishers)

Further, imagine the possibilities if Yahoo ties up the ‘Search + Behavioral targeting’ product with an adware company…

A privacy firestorm in the making?

Even if the specific speculations outlined above are far from the truth; as Yahoo expands in the online advertising space and builds further partnerships in an effort to extract further value from the data it gathers, its online profiling capabilities are bound to increase. Eventually, Yahoo will draw the attention of privacy advocates and consumer awareness of Yahoo’s data mining capabilities is likely to spread. Determining whether Yahoo will turn into the next privacy target largely depends on how far Yahoo is willing to go to use data to generate revenue via advertising, how long it plan to retain consumer data, including for what purposes and what role will personal information of millions of registered Yahoo users and its new personalization services play in attracting advertisers.

Yahoo has long been regarded as a brand and company that consumer’s trust. A recent report issued by Internet Monitoring Company, Envisional confirms this, as the report listed Yahoo among not only the most prominent brands online, but also one of the most positively regarded brands. However, efforts to establish trust can be undone quickly and Yahoo must recognize that privacy issues and its business expansion that hinges on use of consumer data are not at odds but go hand in hand. Effective privacy management can help foster consumer trust and can eventually increase profitability. However, a failure to display a strong commitment to addressing privacy concerns from the product development stage, along with adequate consumer education on the value proposition of these new endeavors could erode consumer trust in Yahoo as a company and brand, and turn Yahoo’s perfect advertising solution into a public relations nightmare.

Monday, August 01, 2005

Out of the Fire and into the Frying Pan

A day after it was reported that a possible deal to be acquired by Microsoft had fallen through because of Claria’s past and its advertising software being decried as being deceptive and intrusive; Claria announced its new plans to step into personalized search. Early this year, Claria launched 'BehaviorLink', their new full-scale behavioral targeting ad network and the company had previously used ‘RelevancyRank’, its patent pending behavioral search technology solely to benchmark and evaluate other search engine results. However, this alpha release of Claria's Vista Marketing Services search platform marks the first time this technology has been incorporated into a search engine platform.

Personalized search?

Personalized search is relatively new and has tremendous benefits both from a business as well as consumer perspective. The concept is quite simple, if search engines know more about your search history and your surfing patterns on the Internet, they can obtain a better understanding of your interests as an individual and can provide you with more accurate search results. The ultimate goal of personalized search is to return results that are not only based on terms you search for, but actually what you meant by the terms. The obvious benefit for consumers is that we will be able to find things we’re looking for a lot quicker, and the benefit for the search engines is that they can charge more for targeted advertising. Of course, the only way in which this can become truly effective is if search engines can collect more information about consumer interests and habits so that they can then translate that data into targeted results that benefit everyone. Therefore, personalized search raises the obvious issue of online privacy and whether the trade-off is something that consumers will readily accept.

Getting too personal

Personalized search can truly emerge as the next major innovation in the multibillion-dollar online marketing business if companies that offer these services work hard from the onset at earning consumer trust, by ensuring (and communicating to consumers) that information collected from them will be used exclusively to improve their search experience and will not be used to "spy" on them and will not be shared with third parties.

According to Claria’s CEO Jeff McFadden, "Over time and with more users, these types of personalization technologies will allow consumers a richer, more customized online experience". This statement is definitely true, but no amount of time and money spent publicizing how personalization will improve the online experience of consumers helps address the basic issue that collecting search behavior is going to make many people nervous. In Claria’s case, consumers have sufficient reasons to be very nervous because the search results will not only be based on every search done by a particular consumer and every search result ever clicked on but also historical interests based on Web-wide surfing habits, number of visits to a destination site, time viewing a site and conversion behavior etc. Further, Claria’s search behavior is gathered from Claria’s adware, which is installed in over 40 million desktops of consumers (who probably unknowingly obtained the adware in the first place) and is therefore going to make the consumer privacy concerns significantly greater than personalized search being offered by the likes of Google or Amazon.

Communicate your privacy message

Privacy and spyware concerns linked to Claria's pop-up advertising network that shows ads based on users' Web behavior have plagued Claria since the beginning. Although Claria has recently been making attempts to clean up their image and improve their installation practices, many of Claria's products continue to be deemed intrusive and unwanted. Further, if stepping into behavioral targeting and personalization services is Claria's attempt to move away from pop-up ads and its troubled past, then Claria should be making an extra effort to address privacy concerns regarding their new services from the onset. If Claria hopes to successfully shed its past image and start courting mainstream publishers, a commitment to consumer privacy should not only be reflected in mechanisms built into the products and services offered, but should also be communicated loud and clear to consumers. Claria has taken some steps in the right direction and are working closely with a number of industry groups focused on privacy initiatives and programs. However, enough is not being done to educate consumers about the value-proposition offered by these new technologies and services that are all linked to information collected via Claria's adware installations.

Personalized search is a great idea – consumers want it and advertisers need it, but privacy concerns can stifle its growth. Companies like Claria that are constantly innovating must recognize the benefits of communicating their privacy message not only to potential clients, but also to consumers in general and must learn from their past mistakes and the mistakes of others, because no matter how much progress we’ve made, Internet users are still supposedly ignorant about privacy issues and after all these years, even ‘traditional’ Internet advertising technologies such as cookies are still not being spared.