Cookie monster

The US Federal Trade Commission (FTC) has issued a comprehensive online privacy report calling on the industry to offer consumers a simple opt-out mechanism, i.e. a universal “do not track” setting on the browser. So what will the FTC think of the digital fingerprinting businesses a new crop of tech firms are trying to launch: targeting ads by tracking users’ individual devices. 

The promise is more accuracy and better targeting than cookies. But
will the business model creep consumers out more than cookies already do?

To come up with a device’s digital fingerprint, tech firms like BlueCava, 41st Parameter and iovation automatically compile all the information a computer, phone or other device broadcasts once it connects to the web. This could be simple data like the fonts it’s using, the browser, date and time, or even the operating system.

Though the information is not tied to personally identifiable details, compiling this info leads to a unique, device-specific profile. By tracking my laptop, for example, a company could discern that the owner travels between NY and LA frequently, often logs on via public wifi networks in Starbucks, and often streams music from Pandora or other services. That could be a useful profile for a particular kind of advertiser.

As the WSJ notes, there’s not much users can do to stop this info from being broadcast. So companies like BlueCava have begun aggregating the data, and offering it to advertising and media companies, in the hopes of delivering targeted ads and content. 

Advertisers no longer want to just buy ads. They want to buy access to
specific people. So, Mr. Norris [of BlueCava] is building a “credit bureau for
devices” in which every computer or cellphone will have a “reputation”
based on its user’s online behavior, shopping habits and demographics.
He plans to sell this information to advertisers willing to pay top
dollar for granular data about people’s interests and activities.

But why is this a viable business model?

Getting beyond the cookie is important

Behavioral targeting networks and firms abound, each offering custom audience segments and promises of more precise targeting. But most of their platforms rely on cookies and website visits. Device fingerprinting will allow companies like BlueCava to create trails tied to individual devices – regardless of whether a website the person visits supports cookies, or whether they log in with an iPhone, iPad, or even a web-connected TV.

These companies will have the scale advertisers want

Behavioral targeting networks can give advertisers access to millions of users in custom segments. Device-based targeting will offer the same kind of scale:

By the end of next year, BlueCava says it expects to have cataloged one billion of the world’s estimated 10 billion devices.

Meanwhile, in a recent test of traffic to a single website, 41st Parameter found that it could generate digital fingerprints 89% of the time. The test was conducted over the course of 70 million visits to the site.

But the privacy concerns may be even higher than with behavioral targeting

BlueCava plans to enter all the data from the devices it fingerprints into an information exchange, and even pair the info with offline-targeted data. The blend of on- and offline information is ideal for advertisers – but decidedly intrusive for consumers. The company’s rivals, on the other hand, are wary of wading into the cross-platform tracking and targeting waters. 

While the potential for delivering highly-customized content and ads seems ideal, the premise of device fingerprint-based ads raises a number of questions. What if a friend loans his or her device out, how can an advertiser be sure they’re still targeting the right person?

What about family-centric devices like the iPad or a web-connected TV? How can advertisers ensure they won’t be reaching children – especially – with risque or adults-only content? Meanwhile, what will keep this particularly invasive targeting technology out of the crosshairs of the FTC (and the EU?)