Modern online tracking techniques make the browser cookie look "pretty wonderful," said Joseph Lorenzo Hall, chief technologist and director of the Internet Architecture Project at the Center for Democracy & Technology, at a Federal Trade Commission workshop on cross-device tracking.
Hall pointed to audio beacons as an example of an advertising technology that makes past privacy debates about cookies seem quaint by comparison. Audio beacons play ultrasonic sounds when an ad appears on a smartphone, computer, or TV, to communicate that event covertly to nearby devices running software designed to listen for such signals. They represent the ad industry's latest attempt to develop reliable ways to track people online.
The FTC workshop on Monday explored cross-device tracking, the practice of associating a person's online activities across multiple devices to create a single marketing profile. The agency seeks to understand the technologies involved and to determine whether further regulation may necessary to protect consumers.
The online ad industry for years has struggled with the problem of linking online activities across different devices with a specific person. Advertisers want to know when a person has seen an ad, to avoid showing that ad again or to associate a purchase with exposure that occurred on a different device. Knowing helps advertisers understand how to make ads more effective. But the Internet lacks an easy identification system for people.
So, ad companies have focused on identifying devices, for situations when users don't declare an identity by logging into an account. As the Web evolved in the 1990s, advertisers used cookies and 1-pixel image files (once known as "Web bugs") to differentiate between devices, with the assumption that the same person would be behind the same browser. In recent years, they've relied on more sophisticated tracking mechanisms like local shared objects and browser fingerprinting. And as native mobile apps evolved, advertisers began adding platform-based identifiers, Apple IDFA and Android Advertising ID, to the mix.
But the proliferation of connected devices, and communal use of those devices, has made it more difficult for advertisers to know who is behind a given browsing session or app. Any Internet user who has been presented with irrelevant product recommendations based on a family member's online activities on a shared device has experienced the issue from the other side of the mirror.
That lack of clarity has led advertisers to combine deterministic methods of tracking (e.g. account login) with probabilistic methods (e.g. browser fingerprinting) and tracking data supplied by ISPs in an effort to maximize the effectiveness of their marketing. It has also led to the development of audio beacons. And Hall suggested it may lead to visual beacon systems, which use device cameras to covertly capture visual information, invisible to the human eye or obvious, for the purpose of ad-related tracking.
In comments submitted to the FTC last month, the CDT singled out SilverPush as the leading developer of audio beacon technology. It cites figures from an April article claiming that the firm's technology is used in 67 apps that have been installed on as many as 18 million devices.
If that's the case, users of these apps aren't easy to find in the US. "Despite the press releases, we can't find a single device configured to receive these kinds of signals," Hall said in a phone interview, even as he expressed doubt that audio beacons are pure fundraising hype because there are several companies touting similar technology.
Justin Brookman, policy director of the FTC's Office of Technology Research and Investigation, said at the event that the elephant in the room for this discussion is the rise of ad blocking technology, which suggests consumers are unwilling to accept the ad industry's insistence on access to information.
The questions asked by the FTC and other stakeholders about the extent to which consumers can control the devices they supposedly own will not be answered easily. But in a few months, the discussion could affect how the FTC approaches its privacy enforcement responsibilities.
"The security model of the Web, all these unsanctioned forms of tracking that people don't agree to and don't have good ways to control, are fundamentally undermining trust," said Hall during a panel discussion. "For some of us, it's turning the Web into this very adversarial environment that we typically associate with dissident communities, not consumers."
**New deadline of Dec. 18, 2015** Be a part of the prestigious InformationWeek Elite 100! Time is running out to submit your company's application by Dec. 18, 2015. Go to our 2016 registration page: InformationWeek's Elite 100 list for 2016.