Tracking Users for Fun and Profit

Advertising in today’s world has been pretty much accepted by most Internet users. A useful rule of thumb is that if a website is not selling you anything, then you are the product. After all, many websites exist with a profit motive. However, advertising has also spawned a cottage industry in tracking users effectively on both online and offline mediums, and this has caused much concern to other people. The end goal of such tracking is to persuade and influence people to buy more of their products by analyzing their shopping habits. In this short paper, I provide a brief overview on the modes of online advertising and how they attempt to influence people to buy more of what they are peddling.

Social Media Tracking

It is indubitable that Facebook and Twitter have become ubiquitous. They also contain a treasure trove of personal data. Previously, search engines like Google had to infer the age, gender and demographics of a user based on the websites he or she visits. With Facebook, people willingly provide that info when they complete their profile or like pages and links. While there is much advice to fill up your profile with fake personal info, most do not take heed of that because Facebook is ostensibly more useful when you provide real information. After all, who would want other people to wish you happy birthday on your fake birthday? Hence, it is easier for companies like Facebook to target you with more relevant ads. Are you a 21 year old female college student? Perhaps ads for a sale for clothes could be shown. What about an unemployed 40 year old man? Ads purporting get-rich-quick schemes can be displayed. In itself, this might not be a bad thing. However, there should be some concern that such a considerable amount of personal information is concentrated in the hands of a few companies.

In one such case, Facebook intended to partner with other websites to share activities of users on external websites directly on Facebook’s news feed. This service, called Beacon, created an uproar because it did not allow users to opt out of the feature. For example, if one bought a book called Coping with Cancer on Amazon, one’s purchase will show up on other people’s news feeds as “Your friend XXX bought a book “Coping with Cancer” on Amazon. Click here to check it out”. Facebook’s intentions were clear – from persuasion theory, social proof is one way of influencing people to take action on partner websites. Simply put, people are more likely to buy something if their friends bought it. However, they implemented it in a way that third parties were privy to personal information on the Facebook platform. As can be seen, such data sharing among different websites can lead to privacy leaks and unwanted information disclosure.

More worryingly, there are companies such as Lookery that attempts to segment users into various demographics based on their website visits over participating websites. In fact, I used Lookery a few years ago and they paid $0.10 per 1000 visitors, which while seemingly very little, is quite substantial considering they place no ads on your website – only an invisible JavaScript beacon tag is placed. Although they promised that no personally identifiable information is stored and transmitted, prior incidents like the AOL search data leak leaves much doubt. In that particular case, AOL released detailed search logs to many users for research purposes. Although AOL did not specifically disclose which user queried what terms, it was possible to identify users based on their search terms. In many cases, specific individuals were even identified. It is of concern that such advertising beacons, while in itself is anonymized, can be cross-referenced with data from other providers to provide enough information to identify users. Therefore, online advertising can be used to identify users, which is an ethical problem in the broader schemes of persuasion.

The Rise of Data Brokers

The traditional role of data brokers was to provide firms with a way to get demographic data, or verify personal information in that firm’s database. For example, in the case of fraud prevention in an online shopping portal, firms can cross-reference a potential customer’s email to their shipping address. How it works is that the firm provides a one-way hash of their customer’s email and address and provides it to the data broker, and the latter returns a result indicating if they have an exact match. Either parties do not have access to the email or physical address that is being queried, since a one-way hash is being passed, with the hashing algorithm known only to those two parties at that point in time. However, some people are still spooked by the fact that personal data, even though encrypted, is still being passed around different companies in the normal course of business. With so many parties involved in a transaction, there are more points of failures in a privacy leak.

The more contemporary role of data brokers now involve bridging real-world and online actions to a person. For example, if Coca-Cola launches an online advertising campaign on Facebook, measuring its effectiveness would be hard without data brokers. These companies, via deals with multiple retailers, get transactional data of specific products in purchases made in-store, aggregate them and present them to clients to gauge advertising effectiveness. It can also work in the opposite way as well – Walmart might want to track and compare the shopping habits of those in-store vis-à-vis those online. In this case, the “bridge” is your loyalty card – if you use your card at a brick and mortar store, then enter it online to enjoy a discount, then retailers will know that the online persona is the person registered in your membership card. Data brokers can then help Walmart market products that you are more likely to buy on not just Walmart, but on other websites as well. At this point, your online identity can be associated with a physical one. An example of such a company is Datalogix, which tracks more than $1 trillion in consumer spending across more than 1400 retailers. This data is then passed to data cooperatives which act as a central clearinghouse for personal information across multiple companies, online and offline so that they can be homogenized into a machine readable format, to be resold to other advertising agencies.

As some critics rightly point out, data brokers have operated even before the Internet matured, perhaps even more unscrupulously. If you have written down your details to take part in a sweepstakes or lottery, you have effectively signed away your personal information to a company which purportedly helps facilitate the lottery. In fact, data brokers back then were subject to little regulation. Paid services existed which allow you to get someone’s address from their phone number, and vice versa, for telemarketing purposes. The modern form is encapsulated in the company Towerdata which prides itself on finding a person’s social media accounts and physical addresses based on their email addresses. Additionally, this service called Email Intelligence allows interested parties to buy “demographic, interest and purchase data for more effective list segmentation and personalization”. As can be seen, such exchange of personal information is not new, but due to increased frequency of data leaks, people are more concerned now than in the past.


In sum, online advertising can be seen to infringe on users’ privacies, all for the ends of getting people to buy more of their products. This has very much to do with the ethics discussion we had this week. Previously, advertising was pretty much a benign medium – you search ads with a particular keyword, and was shown ads with those keywords. Now, advertising has gotten so far to the point that Walmart and Target are able to know whether you are pregnant, even before you actually conceive – all based on big data analysis of your online habits derived from a variety of online and offline sources.

What a world we live in.


Here’s an interesting discussion question that allows you to think about the future of advertising.

  1. Do you think privacy and advertising can ever be segregated? That is, can effective advertising happen without breaching users’ privacies? Do such advertising firms exist now?

Leave a Reply

Your email address will not be published. Required fields are marked *