3rd-party Ad Serving Raises Privacy Flag

By: Steve Outing Consider this increasingly common scenario: You are a news site publisher, and one of your advertisers (a major national account) wants its ads that go on your Web pages to be served not by you, but by a third-party ad server company. You are to insert a piece of code in your Web pages which tells a user's browser to go to the independent ad server, retrieve the Web ad, and insert it in your page as viewed by the user.

In a way, that's convenient, because you don't have to handle the ads directly; another company is doing it and you have the trivial task of including the code into your pages that instructs a user's browser to retrieve the ads from another server.

But from your publisher's perspective, there's a problem. By allowing third-party ad servers to place ads in your Web pages, you may be opening up your users to privacy violations. Indeed, in theory these independent ad servers could be in effect grabbing your demographic data collected from your users and using it on behalf of other advertisers -- which might be a violation of privacy policies your site abides by and publishes regarding your collection of personal data from users.

How it works

The issue is a bit complicated, so let's create a hypothetical example using the Daily Planet Web site. A major advertiser, Ford Motor Co., wants to place an ad on the Planet site, but it wants only males between the ages of 30 and 40 with incomes above $100,000 to see the ads. Ford places a 2-month order to run the ad, but it's only to be seen by users meeting that demographic profile. Because the Planet site requires at registration that users provide some information about themselves, and the Planet site sets a cookie on users' computers when they visit the site, the Planet can accommodate that request. (When a user with a previously set cookie visits the site, the Planet's server reads the cookie and can identify the demographic characteristics of the visitor; if it's a middle-aged male, the site serves up the Ford ad into the page requested by the visitor.)

However, Ford demands that the ad be served by a third-party server. (Among U.S. companies that provide this kind of service are AdForce, DoubleClick, and MatchLogic.) Ford does this because it's more efficient for them to engage a single company to place its ads in multiple Web sites, and it gets a single report detailing the distribution of the ad. It's inefficient for an advertiser to have to deal with and get reports from dozens of Web sites that carry its ad.

So, Ford's ad get served up (by the third-party ad server) to the middle-aged males who visit the Planet site. But let's say that the ad server company also sets a cookie on those users. It knows that these are well-to-do middle-aged men, so it can record that information in its own cookie (independent of the Planet's, cookie).

We begin to see the potential problem at this point. If the ad server company records that demographic information about these middle-aged males by tagging them with a cookie placed on the men's PCs, then the information collected by the Planet has been passed on to another party. If the Planet has developed privacy policies that tell users that it will not divulge their personal data to other parties, that policy possibly has been breached -- without the Planet's permission and perhaps without its knowledge.

If the third-party ad server company abides by a Web site's privacy policies (no demographic data from the site may be used outside of targeting ads by the site itself), then there's not a problem. (Indeed, the ad server companies say that they will not engage in the type of behavior I'm positing above; while they may place cookies on a user's computer, they say that they do not use the information unless they have a contractual agreement with the publisher that would allow it.) But many Web publishers worry that by allowing third-party-served ads on their site, they're opening up their valued demographic information to outsiders. If the ad server companies decide to use that information (recorded on cookies set by those companies) for other ad campaigns (not on the publisher's site), the publisher's privacy safeguards have been toppled.

Devising the solution

Third-party ad serving is not likely to go away, so publishers need to get used to it. According to Dave Morgan, president of New York-based Real Media, an online advertising services company which specializes in working with newspaper Web sites, only about 5% of the campaigns placed a year ago by his firm required that the ads be served by a third party. Today, it's closer to 50%, he estimates.

Publishers savvy enough to understand the threat to their Web users' demographic data are increasingly concerned about this issue. Real Media appears to be the first company to have devised a solution, called a "privacy proxy," which protects a Web site's demographic information on its users and prevents it from being transmitted to the ad server companies -- unless the publisher authorizes its use by them.

Morgan says that when an advertiser like Ford buys an ad on the Planet's Web site targeted at middle-aged men, it's buying only that one-time service -- not the tagging of those men to be used in future campaigns without the publisher's involvement and authorization. So a means must be created to prohibit transfer of that data (by prohibiting the ad server company from placing its own cookie with the user). Many publishers fear third-party ad serving, Morgan says, but the privacy proxy will give publishers a tool to protect their data while maintaining a fully auditable state for the ads.

Real Media chief technology officer Gil Beyda explains that the privacy proxy is a piece of software, integrated into Real Media's Open Adstream ad server product, that sits on the publisher's server. It serves as an intermediary between the user requesting the page (and thus the ad that resides on the page) and the ad serving company. It allows the ad server to send its ads to appropriate targeted individuals among a Web site's users, but does not allow the ad server to collect demographic information by placing cookies on those users' computers, unless authorized to do so; the users remain "anonymous," yet ads targeted to their demographic characteristics still reach them.

Beyda says that the privacy proxy is basically a "stand-in" that requests the ad for a page on behalf of the user. The proxy retrieves the ad, then it is transmitted to the user and appears as the advertisement on the Web page the user has requested. There is a slight performance loss as the ad must pass through the proxy before being delivered to the user, but Beyda says the time is minuscule and most users won't notice an appreciable delay in the ads appearing on the Web pages they request.

Morgan says that the idea of a privacy proxy to protect publishers's demographic information from unauthorized use is good for the industry. Some ad server companies may not like it, "but that's business," he says. "I don't think (this development) necessarily is going to be a conflict or a war (between third-party ad servers and publishers wanting to control their data). ... The publishers, in my opinion, should have the ability to say no" to others using their user demographic data.

Possible, but unlikely

Executives at the ad server companies are just learning about Real Media's privacy proxy. Steve Lucas, chief information officer of MatchLogic, a unit of Excite, says "it's a great idea" if it makes publishers feel better about the security of the user data they collect. He says, however, that contractual arrangements between MatchLogic, advertisers and Web sites running MatchLogic-served ads currently provide adequate safeguards.

Any legitimate and ethical third-party ad server will abide by the rules and not plant cookies on users' computers and then use that data in other campaigns. Yes, it's possible for an unethical company to mis-use cookies in a situation like this, Lucas acknowledges, but it would be a dumb business decision on their part. Any company that tried it would end up getting burned when consumers figured out what was going on -- a likely scenario since a sizable number of Web users instruct their browser software to reject cookie requests or ask for approval by the user before accepting them.

Real Media's privacy proxy technology is currently in beta testing, with formal introduction into the market sometime later this year. Morgan says it will be packaged with the Open Adstream ad server product used by many publishers, and there is no cost for the privacy proxy at this point.

For more on cookies ...

(You might want to check out an interesting article on PC World Online, "We Know Who You Are", which does a nice job of demonstrating the ubiquity of cookies set by Web sites and advertisers.)

Contact: Dave Morgan, davem@realmedia.com

The new is old

In a column last week, I reported on a new e-mail technology solution by DeskGate Technologies that will be used by the New York Post to deliver digital versions of the newspaper to paying subscribers. Joel Diamond, founder and technical director of the Windows Users Group Network, wrote in to remind me about Digital Bindery, a service of US Interactive that went out of business last year (which I wrote about in this column at the time) and that was remarkably similar to DeskGate's concept.

At the time, Diamond reminded me, the Bindery service struggled in part because end users were unwilling to pay for a service that delivered paid digital publications, and publishers were worried that a technology that supported paid digital delivery services could hurt the Web advertising business model -- and thus they didn't adopt the model in sufficient numbers for Digital Bindery to survive. "This push technology was just too ahead of its time," Diamond writes.


Got a tip? Let me know about it

If you have a newsworthy item about the newspaper new media business, please send me a note.

To receive an e-mail reminder each time we publish a new Stop The Presses! column, sign up here.

Archive of columns
This column is written by Steve Outing exclusively for Editor & Publisher Interactive three days a week. News, tips, and other communications may be sent to Mr. Outing at:steve@planetarynews.com

The views expressed in the above column do not necessarily represent the views of the Editor & Publisher company


No comments on this item Please log in to comment by clicking here

Scroll the Latest Job Opportunities From The Media Job Board