We live in a world where privacy is becoming an increasingly foreign concept. The Internet, which on one hand still perpetuates a sense of anonymity, has actually been the biggest catalyst for loss of privacy. I don’t mean to embark on a Big Brother rant, but I do want to point out what online marketers know about you as a consumer, so you can be better informed. Because knowledge is power, right?
First, let’s talk about your digital footprint. Every website on the Internet runs on a Web server somewhere. Whether that server resides in a fancy data center halfway across the world or in some guy’s basement down the street, the Web server is essentially just an application running on a computer that is connected to the Internet. The server has a unique IP address, which is associated with a domain name. Whether you browse to that domain name or enter its URL directly, your computer makes a connection with that server.
As soon as you make the connection, you see the Web pages that reside on that server, and the server starts recording information about your computer. It records the IP address of your computer, the date and time of when you “landed,” where you came from (either the URL of the site you just left, or that you came in directly from typing the URL in the address bar), and what type of a search string you typed if you came from a search engine. It also records your computer’s operating system and the Web browser you are using.
Once you are at a site, the server will keep track of your movements within that site as you click from page to page. Once you leave the site, it will record the time you left, the last page you visited on the site, and the URL of the website you jumped to. It also records what country you are in, which it knows by your IP address, as well as whether you came in from an educational, non-profit or business environment, based on the domain extension on your network.
Although it won’t know your exact location, it gets fairly close geographically based on your IP address. Unless you own your own IP address, which most home consumers don’t, you’ve been assigned an IP address by your Internet Service Provider (ISP). If your ISP is in the next city to you, you’ll probably see some ads giving you offers in that city.
Many websites also drop a cookie on your computer when you visit their sites. Where the previous information about your computer got stored on the Web server (which you have no access to and therefore can’t control), cookies stay on your computer only for a specific amount of time, and you can delete them just like you can delete any file on your computer. Each website decides whether to drop a cookie, as well as the duration of that cookie.
Now that we’ve covered what Web servers know about you, let’s talk about what they don’t know about you. Web servers have no way of knowing what other Web sites you have visited other than the site you were on right before coming to their site, and the site you landed on right after leaving their site. Your computer will record every site you’ve visited, but like with cookies, you can at least control your history if you so choose. Web servers also don’t know your name, age, address, height, social security number, interests, etc., or any other files (like documents) on your computer. Although the Web servers don’t collect that information, that doesn’t mean the databases that integrate with those Web servers don’t.
Any time a website asks you to log in, fill out a form, fill out a profile, etc., the data you provide will populate a database owned by that site owner or a third party working with that site owner. Once you submit that information, you may never be able to completely control that information because you don’t have direct access to the server hosting that database.
When you combine the information Web servers keep on your movements and the information you freely enter into databases on websites, you end up with a lot of information that marketers can use to give you offers. The better the online marketers know you, the more customized offers they can give you.
If you enjoy classical music, for example, you may have noticed an ad for your local orchestra popping up when you log into your Facebook account. Or if you are typing a message about tennis from your gmail account, you may have noticed an ad for tennis rackets showing up. How do they do that? Easy, actually. You were the one that typed Classical Music as an interest in your Facebook profile. And since gmail owns the email servers where your emails reside, its powerful search engines match the text in your emails with the advertising offers Google’s clients pay to place.
That isn’t to say an employee of Google or Facebook is reading your emails or posts. With millions of users, they don’t have time to do that, nor do they need to. They use their technology to do the matching. So when your local symphony agrees to run ad campaigns on Facebook, they can specify that their ads show up only on the accounts of users within their targeted geographic area who have expressed an interest in certain keywords.
The Google and Facebook examples illustrate the cases where they know a lot about you because of information you’ve specifically given them. In those situations, you may actually welcome those ads because you’d rather have ads that apply to you than ones in which you have no interest.
Even where you don’t specifically offer information about you, the aggregated information collected by Web servers and cookies can still build a profile on you. Most major search engines keep a record of your IP address and everything you have searched for using that address. (Ixquick.com is an exception to that rule.) Although a search engine may not know your sex and age, it can make a pretty good guess that you are a woman of child-bearing years if a preponderance of searches from your IP are for baby-related items and information. And if you come back to a website that formerly dropped a cookie on your computer, the website will know you are a returning visitor. If you visit often, it might treat you differently than a visitor it assumes is there for the first time.
Merchants that sell products online use cookies and IP addresses for compensating Web publishers for sending them traffic. For example, say you are reading a skiing blog and you see a banner ad for backcountry.com. If you hover over the ad, your browser should show you the destination of that link before you even click it. Chances are it will not link directly to backcountry.com. Instead, it will link to the tracking server that backcountry.com uses to manage its campaigns. It will include a bunch of code that essentially references the campaign, the image of the ad, and where the link should redirect it. If you click the link, you’ll get redirected to backcountry.com, but not before it places a cookie on your computer and records the impression and click on the tracking system. If you buy something from the backcountry.com site, the tracking system knows the skiing site you originally came from and will credit the owner of that site with the sale. The site owner will get paid whatever commission was originally agreed upon. Even if you don’t buy right then, but go back later (up to 120 days, in some cases) and buy, the skiing site still gets credit for that sale. How? Because of the cookie that is still on your computer. When you make the purchase, a small, invisible pixel in the thank-you page’s code tells the tracking system that the sale has been completed, knows you came from the skiing site because of the cookie on your computer, and will credit the skiing site accordingly. If you ended up deleting your cookie between when it was first placed and when you bought the item, it would not be able to credit the sale to the skiing site, unless the tracking system also tracks IP addresses (which most don’t).
Online marketers also use email to track campaign effectiveness. Just about any time you sign up for something online with your email address, you’re going to end up on someone’s mailing list. Marketers use email management systems that allow them to send a single email out to thousands of their subscribers. The CAN-SPAM legislation requires that these emails have an opt-out link at the bottom of the email. If you don’t like receiving the offers, you can opt out. But until you do, the marketers can track whether you got the email messages, read them, clicked through to a website from them, and actually bought something as a result. Even after you’ve opted out, you remain in their databases with a flag that you’ve opted out.
You can see that your movements don’t go unnoticed on the Internet. Online merchants, networks and other marketers are trying to understand you as best they can to cater their ads and offers to you. As technology continues to improve, and as major players like Google continue to run a disproportionate amount of Web traffic on their networks (and acquire companies that you have existing relationships with), online marketers will know even more about you than they do now. Whether this results in a better consumer environment by producing hyper-targeted ads, or consumer frustration through further privacy erosion, remains to be seen.