- Single-session technologies, which track users over a single session and do not maintaintracking data over multiple sessions or visits;
– Multi-session technologies which store data across multiple visits that are used toremember data, settings or preferences, but which only store generic, non-identifiableinformation.
- Multi-session technologies which track users over multiple sessions but are served from afirst party domain, and can thus only be used to track visits to a single web site.
- Multi-session technologies which track users over multiple sessions but are served from athird party domain, and can thus be used to track visits to multiple web sites across differentdomains.
The federal government should learn from the mistakes of the behavioral advertising industry
In your blog post, you also propose that federal government web sites be required to “[p]rovide a clear andunderstandable means for a user to opt-out of being tracked.”As you consider a policy that will require federal websites to offer opt-outs to consumers, it would beuseful to look to the situation in the behavioral advertising industry (where opt-out capabilities arewidespread
, yet difficult to use and discover by consumers), in order to avoid some of the many mistakesand pitfalls that have been made there.While over 100 advertising firms offer opt-outs, and the industry has not provided a universal way forconsumers to opt-out. The Network Advertising Initiative (NAI) has created a single web site throughwhich consumers easily obtain the opt-outs from its 36 member companies. However, the NAI site does notprovide consumers with the opt-outs of the 50+ non-NAI advertising firms. Thus, consumers areunrealistically expected to visit 50+ different web sites in order to obtain individual opt-out cookies.Once these opt-out cookies have been inserted into the user’s browser, it is easy for them to be lost orunintentionally erased.
Furthermore, as I highlighted in a recent letter to the NAI, many opt-out cookieshave been set to expire after alarmingly short periods of time, thus requiring the consumer to repeat thelaborious opt-out process multiple times per year.
My free TACO tool allows users of the Firefox browser to easily set persistent opt-out cookies for 90different advertising firms, without having to worry about the opt-out cookies being accidentally deleted orexpiring after just a few short months. TACO users do not need to visit 50+ different websites in order toachieve opt-out coverage. A single installation, done via a couple clicks, is enough.While TACO makes behavioral advertising opt-outs slightly more usable, it is by no means a silver bullet.The current system of opt-outs for the behavioral advertising industry is a mess. Each advertising firm usesa different format for their opt-out cookies
, making the collection and maintenance of the opt-out cookielist a nightmare. Each time a new advertising firm enters the market, I have to manually step through theopt-out process in order to observe and obtain that company’s cookie, and then push an update out to the100,000+ existing users of TACO.
Unfortunately, most of these firms only allow consumers to opt-out of the
, not the
Professors Swire and Antón have documented these problems in great depth. See:http://www.ftc.gov/os/comments/behavioraladprinciples/080410swireandanton.pdf
For example, Google’s cookie is “id=OPT_OUT”, Microsoft’s is “TOptOut=1”, Yahoo’s is “AO=o=1”,BlueKai’s is “BKIgnore=1”, and AOL’s is “ACID=optout!”