It's not about Cookies: Data Security and Online Advertising in the Multi-Screen Era

A couple of years ago, Google Corporation of Goodness was in the center of the scandal - some users accused her of scanning their emails for information that was later used for advertising purposes. In 2014, the leak of personal photos of many Hollywood celebrities once again raised the issue of the integrity of personal data in an era of rapid technological development.

More and more users are accessing the network from more than one device - laptops, smartphones, smart TVs and wearable gadgets allow us all to get what we need in a convenient way.
')
Business representatives and specialists in the field of online advertising have been developing multi-screen advertising campaigns for quite some time now - they are trying to “tag” a user and “pursue” him with advertising on various devices. To do this, it is necessary to collect a large amount of data about a person, which means that security risks arise.

Identification problems

The very task of measuring the effectiveness of such efforts also arises - advertising on which of the devices led to the sale? How to track a sale that “started” on one device (viewing a product card from a smartphone), and ended on another (on a laptop)?

Cookies that are used to track users on desktop computers do not “migrate” between devices, and are not available in mobile applications. As a result, the same person who saw ads in the application and on the computer can be regarded as two different users. In order to somehow solve this problem, marketers are trying to use geolocation data to display advertising.



As a result, a significant amount of information about people is used to display advertising, which is far from being pleasant to everyone. Representatives of the advertising industry are also aware of the problem - technologies are developing faster than the laws of most countries. The reaction of the authorities of any state in the event of another large-scale scandal with the leakage of user data can be unpredictable, so advertising companies are beginning to think about self-regulation in matters of security.

New solutions

Gradually, new solutions appear - it was decided to abandon the use of UDID device identifiers as a tracking method, because in this case there were doubts that the attackers could match the device identifier (which was supposed to be anonymous) with personal data.

Even in iOS 6, Apple implemented a tool that allowed users to independently determine which data about them would be used to display ads, and which data would not.



In 2013, the AdTruth, PubMatic, and TRUSTe certification services launched an initiative to promote the idea of ​​providing network users with an option to provide information about themselves that can be used for advertising targeting.

Not so simple

However, technology alone is not enough. Most users are very careless about security. In pursuit of benefits (for example, to get a coupon or a discount card) or convenience (storing documents in the cloud), people are ready to provide data about themselves (for example, purchase history) without thinking about the consequences - and the systems of companies with whom they share information customers may not be particularly reliable.



Undoubtedly, there are companies that seek to take advantage of this state of affairs - the same Google continues to build an ecosystem of products that allows companies to get huge amounts of data about users (search queries, use of a mobile device, information about residence thanks to Nest thermostats).

Some players in the advertising market fear the introduction of stringent regulations regarding the collection and processing of data for targeting ads - and there are certain reasons.

Too late

In Britain, the authorities want to ban the use of smart watches and wearable gadgets like Google Glass in certain situations - so far only driving, but given the fact that such devices are able to collect all the same data as a smartphone, plus information about human health (how much , heart rhythm, etc.), we can expect increased attention to the safety of this information. In some US states, wearing Google Glass is prohibited in bars and restaurants, as it may violate the privacy rights of other visitors to establishments.

The Russian authorities are not far behind their foreign colleagues - the State Duma passed a bill obliging foreign companies to store Russians' data on servers inside the country, in addition, there are initiatives to create secure gadgets for use by officials. Due to the “vulnerability” of Runet to various cyber threats , a plan is being developed to “disconnect” the Russian segment from the global network in a “critical” situation.

Scandals widely exposed in the media with password leakage of Gmail , Yandex and Mail.Ru accounts may also lead to a reaction from the authorities. Security specialists of the same Yandex and Mail.Ru stated that the bases of hundreds of thousands of accounts were collected from different sources (and could be bought on the hacker forums) for a long time (many passwords were irrelevant).

This may suggest that such a “drain” was planned only to create a public resonance. Given the fact that not all representatives of business and Internet companies pay due attention to the protection of users' data and strive to maximize their use for their own purposes, even the provision of services by individual players to increase information security can be a belated step that will not affect the introduction tight regulatory regulations around the world.

PS If you notice a typo or error, write a personal message and we will fix everything promptly.

Posts and related links:

• Not just gadgets: Apple iAd ad network
• How will the sanctions affect the Russian online advertising market?
• How RTB-advertising will develop in Russia: 3 predictions
• Service for A / B-testing of advertising networks Advertone