Newfangled works with independent agencies to create lead development web platforms for their clients.

Newfangled works with independent agencies to create lead development web platforms for their clients.

If They Are Watching, Should You Watch, Too?

For most people, the notion that they are in some way being tracked while they use the internet is no longer surprising. The subtlety of how it's done keeps us from experiencing that creepy feeling of being watched, the feeling we get when being followed around by a salesperson in a store—which, by the way, is the type of thing that can kill a shopper's enthusiasm faster than anything else. Yet, as we click about our day seeing ad after ad that suspiciously corresponds to our interests and desires, we remain glib, or, with whatever awareness of marketing surveillance around us that's intact, make jokes about "big brother" that are more indicative of our weary numbness toward it all than any real alarm. In other words, we know we're being tracked, and seem to prefer to remain in the dark about how exactly it's done because knowing more might compel us to change how we use the web, perhaps even, how we feel about it.

While willful ignorance of tracking technology might be tenable for the average web user, those of us working in the digital marketing space are going to need to familiarize ourselves much more with how it all works, even if we have to figuratively hold our noses while doing so. If we're not asking questions about the technologies, what's possible and what's ethical, our clients certainly will be. And without ready answers, we could stand to lose the confidence upon which we build our most valuable relationships.

This month, I want to bring you up to speed on how tracking works, differentiate between limited and unlimited tracking, and explore how limited tracking can actually benefit users and marketers alike.


Justin Kerr | October 18, 2010 12:05 PM

Just saw this article on Bloomberg News about an effort to alert users when they're being tracked and allowing them to opt out of receiving targeted ads based on their usage data.
Chris Butler | October 11, 2010 6:21 PM
Carolyn: I'd recommend looking through the data that the Wall Street Journal has collected on the top 50 most popular sites on the web, which has been visually organized based upon the level of exposure a user will have to tracking technology. The "Very High" and "High" categories include,,,,, and, which all install between 118 and 234 individual trackers on user's computers. Just so I don't dwell too much on, take a look at, which installs 131 cookies, 23 beacons, and 53 first-party trackers, or, which installs 93 cookies, 1 Flash cookie, 20 beacons, and 4 first-party trackers. That this stuff is insidious would be a considerable understatement for those who care about web privacy policy.

What can you do? Again, the Wall Street Journal offers a pretty comprehensive step-by-step guide. Most of the article pages from their series also include a Tracker Scan tool (scroll down and find it on the left side of most pages) that allows you to enter any website's URL to see its privacy policy. You can also download a tool called TrackerScan that will show you the ad trackers on any webpage.

I haven't been able to track down any on-the-record comments from regarding their use of tracking technology, but I'm keeping my eye out. Howeber, I think their privacy policy, albeit subtly, says it all:
"In the course of serving ads on our sites, these companies may place or recognize a cookie on your computer or use other technologies such as pixel tags to track you across various sites where they display ads and record your activities to show you targeted ads. These cookies contain a unique identifying number that is anonymous, and are not linked to any personally identifiable information that you voluntarily give to us. We do not share your personally identifiable information with advertisers and you remain anonymous to the advertisers. Some of our advertisers and advertising networks are members of the Network Advertising Initiative. They enable you to opt out of being tracked by their cookies by clicking on the "Consumer Opt-out" button on the page at"
The interesting connection here (for me) is that they're participating in a system which profits off of users' passive participation, and appears to be flexible to their preferences, yet requires them to seek out a relatively obscure means of opting out of that system. Remind you of anything? This is the almost exact same setup that created all kinds of controversy for Facebook last year. But we see nothing comparable in terms of user push-back when it comes to third-party advertising networks. Interesting.

But wait, there's more! Later on in the privacy policy statement, a direct mention to Flash cookies is made. Get a load of this:
"Some advertising service companies also use flash cookies to serve advertisements that use flash media technology. Adobe offers a web tool that runs locally on a user’s computer, and allows users to delete flash cookies, as well as set permissions for sites to drop and store cookies on the user’s computer. The tool can be found at and"
Another opt-out requirement! In this case, if a user wants to prevent Flash cookies from resurrecting themselves—or, in other words, if a user wants to really delete them, which is what they think they're doing when they use the tool their browser provides to delete cookies—they have to find another tool and install it independently on their computer in order to do so. This appears helpful, but it's really an intentional obstacle between users and their ability to actually control how they engage with information online. I hope we quickly get to a place where this sort of thing is not just uncool, but illegal as well.
Carolyn | October 11, 2010 1:29 PM
So, I'm curious to know what other sites use "flash based cookies" which regenerate after you clear them. Can you speak more to that? And, is there anything we consumers can do to avoid them? I'd love to hear a comment by or any other sites using this type of cookie to hear their reasoning.
Chris Butler | October 9, 2010 4:35 PM
Justin, Brian, Greg, any everyone else, I'm sensing that this conversation is touching on something deeper and more foundational to human experience than simply whether we can continue to surf the web without feeling watched or followed. Of course, I'm glad for this! Believe me, I had to restrain myself a bit in not introducing more philosophical considerations into the article itself...

Right now, a firm called Numenta is working on trying to update computing technology based upon the human neocortex. Founder Donna Dubinsky has pointed out that even though a 3 year old child can instantly identify a dog by seeing an incomplete picture of it (say, it's legs only), a computer cannot do this. Today's image search technology, for example, is based upon indexing metadata that human beings have associated with image files, but not based upon the computer's ability to actually identify what is pictured. Numenta, in constructing a computing model that can learn this kind of thing, envisions all kinds of applications from more sophisticated pattern recognition, financial fraud detection, instant pathological results, and, in case you were wondering the connection with this article, even better ad technology based upon web user behavior prediction algorithms.

So here's my point, when I first learned about Numenta's ambitions, the only one that stirred me emotionally was the advertising stuff. I thought to myself, sure, perhaps the ads will be more targeted to the things I want, but what if I want to seek those things out on my own. What if I want that kind of free will? Well, every other application that they hope to create challenges my free will, too. In fact, the goal of enabling machines to do what we cannot do—or in some cases, what we can do but much, much faster and more accurately—could be understood as the final boundary of human potential, beyond which what we've created will surpass our own abilities. Now that is a sobering thought.

When we are emotionally stirred by the introduction of new technologies—particularly those which involve issues of privacy—I think it's really because it prompts a deeper question: What kind of world do we want to live in? Do we want to live in a world where we have more leisure, better health, and greater wealth than ever before at the cost of acknowledging our own limits and handing over control to machines, or do we want to live in a world where we continue to be the greatest organism it has ever seen, perhaps still having to work hard and suffer? I'm not sure what the answer is. I think that in today's culture, most people probably do want to preserve the preeminence of humanity, yet would have a hard time admitting it. Surely, something about losing our place at the top of the food chain must stir us to our very core...

Your thoughts?
Greg | October 9, 2010 2:24 PM
This is really not worth all the worry. There is no privacy anymore. Privacy today is an illusion. We need something like a modern Dr. STrangelove - How I Learned to Stop Worrying and Love the Modern Police State.
brian | October 7, 2010 8:16 PM
I'm with @Justin. People who are indignant about online privacy seem to forget that the internet is_not_private. You know what the internet is, so act accordingly!
Chris Butler | October 7, 2010 5:04 PM
Justin: There is a fairly large difference there. I, for one, am not prone to sharing much personal information online, whether on Facebook or anywhere else. But, people have the choice of what level of personal detail they are comfortable sharing in those venues, whereas if they visit, they lose control of what information they share. Remember, some of those third-party trackers can record keystrokes in general, which could include messages you send "in private" to a friend over web-based chat or searches you enter in Google. I suppose the user can regain control by not using those websites that allow third-party tracking, but that defeats the purpose for those sites being there in the first place.
Justin Kerr | October 7, 2010 4:56 PM

A very thought-provoking post, as always.

I find it interesting, from a sociological perspective, that anyone would consider web tracking an invasion of their privacy but, at the same time, post intimate details of their daily life on Facebook, Twitter or a personal blog.

Just sayin'.
Chris Butler | October 7, 2010 3:53 PM
Jennifer: What Mark said... plus, it's ok for you to decide where your capabilities end and whether its a good business decision to extend them.

R. J.: Glad you enjoyed it. Thanks for reading!

John: It was rather cavalier, I'll admit that. The heading you mentioned was intentionally inflammatory—not in that I don't actually feel that way, but in that the language was probably stronger than it needed to be—in order to hopefully incite some conversation around the issue. That seems to have worked.

But, to the point: The distinction between limited and unlimited tracking is an important one. Limited tracking, compared to what people either know or suspect is already being done online, hardly even feels like "tracking" any more, at least not in the pejorative sense. I find it akin to "watching the store." As a consumer, you wouldn't expect a retail chain to be able to improve the customer experience without drawing from surveillance footage recorded on the premises. After all, the store is their property; they have the right to record what happens there. I don't find anything unethical about that practice, provided that the information captured with that method isn't sold to anyone else, or used for anything other than improving the business.

Unlimited tracking is where limited tracking methods cross the line in multiple ways. The ethics become questionable when the specific things being tracked extend beyond what is happening "in the store"—as if the surveillance camera at The Gap hopped down off the wall and followed you out, recording the rest of your time at the mall, including that embarrassing stop in to Cinnabon. If this happens some day and the Gap says they're just trying to anticipate what your waist size will be for next time, don't believe it! That's really the point: Limited tracking helps the business and the customer. Unlimited tracking really just helps the advertising networks, while giving them fairly lame ways to claim that they are helping the consumer (i.e. "If we know what you like, we can show you the ads for the stuff you want anywhere you go.). Thanks, but no thanks. What if my preferences change? What if my preferences are different in various circumstances? What if I consider some of my preferences private and others public? So, while evil is probably overkill, this kind of thing is a very slippery slope. The portion of the article devoted to exploring some of the more concerning areas of privacy policy surrounding these practices make that clear.

I'm glad to hear that you all at Callahan Creek are discussing this. I think you're right that the lack of concern around this issue is probably more indicative of unfamiliarity, not apathy. Hopefully, as awareness increases, people will seize the opportunity to make intentional decisions about what they feel is and is not OK.

Thanks for reading and commenting!
John Kuefler | October 7, 2010 3:33 PM
Great post, Chris. I found it interesting that you cavalierly categorized third-party tracking as evil, and first-party tracking as good (because it is "harmless and helpful"). I imagine most third-party tracking businesses would characterize their services as "harmless and helpful" also. It would be interesting to know if the average web user considers the scenario you describe for limited tracking (in which the user's search engine query is later matched with their individual identity if they fill out a form) is any more or less "evil" than the scenarios you describe relative to third-party tracking. I'm sure it depends on the sensibilities of the user.

At our agency we discuss these issues frequently and wonder if people are becoming desensitized into accepting these things as facts-of-life, or if people's privacy concerns will eventually create enough uproar to cause privacy laws to change. It will be interesting to see how it all plays out. Thanks again for an enlightening piece.
Mark O'Brien | October 7, 2010 12:20 PM

Custom limited on-site tracking that goes beyond what Google Analytics is able to do is of course possible, and is getting more popular as time goes on, so it is not surprising that you're getting requests for this.

One important thing to keep in mind is that the sort of programming required to do this sort of thing is very complex and therefore time consuming and expensive. Installing Google Analytics on a site is easy. Custom programming the tools you'd need to to individually track people is not. This type of functionality is along the same lines of complexity as building custom modules for E-Commerce, complex intranets, and multi-lingual capabilities.

It might help you to frame the conversations you have with your clients about custom, individualized, and limited on-site tracking with this point on complexity and cost.
R.J. | October 6, 2010 4:57 PM
Really helpful information. Thanks for the writeup!
Jennifer Merrel | October 5, 2010 6:33 PM
A few of my freelance clients have asked me about doing tracking on their sites (I manage them for them on server space I pay for). I've tried to avoid having to figure out how to do it by bringing up the privacy issues, but honestly, most of them don't care about that and my lack of know-how ends up being obvious.

I think this info will help me punt, but what if they wanted to just do the limited kind of tracking? How can I help them do that? Are there any tools you would recommend?
Chris Butler | October 5, 2010 5:12 PM
Russ: Thanks for reading. I think your comment, especially in light of the later comment referring to the EFF (which I'll address in a moment), comes from a similar understanding of the distinction between unlimited and limited tracking. As far as limited tracking goes, I think it is appropriate and should be motivated by the desire to improve user experience, service to clients, and the effectiveness of your site in achieving its purpose—whether that is purely informational, lead-generative, or transactional.

Alexander: Thanks for providing information about Cocoon. I'll definitely take a look at it.

Alex: Again, in reference to the EFF comment, it's true, people have been speaking out about this for years, many from the EFF. Those who have been speaking out about web privacy are very mindful of the work needed to work out issues of legality as far as tracking technologies and procedures are concerned, and, as I mentioned in this article, that entanglement will likely continue for a long while before bearing any fruit.

One minor point, though. No, you can't just solicit for business on someone else's property. But drawing that analogy in this case is a bit incomplete. The third-party tracking that I described in this article is done within a relationship between a business and an advertising network. In exchange for access to that network, a company will allow the network to run its tracking tools on their website. You, the consumer affected by all this, see the solicitation on their website, not your house. However, the mechanics of it are where the analogy is correct: the tracking gets done by an infiltration of your computer. In most cases, those are clearly described in privacy policies, or thwarted by your ability to block cookies. But with Flash cookies, they're essentially sneaking a Trojan Horse onto your machine.

Anonymous: I've appreciated the goals of the EFF for as long as I've known of them. My goal here was to provide an overview of how tracking works and the various technologies being used today, while also provide my opinion on the ethics of tracking. I thought I made my position pretty clear, especially with the heading that reads, "Why Unlimited Tracking is Evil." If not though, here's my point: Limited tracking respects the user and therefore limits the scope of tracking to only general session data on the site of origin. It does not allow anyone to share session data with any other parties, period. Unlimited tracking, insofar as it tracks anything beyond the scope of session data on the site of origin, is not acceptable to me, regardless of how commonplace it is.

By the way, I've tried to consistently mention privacy issues on our site, whether in this newsletter or on our blog. If you dig deep, you'll find a post from April, 2009 on cloud computing and privacy that even includes a video of Brad Templeton, the EFF chairman, presenting at the 2009 BIL Conference.
anonymous | October 5, 2010 4:52 PM
@Alex, people are speaking out about this and have been for years. Check out the Electronic Frontier Foundation (link provided).

@Russ, What did you read? Most of this was about the problems with tracking, not finding nifty new ways to track.

On that note, @Chris, this will be informative to your readers but I wish you would have taken a clearer stand against tracking and used this platform to win them to the cause.
Alex | October 5, 2010 4:29 PM
Informative piece. But I'm left feeling pretty discouraged. Your explanation of the kind of tracking that is commonplace today left me speechless and frustrated. Why has no one spoken out about it? Why aren't there laws preventing it? You can't just hang a sign on someone else's house advertising your stuff, so why can you sneak on to somebody's computer?
Alexander James | October 5, 2010 2:41 PM
Hey Chris,

This is a great article to educate the average web-user. I work for a company called Cocoon that provides increased online privacy as well as malware protection.

When logged into Cocoon, no information touches your hard drive, it is all stored on our servers. That's right, cookies, browsing history, all of it. In addition users' IP addresses become anonymous the second they log in. Cocoon also provides users with an ad-remover, and scans for drive-by downloads and other malware before loading web pages onto users' computers.

Are goal is to provide users with a better browsing experience where they are not bombarded with annoying ads or spam, and there is no risk in browsing the web freely.

Right now Cocoon is in beta so it's free as an add-on for Firefox. Check it out:

Also, here is a video explaining how exactly Cocoon works:

Thanks, and have a nice day!

Russ | October 5, 2010 2:22 PM
Chris, Nice article. I am always trying to perfect tracking on my sites. This allows me to really identify with who my users really are how they find the site. I currently couple Google Webmaster Tools with Google Analytics, but have also used Tracking 202 to help me with this cause. The more info about my user allows me to customize the content for them. I do believe there are so many people out there that dont track because they reaally are not analytical or technical... or simply dont understand the importance of it.

↑ top