Surveillance Advertising 101: What it is, and how to stop itApr 13, 2022
Have you ever had the feeling that your phone is listening to you?
It's a strange and disconcerting phenomenon that many have noticed: you have a quick chat about gardening with your neighbor, and the next thing you know, you see online advertisements for garden hoses, rubber gloves, and tulip bulbs. You ask a clerk at the shop where you can find their best price on wool sweaters, and suddenly, your Facebook feed is full of Merino. Sometimes, it can even feel like Siri is reading your mind.
You're not imagining things. Over the past several years, the companies that manufacture our devices and the software they contain have admitted that our speech is being recorded, analyzed, and monetized -- and that it's all legal, according to the terms and conditions we agree to when we purchase our phones, computers, and other smart devices.
It can feel creepy, for lack of a better word, to think your phone is listening in on your everyday conversations. But the fact is that if you've spent any amount of time on the Internet in the past several decades, you've been subjected to similar tactics. The websites we visit every day routinely track and analyze our actions, and then sell the resulting data to advertisers.
There are a number of names for this practice -- often, it's referred to as targeted advertising or behavioral marketing. But these terms dilute the nature of what is really happening. The websites, applications, and companies that we rely on in our daily lives are monitoring our activities, and using their observations as a way to make us more likely to spend our money on their products and services.
Therefore, the most appropriate term for this behavior is surveillance advertising, defined by the Consumer Federation of America (CFA) as "the practice of showing individual consumers different advertisements based on inferences about their interests, demographics, and other characteristics drawn from tracking their activities over time and space."
When did surveillance advertising begin?
One of the earliest -- and most pervasive -- examples of tracking user behavior for advertising purposes came in 1994, when early-Internet developer Lou Montulli invented a type of file that websites use to monitor and record information about their users, disarmingly known as cookies.
Montulli's intentions were good. At the time, newly-founded Internet company Netscape was striving to help web sites succeed as businesses. One of the main pain points that it was trying to address was customer relations. After all, shopkeepers at brick-and-mortar stores had the ability to observe the behavior of the customers that walked through the door. But back then, websites had extremely limited ways to learn anything about how their customers behaved online. It was difficult to determine whether someone was visiting the site for the first or the fiftieth time, if they were able to find what they were looking for, or if they were attempting to engage in some kind of illicit activity. Cookies allowed companies to gain a window into some of these behaviors.
Surveillance advertising in action
The depth and dangers of surveillance advertising were laid out as long ago as 2012, when the New York Times published "How Companies Learn Your Secrets."
The piece detailed how American retail giant Target collected "vast amounts of data on every person who regularly walks into one of its stores." It cataloged this information in a database of "Guest IDs" -- unique codes that keeps tabs on everything customers buy, their methods of payment, where they live, their ages, names, and so on. Andrew Pole, a statistician who helped design Target's consumer-tracking system, told the Times, "If you use a credit card or a coupon, or fill out a survey, or mail in a refund, or call the customer help line, or open an e-mail we've sent you or visit our Website, we'll record it and link it to your Guest ID."
By collecting this information, Target was able to learn about exactly what kinds of products their consumers were likely to buy, as well as when they were most likely to buy them. In fact, pregnant women who shopped at Target experienced something rather odd: not only did the store seem to know that they were expecting children, it also seemed to know exactly when babies would be born. And in fact, it did -- the data that Target collected on its shoppers helped the retailer to determine what kinds of products women started to buy when they reached their second trimester, a moment that it considered critical for advertising purposes.
Why is surveillance advertising so harmful to individual privacy online?
The practice of collecting and analyzing data may seem innocent enough on the surface, even if it is a bit creepy. After all, it is eerie to start receiving advertisements for products that you weren't aware others knew you were interested in. Maybe you even occasionally appreciate the fact that retailers seem to offer up helpful suggestions on where to buy the things you need, precisely at the moment you need them. But the fact is that surveillance advertising has a dark underside -- one that has some serious implications for online privacy.
The danger lies in the fact that the data collected by companies is connected to personal identity. Data about user activity is much more valuable if it is tied to different pieces of information about our personal identities, including our age, ethnicity, level of education and income, and other attributes.
Indeed, the more that companies know about us, the more they can start to build profiles that predict the behavior of those who are like us. This kind of profiling is highly effective for advertising purposes. If you're trying to sell products to 21-year-old female college students who live in New York City, it's very useful to know what kinds of products 21-year-old female college students who live in New York City like to buy.
But can we trust these companies to be good custodians of our data? Unfortunately, the answer -- the vast majority of the time -- is no.
Why corporations can't be trusted to protect our personal information
It's no secret that the corporations that participate in surveillance advertising practices are prone to misusing our data, or collecting sensitive information without our consent. One of the most famous examples of this was Facebook's Cambridge Analytica scandal, in which the social media giant nonconsensually shared millions of its users' personal information with a British consulting firm that sought to use it for political advertising.
But the fact that our data is unsafe in the hands of corporations isn't necessarily because they cannot be trusted not to share it without our permission. It's also because of the reality that any data stored in centralized servers is vulnerable to exposure, whether it be via hackers or human error. For instance, in 2013, hackers stole 40 million credit and debit records and 70 million customer records from databases belonging to Target -- one of the largest data breaches in history.
The legacy of the personal information that corporations collect is also a matter of concern. Even if data are responsibly and safely stored by a corporation, there is no guarantee that it could not one day fall into the hands of illicit actors or authoritarian regimes.
Matthew Guariglia, policy analyst at the Electronic Frontier Foundation, explained these concerns in the context of information collected by governments on an episode of Orchid's Priv8 Podcast in late 2021: "Many historical examples show how information hoarded by the government has been used in terrible ways.
"One of the best examples is what happened when information collected by police in Germany in the 1910s and 1920s was inherited by the Nazi regime in the 1930s...The problem isn't necessarily what's happening right now -- it's that we can't predict what will happen in the future. We don't know who's eventually going to inherit the information."
Notably, surveillance advertising does more than threaten online privacy. It has also been identified as a channel for discrimination.
According to the Consumer Federation of America, digital platforms that use personal data to profile their users have been observed to show different kinds of employment, housing, credit, and other kinds of financial opportunities to people of different demographics. For instance, ProPublica reported in 2017 that certain kinds of employment ads on Facebook were targeted to certain age groups, excluding older workers; in 2018, the publication found that employment ads were targeted specifically at men or women. Similarly, a 2020 study by Carnegie Mellon revealed discrimination against non-binary people in ads for housing, employment, and credit.
Can we stop surveillance advertising?
The practice of surveillance advertising has become so commonplace that it can be easy to feel powerless against it.
However, led by their citizens, governments are increasingly exploring possible measures against surveillance advertising. US lawmakers recently introduced the Banning Surveillance Advertising Act of 2022, which aims to limit both the types of data that advertisers can collect, as well as the types of advertising technology vendors can use to carry out this process. Previously, lawmakers in the EU have proposed a number of rules that would place similar limits on surveillance advertising practices.
While changing public policy to better protect personal privacy is important, new laws are not enacted overnight. Therefore, the best way to protect yourself from surveillance advertising in the short-term is to take steps to ensure your privacy is protected online.
Orchid protects your privacy on the Internet
One of the easiest and most effective ways to protect your online privacy is to make use of a Virtual Private Network (VPN).
VPNs protect your data on two levels. First, they act as an intermediary step between the device where your Internet traffic originates from and its final destination. This ensures that the site that receives your data cannot determine your IP address, as well as other information, including your location, phone number, or email address. And second, VPNs also encrypt your traffic on its journey across the web, making it so that third-party onlookers cannot spy on your data while it's traveling across the Internet.
However, keeping your data as safe as possible means choosing a VPN provider you trust. Many VPN services are offered by centralized companies with opaque operations. Some "free" VPN providers have even been known to spy on and sell user data without consent.
Orchid's decentralized VPN marketplace helps ensure that user data is safe by being as transparent as possible. Orchid's open-source code has been thoroughly audited and is viewable in its entirety at any time,
Orchid's mission is to make online privacy as accessible as possible to people everywhere. The service runs on a pay-as-you-go basis -- users will never pay for bandwidth they don't use, and there are no monthly fees or minimums.
It's easy to get started with an ordinary credit card and just $1. And Orchid is now streaming on eight different blockchains, giving users the option to choose the fee model that works best for them. By making online privacy affordable, flexible, and easy to access, Orchid's decentralized VPN network helps people reclaim the Internet as a place of freedom and self-expression.
Download Orchid today to start exploring the Internet freely.
If you enjoyed this blog, subscribe here for privacy news, commentary, and product updates from Orchid.