The Wall Street Journal takes a look at the idea of cataloging computers, mobile devices (including smartphones) and TV boxes in order to target behavioral advertising to the specific computer or cellphone users. (The Journal also has suggestions for how to avoid having your electronic devices tracked.)
David Norris wants to collect the digital equivalent of fingerprints from every computer, cellphone and TV set-top box in the world. He’s off to a good start. So far, Mr. Norris’s start-up company, BlueCava Inc., has identified 200 million devices. By the end of next year, BlueCava says it expects to have cataloged one billion of the world’s estimated 10 billion devices.
Advertisers no longer want to just buy ads. They want to buy access to specific people. So, Mr. Norris is building a “credit bureau for devices” in which every computer or cellphone will have a “reputation” based on its user’s online behavior, shopping habits and demographics. He plans to sell this information to advertisers willing to pay top dollar for granular data about people’s interests and activities. […]
It might seem that one computer is pretty much like any other. Far from it: Each has a different clock setting, different fonts, different software and many other characteristics that make it unique. Every time a typical computer goes online, it broadcasts hundreds of such details as a calling card to other computers it communicates with. Tracking companies can use this data to uniquely identify computers, cellphones and other devices, and then build profiles of the people who use them. Until recently, fingerprinting was used mainly to prevent illegal copying of computer software or to thwart credit-card fraud. […]
Tracking companies are now embracing fingerprinting partly because it is much tougher to block than other common tools used to monitor people online, such as browser “cookies,” tiny text files on a computer that can be deleted. […]
It’s tough even for sophisticated Web surfers to tell if their gear is being fingerprinted. Even if people modify their machines—adding or deleting fonts, or updating software—fingerprinters often can still recognize them. There’s not yet a way for people to delete fingerprints that have been collected. In short, fingerprinting is largely invisible, tough to fend off and semi-permanent.
Device fingerprinting is legal. U.S. Rep. Bobby Rush (D.,Ill.), proposed legislation in July that would require companies that use persistent identifiers, such as device fingerprints, to let people opt out of being tracked online. […]
The idea behind BlueCava’s [reputation] exchange is to let advertisers build profiles of the people using the devices it has identified. For instance, BlueCava will know that an IMVU fingerprint is from someone who likes virtual-reality games. Other advertisers could then add information about that user. BlueCava also plans to link the profiles of various devices—cellphones, for instance—that also appear to be used by the same person.
Blue Cava also is seeking to use a controversial technique of matching online data about people with catalogs of offline information about them, such as property records, motor-vehicle registrations, income estimates and other details. It works like this: An individual logs into a website using a name or e-mail address.