Home The Debate Why IP Tracking Is A Bad Idea

Why IP Tracking Is A Bad Idea

SHARE:

The DebateThe Debate” is a column focused on the current debate around ad targeting and consumer privacy.

Today’s article is written by Auren Hoffman, CEO, Rapleaf.

IP addresses are the fabric of the Internet— they are the “To” and “From” stamps that make delivering messages between computers possible.  While they are necessary to route information from computer to computer, they can — in many cases — be traced to a human or, at least, a household.  That means they can be used to track people’s online behavior in a way that eliminates their anonymity online, which bodes poorly for the future of the internet.

Users should be anonymous when they aren’t logged in

While new technologies that enable content personalization can provide substantial value, users must also be assured that their identity is protected for legal, ethical, and safety reasons.  Consumers should have the presumption of anonymity when they are surfing the Internet and not logged into a site, and they should not be tracked – either by the government or private sector – in a way that eliminates anonymity.

To ensure consumer safety and the Internet’s continuing growth, the presumption of anonymity is paramount.  In particular, third-party services like ad networks, widgets, and off-site platforms like Facebook Connect, should maintain individual anonymity. They should not be able to see someone’s cookie, IP address, or browser information and know exactly who the person is.

IP addresses are personally identifiable

IP addresses should be thought of as privileged information.  From our tests, IP addresses perfectly identify about 30% of U.S. households.  That means that from IP address, a site can know your exact address.  My home IP address, for instance, has been the same for over four years.  If consumers understand that their exact browsing habits can be tied to them individually, their wariness will slow their use of the Internet.

The EU took an active stance on IP addresses in 2008, declaring IP addresses as personally identifiable information (PII).  This is an important first step because IP addresses are PII.  That said, even the EU would admit that IP addresses do not always directly correlate to a given person.  Laptop users frequently change IP addresses as they move from an Internet café to work, for example, and ISPs often dynamically swap out IP addresses.  An IP address can sometimes only give approximate location, and may be shared across many members in an office, university, or café.

Many Internet companies use these examples to claim the IP addresses are not personally identifiable, that they are just broad representations.  But while IP addresses do not always identify households, they do so in a significant percentage of traffic (especially in Internet traffic outside work hours).

Of course, there are legitimate and even valuable uses of IP address tracking.  Tracking the IP address of suspicious ad clicking behavior often helps prevent unsophisticated hackers from committing click fraud.  Using an IP address as an additional piece of identity allows an efficient way of spotting when a credit card or identity has been stolen.  IP addresses can help understand the country of a user so you can customize the language displayed.  However, in the process of providing valuable services to its customers, many Internet companies are needlessly tracking a wide variety of data in their logs correlated directly to the IP address.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Cookies are safer for consumers

Fortunately, for companies interested in tracking user behavior for Internet personalization, there is a great consumer-centric alternative – the cookie.  Using cookies to track users and provide valuable services has several important advantages over using IP addresses:

  • Because cookies sit as plaintext on a user’s browser, they identify the party tracking user information clearly.
  • Since cookies are governed by browser security preferences, the user has complete control over the amount of tracking and can choose between anonymity or personalization.  Another benefit is that cookies can be cleared easily and at any time (unlike IP addresses).
  • Cookies can only be tied to one browser in one device (unlike an IP address, which is tied to all devices in a household). Most importantly, third party cookies should not include any personally identifiable information.  If used properly, cookies allow Internet services to improve their products and the consumer experience without fear of compromising an individual’s anonymity.

Despite these advantages, awareness of what cookies are and how they work continues to be a challenge for the average consumer.  Nonetheless, cookies represent the best technical compromise between personalization and a user’s control over online identity.

The IP address should be considered protected information.  As such, we should agree on a certain limited set of circumstances (e.g. fraud prevention) in which IP address tracking is necessary.  Even for these circumstances, we should agree that anyone collecting IP addresses should be held to a higher standard of security and consumer disclosure.  For the vast majority of Internet personalization cases, we should eliminate tracking of IP addresses and move more to a cookie-centric world in order to protect Internet users and promote more responsible growth and innovation.

Must Read

Comic: Alphabet Soup

Buried DOJ Evidence Reveals How Google Dealt With The Trade Desk

In the process of the investigation into Google, the Department of Justice unearthed a vast trove of separate evidence. Some of these findings paint a whole new picture of how Google interacts and competes with its main DSP rival, The Trade Desk.

Comic: The Unified Auction

DOJ vs. Google, Day Four: Behind The Scenes On The Fraught Rollout Of Unified Pricing Rules

On Thursday, the US district court in Alexandria, Virginia boarded a time machine back to April 18, 2019 – the day of a tense meeting between Google and publishers.

Google Ads Will Now Use A Trusted Execution Environment By Default

Confidential matching – which uses a TEE built on Google Cloud infrastructure – will now be the default setting for all uses of advertiser first-party data in Customer Match.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
In 2019, Google moved to a first-price auction and also ceded its last look advantage in AdX, in part because it had to. Most exchanges had already moved to first price.

Unraveling The Mystery Of PubMatic’s $5 Million Loss From A “First-Price Auction Switch”

PubMatic’s $5 million loss from DV360’s bidding algorithm fix earlier this year suggests second-price auctions aren’t completely a thing of the past.

A comic version of former News Corp executive Stephanie Layser in the courtroom for the DOJ's ad tech-focused trial against Google in Virginia.

The DOJ vs. Google, Day Two: Tales From The Underbelly Of Ad Tech

Day Two of the Google antitrust trial in Alexandria, Virginia on Tuesday was just as intensely focused on the intricacies of ad tech as on Day One.

A comic depicting Judge Leonie Brinkema's view of the her courtroom where the DOJ vs. Google ad tech antitrust trial is about to begin. (Comic: Court Is In Session)

Your Day One Recap: DOJ vs. Google Goes Deep Into The Ad Tech Weeds

It’s not often one gets to hear sworn witnesses in federal court explain the intricacies of header bidding under oath. But that’s what happened during the first day of the Google ad tech-focused antitrust case in Virginia on Monday.