Removing the mystery from history sniffing

It’s called history sniffing — the practice of “sniffing” people’s web browsers to determine if they’ve visited certain sites.  According to the FTC’s lawsuit against Epic Marketplace and affiliated companies, history sniffing is a particularly invasive form of tracking that raises serious consumer privacy concerns.

The settlement is the latest FTC initiative to address behavioral advertising – the practice of tracking consumers’ online activities to serve up ads targeted to their interests.  What did the respondents do to attract law enforcement attention?  Epic is a network advertising company that engaged in online behavioral advertising.  According to the FTC’s complaint, Epic served ads to many popular sites.  When people visited those pages, Epic would run software behind the scenes — unbeknownst to consumers — that would “sniff” their browser histories to see if they had visited any of thousands of other sites.  Many of the sites related to sensitive subjects:  fertility issues, impotence, menopause, incontinence, disability insurance, credit repair, debt relief, personal bankruptcy, to name just a few.  The FTC alleged that Epic used that information to determine the kinds of ads it served to those consumers.  For example, if people had visited webpages about credit repair, Epic might target them with ads relating to bad credit or bankruptcy.

According to the complaint, Epic and its parent company deceived consumers and didn’t disclose what it was doing.  Therefore, people had no way of knowing that their browsing histories were being scrutinized.  As part of the settlement, the respondents have agreed not to engage in history sniffing and not to misrepresent the extent to which they collect, use, or disclose consumer data.

What can businesses take from the FTC’s action here?  Be up front with people about the information you collect from them, how you do it, and for what purposes you use it.  When you explain your practices, put the information where people will notice and read it.  There’s no one set way to accomplish that, but as experienced marketers will tell you, some methods — dense blocks of text or vague hyperlinks, for example — are designed for failure. 

Furthermore, explain your policies in language people will understand.  Sure, talk it over with your tech people and attorneys, but when communicating with consumers, use the same clear, to-the-point wording you use in your ads.  Finally, give people an easy way to opt out of data collection.

Transparency and effective choice can reduce the risk of law enforcement scrutiny.  But even more important, they build trust, an essential component of lasting customer relationships.

Want to weigh in on the proposed settlement?  The deadline for public comments is January 7, 2013.  If you're interested in related consumer privacy issues, don't miss the FTC's workshop, The Big Picture, set for Thursday, December 6, 2012.  Can't make it to Washington?  Watch the webcast.

 

1 Comment

>> Leave a Comment | Comment Policy

I think the FTC should be very concerned about this and should step up procedure's and penalties for those entities that participate in this practice. It is beyond invasive and is more than likely the tip of the iceberg for rampant fraud.

With regard to the robo-call article
kill that to it is barbaric and intrusive as well as offensive.

Companies that engage in one are almost certainly engaging in one form or another in both practice's.

This certainly beg's one to ask is have we allowed these practices to go to far already.

Leave A Comment

Don't use this blog to report fraud or deceptive practices. To file a complaint with the Federal Trade Commission, please use the FTC Complaint Assistant.

PRIVACY ACT STATEMENT: It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act and the Federal Information Security Management Act authorize this information collection for purposes of managing online comments. Comments and user names are part of our public records system, and user names are also part of our computer user records system. We may routinely use these records as described in our Privacy Act system notices. For more information on how we handle information that we collect, please read our privacy policy.