When an online server computer (e.g., a server hosting an online site) is accessed by a user using a networked computer or other online user interface device (e.g., by a user visiting the online site), that accessed server often places (or causes to be placed) a cookie on the user's computer to enable the online server to recognize that user's computer during subsequent access of the online server. The cookie might include only an IP address, time, and date (IP/T/D) that corresponds to the user's access, an additional or alternative cookie identifier, or more detailed information pertaining to the user's access of the online server. Instead of (or in addition to) including such additional information in the cookie itself, the information can be stored by the online server along with a reference to the cookie (by the IP/T/D or by a cookie identifier included in the cookie). Upon subsequent access of the online server by the user's computer, the server can recognize, by reading the cookie, the computer as having previously accessed the server (with or without placing another cookie or modifying the existing cookie). The cookie placement and subsequent recognition of the cookie are typically performed automatically under the control of programming code on the online server.
Instead of, or in addition to, placing its own cookie on the user's computer, the accessed server can redirect the accessing user's computer to another online server (i.e., a so-called redirect server) that can place a cookie on the user's computer or recognize a cookie that it placed previously, thereby allowing the redirect server to recognize the user's computer upon subsequent redirects. The redirect can include information concerning the user's access of the redirecting server. A redirect server can further redirect the user's computer to yet another redirect server; the term “redirect server” can denote any one of such a sequence of redirect servers. The user typically is not directly aware of the redirect or cookie placement, which is typically performed automatically under the control of programming code on the redirect or accessed server, respectively. An example is a so-called “web beacon,” which is also known in the industry as a 1×1 pixel, web bug, single-pixel GIF, pixel tag, smart tag, action tag, clear GIF, tracer, 1×1 GIF, or a cookie anchor. Such web beacons are often implemented as a single-pixel image that can be inconspicuously located on a web page or in an email; the user's computer is redirected to a redirect server to retrieve the image, enabling the redirect server to receive the cookie identifier from the accessed site or to place its own cookie on the user's computer. In some instances the user's computer can be directed to a redirect server under the direction of programming code on the user's computer (so-called adware).
In some instances, a redirecting server can send along its own cookie identifier when redirecting the user's computer to another redirect server. That allows the redirect server to associate its own cookie identifier with the redirecting server cookie identifier in a process is known as “cookie matching.” Upon a subsequent encounter between the user's computer and the redirecting server, the redirecting server need not redirect the user's computer to the redirect server. Instead, the redirecting server can directly transmit to the redirect server, along with the redirecting cookie identifier, newly gathered information concerning the user's computer. Because the redirect server previously cookie-matched its own cookie identifier with the redirecting server's cookie identifier, the redirect server can associate the transmitted, newly gathered information with its own cookie identifier. That information can be used for targeting online advertising or can be further aggregated or distributed to other servers. The cookie-matched information transmitted from the redirecting server to the redirect server can be transmitted on a per-user basis, or a file (e.g., a log file) can be transmitted that includes such information for multiple users. Cookie matching can reduce the number of redirects of a user's computer or by a redirecting server. Using its own cookie on the user's computer, the redirect server can also recognize the user's computer upon a subsequent encounter between the user's computer and the redirect server.
The server directly accessed by the user, or any server to which the user's computer was redirected, can use the cookies (and the information included in or associated with them) to form a profile associated with the user's computer that can in turn be used in a variety of ways. Based on the profile, the accessed or redirect server can select or deliver online advertising to the user via the user's computer, or can cause another online server to select or deliver such advertising; either scenario shall be encompassed by the phrase “selecting or delivering” an advertisement. The online advertising can be selected and delivered immediately, during the user's current online session, or can be selected and delivered later, during subsequent online sessions when the cookie placed on the user's computer is recognized by the accessed server or the redirect server. Instead of (or in addition to) providing advertising, the accessed or redirect server can collect user data from other online servers, can distribute user data to other online servers, or can aggregate user data. Selecting or delivering online advertising, or collecting, aggregating, or distributing collected user data, is typically performed automatically under the control of programming code on the relevant server.
Online advertising selected for delivery to the user can be generic, but it is typically preferable to deliver online advertising that is targeted at the user (or at least the user's computer). Targeting of online advertising based on online behavior can be done in a variety of ways. The directly accessed online server can select and deliver online advertising to the user's computer based on the user's activity at an online site, which activity is monitored by that server during that online session. For example, a server for an online travel site can deliver online ads for hotels or rental cars in a particular geographic area during a session when a user searches for plane tickets to that area. The directly accessed online server can also (or instead) deliver targeted online ads during a current online session based on the user's activity at the server during a previous online session. For example, a user can purchase during a previous online session a particular movie from an online seller of music and video through that seller's online server. During a subsequent online session when the user accesses the music/video seller's server, that server can deliver an online ad for the corresponding movie soundtrack or for other movies related to the purchased one (by common actors, subject matter, purchases by other customers, and so on).
Targeted online advertisements can also (or instead) be selected or delivered by a redirect server (with the redirect arising from the accessed server or another redirect server). The two previous examples can be implemented with a redirect server selecting or delivering the targeted online ads during a user's online session at the redirecting accessed online server. However, a typical redirect server can receive redirects from a multitude of online servers, enabling the redirect server to recognize online activity at multiple online sites served by corresponding servers that can be associated with the same user computer (through recognition or updating of the redirect server's cookie at each subsequent redirect). The redirect server can therefore select or deliver online advertising to a user during an online session at one accessed online server based on the user's online activity at another accessed online server (during the same online session or during a previous online session). Alternatively, the redirect server can collect, aggregate, or distribute the online user data and pass the data along to another server that selects or delivers online advertising. There can be a sequence of any number of intermediate servers that collect, aggregate, and distribute online user data.
Various types of online entities operate redirect servers for facilitating targeting and delivery of online advertising. Examples of such online advertising entities include but are not limited to online ad space sellers, online ad space buyers, online data aggregators, online data distributors, or entities acting as any combination of those. Such entities can operate servers that are directly accessed by users as well as redirect servers.
Conventional methods for targeting online advertising based on online behavior can be implemented without using personally identifiable information. Tracking of online activity and targeting the online ads based on that activity can be accomplished using only cookies or static IP addresses or adware, without knowledge of the identity of the computer user accessing the online servers (or without knowledge of the identity of the subscriber whose online access device is used for accessing the online servers). Accessed online servers typically do not have access to personally identifiable information unless that information is supplied by the user while interacting with an online site controlled by the server, and operators of accessed online sites typically are not permitted to convey that information to third parties without explicit consent of the user (i.e., without user opt-in). A provider of online access (i.e., an Internet service provider, a/k/a an ISP) can track and record all online activity and associate that tracking information with the identity of a subscriber. However, current public and industry policy generally prohibits such tracking of online activity by ISP's, associating that activity with a particular user or subscriber, or conveying such information to third parties without opt-in. Even if legal, privacy policies and business practices of avoiding controversy counsel in favor of avoiding such tracking of information that reveals or allows exposure of personally identifiable information.
It would be advantageous to target online advertising based not only on online activity originating from the user's computer, but also on the user's “offline” activities and characteristics (i.e., activities not performed using access through a computer network, or characteristics not necessarily discernable by an online site). Such offline characteristics and activities can include, but are not limited to, city/state/country of residence, home or automobile ownership, employment status, job description, marital or family status, income level, products purchased offline (phone order, mail order, or in-store), credit score, memberships, political or religious affiliations, or other demographic or behavioral information about a subscriber. Data of those sorts are referred to herein as “offline data” to contrast with “online data” arising from a user's online activity. Vast amounts of offline data, for example, are already amassed, for a majority of consumers in the U.S., by credit-reporting bureaus such as Experian, TransUnion, and Equifax. Retailers also collect and maintain offline databases concerning their customers and those customers' shopping histories. Organizations collect and maintain databases of members, supporters, or contributors. All such collectors or owners of offline data are referred to herein as “offline data providers.” Offline data is conventionally used to target print, mail, and phone advertising to consumers (i.e., “offline advertising”). By its very nature, such offline data includes personally identifiable information, because a common intended use is to target offline advertising, which must be directed to a particular person's mailing address or phone number. Examples of personally identifiable information include, but are not limited to, name, date of birth, residence address, phone number, email address, financial account numbers, government-issued identifiers (e.g., Social Security number or driver's license number), vehicle registration or license plate number, facial images, fingerprints, retinal scan, other biometric information, signature or other handwriting samples, or other information that can be tied to a specific individual.
Online distribution of personally identifiable information currently is limited to so-called opt-in arrangements, in which a user accessing an online site must explicitly give permission for the site to distribute the user's personally identifiable information to other entities. Merging of PII with previously collected online tracking or behavioral data is also typically limited to user opt-in arrangements. A weakness of such opt-in scenarios is their limited scale (i.e., limited coverage or penetration), because many users decline to opt in (because they do not want their identifiable information distributed). In contrast, targeting of online advertising using only information or data that is not personally identifiable can be done on an “opt-out” basis, in which user information can be used to target the online advertising unless the user explicitly refuses permission for the online site to use the information. Such opt-out scenarios are more valuable commercially, because a substantially larger fraction of users (as compared to those who will affirmatively opt in) will decline to opt out, thereby allowing the use of information that is not personally identifiable. The ability to opt out can be made explicitly available by an accessed or redirect server, as is done currently by major online site operators and online advertising companies through a voluntary industry initiative. A user, by deleting or disabling cookies on the computer, can effectively prevent or at least limit targeting of ads based on data collected by the online entities that placed the cookies.