FTC Has Issues with How Advertisers Track You Across Your Devices


Cross-device tracking could cause sensitive ads to show up on your work computer based on your searches at home.

Have you ever been surprised to see an online ad on your computer for an item you recently shopped for on your phone?

That's the purpose of a phenomenon called "cross-device tracking": techniques that can follow a user's activity across apps and devices. And while it can sometimes benefit consumers—the same technology lets you pick up an e-book on your iPad where you left off on your phone, or that alerts your bank if your account is accessed from an unusual device—the Federal Trade Commission is worried it could create serious privacy and security risks.

In a report published this month, FTC warned consumers about cross-device tracking, which occurs "when platforms, publishers and ad tech companies try to connect a consumer’s activity across her smartphones, tablets, desktop computers and other connected devices."

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Often, it's used to better target advertising to an individual consumer, combining their online browsing history and offline factors such as location. But with today's technology, "a consumer could get an ad on her work computer related to a program she watched on television, habits revealed by her wearable device, or retail purchases," the report said.

If hackers access that growing cache of personal data, they might be able to post "highly private information on a public website, including health information or other sensitive information gleaned from internet browsing histories," the report added.

There could be personal repercussions, FTC noted.

"A teen who does not want her parents to know she is gay may be surprised to learn that her browsing behavior on her mobile device informs ads that appear on the household computer," according to the report. 

Generally, tracking methods include “browser history sniffing,” analyzing internet activity associated with specific IP addresses, and others. Customers who use the same email address as a login on multiple sites—a retailer and a video streaming service, for example—may find their information shared with a third-party advertiser. That advertiser could figure out which devices customers are using and employ "probabilistic techniques" to serve up enticing ads.

Some self-regulatory groups are already addressing privacy concerns, including the Network Advertising Initiative, which has established a system that allows consumers to opt-out of behavioral advertising, among other strategies, FTC noted, but companies need to be more transparent about their methods.

"As with traditional forms of tracking, companies should offer consumers choices about how their cross-device activity is tracked," the report said.