By M.R.
I kept hearing that Facebook/Google stores all our information whenever we search something and show us ads based on that information but I never really knew how that worked until I came across this Twitter thread by Chris Yiu who perfectly explained how these ads are tailored according to the choices we make on the internet.
Here’s an easy read for you if you are wondering how those adverts manage to keep on finding you – even when you go incognito, switch devices, or never actually searched for the product in the first place?
Re-marketing/re-targeting through cookies:
You visit a website and it stores a cookie in your web browser. You return later on, the cookie identifies you and the site shows you products you were looking at earlier. Old hat (unless you live in the 1990s), but important to understand for what’s coming next.
You visit a website and it stores a cookie from a third-party ad network. Later on you visit a different site that carries ads from the same network. They see the cookie and display ads based on what you were looking at earlier.
Through grouped audiences:
You open Google and search for a product or website, which helps Google build up a profile of you and your interests. Later on you use your Google account to sign in somewhere else, and you see ads based on this profile (not that you can turn ads personalisation off if you want to).
You’re logged in to Facebook. You visit a website and it has Facebook’s tracking pixel (or like button) installed, which lets Facebook know you’re there. Later on you visit Facebook, and your newsfeed contains adverts based on what you were looking at earlier.
Facebook doesn’t let website owners single you out for these adverts (nor does it sell your data to them). Ads are targeted at groups e.g. people who visited a site in the last 30 days. These groups are called “audiences”.
You visit a website and create an account with them. They upload a list of customer email addresses to Google / Facebook / Twitter etc. to target a campaign. Later on you visit one of these sites, and you see adverts based on what you were looking at earlier.
Through fingerprinting:
You turn on incognito mode (aka “private browsing”), which limits things like cookies. The ad network records other information about your system instead, e.g. web browser, IP address, operating system, screen size, time zone etc.
Later on you visit a site where this network displays ads. They recognise your browser fingerprint (albeit with varying degrees of accuracy) and you see adverts based on what you were looking at earlier, even though you were using incognito mode.
You log into the same online account on more than one browser or device. The provider of the account associates the different fingerprints with your account. Adverts targeted at your account can now follow you from one browser / device to another.
You carry more than one device and you never log into the same account on both, but you do connect them to the same WiFi networks at the same times, and you use both devices to visit sites that contain trackers from the same ad network. Boom, your devices are associated.
Through device ID:
You install an app on your phone. Apps don’t use cookies, but your phone sends a unique device ID to the app creator instead. Later on you open a different app and see ads based on the app you were using earlier.
You install an app on your phone, and then sign in to it using one of your online accounts. You guessed it: your device ID is now associated with that account. Later on you see ads based on your apps when you’re using the account on your computer.
Lookalike Audience:
You never actually visited a particular site, but other people did. You go on Facebook and see ads for it, because your profile is similar to those other people, and the whole group is being targeted. The group you belong to is called a “lookalike audience”.
You never actually visited a particular site, but you share an IP address with people who did, e.g. you and your flatmates are all using the same broadband router. Later on you see ads from that site, because you are all being targeted at your (shared) IP address.
You never actually visited a particular site, but you were in close proximity to other people who did, and you were all signed in to a service with access to your location data. Later on you see ads from that site, because the whole group is being targeted.
After all this, it may surprise you to hear that personalised ads are anything like the problem they are sometimes made out to be.