Skip to content →

Your Cookies Have Already Been Sold


If I’m interested in buying a car, soon advertisers will know it. When I surf the web, I’ll see nothing but car ads. As my preferences for car type are revealed in my online behavior, the ads will become more focused, I’ll just see ads for blue hybrids with 4-doors and GPS. As my transactional intentions across a number of threads surface, my advertising environment will mirror the state of my desire. They’ll see me coming a mile away.

Under the rubric of an evolutionary improvement in the targeting of advertising, Stephanie Clifford, of the NY Times, writes about two firms: BlueKai and eXelate that want to buy your cookies— although not from you. As part of their session management and optimization processes, most commercial websites record user interactions with web pages and some of that data is stored in a cookie that serves to identify the behavior of unique users.


These new firms are setting up an intermediary market for user cookies. They’ll buy the cookies from firms that have set them on your behalf, and then sell them on to other sites that want to sell you things based on the implied intentions contained in your cookie. Your gestures are being sold and you’ve been cut out of the take. Saul Hansell of the NY Times Bit Blog puts some more context around the issue, especially as it’s implemented through the Google/DoubleClick combination. And of course Steve Gillmor conceptualized all this stuff about five years ago.

In order to maintain the common good and a civil society, there’s a rule that says that both scripts and cookies may not operate across domains. But as is often noted, there’s no problem in software engineering that can’t be solved by another level of indirection. While another site may not directly read the cookies I’ve set on behalf of a user, apparently this doesn’t stop me from selling that cookie to a third-party who can then create a market to sell it to the highest bidder.


We assert that the user owns her own data– and presumably this means that the user should benefit from any value derived from that data. This new breed of “service” will sell your data and you’ll never know it happened. The whole thing will be quite painless. There’s nothing to be afraid of. And yes, of course they take your privacy very seriously. That’s why they’ll let you opt out of their service. The usability of their opt-out process, no doubt, is one of their top priorities. Explicit licensing of user data by users, along the lines of creative commons, may ultimately be part of how this story plays out.

Turning this model around, there’s Phil Windley’s new company, Kynetx. In this model, the user has the capability of sharing information with a web site through information cards and possibly other means. Ambient data like a user’s location as implied by an IP address are also fed into the mix. A site, knowing you live in Chicago, might offer you a special discount. In Windley’s model, the user has a much higher degree of control. He discussed his new firm with Jon Udell on an episode of IT Conversations‘ Interviews with Innovators:

Contextual Browsing w/ Phil Windley – Contextual Browsing

The user experience industry has been working hard on developing consistent and simple user interaction experiences within particular web properties. Many companies, financial institutions in particular, with multiple web properties with divergent websites and experiences are endeavoring to merge them into a single visual and interaction design with a common authentication/identity system. There’s ample evidence that next horizon of cross-domain user experience is gaining traction.

A person’s intention to buy a car isn’t limited to a single web domain. Her search will take her through many physical locations (recorded w/ GPS?) and many different online locations.  The capability to address the cross-domain/multi-domain gesture set that expresses a user’s transactional intention is the next frontier of commerce on the Network. The question is: who will be doing the targeting, the customer or the vendor?

It’s a discussion that should happen out in the open. Perhaps the next Internet Identity Workshop in May could provide a forum for a discussion that could include Omar Tawakol of BlueKai, someone from eXelate, Phil Windley and Doc Searls from the VRM point of view. If cookies become valuable, companies will increase their revenue opportunity by putting more and more behavioral information into them. There’s a hand in your cookie jar, the question is, are you going to do anything about it?

Published in digital economics hci identity markets user data value zettel