The Federal Trade Commission (FTC) has cracked down on a company that was engaged in “history sniffing,” a means of online tracking that digs up information embedded in web browsers to reveal the websites that users have visited. In a proposed settlement with Epic Marketplace, Inc. and Epic Media Group (together, “EMG”) announced on December 5, 2012, the FTC settled charges that EMG had improperly used history sniffing to collect sensitive information regarding unsuspecting consumers.
EMG functions as an intermediary between publishers—i.e., websites that publish ads—and the advertisers who want to place their ads on those websites. It does this through online behavioral advertising, which typically entails placing cookies on websites a consumer visits in order to collect information about his or her use of the website and then using that information to serve targeted ads to the user when he or she visits other websites within the EMG Marketplace Network.
What got EMG into trouble was that it also used history sniffing to collect information regarding the websites that users visited. Here’s how the technique works. In your web browser, hyperlinks to websites change color once you have visited them. After you have visited a webpage, the hyperlink to it will most likely appear in one color (e.g., purple). If you haven’t been to a particular webpage before, any link to it will probably show up in another color (e.g., blue). History sniffing code exploits this feature to go through your browser—that is, to “sniff” around—to see what color your hyperlinks are. When the code finds purple links, it knows that you’ve been to those websites.
According to the FTC, for almost 18 months—from March 2010 until August 2011—EMG included history sniffing code in ads it served to website visitors on at least 24,000 webpages within its network, including webpages associated with name brand websites. EMG used the code to determine whether consumers had visited more than 54,000 different domains, including websites “relating to fertility issues, impotence, menopause, incontinence, disability insurance, credit repair, debt relief, and personal bankruptcy.” EMG used this sensitive information to sort consumers into “interest segments” that, in turn, included sensitive categories like “Incontinence,” “Arthritis,” “Memory Improvement,” and “Pregnancy-Fertility Getting Pregnant.” EMG then used the sensitive interest segments to deliver targeted ads to consumers.
The proposed consent order would, among other things, require EMG to destroy all the information that it collected using history sniffing, bar it from collecting any data through history sniffing, prohibit it from using or disclosing any information that was collected through history sniffing, and bar misrepresentations regarding how the company collects and uses data from consumers or about its use of history sniffing code.