Imagine a random web.

Your favorite current affairs news blog, which couldn't survive on Viagra ads, is now charging subscriptions. Your e-tail site of choice keeps recommending country music, which you outgrew years ago. And your default social network's constant entreaties for donations finally annoy you so much that you do the unthinkable: switch to MySpace (at least it is supported by News Corp's old-media money).

This is too much. So, you pick up a copy of Portfolio magazine and browse the ads for financial products, reassured that at least this medium knows how to target its audience.

Okay, so Portfolio closed four months ago, joining the ranks of a host of other magazines killed by the recession (or by new media, depending on how you look at it).

Anyway, this extreme scenario plainly won't happen, even if Congress has its way and regulates behavioral targeting in some fashion. The advertising lobby is far too strong to let policing efforts slingshot us back to Web 1.0.

But the battle continues. We'll likely see some form of Congressional hearings, with consumer advocacy groups and watchdog legislators like Congressman Ed Markey (D-MA) trying to sort out whether behavioral targeting companies are really just stealth spy networks. The ability of ad networks, social networking sites, ISPs, and Web publishers to capture user data without disclosing that they're doing so will remain under the microscope. Who knows? We may one day see a national "Do Not Target" registry.

Let's hope not.

The main argument for behavioral targeting is obvious: profitable CPM advertising, which allows advertisers to better reach buyers, supports free sites. Users, in turn, inhabit a less cluttered ad environment with far more relevant advertising.

But it goes deeper than that. Targeting, when it works well, creates a seamless relationship between you, a site's content and the ads on it. Consider magazines like Architectural Digest, Vogue and Travel + Leisure. If you're interested in design, fashion, or travel, you might ending up scanning the ads as much as the articles. Now, consider that the Web can deliver those ads in a far more segmented way (if you're traveling to Turin, you're likely interested in Piedmont wines).

In October 2007, Microsoft paid $240 million to power Facebook's ads, driven by private user data. While jaws dropped over the $15 billion valuation, Facebook has used the capital to quietly build an advertising environment that shows what behavioral targeting can do. You may be too busy browsing your friends' baby pictures to notice the ads (and that is a downside: social networks are not purchasing environments), but as an exercise, go to your personal page and click the "More ads" link. If you're a regular user, chances are it's getting ever closer to nailing who you are.

Rather than showing a succession of Netflix ads, Facebook now more closely resembles a neighborhood store, run by a knowledgeable proprietor who makes smart suggestions about what you might want. Yes, that creepy spy is really just Mr. Hooper. Seriously. The dozens of clerks at your local Barnes & Noble can't possibly remember what you bought a month ago. But Mr. Hooper? He knows.

Let's face it: Facebook's targeting has gotten much better because it uses your personal data without explicitly telling you. Were you given the opportunity to opt out, you probably would. It's almost reflexive for us now: "No, thanks. I don't have time to read the fine print and consider the implications."

So when the behavioralists are trotted before the House Subcommittee on Communications, Technology, and the Internet, their first order of business will be the basics: that, fundamentally, the Web is behavioral targeting. LastFM introduces you to people who like what you listen to; DoubleClick tracks your browsing history to display relevant ads; Amazon tells you a new Dylan album is available because, well, that's what it does best. Digital advertising is killing the magazine industry not because it is a cheap boorish alternative, but because it can simply embed a little Java tag in your cookie and follow you until it (or you) expires.

That is not a bad thing.

Yes, targeting has its downsides:

  • Small sample sizes. Remember that gardening book you bought for your grandmother last year? Amazon sure does.
  • Psychographic characteristics cannot be determined by browsing alone. Clicking on a Rolex ad doesn't mean you can afford a Mercedes; gawking at eye candy does not a luxury buyer make.
  • Perhaps most critically, every behavioral targeting company has to toss out user data on a regular basis or else invest in endless storage. AudienceScience, for example, can track 2 billion events per day but purges data every 90 days.)

Congress should in fact be looking for ways to foster better targeting, not limit it. The more an ad network knows about you, the more likely it will be able to serve an relevant ad and improve your user experience. iTunes makes better recommendations than most for a simple reason: more often than not, it operates from a larger collection of data. You may frequent only one or two sites powered by 24/7 Real Media's Open AdStream, but if you've got an iPod, you've spent time building an iTunes database of, say, a few thousand songs, which directly feeds iTunes' Genius.

To see if Genius is better constructed than other recommendation platforms, create an iTunes database of only 10 songs (which could very well be the number of books you purchased from Amazon in the last year). Then ask Genius to recommend a playlist. You will almost certainly not get that eerie "How does it know?" feeling.

What's the solution? The digital lobby certainly has to do a better job of educating Congress on the benefits of targeting. And self-regulation is critical: NebuAd's clumsy efforts to track browsing histories directly through ISPs hit every wrong note possible for privacy advocates.

The solution, though, may be more technological than regulatory. Suppose ad networks, social networking sites, e-tailers and search engines were to share IP data. The overall sample size would shoot through the roof, and both advertisers and users would benefit from ad placement that is as spot on as iTunes' Genius. Some kind of universal cookie, perhaps, could let e-tailers notify ad networks that, despite your apsirational browsing of ArchiteturalDigest.com, you still shop at Ikea, and so that $40,000 George Nakashima coffee table really is not a good fit.

Suppose further that consumers could control this data. For example, once you returned from your European vacation, you could simply delete your old browsing history on travel, eliminating any more ads for hotels in the Mediterranean.

"Yeah right," you say, "Google would never share its users' search histories with e-tailers, much less other ad networks."

Well, it doesn't have to. Your browser already contains that information. Having this URL...

http://www.google.com/search?q=kindle

... means that you Googled "Kindle." And having this one...

http://www.amazon.com/Free-ebook/dp/B002DYJR4G

... means that you searched Amazon for the Kindle version of Chris Anderson's book Free. Solely by parsing URLs, your browser could even tell whether your Amazon session ended with a checkout.

For certain advertisers, that is valuable information. And if that personal data were kept safe, you probably wouldn't mind if targeting companies used it to display an ad for Free on ad networks.

But let's say you did mind. Let's say you preferred random Viagra and Disney ads. Your browser could resolve this, too. It already stores thousands of cookies for you—in fact, it stores all of the non-logged-in data for sites across the Web. Mostly, this is the Web pages you visit, user names and passwords, and other form data, and it's not easy to discern what cookies are storing what. But your ability to monitor and manage your cookies could be enhanced with a simple extension.

If this extension could communicate with third-party cookie-based systems through a standard protocol, you could set simple controls for how much and what kind of data to broadcast. "Okay, re-targeting bot. If you want to drop a Java tag on me and follow me around the Web, here are the ground rules."

The rise and fall of NebuAd illustrates a rather simple truth of behavioral targeting: the data is yours, not theirs. Yes, ISPs could track your browsing history universally, unlike individual ad networks, social networking sites and search engines. And shared data would enhance the user experience. But because the data is yours, controlling it should be in your hands, not theirs.

Which brings us to the real treasure trove: data you've entered on password-protected sites. Why is Facebook, for example, the only beneficiary of the personal data you enter on that social network? It knows you're an iPhone user, New York resident, Ivy Leaguer, travel lover, and Texas Hold 'Em player for one simple reason: you told it.

If communicating that data through a browser-based protocol, at your discretion, turns Viagra ads into iPhone app ads across the Internet, wouldn't that be something? We all understand the nature of free: someone has to pay. So, why not turn your browser into Mr. Hooper?

Guest author: Chris Kincade is co-founder of DesignBuggy.