Corporate stalking

The insidious world of surveillance advertising

Illustration | Yaocheng Xia

Imagine this: pop-ups that plaster your browser window with the latest Zelda game that you just looked up, Spotify ads that feature your favourite indie artist’s upcoming tour, YouTube ads promoting that stunning Amalfi Coast resort right after you got tickets to fly there – coincidence? I think not. We have all been targets of suspicious ads that seem like they were tailor-made for us. The preciseness of these ads fills me with awe and unease. In this age where the internet has become so integral to our lives, surveillance advertising by corporate and political players represents a formidable threat to user data and privacy. So, what even are targeted ads, and how do they find us in the vast digital universe?

The principle behind targeted ads is simple—collect, analyze, and adapt. User data is the holy grail for the corporations funding these ads. Each time you visit a website, you leave a Hansel-and-Gretel-esque trail of crumbs that can be collected and stored by various entities. A crucial technological advance that made ad targeting possible is the humble cookie. Cookies are seemingly innocuous bits of data that are stored on your computer each time you visit a website, and function to optimise your browsing experience on subsequent visits. Cookies come with undeniable benefits—they can remember your user preferences such as your login information, the items in your shopping cart, your listening history on Spotify; the list goes on. A subset of cookies, called third-party cookies, goes one step further by tracking your activity across multiple websites to purportedly enhance your browsing experience with personalised ads. These cookies are purely optional, but let’s be real, most of us consent to them just to dismiss the incessant pop-ups. Websites also intentionally make it more difficult for users to deny tracking permission. Often, the terms in the cookie notice are ambiguous, making it hard to discern whether the website uses first-party or third-party cookies or both. One way to tell is to find out if the website displays ads – if it does, it most likely relies on third-party cookies. 

Third-party cookies can be sold to corporations and data brokers, often compromising the sensitive personal information of users without their explicit consent. The most egregious examples of this splash the front page of the news, such as the efforts of a Colorado Catholic group to expose priests secretly using gay dating apps. In March 2023, The Washington Post reported that Catholic Laity and Clergy for Renewal poured millions of dollars into obtaining data that tracked priests’ use of gay dating and hookup apps such as Grindr and shared this information with bishops around the US. The Post also reported that the information was sourced from data brokers, who in turn obtained it from ad exchanges – platforms which heavily rely on third-party cookie data for precise ad targeting. This appalling violation of privacy highlights just one of the countless ways in which surveillance advertising can expose vulnerable individuals and populations in the absence of stringent data protection laws.

Surveillance advertising can have far-ranging impacts beyond privacy concerns. Gillian Brockwell, a writer for The Washington Post, recounted in 2018 her traumatic experience with pregnancy ads that kept targeting her after she had a stillbirth. Targeted ads that know too much can also trigger fear, anxiety, and trauma in closeted members of the LGBTQ+ community, people struggling with body dysmorphia and eating disorders trying to avoid fad diets, and people experiencing loss and grief. These ads may also exacerbate social inequality and target vulnerable populations. A 2019 study by researchers at Northwestern University and the University of Southern California found that Facebook ads for home sales were received by an overwhelmingly white audience, despite Facebook having far more diverse demographics. Job ads for cashier positions reached a largely female audience, while postings for positions in taxi companies reached an audience that was 75 percent black. This is just the tip of the iceberg – the real extent of the psychological and socioeconomic impact of targeted ads remains to be seen.

There has been some pushback against surveillance advertising and third-party cookies in recent years. Data privacy laws across the world have been enacted and strengthened to protect users. For example, the General Data Protection Regulation (GDPR adopted by the European Union requires that websites obtain users’ informed consent for data collection. Browsers such as Mozilla Firefox and Apple Safari have fully phased out third-party cookies to reinforce user privacy. Google, which owns the most widely used browser in the world, repeatedly promised the deprecation of third-party cookies but has since backtracked on its decision, stating that the decision would require “significant work by many participants” and pose repercussions to the companies involved in online advertising. Given the fact that ads make up about 77% of Alphabet’s (Google’s parent company) revenue, we certainly won’t be seeing the last of them any time soon. For now, your best bet at protecting your privacy on the Internet is using a trusty ad blocker, staying informed on the cookie policy of websites you visit frequently, and advocating for more stringent legislation to safeguard user data and privacy.