Answers Served: BlueCava’s Norris Talks Device Fingerprinting and Privacy


conversationADOTAS – BlueCava and its device fingerprinting technology have been weighing on my mind recently, especially after a Wall Street Journal article discovered that far too high a percentage of mobile apps were sending user device ID (UDID) codes to third parties without user knowledge or permission. Cookies can be dumped, IP addresses can be refreshed, but a UDID is forever — or at least as long as a device is in use.

Similarly, BlueCava gathers the plethora of information shared by a browser with a website to build a device profile, complete with an identifier — the system recognizes if a user deletes cookies or refreshes IP and simply updates the profile. According to CEO David Norris, BlueCava has fingerprinted 200 million devices.

And one of them could be yours! Run to the bunker!

As is typically the case in history, technology has improved faster than our ability to evaluate the ramifications (the nuclear revolution comes to mind), hence the overblown fuss about behavioral targeting and other newfangled advertising technologies — of course, you also have politicians and media outlets exploiting privacy fears for personal gain.

A common argument of privacy advocates is, “If they were tracking you in real life, you’d be frightened.” But that’s a poor analogy: Internet tracking is not equivalent to real-world stalking.  The Internet is still a growing medium with constantly changing rules, and thus it should be contemplated differently.

Fortunately, industry players like Norris speak openly frequently about the privacy implications of technologies such as device fingerprinting in order to foster true debate. He was kind enough to talk to me (again — I didn’t scare him off the first time!) being featured in WSJ, privacy concerns around device fingerprinting and whether the Internet has become a surveillance state.

ADOTAS: How about that WSJ? Did you feel honored to be included in Rupert Murdoch’s “War Against the Internet” and the Journal’s hyperventilating “What They Know” series? Received any sympathy calls from RapLeaf?

NORRIS: I really enjoyed doing the interviews with the WSJ – they went pretty deep into what we do, how it works, and after spending a bunch of time with them I think they really got why we are different. I think they wrote a good piece and we got a ton of press inquiries afterwards.

Why are privacy advocates calling you an “idiot“? Sounds a bit harsher than saying you guys have a difference of opinion.

Not sure about that – have not heard that one. We have been contacted by a wide range of privacy advocates and most of them are quite interested in our business model. We have had very open discussions with them and I look forward to a continued dialogue with productive results.

What are your thoughts on the FTC’s proposed “Do Not Track” list? How would such a list effect device fingerprinting?

I think that privacy is an important topic and that consumers should be protected. And I support the FTC’s efforts to push the industry to self-regulate. BlueCava’s privacy system allows consumers to specify their preferences and opt-in/out of being tracked, separately from being targeted.

We believe that there is an important distinction between the two – tracking is all about “watching” which sites you visit on the web, while targeting is all about serving relevant information for consumers. We believe that consumers should have the choice, so we provide both options.

Is there a way to opt-out of device fingerprinting?

Yes, we provide a way. Some vendors do not… so it varies a bit depending on who you are dealing with. To opt-out of BlueCava, you can simply visit our website and select “preferences” at the bottom. This takes you to our preferences page, which allows you to set your preferences and/or opt-out of tracking or targeting.

Can you give us a sneak preview of BlueCava’s soon to be debuted “Reputation Exchange”? How will it work?

BlueCava’s Device Reputation Exchange allows businesses to share their experiences with various devices that visit their website. This allows businesses that experience fraud, to tell other businesses about the “bad” devices, so they can be blocked from doing further fraudulent transactions. Just like credit card companies have been doing it for years, only with devices.

BlueCava’s exchange also allows businesses to share useful information about the category of product that devices are purchasing, such as shoes or travel. This enables other websites to provide more relevant content for each device, improving the overall experience for users.

What kind of companies are most interested in BlueCava’s technology? Are mobile-oriented firms and agency divisions more piqued than their online cousins?

We have a very wide range of interest in BlueCava’s technology, from large e-commerce sites, to gaming sites, to social networking sites, and more. Basically any site that is interested in creating a better experience for their users.

Mobile is certainly a very fast growing segment of the market and in important part of our business. We offer a very powerful multi-channel marketing solution that allows mobile advertisers to measure the ROI for their campaigns, by measuring the influences and/or conversions that occur, as a result of their mobile ad campaigns. This has been a missing piece of the mobile advertising puzzle, until now.

Is device fingerprinting an alternative or a companion to current targeting and data collection methods?

Device fingerprinting can be both an alternative or a complement to existing targeting technologies. Most ecommerce sites will use it as an additional technology, allowing them to extend the value that they receive from older technology solutions. In the mobile advertising space, device fingerprinting is one of the few solutions, since older technologies like cookies were not available for mobile apps.

You mentioned in WSJ that the cookie system was created by accident — sounds like a funny story…

Yeah, it is a system that we created out of a pure need for something, but was never intended to be used to the level that it is now.

How much more time do cookies have left before they are abandoned? Or are they never going away?

They will be around for a long time, as tends to happen with any legacy technology. Once it is used widely, it takes a long time to fade away. Their use will be greatly reduced over the coming years…

Do you consider gathering offline data to assist in building online device profiles a privacy violation? Does it matter that you strip out PPI such as names?

Not at all. Usage of offline data has been happening for years. We are helping to move offline data online so that more relevant content can be provided to consumers. In the end, that is what consumers really want. We do not use any personal information, and in fact we have no idea who the actual user of a device is, so the privacy of the individual is protected.

Is collecting online consumer data “surveillance”? Is the Internet a surveillance state?

Not really. Collecting data about consumers is just a well-tested method for understanding what the consumer wants. This has been done for years, but now we have better tools to allow information to be collected across a broader audience, faster and easier than before. This results in more tailored content for consumers, which is good for everyone.


Please enter your comment!
Please enter your name here