Boots that Stalk: How Data Brokers Can Affect the Ads You See Online

by Dustin Moores

“I don’t get it,” my wife said over the phone one blustery November afternoon, “why am I seeing ads for your boots on my work computer?” It was a great question, and the aspiring cyber-sleuth in me wanted nothing more than to find the answer.

“Did you search for them on your work PC?”


“Have you looked for them on your phone?”


“Are you signed into Chrome at work?”

“Yes, but why would that even matter? I’ve never even looked for them anywhere. The only reason I knew you wanted them was because you showed them to me on your phone.”

I scratched my head. Lately, it seemed that every site I visited carried ads for the boots I hoped to snag at deep discount that coming Black Friday. But that made sense. I had visited the retailer’s site on my phone while logged into Google’s Chrome browser. Logically, it was plausible that when I opened Chrome on another one of my devices while signed in, I might see ads for the coveted footwear. But why was my wife getting ads for these things? And of all places on her work computer? The answer, I was soon to find out, laid in the often-opaque world of Data Brokers.

The term Data Broker refers to a rather wide category of private enterprises in the information business. The information that Data Brokers collect, manipulate, buy, sell, and disclose, is quite unique, however. It is your personal information. And that information is worth a lot. The US Federal Trade Commission’s 2014 study of nine US-based Data Brokers found that those nine companies –– a sliver of the Data Brokers out there –– had combined revenue of $426 million. That’s a lot of dough… but let’s get back to the boots.

After some research, I discovered the likely culprit as to why my boots were stalking my wife as she bounced from page to page at work: a technology known as “device matching.” Since the rise of smartphones and tablets, marketers have grappled with the problem of not knowing who you are when you access their websites from more than one device. Unless a visitor logs into their site from each device, the same visitor who accesses a site from two separate devices (i.e. a laptop and a smartphone) looks to the marketer like two different people. This was a problem for marketers desperate to know the motivation behind a visitor’s every click on their website and desperate to advertise to visitors who left the site without making a purchase.

The answer to this problem, of course, is device matching: identifying devices common to the same user. And some of the ways marketers have learned to match devices are quite ingenious. Take Adobe’s “Device Co-op,” for instance: Co-op members voluntarily integrate code into their websites that tags the devices logged into their site.  When more than one device accesses the same site using the same login, the devices are added to a “Device Cluster.”

Now, let’s say you access a different Co-op member’s site first on one device, then on another, but both belonging to the same cluster. This time, however, you decide not to log in upon either visit. In the past, the Co-op member would not have been able to identify you, but now they’ve got you pegged. Co-op members will recognize that the devices you use to visit their sites belong to the same cluster through the data collected and warehoused by Adobe. Now that you’ve expressed interest in their products, they can serve you with streamlined ads across all your devices through what are known as ad exchanges.

Bringing this back to my boots: my wife and I share a laptop. If she logged into a Co-op member’s site from our laptop and her work computer, they now belong to the same cluster, which likely also includes the phone I had used to shop for boots. Now knowing the devices were related, the marketer could bombard all devices in the cluster with ads. Of course, this is just one method. There are many similarly ingenious technologies available for determining which devices belong to the same person in the name of advertising.

Device matching is just one product, and a rather obscure one at that, being offered by Data Brokers. The point to be made here is that Data Brokers today touch almost every aspect of our consumer lives, and sometimes in unexpected ways. Data Brokers play a role in our ability to secure mortgages and loans or to rent an apartment; they play a role in what goods and services are marketed to us online, over the phone, or by mail, and can even have an impact on how long we wait before our call is answered by a customer service agent. In some jurisdictions, like the US, they can help a snooping neighbour discover intimate details about your life, piecing together comprehensive reports about you based on marriage and divorce court records, criminal records, bankruptcy filings, social media postings, and news site references.

In many ways, consumers benefit from the products Data Brokers provide. For instance, “risk mitigation products” that help companies detect fraud can lower the cost of doing business, reducing prices paid by consumers. Data Brokers can also, for better or worse, lead to you seeing more relevant ads online (good for me in the case of my boots, but annoying for my wife erroneously tagged in a “Device Cluster”).

But Data Broker products also raise privacy concerns; they can prioritize certain customers, and potentially certain demographic groups, over others; and they may even hold the power to sway democratic elections.

Data is power, and Data Brokers are amassing an ever more detailed data trove of our personal information by the day. In the following posts, I will explore some of the good, the bad, and the at times shocking reality of what Data Brokers have on offer, and both the intended and unintended effects they have on our day-to-day lives.