A Web site's privacy policies can be undermined easily and secretly by any third-party ad service provider, thus leaving site operators open to legal action on privacy issues over which they have no control, Realmedia Chief Technology Officer Gil Beyda warned at a London press conference today. An opportunity for "privacy leakage" to occur is created whenever a Web site directs visitors to a third-party ad server such as DoubleClick, Beyda said. Unless contracts between Web sites and ad service providers governing the use of data are very clear, user details may be moved from the Web site -- to which the information was originally entrusted -- to a less secure environment -- namely the ad server's database -- without the visitors' or the Webmasters' knowledge, Beyda said. In addition to creating this invisible privacy liability, which in itself ought to be bad enough, such third-party data mining can prove expensive for high-profile, branded sites which provide the bulk of the information potentially being abused. The third party can easily gather and correlate a user's details across numerous sites which it serves, and then target the user for ads on behalf of any of those sites. The way it works is this: a user registers his details on a high-profile branded site which offers good content, in exchange for which he is willing to fill in a registration form and reveal his details. The ad server collects that demographic data, compiles it, issues a cookie, and targets the user for the sort of ads he is likely to welcome. The cookie-identified user then visits some third-rate chickenshit site also served by the same ad server, where he receives an ad targeted at him according to the information he gave to the previous, branded site which he had trusted. If he clicks on the banner, the third-rate chickenshit site gets the commission which the branded site had earned. In any case it is always lucrative for the ad servers, which earn their cuts regardless of who clicks which banner where. It's no wonder, then, that they collect vast reams of user data on the pretext of returning detailed reports to their clients, when in fact they are re-marketing the data to other sites which contribute little or nothing to the database. A solution to both problems, Beyda, believes, is the use of privacy proxies between the Web site and the ad server, which can make it physically impossible for the ad server to relate demographic information to specific users. By forcing the ad server to fetch ads via a proxy, the site gains control over the amount and type of information the ad servers receive, and so prevents them from exploiting the site's data base for their own purposes. While Realmedia does offer such a proxy service, Beyda mused that the threat of regulatory action mandating it might in itself suffice to inspire the sorts of contracts between sites and ad servers which would prevent misunderstandings between them and the subsequent abuse of data. Whether or not that's ultimately true, it's nice to see someone refraining from the assumption that all business people are universally intent on screwing each other unless physically restrained from doing so. We'd like to think he's got a point. ®