Blogpost

Real-Time Bidding: Technology or Data Breach?

What is Real-Time Bidding (RTB)?

Real-Time Bidding (RTB) is a technology operating behind the scenes on all websites and apps, tracking everything you look at, no matter how private or sensitive. And, RTB records where you go. Every day, RTB shares data about you with a host of companies continuously, enabling them to profile you.

Companies including Google, Yahoo, and Microsoft let advertisers buy ads in the split seconds between when you enter a site’s web address and the moment the page appears. RTB technology allows advertisers to examine site visitors and bid to serve them ads instantly.

New York Times offers this description of Real-Time Bidding: “…say a man just searched for golf clubs on eBay (which has been testing a system from a company called AppNexus for more than a year). eBay can essentially follow that person’s activities in real-time, deciding when and where to show him near-personalized ads for golf clubs on the Web.”

What is the Biggest Data Breach?

Recently, the Irish Council For Civil Liberties (ICCL) released a report titled “The Biggest Data Breach,” calling the scale of Real-Time Bidding (RTB) data broadcasts in the U.S. and Europe a data breach. (Whether or not you think RTB should be called a data breach, looking at the data in the report is fascinating.)

The ICCL is a membership organization that seeks to “speak truth to power, even when it is unpopular or difficult. We work to ensure that everyone in Ireland can enjoy all of their rights, all of the time.”

Key Insights on RTB

ICCL’s report uses these key findings to describe RTB as a data breach:

  • On average, a person in the U.S. has their online activity and location exposed 747 times every day by the RTB industry.
  • In Europe, RTB exposes people’s data 376 times a day.
  • Europeans and U.S. Internet users’ private data is sent to firms across the globe, including Russia and China, without any means of controlling what is then done with the data.
  • The RTB industry generated $117+ billion in the U.S. & Europe in 2021.

Other key findings include:

  • U.S. Internet users’ online behavior and locations are tracked and shared 107 trillion times a year.2 Europeans’ data is exposed 71 trillion times a year.
  • RTB firms broadcast RTB data widely. For example, Microsoft “Xandr” says it may send data to 1,647 other companies.

What are the Dangers of RTB?

The ICLL argues that RTB is dangerous to consumers because there is no way to restrict the use of RTB data after it is broadcast. Data brokers have used RTB to profile Black Lives Matter protestors. Additionally, RTB technology was used to out a gay Catholic priest through his use of Grindr.

The private sector uses it, the government uses it. US Department of Homeland Security and other agencies use RTB for warrantless phone tracking.

What Can You Do?

Ron Bradley, VP of Shared Assessments shares that NOTHING most of us do on the Internet is anonymous. But there are safeguards we can put in place to protect ourselves.

At a recent conference, Bradley was looking over the shoulder of a colleague, and within two seconds Bradley easily determined that his colleague has children and pets based solely on the ads popping up on his screen. Those convenient links to social media platforms embedded into web pages make the job of privacy pirates just that much easier.

You are a commodity. Your data has already been compromised and will always be for sale to the highest bidder. If that makes you uncomfortable, then take these simple measures to protect yourself online:

1. Install battle-tested privacy plugins.

2. Tighten the security and privacy settings on your browsers to the point it becomes annoying, then back them off if necessary.

3. Use Incognito or Private windows when connecting to sensitive sites.

4. Make use of a VPN to hide your IP address.

5. Use password managers, and never reuse passwords on sites such as healthcare and banking.

6. These suggestions are just a few of the overall layers of the security onion everyone should be conscientious of in today’s computing environment. You don’t have to eat the entire elephant today. But start small and begin with an ad blocker. Don’t put it off. Your privacy depends on it.

Conclusion

“Is Real-Time Bidding (RTB) Really A Data Breach?” could be a good debate topic over drinks with other risk and cybersecurity professionals…

Meanwhile, we can all agree with Tom Garrubba, VP of Shared Assessments: it is time for data protection agencies, information commissioners, and related government agencies the world over, to review existing practices with Big Tech and see how they can better tame this part of the “wild west.”