“A Web application can benefit from this location context information in many ways,” wrote research team members Yinglian Xie and Martin Abadi in an e-mail. “One example would be targeted advertisements. For example, ads about plumbing services may be more relevant to users when they are at home than when they travel.”
Other evidence suggests that this kind of targeting would work. The researchers compared logs from Web searches made from “home” and “travel” IP addresses to see how often people in the two types of locations clicked on search ads. Some search words primarily led to ad clicks from one type of location. For instance, ads served against the words “movies,” “inn,” and “cars” more often tempted users with travel IPs, while “employment,” “applications,” and “college” led to ad clicks from home.
The IP data could also be used to track people when they move to a new home, making it possible to map relocation patterns for the U.S. (see image).
“I’m not aware of any companies doing anything this sophisticated yet,” says Jules Polonetsky, director of a think tank called the Future of Privacy Forum, “but I wouldn’t be surprised to see smaller firms experiment with it soon.” Firms that track Web users in order to target advertising are increasingly turning to methods that don’t rely on cookies, he explains, because these are unaffected by browser settings or the “private browsing” modes that feature in modern browsers. “They’re looking to avoid any control that the user has,” says Polonetsky.
The best hope a user has for regaining control in the face of IP-address-based profiling is anonymity software, says Jacob Appelbaum, a security researcher and lead developer of the Tor project, which develops open-source anonymity software. Tor masks a user’s IP address by passing his or her connection through a network of relays around the world. “Some people don’t want to help businesses gain better intelligence every time they visit a website,” says Appelbaum, “Tor is a way to opt out.”
The Microsoft team says its method could be made more powerful by combining its data with data that ISPs maintain about their subscribers and with databases of the location of public Wi-Fi access points. But this enhancement is not one they will pursue, say Xie and Abadi, explaining that “the business and privacy questions that it raises are potentially problematic.”