UPDATE: The enforcement group of the Digital Advertising Alliance brought action against Blue Cava based on the some of the issues outlined in this post, which resulted in policy changes.
Today I listened in on a sales webinar for Blue Cava, which provides device fingerprinting services that identify a user’s machine based not on cookies, but unique and immutable characteristics of the device and browser. The privacy implications are controversial because Blue Cava works expressly to frustrate consumer choice when it comes to tracking — deleting or blocking cookies through normal browser processes doesn’t work to stop it; the only way to do so is to use an opt-out process on the Blue Cava site.
- As expected, outside of fraud prevention, the chief business benefit is increased ad effectiveness relative to cookie-based targeting. Not a surprise, since you’re tracking people who don’t think they’re being tracked.
- Blue Cava also is developing their own repository of behavioral data (across all installations), which is associated with their device ID.
- Blue Cava works on any device, although it isn’t clear whether they need the same fancy methods for a mobile device, to the extent they can use the built-in mobile identifier.
- They characterized their opt-out process as superior because it is more persistent than cookies, although we don’t now much about how they enforce the opt-out on the back-end, and their policy stipulates they won’t ever let you opt-out of fraud detection. In their words: “we don’t let you opt out of certain tracking activities that we use to define the reputation status of a device. When a device does good things and bad things we keep a record of it.” Also, they don’t currently provide opt-out applications for the mobile devices that they track (just browsers).
Bottom line: Blue Cava’s marketing technology is a bad idea for consumers, and one which threatens to undermine industry progress toward enhanced notice-and-choice. Companies using Blue Cava will put their brand at risk; our spider already watches thousands of sites for Blue Cava server interactions, and we won’t be shy about calling them out. There’s also little question that for a site to implement Blue Cava without express and clear disclosure will not only only turn off consumers, but also risks serious legal blowback.