31

I can understand when I see the same ads across websites, and ads similar to my search history. Some tracking magic through cookies - fine.

But Skype has been showing me ads for exact terms I searched for in Google (Chrome), and nothing else. For example, after I searched for "Fossil messenger bag", all I saw in Skype was one Fossil ad for men's messenger bags. As far as I know, Skype does not snoop my system to read cookies/tracking info from Chrome.

Then I searched for "Infinity QX60" and now I see an ad for exactly that, with the name of a local dealer. When I click the little triangle, I'm taken to the http://dealer.com/opt-out/ - which is a different ad company than the Fossil one (http://info.criteo.com/).

The one and only thing that is the same in Skype and Google/Chrome is my (new, work) email address, which I use for both my Google account and Skype. So it seems to me that Google is actually giving away my personally identifiable information to Skype (or vice versa), i.e. my email address or at least unique hash of it (not much better, I think).

Is this even legal? I don't really care to be honest, just curious. The funny thing is the ads they're showing me are for one-time searches that have nothing to do with my overall browsing history and interests.

Extra Clarification: What I am asking is how the ads in Skype know who I am, i.e. what tracking info to use, since Skype does not use Chrome's cookies. If my email address is being exchanged between Google and Skype for the ads, then is that legal?

makhdumi
  • 411
  • 4
  • 6

2 Answers2

30

This is because Skype displays Google Ads. So Skype isn't getting information from Google about you. They are displaying Google hosted ads which are based on your Google search history.

The search based ads shown are not based off your overall history but recent history by design as it is likely you are currently exploring the market for the product. Where previous searches might no longer be relevant for sales purposes.

Yes It is legal. When you use Google you agree to their terms of services.

Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.

As far as how they make this association the ads are hosted by Google so they have all the data they collected from you when you were using their search engine. They could've detected you are who you are via cookies or "a similar technology". They list that they collect data via that and use it exactly for this purpose under the "Cookies and similar technologies" section in their privacy policy

We and our partners use various technologies to collect and store information when you visit a Google service, and this may include using cookies or similar technologies to identify your browser or device. We also use these technologies to collect and store information when you interact with services we offer to our partners, such as advertising services or Google features that may appear on other sites. Our Google Analytics product helps businesses and site owners analyze the traffic to their websites and apps. When used in conjunction with our advertising services, such as those using the DoubleClick cookie, Google Analytics information is linked, by the Google Analytics customer or by Google, using Google technology, with information about visits to multiple sites.

Disclaimer: At the time of this answer's post the question hinted more towards how are ads showing what I looked up and less of what is technically happening. The original asker has since updated their question. I am not saying cookies are the exact thing they use. "Cookies or a similar technology" is Google's words not mine. This also means the tracking expands beyond cookies. So just because X can't use cookies because of Y reason doesn't mean Google is strictly using cookies. As mentioned in the comments possible vectors relating the data is because they use the host machines browser for HTTP capabilities, use IPs, use some form of machine/browser finger printing, or it is a trade secret not made public. I have not updated my answer because of the lack of evidence one of these is correct.

Bacon Brad
  • 3,340
  • 19
  • 26
  • 4
    Right, but how does Google Ads inside Skype know who I am? – makhdumi Aug 13 '15 at 18:31
  • Okay, but Skype doesn't use Chrome's cookies. It has no way of getting any tracking information. – makhdumi Aug 13 '15 at 18:38
  • @Al-Muhandis well if it's google ads and you use the same e-mail then the ad engine could just use that to tie your identities together, and it hasn't given your data to a 3rd party as it's all google... – Rory McCune Aug 13 '15 at 18:42
  • @RоryMcCune In that case Skype would be giving my email address to Google Ads. It isn't all Google. – makhdumi Aug 13 '15 at 19:18
  • 8
    @Al-Muhandis Skype may be using a browser engine to display the Google Ads, which will then allow it to pick up the cookies you usually use. – Clarkey Aug 13 '15 at 19:41
  • @Clarkey I think this is the correct answer, I'm not at home right now to get the proper references, but you can actually turn off ads in skype by restricting the site they are hosted on (apps.skype.com or something similar) in your Internet Explorer zone preferences. – IllusiveBrian Aug 13 '15 at 19:45
  • @Al-Muhandis well absent another option, I'd wager they're sharing the e-mail address. as to the legality, I'll also suggest that was in the T&Cs you signed up to with skype :) to quote the Skype privacy policy "And we use data to help make the ads we show you more relevant to you" – Rory McCune Aug 13 '15 at 19:45
  • @Clarkey I'm using Chrome, and Skype doesn't know anything about Chrome's cookie store. – makhdumi Aug 13 '15 at 20:03
  • Notice the "Cookies or a similar technology" in my answer. The words in that quote are Google's words cited from their privacy policy on how they track this information. Not mine. – Bacon Brad Aug 13 '15 at 22:27
  • And I also suspected they use an embedded version of the host's browser. But I haven't found any evidence of it to update my answer just yet. – Bacon Brad Aug 13 '15 at 22:33
  • 4
    Just Google having this in their TOS doesn't necessarily make it legal. – Bergi Aug 14 '15 at 00:46
  • They don't need to even get your cookies to track you. Your browser configuration is relatively unique. Your browser tells the webserver lots of things about itself. Everybody has a slightly different configuration for their browser and you can use this information to identify a single user: [Finger Print Your Browser](https://panopticlick.eff.org/index.php?action=log&js=yes). If you use multiple computers and a gmail account they can even associate all your computers to a single account. So browsing one will update the ads seen by the other. – Martin York Aug 14 '15 at 01:36
  • Google uses **MANY** data points to uniquely track an individual. Simply clearing cookies, spoofing a user agent, or even changing browsers isn't enough to get past this point. Not all of them are publicly known either, so who knows exactly how they track you ;) –  Aug 14 '15 at 01:56
  • 3
    By definition cookies are not shared among different browsers, so for example Chrome cannot read your IE or Firefox cookies and Skype cannot read Chrome's cookies. They must be tracking you in some other ways (IP address? some other info we don't know are being sent?). That's actually quite scary. – algiogia Aug 14 '15 at 07:48
  • 1
    IP tracking is common. Not accurate but common as it is easily acquired. Unsure the dangers of this which would make it scary. And I know cookies are not shared among browsers. I mentioned "Cookies or a similar technology" because that is their words on how they track. This means their tracking is beyond the scope of just cookies. – Bacon Brad Aug 14 '15 at 16:07
  • Updated answer to add clarity to my cookies mention and as to why my answer is the way it is. – Bacon Brad Aug 14 '15 at 16:17
  • @BradMetcalf They can't be using IP address in this case, since at my work we all share the same external IP. If they were tracking by IP, I should be seeing ads from my co-workers searches and vice versa. – makhdumi Aug 14 '15 at 18:30
  • I didn't say they were. – Bacon Brad Aug 14 '15 at 19:51
0

You could use a /etc/hosts file with all known ad servers redirected to localhost and run your own webserver. If you do this, you might be able to see a user agent logged in your webserver in the moment that skype tries to fetch the ad. This way you can see if its using Google's webview (would explain why it gets access to your cookies) or MSIE webview (if this is the case, I suspect that at some point you used your google account under IE?)

ruben
  • 1