I used to work for an ad retargeting company. Our advertisers gave us a ton of data that we didn't necessarily want along with pixel data that we did, including email addresses. So if you're logged in to some retailers website and they were retargeting with us, they might either accidentally or deliberately passing us your email address, which would allow us (if we wanted to) to map your email address to your cookie. We see your cookie look at galleries, bam.
Or, more legally, the advertisers could be part of a specific email retargeting campaign where they give us your email addresses, and then we can establish the mapping in a more direct way.
Obviously there must have been more shading goings on in this case, but the principle is the same.
Right, but how did the cookie get associated with a Google search query and then get to the 3rd party who did the shady mapping? That's what wouldn't have happened.
If they clicked through to the art gallery website (from maps/search) and the art gallery was running an ad/tracker network that already knew the user's email from elsewhere, they could put two and two together.
Cookie onboarding services are nothing new. To start, look at a company like LiveRamp. They ask sites that get users to authenticate to login, then you provide them with an anonymous hashed email address of the user which they match with they then use to match against a larger cookie pool. If there's a match, they set another cookie.
This helps solve the issue for advertisers using retargeting where cookies don't have a long shelf life. So they leverage 2nd party data sources to basically set those cookies again for them so they can continue retargeting.
They can also work with vendors to upload their hashed email lists from their CRMs and gain access to the relevant cookies in the pool to market to them.
Onboarding vendors like this tend to pay a CPM rate based on the number of matches they can make with their cookie pool, so really all that matters is that you have a massive number of people authenticating with email addresses.
While unsettling, that still doesn't explain the data flow out of Google. Google wants your customized list of email targeting, sure. But they don't want to leak anything proprietary to others to use, such as search history.
Yeah, but if you've got that on your computer, you have much more to worry about then your search history being used for marketing, and they've got much more lucrative ways of making money from you. It's a "It rather involved being on the other side of this airtight hatchway"[1] type situation.
Oh I don't disagree with you at all. I was just thinking of a case where google maps search leads to email spam related to your google maps search and that's all I could think of.
Or, more legally, the advertisers could be part of a specific email retargeting campaign where they give us your email addresses, and then we can establish the mapping in a more direct way.
Obviously there must have been more shading goings on in this case, but the principle is the same.