In the early years of the Web, advertising took the form of traditional display ads placed on pages. The display ads were no more effective than newspaper or magazine advertisements, and because they reached small, general audiences, they weren’t very profitable. But in the late 1990s, Web advertising began to shift to search engines. Paid links appeared as “sponsored links” at the top, bottom, and side of a search engine result list and even, depending on the search engine, within the “objective” result list itself. Every time a user clicks on a sponsored link, the advertiser pays the search engine for the click-through. For online shopping, having paid placement in searches can be a good thing. But search engines doubling as ad brokers may undermine the utility of search engines as neutral locators of Web sites (see “Media Literacy and the Critical Process: Search Engines and Their Commercial Bias”).

Advertising has since spread to other parts of the Internet, including social networking sites, e-mail, and IM. For advertisers—who for years struggled with how to measure people’s attention to ads—these activities make advertising easy to track, effective in reaching the desired niche audience, and relatively inexpensive because ads get wasted less often on the uninterested. For example, Yahoo! gleans information from search terms, Google scans the contents of Gmail messages, and Facebook uses profile information, status updates, and “likes” to deliver individualized, real-time ads to users’ screens. Similarly, a mobile social networking application for smartphones, Foursquare, encourages users to earn points and “badges” by checking in at business locations, such as museums, restaurants, and airports (or other user-added locations), and to share that information via Twitter, Facebook, and text messages. Other companies, like Poynt and Yelp, are also part of the location-based ad market that is projected to account for one-third of all mobile advertising by 2015.²⁶ But by gathering users’ location and purchasing habits, these data-collecting systems also function as consumer surveillance and data mining operations.

The practice of data mining also raises issues of Internet security and privacy. Millions of people, despite knowing that transmitting personal information online can make them vulnerable to online fraud, have embraced the ease of e-commerce: the buying and selling of products and services on the Internet, which took off in 1995 with the launch of Amazon.com. What many people don’t know is that their personal information may be used without their knowledge for commercial purposes, such as targeted advertising. For example, in 2011, the Federal Trade Commission charged Facebook with a list of eight violations in which Facebook told consumers their information would be private, but made it public to advertisers and third-party applications. Facebook CEO Mark Zuckerberg admitted the company had made “a bunch of mistakes,” and settled with the FTC by fixing the problems and agreeing to submit to privacy audits for twenty years.²⁷

One common method that commercial interests use to track the browsing habits of computer users is cookies, or information profiles that are automatically collected and transferred between computer servers whenever users access Web sites. The legitimate purpose of a cookie is to verify that a user has been cleared for access to a particular Web site, such as a library database that is open only to university faculty and students. However, cookies can also be used to create marketing profiles of Web users to target them for advertising. Many Web sites require the user to accept cookies in order to gain access to the site.

Even more unethical and intrusive is spyware, information-gathering software that is often secretly bundled with free downloaded software. Spyware can be used to send pop-up ads to users’ computer screens, to enable unauthorized parties to collect personal or account information of users, or even to plant a malicious click-fraud program on a computer, which generates phony clicks on Web ads that force an advertiser to pay for each click.

In 1998, the FTC developed fair information practice principles for online privacy to address the unauthorized collection of personal data. These principles require Web sites to (1) disclose their data-collection practices, (2) give consumers the option to choose whether their data may be collected and to provide information on how that data is collected, (3) permit individuals access to their records to ensure data accuracy, and (4) secure personal data from unauthorized use. Unfortunately, the FTC has no power to enforce these principles, and most Web sites either do not self-enforce them or deceptively appear to enforce them when they in fact don’t.²⁸ As a result, consumer and privacy advocates are calling for stronger regulations, such as requiring Web sites to adopt opt-in opt-out policies. Opt-in policies, favored by consumer and privacy advocates, require Web sites to obtain explicit permission from consumers before the sites can collect browsing history data. Opt-out policies, favored by data-mining corporations, allow for the automatic collection of browsing history data unless the consumer requests to “opt out” of the practice. In 2012, the Federal Trade Commission approved a report recommending that Congress adopt “Do Not Track” legislation to limit tracking of user information on Web sites and mobile devices, and enable users to easily opt out of data collection. Some Web browsers, such as Internet Explorer 9, are offering “Do Not Track” options, while other Web tools, like Ghostery.com, detect Web tags, bugs, and other trackers, generating a list of all of the sites following your moves.