Exploit: Knowing the Websites your Visitors visit
by Steve Poland

I’m cleaning up house and this was an idea from back in May of this year. It’s not really an idea — more of a bunch of ideas for this browser DOM exploit that was written about here on ReadWriteWeb.

It’s an exploit that can help you better understand visitors of your website; and could be powerful for a behavorial ad network. With it, you could learn more about each individual visitor – including their demographics (kind of), by knowing what sites they visit. For example, you could load up an IFRAME with 100 links in it that you already know the typical demographic classification of, check which sites the user has visited, and profile that user to be ’18-24′, ‘male’, ..etc. If the user has visited a ton of girly websites in your list, then you can make the assumption they are female, and can likely target them better with advertising.

Primary use idea, which could be somewhat of a ‘Lookery‘ script (although they likely are doing a better job; but if they don’t have data on a particular visitor, then this script could be good):

A website (Publisher) puts our JS snippet of code in their website; we host the JS. In the admin, the Publisher input the webpages/URLs they want to track, to see if the user has visited those webpages/URLs. If the user has visited a webpage/URL specified, they can have the experience customized to the user.
- We will also classify the user in a demographic, based on seeing whether the user has been to various websites. [i.e. 'male', '18-24', etc]
The website can also allow advertising to occur on their site — thus, Publishers can specify webpages/URLs that users have visited in past, and if there’s a match, we display ads that do PPC or CPM of the ads to those users. We’d specify certain ads to display based on certain combinations [i.e. display ad1 if user has just been to 'match.com'; but display ad2 if user has also been to 'true.com'].

Other ideas of use:

a JS snippet hosted by me, that blogs/websites can install that will track the users habits of where they go. The blog/website can login and then see demographic data on their users.
a JS snippet hosted by me, that displays ads [CPA?] to a user based on their demographic data and historical site viewing habits. Could display a 300×250 that the website designates to us. If we don’t have an ad for that user, they display AdSense or something else.
- Advertisers can login to our system, specify users they want to target (those that have visited ‘match.com‘ and ‘plentyoffish.com‘), and pay on a CPM basis??? Or they bid on a PPC basis — we display the ads we feel will have higher CTR based on the profile of the user [and the sites they have visited in the past].

Advertising ideas:

If user has been to dating websites, show them a deal on other dating websites.
If user has been to USA Today — the NYTimes might pay to have themselves displayed to that user. [Allow websites to "steal" users]

What do websites already know about their users?

where they are referred from.
mybloglog — can tell you other sites your users visit.

What this hack CAN NOT tell:

frequency of use of a website.
last visit of a website [unless that website has our JS installed].
webpages the visitor viewed on a website (unless you specific a specific URL to a specific webpage in the script).

Update: Scott Rafer of Lookery comments on this post.

Subscribe to Steve Poland's blog by Email

Want to read more stuff by me? Here are some of my popular posts:

Read my other start-up related posts.

http://blog.lookery.com Scott Rafer

Hi Steve,
We appreciate the mention. I would like to emphasize two things:
1. The DOM exploit you mention isn’t anything that Lookery would ever do. We avoid scraping pages *completely* to avoid picking up any PII. Keeping Lookery’s system completely privacy-safe is critical to us.
2. The version of behavioral targeting in which “we can figure out your profile from where you’ve surfed” isn’t one that we like the economics of — nor should you or your readers. Your costs will outstrip the lift no matter how big you scale it. You’ll just never catch up.
Pingback: » ClickJacking - ideas for this sneaky hack (Twitter, etc) - By Steve Poland - web startup ideas and brainstorms, straight up! (formerly Techquila Shots)

Steve Poland (@popo) is an entrepreneur and early TechCrunch writer. Buffalo boy with a craving for food. And concerts. And beer. And consumer web/mobile startups. And life. Boiler up!