How ITEGA can reconcile privacy and identity with the needs of advertisers – a shared-database of non-personal interest information

Our goal is to improve the relevance of ads you agree to see, which should improve the user experience.  ITEGA will be able to enforce rules that forbid targeting individual users who value their privacy higher than targetted advertising. They should have that choice. Thus the ITEGA’s goal is to the make a better, more trust-worthy market for digital information.

By Bill Densmore
ITEGA Founder
(shortlink for this post:

Helping the public to better manage their identity and privacy and creating new opportunities to pay for quality information have been the goals of the non-profit Information Trust Exchange Governing Association (ITEGA) since the project’s since its inception. There has always been a need to find a balance between the aspiration of user privacy and the reality of needing to enable information commerce. The ITEGA’s interest groups are studying an approach which might achieve both – while decreasing the use of ‘cookies,’ helping speed up page loading and discouraging ad blocking.

Cambridge ITE meeting chalkboard: Features

A two-part goal of ITEGA has been to (1) to give advertisers the information they need to better target their messages to users but (2) without sacrificing user privacy or choice. In the present web, those goals are often in conflict and, as a result, both targeting and privacy suffer. The result is a lose-lose-lose for advertisers, users and news publishers.

  • On the one hand, publishers want to maintain close relationships with their subscribers and users, in order to provide custom information services. That suggests that core user identity records should be lodged with individual publishers, not at some central service such as Facebook or Google.
  • On the other hand, advertisers want readily accessible information about users to be able to target ads to groups of consumers with similar content or buying interests. That suggests a need for some standardization of user profile information — in a place where advertisers and their agencies can get it instantaneously to efficiently serve the right ad in the right place at the right time.

One way to resolve conflict: ‘Local data’, selectively shared 

Under the approach under consideration by ITEGA strategists, public users would have individual accounts on their “home base” they sign up with. The core database for each user would be at just one of potentially thousands of home-based service providers – such as  publishers. or a specialized identity service provider), or possibly even within a user’s web-browsing software or on their phone or computer.

This “core atttibutes” data can then be a single source for a user’s current profile — with rules about their use governed by the ITEGA.  The end user could supply (or sanction) and edit personal demographic, interest and behavioral information. These data points could be stored as 100 or more standard “attributes.” Only the user — and their “home base” — would have access to it or could change attributes.

The ITEGA would sanction and govern operation of a service which takes just those attributes a user is willing to share — and aggregates them — anonymously — with millions of other user attributes in a shared online resource accessible to advertisers and other publishers. In a key nod to privacy, the one-time user-attribute records handed out to the ITE service would be linked not to names or addresses, but to a unique alphanumeric — temporary — identification.

ITEGA would make rules and guide technology that allows sharing of user attributes – temporarily – by the shared service. The service would be a single trustworthy source that advertisers and publishers could query in real time to personalize services that advertisers need.  Home-base publishers would use ITE protocols to contact the shared service and periodically update — or delete — user-authorized profile information.


As an example, user Bill Densmore would be known by name to his most-trusted home-base “publisher”.  But Bill’s demographic or interest information would be linked only to a number such as FooBar1234publisher to everyone else. And the number might change frequently to become BigFoot9999publisher next week, and something else the week after.  The system thus distributes the job of “authenticating” a real person among many locations, yet allows the anonymous concentration of attributes for customizing advertising or content — or to track payments or views.

Temporary shared database without PII

Put another way: Users are assigned by their ITEGA publisher a unique number that changes periodically. It would be like a phone number without a directory – and the phone number keeps changing. Only the user’s home base knows how to connect the number and can associate with it key personal identifying information.  Advertisers and their agents — and third-party publishers — know only that they are serving an add to an anonymous user ID that has the particular interest or demographic attributes they seek.  It may even be possible, using “Three’s a Crowd” concepts, to obscure the user further within a target interest group.   The ITE’s intention is to present appealing advertising targets in groups, without allowing the tracking or identifying of individuals.

The shared data of these user attributes would be temporary — and advertisers and their agencies would access the user’s interest graph from the ITE’s network interest-matching service. Under ITE rules, advertisers would not be permitted to save the user information or trade it among each other, but they could use it for real-time ad targeting. By rule, if the data is open to the advertiser, it has already been “permissioned” by the end user. Potentially, the ITEGA service, following the user’s specifications, could distinguish which user attributes are provided to which kind of relying party — advertiser, publisher or something else.

How is this different from how things work now?  

Today, a few so-called “platform companies” — chiefly Google and Facebook — manage information about individuals who they can then track across vast swaths of the Internet or within their extensive services.  In addition, hundreds of advertising-technology companies — advertising exchanges and related private platforms — acquire, process and share user attributes from the many sources and activities users touch.  As a result of this uncoordinated activity, there are incomplete and sometimes inaccurate storehouses of knowledge about users. They are largely invisible and competing.

The ITE would represent a new “platform” — a shared-user network governed in the interest of the public, with transparent rules.  It will work by allowing advertisers and publishers to access a single address — perhaps — only the attributes that individual users have authorized for sharing. They could use this data — user attributes — to tailor and target relevant advertising. Publishers would have the same access to help them tailor editorial content to their readers.

This new system would be a major improvement over present practices:

  • First, it eliminates most of the need for the “cookies” that advertisers use to target the right users, but which, counter-productively, slow down the computers and phones of their intended customers.
  • Second, it could give advertisers richer, more current and more trustworthy information about users for more effective targeting – but without any compromise to user privacy.
  • Third, it creates the potential for better relationships between advertisers and users, which right now are at a low point because of the “cookie crisis” that has led to more ad blocking, as well as better relationships between publishers and users.

The current ad targeting ecosystem relies on dozens of tracking files – “cookies” – and running code on user’s computers or phones. The ITE approach would eliminate almost all of that. These scripts are blamed for dramatically slowing down the online and mobile user experience, and driving millions of users to install so-called ad-blocking programs.

By moving the code off user machines and participating in a shared-network for ad customization and targeting overseen by the non-profit ITE, advertisers and publishers could receive from the interest-matching service extensive, up-to-date user interest information provided anonymously from thousands of distributed user core databases.

Our collective hope is to greatly improve the reliability of ad targeting, which should improve the user experience. At the same time, the ITE will be able to enforce rules that forbid ad targeting to users who would rather arrange for extreme privacy than relevant advertising. They should have that choice. Thus the ITEGA’s goal is to the make a market for digital information.

Wide adoption for this new shared-user approach will:

  • Enhance digital privacy and identity management for the public
  • Make the “targeting” of ads and content more open and transparent
  • Improve the quality of such targetingby relying upon a current source managed by the individual
  • Confirm and simplify the ability of a user to “opt out” of profile sharing.