Research report: Click you’re hired: or tracked

Click, you’re hired. Or tracked…A report on the privacy practices of


By Pam Dixon

September 5, 2001.

Pam Dixon is a Research Fellow of the Privacy Foundation


I. Executive Summary
II. Vendor Response
III. Searching for Jobs Online: Privacy Need Not Apply
IV. How Works
V. TMP/ Business Strategy and Privacy Practices
VI. Acquiring the Technology of Datamining at
VII. Feeding Monster from “Private Label” Corporate Websites
VIII. Monster’s Relationship with AOL Time Warner
IX. MonsterTrak Privacy Issues
X. Conclusion and Recommendations
Appendix A
Appendix B
I. Executive Summary


The business of searching for jobs online has grown from a market niche to a multi-billion-dollar, rapidly consolidating industry that relies on the eager search activities — and employment dreams — of millions of job seekers. It has also proven to be the ultimate recession-proof Internet business. As other technology companies flounder, online job search sites remain key resources in the wake of layoffs and uncertain employment prospects.


However, job seekers who post their resumes online face considerable threats to their privacy. Resumes may be stored by online job sites for many years, and may be misused for data mining and even identity theft.

Additionally, corporations that encourage job seekers to send resumes directly to “the corporate website” often fail to tell job seekers that their resumes may also be posted to a third-party resume database for searching by other employers.

Even when no resume has been posted, tracking can occur. Some job sites request personal information from job seekers, such as name, address, age, gender, and work history, then pass that information on to third-party vendors, such as advertisers. Other sites collect information about what city a job seeker is looking for work in and how far up the career ladder that person has climbed; or use advertising networks to create profiles of Web users, including sensitive job search information.

An ongoing analysis by this researcher for the Privacy Foundation has revealed a range of such privacy problems in the online job search industry. This first in a series of reports focuses on the privacy practices of, which is owned by TMP Worldwide Inc., a conglomerate that dominates the job search, advertising and placement industry.

TMP, a publicly-traded company (ticker: TMPW), was founded in 1967 and has a market capitalization approaching $5 billion. Based in New York City, TMP is one of the world’s largest advertising organizations and reported revenues of $760.8 million for the six months ended June 30. The company’s clients include 90 of the Fortune 100 and 480 of the Fortune 500 companies. On June 1, 2001, TMP itself was added to the S&P 500.

TMP boasts that, its flagship property, gives clients access to over 8.6 million unique resumes, a database growing by 25,000 resumes daily. The Website reported more than 26 million unique visitors in July. Monster, based in Maynard, Mass., has a four-year, $100 million deal with AOL (now AOL Time Warner) to be the exclusive provider of job search services to 30 million AOL, CompuServe and other AOL-network associated users.

Meanwhile, TMP/Monster has been rapidly swallowing up competitors. It purchased JobTrak, Simpatix, and Business Technologies — among others — in the year 2000. This year, Monster purchased Management Solutions, a respected placement firm. In May, TMP purchased, the fifth most trafficked Internet site in online recruiting. As part of the deal, FlipDog owner WhizBang! Labs Inc. is to provide TMP with “additional information extraction services,” according to the companies.

The crowning deal occurred in June when, the second-largest job- search site, agreed to be bought by TMP for $460 million in stock. (The Federal Trade Commission is conducting an anti-trust review of the deal.)

“They probably have more information on people than anyone outside of the federal government,” said Bill Vick, president of Recruiters Online Network, referring to TMP/Monster. “They’re smart, they’re savvy, they’ve made the right acquisitions.”

TMP/Monster’s dominance in the online job placement industry was confirmed in June when the U.S. Department of Labor entered into a partnership with the company to “help standardize job-hunting on the Internet.” According to statements from both parties, the two organizations will “share data” and adopt occupational classification standards, something traditionally done by employment scholars and researchers, not commercial entities with a profit motive. In addition, will link to the federal government’s own career placement site and cross-list job postings throughout its network.

Given its dominant position in the online job search industry, the privacy practices of TMP/Monster are critical to millions of job seekers who use the company’s services. The present analysis of TMP/Monster is based on the researcher’s seven-year expertise in writing about employment issues; interviews with six former company officials; review of documents; and technical analysis of the tracking features on the website. Following are a summary of the findings, which are explained in detail later in the report:

1) To leverage’s vast database, company officials have discussed seeking fees from job seekers, as well as selling resume data to marketers.

2) Interviews, as well as details from a copyright lawsuit, indicate that resumes sent to — even when deleted at a later date by job seekers — may be saved and parsed for later use.

3) Resumes submitted by job seekers to corporate Websites, such as H&R Block, have been routinely sent to without disclosure to job seekers.

4) supplies AOL Time Warner, a marketing partner and owner of vast customer databases of its own, with information from job-search activities — including unique resume I.D. numbers from job applicants who post a resume on

5) MonsterTrak, a job site for college students hosted at, screens different job opportunities based on where students go to school; and asks students to provide age and gender information without the benefit of a specific privacy policy.

This report does not allege illegalities regarding the privacy practices of TMP/Monster. However, the findings in totality raise critical questions about the company’s business methods and intent, as well as its disclosures to the millions of job seekers who rely on its services.

II. Vendor Response

As is the policy of the Privacy Foundation, these findings were presented to the subject of the report at least 48 hours in advance of publication. In this case, the first contact was made with officials on Tuesday, Aug. 28. In addition, officials of the Privacy Foundation and discussed the report by phone on Aug. 31 and Sept. 4. On Sept.4, the company provided a final written response to the five statements made in the executive summary above. The company’s response is below, along with this link to the Privacy Commitment .

Response from

1A) has discussed offering additional relevant services (e.g. resume writing) to job seekers in exchange for fees. However, this would never infringe on the privacy of a job seeker. does not sell, has never sold, and will never sell personal data to marketers without permission from job seekers.

2A) Resumes that are deleted from the database are permanently removed from the system. A job seeker attempting to recover a deleted resume will be unsuccessful. Backup systems, of course, do maintain all records for a period of time in case of system failure. We are not aware of any lawsuits indicating that any deleted resume was saved or parsed for later use.

3A) We host many private label recruiting centers on All resumes submitted by job seekers to a specific company private label website are viewable only by the private label client and the individual job seeker. This resume is not viewable by other companies or the general public on

4A) AOL is provided with the total number of resumes that have been generated on AOL/ co-branded sites as one part of the business metrics. Unique resume ID numbers identified as coming to via the co-branded channel are included within that transmittal; however, this information remains confidential.

[For its part, America Online released this statement on Sept. 4: “America Online does not track or use any personally identifiable information that our users may provide while using”]

5A) MonsterTRAK is a new member (June 2001) of the network and now abides by’s privacy policy. Students who register in MonsterTRAK are not required to provide their age or gender. Over 1,200 college career centers utilize MonsterTRAK as their tool to help students find internships and jobs. The business model of MonsterTRAK allows employer customers to post jobs for specific colleges that are part of their college recruiting efforts. In the near future will provide a direct link to the privacy policy on the MonsterTRAK home page.

III. Searching for Jobs Online: Privacy Need Not Apply

Job seekers have always had to balance privacy versus exposure. On one hand, job seekers must be as public as possible in order to attract interviews and land a job. Yet, many job seekers prefer to keep their search activities from current employers; and to keep detailed work histories, salary information and other sensitive data from third parties.

In the mid-1990s, most online job sites were owned and run by professional recruiters, college career counselors, and other employment industry professionals seeking to innovate Job search sites with 25,000 visitors in a month were considered to be doing very well.

As the Internet and e-commerce boomed throughout the decade, the online job search industry grew with it. Websites were no longer simply a way to help job seekers and employers connect, but became a lucrative business opportunity. A rapid infusion of venture capital and initial public offerings transformed the job search industry. Heavy advertising, including TV spots during the 1999 Super Bowl, drove millions of people to online job search sites. Online job searching became embedded in employment and recruiting practices.

A turning point in the online job search industry came in 1999 when the Online Career Center — an influential early online job site founded in 1993 — merged with TMP’s Monster Board, founded in 1994. The combined sites became, which immediately took over the leadership position in the online job search space.

The number of human resources professionals that advertise online, and job seekers who search those ads, grows every year. According to a Society of Human Resource Managers (SHRM) survey in January 2001 on job search tactics, 96 percent of respondents used the Internet to look at job ads. Meanwhile, human resource managers relied on the Internet 88 percent of the time to find job candidates.

The ability of online job sites to capture, sort and store a wide variety of data on job seekers is part of their utility for employers. But it simultaneously raises pointed privacy questions for job seekers.

All of the major job search sites track job seekers to varying degrees, according to research and software code analysis conducted as a part of this report. Some sites track for their own marketing and sales purposes; others are partners with third-party Internet advertisers such as DoubleClick. Some say that the tracking of consumers is fine as long as the data is “in aggregate.” Yet, this so-called aggregate data on job-search sites can be correlated with resumes with very little effort.

In addition, the online job-search industry is afflicted with the problem of marketing companies gaining illicit access to the resume database. Resumes that are stored in proprietary online databases may be accessed by people other than employers, including marketers or identity thieves. This is what Monster itself discloses about that issue:


Since is a career site, we give you the option of putting your resume in our database. There are two ways of doing this:

1. You can store your resume in our database, but not allow it to be searchable by potential employers. Not allowing your resume to be searchable means that you can use it to apply for a job online, but employers and recruiters will not have access to search it through our resume database product.

2. If you allow your resume to be searchable, then all employers and recruiters who pay for access to our resume database product will have access to your resume. We use our best efforts to grant access to this database only to paying employers, recruiters, hiring managers, headhunters, and human resource professionals, but cannot guarantee that other parties will not, without our consent, gain access to this database. You may remove your resume from our searchable database at any time. However, employers and recruiters who have paid for access to the database, and other parties who have otherwise gained access to the database, may have retained a copy of your resume in their own files or databases. We are not responsible for the retention, use, or privacy of resumes in these instances, or for the use or privacy of resumes by any of such parties while resumes are in the database.

IV. How Works

Job seekers using for the first time can look for jobs without posting a resume. Some jobs postings offer the option of applying by e-mail or other direct company contact. Some do not. But in each case, job seekers are always given the option to “apply online” through Monster.

To apply online, cookies must be enabled in the user’s computer browser. After “Apply Online” has been selected, job seekers are directed to create a “My Monster” account. Creating the account requires first and last name, country, zip code, e-mail address, user name and password. A career level designation is also required, such as executive, student, etc.

After this personal information is given, an account is created, and job seekers may apply online through Monster. They may also create and store up to five resumes using the Monster resume builder, which requires that job seekers type resume information into detailed forms page by page. Resumes may be activated (that is, seen by employers) or deactivated (not seen by employers) through the My Monster account. Another option is for job seekers to suppress the contact information in the resume, such as name, address, and phone number. This is called the “confidential” option.

In its privacy policy, Monster notes that the information you give to the site can be used for further contact, but that you can opt out of that contact if desired.

The policy further states: “ allows you to change or correct your personal information at any time. To do so, simply log into your My Monster account, go to your account profile, and you will find options for editing the information you have submitted.”

From the My Monster area, Monster also gives job seekers the option to view, edit, delete, duplicate, activate, renew, or deactivate resumes. Resumes are deactivated (removed from view) automatically one year from post date.

As stated earlier, claims to give its clients access to over 8.6 million unique resumes, a database growing by 25,000 resumes daily. Employers and recruiters pay to post jobs on, and to access the resume database through a variety of search criteria.

V. TMP/ Business Strategy and Privacy Practices

In October 2000, a memo from Hans Gieskes, then the president of, was circulated to all of the company’s employees, according to several former employees who received the memo. One of the bullet points stated that’s top goals for the year 2001 included finding a way to increase international exposure. (The company has aggressively pursued that goal. Monster’s acquisition of Jobline increased Monster’s total number of European sites to 14; its international sites to 21; as well as introducing five European countries to its services: Sweden, Norway, Denmark, Switzerland and Finland.)

Another bullet point in the same memo stated that a top goal was to find a way to charge the job seeker money.

This would launch a radical change in the job-search industry. With few exceptions, most “offline” job search companies charge the employer, not the job seeker. This is also currently true of and most other job search sites. Given’s dominance in the industry, charging job seekers would be a lucrative business opportunity — but a potential hardship for those seeking employment.

[In its response on Sept. 4, said that the company would only consider charging job seekers for “value-added” services going forward, such as resume writing.]

Former executives and employees at interviewed for this report say furthermore that TMP and executives have been highly focused on “monetizing the job seeker,” that is, seeking to mine the value of resume data by potentially selling it to marketing firms.

A former high-ranking executive (who has requested anonymity for fear of reprisals) recalls that discussions about selling job seekers’ resume data took place at a meeting held in the fall of 1997 in New York City at the TMP Headquarters. The meeting was attended by Jeffrey C. Taylor, the CEO of TMP and

“Taylor was always saying that the most valuable personal data was contained in the resume database, and that we could cash that in,” says the source, who attended the meeting. “There is not any question that there were people within TMP who knew of the discussions and knew of what was going on. There was some internal concern within TMP of the legality of selling resume data.”

Another former Monster executive (who also requested anonymity) cited similar discussions about’s intentions. “The resumes are for future use — I’ve heard that said,” according to the source. “Around the Maynard (Mass.) office it was brought up that the value of the resume database was to sell the information in the future.”

Even if Monster had sold resume data, or intends to do so in the future, the legality of that appears unclear, according to legal experts. “There are privacy laws in most states, and they go against unreasonable invasion of privacy,” said Jerry Cohen, a partner and chair of the Boston law firm Perkins, Smith & Cohen, LLP Science & Technology Group. “But when a person goes onto a job board listing, they waive privacy because they want their resume circulated for employment purposes.”

Cohen’s views are echoed by several attorneys specializing in employment law. The privacy of resume databases is a gray area, at best. To date, no significant lawsuits have been brought against the search sites for such alleged privacy violations.

A separate issue regards the length of time that resumes are kept in databases. Several sources allege that some recruiters are occasionally given access to old, inactive resumes that job seekers have requested be removed from the database. “Anything that Monster gets in, Monster keeps,” says a former executive.

If true, this is a problem for job seekers. A job seeker who posts a resume to a resume database and then asks for the resume to be deleted or inactivated rightly expects to have that resume permanently removed from use and destroyed.

According to’s privacy policy:

…You may remove your resume from our searchable database at any time…


VI. Acquiring the Technology of Datamining at

Arity Corp., based in Concord, Mass., produces linguistic and knowledge representation software for companies such as FedEx and The company filed a copyright infringement suit against TMP Worldwide and on April 5, 2000, in U.S. District Court of Massachusetts. It led to a temporary restraining order against from using Arity’s proprietary “Resume to XML Parser Software.”

In the complaint, Arity alleged that had requested Arity to build software that could take a resume and convert it into an XML (machine readable) document. This would allow the resume information to be parsed and used in many different ways. (According to Monster employees interviewed for this report, the Arity software was used to convert many years’ worth of old resumes to a format that would allow the resumes to be transferred to new databases.)

In the court documents, Arity claimed that had not paid for the technology, but was still using it actively as of about October 1999. The case was settled by TMP/Monster in Arity’s favor, though the sum of the settlement was not disclosed in court documents. Peter Gabel, the president and co-founder of Arity, declined to discuss details of the case when contacted by this researcher. Gabel did, however, confirm the initial event that sparked the lawsuit.

“In the fall of 1999 we got a phone call from a engineer requesting support,” said Gabel. “He was trying to use our proprietary software to parse 800,000 old resumes.”

An April 1998 contract between Arity and TMP/Monster that was included in the lawsuit sheds light on TMP/Monster practices. On page 16 of the “Custom Database Management System Development Agreement,” TMP/Monster requested that Arity build resume collection tools that would go out on the Web and collect resumes posted on various Websites, including resumes posted on Websites put up by individuals. The technology was to collect the resumes and put them in the Monster database. The agreement reads, in part…

“Arity will design “Webbots” that gather resumes from the Web. The Webbots will be written in Java. The essential idea is to have some Webbots that generate resume “suspects” which are URLs to pages that probably contain resumes. There are several sources of such suspects including focused querying of search engines using keywords that narrowly search for resumes, wandering through personal pages, and mining new groups and resume sites.

“The main webbot will retrieve pages from URLs that are suspected to be resumes and perform simple tests to verify whether the page is indeed a resume, contains another suspected link to a resume, or is a dry hole. The pages that are found to be resumes will be stored along with the URL, the path of the URLs that were used to find it, some indication of its limitation of use if any (ie possible copyright or trade limitations), and timestamp. ”

Many job seekers who have posted resumes on personal home pages would presumably resist the idea of having their resumes put into the resume database without their consent.

VII. Feeding Monster from “Private Label” Corporate Websites

Job seekers who post a resume online can find themselves losing control of their information — and sometimes pay the price by losing their jobs. Fortune magazine, back in May 1999, reported on employers who have fired — or in some cases, try to “salvage” — employees whose resumes were posted on sites such as

Because of these and similar press reports, some job seekers now avoid posting resumes in third-party databases. Yet, job seekers have another peril to consider, according to new information discovered in preparing this report. Posting a resume privately at some corporate Web sites may actually get your resume into the resume database — without your knowledge.

For example, a job seeker who posts a resume at Adecco International’s corporate Web site [ ] is also posting the resume to and creating a profile. The profile is then available at,, and all other private label sites. This is done without disclosure on the Adecco or site.

Former employees of confirmed in separate interviews that corporations that have a “corporate affiliate” relationship with — internally called “private labels” of — transfer job seeker resumes and profiles to without disclosing this. Technical analysis of a selection of independent corporate sites backed up the claims of these employees.

A private label company is one that has paid to manage its corporate resume posting process. This is a common business arrangement. For example, The Wall Street Journal’s CareerJournal site is “powered by” CareerCast, which means that CareerCast does the job search data work. This relationship is posted clearly on the site and is discussed in the privacy policy at the site.

The relationship is not so clear with Monster, whose private label partners include Sony Electronics; Travelers Property Casualty and Travelers Life and Annuity; Snelling Personnel Services; Blockbuster; H&R Block; Adecco; and Tyco, among others. The connection to is almost never disclosed by these companies on their websites, and URLs used by Monster affiliates do not reveal the relationship.

The URL that Monster uses for affiliate sites is “,” with variations depending on company name. ( is registered to TMP Interactive in Maynard, Mass., according to the Network Solutions Whois database.) Each job seeker posting a resume to corporate sites with a “newjobs” URL is in fact also sending their resume and profile information to If the job seeker then goes to at a later date, he or she will find a profile located on using whatever password was used at the corporate site.

Technical analysis of affiliate sites reveals that after a job seeker’s resume information is obtained through a private label site, a unique I.D. number is given to the resume. Detailed personal information is stored in a cookie that is then available to, and possibly, to TMP and its related job recruitment businesses.

Additionally, sources said that a private label company has to pay an extra fee to keep the resumes truly private. Otherwise, resumes sent to a corporate Web site with an undisclosed affiliation to may be made available to other employers or recruiters on if the job seeker clicks on a link on the corporate site that is typically titled “Activate this resume.” Without access to the database it is not possible to confirm these claims.

However, technical analysis appears to confirm the initial transfer of resume data from the private-label sites to Here is an example:

On the H&R Block Web site, a job seeker is presented with the following text about what H&R Block says about applying for a job via its corporate Web site:

Career Management Account

Click here to create an account. We encourage you to create an account to simplify your communication with us and allow us to match your skills with future opportunities within our company. Your information will remain confidential.

If you already have an account, please login.

Nowhere is mentioned, alluded to, or even seen in the URL, cookies, or anywhere else. The privacy policy from the job search page was unavailable during the times the site was visited. The following page was listed as the policy, but did not come up: .

The H&R Block general privacy policy did not contain any reference to its job search or career area, or to, and does not disclose that information (including a user profile) sent to the H&R Block Web site may also go to servers.

As an illustration, this researcher [using a pseudonym] looked for a job in public relations at H&R Block, and clicked to apply for it online on Aug. 27. A request to create a profile came on screen. The name Penny Brigande was used to create the profile, with an e-mail address of After logging off H&R Block, then visiting the site immediately afterward, this researcher was able to find a My Monster profile for and “her” resume on file at Logging on to and revealed that the Penny Brigande resume and profile was available at those corporate sites, too.

When contacted on Aug. 27, H&R Block confirmed that it did have a private label relationship in place with, and referred this researcher to its legal counsel. H&R Block did not confirm or deny details of this research, but did say that it would be terminating its private label arrangement with “by the end of the week.” A company official said that H&R Block had planned to terminate the arrangement with, and that the timing of this inquiry was not related to its decision.

When contacted regarding its private label relationship with, a spokesperson for Blockbuster confirmed the private-label relationship with Regarding the issue of job seekers applying for jobs at Blockbuster while unknowingly creating an active MyMonster profile, the company spokeperson said: “The issue is something that had only been recently discovered and we are going to work with Monster to resolve this issue.” Later in the day, the spokesperson said, “We don’t believe we are obligated to disclose that we’re using a third party vendor on our site since the information is confidential and is only sent to as part of our agreement with them.”

The spokesperson went on to say that Blockbuster believes such third-party relationships are “common,” and that Monster “works for them” and is not allowed to use any of the information. The spokesperson also said that a person would need to “actively choose” to allow the resume to be sent to other employers.

Non-disclosure of agency or outsourcing relationships poses a significant problem for job seekers who go to corporate Web sites and apply for jobs. If the corporation has a private label arrangement with Monster, the resume shows up at, along with the user profile. The cookies deposited on the job seeker’s hard drive are available to, and according to interviews with ex-employees, all of the private label resumes and MyMonster profiles are kept and stored.

The risk is that the so-called private resumes may not be so private after all. At a minimum, job seekers deserve disclosure of what is happening to the personal information they provide online. Corporate sites should disclose these relationships clearly and up front before a job seeker applies for a job or creates a profile.

Additionally, claims 14 million-plus job seekers have filled out member profiles. What number have come from corporate affiliate sites, created unbeknownst to job seekers? should clarify this number in its press reports to note which profiles are coming from which sites.

A detailed technical analysis is available in Appendix A .

VIII. Monster’s Relationship with AOL Time Warner

In December, 1999, TMP Worldwide entered into an exclusive, four-year partnership with AOL in which it would pay $100 million to the world’s largest online subscription service. According to statements by AOL at the time, would become AOL’s exclusive career-search provider across AOL, AOL Canada,, CompuServe, ICQ, Netscape Netcenter, and Digital City.

“The two companies will create co-branded sites, enabling members and visitors to AOL’s Web-based properties to: search for jobs; utilize job search agents, and, in many cases, apply online; submit resumes online; personalize the area to help with their job search; and research companies offering jobs. also will make available exclusive offerings to AOL users, such as job fairs and live chats with career consultants,” touted a press release.

After the deal was inked, there was one small hitch. Digital City, due to a prior arrangement with HotJobs, still carried HotJobs ads along with ads, but that was the only area that the relationship was not exclusive.

According to ex-employees of, to facilitate’s relationship with AOL, sends AOL a copy of its job database every night. AOL in turn “mirrors” or presents its users with a copy of the Monster job database.

What this means to job seekers at and other AOL properties is simply that they can search jobs without leaving the AOL site. According to sources, AOL is responsible for the ultimate management of the database on AOL properties.

While press releases indicated the benefits of partnering with AOL, technical research conducted for this report indicates that there may be a downside, too. Namely, if you are looking for a job on, information from your job search activities may be sent to AOL whether you are a member of AOL or not. The information may also be sent to AOL whether you are on one of AOL’s properties — like — or not.

For example, if you post a resume on, you are given a unique resume I.D. number. Even if you are not a member of AOL, and not on any AOL property at the time, and have not posted the resume to AOL, sends AOL that resume number.

For job seekers on AOL-related sites, there are technical reasons why AOL needs to have this information. But for everyone else on the Web, the reason that detailed job search information is given to AOL is unknown. Former employees of familiar with the deal allege that AOL required that allow it to track any visitor as part of the overall business arrangement.

The way passes job seekers’ information from non-AOL properties to AOL is through discreet banner advertisements on sensitive areas of the site, such as job search and resume posting areas. Even if a job seeker just clicks to look at jobs, various job search data is still sent to AOL servers, because banner ads can and do collect user information through the use of cookies and web bugs.

If a job seeker then posts a resume or creates a profile at, they are given a unique resume ID number which is then passed on to AOL servers, even if was not accessed via AOL Internet services or via AOL properties at any time.

According to detailed technical analysis of the site using a packet sniffer, delivers the following information about its site users to AOL:

What city a job seeker is looking for a job in

What keywords a job seeker uses to look for a job

A unique resume ID number tied to each job seeker

The exact jobs a job seeker has looked at via unique job ID numbers

This information sharing is problematic for job seekers who desire to remain completely anonymous to AOL and its parent company, AOL Time Warner. Job seekers who post resumes may understand the tension between needing to be seen and needing to be private, and as such are willing to let go of some privacy to be tracked by a job site.

But almost no job seeker would want a third party, such as AOL, to be given their information without full disclosure. That AOL is getting job seeker information through banner advertisement tracking is sneaky at best, considering that’s privacy policy is not terribly clear on these points.

Additionally, with these two pieces of information — the job ID number and the unique resume ID number — it is technically possible, given even a small accidental data spill, for a third party to correlate job seekers’ resume information to the ID numbers.

Again, it bears repeating that ID numbers are attached to all site visitors who post resumes, even if is accessed outside of AOL. That means that job seekers are telling AOL what jobs they are looking at, when, and if they have applied for the jobs.

Below is an excerpt from a packet sniffer log showing what the job search data looks like as it goes to The log also shows how correlates personal information and tracking data. It is unknown if this correlating data is given at any point to AOL either through the servers, or elsewhere offline. Note that it is normal for a job site to correlate ID numbers with other information. What is unusual is to pass these numbers to third parties such as AOL.

This example below is of Monster’s correlation of job ID numbers, job search information, name, and password. The information in this example is going to servers.


P _ ±1 0{P ? __ HTTP/1.1 302 Object moved

Server: Microsoft-IIS/5.0

Date: Thu, 21 Jun 2001 13:31:12 GMT

Location: /login.asp?NoAuto=1&user= bethhurley &Password=


%3D11752048 %26redirect%3Dhttp%253A%252F



%253D 615 %2526fn%253D1%2526q%253D accounting

Content-Length: 388

Content-Type: text/html

Set-Cookie: rem1=MonKey=822690325228&RemUser=

17291948 ; expires=Fri, 21-Jun-2002 13:31:12 GMT; domain=; path=/

Cache-control: private

<head><title>Object moved</title></head>

<body><h1>Object Moved</h1>This object may be found

<a HREF=”/login.asp?NoAuto=1&user= bethhurley &Password=


3Fjobid%3D11752048 %26redirect%3Dhttp%253A%252F%252Fjobsearch



%253D1%2526q%253D accounting “>here</a>.</body>

The user name of the job seeker in this case, “bethhurley” is highlighted in yellow. The job ID number is highlighted in green, and information about city, state, and keywords used in the job search shows up. The user number shows up in blue. (Further technical analysis is available in Appendix B .)

A cookie that Monster deposited to the computer’s hard drive echoed this information:


MonKey=822690325228&RemUser= 17291948
















Many users accept these types of cookies, which are meant to allow site visitors the ease of visiting the site without having to log in every time. This cookie remembers the user number, highlighted in blue, and provides visit information such as time and date of the last visit. Monster also uses these cookies to track users in a very detailed way as they search for jobs. Monster correlates the unique user ID, which is connected with the resume, across job searches, job applications, and resume postings.

In terms of resume postings, a packet sniffer log of one of the resume page transactions reveals that each resume is given a unique resume ID number, which is then shared with AOL. Sources within revealed in interviews that resumes are indeed given unique ID numbers. Here is the technical proof:

GET /html/7014704/monster?target=_top&height=60&width=468 HTTP/1.1

Accept: */*

Referer: resumeid=14129236 &


Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)


Connection: Keep-Alive

In this situation, AOL ad servers (See the Host line, in blue) are being sent the resume ID number, which is highlighted in yellow above. They do not appear to have the name of the person, but they do have the resume ID number that ties the resume directly to one unique person, to their resume or resumes, and to the Monster profile which contains their detailed personal information.

It is not clear why AOL servers need the resume ID number of a person applying for a job on who is not on any AOL property. says it has more than 8.6 million resumes in its database. a significant amount of user data. does not specifically mention that it serves AOL Time Warner banner ads on its site. also apparently omits mentioning that resume ID numbers are sent to AOL servers. If shares resumes with AOL, the privacy policy also omits mentioning that. Job seekers not accessing via AOL properties should be told that certain details of their job searching activities are being sent to AOL.

Here are the relevant portions of the privacy policy in regards to its information collection practices:

Information About All Visitors

In general, we gather information about all of our users collectively, such as what areas users visit most frequently and what services users access the most. We only use such data anonymously and in the aggregate. This information helps us determine what is most beneficial for our users, and how we can continually create a better overall experience for you. We may share this information with our partners, but only in the aggregate, so that they too may understand how visitors use our site, so they may create a better overall experience for you, as well. The paragraph above is accurate, but could disclose more specific information about job searching data that is shared. For example, it would be helpful for job seekers if this privacy policy mentioned that the keywords used to search for jobs, the city, state, and specific jobs looked at are all shared with third parties. As long as a person has not registered with My Monster or submitted a resume, it is likely that the information would remain in the aggregate. But Monster should disclose the specific information it collects from job seekers.

It should be noted that in the past, job seekers did not have to share this information, not even “in aggregate” in order to simply look for a job. This is another case where privacies that exist in a traditional job search may not apply to an online job search.

IX. MonsterTrak Privacy Issues

If you are a student looking for jobs through’s MonsterTrak service, you may very well see different job opportunities based on where you go to school. Additionally, to apply online, you will be asked to provide age and gender information without the benefit of a specific privacy policy.

MonsterTrak is a unique college-level job service that serves more than a thousand universities such as UCLA, Fordham University, and the University of Michigan. MonsterTrak is fully integrated into the main site, and does not have any significant competitors.

Students attending one of the member colleges and universities can log on to the site by typing in a password. The password is unique to the college or university, and is required in most cases. In some instances, though, a student using a school computer can simply log onto the site without a password.

What MonsterTrak does not reveal is that different jobs are served up to students depending on what colleges they attend. This is done according to passwords that match the colleges. An analysis of MonsterTrak results for two Ivy League schools located 200 miles apart, Brown and Princeton, indicate that some differences of job opportunities appear to be based primarily on geography.

However, geographical differences do not appear to explain other variations. On August 28, this researcher accessed MonsterTrak with permission of two colleges based in San Diego: the University of California (UCSD) and Point Loma Nazarene University. Both institutions are accredited universities, with Point Loma Nazarene being the smaller school.

On the MonsterTrak database, this researcher downloaded job opportunities in various industries at both universities within a 30-minute period on August 28. Because both universities offered majors in business and marketing-related areas, this analysis compared marketing, public relations, and advertising jobs presented to students.

For UCSD students, those looking for marketing, PR, and advertising jobs had 34 opportunities. Of the 34 job ads offered to UCSD students via MonsterTrak, 19 jobs were not offered to Point Loma students and 15 of the job ads were offered to students at both schools. Four jobs on the Point Loma site were not offered to UCSD students. The Point Loma students had 19 total opportunities to look at.

Considering that both of these schools are located geographically in San Diego, the differences in job advertisements for students looking in the same field with the same search parameters was puzzling. While L’Oreal, based in New York City, advertised to students in both schools for marketing managers, the City of San Diego offered an advertisement for a “Corporate Partnership Intern” only to UCSD students. The internship was to be carried out in San Diego. Also, Nielsen Media Research offered a bilingual interviewer/recruiter position only to UCSD students. On the other hand, a job in merchandising at the San Francisco Opera was offered just to Point Loma students in this section of MonsterTrak.

Whatever the reason for the differences, students using MonsterTrak deserve to know up front that they are seeing different job opportunities based on where they go to school. (Students interviewed for this report have found a way around this system: they exchange passwords so that they, and friends at other colleges, can gain access to the widest number of job listings.)

A separate issue is the lack of a specific privacy policy on MonsterTrak, even on pages inside the password-protected areas of the site. This, even though the site asks for personal information such as name, address, phone number, major, college, grade point average, as well as gender and race descriptions.

While MonsterTrak states that race and gender information is not given to employers, no promises are made about who else or what other entities may have access to that highly sensitive information. These two paragraphs appear in the section asking for demographic information:

“Your registration/user profile is not accessible by employers. Please fill out the form completely. If you do not have information for a specific field, please leave it blank. Mandatory fields are marked in red with an asterisk (*).

“NOTE: Gender and ethnicity data is used by Career Centers for aggregate reporting purposes only. This information will not be viewed or searched by employers.”

There is a choice available for “do not wish to provide” on the gender and race questions. Nevertheless, the question remains whether this kind of sensitive data should be collected from students. While having the data in aggregate may be helpful to some employers, the risk of data spills in this situation may not be worth the benefit created by asking the questions in the first place. X. Conclusion and Recommendations

The online job search industry, and TMP/Monster in particular, have helped tens of thousands of people to find employment. However, if job seekers and the personal information they provide becomes a commodity without adequate privacy protections, online sites may lose job seeker trust and a valuable tool will be tarnished.

The following recommendations would be good first steps toward alleviating some of the concerns regarding and TMP Worldwide:

As part of the FTC review of the acquisition of HotJobs, the company should be asked about intentions to sell resume data now or in the future.

In TMP/Monster acquisitions involving the transfer of resume databases, the company should seek permission of individuals who have previously posted resumes before any resume is added or transferred to TMP/Monster databases or used in any way by TMP/Monster.

When a job seeker deletes a resume, the resume should be removed from all online and offline servers and databases, with no backup logs kept of the resume that could be parsed or used later. should require private label corporate sites to fully disclose the use of as an agent; and give job seekers the choice to opt in or out of having their resume data stored on servers.

Unique resume ID numbers should not be passed to AOL Time Warner unless a person is at an AOL property. In addition, AOL Time Warner banner ads that have tracking features should be removed from all sensitive areas of the site, including the profile creation, resume creation and resume posting areas.

A thorough privacy policy should be posted at MonsterTrak. In addition, age and gender information should not be collected. MonsterTrak should disclose that different campuses receive different job postings.

Appendix A

Appendix A

Detailed problem description: and Private Label corporate sites

Corporations with private label accounts at appear to cloak their involvement with Monster. Meanwhile, the corporate affiliate sites require users to accept cookies — all from a domain called “newjobs.”

For example, when job seekers apply online for a job at the website, the resume goes to

When job seekers apply for an Adecco job online directly from the Adecco corporate website, the resume goes to

In every instance, the domain “new jobs” is involved in some way. Even when job seekers merely look at jobs at the Sony Electronics website, the URL in the browser window reads

Packet sniffing the transactions and a series of ping and traceroute tests conducted on the corporate websites revealed that all of the corporate websites using “newjobs” domains, like ,, belong to TMP/, and that the information going to “” is actually going directly to

A check on the database and the Whois database revealed that is owned by TMP Worldwide in Maynard, Massachusetts, the offices of

Here is just one result of a ping, this of the URL The ping was to determine what the actual IP address of was.

ping -a

Pinging [] with 32 bytes of data:

Reply from bytes=32 time=105ms TTL=109

Reply from bytes=32 time=176ms TTL=109

Reply from bytes=32 time=136ms TTL=109

Reply from bytes=32 time=127ms TTL=109

Ping statistics for

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 105ms, Maximum = 176ms, Average = 136ms The ping revealed that had the IP address of When a query to the ARIN database was made regarding to whom the domain belonged, here is what came back:

UUNET Technologies, Inc. (NETBLK-UUNET63)

UUNET63 – (NETBLK-UU-63-112-168) UU-63-112-

168 –

And a look at the Whois database was simply more confirmation of who owns the newjobs domain. Here are the query results:

Registrant: TMP Interactive (NEWJOBS-DOM) 5 Clock Tower Place Ste 500 Maynard, MA 01754-2574 US Domain Name: NEWJOBS.COM

What does TMP/Monster ownership and usage of mean for job seekers looking at and applying for jobs at corporate sites with Monster affiliations?

First, the long-term tracking “newjobs” cookies given to applicants at Blockbuster and other corporate websites are available to until the cookies are deleted.

Additionally, any information given to the corporate site when the URL of “newjobs” is showing will be going to Most of the affiliate sites require that job seekers set up a profile with a password. Users are not told that the profile information is sent to Indeed, at most of the affiliate sites, the fact that the information is going to is not revealed anywhere, including in the privacy policies, if privacy policies are available.

This following is an example of data from a packet sniffer which shows what is happening as a job searcher is posting a resume ostensibly to Adecco’s corporate website. Note that the information is going to, a domain that belongs to, not Adecco. The resume is given a unique ID, and a cookie with data is being sent to the newjobs (Monster’s) domain, and the cookie itself contains the resume sender’s name (in this case Angela Mortlach) and the resume sender’s e-mail, (in the case

Lots of other information, like the resume ID, is also in the cookie. Now has that information. Even if no one from Monster ever saw the resume itself, they would still get the name and the e-mail address, key marketing information to get, especially when the resume sender hasn’t intended to put the resume on the Monster site or give Monster this information. GET /additionalinfo.asp?resumeid=14987889&original= HTTP/1.1

Accept: */*



Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)


Connection: Keep-Alive





rem1=MONKEY=669327894135&REMUSER=18041345; 18041345=


2%3A48%3A14+PM; newjobs%2Ecom= NAME=angela+q+mortlach &


EMAIL= technologydiva%40thedixonreport %2Ecom&CP=&MONKEY=


leanne4342&USER=18041345 Therefore, in this situation, job seekers are sending profile information to without notice. The same goes for any resumes sent ostensibly to corporate websites with undisclosed affiliations.

In one situation, at Travelers Insurance’s corporate job application site, by using the same e-mail to set up a profile as was used to set up an account at a totally separate corporate site, the following message was given:

Good news! We already have an account set up for you with your e-mail address. Simply click here for your Username and Password to be sent via e-mail to continue the log in process.

This message confirms source interviews which noted that keeps all job search profiles together. It is disconcerting to discover that the mere act of going to a corporate website can get a job seeker a profile, in which case a job seeker would have no understanding of the true privacy policies for that information and how the data may be used.

In another example, if a job seeker went to the H&R Block website to apply for a job, here is what they would see:

The URL in the browser window would be:

It has already been shown that actually belongs to The job seeker would read the following text about what H&R Block says about applying for a job via its corporate website:

Career Management Account

Click here to create an account. We encourage you to create an account to simplify your communication with us and allow us to match your skills with future opportunities within our company. Your information will remain confidential.

If you already have an account, please login. Nowhere is mentioned, alluded to, or even seen in the URL, cookies, or anywhere else. The privacy policy from the job search page was unavailable during the times the site was visited; the following page was listed as the policy, but did not come up:

The H&R Block general privacy policy was analyzed and even it did not contain any reference to its job search or career area, or its use of or that information sent ostensibly to the H&R Block website was actually going to servers. The site also did not mention that creating a profile on its site was going to create a profile.

It should be noted that European sites with affliliations are sometimes more direct in expressing that affiliation. Many of the EU companies sites that were analyzed disclosed their relationship with clearly. Appendix B Detailed Problem Description: User Tracking involving AOL

When a job seeker visits’s home page, the job seeker is requested to accept an assortment of cookies, small text files that identify a computer to the entity depositing the cookie. The users are also requested to run ActiveX controls. ActiveX controls are a type of technology that has been widely reported on as potential privacy problems at websites.

Naturally, users are not forced to accept cookies. But when cookies are not accepted, many of the pages at do not work correctly, something admits to in its policies. From the Monster privacy policy:

You have the option of setting your browser to reject cookies. However, doing this will hinder performance and negatively impact your experience on our site.

The site fails regularly when cookies are not accepted. When cookies are accepted on a job seeker’s computer, they may work in concert with banner ads to reveal job searching patterns of individual computer users, even if no resume has been posted.

The banner ads on are served, or delivered, by AOL. The placement of the banner ads raises concerns, because they are located on very sensitive pages, including the pages where job seekers are requested to fill in forms with resume data, contact information, and other personally identifying information. Images on Web pages (like banner ad images) can be used to gather the data that a job seeker is filling in on a Web form.

Web forms, if they are not handled correctly, can pose privacy risks to job seekers. The crux of the issue is how the Web form transfers data to servers. The preferred method for collecting information from Web forms is the POST method, which allows information only to pass to the servers where it needs to go, in this case, servers. But the GET method of collecting information from Web forms bundles information on forms into URLs and allows third parties, in this case, AOL, to pick up the information, too.

An analysis of the Monster site using a packet sniffer reveals that Web pages use the POST method infrequently, and primarily utilize the GET method. While may argue that due to its exclusive relationship with AOL that it needs to pass all key consumer data to AOL, passes all job seeker’s information to AOL servers, regardless of AOL membership or presence on the AOL site. Further, the privacy policy does not disclose this relationship.

Here’s a sample job search showing how the tracking process works on

After entering the Monster site and clicking on the “First Timer’s” area, then “Job Search,” this researcher filled in the information that a job was sought in Dallas, Texas, as an accountant. The following URL showed in the browser window:


Any URL that shows in the Web browser window can also be “seen” by the third party advertisers that have banner ads on the page. In this case, the advertiser is AOL. The images making up the banner ads are coming from the AOL servers, or computers, which means that there is the potential for the AOL servers to get the information in the URLs.

A packet sniffer was used to analyze the logs of this job search session. The logs revealed that the preliminary job search information filled in on the job search page form was indeed passed to AOL. Note that this job search was conducted not on AOL, but on the open Web.

GET /html/93042540/monster?search=l615+c1&height=



application/x-javascript HTTP/1.1

Accept: */*



Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)


Connection: Keep-Alive

Because Monster used the GET method in its job search form, AOL has information that search number 1615 (it is unknown what that number means) was looking for a job in a US city, (615 likely is the code for Dallas, but this is unknown) and that the keyword used for searching was accounting. So far, this information spill is annoying and unnecessary, but not damaging per se. This information is not, at this point, extensive, particularly if that user is visiting for the first time and has not created a Monster profile or posted a resume.

After the search button was clicked on the job search page, a list of jobs was returned. A JP Morgan job was selected. The following URL showed up in the browser window:

jobid=11752048 &CCD=my%2Emonster%2Ecom&JSD=





The job ID for this JP Morgan accounting position is 11752048 , as noted in the highlighted section of the URL above.

AOL servers get to pick up this information too, as seen in the network logs of this job search as analyzed by a packet sniffer:

GET html/7014704/monster?height=60&width=468&htmlpre=


%5c%27&ctype=application/x-javascript HTTP/1.1

Accept: */*


2Fapply%2Easp% 3Fjobid%3D11752048 %26redirect%3Dhttp%


252Fjobsearch%252Easp%253Fcy%253D US %2526brd%

253D1%2526lid%253D 615 %2526fn%253D1%2526q%253D accounting

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)


Connection: Keep-Alive Because used the GET method to collect information from its job search forms, that information is bundled and shows up as a URL in the Referer field of the above information. Again, when information is in the referer field, third parties can pick it up. The JP Morgan job ID number is highlighted in yellow in the URL. The country and probable state ID is highlighted in green . The keyword “accounting” that has been passed along to AOL is highlighted in pink . Looking at the Host field, you can see that this information is going directly to AOL servers. (Host:

This pattern of information spillage continues throughout the site, even for people who have not registered or posted a resume. At this point, AOL servers are being passed information about what pages have been looked at, what job area, city, state and country are being looked at, and what specific jobs have been looked at.

If a job seeker then decides to apply for a job online, they can register to do this. Registration is required before posting a resume on, according to research. Frequently, job seekers are asked to take pre-employment tests before they can send a resume to the job. The JP Morgan job, for example, required that users rate their skills in four job skills areas.

At the Monster registration and resume posting area, the information spills continue. The registration and resume posting pages contain ads from AOL. As already seen, these ads can pick up the information filled into Web forms because of Monster’s use of the GET method. If JP Morgan had provided contact information on its job ad, or if Monster had allowed them to provide it, a job seeker would be able to go directly to JP Morgan to apply for the job. It should be noted that some job advertisements on do provide e-mail contact addresses, so that savvy job seekers can bypass and apply directly. But this is not a given, and without such reference information, a job seeker who wanted to apply for this job would have to click the Apply link, which leads to the registration page and resume building page.

Here is a packet sniffer log of what one of the resume page transactions looks like; in this case a few pages of the resume had been partially created. GET /html/7014704/monster?target=_top&height=60&width=468 HTTP/1.1

Accept: */*


resumeid=14129236 &viewresume=&original=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)


Connection: Keep-Alive In this situation, AOL servers are being sent the resume ID number, which is highlighted in yellow above. They do not appear to have the name of the person, but they do have the resume ID number that ties the resume directly to one unique person and their complete profile of information stored at It is not clear why AOL servers need the resume ID number of a person applying for a job on and not on says it has over 8.6 million resumes in its database; that’s a lot of user data to have passed along to AOL servers.

A note about information correlation at The job ID that became part of the job search profile earlier ( 11752048 ), was then placed with personally identifying information such as name and made available to servers. It is perfectly understandable and acceptable that needs to send this information to its own servers for limited time periods. But AOL has the Job ID and now the Resume ID. With these two pieces of information, it is technically possible, given even a small accidental data spill, to correlate personally identifying information to the ID numbers. These ID numbers are given to all site visitors who post resumes, even if is accessed outside of AOL or accessed without using AOL Internet services.

Below is the log showing Monster’s correlation of the data; please note that this information is not going to AOL servers in this instance. This data is to show that Monster has correlated the ID numbers with personally identifying information. It is unknown if this correlating data is given at any point to AOL either through the servers, or elsewhere offline. Please note that it is normal for a job site to correlate ID numbers with other information. What is unusual is to pass these numbers to third party servers belonging to such entities as AOL.


P _ ±1&Mac246; 0{P ? __ HTTP/1.1 302 Object moved

Server: Microsoft-IIS/5.0

Date: Thu, 21 Jun 2001 13:31:12 GMT

Location: /login.asp?NoAuto=1&user= bethhurley &Password=


3D11752048 %26redirect%3Dhttp%253A%252F%252Fjobsearch%


253DUS%2526brd%253D1%2526lid%253D 615 %2526fn%

253D1%2526q%253D accounting

Content-Length: 388

Content-Type: text/html

Set-Cookie: rem1=MonKey=822690325228&RemUser= 17291948 ;

expires=Fri, 21-Jun-2002 13:31:12 GMT;; path=/

Cache-control: private

<head><title>Object moved</title></head>

<body><h1>Object Moved</h1>This object may be found <a HREF=

“/login.asp?NoAuto=1&user= bethhurley &Password=


Fjobid%3D11752048 %26redirect%3Dhttp%253A%




253D1%2526q%253D accounting “>here</a>.</body>

The user name, “bethhurley” is highlighted in yellow. The job ID number is highlighted in green, and again, the information about city, state, and keyword shows up in this data. The new number, the user number, shows up in blue.

A cookie that Monster deposited to the computer hard drive echoed this information:


MonKey=822690325228&RemUser= 17291948
















Many users accept these types of cookies, which are meant to allow site visitors the ease of just visiting the site without having to log in every time. This cookie simply remembers the user number, highlighted in blue, and provides visit information such as time and date of the last visit. Monster also uses these cookies to track users in a very detailed way as they search for jobs. Monster correlates the unique user ID, which is connected with the resume, across job searches, job applications, and resume postings.


mons&app=www&size=313×163&pp=1 HTTP/1.1

Accept: */*


Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)


Connection: Keep-Alive

Cookie: NGUserID=a0a0a0e-469-993129856-6; rem1=MonKey=822690325228&RemUser=17291948; 17291948 =MonKey=3534516373904&LastLogin=

6%2F21%2F2001+8%3A31%3A23+AM In the example above, an advertisement served by and apparently returning to Monster’s servers, collects a cookie with the user ID. As long as users do not mind their intricate job searching patterns collected by and tied directly to them, then this type of tracking will not be a problem. If users mind detailed, personal tracking, then this would not be appealing.

There may be additional issues of datamining (“eResourcing”) the information passed to servers, a practice itself acknowledges to in financial documents filed with the SEC. It therefore becomes important to understand all the ways each bit of information that is passed to and the AOL servers is used, now and in the future.

Appendix B