The free lunch is ending. A detailed technical analysis by a security researcher has revealed the full mechanics of ChatGPT’s advertising platform — and it’s more sophisticated than most people assumed.
The ads aren’t just “sponsored results” bolted onto conversations. They’re a structured ad platform with encrypted tracking tokens, contextual targeting based on your chat topics, and a tracking SDK that follows what you do after you click. It’s… a lot.
How Ads Get Into Your Conversation
When you send a message to ChatGPT, the backend opens a server-sent events (SSE) stream. Most events are model output. Some are ad units, injected mid-stream as typed single_advertiser_ad_unit objects. The naming convention implies multi-advertiser formats are coming.
Each ad unit includes the brand name, favicon, carousel cards with titles and bodies, and click targets. The ads load from OpenAI’s own CDN (bzrcdn.openai.com), not the merchant’s infrastructure. And when you click, the link opens in ChatGPT’s in-app webview — meaning OpenAI observes your post-click navigation on top of any pixel signals.
Contextual Targeting — Not Just “Show Ads”
The targeting is contextual to your current conversation. The researcher tested one account across six different topics:
| Chat Topic | Advertiser Delivered |
|---|---|
| Beijing trip planning | Grubhub — “Get Chinese Food Delivered” |
| Beijing tour bookings | GetYourGuide — Great Wall tour |
| Beijing flights | Axel — flight booking |
| NBA playoffs | Gametime — tickets |
| Spring fashion | Aritzia — clothing |
| Productivity / slides | Canva — design tools |
Same account, different topic, different brand. The researcher couldn’t confirm whether prior conversation history also influences targeting, but the contextual matching alone is remarkably specific.
The Four-Token Attribution Chain
Every ad ships with four Fernet-encrypted blobs — AES-128-CBC with HMAC-SHA256 integrity checks. This isn’t a casual implementation:
- ads_spam_integrity_payload — server-side integrity check against forged clicks
- oppref — forward attribution token, stored in a 30-day cookie by the OAIQ tracking SDK
- olref — outbound-link reference, likely for server-side impression logging
- ad_data_token — base64-wrapped JSON with yet another Fernet token, reconciled server-side
On the merchant side, a tracking SDK called OAIQ runs in the visitor’s browser and reports product views back to OpenAI. The entire chain — from ad impression to click to post-click activity — is tracked and reconciled.
This is professional-grade ad tech infrastructure. Whatever OpenAI’s ad revenue looks like today, they’re building for scale.
What This Means for NZ Users
Free AI is becoming ad-supported AI. That has three implications worth thinking about:
-
Privacy: Those Fernet tokens track your activity across the click. ChatGPT’s in-app webview means OpenAI sees where you go. For NZ users covered by the Privacy Act 2020, the question is what data OpenAI collects, stores, and whether it crosses borders.
-
Free tier viability: NZ educators and small businesses that rely on ChatGPT’s free tier need to understand the tradeoff. You’re paying with attention and data, not money. That may be fine — but it should be an informed choice.
-
Ad influence on responses: When the ad system is this integrated into the conversation stream, the question isn’t whether ads appear. It’s whether the need to serve relevant ads subtly influences what ChatGPT recommends. If you’re chatting about travel and the system needs to serve a travel ad, does that change the response?
🔍 THE BOTTOM LINE
ChatGPT’s ad platform isn’t an experiment — it’s enterprise-grade ad tech with encrypted attribution, contextual targeting, and cross-site tracking. The era of free AI without strings is over. NZ users should treat “free ChatGPT” the same way they’d treat any ad-supported service: assume you’re the product, and decide if that’s a deal you’re comfortable with.
