Mozilla's privacy preserving ad attribution: The future or an oxymoron?
Back in June, Mozilla acquired privacy-centric ad measurement company Anonym which was founded a few years back by some senior …
Last week, Google announced that after they phase out third-party cookies in Chrome next year, they "will not build alternate identifiers to track individuals as they browse across the web." On the surface, this looks like a win for a more private web. This would put Chrome, the most popular browser, on a similar footing to Safari and Firefox which block most third-party tracking out of the box. As more details started to come out about Google's vision, however, things started to get a bit murkier.
Update: After delaying phasing out third-party cookies multiple times and sometimes for reasons legitimately outside their control, Google is no longer phasing out third-party cookies. They will instead "introduce a new experience in Chrome that lets people make an informed choice that applies across their web browsing".
In Google's vision, ads targeted to users' interests aren't going away but are merely changing. Built on Google's Privacy Sandbox, which is part of the open source engine behind Chrome, Google promises these changes will create a more private web while keeping targeted advertising just as effective.
"Advances in aggregation, anonymization, on-device processing and other privacy-preserving technologies offer a clear path to replacing individual identifiers."
David Temkin
Director of Product Management, Ads Privacy and Trust at Google
Instead of ad networks or ad tech companies keeping and storing data on users to target them with ads, Google is testing an approach they call Federated Learning of Cohorts (FLoC) which will have your browser learn about the things you like so you can be targeted with ads. Likewise, for personalized ads, they have another approach called Turtledove. These will expose new browser APIs that advertisers and ad networks can use to target ads.
Make no mistake, while these changes have some privacy benefits, they also are about control. Google's vision for ads put them at the center of the ads ecosystem. Google controls the browser you're probably using right now and they'll control how these new tools and APIs like FLoC can be used for advertising. In addition, Google has a first-party relationship with you and they don't need third-party cookies. They can continue to use the emails you receive in Gmail, the places you get directions to in Google Maps, the videos you watch on YouTube, and the things you search for on Google to target you with ads.
The Electronic Frontier Foundation (EFF) called FLoC a "terrible idea". They say it will help ad tech companies fingerprint users so they can uniquely identify them more easily. Any site which supports logging in could easily request FLoC data and add it to users' data profiles, connecting that with the existing personal information they have on this user.
The response from the ad tech side of the industry ranges depending on where the company sits in the ecosystem. Even if Google's vision doesn't become a reality -- we expect some of it will and some of it won't -- the end of third-party cookies won't be the death knell for ad tech, behavioral targeting, or personalized ads.
There are a lot of alternatives to cookies for tracking users across the web which are more invasive. For many ad tech players, third-party cookies going away won't affect them at all because they use these methods of tracking. The list of the techniques used to circumvent cookie restrictions is potentially endless but here are some common techniques:
Advertisers and ad tech companies are also leery of Google having too much control. With states like California and Virginia adopting privacy legislation, they know the privacy landscape is changing and some of them are trying to get in front of it with their own proposals. The Trade Desk, an ad tech company, has an alternative approach they call Unified ID 2.0. This will only work for sites and apps that support logins since it operates off of hashed email addresses, but once logged in, users can be targeted with personalized ads. While this isn't an approach we want to see become the norm, it is at least upfront and clear.
Lastly, some companies are trying to pressure Google and other players into slowing or reversing these changes. When Apple's iOS 14 required apps using ad tracking to request user permission, Facebook cried foul and is claiming that these privacy protections hurt small businesses. The UK's Competition and Markets Authority (CMA) at the request of advertising market participants is specifically investigating the changes to Chrome and the Privacy Sandbox. Only the big ad players want to keep the status quo for ad tracking. These tactics might delay things, but with users and governments asking for privacy improvements, they're going to come.
We generally oppose all of these attempts at tracking users across the web, and are building on a more privacy-focused foundation of contextual ad targeting.
For our small ethical advertising segment of the industry, these changes will have pretty minimal effect. Third-party cookies and all their prospective replacements are all about gathering information on you (and millions of people like you) in order to target ads to you based on your interests or to you personally. Ethical advertising doesn't use third-party cookies and doesn't store personal information. We aren't trying to show ads to you personally, but instead like traditional advertising on TV, in newspapers, or in magazines, ethical ads are targeted to the content of the page. We put ads for developers on developer focused sites. That's it.
If you're interested in a future for advertising without intrusive surveillance and user tracking, read more about our vision for ethical advertising.
Tagged with: cookies adtech fingerprinting
Back in June, Mozilla acquired privacy-centric ad measurement company Anonym which was founded a few years back by some senior …