This is an intriguing idea! Thank you for bringing it forth.
Out of curiosity, how familiar are you with how ad systems work? Generally there's a huge inventory of ads, each with different criteria attached to them and metadata about bids. When a request comes in, ads whose criteria are met are selected out and an instant auction takes place. The resulting ads are then shown.
I cannot think of a way that allows for both honoring the ad criteria and keeping personal interests and preferences solely client-side. You can't even take advantage of any form encryption here, as the results of the filtering would allow the server to infer the private data. This means you'd almost certainly have to get all the data to the client to allow querying locally.
OK, fine, that's workable. Then you just track impressions and so on to figure out when advertisers get charged. A potential drawback is that it's very possible that with impression and click data it could be possible to reconstruct most or all of the data a user might wish to protect. And there's no way to get away from this, either - pretty much all online advertising models rely on tracking one of impressions, clicks, and actions.
As for your two conditions:
> - A way to ensure that ads don't try to harm me by e.g. leading me to websites serving malware or abusing my computer's resources (e.g. miners)
Policing the contents of ads can be quite the task. Ensuring the contents of arbitrary external websites is next to impossible. There are no good ways to do this in a fully automated system at scale when someone else controls the other server and can change what content it serves at their discretion.
The best way I can think of to ensure this is to limit access to this hypothetical advertising platform to entities with the expertise and resources to protect themselves and anyone who comes into contact with their servers. Works for me, but being shut out of access to the biggest and best advertising systems might be a problem for many groups.
> - A way to keep my privacy and control what data is collected about me (and who has access to that data)
You know what? I think I know exactly what you want. You want the newspaper model. Collects no data from you, preserving your privacy. Only accepts advertising from partners that can be trusted, ensuring your safety. Doesn't need to closely track impressions, views, or actions.
> Generally there's a huge inventory of ads, each with different criteria attached to them
I think what he is describing is a future where the ONLY criteria ads are selected on is the standard user data set. Basically I open my browser settings, go to its "relevant ads"-section, enter some basic ad targeting info such as my age group, gender, and 2 hobbies.
Then because I entered "fishing" as an interest, I'll see a lot of fishing gear ads. Great!
If I'm NOT willing to enter any targeting info into my browser, or if I enter bogus info (or install a plugin that randomizes the info) then sites will not show me relevant ads.
I don't mind seeing ads for fishing gear if I told the site I'm interested in fishing. That's completely fine. I do mind seeing ads for hotels in San Francisco just hours after I searched a different sites for cheap flights there, or ads for that exact shoe I made an incomplete checkout of in a webhop store last week etc.
In that case, it's going to fail the test of being just as good pretty hard. Being able to target flexibly and based on user actions (or location, or other salient data) is really valuable to advertisers, in a measured-in-units-of-currency sense, and thus to publishers. It means better results from more narrowly targeted ads, and it also means more valuable ads to publishers.
It's perhaps not impossible, but it strikes me as a difficult thing to convince advertisers and publishers alike to take on.
Yeah I don't see the online ad business ever adopting something else because it's "as good", I think that browsers should drive this and ensure sites simply don't get this type of information, so the adoption to something better (for consumers) is driven by necessity.
The adoption of a system like the one I'm describing rests solely on the fact that the current information ads are based on, would dry up for one reason or another. Either because they don't dare use it (regulatory) or because they simply never get the information (technical).
I was under the impression that the past years of rapidly evolving DNT, third party cookie blocking, widespread use of adblockers (even in phones) etc was already rapidly drying up the amount of information available to track users? Perhaps I'm overly optimistic?
The ad industry has proven very good at finding new ways to track people, defeating each new approach to block tracking. They've proven similarly good at learning to infer things they haven't actually been directly told, which is very helpful for getting around regulatory barriers.
In practice, not everyone keeps up on their patches, meaning they tend to be vulnerable to known tracking methods. Total ad blocking prevalence is not as high as one might guess: https://digiday.com/media/ad-blocking-charts/
Additionally, neither Apple nor Google is incentivized to make it easy to block ads on their devices. The only people I know who have done so are ones who have gone to non-trivial lengths to accomplish this.
> Yeah I don't see the online ad business ever adopting something else because it's "as good", I think that browsers should drive this and ensure sites simply don't get this type of information, so the adoption to something better (for consumers) is driven by necessity.
Pretty much AdBlock could do that.
It let's you opt out of serverside-profiled and unprofiled ads, and opt-in into relevant ones profiled on client side.
Out of curiosity, how familiar are you with how ad systems work? Generally there's a huge inventory of ads, each with different criteria attached to them and metadata about bids. When a request comes in, ads whose criteria are met are selected out and an instant auction takes place. The resulting ads are then shown.
I cannot think of a way that allows for both honoring the ad criteria and keeping personal interests and preferences solely client-side. You can't even take advantage of any form encryption here, as the results of the filtering would allow the server to infer the private data. This means you'd almost certainly have to get all the data to the client to allow querying locally.
OK, fine, that's workable. Then you just track impressions and so on to figure out when advertisers get charged. A potential drawback is that it's very possible that with impression and click data it could be possible to reconstruct most or all of the data a user might wish to protect. And there's no way to get away from this, either - pretty much all online advertising models rely on tracking one of impressions, clicks, and actions.
As for your two conditions:
> - A way to ensure that ads don't try to harm me by e.g. leading me to websites serving malware or abusing my computer's resources (e.g. miners)
Policing the contents of ads can be quite the task. Ensuring the contents of arbitrary external websites is next to impossible. There are no good ways to do this in a fully automated system at scale when someone else controls the other server and can change what content it serves at their discretion.
The best way I can think of to ensure this is to limit access to this hypothetical advertising platform to entities with the expertise and resources to protect themselves and anyone who comes into contact with their servers. Works for me, but being shut out of access to the biggest and best advertising systems might be a problem for many groups.
> - A way to keep my privacy and control what data is collected about me (and who has access to that data)
You know what? I think I know exactly what you want. You want the newspaper model. Collects no data from you, preserving your privacy. Only accepts advertising from partners that can be trusted, ensuring your safety. Doesn't need to closely track impressions, views, or actions.