This is such a weird proposal that I think indicates an unawareness of the advertising industry. The reason the internet tracking industry exists is entirely because the first party advertisers don't want to deal with attribution or anything like that. They are only interested with selling their product. They contract out to third party companies specifically to not have to deal with those attribution issues. The reason those third parties have to resort to tracking is because advertising fraud is rampant on the internet and the first party advertisers want some assurance that they aren't just throwing money away. In the traditional advertising world, they can see the ad on TV or printed somewhere and know they aren't getting ripped off. There is absolutely no assurance on the internet that anyone is seeing your ad. So this proposal is saying that the advertiser should be in the business of assuring that their ads are being seen and delivering value, but it still doesn't solve the problem that the advertiser wants to be sure how many of their ads are being seen. Advertisers are paying for the number of times and ad is shown not the number of times it is clicked (this isn't the year 2000), so this proposal gives the advertisers more work to do without actually solving their real problem. I don't foresee any significant adoption of this proposal from advertisers.
Now, if someone could come up with a privacy-preserving solution to advertisers quality assurance problem of buying advertisements on the internet, that would be big business.
I don't know enough about the advertising industry to say that this comment is wrong, but it triggers some warning bells for me that make me suspect it might be wrong.
In the podcasting industry, referral codes are used specifically so that advertisers can figure out how many conversions are coming from the podcast -- it's not enough to tell them, "X people heard the thing." They want to know whether or not it's worth advertising based on concrete user acquisition numbers.
AT&T recently put out an interview about their advertising strategy as a content company. The quote from that piece[0]:
> "Regardless of how you see a directed car ad, say, AT&T can then use geolocation data from your phone to see if you went to a dealership and possibly use data from the automaker to see if you signed up for a test-drive—and then tell the automaker, “Here’s the specific ROI on that advertising,” says Lesser. AT&T claims marketers are paying four times the usual rate for that kind of advertising."
And on a more fundamental level, it doesn't make sense to me why targeted ads would even be such a profitable industry in the first place if advertisers didn't care about increasing ROI per ad -- and that means improving click-through rates and conversion rates. I don't see how I wouldn't want attribution stats per-campaign if I was trying to improve my ad targeting, or doing AB tests on different marketing styles.
It is entirely possible that I don't understand the advertising industry very well, but from everything I've seen, advertisers do seem to care about attribution, a lot. Maybe click-through isn't the best way to measure that, but I don't see strong evidence that brand recognition or exposure is a more valuable target for advertisers to be pursuing than direct revenue impact.
In the podcasting industry, referral codes are used specifically so that advertisers can figure out how many conversions are coming from the podcast
The old-school method of this was to have unique response numbers. It's why you see phone numbers like "800-555-1212 extension 37." When you call the number and ask for extension 37, the person on the horn says, "Yes, this is extension 37..." and begins their pitch while noting that affiliate 37 gets the conversion credit.
It's similar to TV commercials you see that tell you to "Go to example.com/TV37."
Some lead generators are willing to splash out extra money on specific phone numbers without extensions because they believe they convert better. It's why toll free phone numbers expanded so rapidly from just 800 and 888 to 877, 866, 855, and 844.
They do care about the whole attribution process since this is very relevant to incrementality (which is equivalent to 'they aren't just throwing money away'). But this doesn't necessarily mean that they want to deal with all the details themselves. This is my guess for the parent reply's intention.
" Advertisers are paying for the number of times and ad is shown not the number of times it is clicked (this isn't the year 2000), so this proposal gives the advertisers more work to do without actually solving their real problem. "
I might be mis-reading this but isn't Adwords model specifically disruptive because it charged per click and not per view. It's why when you click on a search ad you see ?gclid=... appended to the end of a URL so that the ad you clicked gets credit... I am confused or missing the reason for your statement about impressions being more important than a click?
There is also a feedback loop on adwords and other CPC spends. Run ads that get few clicks and get penalized in cost or impressions -- in severe cases to the point of being off-lined. What business that runs CPC placements wants to show an ad with a lower click through rate.
Also, maybe I'm missing something but I don't see how this addresses fraud and any advertising solution that doesn't address fraud is basically DOA. How do they ensure that clicks and conversions are legitimate? It's already a hard problem, despite the large amounts of data that legitimate browsing activities leak.
* Browser data (UAS, screen size, network speed, localStorage)
* IP data (therefore some proxy of geographic data)
* Third party data (eg. Google Analytics demographic data)
* Odd click patterns (eg. from the same IP, bursts within a short window)
* Finally you can see who is benefiting from the clicks (eg. certain publishers) and suspend their account
I feel like all this data would generate a substantial click "footprint" that you could run through an ML model. At worst, these third-party advertising companies can suspend whoever is benefiting from the clicks if they gather enough suspicious evidence.
There are multiple types of fraud. One is bots that give fake impressions, but another is fraudulent publishers that give improper ad placement (e.g. overlapping ads or invisible ads). In the second type, the user is legitimate, so you can't entirely rely on something that identifies illegitimate users. I think this is one reason why ads aren't always sandboxed in iframes since you need a way to detect if the ad is actually visible in the root frame.
Behavior tracking is difficult since it's hard to say that a legitimate user will never do something. E.g. large ISP NATs thwart IP tracking by giving many customers the same IP. Safari blocks 3rd party cookies.
Google has a somewhat well known bot countermeasure called botguard that does a decent job proving that you are probably running an entire browser, but that only marginally increases the cost of fraud to running a browser instance per-bot. Increasing per-impression cost for fraudsters can put them out of business, but increasing per-impression cost to detect fraudsters can put advertisers out of business.
Also, ad-targeting is often a realtime problem. You have to decide what ad, if any, to show within milliseconds. Do you never show ads to unrecognized users? How much turnaround time will you need before you can precompute a profile and start showing ads to a legitimate user? How much turnaround time do you need for detecting and blocking fraud?
Unfortunately, specific countermeasures aren't often publicly published since one of the greatest costs of ad fraud is figuring out and then circumventing countermeasures. E.g. you might have a hard time reverse engineering something faster than it's being engineered by 20 people at Google.
Programmatic advertising is 100% a real-time, per request bidding process. There is no queue of ads. Virtually all banner advertising on the web now is done this way.
Just because it's Google's code on the publisher page, doesn't mean it's Google's customer's ad that shows up on the page. It's entirely possible a third party is willing to pay more than any of Google's own customers, so it's auctioned off to Google's customers, and Google's partners (who auction it among their own customers).
Also advertisers often want to do dynamic stuff too. Or may be willing to pay more for the same user in different contexts. Or utterly unwilling to have their ad on sites with UGC. And you don't know where the user will show up next.
I won't go into details but you seem to be assuming specific, relatively unsophisticated methods. Also, not everything you mention is available or useful and it's not close to enough to for more sophisticated frauds.[1][2] Keep in mind that most ads are paid on a per-impression basis - the main reason to simulate clicks is because at some point people will notice if a specific site consumes a bunch of impressions but doesn't contribute any clicks. Ad-tech companies tend to be competent in ML since it's necessary for optimization, but fraud remains a hard problem.
"In the traditional advertising world, they can see the ad on TV or printed somewhere and know they aren't getting ripped off. There is absolutely no assurance on the internet that anyone is seeing your ad."
If this is true, it sounds like the internet really isn't well-suited for advertising.1
How have certain companies become so enriched by selling something that has such a high risk of not delivering value? If what you say is true, it stands to reason that many clients are getting ripped off.
1 I still find it interesting that the web/mobile ad industry almost always relies on web browsers/apps to make ads workable. These programs must process what is returned from a request for content, auto-load resources from third party hosts, and often interpret and execute Javascript code to make additional resource requests. A user can successfully request the content from a web page with a single domain name, DNS lookup and HTTP request, the basic functionality of the internet and web, without using a web browser, but that alone does not suffice to deliver ads.
The reason those third parties have to resort to tracking is because advertising fraud is rampant on the internet and the first party advertisers want some assurance that they aren't just throwing money away.
This does not sound correct to me. (I was in the digital ad industry.) The interest in conversion counting is not just because you can't trust views/clicks. It's because conversions are the most useful event to track. You might be paying for views, but your conversions are your best proxy for ROI on one ad campaign vs. another.
I agree with your prior point that the first party who is selling ad space doesn't want to think about it. That part is entirely true.
I'm sorry but this is false. They do charge based on CPM which is why they can continue charging you for serving higher and higher frequencies to the same audience. If they charged based on reach then once you went over frequency 1 they would stop charging correct?
>They do charge based on CPM which is why they can continue charging you for serving higher and higher frequencies to the same audience.
They charge based on reach and will serve your ad to users as many times as they want until they illicit a reaction. There is some proprietary algo at work to determine how your spend gets distributed.
How do we know this? If my paid post gets a good response, it gets free impressions. If my paid post gets poor response, it gets few impressions and I get a warning about the post.
Facebook is incentivizing good content, and it's not charging you per impression. Impressions definitely come into play, but what is more important is users, frequency, and engagement. Unlike other platforms.
I'm sorry but again no. Your rationale is due to organic sharing of the ad rather than some sort of weird reach charging. Again if they were charging by reach and I was hitting frequency 7 or something surely they couldn't keep charging because those people have already been reached correct?
I'm well aware of the Facebook's algorithm that prioritizes ads with a higher relevancy score (or rather the 3 categories of quality that they recently replaced relevancy score with). They punish bad ads by artificially raising CPMs and artificially lowering them for quality ads.
So once again, yes they are charging you by impression. They just also make a distinction between paid impressions and earned impressions. Eg someone shares your ad and their friends see it = earned impressions.
Relevant quote: "Depending on the type of bid you choose, you only pay for clicks or impressions when you run ads. Your ads will be deployed evenly over time, and you'll never be charged over your budget."
I think there is something nuanced here about my point that you aren't addressing. I have served Facebook ads through both a secondary vendor and through their interface. I can tell you with 100% certainty that my ads through the second party vendor overdeliver impressions based on the response rate of the ad. Unless my ad is complete garbage, I always get more impressions than I have paid for.
That's right, I get free impressions if my ad (not boosted post) does better.
How else I know this is that their video completion rate when calculated by impression is absolutely abysmal compared to other platforms. This is why they don't address VCR in their own interface. They want the ability to serve your ad however they see fit until there are results.
Also, I can ask Facebook to charge me only for plays, and you even alluded to the fact that you can pay for engagement as well. This backs up my point that Facebook will serve your ad as many times as it wants until it finds the right user-ad fit.
That being the case, I go back to what I already said. Yes, impressions are very important here, but they are not exactly what you are paying for. You are paying for user reach and engagement.
"Your ads will be deployed evenly over time, and you'll never be charged over your budget"
But your ads are usually served more than you ordered. Unlike other platforms, where I only get exactly as many impressions as I pay for.
In a way it is similar to Adwords Quality Score for CPC.
I think we're arguing semantics here. For context I also have bought FB natively and through a DSP for about 8 years. The phenomenon that you're referencing is what I was talking about with earned/organic impressions versus paid impressions. I assume you're buying fixed cpm on your secondary vendor? Again what is happening is people are sharing the ad or tagging people in the comment section. Those would be earned impressions and would increase your reach but that doesn't mean FB doesn't charge based on CPM. If I'm buying a magazine ad and someone showed that magazine ad to their friend that doesn't mean the magazine wouldn't still sell that ad slot on a CPM basis. I understand why it would seem they would charge on a different basis than CPM at first glance but I assure you that isn't the case. As for engagement and video views completion that's all well and good but that's an optimization option rather than a charging basis. By all means my job would be much simpler though if Facebook only charged me on a conversion basis though haha.
I suspect we're at an impasse but you really should reconsider your position and look at the nuance between earned/organic impressions you get from an ad and paid impressions. As an aside one thing we do agree on is the abysmal video completion rate.
I appreciate the conversation and will take another look into whether or not my raw impressions for my ads are getting mixed in with organic impression numbers.
i can tell you i have insight into 9 figures worth of pay-per-click advertising on Google, Bing and FB yearly. pay per click is very much alive and well on these platforms.
If I were you, I would be embarassed for posting a comment with such an authoritative voice on a topic you clearly know so little about. I've worked with more than 20 ad teams for a wide variety of companies, from seed stage to public ones worth billions. Everyone cares incredibly much about attribution and properly tracking ad spend to sales.
> The reason the internet tracking industry exists is entirely because the first party advertisers don't want to deal with attribution or anything like that.
Attribution exists because there has been in the past few years a major pressure from advertisers to relate actual sales with digital media investments.
If you go some years back a lot of major brands cut on their digital media investment because they weren't seeing a return when compared to other medium - like TV.
>They are only interested with selling their product. They contract out to third party companies specifically to not have to deal with those attribution issues.
They are interested in sales, branding and customer service. Some brands work hand-in-hand with media agencies - agencies who do the buying, manage and optimize all the media budget. These agencies have the technical know-how for campaign setup, automation, tracking, etc. It's not because they don't want to deal with it, it's because they would have to make a huge investment in human resources and tech. Some brands did/do move all of this in-house, or outsource it to agencies with exclusive, or with high FTAs.
> The reason those third parties have to resort to tracking is because advertising fraud is rampant on the internet and the first party advertisers want some assurance that they aren't just throwing money away.
Tracking is used to measure the performance of the campaigns - delivery itself, plus the results on the advertiser side. Ad fraud is indeed rampant, that's why there has been a lot of development to mitigate this issue (like viewability).
> In the traditional advertising world, they can see the ad on TV or printed somewhere and know they aren't getting ripped off. There is absolutely no assurance on the internet that anyone is seeing your ad. So this proposal is saying that the advertiser should be in the business of assuring that their ads are being seen and delivering value, but it still doesn't solve the problem that the advertiser wants to be sure how many of their ads are being seen.
There's no way to know if an ad was seen on any media. TV campaigns are measured with a sample of the population with a device that tracks what's being viewed - but you don't know if a person is using their smartphone when your ad is running.
The problem with the internet is that there's no filtering between what's being done by a machine and by a human when it comes to the campaign delivery - and that's directly attached to the buying model for the advertiser. They wouldn't care about wastage if they didn't have to pay for it.
> Advertisers are paying for the number of times and ad is shown not the number of times it is clicked (this isn't the year 2000), so this proposal gives the advertisers more work to do without actually solving their real problem. I don't foresee any significant adoption of this proposal from advertisers.
Advertisers pay for a lot of things, for reach, for views, for clicks, for seconds of audio, for grids of outdoors, the list goes on, so you can't just say they aren't paying for clicks - hell Amazon is the new big boy in advertising and you pay per click.
The golden goose of attribution is to connect from the point of contact in advertising, all the way to the post-sale (the so called customer loyalty programs). If you can tell someone who saw an ad on Youtube, and when he went to a shop out of the shelf (where you have a 15% share of shelf), bought your product, and came to the social media saying how damn great that cookie is.
Why oh why would you want to normalize anything about online advertising by standardizing it as an HTML property? Why does anyone think it is the browser's responsibility to support this?
If ad companies are having trouble "attributing their campaigns" or whatever - that's tough? It's their responsibility to figure it out, not browser vendors, who should be on the user's side here (c.f. user agent).
This is a terrible idea, breaks the abstraction between markup and application, and should definitely not be added to HTML standard.
The context for this proposal is NOT that, in a vacuum, ad-tracking is a desirable feature of HTML.
The context for this proposal is Apple has already been rolling out privacy protections for Safari and iOS, other players (like Big G) have had complaints, and this proposal undercuts those complaints. It's a negotiating tool, effectively.
Apple's privacy protections have made life harder for Google and other folks in the advertising space. Apple has basically tried to make it hard or impossible for anyone to stitch together user activity across different sites and build a profile of that user.
Advertisers have complained about losing ad attribution, and that complaint is legitimate. But, the existing techniques that are used to measure ad attribution also allow a excessive amount of additional data to be collected. Arguably, the ad attribution angle is just a PR-friendly fig leaf over what they're really worried about, which is user profiling.
So, Apple's counter-proposal: Here is a way to get ad attribution! Also, by the way, it doesn't allow user profiling, but that's ok, right? Of course it is. And now, ideally, we get to watch advertisers squirm as they try to come up with outlandish attribution scenarios that justify the collection of profiling data, while struggling to not admit what types of profiling they actually do and what fraction of their valuation that comprises.
It also makes it easier to lobby for a privacy law with teeth (which Apple should absolutely be doing if they aren't already) when you can offer a solution to politicians who might have genuine concerns about the economic impact.
I don't think we need legislation that is overly prescriptive by saying "this is the particular feature of the current web that you need to use to be privacy compliant." That's what was wrong with the cookie law, and was one of the improvements the GDPR made - it didn't prescribe any particular solution for advertisers, just told them "you can't do this kind of thing."
That is the basis of a good law (prohibit a specific behavior, not the implementation thereof). In that lens though, Apple's proposal is a solution in search of legislation, which screams "regulatory capture" to me - another reason I'm against it.
They wouldn't mandate any specific technology, but it makes it infinitely more likely that Congress would pass a GDPR clone when they are confident that doing so wouldn't just destroy every web publisher's business. And it certainly disarms any disingenuous arguments by the ad-tech lobbyists along those lines.
I still don't understand why Apple would be compelled to offer the olive branch at all. Sure, advertisers have complained their business model is getting harder - what motivates Apple to help fix that? What possible leverage could advertisers even have? Apple doesn't need a negotiating tool if there's nothing Apple wants from the advertisers, just block the nefarious tracking and move on.
Ad attribution is not inherently bad. The means by which people do ad attribution are typically evil, and due to the ease by which this data is collected, lead advertising companies down the dark path of becoming user data brokers.
But the simple act of "I placed an ad on this site, is that ad driving sales?" is perfectly benign, and if we can enable that use-case without enabling any privacy leakage, that's unambiguously a good thing because making the privacy-conscious approach easy and reliable means people will use it and won't resort to the more privacy-invasive techniques.
This is the same underlying justification as the "ping" attribute, which is basically, it enables in a privacy-conscious manner the basic functionality people want, and which they already have other less-privacy-conscious means to get, so let's make the most user-positive option the simplest and most reliable.
Also by standardizing how this works it enables content blockers to block these requests. This ad click attribute proposal even explicitly listed this as a feature. If you don't want ad click attribution, use a content blocker that blocks /.well-known/ad-click-attribution/ and you're done.
I disagree, all advertising levies a cost on the advertisee, you are assuming an inherent right to attention that the person has not granted. I understand and agree that this is a graduated scale but the most benign on that scale is "only a minor annoyance" not "perfectly benign".
Advertising is the cost of access to the content. The content provider has the user's attention, and the advertiser is paying the content provider for a small slice of that attention. But that's all the cost should be, just a moment of attention. The cost should not be giving up your privacy.
The cost shouldn't even be attention, we have little enough control over the silence of our minds in the modern world - we should fight against all those sources that feel falsely entitled to get a slice of our brains and time for themselves.
There is no implicit link between "stuff on the internet" and advertising, this "free service" isn't free, we're all paying a gateway fee to get into the internet to begin with, then many content providers have judged their content valuable enough to justify asking for payment, with others relying on soft/burst funding sources like crowdsourcing. The internet and most people's sites really aren't so expensive to maintain that we need this level of crazy marketing.
> we should fight against all those sources that feel falsely entitled to get a slice of our brains and time for themselves.
Why are they falsely entitled? You're choosing to give your attention to a site in exchange for its content. That was your choice. The site turns around and sells a tiny slice of your attention to an ad provider in order to actually make money. But make no mistake, this was the attention that you chose to give to the site in exchange for its content, and that site can spend your attention how it wishes. If you don't like how it spends your attention, don't patronize that site anymore.
I reject this analogy, it's like saying "You walked into a supermarket to buy an apple for a dollar, it ended up costing you eight dollars because of taxes and fees and unfortunately those seven extra dollars were spent before you ever got the apple, so I guess the apple still costs a dollar but when you walk out of the store you'll be eight dollars poorer."
Advertising isn't voluntarily entered into by us, it's forced on the consumer. Personally I try to avoid patronizing sites that use heavy advertising (except interesting articles forwarded to me) but I am more speaking on the harm to us all. I suppose I could reword my comment above a bit more accurately to "I reject the normalization of advertising in society."
Apple may want this so that they can have attribution for ad placements in their own products such as Apple News while still being to able market themselves as a corporation who cares about privacy.
Not everyone believes that advertising is inherently bad, or that being able to track the effectiveness of particular advertising campaigns is bad – as opposed to tracking individual users.
Advertisers are not complaining - they can vote with their money. It's the publishers that are hit by making ads harder. Without allowing publishers to monetize, content will move behind paywalls or closed ecosystems (as opposed to open web) that do make ads easier. Also, over time, browsers that make it impossible to monetize will likely to be banned by publishers - this already started to happen, with some publishers not allowing incognito mode, etc.
They want 2 billion in revenue from advertising by 2020.
They are testing the waters, and there's no doubt a faction within the company that believes that in the long term, getting a slice of the firehose of ad revenue is worth a small loss in revenue from opinionated anti-ads users[1] leaving their ecosystem.
The best part about the Apple walled garden is that once ads become an important part of their revenue stream, they'll be able to ban ad-blockers on their platform.
[1] What are they going to do, switch to Android? Communicate by carrier pigeon?
So Apple is going to do a 180 and suddenly switch to being anti-privacy and pro-advertising. Disable the Safari content blockers they only recently added, end the advertising campaigns they just started using. And all for a tiny 1% of their revenue ?
Privacy is a fundamental part of Apple's selling proposition and personal to Tim Cook given that in many cases gay and other minorities are killed due to privacy leaks.
> Note: Though we cannot bring an official Tor Browser to iOS due to restrictions by Apple, the only app we recommend is Onion Browser, developed by Mike Tigas with help from the Guardian Project.
Your truncated quote makes it sound like Apple doesn't allow private Tor browsing. There are other Tor browsers on the App store. What Apple doesn't allow is third-party HTML renderers and JavaScript engines (Tor Browser is based on Firefox)
> Privacy is a fundamental part of Apple's selling proposition and personal to Tim Cook given that in many cases gay and other minorities are killed due to privacy leaks.
Is it part of an immutable corporate charter? Is Tim Cook an immortal lich-king, with absolute authority, that will preside over Apple between now, and the heat death of the universe?
Company culture changes, company priorities change, company leaders change, and shareholders always want more money. If advertising will get Apple more money, it's just a matter of when, not if.
Company culture isn't going to change much at Apple.
They have programs like Apple University and the memory of Steve Jobs will always loom large over the company.
And Apple could've focused primarily on advertising decades ago. But they didn't because it's just not in their DNA. They are and will forever be a widgets company.
20 years ago, they were an overpriced-computer vendor on their deathbed, with not a widget in sight, burdened with a trailing-edge OS, while Microsoft was an unstoppable behemoth that was eating the world (While convinced that this internet thing was just a fad.)
You have no idea what they will be 20 years from now.
> Privacy is a fundamental part of Apple's selling proposition and personal to Tim Cook given that in many cases gay and other minorities are killed due to privacy leaks.
I love the privacy aspect, but is privacy really part of Apple's core strategy or are we just seeing them make use of the good position they were always in? Is there enough drive at Apple (Cook or otherwise) to keep privacy a focus, or is the topic just going to fall by the wayside when it suits the business?
Look at the implementation of Secure Enclave, FaceID, Apple Pay and ML models.
They build these very carefully to keep your data secure, on-device and inaccessible to third parties. They definitely could've implemented these much quicker and arguably better (e.g. ML models) if they had a device-cloud hybrid.
You're being naive. Ad companies are not having trouble attributing campaigns. The problem is that small, uncoordinated "privacy" features cause Ad Tech companies to become far more aggressive in how they track users. It's not the companies that lose here, it's you.
A standardized, privacy-centric method for companies to accomplish attribution will help end the arms race and move back to a more consumer-friendly model. Small edges are worth a fortune in Ads. This is like the war on drugs. Clamping down and assuming ad companies will walk away is way too optimistic. Instead, they will move deeper into the shadows at whatever the cost.
If we do standardize this, why would an ad company stop using their existing tracking? This proposal allows them to collect more data about users, not less. It's just more entropy available to them, like the DNT header.
And I still don't think it's the browser's responsibility to help the ad company. This kind of stuff just doesn't belong in a markup standard. If ad company cannot exist with the way they currently track users due to GDPR or other regulations, and "need" some standard way for "privacy preserving tracking" - they can write their own browser that does it and give people incentives to use it.
This proposal collects far, far less data about about a user than any existing method. It doesn't add more entropy because any ad-tracking platform can (and does) already track this exact information.
By making it a standard that actually solves the needs of advertisers, the willingness to adopt it will increase because it's simpler.
That said, I think this proposal falls short of solving current tracking problems.
Safari is already trying to stop the existing tracking. This proposal allows Apple to say "look, we're giving you the actual functionality you need" and the advertisers completely lose any legitimacy whatsoever to their complaints, as all they're left with is asking for a way to violate user privacy.
Except we can actually win the war on advertising if we chose to do so. Making large swathes of the back-room tactics advertisers rely on illegal is absolutely do-able and provides more value to all of us - any companies that contract with bad actors can be punished and we could move into an age where we just forget what popups even were.
What we need is a new paradigm for making money on the Internet. Advertisements are psychological tricks users are forced to experience, designed to make that person think they need to spend their money on something they didn't need before they saw the ad.
It's infected our news media, with ads masquerading as real news articles and news providers dripping with desperation to keep you frightened of the BREAKING IMPORTANT NEWS you MUST KNOW ABOUT right after this attempt to sell you razor blades.
It's infected our social media, where avatars that bear only the slightest of photoshopped similarity to the person they claim to be pretend to live a high-life, hiding their broke reality while trying to sell you herbal detox teas produced by failing corporations.
It's infected our telephone system, spammers trying to sell you a new rate on your student loan debt calling you 100 times more often than your own mother.
It's infected our email system, where no client without robust spam filtering is even usable, and you will delete 100 times more emails you never wanted to get than you will receive from your best friend.
Text messages. The postal system. Light polluting billboards on highways. You name it, if advertising has gotten its claws in it, it has either ruined or is ruining it.
Selling ads and selling users' PII are the two primary methods by which a website makes money. Both need to die.
... I would argue that the standard by effect makes it far too easy to simply lock out attribution by normalizing the way that attribution works. It effectively makes it one super easy target for ad blockers and obfu plugins.
Billions of dollars are at stake for companies that need to understand how their ads are working across ecosystems and to realize the value (or lack thereof) for media buys. Many of the sites that place media also are doing so to offset the costs for users.
There are few ways to toss a grenade in this complex room that does not harm all parties and force each to defend their own needs/wants.
Not everyone shares the belief that advertising and the user's interests need be adversarial. If this represents a compromise -- user maintains privacy, advertisers get attribution -- then what is your specific objection?
If we chalk up the "browser vendors should not help advertisers learn more about the user for no end-user benefit" as a difference in opinion, I specifically object to adding parameters to a markup language standard to support a domain-specific problem that a (possibly transient) industry faces. The markup language should not be facilitating this tracking, that's an application workflow - it should be way beyond the scope of concerns of the HTML.
If they really wanted to standardize something, why not make a Privacy Preserving Tracking as a Service endpoint and hit it with standard snippets of JS, instead of baking this controversial junk into the browser's core.
So HTML should not be concerned with supporting web application workflows? What should people be building web applications with if not HTML/CSS/etc.? If HTML doesn't support common use cases (by supporting additional markup) then everyone will have to roll their own. And if the only tools they have to do that are ugly privacy invasive monstrosities like fingerprinting, what will they use?
What should replace internet advertising as a way of funding content? This is not an advertising industry problem -- it also affects publishers. Will they have to start charging everyone micropayments to view their content? How will this affect the ability of third parties to index and archive content?
> And if the only tools they have to do that are ugly privacy invasive monstrosities like fingerprinting, what will they use?
They use that because the privacy invasive monstrosities they previously relied on are becoming less reliable as public awareness of being spied on and manipulated grows and appropriate countermeasures are being taken. So now, every aware person is using an ad blocker and user-friendly privacy laws are being implemented. Sucks for the web advertising industry, but that's what they get for pissing upwards.
> What should replace internet advertising as a way of funding content? This is not an advertising industry problem -- it also affects publishers.
I will not be sad if platforms that so fundamentally rely on advertising that they can't find other means of funding their businesses die off completely. If people aren't willing to pay (users through donations and subscriptions or publishers out of their own pockets), maybe the content just isn't very valuable.
The point of this feature is to provide limited access to data that webpage JS is not normally permitted to have – namely, information about the user’s interaction with other sites. (Although data sharing between different origins is not always forbidden, Safari’s “Intelligent Tracking Prevention” tries to block it for origins that are used for tracking.) Therefore, making it an “application workflow” implemented by the page JS would not work, whether or not a remote server is involved.
This spec literally defines a way of doing so without attribution - the various confirmation mechanisms are all done using stateless and cookieless network requests - all the site operator gets is confirmation that someone did something.
The alternative is a browser breaking all the tracking mechanisms and then getting blocked because it’s “blocking ads”.
This provides an API that allows ads to work, while also allowing a browser to block all the tracking techniques currently being used.
That way web sites can have a revenue stream without gratuitously violating their reader’s privacy.
The spec is about doing attribution, literally. It makes the attribution anonymous just to work around privacy advancements that have been adopted recently.
Until browsers get blocked for being anonymous, this is never in the interest of the user.
And if a site doesn’t work unless I turn off adblock / switch browser, then it’s most likely bad on multiple levels.
Agree. To add, if we accepted this as the attribution source of truth, there would be large conflicts of interest from companies like Google who own an ad network and also Chrome. They would basically claim all Adwords traffic is awesome.
Since the 1990s I have always felt that advertisers feeling entitled to not only receive ad click data, but to only pay people based upon it, as inherently fraudulent. Advertisers in every single other form of media have never had access to this data. And they've certainly never even dreamed of only paying the person hosting the advertising in cases where an iron-clad case can be made that the advertisement led to a particular sale.
Of course they wouldn't. It betrays almost the entire foundation of marketing and advertising itself. Building brand recognition, forming brand opinion, encouraging new social and personal practices, etc are big parts of advertising. And now because the Internet is around, we're just supposed to give companies all of that brand building and everything else completely for free, only having them pay for specific sales funneled directly and provably through an advertisement? Can I get an ad played during the Super Bowl and only pay the TV networks when someone can provide proof the ad was the cause of their purchase? Can I get an ad in the newspaper like that? Radio? Roadside billboards? Where? Where else do I get to just rob the person hosting the advertisements of basically all advantages of advertisement and only rarely pay them for providing the venue?
I far preferred project wonderful’s model where The advertisers bid for add space. That made so much more sense.
Aparently it was shut down? I wonder what happened.
Edit: it looks like they were focused on independent blogs and since those have far less traffic now they couldn’t afford to stay open. That really sucks, at least it’s a good example of how the web is a much worse place when it becomes centralized.
Why wouldn't a marketer fingerprint you while also using the attribution system? Why couldn't a browser without the attribution system have all of the same anti-fingerprinting tools as a browser that has one?
The problem is that currently if a browser does break every tracking mechanism they may be interpreted as running an adblocker, alternatively site operators may just block that browser entirely.
So if a browser does want to protect its users it is necessary to provide a fallback to allow site operators to make revenue from ads.
Hence this proposal: provide a system that allows the necessary steps for ads to work, without violating user privacy. Then browsers can start more aggressively blocking trackers.
Actually, if you don't want to be tracked you have to prevent the advertiser's code from identifying you, which is borderline impossible.
You could potentially stop their code from running on your computer, but you can't stop them from running code on their servers, and if you make yourself hard enough to fingerprint, CAPTCHAs become impossibly difficult.
Considering that Mobile is about 50% of web traffic and that cookies are not very useful on mobile as well as ITP, I would say fingerprinting has been a very practical in building user profiles.
> In plain English this report would say: 24 to 48 hours ago, some user who previously clicked shop.example’s ad campaign 55 on search.example, converted with data 20 on shop.example.
this, i suppose, assumes that the browser is active at the time, but at any rate, it will screw with attribution windows pretty hard. advertisers will definitely be very happy to now see conversion numbers which could have happened at any time and are unverified
Yes - this is one of the biggest issues in the proposal. Apple's browser will be in charge of all the attribution logic. This could create very perverse incentives for any browser company. For example, if Google wants to make their ads look effective, they can use Chrome to mess with the attribution and no one would know.
Clicks are not tracked via cookies but via urls. The search engine in this example would send the user to someshop.com/someproduct?clickid=7e82jv927x748342
They say nothing about how they want to prevent this and other tracking mechanisms. Yet, they propose an overly complex system to send even more data to advertisers.
Also they do not say anthing about the ip that their additional ping will send out. I definitely do not want my browser to communicate with an advertiser days later and without my consent.
Also, click tracking is not even a big problem in the first place. Tracking you wherever you go is. Even if you do not click on any ads.
We track for targeting, not for attribution. I don't see any benefit for the targeted individual or the advertiser coming out of this proposal. This proposal only brings benefits for the parties on the publisher chain who now have one more angle for committing fraud.
I am aware of ITP. There is no ad-tech without targeting. There are >50 million ad opportunities out there at any second, you need to target to delivery the message to a proper recipient. Attribution is a bottom of the chain problem, often problematic due to fraud.
I don't think people care that Amazon (for example) suggests things to them based on previous purchases because they have a first party relationship with Amazon. Likewise, when I search for "honda" I'm okay with Google showing related ads to the right of my search results. Targeting isn't bad.
The concern is when user data is shared with third parties.
Of course we do that. But then how do you validate that wasn’t a bot generating a request trying to increase the publishers traffic? Do you trust the publisher blindly? You need some sort of insight into the web request other than a single integer counter claiming an impression occurred in order to validate the individual.
That's not how the business model works. You pay for the impressions delivered and the cost of the data used for targeting. If I get no conversions, who pays Slate.com for the million of impressions that nobody clicked on?
Everyone keeps claiming that exact tracking is necessary, or that this is ineffectual (as DNT).
It is clear that browsers are doing everything they can to prevent user abuse. So let’s imagine they succeed.
Imagine what happens to the current advertising model if browsers completely break cross origin tracking. That means you can’t link purchases to the original ads, and so the compensation model no longer works at all.
This provides a mechanism to do the required attribution without also tracking or compromising a user’s privacy. Without that, there isn’t a way for the current ad model to work.
> It is clear that browsers are doing everything they can to prevent user abuse.
If that was true in general, my browser would block all cookies and all content from third party domains by default. It would systematically misreport Referer and User-Agent. It would disable APIs typically used for fingerprinting. It would disable all redirect-through-advertiser links. All managed by a simple and unintrusive whitelist (per first party, per third party or temporarily for a whole browser session or for a site session) so that you can opt in to these things where there is a legitimate use.
It isn't because it has a much greater interest in browsing being a seamless experience and the web being a powerful application platform, and actual privacy measures are buried in some configuration menu or in third party plugins so that whiny power users can enjoy privacy while the unwashed masses go about their browsing as though the web standards aren't completely messed up from a privacy perspective.
> This provides a mechanism to do the required attribution without also tracking or compromising a user’s privacy. Without that, there isn’t a way for the current ad model to work.
Safari already segments cookies, storage, etc such that the ability to use those to track people is limited. I see no reason to believe it’s not going to continue making tracking harder.
The user agent string does not provide as much information as people seem to believe.
Whitelists aren’t usable, and don’t work at scale.
The whole point of breaking tracking in general is so that the “unwashed masses” get privacy. Every study and survey has found that users value their privacy, but have been told (by advertisers and I assume you) that privacy is dead, or that they cannot have the internet without it. It is absolutely not something that just “power users” care about. It’s just power users are the only ones who currently get any.
Finally, the attribution isn’t attributing to a specific user - the entropy is heavily limited, the reporting is time delayed by a random amount, and is made with a stateless session so there isn’t any way to directly tie it to a single specific user, leaving just the IP address, which is now typically shared, and frequently changes.
* >The user agent string does not provide as much information as people seem to believe.*
How much information do people seem to believe that it provides?
> Whitelists aren’t usable, and don’t work at scale.
I don't need it to "work at scale". I need to be able to turn blocking off occasionally. Also, "at scale" and "usable" are vague to the point of meaninglessness. Why aren't they usable? What scale does a whitelist need to work at that makes you say that it can't?
> Every study and survey has found that users value their privacy, but have been told (by advertisers and I assume you) that privacy is dead, or that they cannot have the internet without it. It is absolutely not something that just “power users” care about. It’s just power users are the only ones who currently get any.
That's my point exactly, because privacy isn't the browser vendors' top priority, nor are they generally doing "everything they can" to improve it. The standards don't even allow it.
> Finally, the attribution isn’t attributing to a specific user - the entropy is heavily limited, the reporting is time delayed by a random amount, and is made with a stateless session so there isn’t any way to directly tie it to a single specific user leaving just the IP address, which is now typically shared, and frequently changes.
"It's not so bad, really, for most users" is not the same thing as "browsers are doing everything they can to prevent user abuse."
Add, I don't know, User-Agent and Referer to the mix to more reliably track different sessions on the same address. My address doesn't change frequently. I'm on a temporary lease but when it expires I get the same IP again or at least have since I started my account. This is not uncommon for a broadband connection in my whole country.
If you consider tracking individual users' behavior for ads user abuse, let me remind you that one of the largest perpetrators of that are working on their own browser and regularly get a say in how the web works.
This is a really interesting proposal but I wonder if there can be more than 64 buckets. I understand that the goal is to prevent user tracking but that number seems unnecessarily low.
Marketers don't want parameters to be tuned on them, I expected this reaction. And as a user I dislike that this scheme relies on delaying reports, obfuscation is not privacy if you can be deanonymized.
This proposal allows attribution when the user clicks and then makes a purchase up to a week later, perhaps even from a separate visit. (But still trying to avoid personally identifying info).
What happens to me the most often is that I buy something, and then a couple of days later I'll start seeing ads for it, and they chase me around for a few weeks or until I buy something else.
It depends. Sometimes yes, often times no you need multiple brand touches before someone makes a decision. In the FB ads community most people run sequenced video funnels and then try and get you to click and buy. It works because FB tracks that whole journey in their walled garden.
No, that does not typically happen and advertisers know that. That is called direct response marketing (think coupons in your free weekly newspaper) and is basically the lowest form of advertising. Advertising is a broad field including much more common forms of advertising such as brand awareness where the goal is to make the consumer aware of the product so they will have it in mind when they make their next purchase. Also remarketing, which everyone hates on the internet, where the product follows you around trying to see if you'll buy it again. For traditional advertising this is all the catalogs you get in the mail for things that you have bought in the past. It's always odd that most internet ad discussions try to turn all marketing into direct response marketing.
It's hardly the lowest form of advertising. Direct response is massive. Think of any time you've searched for something you intended to purchase. Killer conversion rates. This is a way more tangible form of advertising than brand awareness, because the impact of those campaigns is immeasurable.
It's also a way more practical way to buy ads, because you know exactly what you're paying for and can measure your P&L in near realtime.
While I am not super enthused about the idea of my browser being the one that reports this data (Actively), due to the current state of ads on the web this feels better than the alternatives.
We have already seen the effects of websites trying to get away with no ads and switching to a paid model. How often do we see complaints from users of sites like the Washington Post or the NYT that they can't read their news article.
For the most part, attempts to get money from uses (who are at this point used to a "Free" web) has not seen great success.
I would also argue that every site turning into asking for money is very problematic for anyone but the biggest players.
Just saying that using ad blockers really is not a solution, if everyone used ad blockers we probably start to see issues with the available content on the internet.
I don't really know how I feel about this yet.
It will be interesting to see if Microsoft and Mozilla (I doubt Google will jump on this one, at least not quickly) will get involved in this. If so, it might actually see some good adoption.
Advertisers (and most publishers!) are unlikely to agree to this proposal as written. In particular the restriction that only the first party site can set up campaign identifiers makes it difficult for anyone other than a major publisher which already handles their own advertising (Facebook, Google, etc). The fact is that most sites don't have a direct relationship with the advertiser, so it just won't work for 90% of publishers.
I'm saying they can't get attribution from this unless they are a major publisher. There's no choice there. This essentially means that bigger companies (that do direct advertising) can make more than double the revenue from ads as small companies.
Of course the small publishers could let the ads networks host their content (in an iframe?) to recapture that revenue, but then we end up in a worse privacy position -- as there only end up being a few hundred first party hosts on the web that host all of the content and can track you with first party cookies!
But they still have IP correlatable with server logs with timestamps and everything, plus you get a new client side DB what will be perked into by every adware in existence.
The stated goal of untrackability by timestamp matching is simply not achieved with just 12 to 24 temporal dithering for anything, but biggest websites on the planet.
They say it is privacy preserving, then, 5m minute into the text it comes out that it is nothing like that at all.
It is the next "do not track" header.
But to me it feels to be Apple's first "carrot and stick" step to chip away at Google walled garden.
See: few month ago they launched both a ad cookie killer, and a 3rd party cookie firewall by default. Clearly, there was a huge net loss of ad money nearly momentarily, they clearly wanted it to be a surprise, to push ad businesses into panic. Now they come with a stick: play our walled garden, and you get your ad cookie back.
In other news, people were noticing that Apple was hiring senior Ad tech people for quite some time now.
The comparison to DNT is not reasonable: DNT was a proposal the originated in the ad industry in response to a government inquiry into their gross abuse of consumers. It was positioned to head off actual regulation, despite all browser vendors knowing it would not actually work.
The Ad industry killed DNT when they announced that they would no longer recognize it (and were in fact using it for tracking) despite them positioning it as the “solution” to their own abuses.
Once that occurred it became clear that the only solution is for browsers to break all tracking directly. This is merely something that would allow the ad ecosystem to still function in the absence of tracking.
This is the answer to (1) - it’s not a matter of advertisers adopting it, if a browser vendor blocks tracking then advertising based on tracking is broken. So all that happens is those users are not tracked, and also don’t produce revenue.
I never understood the anger for Ad companies tracking you.
Web content costs money to create and host. The alternatives are:
-Most content being paid
-Ads we really don't want to see. Without some sort of user tracking, ads would just be random
-Wealthy people will be subsidizing lots of content for political gain (a method of getting funding)
-Many smaller companies get pushed out in favor of large corps and much more difficult for a startup to survive.
Pretty much all of these have happened to some degree in the last 5 years and with the opposition to ads/many people installing ad blocking software, it's only going to get worse.
In the early days of AdWords the ads weren’t based on tracking but on page content (much more useful IMO). Nowadays there is this bizarre belief that somehow knowing everyone’s intimate details means your random context-free ad will result in someone buying something.
The problem with the gratuitous tracking is that people cannot opt out of it. I don’t have a FB account, I don’t go to Facebook.com, yet I know Facebook has a profile built up because of those abusive like buttons.
Similarly if I go to an online store, and buy something, there is an additional invisible tax I am being charged: the ads on the store pages feed multiple ad networks my personal info. Despite me literally paying them money.
Some things to note, attribution and identity also allow for things like ad suppression or blanketing. If you have already bought the product or made indications you are not interested and will not be converted it is very common practice to suppress you from seeing those specific ads. Its also common to blanket you with relevant ads given shown interest in a product or service.
Maybe it is fine to consider it a tax, another way to look at it is you are being paid on content and access on various sites (including sites where you make a purchase at a price that is fair for the product AND this information) for your information.
Either way, if you want to jump ship from that arrangement -- it should be just as protected that accessing that content is now a violation of TOS or a liability to you that can be resolved with (at the site owners prerogative) hard costs to you for that content or service.
And for that "pain" you retained access to the content/functionality on those sites that presented those ads. It is super common to suppress users that have seen a certain amount of blanket without interaction) as well so if you were receiving those ads for months it is most likely a poorly performing media team.
Arn't those ads that you will never click on but happen to be related to your browsing context better than the ads you drive by every morning on the street?
Take all those sites you visit over a month, remove the ones you pay for directly from the list. Those remaining ones are the sites that will not be there without either ad support or direct charge.
For the first paragraph: I'm not saying no to ads, I'm saying know to wanton abuse of my privacy to provide mistargeted ads when the whole point of that abuse is to provide correctly targeted ads.
2nd paragraph: those ads leverage their context, better than modern "targeted" ads. An ad for a tech product showing up on a tech site is more applicable than a dishwasher. Likewise an ad for a dishwasher on a homeware review site is better than an ad for a computer. The targeting is not providing anything useful.
Final paragraph: you are making the argument that the abuse of privacy is critical to the ad ecosystem, to the extent that in the absence of tracking then the entire ecosystem collapses. This is demonstrably false: when AdWords started it wasn't built on tracking and other such abuses of the end user, it was based on the context of the page the ad is embedded in.
The problem we've got to now, is that the ad networks started pushing "targeted" ads over non targeted to the extent that they have managed to convince everyone that the tracking abuse is necessary.
I guess I will leave it with this. You are looking at the issue from a certain perspective. The counter perspective is that targeting and attribution were severely lacking in AdWords and many other systems in the early days. The only reason that was acceptable for brands spending 1MM -> 1B dollars on advertising was that it was actively being extended and fixed (and there was a naiveté/blind faith of early adopters). We are years and years into a system that has grown over time to its current level by listening to market needs and adapting.
The days of cast a blind net that can't be attributed or optimized are well over -- those sites I asked you to consider will be very much hurt or gone if marketers can't target specific segments anymore (the blind saturation spend os not coming back).
In your opinion? On what grounds can you make this claim, as if there didn't exist a multi-billion dollar industry focused on maximizing ad-targeting usefulness, as if ad companies haven't tried context-based targeting and just decided to do something else that apparently makes them less money by being less useful.
Do you have any serious evidence that "knowing everyone’s intimate details means your random context-free ad will result in someone buying something" is a bizarre belief instead of a fact that a capitalist market has settled on?
Yup, I’m really angry that I’m being tracked in a way I don’t exactly understand or monitor.
So I’m basically in on every attempt to kill the online ad industry even if it kills 99% of the “free” content I read and enjoy. I no longer think a convenient micro transaction system will come along to disrupt the status quo, I now think it can only rise from the ashes of the 2000-2020 web.
I also realize that in this process, at least for a transition period, we will kill a lot more small players than big ones, and quite possibly create a web where google, Facebook et.al. are the only ones to profit. Again, don’t care.
Part of it is due to the fact that advertising has worked just fine without tracking for literally hundreds of years in a variety of different media.
As to your points, though, paid content is great. If people won't pay for it, they probably don't actually want or need it.
I don't want to see any ads. No ad is relevant to me, so all ads, even supposedly targeted ads are random. In 30 years of using the web, I have literally never once intentionally clicked on an ad. So better tracking for ads gets me nothing and loses me a lot.
Wealthy people already subsidize lots of content for political gain, so nothing is changed by having it be targeted ad supported or not.
Most small companies cannot use the legitimate ad networks because they don't have enough volume. So this is a non-issue.
A sharp stone on a stick has also worked just fine as a weapon for literally thousands of years in a variety of locations. That doesn't mean it makes any sense to use it today. This is just a bad argument.
Ads provide a lot of exposure instead of just eliciting a direct response. Better tracking for ads benefits content publishers and service providers, many of which users enjoy. You don't have to click on an ad for ads to have value.
"Part of it is due to the fact that advertising has worked just fine without tracking for literally hundreds of years in a variety of different media."
Magazines, radio, and television are all tracked in different ways. When were ads not tracking users? On stone tablets?
"Wealthy people already subsidize lots of content for political gain, so nothing is changed by having it be targeted ad supported or not."
They do, but it would be a much smaller percentage if the content creators had a way to monetize it.
"Most small companies cannot use the legitimate ad networks because they don't have enough volume. So this is a non-issue."
How is it a 'non-issue'? Many startups, especially here on HN, rely on advertising as a business model.
Well, ad-tracking is a little different than "targeting," but a lot of data collection exists theoretically so that ads can be targeted more effectively, which then theoretically supports free services.
But, there's little evidence that targeted ads are more effective than normal ads based on rough guesses (e.g., The Verge is largely read by tech-savvy young and middle-aged men and you don't need tracking to figure that out). Their marginal increase in effectiveness is probably outweighed by the cost of administering them, not to mention to social cost of privacy erosion.
The sooner the tech industry stops pretending that ad targeting is anything other than a scam to trick advertisers, the better.
Targeted ads (assuming the target is relevant and tested as performant) does 100% of the time offer better outcomes for a given ad spend (many times by large factors against general populations). I am not sure where you get the impression that there is little to no value in targeting ads.
Is there any reason bigger new sites don't just run ads like their paper counterparts? Sell sections of the site directly B2B. The business provides a static image, and the website shows that image for some amount of time for some predetermined amount of money. The image would be hosted with the parent site. They can target certain zip codes for more local ads, exactly like newspapers. I'm assuming it is significantly less profitable?
This would have a similar effectiveness to advertising on linear TV today -- your ad reaches everyone who is tuned in (or visits the site), whether they are in your target demographic or not.
This also wouldn't work on things like Google Adwords.
I'm glad that this blog post starts off with the principles behind the design of this technology because even if the specific design or implementation turns out to be flawed there is something to go back to and refine. The principles here seem similar to what a billboard ad or a paper ad effectively requires i.e. engagement and conversion is the responsibility of the ad buyer.
This is excellent timing. Google & Facebook's lobbyists are trying to get a weak US national law to overrule California's strong new privacy law. Apple's proposal will help the few pro-privacy people in Congress to push for a stronger national law.
I care about privacy but I also just fucking hate ads and never want to look at them. I don't even want them to exist and I don't want ad supported business models to exist on the internet.
This very much looks like browsers will be handling all the attribution for ads. In this case it creates perverse incentives for companies who main own ads businesses and also own browsers...
This will never work. Just a few things off the top of my head:
- tracked link must not be in an iframe, which is how basically all ads are served
- only 64 campaign_ids. what about tracking individual ads? i need to optimize which ads perform the best, what targeting is converting, and more
- delayed conversion POST, 7 day window. What if a user makes purchase and then doesn't open safari again during the 7 day window? since POST is delayed wont arrive. also what about 30d windows?
- what about view conversions? and other non-last click attribution?
- when combined with ITP, how do they propose updating audience/targeting? I often see complains of people seeing retarget ads for products they already purchased.
Remember that ITP's goal is to break all tracking to begin with, so assuming Apple successfully implements ITP to the degree they clearly intend to, this proposal is built on the ground principles of:
- no tracked link, iframe or not
- no campaign ids
- no conversion POST at all
- no view converstions, no non-last-click attributions
In that scenario, is this proposal an improvement? It sounds like an improvement. It's certainly more than the nothing that anyone will get from Apple's users without it. They didn't have to throw anyone a bone here, and they're going to take massive flak from a few users for doing so at all.
I imagine Apple would be thrilled if advertisers chose the destruction of the tracking-based advertising industry over using this offering. Perhaps advertisers will learn from the music industry's experiences trying to bury their head in the sand re: iTunes and pay attention and participate in designing this system. Perhaps they will not.
There are still ways to do conversion tracking with ITP, mostly moving to first party cookies and I wouldn't be surprised if we see a return of server side tracking like old Urchin so google & FB can store http only secure cookies that are indistinguishable from login/session cookies
If the goal is to stop all tracking why create this (bad) plan in the first place?
The server-side tracking you describe would instantly be corrupted by massive site fraud, as removing the intermediary of the browser from the measurement of “views” would compel people to fake up Apache logs to prove the views they want to be paid for.
The goal is to stop the tracking of individuals by advertisers, without stopping the tracking of ad views by advertisers.
the goal you just mentioned will not be accomplished with what this proposes.
I'm also not as sure as you are that server side ads identity management would be any different than the existing arms race with measurement of measurement meta-ness.
client facing JS is messed with all the time already as well. monkey patching etc. trying to detect monkey patching, toString prototype toStringMetaMeasurement bs etc it will always be a fraud arms race.
to me buying ads is about finding more trust and verifying when possible, obviously any system will be gamed but I'd trust the NYTimes would not mess with FBs server side npm package. and it would make it a lot harder for safari to block when the login session cookie IS the identity cookie FB uses
Ad blockers are a useful technology for users who opt in. For Safari, we aim to have on-by-default protections that provide privacy protection while still supporting ad-based business models. We see Firefox and Edge moving in this direction as well. We think that's the right balance for users, though, of course, our content blocker model also provides a sweet way of building ad blockers.
> We know there are users who want this because loads of people complain about paywalls.
That's a false dichotomy. "Users don't like paywalls, so they must like ads"...no, users don't like paywalls and also don't like ads.
(We can skip the whole "then how will content be paid for" argument that's been had thousands of times. There are plenty of solutions that aren't paywalls or ads.)
What solutions are you talking about? Premium subscriptions / donations like Ars Technica and the Guardian use? Those are the only major online publishers I can think of that aren't monetizing via ads, paywalls, or both.
I love paywalls to be honest. It gives me a taste of the quality of content to see if its worth my dollar a week. NYT also stopped hemmoragging cash by switching to a paywall subscription model, because just like since the dawn of printed content, people are generally fine with paying a tiny amount of cash to read something that’s not pure ad copy.
Well, yes, this new scheme would certainly not get me to stop using NoScript (I don't use an ad-blocker specifically as I don't object to ads. I do use NoScript, though, partly because I object to ads that run code on my machine).
My comment was about the two approaches in the absence of client-side defenses.
There's a fallacy in your argument, but I don't know what it's called.
Just because we got here via ads, doesn't mean we couldn't have gotten here without them. And that's even assuming that where we currently are is an optimum state we should shoot for.
Furthermore, it misses that we might be somewhere better than here had we not had ads. (I'm not saying it's a foregone conclusion, just one of many possibilities not mentioned.)
It's fun to think about how it could have all been different. No more sites designed to game search result rankings, designed to waste your time to maximize eyeballs on ads, designed to keep you on the site in a garden instead of surfing the web.
ISPs should have bundled hosting with internet access. Give everyone the possibility to generate their own site. It would be like a large insurance pool where your monthly bill might subsidize the costs of hosting another user who's site gets millions of views, just like how your monthly insurance premium ultimately covers the salary of someone else's surgeon, nurses, anesthesiologists, and keeping the lights on in the operating room. You can still ask for donations or even paid subscriptions if you wanted a well off full time staff.
Instead, we leaned on advertisers to fund our websites, middle men working tirelessly to come up with new ways to extract comfortable profit out of the system. Leeching resources that could have otherwise gone straight to the publisher had we designed the internet to be a little more federalized, a little more universal, with the costs shared among the users of the internet who are already paying for access anyway.
> Because quite a lot of the Internet couldn't exist in its current state without ads.
Let's not underestimate people's creativity. Let's kill ads completely, and see what creative solutions emerge.
After people realize that ads no longer work, I look forward to seeing what happens when they take several giant steps away from adtech and start building real alternatives.
> Because quite a lot of the Internet couldn't exist in its current state without ads.
This isn't a terribly meaningful statement, though. Just because the ad industry managed to dominate the web doesn't mean it had to be that way or that there are no other ways.
Also, in my opinion, advertising is doing more harm than good in the web overall.
Probably for the best. Id like an internet free of ads. Oh, I have that already thanks to ad-blocking technology. This is more user hostile crap, get it off my internet!
Otoh: ads do serve a purpose. Lots of ads equals low quality content in my experience. The more aggressive the ads, the worse the content. It's like websites are self-reporting their spamminess.
Some places get so strapped for cash that their content isn't even content, but thinly veiled low effort ad copy. I hardly trust online review articles anymore because they mostly focus on one new product by itself vs. in the context of a field of existing alternatives and are rarely critical these days.
Yeah, it's less and less "use ads to support the content creation", it's "write content to fill the void between the ads".
And yes, review articles are a similar problem. And another indicator: if the site has "stars" in the serps, i.e. provides "aggregate rating" as microdata, it's probably shit.
This page wouldn't display for me, even after disabling the CSS.
I don't care for this attempt at redefining what privacy is. I could go step-by-step with this article, but I don't care to. These cretins want to track people more and more and we're all asked to voluntarily make concessions for their benefit; I disagree.
I'll continue blocking JavaScript and performing almost all of my WWW browsing through Tor; I won't weep for these advertisers; they're owed nothing.
Now, if someone could come up with a privacy-preserving solution to advertisers quality assurance problem of buying advertisements on the internet, that would be big business.