07 September 2018
(I work for Mozilla. None of this is secret. None of this is official Mozilla policy. Not speaking for Mozilla here.)
Johnny Ryan writes, in ePrivacy: Over-regulation or opportunity?
[A]n ad tech lobby group called ‘IAB Europe’ published a new research study that claimed to demonstrate that the behavioural ad tech companies it represents are an essential lifeline for Europe’s beleaguered publishers....the report claimed that behavioural advertising technology produces a whopping €10.6 billion in revenue for Europe’s publishers.
Surely, the ad tech lobby argued, Parliament would permit websites to use “cookie walls” that force users to consent to behavioural ad tech tracking and profiling their activity across the Web. The logic is that websites need to do this because it is the only way for publishers to stay in business.
We now know that a startling omission is at the heart of this report. Without any indication that it was doing so, the report combined Google and Facebook’s massive revenue from behavioural ad tech with the far smaller amount that Europe’s publishers receive from it.
The IAB omitted any indication that the €10.6 billion figure for “publishers” revenue included Google and Facebook’s massive share too.
That's not the only startling omission. The most often ignored player in the ePrivacy debate is adtech's old frenemy, the racket that's the number two source of revenue for international organized crime and the number three player in targeted behavioral advertising—adfraud.
And ePrivacy, like browser privacy improvements, is like an inconveniently placed motion detector that threatens to expose fraud gangs and fraud-heavy adtech firms.
The same tracking technologies that enable the behavioral targeting that IAB defends are the tracking technologies that make adfraud bots possible. Bots work by visiting legit sites, getting profiled as a high-value user, and then getting tracked while they generate valuable ad impressions for fraud sites. Adfraud works so well today because most browsers support the same kind of site-to-site tracking behavior that a fraudbot relies on.
Unfortunately for those who perpetrate fraud, or just tolerate it and profit from it, browser privacy improvements are making fraud easier to spot. Changes in browsers intended to better implement users' privacy preferences (as Ehsan Akhgari explains in On leveling the playing field and online tracking) have the helpful side effect of making a human-operated browser behave more and more differently from a fraudbot.
And regulations that make it easier for users to protect themselves from being followed from one site to another are another source of anti-fraud power. If bots need to opt in to tracking in order for fraud to work, and most users, when given a clear and fair choice, don't, then that's one more data point that makes it harder for adfraud to hide.
Publishers pay for adfraud. That's because adfraud is no big secret, and it's priced into the market. Even legit publishers are forced to accept a fraud-adjusted price for human ad impressions. I'm sure that not every adtech firm that opposes ePrivacy or browser privacy improvements is deliberately tolerating fraud, but opposing privacy regulations and privacy technologies is the position that tends to conceal and protect fraud. That's the other omission here.