blog: Don Marti


another omission

07 September 2018

(I work for Mozilla. None of this is secret. None of this is official Mozilla policy. Not speaking for Mozilla here.)

Johnny Ryan writes, in ePrivacy: Over-regulation or opportunity?

[A]n ad tech lobby group called ‘IAB Europe’ published a new research study that claimed to demonstrate that the behavioural ad tech companies it represents are an essential lifeline for Europe’s beleaguered publishers....the report claimed that behavioural advertising technology produces a whopping €10.6 billion in revenue for Europe’s publishers.

Surely, the ad tech lobby argued, Parliament would permit websites to use “cookie walls” that force users to consent to behavioural ad tech tracking and profiling their activity across the Web. The logic is that websites need to do this because it is the only way for publishers to stay in business.

We now know that a startling omission is at the heart of this report. Without any indication that it was doing so, the report combined Google and Facebook’s massive revenue from behavioural ad tech with the far smaller amount that Europe’s publishers receive from it.

The IAB omitted any indication that the €10.6 billion figure for “publishers” revenue included Google and Facebook’s massive share too.

That's not the only startling omission. The most often ignored player in the ePrivacy debate is adtech's old frenemy, the racket that's the number two source of revenue for international organized crime and the number three player in targeted behavioral advertising—adfraud.

And ePrivacy, like browser privacy improvements, is like an inconveniently placed motion detector that threatens to expose fraud gangs and fraud-heavy adtech firms.

The same tracking technologies that enable the behavioral targeting that IAB defends are the tracking technologies that make adfraud bots possible. Bots work by visiting legit sites, getting profiled as a high-value user, and then getting tracked while they generate valuable ad impressions for fraud sites. Adfraud works so well today because most browsers support the same kind of site-to-site tracking behavior that a fraudbot relies on.

Unfortunately for those who perpetrate fraud, or just tolerate it and profit from it, browser privacy improvements are making fraud easier to spot. Changes in browsers intended to better implement users' privacy preferences (as Ehsan Akhgari explains in On leveling the playing field and online tracking) have the helpful side effect of making a human-operated browser behave more and more differently from a fraudbot.

And regulations that make it easier for users to protect themselves from being followed from one site to another are another source of anti-fraud power. If bots need to opt in to tracking in order for fraud to work, and most users, when given a clear and fair choice, don't, then that's one more data point that makes it harder for adfraud to hide.

Publishers pay for adfraud. That's because adfraud is no big secret, and it's priced into the market. Even legit publishers are forced to accept a fraud-adjusted price for human ad impressions. I'm sure that not every adtech firm that opposes ePrivacy or browser privacy improvements is deliberately tolerating fraud, but opposing privacy regulations and privacy technologies is the position that tends to conceal and protect fraud. That's the other omission here.

What Apple’s Intelligent Tracking Prevention 2.0 (ITP) Means for Performance Marketing

Who left open the cookie jar? A comprehensive evaluation of third-party cookie policies

Why we need better tracking protection

GDPR triggers many European news sites to reassess their use of third-party content


GDPR: Getting to the Lawful Basis for Processing

If you haven’t already switched to Firefox, do it now

The Long Goodbye (To Facebook)

Changing Our Approach to Anti-tracking

Policing third-party code is essential to digital vendor risk management

War reporters like me will cease to exist if the web giants aren’t stopped | Sammy Ketz