blog: Don Marti


Browser privacy improvements and anti-fraud

20 July 2018

(I work for Mozilla. None of this is secret. None of this is official Mozilla policy. Not speaking for Mozilla here.)

The good news is that interesting competition among web browsers is back, not just because of ongoing performance improvements in Firefox, but also because of Apple Safari's good work on protecting users from some kinds of cross-site tracking by default. Now the challenge for other browsers is to learn from the Safari work and build on it, to even more accurately implement the user's preferences on sharing their personal information. According to research by Tini Sevak at YouGov, 36% of users are more likely to engage with adverts that are tailored to them, while 55% are creeped out by personalized ads. The browser has to get its data sharing settings right for the individual user, while minimizing the manual settings and decision fatigue that the user has to go through.

A short-term problem for sites, though, is that the current price for highly tracked ad impressions facilitated by cross-site tracking is way below the price of impressions delivered to users who choose to protect themselves. Tim Peterson, on Digiday, covers the natural experiment of GDPR consenters and non-consenters:

If an exchange or SSP declines to sign the agreement, it is limited to only selling non-personalized ads through DBM. Those generic ads generate less revenue for publishers than personalized ads that are targeted to specific audiences based on data collected about them. Some publishers that are heavily reliant on DBM have seen their revenues decline by 70-80 percent since GDPR took effect because they were limited to non-personalized ads, said another ad tech exec.

(‘It’s impossible’: Google has asked ad tech firms to guarantee broad GDPR consent, assume liability - Digiday)

In the medium to long term, better browser privacy settings will give an advantage to high-reputation sites for two reasons:

  • ads on high-value content have signaling value

  • users are more likely to share information with a site they trust

But in the short term, what can browsers do to help address the market dislocation from the user data crunch?

One possibility is to take advantage of an important side effect of browser privacy improvements: better anti-fraud data.

Today, unprotected browsers and fraudbots are hard to tell apart. Both maintain a single "cookie jar" across trusted and untrusted sites. For fraudbots, cross-site trackability is not a bug as it is for a human user's browser—it's a feature. A fraudbot can only produce valuable ad impressions on a fraud site if it is somehow trackable from a legit site.

As browser users start to upgrade to nightly releases that include more protection, though, a trustworthy site's real users will start to look more and more different from fraudbots. Low-reputation and fraud sites claiming to offer the same audience will have a harder and harder time trying to sell impressions to agencies that can see it's not the same people. This does require better integration with anti-fraud tools, so it's something sites and anti-fraud vendors can do in parallel with the brower release process.

Can the anti-fraud advantages of browser privacy improvements completely swamp out the market effects of reducing cross-site trackability? Depends on how much adfraud there is. We don't know.