Browser privacy improvements and anti-fraud
20 July 2018
(Update 18 Aug 2018: Fix an error to be consistent with the source quoted.)
(I work for Mozilla. None of this is secret. None of this is official Mozilla policy. Not speaking for Mozilla here.)
The good news is that interesting
competition among web browsers is
just because of ongoing performance improvements
in Firefox, but also because of Apple Safari's
good work on protecting users from some kinds of
cross-site tracking by default. Now the challenge
for other browsers is to learn from the Safari work
and build on it, to even more accurately implement
the user's preferences on sharing their personal
information. According to research by Tini Sevak at
36% of users are
more likely to engage with
adverts that are tailored to them, while 55% are
creeped out by personalized ads. The browser
has to get its data sharing settings right for the
individual user, while minimizing the manual settings
and decision fatigue that the user has to go through.
A short-term problem for sites, though, is that the current price for highly tracked ad impressions facilitated by cross-site tracking is still way above the price of impressions delivered to users who choose to protect themselves. Tim Peterson, on Digiday, covers the natural experiment of GDPR consenters and non-consenters:
If an exchange or SSP declines to sign the agreement, it is limited to only selling non-personalized ads through DBM. Those generic ads generate less revenue for publishers than personalized ads that are targeted to specific audiences based on data collected about them. Some publishers that are heavily reliant on DBM have seen their revenues decline by 70-80 percent since GDPR took effect because they were limited to non-personalized ads, said another ad tech exec.
In the medium to long term, better browser privacy settings will give an advantage to high-reputation sites for two reasons:
ads on high-value content have signaling value
users are more likely to share information with a site they trust
But in the short term, what can browsers do to help address the market dislocation from the user data crunch?
One possibility is to take advantage of an important side effect of browser privacy improvements: better anti-fraud data.
Today, unprotected browsers and fraudbots are hard to tell apart. Both maintain a single "cookie jar" across trusted and untrusted sites. For fraudbots, cross-site trackability is not a bug as it is for a human user's browser—it's a feature. A fraudbot can only produce valuable ad impressions on a fraud site if it is somehow trackable from a legit site.
As browser users start to upgrade to nightly releases that include more protection, though, a trustworthy site's real users will start to look more and more different from fraudbots. Low-reputation and fraud sites claiming to offer the same audience will have a harder and harder time trying to sell impressions to agencies that can see it's not the same people. This does require better integration with anti-fraud tools, so it's something sites and anti-fraud vendors can do in parallel with the brower release process.
Can the anti-fraud advantages of browser privacy improvements completely swamp out the market effects of reducing cross-site trackability? Depends on how much adfraud there is. We don't know.