blog: Don Marti


Consent and bots

02 February 2019

Two kinds of web clients who it's a bad idea to serve a third-party resource to:

  • Users who have not given consent. We know we can't use their data. But third parties can peek at those users because their tracking script or pixel is on the page. If the first party can't have that data why should the third parties get it?

  • Adfraud bots. Bots come to visit legit sites to build up realistic-looking cookies so they can cash out elsewhere. Bad idea to help them.

Consent management requires some interaction with the user, which is also an opportunity to collect data for assigning a botness score.

Bots will also try to appear to be visitors who have already given consent, and go get the third-party resources anyway. This is an interesting problem because it's a game where the bot and the third party are on the same side, and the site is on the other. Impossible for the CMP to block the bot connection to the third party, but is it possible to show that consent was not in place when that connection happened? Understanding the provenance of the consent string is going to be important. An extra cookie containing a digital signature for the consent string?

New CMPs will have an opportunity to build on knowledge gained from regulator reactions to first-generation CMPs. But it's more interesting to think about sustainable advantage for the site than just about regulatory future-proofing. For example, a good consent management platform will also tie in to an objection management platform/opt-out management platform.Objection management platform and opt-out management platform both work out to OMP—anybody using that TLA?

People ask about whether consent records obtained by conventional CMPs are even good. (Risks in IAB Europe’s proposed consent mechanism | PageFair) The first-generation click OK to make this dialog go away and consent to everything UX is unlikely to last, but what's next?

  • Design the CMP to work in the interest of the CMP customer, not third parties.

  • Understand the (painful, because anything touching the CMS is painful) changes involved in taking 3rd parties out of the page template entirely when the page is going to a no-consent user. No peeking!

  • Future-proof consent workflow to allow for adjusting for regulatory changes (boring) and revenue or data opportunities (fun)

  • Integrations: objection/opt-out mangagement, single sign-on, paywalls, in-browser/in-extension consent mangement.

  • And of course, get out in front of coming browser privacy improvements. Need an open-source strategy including participation in browser and extension projects.

The White Flight From Football

Move over, Vantablack: You can now buy the world’s blackest black paint

Study: Deactivating your Facebook account is good for your mental health

Modern Weather Forecasts Are Stunningly Accurate

What can we learn from the downfall of Theranos?

Do they have work/life balance? Investigating potential employers with GitHub

New research says secondhand Legos are surprisingly valuable

No one knows why non-existent bands have started showing up on Spotify playlists

Conversations with execs at the World Economic Forum reveal that many are racing toward automation to stay ahead of competition regardless of impact on workers (Kevin Roose/New York Times)

Miriam Avery: Mozilla Fosters the Next Generation of Women in Emerging Technologies

More Than 70 U.S. Health, Consumer and Other Groups Demand Elimination of NAFTA 2.0 Terms That Would Lock in High U.S. Medicine Prices

Elsevier journal editors resign, start rival open-access journal

The extraordinary therapeutic potential of psychedelic drugs, explained

Exclusive: WeWork rebrands to The We Company; CEO Neumann talks about revised SoftBank round

A masterpiece of ancient data viz, reinvented as a gorgeous website: An illustrated edition of Euclid’s Elements from 1847 gets updated for the web.

IQ is largely a pseudoscientific swindle

What made solar panels so cheap? Thank government policy.

As digital media companies brace for change, unions try to cushion the blow

This is the architecture trend that needs to die in 2019

Opinion: Cure ‘futures’ offer a way to pay for million-dollar medicines