Federated paywalls and consent bits
29 July 2018
Today’s web advertising is mostly a hacking contest. Whoever can build the best system to take personal information from the user wins, whether or not the user knows about it. Publishers are challenging adfraud and adtech hackers to a hacking contest, and, no surprise, coming in third.
The near future of web advertising is likely to be much different.
Mainstream browsers, starting with Apple Safari, are doing better at implementing user preferences on tracking. Most users don't want to be "followed" from one site to another. Users generally want their activity on a trusted site to stay with that trusted site. Only about a third of users prefer ads to be matched to them, so browsers are putting more emphasis on the majority's preferences.
As users get the tools to control who they share their information with (and they don’t want to leak it to everyone) then the web advertising business is transforming from a hacking contest into a reputation contest. The rate-limiting reactant for web advertising isn't (abundant and low-priced) user data, it's the (harder to collect) consent bits required to use that data legally. Whoever can build the most trustworthy place for users to choose to share their information wins. This is good news if you're in the business of reporting trustworthy news or fairly compensating people for making cultural works, not so good news if you're in the business of tricking people out of their data.
Federated paywall systems are not just yet another attempt at micropayments, but also have value as a tool for collecting trust. The user's willingness to pay for something is a big trust signal. A small payment to get past a paywall can produce a little money, but a lot of valuable user data and the consent bits that are required to use that data.
The catch is to figure out how to design federated paywalls so that the trusted site, not the paywall platform, captures the value of the data, and so that the platform can't leak or sell the user's data consent outside the context in which they gave it. In the long run, a consent system that tries to hack around user data norms to rebuild conventional adtech is going to fail, but not before a lot of programmers lose a lot of carpal tunnels on privacy vs. anti-privacy coding, and a lot of users face a lot of frustrating consent dialogs. Browser improvements and court cases will filter deceptively collected consent bits out of the system.
Consent bits are a new item of value that needs new rules. The web ad business is not going to be able to sell and and sync consent bits the same way that it handles tracking cookies now. Consent bits are not a "data is the new oil" commodity, and can really only move along trust networks, with all the complexity that comes with them. New tools such as federated paywalls are an opportunity to implement consent handling in a sustainable way.