
Privacy-Preserving Ad Click Attribution for the Web - sytse
https://webkit.org/blog/8943/privacy-preserving-ad-click-attribution-for-the-web/
======
friday99
This is such a weird proposal that I think indicates an unawareness of the
advertising industry. The reason the internet tracking industry exists is
entirely because the first party advertisers don't want to deal with
attribution or anything like that. They are only interested with selling their
product. They contract out to third party companies specifically to not have
to deal with those attribution issues. The reason those third parties have to
resort to tracking is because advertising fraud is rampant on the internet and
the first party advertisers want some assurance that they aren't just throwing
money away. In the traditional advertising world, they can see the ad on TV or
printed somewhere and know they aren't getting ripped off. There is absolutely
no assurance on the internet that anyone is seeing your ad. So this proposal
is saying that the advertiser should be in the business of assuring that their
ads are being seen and delivering value, but it still doesn't solve the
problem that the advertiser wants to be sure how many of their ads are being
seen. Advertisers are paying for the number of times and ad is shown not the
number of times it is clicked (this isn't the year 2000), so this proposal
gives the advertisers more work to do without actually solving their real
problem. I don't foresee any significant adoption of this proposal from
advertisers.

Now, if someone could come up with a privacy-preserving solution to
advertisers quality assurance problem of buying advertisements on the
internet, that would be big business.

~~~
gruez
> Advertisers are paying for the number of times and ad is shown not the
> number of times it is clicked (this isn't the year 2000),

aren't facebook and google ads cost per click rather than cost per impression?

~~~
jsonne
FB is CPM (Generally) Google is both depending on the ad product.

~~~
jklinger410
FB is not CPM, they charge for "reach" which is based on users, not
impressions. It's kind of unique.

~~~
jsonne
I'm sorry but this is false. They do charge based on CPM which is why they can
continue charging you for serving higher and higher frequencies to the same
audience. If they charged based on reach then once you went over frequency 1
they would stop charging correct?

~~~
jklinger410
>They do charge based on CPM which is why they can continue charging you for
serving higher and higher frequencies to the same audience.

They charge based on reach and will serve your ad to users as many times as
they want until they illicit a reaction. There is some proprietary algo at
work to determine how your spend gets distributed.

How do we know this? If my paid post gets a good response, it gets free
impressions. If my paid post gets poor response, it gets few impressions and I
get a warning about the post.

Facebook is incentivizing good content, and it's not charging you per
impression. Impressions definitely come into play, but what is more important
is users, frequency, and engagement. Unlike other platforms.

~~~
jsonne
I'm sorry but again no. Your rationale is due to organic sharing of the ad
rather than some sort of weird reach charging. Again if they were charging by
reach and I was hitting frequency 7 or something surely they couldn't keep
charging because those people have already been reached correct?

I'm well aware of the Facebook's algorithm that prioritizes ads with a higher
relevancy score (or rather the 3 categories of quality that they recently
replaced relevancy score with). They punish bad ads by artificially raising
CPMs and artificially lowering them for quality ads.

So once again, yes they are charging you by impression. They just also make a
distinction between paid impressions and earned impressions. Eg someone shares
your ad and their friends see it = earned impressions.

Here's a link where Facebook says they're explicitly charging you based on CPM
or CPC: [https://www.facebook.com/business/a/ad-
bidding](https://www.facebook.com/business/a/ad-bidding)

Relevant quote: "Depending on the type of bid you choose, you only pay for
clicks or impressions when you run ads. Your ads will be deployed evenly over
time, and you'll never be charged over your budget."

~~~
jklinger410
I think there is something nuanced here about my point that you aren't
addressing. I have served Facebook ads through both a secondary vendor and
through their interface. I can tell you with 100% certainty that my ads
through the second party vendor overdeliver impressions based on the response
rate of the ad. Unless my ad is complete garbage, I always get more
impressions than I have paid for.

That's right, I get free impressions if my ad (not boosted post) does better.

How else I know this is that their video completion rate when calculated by
impression is absolutely abysmal compared to other platforms. This is why they
don't address VCR in their own interface. They want the ability to serve your
ad however they see fit until there are results.

Also, I can ask Facebook to charge me only for plays, and you even alluded to
the fact that you can pay for engagement as well. This backs up my point that
Facebook will serve your ad as many times as it wants until it finds the right
user-ad fit.

That being the case, I go back to what I already said. Yes, impressions are
very important here, but they are not exactly what you are paying for. You are
paying for user reach and engagement.

"Your ads will be deployed evenly over time, and you'll never be charged over
your budget"

But your ads are usually served more than you ordered. Unlike other platforms,
where I only get exactly as many impressions as I pay for.

In a way it is similar to Adwords Quality Score for CPC.

~~~
jsonne
I think we're arguing semantics here. For context I also have bought FB
natively and through a DSP for about 8 years. The phenomenon that you're
referencing is what I was talking about with earned/organic impressions versus
paid impressions. I assume you're buying fixed cpm on your secondary vendor?
Again what is happening is people are sharing the ad or tagging people in the
comment section. Those would be earned impressions and would increase your
reach but that doesn't mean FB doesn't charge based on CPM. If I'm buying a
magazine ad and someone showed that magazine ad to their friend that doesn't
mean the magazine wouldn't still sell that ad slot on a CPM basis. I
understand why it would seem they would charge on a different basis than CPM
at first glance but I assure you that isn't the case. As for engagement and
video views completion that's all well and good but that's an optimization
option rather than a charging basis. By all means my job would be much simpler
though if Facebook only charged me on a conversion basis though haha.

I suspect we're at an impasse but you really should reconsider your position
and look at the nuance between earned/organic impressions you get from an ad
and paid impressions. As an aside one thing we do agree on is the abysmal
video completion rate.

~~~
jklinger410
I appreciate the conversation and will take another look into whether or not
my raw impressions for my ads are getting mixed in with organic impression
numbers.

~~~
jsonne
Appreciate the conversation as well, and if you find that I'm wrong please do
tell me! Always open to learning.

------
akersten
Can I get a "hell no"?

Why oh why would you want to normalize _anything_ about online advertising by
standardizing it as an HTML property? Why does anyone think it is the
browser's responsibility to support this?

If ad companies are having trouble "attributing their campaigns" or whatever -
that's tough? It's their responsibility to figure it out, not browser vendors,
who should be on the _user 's_ side here (c.f. _user_ agent).

This is a terrible idea, breaks the abstraction between markup and
application, and should definitely not be added to HTML standard.

~~~
lmkg
The context for this proposal is _NOT_ that, in a vacuum, ad-tracking is a
desirable feature of HTML.

The context for this proposal is Apple has already been rolling out privacy
protections for Safari and iOS, other players (like Big G) have had
complaints, and this proposal undercuts those complaints. It's a negotiating
tool, effectively.

Apple's privacy protections have made life harder for Google and other folks
in the advertising space. Apple has basically tried to make it hard or
impossible for anyone to stitch together user activity across different sites
and build a profile of that user.

Advertisers have complained about losing ad attribution, and that complaint is
legitimate. But, the existing techniques that are used to measure ad
attribution also allow a _excessive_ amount of additional data to be
collected. Arguably, the ad attribution angle is just a PR-friendly fig leaf
over what they're really worried about, which is user profiling.

So, Apple's counter-proposal: Here is a way to get ad attribution! Also, by
the way, it doesn't allow user profiling, but that's ok, right? Of course it
is. And now, ideally, we get to watch advertisers squirm as they try to come
up with outlandish attribution scenarios that justify the collection of
profiling data, while struggling to not admit what types of profiling they
actually do and what fraction of their valuation that comprises.

~~~
akersten
I still don't understand why Apple would be compelled to offer the olive
branch at all. Sure, advertisers have complained their business model is
getting harder - what motivates Apple to help fix that? What possible leverage
could advertisers even have? Apple doesn't need a negotiating tool if there's
nothing Apple wants from the advertisers, just block the nefarious tracking
and move on.

~~~
vkou
Apple wants something from advertisers. Money.

They want 2 billion in revenue from advertising by 2020.

They are testing the waters, and there's no doubt a faction within the company
that believes that in the long term, getting a slice of the firehose of ad
revenue is worth a small loss in revenue from opinionated anti-ads users[1]
leaving their ecosystem.

The best part about the Apple walled garden is that once ads become an
important part of their revenue stream, they'll be able to ban ad-blockers on
their platform.

[1] What are they going to do, switch to Android? Communicate by carrier
pigeon?

~~~
threeseed
So Apple is going to do a 180 and suddenly switch to being anti-privacy and
pro-advertising. Disable the Safari content blockers they only recently added,
end the advertising campaigns they just started using. And all for a tiny 1%
of their revenue ?

Privacy is a fundamental part of Apple's selling proposition and personal to
Tim Cook given that in many cases gay and other minorities are killed due to
privacy leaks.

~~~
craigsmansion
> Privacy is a fundamental part of Apple's selling proposition

From earlier today :

"Note: Though we cannot bring an official Tor Browser to iOS due to
restrictions by Apple"

([https://blog.torproject.org/new-release-tor-
browser-85](https://blog.torproject.org/new-release-tor-browser-85))

Money is the only part of Apple's selling proposition. It's nice they cater to
the privacy conscious for the time being, for the time being.

~~~
kalleboo
Here's the whole quote

> _Note: Though we cannot bring an official Tor Browser to iOS due to
> restrictions by Apple, the only app we recommend is Onion Browser, developed
> by Mike Tigas with help from the Guardian Project._

Your truncated quote makes it sound like Apple doesn't allow private Tor
browsing. There are other Tor browsers on the App store. What Apple doesn't
allow is third-party HTML renderers and JavaScript engines (Tor Browser is
based on Firefox)

------
the_gipsy
> The browser should act on behalf of the user and do its best to preserve
> privacy while reporting on ad click attribution.

I certainly have never _wanted_ my browser to report ad click attribution.

~~~
olliej
This spec literally defines a way of doing so without attribution - the
various confirmation mechanisms are all done using stateless and cookieless
network requests - all the site operator gets is confirmation that _someone_
did something.

The alternative is a browser breaking all the tracking mechanisms and then
getting blocked because it’s “blocking ads”.

This provides an API that allows ads to work, while also allowing a browser to
block all the tracking techniques currently being used.

That way web sites can have a revenue stream without gratuitously violating
their reader’s privacy.

~~~
the_gipsy
The spec is about doing attribution, literally. It makes the attribution
anonymous just to work around privacy advancements that have been adopted
recently.

Until browsers get blocked for being anonymous, this is never in the interest
of the user.

And if a site doesn’t work unless I turn off adblock / switch browser, then
it’s most likely bad on multiple levels.

~~~
cfarm
Agree. To add, if we accepted this as the attribution source of truth, there
would be large conflicts of interest from companies like Google who own an ad
network and also Chrome. They would basically claim all Adwords traffic is
awesome.

------
huac
> In plain English this report would say: 24 to 48 hours ago, some user who
> previously clicked shop.example’s ad campaign 55 on search.example,
> converted with data 20 on shop.example.

this, i suppose, assumes that the browser is active at the time, but at any
rate, it will screw with attribution windows pretty hard. advertisers will
definitely be very happy to now see conversion numbers which could have
happened at any time and are unverified

~~~
cfarm
Yes - this is one of the biggest issues in the proposal. Apple's browser will
be in charge of all the attribution logic. This could create very perverse
incentives for any browser company. For example, if Google wants to make their
ads look effective, they can use Chrome to mess with the attribution and no
one would know.

------
founderling
This seems totally absurd.

Clicks are not tracked via cookies but via urls. The search engine in this
example would send the user to
someshop.com/someproduct?clickid=7e82jv927x748342

They say _nothing_ about how they want to prevent this and other tracking
mechanisms. Yet, they propose an overly complex system to send even more data
to advertisers.

Also they do not say anthing about the _ip_ that their additional ping will
send out. I definitely do _not_ want my browser to communicate with an
advertiser days later and without my consent.

Also, click tracking is not even a big problem in the first place. Tracking
you wherever you _go_ is. Even if you do not click on any ads.

------
DevKoala
We track for targeting, not for attribution. I don't see any benefit for the
targeted individual or the advertiser coming out of this proposal. This
proposal only brings benefits for the parties on the publisher chain who now
have one more angle for committing fraud.

~~~
Despegar
Apple is banning targeting (ITP) and creating a privacy-preserving technology
to address the only legitimate interest of the ad-tech complex.

~~~
DevKoala
I am aware of ITP. There is no ad-tech without targeting. There are >50
million ad opportunities out there at any second, you need to target to
delivery the message to a proper recipient. Attribution is a bottom of the
chain problem, often problematic due to fraud.

~~~
megous
Sure there is still targeting, just target based on the site/page topic, not
based on the supposed user's profile.

~~~
DevKoala
Of course we do that. But then how do you validate that wasn’t a bot
generating a request trying to increase the publishers traffic? Do you trust
the publisher blindly? You need some sort of insight into the web request
other than a single integer counter claiming an impression occurred in order
to validate the individual.

Part of targeting is ignoring the fraud.

~~~
megous
You simply pay based on actual conversions from the ad. Then, click fraud is
made pointless.

~~~
DevKoala
That's not how the business model works. You pay for the impressions delivered
and the cost of the data used for targeting. If I get no conversions, who pays
Slate.com for the million of impressions that nobody clicked on?

------
olliej
Everyone keeps claiming that exact tracking is necessary, or that this is
ineffectual (as DNT).

It is clear that browsers are doing everything they can to prevent user abuse.
So let’s imagine they succeed.

Imagine what happens to the current advertising model if browsers completely
break cross origin tracking. That means you can’t link purchases to the
original ads, and so the compensation model no longer works at all.

This provides a mechanism to do the required attribution without also tracking
or compromising a user’s privacy. Without that, there isn’t a way for the
current ad model to work.

~~~
boomlinde
_> It is clear that browsers are doing everything they can to prevent user
abuse._

If that was true in general, my browser would block all cookies and all
content from third party domains by default. It would systematically misreport
Referer and User-Agent. It would disable APIs typically used for
fingerprinting. It would disable all redirect-through-advertiser links. All
managed by a simple and unintrusive whitelist (per first party, per third
party or temporarily for a whole browser session or for a site session) so
that you can opt in to these things where there is a legitimate use.

It isn't because it has a much greater interest in browsing being a seamless
experience and the web being a powerful application platform, and actual
privacy measures are buried in some configuration menu or in third party
plugins so that whiny power users can enjoy privacy while the unwashed masses
go about their browsing as though the web standards aren't completely messed
up from a privacy perspective.

 _> This provides a mechanism to do the required attribution without also
tracking or compromising a user’s privacy. Without that, there isn’t a way for
the current ad model to work._

Is that a good or bad thing?

~~~
olliej
Safari already segments cookies, storage, etc such that the ability to use
those to track people is limited. I see no reason to believe it’s not going to
continue making tracking harder.

The user agent string does not provide as much information as people seem to
believe.

Whitelists aren’t usable, and don’t work at scale.

The whole point of breaking tracking in general is so that the “unwashed
masses” get privacy. Every study and survey has found that users value their
privacy, but have been told (by advertisers and I assume you) that privacy is
dead, or that they cannot have the internet without it. It is absolutely not
something that just “power users” care about. It’s just power users are the
only ones who currently get any.

Finally, the attribution isn’t attributing to a specific user - the entropy is
heavily limited, the reporting is time delayed by a random amount, and is made
with a stateless session so there isn’t any way to directly tie it to a single
specific user, leaving just the IP address, which is now typically shared, and
frequently changes.

~~~
boomlinde
_> Safari already segments cookies_

You said browsers in plural, though.

* >The user agent string does not provide as much information as people seem to believe.*

How much information do people seem to believe that it provides?

 _> Whitelists aren’t usable, and don’t work at scale._

I don't need it to "work at scale". I need to be able to turn blocking off
occasionally. Also, "at scale" and "usable" are vague to the point of
meaninglessness. Why aren't they usable? What scale does a whitelist need to
work at that makes you say that it can't?

 _> Every study and survey has found that users value their privacy, but have
been told (by advertisers and I assume you) that privacy is dead, or that they
cannot have the internet without it. It is absolutely not something that just
“power users” care about. It’s just power users are the only ones who
currently get any._

That's my point exactly, because privacy isn't the browser vendors' top
priority, nor are they generally doing "everything they can" to improve it.
The standards don't even allow it.

 _> Finally, the attribution isn’t attributing to a specific user - the
entropy is heavily limited, the reporting is time delayed by a random amount,
and is made with a stateless session so there isn’t any way to directly tie it
to a single specific user leaving just the IP address, which is now typically
shared, and frequently changes._

"It's not so bad, really, for most users" is not the same thing as "browsers
are doing _everything they can_ to prevent user abuse."

Add, I don't know, User-Agent and Referer to the mix to more reliably track
different sessions on the same address. My address doesn't change frequently.
I'm on a temporary lease but when it expires I get the same IP again or at
least have since I started my account. This is not uncommon for a broadband
connection in my whole country.

If you consider tracking individual users' behavior for ads user abuse, let me
remind you that one of the largest perpetrators of that are working on their
own browser and regularly get a say in how the web works.

------
pspeter3
This is a really interesting proposal but I wonder if there can be more than
64 buckets. I understand that the goal is to prevent user tracking but that
number seems unnecessarily low.

~~~
tgragnato
Marketers don't want parameters to be tuned on them, I expected this reaction.
And as a user I dislike that this scheme relies on delaying reports,
obfuscation is not privacy if you can be deanonymized.

------
armagon
I guess the answer must be yes, but, do people actually do this? Click on an
ad and make a purchase right away?

~~~
friday99
No, that does not typically happen and advertisers know that. That is called
direct response marketing (think coupons in your free weekly newspaper) and is
basically the lowest form of advertising. Advertising is a broad field
including much more common forms of advertising such as brand awareness where
the goal is to make the consumer aware of the product so they will have it in
mind when they make their next purchase. Also remarketing, which everyone
hates on the internet, where the product follows you around trying to see if
you'll buy it again. For traditional advertising this is all the catalogs you
get in the mail for things that you have bought in the past. It's always odd
that most internet ad discussions try to turn all marketing into direct
response marketing.

~~~
CaveTech
It's hardly the lowest form of advertising. Direct response is massive. Think
of any time you've searched for something you intended to purchase. Killer
conversion rates. This is a way more tangible form of advertising than brand
awareness, because the impact of those campaigns is immeasurable.

It's also a way more practical way to buy ads, because you know exactly what
you're paying for and can measure your P&L in near realtime.

------
nerdjon
This is an interesting proposal...

While I am not super enthused about the idea of my browser being the one that
reports this data (Actively), due to the current state of ads on the web this
feels better than the alternatives.

We have already seen the effects of websites trying to get away with no ads
and switching to a paid model. How often do we see complaints from users of
sites like the Washington Post or the NYT that they can't read their news
article. For the most part, attempts to get money from uses (who are at this
point used to a "Free" web) has not seen great success. I would also argue
that every site turning into asking for money is very problematic for anyone
but the biggest players. Just saying that using ad blockers really is not a
solution, if everyone used ad blockers we probably start to see issues with
the available content on the internet.

I don't really know how I feel about this yet. It will be interesting to see
if Microsoft and Mozilla (I doubt Google will jump on this one, at least not
quickly) will get involved in this. If so, it might actually see some good
adoption.

~~~
IX-103
Advertisers (and most publishers!) are unlikely to agree to this proposal as
written. In particular the restriction that only the first party site can set
up campaign identifiers makes it difficult for anyone other than a major
publisher which already handles their own advertising (Facebook, Google, etc).
The fact is that most sites don't have a direct relationship with the
advertiser, so it just won't work for 90% of publishers.

~~~
zackbloom
If this is the only way they can get attribution on iOS devices, they won't
have much of a choice.

~~~
IX-103
I'm saying they can't get attribution from this unless they are a major
publisher. There's no choice there. This essentially means that bigger
companies (that do direct advertising) can make more than double the revenue
from ads as small companies.

Of course the small publishers could let the ads networks host their content
(in an iframe?) to recapture that revenue, but then we end up in a worse
privacy position -- as there only end up being a few hundred first party hosts
on the web that host all of the content and can track you with first party
cookies!

------
baybal2
But they still have IP correlatable with server logs with timestamps and
everything, plus you get a new client side DB what will be perked into by
every adware in existence.

The stated goal of untrackability by timestamp matching is simply not achieved
with just 12 to 24 temporal dithering for anything, but biggest websites on
the planet.

They say it is privacy preserving, then, 5m minute into the text it comes out
that it is nothing like that at all.

It is the next "do not track" header.

But to me it feels to be Apple's first "carrot and stick" step to chip away at
Google walled garden.

See: few month ago they launched both a ad cookie killer, and a 3rd party
cookie firewall by default. Clearly, there was a huge net loss of ad money
nearly momentarily, they clearly wanted it to be a surprise, to push ad
businesses into panic. Now they come with a stick: play our walled garden, and
you get your ad cookie back.

In other news, people were noticing that Apple was hiring senior Ad tech
people for quite some time now.

~~~
om2
I don't see how this proposal has anything to do with an Apple walled garden?
Nothing here special cases or favors Apple.

We welcome issues on possible limits of the privacy protections though.

~~~
baybal2
1\. If nobody will support this scheme other than Apple, then it is destined
to become another DNT.

2\. Apple become a gatekeeper for an AD revenue from Apple devices, being able
to "switch lights off" on anybody with a single browser autoupdate.

To any business person, it looks like a very clear ultimatum

~~~
olliej
What is the “switching the lights off” threat?

The comparison to DNT is not reasonable: DNT was a proposal the originated in
the ad industry in response to a government inquiry into their gross abuse of
consumers. It was positioned to head off actual regulation, despite all
browser vendors knowing it would not actually work.

The Ad industry killed DNT when they announced that they would no longer
recognize it (and were in fact using it for tracking) despite them positioning
it as the “solution” to their own abuses.

Once that occurred it became clear that the only solution is for browsers to
break all tracking directly. This is merely something that would allow the ad
ecosystem to still function in the absence of tracking.

This is the answer to (1) - it’s not a matter of advertisers adopting it, if a
browser vendor blocks tracking then advertising based on tracking is broken.
So all that happens is those users are not tracked, and also don’t produce
revenue.

------
lostmymind66
I never understood the anger for Ad companies tracking you.

Web content costs money to create and host. The alternatives are:

-Most content being paid -Ads we really don't want to see. Without some sort of user tracking, ads would just be random -Wealthy people will be subsidizing lots of content for political gain (a method of getting funding) -Many smaller companies get pushed out in favor of large corps and much more difficult for a startup to survive.

Pretty much all of these have happened to some degree in the last 5 years and
with the opposition to ads/many people installing ad blocking software, it's
only going to get worse.

~~~
olliej
The ads aren’t usefully targeted?

In the early days of AdWords the ads weren’t based on tracking but on page
content (much more useful IMO). Nowadays there is this bizarre belief that
somehow knowing everyone’s intimate details means your random context-free ad
will result in someone buying something.

The problem with the gratuitous tracking is that people cannot opt out of it.
I don’t have a FB account, I don’t go to Facebook.com, yet I know Facebook has
a profile built up because of those abusive like buttons.

Similarly if I go to an online store, and buy something, there is an
additional invisible tax I am being charged: the ads on the store pages feed
multiple ad networks my personal info. Despite me _literally_ paying them
money.

~~~
wstuartcl
Some things to note, attribution and identity also allow for things like ad
suppression or blanketing. If you have already bought the product or made
indications you are not interested and will not be converted it is very common
practice to suppress you from seeing those specific ads. Its also common to
blanket you with relevant ads given shown interest in a product or service.

Maybe it is fine to consider it a tax, another way to look at it is you are
being paid on content and access on various sites (including sites where you
make a purchase at a price that is fair for the product AND this information)
for your information.

Either way, if you want to jump ship from that arrangement -- it should be
just as protected that accessing that content is now a violation of TOS or a
liability to you that can be resolved with (at the site owners prerogative)
hard costs to you for that content or service.

~~~
olliej
My response is that (And this is a common refrain) adtech companies seem to
assume everyone is a collector in waiting.

One time I needed to buy a new washer+dryer. I did so, but I continued to get
aggressively targeted washer/dryer ads for months, maybe a year.

Similar for furniture.

I am not a closet deck chair collector, but adtech decided I was.

~~~
wstuartcl
And for that "pain" you retained access to the content/functionality on those
sites that presented those ads. It is super common to suppress users that have
seen a certain amount of blanket without interaction) as well so if you were
receiving those ads for months it is most likely a poorly performing media
team.

Arn't those ads that you will never click on but happen to be related to your
browsing context better than the ads you drive by every morning on the street?

Take all those sites you visit over a month, remove the ones you pay for
directly from the list. Those remaining ones are the sites that will not be
there without either ad support or direct charge.

~~~
olliej
For the first paragraph: I'm not saying no to ads, I'm saying know to wanton
abuse of my privacy to provide mistargeted ads when the whole point of that
abuse is to provide correctly targeted ads.

2nd paragraph: those ads leverage their context, better than modern "targeted"
ads. An ad for a tech product showing up on a tech site is more applicable
than a dishwasher. Likewise an ad for a dishwasher on a homeware review site
is better than an ad for a computer. The targeting is not providing anything
useful.

Final paragraph: you are making the argument that the abuse of privacy is
critical to the ad ecosystem, to the extent that in the absence of tracking
then the entire ecosystem collapses. This is demonstrably false: when AdWords
started it wasn't built on tracking and other such abuses of the end user, it
was based on the context of the page the ad is embedded in.

The problem we've got to now, is that the ad networks started pushing
"targeted" ads over non targeted to the extent that they have managed to
convince everyone that the tracking abuse is necessary.

~~~
wstuartcl
I guess I will leave it with this. You are looking at the issue from a certain
perspective. The counter perspective is that targeting and attribution were
severely lacking in AdWords and many other systems in the early days. The only
reason that was acceptable for brands spending 1MM -> 1B dollars on
advertising was that it was actively being extended and fixed (and there was a
naiveté/blind faith of early adopters). We are years and years into a system
that has grown over time to its current level by listening to market needs and
adapting.

The days of cast a blind net that can't be attributed or optimized are well
over -- those sites I asked you to consider will be very much hurt or gone if
marketers can't target specific segments anymore (the blind saturation spend
os not coming back).

------
skizm
Is there any reason bigger new sites don't just run ads like their paper
counterparts? Sell sections of the site directly B2B. The business provides a
static image, and the website shows that image for some amount of time for
some predetermined amount of money. The image would be hosted with the parent
site. They can target certain zip codes for more local ads, exactly like
newspapers. I'm assuming it is significantly less profitable?

~~~
mattklewis
This would have a similar effectiveness to advertising on linear TV today --
your ad reaches everyone who is tuned in (or visits the site), whether they
are in your target demographic or not.

This also wouldn't work on things like Google Adwords.

------
tareqak
I'm glad that this blog post starts off with the principles behind the design
of this technology because even if the specific design or implementation turns
out to be flawed there is something to go back to and refine. The principles
here seem similar to what a billboard ad or a paper ad effectively requires
i.e. engagement and conversion is the responsibility of the ad buyer.

------
driverdan
Here's a better solution: native ad blocking turned on by default. Far less
complex, far more effective.

------
mleonhard
This is excellent timing. Google & Facebook's lobbyists are trying to get a
weak US national law to overrule California's strong new privacy law. Apple's
proposal will help the few pro-privacy people in Congress to push for a
stronger national law.

------
vincent-toups
I care about privacy but I also just fucking hate ads and never want to look
at them. I don't even want them to exist and I don't want ad supported
business models to exist on the internet.

------
cfarm
This very much looks like browsers will be handling all the attribution for
ads. In this case it creates perverse incentives for companies who main own
ads businesses and also own browsers...

------
bjt2n3904
On the flip side, this makes identifying and blocking ads super easy.

~~~
contravariant
Which I reckon is, more than anything else on this page, why this is never
going to take off.

------
dillondoyle
This will never work. Just a few things off the top of my head:

\- tracked link must not be in an iframe, which is how basically all ads are
served

\- only 64 campaign_ids. what about tracking individual ads? i need to
optimize which ads perform the best, what targeting is converting, and more

\- delayed conversion POST, 7 day window. What if a user makes purchase and
then doesn't open safari again during the 7 day window? since POST is delayed
wont arrive. also what about 30d windows?

\- what about view conversions? and other non-last click attribution?

\- when combined with ITP, how do they propose updating audience/targeting? I
often see complains of people seeing retarget ads for products they already
purchased.

~~~
floatingatoll
Remember that ITP's goal is to break all tracking to begin with, so assuming
Apple successfully implements ITP to the degree they clearly intend to, this
proposal is built on the ground principles of:

\- no tracked link, iframe or not

\- no campaign ids

\- no conversion POST at all

\- no view converstions, no non-last-click attributions

In that scenario, is this proposal an improvement? It sounds like an
improvement. It's certainly more than the nothing that anyone will get from
Apple's users without it. They didn't have to throw anyone a bone here, and
they're going to take massive flak from a few users for doing so at all.

I imagine Apple would be thrilled if advertisers chose the destruction of the
tracking-based advertising industry over using this offering. Perhaps
advertisers will learn from the music industry's experiences trying to bury
their head in the sand re: iTunes and pay attention and participate in
designing this system. Perhaps they will not.

~~~
dillondoyle
There are still ways to do conversion tracking with ITP, mostly moving to
first party cookies and I wouldn't be surprised if we see a return of server
side tracking like old Urchin so google & FB can store http only secure
cookies that are indistinguishable from login/session cookies

If the goal is to stop all tracking why create this (bad) plan in the first
place?

~~~
floatingatoll
The server-side tracking you describe would instantly be corrupted by massive
site fraud, as removing the intermediary of the browser from the measurement
of “views” would compel people to fake up Apache logs to prove the views they
want to be paid for.

The goal is to stop the tracking of individuals by advertisers, _without_
stopping the tracking of ad views by advertisers.

~~~
dillondoyle
the goal you just mentioned will not be accomplished with what this proposes.

I'm also not as sure as you are that server side ads identity management would
be any different than the existing arms race with measurement of measurement
meta-ness.

client facing JS is messed with all the time already as well. monkey patching
etc. trying to detect monkey patching, toString prototype
toStringMetaMeasurement bs etc it will always be a fraud arms race.

to me buying ads is about finding more trust and verifying when possible,
obviously any system will be gamed but I'd trust the NYTimes would not mess
with FBs server side npm package. and it would make it a lot harder for safari
to block when the login session cookie IS the identity cookie FB uses

------
JohnFen
Interesting. I'm not terribly enthralled by or trusting of the idea, but it
does seem to be a little less terrible than what we have right now.

~~~
JoshTriplett
What we have right now is ad blockers, and they work far better.

~~~
guipsp
Who does it work for far better? Because quite a lot of the Internet couldn't
exist in its current state without ads.

~~~
pavel_lishin
There's a fallacy in your argument, but I don't know what it's called.

Just because we got here via ads, doesn't mean we couldn't have gotten here
without them. And that's even assuming that where we currently are is an
optimum state we should shoot for.

~~~
mostindeededly
Furthermore, it misses that we might be somewhere _better_ than here had we
not had ads. (I'm not saying it's a foregone conclusion, just one of many
possibilities not mentioned.)

~~~
asdff
It's fun to think about how it could have all been different. No more sites
designed to game search result rankings, designed to waste your time to
maximize eyeballs on ads, designed to keep you on the site in a garden instead
of surfing the web.

ISPs should have bundled hosting with internet access. Give everyone the
possibility to generate their own site. It would be like a large insurance
pool where your monthly bill might subsidize the costs of hosting another user
who's site gets millions of views, just like how your monthly insurance
premium ultimately covers the salary of someone else's surgeon, nurses,
anesthesiologists, and keeping the lights on in the operating room. You can
still ask for donations or even paid subscriptions if you wanted a well off
full time staff.

Instead, we leaned on advertisers to fund our websites, middle men working
tirelessly to come up with new ways to extract comfortable profit out of the
system. Leeching resources that could have otherwise gone straight to the
publisher had we designed the internet to be a little more federalized, a
little more universal, with the costs shared among the users of the internet
who are already paying for access anyway.

------
z3t4
Just append ?campain=55 to the href

------
hamilyon2
I think this scheme is too fraud-friendly to be true

------
bitwize
Bahahahaha. Advertisers make more money the less privacy you have. Talk about
a technical solution to a social problem.

------
verisimilitudes
This page wouldn't display for me, even after disabling the CSS.

I don't care for this attempt at redefining what privacy is. I could go step-
by-step with this article, but I don't care to. These cretins want to track
people more and more and we're all asked to voluntarily make concessions for
their benefit; I disagree.

I'll continue blocking JavaScript and performing almost all of my WWW browsing
through Tor; I won't weep for these advertisers; they're owed nothing.

