As I write these words, my fiancée and I are just a few weeks away from our wedding day. We’ve been planning the big event for months now, dutifully pushing through a thicket of caterers, photographers, bands, and too many other vendors to mention. And while we’ve been making the rounds online to pore over reviews and double-check details, advertisers have been triangulating our movements.
It started after a few visits to some of the major event planning sites. Just like that, wedding ads were trailing us around the internet. I like to imagine after those first couple of clicks, an algorithm twitched deep inside a server farm somewhere, and a virtual klaxon sounded: “Valuable demographic identified! Unleash the targeted ad barrage!”
It didn’t matter that we weren’t clicking these ads, or that they had nothing to do with the content of most of the sites we were seeing them on. Thanks to tracking cookies, advertisers knew we were there, knew we’d been looking at wedding stuff, and damnit, they were gonna sell us wedding stuff whether we liked it or not. It was like being stalked by a carnival barker, but without the sharp-looking suit.
From patch to clearinghouse#section2
Mozilla recently mounted an effort to rein in these kinds of shenanigans. Brendan Eich announced their plan to roll out a Firefox patch to block third-party cookies by default, mirroring something Safari has done since day one. It may not sound like much, since just about every other major browser offers the same functionality. But those browsers require users to manually adjust their settings to enable it.
The ad industry, to borrow some of their own hyperbole, exploded. Third-party cookie blocking effectively shuts down the most common method advertisers use to track consumers across sites. Safari might be a lost cause to them, but with about 20 percent of the browser market, Mozilla has their attention. The fear that other browser makers might follow suit is palpable.
After some very public criticism, Mozilla decided not to roll out the update. Instead, they announced a new approach: the Cookie Clearinghouse.
Launched under the aegis of Stanford’s Center for Internet and Society, the Cookie Clearinghouse is comprised of three simple things: a whitelist, a blacklist, and an advisory board. Its members will compile those lists to identify third-party cookies that shouldn’t get blocked (the “accept-list”) and those that should (the “block-list”). The lists can be combined with existing cookie controls to make browsers more savvy.
It’s not just for browser makers, though. The Clearinghouse lists will be publicly available to plug-in makers, app builders, or anyone else who wants to use them. It’s still early in the project’s development, so plenty of decision-making details are still being worked out. As of right now, no browser maker—not even Mozilla—has committed to using the lists in a public release, a “wait and see” stance the Cookie Clearinghouse’s leadership is encouraging.
A self-regulating industry?#section3
As with the Firefox patch, the ad industry responded to the Cookie Clearinghouse announcement with vocal opposition—and a healthy dose of name calling. They’ve cast it as a fight over their right to advertise, rather than an effort to thwart unwanted tracking.
Not surprisingly, Mozilla and the Clearinghouse see it differently. In an interview for this piece, the CCH’s new director, Aleecia McDonald, responded unequivocally, “The Cookie Clearinghouse approach does not block ads.” She continued, “The ideal online experience lets privacy-concerned users protect their privacy, and lets users who want a richly customized online experience gain those benefits. Rather than either/or, we are trying for both/and.”
Advertisers aren’t satisfied.
“Cookie blocking isn’t a good proxy for consumer choice,” Mike Zaneis contended when I spoke with him. He’s the public policy chief and general counsel at the Interactive Advertising Bureau, a lead industry group. (You may know them for their ad sizes.)
When asked what is a good proxy for consumer choice, he pointed to the industry’s self-regulatory efforts. Those largely take the form of public service ads (the “ad choices icon program”) and the Digital Advertising Alliance website, where users can opt out of online tracking by setting a DAA “opt-out” cookie. The irony of using ads to educate people about ads and cookies to opt out of cookies aside, is the industry’s approach working?
Zaneis cited statistics that 20 million US users have visited the DAA site in the last 18 months, presumably arriving via those public education ads and related searches. When you consider that’s a fraction of the traffic many major ad-driven sites see in monthly traffic, let alone 18 months, that doesn’t bode too well.
In those same 18 months, the site received two million US opt-outs, with about 20 pecent of the users who landed on the opt-out page completing the form successfully. Zaneis pointed to these numbers to justify the IAB’s assertion that consumers already have robust options for controlling how they’re tracked online. Furthermore, he said the low opt-out rates signal that consumers are satisfied with the current situation.
But where the IAB sees validation, plenty of user experience pros would see failure. Beyond issues with low awareness, the site’s opt-out process isn’t exactly straightforward. Users are required to wade through lists of ad networks, individually selecting each one they want to opt out of. (I was presented with 115 possible ad networks, 71 of which, I was helpfully informed, were “customizing ads for my browser.”) Most of the networks are unrecognizable to the average user (DataXu? Acxiom?) let alone easily associated with the sites they came from.
Right now there’s no definitive repository where consumers can find out which major advertising network is tracking what, or exactly how that information is being used. The DAA site certainly isn’t filling that role. And compliance is all over the map. When receiving requests not to track, some companies delete a user’s information, while others continue to track but simply don’t display targeted ads.
Do good and make money#section4
Advertising is a reality of the web, funding some of its biggest ventures. The holy grail of advertising is showing the right ad to the right person at the right time. Behavioral tracking is one possible path to that trifecta.
But it can’t happen without the willing participation of consumers. It needs to be done in a way that’s transparent, and it needs to provide easy ways for those of us who want to opt out to do so. In McDonald’s words, “There is an opportunity here to do good and make money at the same time.”
Instead of stubbornly rejecting anything less than a status quo of opaque self-regulation, the ad industry needs to come to the table, or risk being shut out by consumers and technologists alike.
Well, if nothing else, this article reminded me to turn off 3rd party cookies and set Do Not Track.
Why not ask users about these settings when the browser is first installed? That way the decision is put in the hands of the users, preventing all this back-and-forth about default settings.
Why aren’t you using an ad blocker? Anyone smart enough to know what a third-party cookie is surely wouldn’t ever click on an and should know enough about browser security to know how common zero-day exploits are. (And with this talk about ads, hopefully you know enough about how the ad industry works to realize that ad syndication is so widespread there’s no way any ad company can keep malicious ads off their networks.)
“The opt out functionality of this page requires that your browser allow third party cookies.”
It’s a trap!
Love the buzzy-ness of this sentence: “users who want a richly customized online experience gain those benefits.”
Oh the joy and benefits of having my web decisions identify me as a target audience.
“Instead of stubbornly rejecting anything less than a status quo of opaque self-regulation, …”
Just about everything bothersome in this era is holding tight to this.
The only problem with reigning in advertising on the web, is that the “free” web is powered by this advertising. It may be annoying, in the same way that I can’t skip commercials when watching live TV, but it is also necessary for most websites to exist.
Without this advertising revenue many of the most popular sites would not survive.
Disclosure: I work for a company that is a major player in this kind of tracking. It is a big sell to our customers to be able to do this. We don’t do the advertising per se, but we do use cookie tracking to provide detailed analytics to our customers.
@Bill: Nothing in the piece is intended to suggest advertising on the web is unjustified or shouldn’t exist. What *is* stated is that consumers should have clear, readily-available options for opting out of new, more invasive tracking practices.