We may be in the middle of a process of redesigning how the web economy functions. Considerations include web advertisements. Such works involve many actors. Some big platforms. Some web browser vendors. Some ads companies, with a modest list of analysts or researchers keeping a close eye. I believe it’s worth providing some context that today may be difficult to know for most.
While some of the latest proposed changes are closely related to the so-called Privacy Sandbox (by “Google”), many other proposals from other parties are on the table. As of now, nothing appears to be set in stone. Nothing is finalised or standardised. Standardisation is a crucial aspect since most of the works that count revolve around the W3C as the venue for discussions. These changes would impact how the web platform would work. This may be important to many. Last I checked, the number of internet users is approaching 5 billion people.
Redoing web ads?
Today, proposals to reimagine the web economy (or “advertising” or “advertising without tracking” or so on…) are considered seriously because of the imminent privacy-related changes. Web browsers increasingly remove access to or support for third-party cookies. This makes ‘profiled’, ‘behavioral’, and similar ads difficult to ‘use’ by advertisers. This is a significant challenge for those in the ads technology field. One that requires some quite big thinking.
Plenty of proposals want to be the ultimate solution. Some say that eradicating existing models entirely is fine, ‘doing nothing’ (which would maybe amount to the limitation to contextual advertising with no ability to profile). This is not the subject of this analysis, which instead is focused on the few of the proposed privacy-enhanced (with respect to today’s) ads systems: Turtledove (from Google Chrome, those behind the web browser), Sparrow (from Criteo, an advertisement company), Dovekey (from Google Ads, those behind advertisements). All of them differ greatly in comparison to today’s ecosystem. They aim to be the proposed designs for the web ecosystem without third-party cookies. Those proposing typically motivate the proposals with “improving privacy” and at the same time with the intention to "uphold the current income source for websites" (that is, from ads).
In simple words, Turtledove proposal includes two uncorrelated requests - for contextual ads and ‘interest-based ads’. All the logic of picking the ad for display is executed on the user’s device, the web browser. Such a system aims to be not based on cross-site tracking (where the advertiser is ‘following’ the user on the web). Such a system gives big powers to the user’s device, to the web browser. This system is also totally different from the one existing today. It puts today’s online ads on its head. This is maybe still seen as potentially too radical - as a problem - to some in the web ads business (not speaking of competition space here).
Why to trust trust
So competing proposals like Sparrow or Dovekey advocate for changing this model by not placing the user’s web browser at the center. They introduce concepts of ‘trusted servers’ that execute some algorithms to mediate the content of ads that should display on the user’s device. This ‘simplification’ introduces many problems. To what extent is trusting trust possible? Who should trust such a server, except the advertisers? Why should ‘trusted servers’ be ‘trusted’? Why should 'trusted' entity be trusted? Why should the people involved in such an entity trusted? All of these questions are without answers.
Third-party cookies will disappear anyway
One thing the changes have in common is that things would work completely differently from what we have today. While the motivation for serious consideration of such proposals is the privacy trends and the removal of third-party cookies, I feel that one piece is missing from the discussions.
The missing link
I want to stress a pretty remarkable missing aspect. The today-discussed proposals for privacy-improved digital advertising appear to be rooted in the past academic privacy research of privacy-preserving ads systems. Even if this is not said aloud. I find it striking that research concepts explored in the previous (the 2010s) decade suddenly come to great importance and are treated seriously. After years of neglect. In a sense, those early proposals were ahead of their time. The reason they could not gain interest was that they had to be accepted, standardised, and deployed broadly by web browser vendors. This did not happen. No incentive existed. So while the proposals could still be accepted to academic research conferences as they explored some potentially interesting ideas, they could never function in practice. The ecosystem was hostile to changes. This is no longer so today. Today changes are inevitable.
On-device computing and privacy
Web browsers have a really privileged position. They have direct access to the user’s web browsing history (such web browsing history is very sensitive data). Therefore they can potentially profile the user even better than the advertising networks themselves. If one could compute on the user’s device in a way making everything stay on the user’s device/computer this would be quite privacy-preserving (at least data-wise) with respect to today. Microtargeting is another challenge recently even hitting top level policymakers, but we also set it aside.
Let’s have a quick look at this distant past.
Architectures to replace advertising infrastructures with privacy-supported systems proposed profiling (and targeting ads) on the user’s device (i.e. in the web browser) quite early. Adnostic (2010) is a very good example of a system designed (and hoped) to reconcile privacy with targeting profiled ads. Profiling and targeting were prototypically solved by a browser extension.
When serving advertisements, this system sent a query for a certain number of advertisements, locally deciding on the user’s device which ads were supposed to be displayed.
Incidentally, this (as other details...) is similar to 2020's proposals of Google's Turtledove! Did it play a role of a template (not officially mentioned) to some degree? We don’t know. It may be that the work has been simply forgotten and the solution re-invented. But I find it curious that the old system is not mentioned at all, assuming there was knowledge of it (and I would be surprised if there was no knowledge of this system by the creators).
Without a doubt, the lack of native support in web standards and browsers was the biggest disadvantage of this proposed approach and this determined its niche and unsuccessful fate (assuming that Turtledove is not its reincarnation, which would, admittedly, mean that the proposal was a success in the end).
This work contains a very interesting thought: “Providing a privacy-preserving option would enable sites who care about user privacy to serve ads. For example, sites like Alcoholics Anonymous (aa.org) currently serve no ads”.The authors considered that advertising systems with privacy could operate on a larger scale than today. Including on sensitive sites.
Another work (2011) considered a slightly more complicated system, though the operations and ads targeting were still done on the user's computer (the ads auctions themselves are held on the server-side). This solution proposed the use of proxy servers to anonymize the user's IP address. An important observation is also formulated: “The most privacy-preserving way to disseminate ads would be for the broker to transmit all ads to all clients. In this way, the broker would learn nothing about the clients".
Another theorised approach is noteworthy because of the inability of its deployment. This system considered the use of a specialized coprocessor on the ad broker side. As an analogy - perhaps it would be close to the 'trusted servers’ ideas from Dovekey / Sparrow proposals (of 2020, as mentioned above). Solutions requiring users to have separate hardware coprocessors are impractical. But the impactful idea here was to use some sort of “trusted” component. Nobody could be interested in such a system in the predatory-ads days of the early 2010s.
One later work considered the possibility of retargeting (within the real-time bidding systems) in a manner not involving the tracking of users. The proposed solution was based on on-device profiling of users. The proposed system again exhibits some similarities to Turtledove. Profiling is performed locally on the user's device. The character of the advertisement (a kind of score) is sent to the user, the selection (calculations) takes place locally. The big weakness of this system is the need to use a trusted coprocessor.
To sum it up
There is a historical background behind today's ideas for improving the privacy of ads systems. Research in this field has become much less popular in recent times. Getting a paper to a journal or a conference is difficult, and this is typically the aim of academic research. “Privacy-preserving ads” apparently is/was considered a “solved” problem, academically, long before anyone cared in practical terms. It is amusing that solutions appearing to be rooted in the ideas of the past are gaining traction today. Are the ideas of 2020s re-inventing those of 2010s, or are they simply based on the past concepts without crediting them (because they do differ in order to be practical)? We don’t know.
What I do know is that it is necessary to take into account the fact that the nature of internet advertising has also evolved since these works were created. The nature of privacy, privacy risks, and privacy harms evolved. Not all privacy issues could be analyzed (or even noticed) by these early works in the 2010s. These past proposals also did not consider the possible technological changes at the level of web standards and browsers, in any way. These are important caveats for attempts to translate the conclusions of such publications to today's reality.
Considering, prototyping, implementing, deploying, and adapting to such changes is quite complex. It requires quite advanced thinking because we are speaking about advanced systems, on the levels of technology, standards, regulations, and even policy.
Did you like the assessment and analysis? Any questions, comments, complaints or maybe even offers? Feel free to reach out: email@example.com