“Cookies are very fragile,” Mayer said, “They’re not exactly what you want in place when consumers are trying to exercise firm privacy choices.”
Part of that has to do with consumer expectation. When users opt out of tracking, they expect their wishes to be remembered. But when cookies are cleared, user preferences usually get cleared right along with them – a less-than-ideal situation for protecting privacy.
Although the Digital Advertising Alliance (DAA), a consortium comprised of advertising and marketing trade groups, created a browser extension called Protect My Choices that professes to help users prevent the accidental deletion of their opt-out cookies, it’s far from foolproof.
As Mayer recently pointed out on his blog, Protect My Choices is built from the same code base as the now deprecated Keep My Opt-Outs extension from Google, which has since been folded into the DAA’s efforts.
Protect My Choices works by creating an internal list of advertising companies and associated opt-out cookies. If/when a user unintentionally deletes an opt-out cookie, the extension simply reverses the action. But the extension’s functionality is only as effective as that aforementioned internal list of cookies, which needs to be continually updated to include new companies, an action that happens upon the release of a new version, not automatically.
[In Mayer’s post, dated June 1, he noted that the Protect My Choices extension had not been updated since July 2014. A quick trip to the Chrome Web Store shows that a new version of Protect My Choices was released on June 6.]
The unreliable nature of cookies makes some advertisers apprehensive when it comes to taking advantage of cross-device linkages.
Adobe experienced some of that pushback firsthand when it presented the concept for its forthcoming cross-device data co-op to a group of 30 brand clients and partners on a June 24 conference call, a recording of which was obtained by AdExchanger.
After Vinay Goel, Adobe’s privacy product manager, explained Adobe’s classic cookie-based system requiring users to opt out on a per-device basis each time they clear their cookies, one of the clients on the call called foul. [Adobe, however, also proposed a novel mechanism that would allow users to see which of their specific devices have been linked together.]
“It feels like an infinity loop,” the client said, referring to the need for consumers to be constantly maintaining their preferences in a cookie-based system. “I like the idea of the co-op … but it feels like the opt-out option is kind of flawed.”
And it is. Goel readily acknowledged as much, but with a slight deflection. “This is an industry challenge, not just an Adobe challenge,” he said.
But the industry doesn’t have much in the way of other options at the moment.
“The way almost every Internet marketing technology works today, if you clear your cookies and then the consumer comes back to the site, they are being targeted and profiled again,” Goel told Adobe clients on the call. “This is one of the limitations or challenges with cookie-based opt-outs.”
Easy Way Out?
There is an inherent conundrum at the heart of cookie-based opt-out mechanisms.
Some websites ironically continue tracking a user that has opted out in order to “remember” not to show that person targeted advertising, storing the opt-out preferences on the server side.
Cross-device linkages come in two basic flavors: deterministic and probabilistic. Companies like Facebook or Twitter can use logged-in users to sync and link, which also applies to cross-device privacy preferences. Companies like Drawbridge and Tapad rely on creating probable linkages based on observations made over time.
“When folks in the advertising space talk about scaling up cross-device tracking in an exchange, they tend to be talking about a probabilistic solution and that introduces some challenges,” Mayer said. “If they offer an opt-out, they can only do so with a likelihood, but no guarantee, that the opt-out will transfer to other devices.”
It’s a “weird choice to offer,” he said, which is why users are asked to opt out on each one of their devices to make sure.
Although Drawbridge, for example, offers what it calls “universal cross-device opt-out,” which allows users to nullify the linkages between their devices within Drawbridge’s connected consumer graph with one click, the opt-out policy on Drawbridge’s website carries more tempered language: "Because we can't tell you're opted out on different devices (for example, your laptop and your mobile phone), you should complete the opt-out process for all devices and browsers you use.”
Do Consumers Get It?
“It’s the Wild West in terms of managing this and coming at it from the user perspective,” said Brienna Pinnow, product lead for addressable advertising at Experian Marketing Services. “How can the consumer understand this ecosystem if we ourselves are struggling with the best way to do it?”
Take the AdChoices icon. A study conducted in March by ORC International for Kelly Scott Madison found that 74% of consumers were not aware of the ad campaign the DAA launched in 2012 to spread awareness of the little blue button. The study also noted that even when consumers had heard of the program, nearly two-thirds didn’t know what it meant.
[Anecdotally, I recently showed my 70-year-old father a banner ad with the AdChoices icon in the corner and asked him where he thought he’d have to click to opt out of seeing targeted advertising. He a) didn’t notice the AdChoices icon; b) had never seen it before; and c) was irked when I explained its purpose. “You can’t even see it,” he said, peering at the screen.]
Mayer is skeptical as well.
“Those little icons are just another example of how to look like you’re giving folks a choice while at the same time ensuring that they don’t exercise that choice,” Mayer said. “It’s yet another instance of design for the purpose of the appearance of a privacy choice without actually facilitating that privacy choice. I call it privacy theater. You do all the window dressings to make it look OK, but you’re not doing it seriously.”
According to the DAA, more than 6 million people have registered their web preferences since the AdChoices program launched. AppChoices, which launched in February, has been downloaded “thousands” of times since then, although the DAA declined to elaborate.
AppChoices – which admittedly relies on a device ID-based opt-out and not on a cookie-based one – seems to suffer from the same disease as many existing opt-out mechanisms: It’s a lot of work for the user.
Of course, the real goal is to give users some kind of understandable value exchange so that they don’t want to opt out at all. Talking about opt-out without talking about the quality of online content, targeting and advertising is like talking about a bad restaurant that offers every customer a full refund rather than improving its food.
“Opting out is hard and it’s hard on purpose,” said Mike Schneider, VP of marketing at location data company Skyhook Wireless. “But I want to make it so that people don’t have or want to opt out, so they understand what they’re going to get if they opt in.”
According to a March 2014 report from privacy management company TRUSTe, 39% of US consumers are actually willing to share their personal data with advertisers in return for more personalized ad experiences.
To TUNE’s Nayak that signals an opportunity for the ad industry to do a better job of explaining the potential value exchange of behavioral advertising.
“Rather than finding the most comprehensive or technologically persistent way to opt users out, the real question is, how can we maintain trust and keep users engaged and opted in?” Nayak said.
If that doesn’t happen, consumers are more likely to get annoyed and flip the ad-blocking switch, which, Mayer said, is far from the ideal outcome.
“Opt-out cookies remain a distraction – we know they’re difficult to use and a poor technical design,” said Mayer. “The best privacy option, for now, is to block advertisements, which is unfortunate.”