The purpose of the PATCG meeting this week was to present ad tech privacy proposals, but also to get the W3C working group members focused on short-term, achievable goals, said Martin Thomson, Mozilla engineer and co-author of the tech, who presented IPA at the meeting this week. For example, even just anchoring future discussions to a narrow definition of attribution, so there’s a target in mind, makes progress more achievable
“One of the things that I’m hopeful we can do with this new group is to get some dialogue going between privacy-minded folks, particularly those of us in browser land, and those in the advertising industry,” Thomson said.
Thomson’s background is pure browser tech, which he means he knows the W3C and can give a dose of realism to ad industry engineers.
Are you sitting down? Good.
Because as a key contributor to the HTTP2 protocol update, it took Thomson more than five years to get that much-needed project standardized and to reach about 20% global adoption. HTTP2 is now a near universal web protocol. And that development and adoption curve was for something far less contentious than ad tracking.
“It’s been interesting to see the differing world views,” Thomson said, now that he’s working with the IAB Tech Lab and other deep-in-the-weeds ad tech engineers.
If IPA were to work, it requires the major browser operators – Google Chrome, Apple Safari, Microsoft Edge and Mozilla – to standardize on one system, he said. If the attribution were to work across apps as well as browsers, it would also need Apple iOS and Google Android to adopt the tech.
“Consensus is a long and difficult process. Trust me; I know,” Thomson said.
I’ll have an IPA
So how does the tech actually work?
After all, for the match keys to sync and recognize users … someone must make the match.
Thomson said that companies can make open-source match keys, so anyone could freely use that match key footprint.
Take a random, hypothetical app and publisher with a massive logged-in user base across geographies, browsers and devices. Purely hypothetical. Let’s call it Shmace-book.
A small business trying to attribute its own campaigns across devices, even if it never runs on or uses Shmace-book, might still tap the open-source footprint for match keys.
How is this not a privacy violation?
Because no individual user can be connected to a conversion or de-anonymized. Similarly to Apple’s attribution system, IPA would send batched reports detailing the number of conversions that could be connected to ad clicks or impressions. It would be able to tie more media to the conversion, because it works across devices and browsers, whereas Apple’s SKAdNetwork focuses narrowly on Apple’s ecosystem.
Even with Apple’s tight privacy restrictions, a sophisticated attacker can reverse engineer the Apple reporting data to identify a specific person. With IPA, the individual can never be parsed from a larger group, Thomson claimed.
IPA is similar to other proposals. It borrows from Google’s Aggregated Reporting API, which allows for modeling reach, frequency and attribution based on sets of users, not individuals. Microsoft’s PARAKEET proposal is a parallel solution for cookieless ad tech and attribution. Like Apple, it reports batches of results, not individual conversions as they happen.
But the plans show why consensus among big tech companies is so difficult. Even when they all practically agree, Google, Microsoft and Apple prefer their solutions. Mozilla and Meta must eventually centralize on one of those solutions or convince those companies to work on their standard instead.
“While many members of the W3C share common design goals, there are a variety of different organizations that [are optimizing for] different business objectives that need to reach consensus,” Meta engineer Ben Savage, a co-author of the proposal, told AdExchanger.
For now, though, the group is focusing on attribution as narrowly as possible, just to clear the first of many difficult hurdles.
Should attribution computations take place within the browser, on-device or by multiparty computation? (Multiparty computation is essentially a method to allow multiple parties, usually via a cloud-based system, to match and compare users without IDs attached.) Should attribution be event-based (when conversions are tied directly to a specific event, like a purchase or download) or is it a better privacy tradeoff to report conversions in batches?
Why use a multiparty computation system, as IPA does and as do Apple’s engineers, rather than informed notice and consent from users being considered sufficient to use identity data for attribution? That was a question from James Rosewell, CEO and co-founder of the ad tech and publishing services company 51 Degrees, during the PATCG meeting.
“We do not have the time to fully answer that question,” Mozilla’s Thomson responded.
Rosewell also asked why IPA requires new APIs, rather than using existing APIs. “Proposals from different browsers or gatekeepers tend to play to their functionality and advantage.”
Meta doesn’t operate a major standalone web browser, Savage said, but if browsers insist on new APIs for privacy-based ad attribution, so be it.
“[We] don’t want to waste time on proposals that won’t be shipped by major web browsers,” he said.
After all, even on an optimistic timeline, it might take the better part of a decade to ship an actual private attribution product in people’s web browsers.