How Google Will Target Ads Without Singling Users Out
A handful of new standards will personalize ads without the privacy violations of today
The internet is about to experience a dramatic shift toward privacy.
To be clear, Google will continue to track users within its own platforms and use that information to target ads. But it’s making it more difficult for sites to show advertisements based on your individual browsing history outside of the Googleverse.
One such method would create groups of users with similar interests, allowing advertisers to target groups of people without pinpointing any individual. It would also keep data on your devices: Instead of allowing companies to track you across every website, Google’s Chrome browser would generate an anonymous profile of your interests and use it to request an appropriate advertisement for you.
To build a system like this, Google and its partners have constructed a series of new technologies under the banner of the privacy sandbox, which is advertised as a way of hiding individual users “in the crowd.” The privacy sandbox is no single technology but is instead a handful of new standards that would allow advertising to continue to exist and work similarly to today, without the gross privacy violations enabled by tracking cookies.
One of the most notable technologies in the privacy sandbox is a proposed web standard called federated learning of cohorts (FLoC). This is the standard that builds interest groups locally in the browser without ever sending individual data to a server. When a page wants to display an ad, it would request one based on the cohort the user has been placed in — rather than their specific browsing history.
Another proposed standard, FLEDGE, would allow advertisers to create “custom audiences” without using the cookies that power this capability today. Custom audiences allow advertisers to target previous visitors of a website — a practice called retargeting. It’s what makes it possible for those shoes you checked out once to follow you in ads around the internet.
Also included in the privacy sandbox are proposals that hide your home network’s IP address from websites and a new technology that would automatically block requests for information from your device when it becomes clear a site is asking for too much.
The privacy sandbox is still a Band-Aid solution: It improves privacy but makes obvious compromises in order for advertising to continue to appeal to buyers.
Some of these standards, as proposed, have significant holes in them: FLoC, for example, anonymizes users in groups, but individuals in those groups can be easily de-anonymized and tracked if a site knows their email address or other personal information. That means if you’re signed into Facebook, for example, the company would easily be able to figure out which group you’re in and link that information to your advertising profile on its site. The proposal for FLoC admits as much but does not satisfyingly address how users could mitigate this.
All of these standards make it clear that Google is finally beginning to push privacy improvements on the web. But it’s worth nothing that a large reason for Google’s sudden interest in privacy is that its business is under threat.
Last March, Apple announced that it would block tracking cookies by default in Safari on iOS and macOS, a move that meant advertisers were suddenly unable to follow the people using those products around the web almost overnight. Google risks losing users, who are becoming increasingly privacy aware, if it doesn’t adapt quickly to compete on privacy.
Luckily for Google, it develops the world’s most popular desktop browser, Chrome, and is able to implement new ad targeting systems more or less single-handedly. While the company has proposed its privacy sandbox projects as web standards for adoption by all, it’s not clear whether other browsers, such as Mozilla’s Firefox or Apple’s Safari, plan to implement the core standards.
Recent meetings of the standards group have, however, been heavily attended by publishers and advertisers, such as the BBC, the New York Times, IAB, and Facebook. Getting publishers onboard with the new technology, which supports their advertising business models, could make it easier to force the hand of the other browsers.
By introducing these new web standards, Google is ensuring that it can both continue to sell targeted advertising and push privacy on the web forward.
The Ad-Based Internet Is About to Collapse. What Comes Next?
The web as we know it relies on advertising, but that model is headed for a crash. Fortunately, we can build something…
Which explains why, on the whole, the privacy sandbox is still a Band-Aid solution: It improves privacy but makes obvious compromises in order for advertising to continue to appeal to buyers. Such is the tension: Targeted advertising still needs to be fueled by data somehow, and there are always going to be loopholes that allow technology to be abused, as tracking cookies were for decades.
But advertising isn’t necessarily bad. Tim Hwang’s fantastic book Subprime Attention Crisis examines the tension between advertising’s privacy nightmares and how the best, weirdest parts of the internet have historically been supported by advertising, describing it as the “time bomb at the heart of the internet.”
Google’s proposals attempt to improve privacy on the web by reining in the Wild West of trackers and still allowing publishers and creators to fund their work — as opposed to demonizing advertising as a legitimate business model. While it might be an imperfect fix, I’m not sure the internet we know and love could continue to exist without something like it.
This story has been updated with additional context about Google’s forthcoming updates.