If anything is clear from the rollout of Apple and Google’s new “privacy-focused” replacements for its advertising IDs and 3rd party tracking systems, it is that their respective PR departments deserve a pay raise.
21 February 2022 (Berlin, Germany) – As I have detailed in numerous posts, location tracking is really quietly, sometimes surreptitiously, baked into the web’s modern data collection regime. Apple, Facebook and Google have created a network of commercial surveillance with their tracking technologies. The practice of third-party tracking on websites has become so widespread and complicated that special software is needed to understand and track this modern data collection regime. It is why dismantling it will be so difficult, something I summarised last week in this blog post which generated a tsunami of emails from readers so I thought I’d do a deeper dive and try to answer a lot of questions with this one post.
To summarise my mantra:
1. What we have seen in recent years is significantly enhanced information sharing and networking capabilities among smartphone users, advanced by geospatial technologies which have undeniably permeated almost all aspects of modern life in our society. Social media apps are increasingly location-based, providing analysts with access to a wide range of shared spatial data, such as check-ins, geo-tagged images, video clips or text messages, or reviews of businesses and other localities.
2. This has led to the creation of a new discipline I have written about before – geospatial data science. Every platform company … Apple, Facebook, Google, Snap, TikTok, Unity, etc. … has 100s of engineers working this. It is a transdisciplinary field that extracts knowledge and insight from geospatial big data using high-performance computing resources, spatial and nonspatial statistics, spatiotemporal analysis models, GIS (Geographic Information Systems) algorithms, machine learning methods, and geovisualization tools. It is also why we’ve seen the emergence of a geospatial cloud and the building of a comprehensive cyber infrastructure.
3. And it is why we are only at the infancy of cloud computing. What we are seeing now is only the beginning of a long-term explosion in use – and Big Tech earnings. Companies are geared to spend a trillion dollars on cloud services over the next 5 years, meaning that there is a lot more room for tech companies to keep growing. And “Big Tech”? When it comes to anticipating the future for Big Tech, we weren’t thinking big enough.
The data privacy world was agog last week when Google unveiled its Privacy Sandbox.
NOTE: a sandbox is a software term. It is a testing environment that isolates untested code changes and outright experimentation from the production environment or repository, in the context of software development including Web development, automation, revision control, etc.
From the Wall Street Journal:
Google plans to adopt new privacy restrictions to curtail tracking across apps on Android smartphones, following Apple Inc. in putting restraints on an advertising industry that has covertly collected data across billions of mobile devices. Google’s plans for Android could hasten an end to more than a decade of advertising practices across smartphones in which companies including Meta Platforms Inc.’s Facebook layered their code into hundreds of thousands of apps to track consumer behavior.
Google said Wednesday that it plans to develop more privacy-focused replacements for the alphanumeric identifiers associated with individual smartphones that some apps use to gather and share information about users. The Alphabet Inc. unit said it plans to keep supporting current smartphone identifiers for at least the next two years and to give the industry substantial notice before any changes. It said it plans to work with the industry to develop the replacements. Google declined to give many details about its plans for how its new systems would work. What they might look like for users or advertisers remained unclear.
The reality of those last few sentences – that Google’s plans are vague and will take at least two years to implement – led to a lot of understandable skepticism about this announcement. John Gruber at Daring Fireball, who writes one of the most followed blogs by those of us that like to get into the weeds of technology, commented:
If this “Android Privacy Sandbox” winds up as toothless as it sounds today, it’s just Google trying to look like they’re pro-privacy, not actually taking action to make Android more private for user. My takeaway is that Google is presenting this “Android Privacy Sandbox” — including just by giving it a name — as though they have announced a comprehensive plan to give Android users iOS-like (or better!) control over their own privacy from cross-application surveillance ad tech.
But in fact all they’ve announced is a plan to create a plan.
I totally get his take and he is right. But in Google’s favor (see, I can be balanced) there is some very difficult technology at play here and unless you understand network technology and networking capabilities and enhanced information sharing you’ll see the trees but miss the forest. And I do not trust a damn thing either Apple or Google says as my previous posts make clear so my cynicism reigns.
To start, three foundational concepts:
1. First, Google, like Apple, controls the operating system. That’s why they can (eventually, sometime, whenever) depreciate the Google Advertising Identifier (“GAID”) which is Android’s iOS identifier for advertisers in the first place. From a technical perspective it doesn’t need GAID by virtue of controlling the operating system and the Google Play Store so it has perfect knowledge of literally everything that happens on a user’s smartphone. So this point that “we’re getting rid of GAID to enable privacy” is pure theatre. This is different than the damage Apple’s App Tracking Transparency (“ATT”) initiative did to Facebook, which doesn’t have operating system level access.
2. The second point builds on the first: given the fact that (a) Google has a huge advertising business and (b) Is fundamentally privileged in terms of Android, it has to proceed extremely carefully and gingerly for fear of being accused of acting anti-competitively. I have already noted the degree to which Apple’ ATT could be characterized as anti-competitive behavior. Apple’s only saving grace, beyond the vagaries of regulatory attention, is that its advertising business is still quite small. Google’s is the largest and the company is already in the shit house undergoing scrutiny in 12 U.S.-based cases and 8 European-based cases.
3. The third point is more of a fundamental one: a lot of the criticism of any of these initiatives from Google seems rooted in the belief that targeted advertising of any kind is fundamentally bad. Well, Apple clearly doesn’t have a problem with targeted advertising, or the New York Times or data privacy practitioners or countless others – as long as it is first party. Which is great not only for Apple but also Google and Amazon. Hence my position that regulators have merely (unknowingly) advanced what I have been writing about for 2+ years: advertising and data will retreat/have retreated inside silos (Amazon, Apple, Facebook, Google, TikTok, etc.) where nothing is passed around or shared. Taken to its logical conclusion, most of these privacy regulations will simply not apply.
And let’s be clear. As Casey Newton and Jamie Bartlett point out (two other chaps who do some heavy lifting to make you understand platform and network structure):
1. Things will get worse for Meta, Snap, Unity, etc. Squashing any possible means to make a direct connection between an ad and a conversion would be an arrow to the heart of all of these optimistic notes on recent earnings calls about figuring out how to work around Apple’s ATT.
2. If Apple does this, it will be hard to interpret it as anything other than vindictive and/or anti-competitive. As Casey Newton has noted “the nature of IP tracking is that it isn’t really useful in targeting, although it does help in conversion; killing that too, especially when Apple itself is doing targeted advertising (which means it doesn’t have a problem with the concept), is nothing more than leveraging its control of iOS for its own purposes”.
3. Only TikTok has shown it can circumvent Apple and Google privacy protections and one can surmise others will learn, too. More in tomorrow’s post, with a video.
Google lays out 4 different bits for its new “privacy-focused” replacements, and one is called “SDK Runtimes”. The biggest issue is that it is very vague and very complex and it is getting massacred on Twitter, forcing Google to make quick fire responses. I will not cover it here other than to tell you it involves a mobile software development kit, or “SDK”, which is a piece of code that lets mobile apps connect to third-party services and technologies. By integrating a mobile SDK, developers can access different tools like analytics or re-engagement, or connect to ad networks to run in-app ads.
Unlike APIs, which act more as bridges, SDKs allow for a richer set of technological capabilities by being more deeply embedded in an app, delivering a more expansive set of tools. These may include libraries, code samples, and guides that can help developers build better applications. But we are in the realm of a user’s app data being available via by third-party SDKs. So Google thought to modify this by reducing undisclosed tracking of a user’s app usage by third-party SDKs by limiting unique, persistent identifiers from being accessed by SDKs. If you are on our mobile telecom newsletter, my CTO will issue a briefing note later this week.
Of more interest is on-device targeting, Google’s other three proposals which fall under the same umbrella. I’m going to steal Eric Seufart’s bullet-point summary. Eric is the author of “Freemium Economics: Leveraging Analytics and User Segmentation to Drive Revenue” and certainly my guru when it comes to mobile advertising, mobile monetization, and performance marketing.
Eric notes that Google’s proposals are:
• Topics, which is similar to the Topics API for the original Privacy Sandbox that was revealed in late January. This concept creates coarse signals of user interest based on engagement with apps that have been classified into a standardized taxonomy, and allows those interests to be targeted against. I covered this in detail in this blog post – and why the advertising industry ain’t impressed.
• FLEDGE for Android, which is equivalent in practice to FLEDGE for web. FLEDGE for Android allows app developers to define custom audiences within their apps and facilitates the targeting and serving of ads on-device
• Attribution Reporting, which allows campaign performance to be measured on-device and reported to ad networks and advertisers
As Eric says:
Every single one of these proposals entails on-device learning and targeting. The argument from Google is that this is more private because your data isn’t being sent to Google; what is unspoken is that Google and Apple, which has made noises about similar initiatives, are the only two companies who can build such a system, because they are the only two companies that control mobile devices (this, incidentally, is another reason to be bullish about Microsoft advertising).
What will be interesting to observe is how consumers react to a new advertising reality in which their own devices are determining what ads they are shown. Already Google is getting pushback, similar to the pushback against Apple’s CSAM initiative that leveraged your device to look for Child Sexual Abuse Material, leading to the company backing off. Which is why Gruber said (at the top of this post) all Google did last week was announce they have a plan to create a plan.
Or is the topic so esoteric that no one will care? For what it’s worth my bet is on the latter: Apple has gotten this far by misrepresenting the reality of digital advertising even as it builds its own app install business, and they have been cheered every step of the way. The data privacy practitioners follow like sheep because they still fail to “get” the reality of digital advertising.
But … who cares. These proposals are at least two years out (or “maybe longer than two years” as a Googler noted on Twitter today). And, frankly, that’s ok. Plenty of time to debate the pros and the cons. Get out your 🍿