The Technical Side of Adblocking

Following on from Alan’s great blog post about advertising blockers, I wanted to share a bit of information about the technical side of adblocking to help the techies in marketers’ offices understand how it works, what you need to know if you’re employing trackers, and how vendors might be impacted. So I took a quick dive into Webkit’s Intelligent Tracking Prevention (ITP) initiative from a technologist’s perspective.

Alan’s post focused a lot on the adblocking aspect of this and how it’s driven by consumers. I’m going to focus more on the tracking aspect. And when I say tracking, I really mean the ability to identify the same person across many websites. Of course, tracking and advertising are intrinsically connected in the digital realm – tracking is how advertisers are able to customize their ads.

Here are some things that I found interesting about the initiative itself:

1. It’s not just Apple/Safari – this is an initiative from Webkit, which is primarily built for Safari but also kinda sorta powers Chrome, Opera and a Kindle browser, among others. So there’s a good chance it’ll become a common system across many browsers.
2. ITP classification is a process by which domain names are identified for restriction (or not) as cross-domain trackers. Tracker restriction isn’t intended to be universal.
3. ITP classification will be implemented with machine learning client-side, in the browser – without central cloud indexes. There’ll be no authority to control a specific tracker’s classification. ITP classification won’t be universal across all users or all of their devices. So, though classification will be uneven across domains, users and devices… It’s probably best to assume that all domains will be restricted by ITP.
4. On the flip side: Hurray to Webkit for treating devices as valuable objects in their own right and putting the machine learning in user’s hands! So many new tools only work through centralized cloud services, which is starting to get creepy. I’m thinking of the Google/Apple/Amazon assistants that are now everywhere.
5. What’s very interesting to me is the idea that individual browser installations are themselves no longer just an anonymous gateway to the web: They are literally forming distinct, ever-changing opinions about engagement and permission. Their models are growing in symbiosis with end users. I’m excited to see other ways in which browsers will become learning machines outside of this initiative.
6. This initiative also reminds me of the days before analytics trackers and retargeting display platforms. It reminds me that the mandate of the cookie is and always has been very simple: It’s convenient but should not be relied upon for any extended period of time. It’s also good to remember that even at their best, even before ITP, trackers that rely on cookies are never 100% accurate.

Anyway, on to the implications for those of us who build/manage/install trackers and other web infrastructure, and will now have to assume that the things we build will be restricted by ITP:

1. Alan mentioned the 24 hour and 30 day thresholds. What do they mean? What’s the difference between them? The answer is partitioning. The cross-domain or 3^rd party capabilities of each cookie will only be useful within 24 hours of direct engagement with the tracker’s originating domain. For the next 29 days, the cookie will only be available within the context of the host domain, making it useful for enriching experience within that one site but almost useless for cross-site tracking. Which leads to my next point.
2. Internet-wide tracking capabilities will be all about direct daily engagement, defined in relation to the tracker’s top level domain name. So sites with big daily engagement (like google.com, facebook.com and wordpress.com) will solidify their positions as kingmakers in the 3^rd party tracking space.
3. Direct daily engagement includes single sign on (SSO) portals. So SSO providers could also be winners, and web developers might see a surge in pressure to use big SSO portals.
4. As a result of the three points above, niche tracking companies like small retargeting vendors might find themselves outsourcing their session management to big players, or lose their ability to serve hyper-relevant ads across the web.
5. The cookie expiry timeline relates mostly to cross-domain cookies. If you’ve got a custom tracker working only within your own subdomains, you’re safe. This will impact how internal websites are organized around domain names. For example, companies that have multiple top-level domain names but want to customize user experience or custom-track engagement across those sites might want to re-organize into subdomains.
6. Engagement is triggered separately in every Webkit installation. Given that most netizens split their attention across multiple devices, that daily interaction to preserve cross-domain access needs to happen freakishly often. Users need to interact every day on their desktop, on their phone, on their tablet, and on any other device they use. It needs to be an interaction that happens pretty much every time users are on the internet. UX designers, strategists and developers will now need to factor this in when they design traffic pathways.

Have questions? Post them in the comments section below, or email us at expert@emfluence.com.