Another day, another headline saying Alphabet’s Google and Facebook are being investigated for allegedly breaking privacy laws and engaging in anti-trust behavior.
Now the company, which controls 31% of global digital ad dollars, will face the U.S. on anti-trust matters. A big question is if governments will be effective, as they may not understand how social-media and internet businesses operate.
In April 2018, Congress tried to piece together how Facebook’s
platform works. It ended up being a disaster. Anyone who works in the mobile-ad industry knows that the mobile device, notorious for its massive data leakage, could be used to collect thousands of data points daily to reveal personal thoughts, behaviors and political preferences.
When Facebook CEO Mark Zuckerberg answered a question on how Facebook makes money — “We sell ads, senator” — he wasn’t fooling the ad industry. It’s well aware that Facebook sells audiences and identities, as the company’s ads would be worthless without extracting data points from the mobile device and aggregating them for targeting.
This isn’t your typical targeting of pizza (or beer) ads during football games. This targeting knows you better than you know yourself, as it monitors your actions with data science and look-alike modeling.
The only force that can stand up to the complex tracking methods used by Google and Facebook will be an opposite, yet equal, force. It will not come from governments, which think that paying for search results is the problem. Rather, the problem is the pervasive code and software that continually tracks people, which no competitor can compete with.
Turns out, there is an opposite and equal force in magnitude that has chipped away at the anti-competitive tracking that occurs in the browser with Intelligent Tracking Prevention (ITP). Yet it has not done so on the leakiest device of all: mobile. And that would be Apple
Pervasive tracking is anti-competitive
Facebook and Google aren’t the only companies that track users on mobile and browsers. They simply have software and code in more places. For instance, Facebook’s software is in 32% of the top 500 app market — and up to 800,000 applications. They track billions of non-Facebook users with software that can track you whether you have navigated one of their digital properties or not.
There is no way to opt out of Facebook or Google from tracking you, as their tracking is simply everywhere. In fact, security experts, including Bruce Schneier of the Berkman Center for Internet and Society at Harvard, call such tracking outright surveillance.
The incredible depth of information those giant companies have on mobile and internet users is the “moat” that generates unprecedented cash flow in advertising. Both ad-dollar machines have inertia from the data being collected, and it doesn’t appear that the EU’s General Data Protection Regulation (GDPR), anti-trust lawsuits in Europe and the U.S., or the Cambridge Analytica scandal is going to slow those companies.
The flow of data is provided by tracking code across websites. Those include the Facebook “like” button and sign-in. It’s also done through software development kits (SDKs), such as Facebook Audience Network, which is installed in 32% of the top 500 apps on the market. Google simply acquired Android to have tracking across the majority of mobile, and then went further, acquiring AdMob in 2009. That ad network was especially popular on the Apple iPhone.
The moat that Google and Facebook have enjoyed comes from having first-party relationships with nearly every user who has a smartphone. This is called first-party data and is a loophole used to collect data even after a user is on another property where there is no relationship. For instance, Facebook uses first-party data to power ads on streaming service Hulu, but at this point, the first-party relationship does not exist with Facebook’s social network once someone is on Hulu, and this is done without explicit consent (by both Facebook and Hulu). Easy-to-navigate opt-ins are not offered, as it’s unlikely Hulu viewers, who pay for the app, would want Facebook accessing their viewing data if they had to opt-in.
Privacy issues aside, there is no way for another ad company to compete when Google and Facebook collect that much data. Other companies are copying their approach by tracking users with universal ad IDs, including leveraging Apple’s Identification for Advertisers (IDFA).
Apple’s ITP prevents browser tracking
To understand how technology can neutralize tracking, it’s important to look at Apple’s Intelligent Tracking Prevention measures, which were launched in 2017. Apple’s ITP placed a limit on how long cookies are available for third-party contexts by removing third-party cookies after 24 hours.
At first, ITP did not have an effect on Google, as users of its search service and other properties visit those sites daily and, therefore, are not considered third-parties. Some critics say ITP strengthened Google as one of few remaining options to target niche audiences.
In 2018, Apple continued to battle data collection on the Safari browser by shutting down finger printing, a method of triangulating a user’s identity through fonts, screen dimensions and plug-ins.
In March 2019, Apple announced ITP 2.1, which limited first-party cookie storage to seven days. To put that in perspective, a Google Analytics cookie, in theory, would last for up to two years. Safari can now delete it within a week.
Finally, in May 2019, Apple limited tracking to 24 hours, including Google and Facebook.
We’ve seen statistics from publishers where they get half the CPM value — cost per thousand impressions — as a result of ITP’s impact. If they can’t have good targeting, some of their sites become less worthwhile for their advertisers.
Google and Facebook are the companies most affected by ITP 2.2, which was released in May 2019. Still, the companies reported record second-quarter ad revenue — $16 billion for Facebook and $38 billion for Google.
That may be due to Apple’s Safari and Mozilla having a small share of browser activity, or it could be because Facebook and Google have daily first-party relationships with users. A third possibility is that it’s too soon to understand the effects of ITP.
Keep in mind, the browser is not nearly as powerful as the mobile device.
More on Apple’s IDFA
At the Advertising Week conference in New York last week, there was a presentation by Gadi Eliashiv of Singular titled “A World Without IDFA: The Implications for Marketers.” I caught up with him after the presentation to get more background on Apple’s Identifier for Advertisers, or IDFA, and the possibility of Apple restricting the identifier. Unlike cookies on the web, where there is a tag on the browser, mobile identifiers have much stronger tracking capabilities. The identifier belongs to the device and works across applications and devices.
Eliashiv pointed out that attribution, or the tracking of advertising’s effectiveness, will always be a reality as it’s important for advertisers to track return on investment (ROI), and this ultimately supports the mobile ecosystem for the development of new apps and features. He also thought the recent iOS 13 upgrade, which offers users the option to sign into apps via an email address that Apple generates, is a way of logging into apps and getting personalized experiences without having to give up personally identifiable information.
As Eliashiv said, if it were an easy decision, then Apple would have already made it.
Apple’s chance to make a statement
As of now, Apple has no plans to remove the IDFA, although for a company that insists it is a protector of privacy, at the very least, there should be better opt-ins. The changes made with ITP on the browser may not have had a big effect. However, the implications of Apple restricting IDFAs on iOS becomes more serious with the iPhone having a global penetration of up to 20% of smartphone sales.
Even companies that have fancier IDs, such as Trade Desk
with its Unified ID, relies on IDFA to some extent, and any changes to IDFA would limit the ability to collect and stitch together fragments about the user.
That said, perhaps Apple should have addressed those issues before hyping its privacy efforts. As of now, Apple is enabling a lot of tracking with the IDFA, and this may not be an appropriate compromise for attribution as users are completely unaware their activity can be tracked across the entire device.
Furthermore, users don’t have any method for approving the software development kits, from Facebook’s Audience Network or Google’s AdMob.
Even with anti-trust regulations, this level of tracking will continue. That is, unless Apple steps in.
Disclosure: Subscribers to Beth Kindig’s premium service may have positions in the securities mentioned in this article or may take positions at any time. Kindig has no holdings.
Beth Kindig is a San Francisco-based technology analyst with more than a decade of experience in analyzing private and public tech companies. She publishes a free newsletter on tech stocks at Beth.Technology and runs a premium research service.