There’s scarcely a word you hear more from big tech companies like Apple, Facebook, and Google than “privacy” these days. To adblocker and privacy-focused browser vendor Ghostery however, what they mean when they say privacy is not what you mean when you use that word.
“They’re all redefining privacy to their own benefit in a lot of ways,” Ghostery CEO Jean-Paul Schmetz told me recently in a TechFirst podcast.
“But obviously, I think privacy should be defined from the perspective of the user, right … that’s the only perspective that actually counts.”
For instance, Apple’s App Tracking Transparency defines privacy as companies not sharing data they’ve gathered about you with other companies without your permission … not companies gathering data about you, period. Google’s often-delayed deprecation of the third-party cookie (just delayed again, recently) will prevent cross-site tracking, which is good for privacy, but doesn’t hurt Google at all because Google has a first-party relationship with you. And Facebook’s ever-more-detailed privacy settings outline in excruciating minutia who (besides Facebook) can see everything about you, but doesn’t protect you from the big social network you’re giving everything to at all.
So even with all the talk, talk, talk … we’re all still naked in the dark on the web, at least in terms of our personal data and digital behavior.
“Some data points are being leaked about every American 750 times a day, and Europeans are at … 360 times a day,” Schmetz says.
In other words, that great lumbering giant of legislation, GDPR, which has forced more mouse clicks (to accept or deny cookies) than any other law in history, has only succeeding in halving European’s data privacy exposure.
The interesting thing, according to Schmetz, is that all of this data collection, done in the name of making ads more relevant and effective, doesn’t actually accomplish its task.
“I don’t think we would be losing that much in advertising or in machine learning if people would collect data in a way that doesn’t automatically expose the life of their users,” Schmetz says. “It’s really possible to do it. We’ve proven it many times, you know, academically, etc. it is doable. It’s just not being done because there is no reason to do it. Neither users nor governments nor anyone else is actually pushing in that direction.”
There is evidence that publishers, specifically news outlets, can earn more when omitting layers of targeting adtech (each of which takes its slice of revenue) and simply enabling contextual ads, which don’t require personal information. The Irish Council for Civil Liberties, for instance, cites a Norwegian news agency that quadrupled revenue for contextual ads versus tracking-based based ads over a 12 month span, and a Dutch publisher that boosted revenue 149%.
And Google’s Privacy Sandbox, still in development and not in wide release, is actually a technology that is intended to enable that, keeping targeting data on-device so that relevant ads can be surfaced to the right people without taking their data, exposing their data, or compromising their identity.
However, it’s not clear that very specific small brands can adequately use contextual targeting to reach niche audiences … even if publishers do better.
Be that as it may, Schmetz says Google is actually moving to break tools that enhance privacy by changing how extensions in its Chrome browser can work.
“They have a lot of different policies, but the one that you’re addressing regarding anti-tracking basically tell us you can block a request but you cannot modify it,” Schmetz says. “But if you can only block … the site doesn’t work anymore. And you cannot remove identifiers like we do at Ghostery to say like, ‘“Look, the web functions as it’s intended to do, it’s just that your IDs are not getting through.’”
Translation: the Ghostery extension on Chrome can’t modify data going out of the browser that would give a website your personal information. The extension can only block it, which means a website you want to use won’t work.
It’s understandable that Google has concerns: an extension that can read and modify data your browser sends and receives could, in the wrong hands, be a great tool for siphoning cash from banks or draining crypto from users’ wallets.
Still, Schmetz has a point:
“The truth of the matter is that Google has become a monopoly in browsing, because you know Edge is also using Chromium as a base,” he says. “Firefox is not as strong as it used to be and gets all its revenue from Google. And Google felt that they can now squeeze the extension ecosystem.”
That’s something that Europe’s new Digital Markets Act might address, given that Google has dominate power in multiple areas: search, email, browsers, and more. The DMA can force divestiture, and that is a potential challenge for Google over the next few years. Apple’s not immune: by owning iPhone and iOS and the App Store, it controls what happens on its platform and who can access it.
Big tech in general — Facebook, Amazon, Microsoft as well as Google and Apple — could face similar issues, many of which come back to data.
Data is a wonderful thing, but it has its challenges, says Schmetz.
“The data sets that are being built are a little bit the nuclear waste of the 21st century, right? Like … nuclear energy is great, but it’s got this problem with waste, and the web and machine learning is great, but it’s got this waste of all this data that has been collected and really should not really be there.”