See also the video transcript and the slides (PDF copy)
Private Advertising Technology: Where Goes Advertising, There Goes the Web
The Private Advertising Technology group combines stakeholders from across the web: browsers, advocates, publishers, ad technologists, developers, and more with one goal: creating a web where businesses can thrive while preserving users’ privacy. Doing this means some serious changes and brand new APIs on the horizon.
We’ll take a look at the proposed specifications being explored by the
Advertising Technology W3C group. From there, we will jump into
the underlying technology approaches and the basics of how they work
against specific privacy threats. By the end, you’ll understand
important privacy principles you can incorporate into your own
development process. Together we can build towards the unavoidably
more-private future, one that will be brought to us by users,
regulators, browsers, and ethical builders like you.
Aram Zucker-Scharff (he/him) is the Engineering Lead for Privacy
& Security Compliance at The Washington Post. He currently
co-chairs the W3C’s
Private Ad Technology Community Group. He previously worked on
the Zeus team, helping publishers to maximize site performance and
revenue. He has also worked on The Washington Post’s Ad Tech R&D
and Big Data teams. Aram has developed open-source tools for
publishers and consulted on content strategy and digital newsroom
workflows. He has also worked as a full stack developer, journalist,
community manager and contributed to WordPress Core. He has appeared
in WIRED, The Atlantic, AdExchanger, Digiday, Poynter, Nieman Lab,
journalism.co.uk and Columbia Journalism Review.
Hello, I am Aram Zucker-Scharff, and, great, there's the timer 'cause otherwise if I don't have it, I'm gonna go over.
And yeah, I am the chair, co-chair of the Private Advertising Technology Group and we're going to talk a little bit about how advertising and privacy is on the verge of transforming the web.
So it's important to note, ads power the web, you get a lot of stuff for free because of advertising and because of that, it's an important part of how the web works.
It also makes a ton of money more all the time and it is powering an entire universe of new products and technology, almost 10,000 as of this year.
Unfortunately, advertising in part because of how it interacts and tries to access your user data and personal information can also break things.
It's a cause of a lot of misinformation on the web and a lot of fraud.
So the result is everyone is working towards a more private web and it's coming fast.
Unfortunately, it's also very complicated.
So today we're going to go over a very fast overview of what's going on, the proposals that are involved, the underlying concepts and how to get involved because we want you involved in the future of the web.
Browsers and the standard organizations like the W3C have expressed their concerns and have made them available online.
You can read them, you should, they're great, and of course various state entities, including us here in Canada have made privacy laws available and they are changing how users interact with the web and what they do.
With privacy changes that are coming because of ads, other parts of the web are being forced to change as well.
The cookie you may have heard is going away, the exact date, now currently uncertain but we are sure it's coming soon.
And with the end of the third party cookie, all sorts of other things are changing, a great example of this is how we handle login.
Another good example is how you detect features on the browser, how you authenticate who is really a human and who is a robot.
And even the very nature of how you interact with your state on the web and how it's handled through cookies.
And of course how you interact with storage in the browser.
All of these are being transformed by privacy deriving from concerns that have come from advertising.
Now we're going to go over some of the technology concepts that underlie these proposals so that if you want to get involved or use them, you can understand what's happening and why.
Browser mediation is a major concept that comes up in privacy conversations.
It takes private information, personally identifiable information, handles it client side inside your browser without leaking it to anyone else and only returns the relevant results.
Federated learning is a concept that allows you to take encrypted data, process it for machine learning purposes and return a useful product without ever revealing anything about the individual user.
Secure multi-party computation is an important concept that we're considering in PAT CG. It allows you to take important data about the user that might reveal their personal information, split it up, have it handled by a set of different servers so that none of them have the actual full data, combine it and then return an anonymized insight.
There are a number of mechanisms that we consider when we deal with privacy proposals.
Differential privacy, it allows us to take a look at data and say, How can we obscure it?
How can we introduce noise?
If one of the major vulnerabilities that come out of privacy comes from timing, how do we use delay to avoid timing attacks that might cause us to reveal who the user is inadvertently?
K-anonymity is another concept that is important that we consider in privacy proposals.
Here, it looks at things that we represent currently as individualized user data that we can aggregate together and represent as groups.
The idea here being, you take what makes an individual user and sort of get them lost in a crowd of people but still give the data that's needed for various operations to happen.
Here are some of the privacy proposals that are focused in the ad tech space that are combining, influencing, interacting with what we do in PAT CG. Not every one of these proposals is in PAT CG but the ways that they approach things influence how we think and talk about privacy and advertising technology.
The first category of proposals deal with protecting the execution space for advertising flows.
This means that where previously the way that the ad came to you on your webpage would reveal your personal information, now we're looking at ways that we can deliver that ad without leaking that information.
Fledged/turtledove is a major one.
This assigns interest groups to users using that browser mediation approach, and allows the execution to happen in that browser space.
Parakeet is another proposal, it allows users to interact with the same type of targeting concerns, but instead relies on trusted third party servers to handle the execution in a secure way.
Fenced frames are a major part of a number of our proposals, they propose to force specific context, replace the iframes that you may be familiar with, and instead use a more secure methodology to display that information, allow operations to happen internal to the frame, but allow zero access to the embedding domain.
This is really important because pretty much every ad you see on the web comes at you through an iframe.
So if we're gonna fix that, we need to improve that methodology.
The next category of proposals deals with private measurement.
Apple has presented PCM.
This Private Click Measurement allows you to click on an ad, have a report put together about the click, where it happened, what you did and take that click, store it in the browser, again, a browser mediation style proposal and then later using a delay, right, we've talked about that when some of the privacy methods send it along to the site that is specified for analytics purposes.
Google has proposed Attribution Reporting.
This also relies on delaying the actual report that goes to the site and also combining it with some concepts around aggregation.
Once again, looking at that idea of getting lost in the crowd, combining a bunch of reports together, returning what is the important information for making decisions and understanding if an ad campaign is successful.
Mozilla and Meta have teamed up and together they are working on a proposal called IPA or Interoperable Private, actually, I'm blanking on the acronym, but the main point here is this is a multi-party compute proposal.
Here, it takes a bunch of information about what happens in the browser and on the page and implements all of what you need to know to make sure that the ad operation happens successfully.
Then it uses that multi-party compute concept.
It takes that information, splits it up, sends it to a bunch of different servers and then uses those servers secure computation to figure out what it needs to figure out around positioning, around attribution, that's who clicked on the ad and where and who gets credit for it, and most importantly, who gets paid for it.
And then uses another service to combine that information back together into an anonymous report that preserves individual users personal information while still delivering what needs to be done for various advertising goals.
Now, when we are looking at these proposals and deciding how we deal with them and what we do with them and what elements get combined and turned into standards or not, we have to sort of ask some questions around how these proposals meet specific goals, what we want from them, what we want from the web and the future.
A really important element of this is the priority of constituencies at the W3C.
The user needs to come before the needs of webpage authors.
That comes before the needs of user agent implementers, comes before the needs of specification writers, comes before the need for the perfect proposal.
This is important because it puts users first and when we are considering private advertising technology, the thing that we are intending to improve is that advertisements, historically that technology has not put the user first, it's put a whole variety of other people first.
So this is a big filter for understanding how successful a proposal is.
Then there's privacy by design.
This is a useful set of concepts that has been referred to by legislatures, designers, engineers.
The idea being thinking about how to put privacy first when you design new technologies, concepts, proposals.
This is one of a number of useful filters.
Think about where personally identifying information comes into play in interactions on the web.
Do you need that information at all?
Do you need it only in a specific space, say the initial interaction with an ad, and then you can strip it out?
Are there places where it's needed to make decisions, or are there places where we can extract that information out and think about it in a more anonymous way?
Another big question is, how does the user understand what's going on?
Does the user understand what's happening in a proposal?
Does the user understand what's happening in the browser?
If you ask a user to consent to something, consent to their storage being used, consent to a third party cookie being placed, can they actually understand what's going on?
It's not consent if they don't understand what they're consenting to.
So thinking about how these proposals wrap up that information and present it to users or how they handle it in such a way that they do not need to present it to users is very important.
So now that I've run down all of the things that we're working on, a really big important thing is getting more people involved.
The web is for all of us at all levels of expertise, at all levels of use, whether you are somebody who is at three W3C meetings a week or who has never heard of the W3C in this moment, it's important to get you involved, and so here are some options for how.
Each of these are different types of groups.
Some of these are only available to W3C members.
Some of these, anything that's labeled a community group in particular is open to anyone.
The Privacy Interest Group is an important part of our process, they review proposals of that relate to various parts of the web for privacy characteristics, and they will return to us criticism when it's not private enough or give us great information about what really works for privacy.
The Privacy Community Group is another important element, they deal with a lot of incoming privacy related proposals.
This is sort of the entry point in the W3C for when you've got something that you think could make the web more private.
The Improving Web Advertising Business Group allows those companies that are part of the W3C to talk about what they use the web for that currently interacts with a lot of these privacy proposals.
They're a valuable stop for when we are working on specifications to understand what the use cases are, what different businesses want to do with the web and how these different ideas we have could interact with and either help or harm those use cases.
The Payment Group is dealing with new ways to handle web payments, and part of that is important privacy characteristics.
There's nothing you want to leak to a website you don't trust less than your credit card information, so this is a great place to talk about privacy as well.
The Federated Identity CG, they're working on ways to replace some of the mechanisms that we use to log into the web with more privacy respecting mechanisms.
This is especially important because a lot of the ways we log in right now, while they may be used in a good way by good organizations have the potential to leak a lot of user data and that needs to get fixed.
WebAppSec or the Web Application Security Working Group starts putting together major sort of infrastructure pieces of security and privacy along with a lot of other security factors on the web.
A lot of their stuff impacts our work, and whenever we're dealing with things like new headers or requests based information, they're going to be an important part of the process.
The WebAuthn Group is also looking at login and new ways to do that in a more secure and privacy respecting way.
And of course there's the group that I co-chair, the Private Advertising Technology Community Group.
This group is where we're working on that very specific intersection of private and advertising technology.
It's a really cool space because we're trying to figure out how to keep the web running and making money in a world where you need to make money if you want to survive.
So this is open to everyone, it's a community group, you could get involved tomorrow.
The information is on here, the link to this slide is a great way to get here as well, and it's really important, we meet usually about once every six weeks and we talk through these various proposals.
We actually just got a very exciting moment this afternoon where we kicked off the specification process for private measurement, a replacement for a lot of the ad based measurement that is currently leaking your information all over the web.
You can also get involved by giving feedback.
A lot of these privacy proposals go to trials or beta tests or origin trials in various browsers.
They write up great blog posts, I took some of the illustrations from those blog posts, and you can get involved by testing them as a developer.
They will also look for various places to give feedback.
Every single specification that the W3C'S groups work on and that the Private Ad Technology Group works on is going to end up on GitHub where you can open up an issue, give feedback, state a concern, let us know what's up.
I also have a great reading list for privacy topics.
If you want to read in and understand privacy in a more complicated and detailed way than I could explain in 15 minutes, this is a great place to start.
I maintain and update this page regularly.
And thank you.
I am Aram Zucker-Scharff, again, I work for the Washington Post as Lead Privacy Engineer.
You can follow me on Twitter.
You can also, the slideshow is linked on the website for this event, but here is a short link for it, here is a QR code.
Please use these to take this as a resource.
Everything I talked about, every slide, it has links.
Those links go to the original resources where you can read more in depth about everything that's going on.
I highly encourage it if anything strikes your fancy or if you are engaged in the kind of ideas around privacy or you know, making money on the internet, we all gotta do it.
So hopefully that has been useful, I will hopefully hear from some new people maybe in our next PAT CG meeting, I would love to have you.
Thank you very much for listening.