Thursday, May 23, 2019

Privacy Preserving Ad Click Attribution For the Web

John Wilander:

The combination of third-party web tracking and ad campaign measurement has led many to conflate web privacy with a web free of advertisements. We think that’s a misunderstanding. Online ads and measurement of their effectiveness do not require Site A, where you clicked an ad, to learn that you purchased something on Site B. The only data needed for measurement is that someone who clicked an ad on Site A made a purchase on Site B.

Today we are presenting a new technology to allow attribution of ad clicks on the web while preserving user privacy.


The browser should act on behalf of the user and do its best to preserve privacy while reporting on ad click attribution. We achieve this by:

  • Sending attribution reports in a dedicated Private Browsing Mode even though the user is in regular browsing mode.
  • Disallowing data like cookies for reporting purposes.
  • Delaying reports randomly between 24 and 48 hours.
  • Not supporting Privacy Preserving Ad Click Attribution at all when the user is in Private Browsing Mode.


Privacy Preserving Ad Click Attribution is in the early stage of being proposed as a standard through the W3C Web Platform Incubator Community Group (WICG). Please join the discussion and file issues to discuss how this technology fits with your use cases.

See also: John Gruber.


Update (2019-05-27): See also: Hacker News.


Alternatively, once the ad fraudsters have decided to scam an advertiser using this system, their ad fraud programs make a series of POST requests to the same well-known location pretending to be copies of Safari that have seen conversions from this ad campaign. The only way to detect this fraud would be to match up actual orders with claimed conversions from a particular site, completely bypassing the intended privacy protections. (Which probably wouldn’t be that hard in some circumstances, but fraudsters would of course get to target the scenarios where matching up orders is hardest.)

Like, as far as I can tell, this completely fails to provide attribution data that advertisers can trust at all because it relies totally on the honesty of software installed on end-user devices. It will also fail to provide the stated privacy level in many situations, such as when the user keeps the same unique-ish IP address for several days. The only thing it seems to achieve is good PR for Apple, who will get a bunch of stories from credulous reporters about how they’re trying to improve user privacy and the evil adtech industry is thwarting them because it wants to know everything about you.

1 Comment RSS · Twitter

[…] Privacy Preserving Ad Click Attribution For the Web […]

Leave a Comment