EDITOR’S NOTE — Three factors– the EU’s General Data Protection Regulation (GDPR), the impending California Consumer Privacy Act (CCPA), and a new willingness on the part of web-browser software makers to act on user privacy preferences — are threatening the business models of media organizations. In this Q-and-A, ITEGA Executive Director Bill Densmore speaks with Don Marti, a Mozilla Inc. open-source strategist, about how news companies could respond.
DENSMORE: Lots has changed this year in the way the public perceives privacy and identity on the web. There are new regulations and new expectations brought on by coverage of major data breaches. And from what you have been saying, Don, the companies that make web browser software are becoming more willing to adjust their technologies to be responsive to the public’s interest in privacy and not being “tracked.” I’d like to talk about these changes and how they could affect news publishers and broadcasters. I understand that you work for Mozilla Inc., maker of the Firefox browser, but that your comments are personal and don’t represent the company.
MARTI: The web browser is a really interesting player because the web browser is software that runs on the user’s computer or phone and so it’s expected to reflect the interests of the user. Today, everybody who makes web browsers does a tremendous amount of user research on what users expect; what is going to give them an experience that is not only secure and safe but makes them feel secure and safe too. We know, for example, there is increasing interest in what we call “enhanced tracking protection.” As a result, Mozilla has been working with ITEGA’s original parent organization, the Reynolds Journalism Institute, and with the University of MIssouri, on a project called Global Consent Manager.
DENSMORE: So the other major browser makers besides Firefox and Google’s Chrome, and Microsoft’s Edge. One upstart is the Brave browser, and then there are several others with much smaller user bases. What does your surveying at Mozilla tell you people want from the Firefox browser?
MARTI: User researchers are getting a fairly consistent set of answers about what people prefer on how their activity on one site follows them — or doesn’t follow them — to another site. So now we are in an interesting race among browsers to implement those preferences correctly and to implement them in such a way that we don’t break functionality that users care about. Most people don’t want their activity from one site to follow them to another site. People do expect to have an informing and engaging experience with a site. What you don’t expect is for your information about your activities on other sites to be reflected there.
DENSMORE: Can you give me real-world examples of what you’re talking about?
MARTI: Sure. Ii I go to the public library and I read a bunch of books on a particular topic, then I don’t expect to walk out of the public library and go to the local Mexican restaurant and have food items recommended to me based on what I was reading at the library. Pythagoras, the ancient Greek philosopher, was highly against eating beans. He thought it was bad for you. So if I was reading about the Pythagorean Theorem at the library and I went to the same taqueria and they said, “Would you like it with no beans?” that would not be consistent with my expectations. If I’m shopping for a Mac Pro, a computer that is going to cost me quite a bit of money, I don’t want my high-end Mac shopping experience to mean I get quoted higher prices for a hotel room the next time I go to a travel site.
DENSMORE: Does the browser-makers’ surveying show there are any purposes for which people are willing to be tracked?
MARTI: There are multiple groups. They majority don’t want to be tracked at all. There is a minority willing to see tracking if it gets them personalization that they want. There are subsets of users that have different preferences so you can’t generalize about everyone but you can get a baseline to start with — one that is going to be most likely to give a reasonable good experience to the largest number of people.
DENSMORE: Now tell me about the contest you see among browser makers to be responsive this surveyed desire about privacy and tracking? You write about it in a personal blog post, “The new browser consensus and SSO.”
MARTI; You can think of it as the world’s friendliest browser war because people from all the companies are thinking about and posting on public forums on the same issues. So it is more of a friendly contest. The browsers were for a long time like an email service without a spam-blocking filter. They would let anything through. That started to change. First Firefox came out with tracking protection you could turn on if you could find it. Then Apple came out with Intelligent Tracking Protection which they did turn on — by default. After Apple did their thing, Firefox did “Enhanced Tracking Protection,” which is similar in goals and scope to Apple’s but works in a much different way. Now Microsoft Edge is doing their own tracking prevention. So there is a spectrum of protection technologies just like there were different ways to do spam filters and different browsers are taking alternate routes to the same goal.
WHAT IS Chrome DOING?
Google’S Crome seeks to force identification of “cookie” purpose so they can be blocked | Source: Chromium Blog, Ben Galbraith – Director, Chrome Product Management
DENSMORE: So let’s turn to the challenges now facing news organizations that rely in part on advertising to support journalism, which is one of the interest areas of ITEGA. The major platform companies — Google, Facebook, Amazon and Apple –each have some method by which they invite users to “register” with them. In some cases, it gives the user a method to “log in” to other sites on the web. (See additional links at bottom of this post). With Facebook that is Facebook Connect. With Google it is your Google Account. To a lesser degree Amazon is doing this for independent sites, and Apple has recently announced that it is going to offer a “Sign In with Apple” service. How do these things relate to publishers and advertising?
MARTI: These SSO log in services give the platforms a way to directly track user activity across large portions of the web when you “log in” with them. By comparison, news publishers and other sites who don’t have logged in users across a network or in some cases even their own services, have to rely upon data they get from third parties to understand the interests of their audiences. And those third parties acquire that information by putting “cookies” and other tracking beacons on your device when you visit many websites, collecting and aggregating information about your activity without your permission — so called “data leakage.” As the GDPR, CCPA and browser changes make that kind of opaque surveillance either illegal or impractical, the news organizations are faced with a choice — they either need to begin to register and learn directly about their user’s interests, or create a system they can be part of that does so in an open and transparent way.
DENSMORE: Got it. So I think one system you are talking about is called federated Single Sign On (SSO), which is something ITEGA is working to see implemented for the Local Media Consortium and others. the idea is to create an option to platform logins that is governed in a way that is friendly to the public privacy desires — and to news organizations — rather than to the platforms. Now could the platform login buttons just become part of a larger system then?
MARTI: Absolutely. But if an existing vendor builds a “Sign In with Google” button, it just becomes another point of control for that vendor. If you want to make an argument for a publisher group supporting an independent SSO system, that’s a pretty good one. If the publishers established an SSO system where the user data lived inside that SSO — and is only available to the publishers of the sites where publishers chose to use that SSO — the publishers then end up with access to a bunch of user data that is attractive and is a complement to, search, intent and contextual data sources..
DENSMORE: So if I understand what you are saying, a challenge for publishers is to figure how how to support creation of an independent SSO service that Google, Facebook and the others might be able to join, but not control.
MARTI: And it also has to pass muster with mainstream privacy tools. Besides browsers, another good organization to talk with early in the design of a system is the Electronic Frontier Foundation, which created and supports Privacy Badger, a free and open-source browser extension that detects and blocks tracking scripts. Although it’s not intended to block all ads, it ends up blocking many ads as a side effect when they’re tied to tracking cookies. Bringing privacy developers in on the design of a system earlier can help avoid problems like that.
DENSMORE: Thank-you, Don, for walking us through this complicated situation!
- Google’s New Chrome Makes It Easier to Bypass Newspaper Paywalls | Slate.com
- Chrome 76 is out, making it easy to get past paywalls | TneNextWeb.com
- Circumvent those paywalls: Chrome 76 is here: Flash blocked by default, incognito mode can’t be detected | TechSpot.com
- Chrome 76 arrives with Flash blocked by default, detecting Incognito mode disabled | VentureBeat.com
- Google seeks to force identification of “cookie” purpose so they can be