This article is more than 1 year old

Google's second stab at preserving both privacy and ad revenue draws fire

With PIGIN skewered, take a look at this lovely TURTLEDOVE

Last month, Google withdrew a poorly received web proposal for ad management called PIGIN, short for Private Interest Groups, Including Noise, and replaced it with a better branded spec called TURTLEDOVE.

Though more appealingly named, the sequel, which stands for Two Uncorrelated Requests, Then Locally-Executed Decision On Victory, has again met resistance.

Intended to move ad auction logic from remote servers the local browser in the name of privacy, TURTLEDOVE has elicited concern that it might revitalize pernicious adware and hinder ad blocking, among other potential pitfalls.

PIGIN was one of several would-be browser technologies in Google's Privacy Sandbox, the ad giant's response to the privacy-protecting, cookie-killing initiatives coming from competing browser makers that threaten to staunch the flow of data that drives its behavioral ad targeting.

PIGIN involved tracking internet users' interests within the browser and sending those interests to advertisers. "PIGIN is about remarketing, aka those ads that follow you around the web," explained Michael Kleber, the Google software engineer behind the proposal, in a W3C group meeting last year.

The proposal was slammed for inattention to privacy concerns. As the EFF put back in August, "Google continues to invent new privacy-invasive practices for users to opt-out of."

TURTLEDOVE represents another attempt to reconcile privacy and targeted advertising. It describes an API in which the browser, rather than the advertiser, would store the advertiser's interpretation of the browser user's interests – in essence, a list of user interests would be generated locally, in the browser, and would remain there.

The API would let advertisers serve ads based on those interests without being able to combine that data with other information. And it would prevent websites and associated ad networks from learning about their visitors' ad interests.

The proposal reflects Google's position that targeted ads generate 52 per cent more revenue than non-targeted ones, a claim that was challenged in an academic paper [PDF] last year.

In a series of Twitter posts on Friday, Myles Younger, senior director of marketing at media consultancy MightyHive, described TURTLEDOVE as "a hammer in search of a nail" and said he was only half-joking in likening it to adware, because it relies on injected JavaScript.

"The user – an average citizen – isn't going to care that the targeting was locally-executed," observed Younger. "To a consumer, it's still going to feel like being chased."

He suggests the proposal is really just an attempt to "to find a way to resurrect site retargeting without 3P [third-party] cookies."

Younger challenges TURTLEDOVE's assumptions – that people prefer targeted ads and that publishers make more revenue with targeted ads.

John Wilander, a software engineer who works on Apple's WebKit, notes via Twitter that Apple and Mozilla previously argued for an alternative scheme by which users would express their own interests instead of having advertisers make that determination. It would have been an opt-in system rather than the opt-out one envisioned by TURTLEDOVE.

He points out that allowing a machine learning system to compute user interests could expose sensitive information, like a personal gambling problem, for example.

"Audience matching and machine learning should not have the final say on a user’s interests and personality, especially not if those characteristics are targetable by ads cross-site," Wilander wrote. "Users themselves should decide if they want a targetable profile and what that profile contains."

We can go our own way

While TURTLEDOVE may need further work before the web community accepts it, the Brave browser already has a privacy-preserving client-side ad system in place.

In his own Twitter thread on TURTLEDOVE, Peter Snyder, privacy researcher at Brave Software, elaborated on some of the potential problems with Google's approach.

First, he suggests Google may be underestimating the difficulty of preventing lists of interest groups being combined to identify individuals. Second, he argues that having advertiser-provided JavaScript execute on the user's browser opens up concerns about that privacy protections could be bypassed.

Third, he says, the system depends on Web Bundles (websites packaged as a file), which allow ads that "would prevent ad blocking tools from blocking unwanted subresources."

Brave, he adds, is "working with Google to address this problem, but it's not clear how that will work out, so it's a concern."

Chrome icon on sandy beach

Google promises next week's cookie-crumbling Chrome 80 will only cause 'a very modest amount of breakage'


There's also some interesting speculation from Paul Bannister, EVP and founder of ad management biz CafeMedia, that Google's enthusiasm for moving ad auctions to the client reflects a desire to deal with both regulatory concerns and the potential competitive threat posed by rivals. Chief among these is Prebid, which offers open source software to coordinate a form of ad auction known as header bidding. Another worry is that TURTLEDOVE could cut third-party analytics companies out of the loop, giving Google more power.

Kleeber, in response to the issues raised by Younger and others, argues that new APIs are "a necessary part of the broader goal of stopping tracking on the web." He maintains that the client-side JavaScript from advertisers would not be allowed to touch the surrounding page or network. It would only be allowed to set the bid price for the ad that came with it.

He acknowledges that further work needs to be done to prevent IP address tracking, insisting that people do prefer targeted ads over untargeted ones, and admits that local resource usage will need to be watched carefully to prevent abuse.

"I think something like TURTLEDOVE is feasible, and is necessary for dropping 3p cookies without trashing web sites' ads revenue," he said. "And browsers are EXACTLY the place to do this, because the open web is THE place where people get content from millions of sites without paying." ®

More about


Send us news

Other stories you might like