It’s not about Advertising. It’s about Consent

The Early Web

I built my first website in 1996, so I’ve been thinking about the issue of online consent for almost two decades. The trigger was the pop-up window, and its insidious cousin, the pop-under. My though process went like this: Do I have control over this computer that I paid for? Do I get to decide what software is running? How many windows that software has open? Or, by simply following a hyperlink, do I consent to the site at the other end of that link taking some of that control away from me?

The answer to that last question is, of course, hell no.

By visiting a website, I cede control over what happens inside one browser window (one tab now, but those were dark, tab-less days). That site does not get to decide how many windows are open on my computer. My opinion on pop-ups was not unique. The outcry from early web users was loud enough that every major browser implemented pop-up blocking and turned it on by default. Score one for consent.

The Middle Years

Some time after the initial web bubble and burst, consent came under fire again. Everything started innocently enough, as people who published things online wanted more information about how their work was being seen. At first, analytical tools offered data about visitor numbers, how they found a site, what pages they visited on that site, and how much time they spent there. There’s nothing creepy or intrusive about any of that. If I walk into Macy’s in real life, it’s okay for them to know there’s a shopper who spent x minutes in kitchen-ware and another y minutes looking at socks.

But what if that real-life Macy’s had the ability to look at me and instantly know that I’d been to JC Penney earlier that day, spent an absurd amount of money at Total Wine the night before, and was at Planned Parenthood for several hours last week? What if it isn’t just Macy’s who knows those things, but the 11 contractors Macy’s invited to share the data? By walking in the door, did I give consent for those 12 parties, 11 of them unknown to me, to know that I, Tom Mangan, who lives at [address], spends too much money on books, drives an old Subaru, and doesn’t seem to be dating anyone, have spent z minutes walking around the linens department?

The answer to that last question is, of course, hell no.

My walking in the door does not give any company the right to any data other than the fact that there’s a person standing in their store. For the most part, I’ve been able to control what a brick-and-mortar store knows about me. Automated facial recognition is a hard problem, but will probably put an end to that control soon, barring some kind of heroic legislation.

Automated computer recognition, on the other hand, is extremely easy. Any website I visit can send scripts to my computer that collect all kinds of data and send it anywhere without my consent. Those scripts can even come from third parties that share data across lots of sites, and agglomeration of that data can make it trivial to figure out exactly who I am and exactly what I do, both online and off. So if I shop for anti-fungal cream at target.com, the next ad I see at wsj.com can be for athlete’s foot remedies. By visiting target.com, did I give consent for an unknown number of third parties to know I went barefoot in the wrong shower? Did I give consent for any of those parties to share that information with any other party?

The answer to those last two questions is, of course, hell no.

By shopping at target.com, I consent to have target.com, and nobody else, know what I searched for and/or bought. Unfortunately, that data is like gold to advertisers, so most ad companies don’t care if I consent or not. While placing an ad on the page at cnn.com, they also hit me with a bunch of tracking scripts, or they would if I didn’t explicitly deny consent. I set the Do Not Track flag in my browser, and No Means No. When a company tries to track me even after I’ve asked them not to, they don’t get to send anything to my browser; not tracking script, not cookie, not advertisement.

I set the Do Not Track flag in my browser, and No Means No.

For several years, I have used Ghostery to block known tracking scripts, and I’ve just recently begun trying out Privacy Badger, a product of the Electronic Frontier Foundation. Because I use these tools, and because most ad companies try to track me in spite of my wishes, I end up not seeing many ads online. But that’s just a side-effect. More importantly, I get to exercise some control over who knows what about me. Score another one for consent.

The Modern Web

I have a pretty simple rule about web browsing: if the thing I came to see is not visible, I close the tab. Modal ad sitting on top of the content? Close the tab. Interstitial before the content even loads? Close the tab. Modal pops over the content while I’m in the middle of reading it? Close the tab. To run the Macy’s analogy into the ground, If somebody refused to let me in the door until I acknowledged them, I would not spend time figuring out exactly where to punch them so they’d go away. I’d just leave.

Since blocking trackers ends up blocking a lot of advertising, I hadn’t realized how widespread this user-hostile behavior had become. Then I got an iPhone.

If somebody refused to let me in the door until I acknowledged them, I would not spend time figuring out exactly where to punch them so they’d go away.

For a long time, I was very reluctant to open websites on the iPhone. Too much data about me was being gathered — no, make that stolen — without my consent. Now that iOS enables inaccurately named “content blocking” (hint: the content is the stuff I came to see), I have more control over what my device shares about me to websites, and to third parties in partnership with those websites.

The main side-effect of exercising control over the device and data that belong to me is that now I don’t see many ads while browsing the web on my iPhone. This is the fault of the advertisers who don’t respect my lack of consent, and therein lies the solution to the current panic over content blocking.

Ad companies who want to survive: treat people as if they have rights, and respect them when they say no. I’m not blocking ads; I’m blocking trackers. Serve ads without tracking me — and without obscuring the content — and we’ll get along just fine.

The content blocking issue is not about advertising. It’s about privacy, and it’s about consent. Can the web be a better experience for everyone when users have control over their privacy?

The answer to that question is, of course, hell yes.