This spec literally defines a way of doing so without attribution - the various confirmation mechanisms are all done using stateless and cookieless network requests - all the site operator gets is confirmation that someone did something.

The alternative is a browser breaking all the tracking mechanisms and then getting blocked because it’s “blocking ads”.

This provides an API that allows ads to work, while also allowing a browser to block all the tracking techniques currently being used.

That way web sites can have a revenue stream without gratuitously violating their reader’s privacy.

The spec is about doing attribution, literally. It makes the attribution anonymous just to work around privacy advancements that have been adopted recently.

Until browsers get blocked for being anonymous, this is never in the interest of the user.

And if a site doesn’t work unless I turn off adblock / switch browser, then it’s most likely bad on multiple levels.

Agree. To add, if we accepted this as the attribution source of truth, there would be large conflicts of interest from companies like Google who own an ad network and also Chrome. They would basically claim all Adwords traffic is awesome.

>The alternative is a browser breaking all the tracking mechanisms and then getting blocked because it’s “blocking ads”.

That's fine. That's the browser I want. If a website doesn't want me to visit, that's fine. I won't.

I'd rather make it as hard as possible for any adtech to track me, a "standard" is the worst that can happen.

Did you read the article, it specifically does not allow the site to track you.

Since the 1990s I have always felt that advertisers feeling entitled to not only receive ad click data, but to only pay people based upon it, as inherently fraudulent. Advertisers in every single other form of media have never had access to this data. And they've certainly never even dreamed of only paying the person hosting the advertising in cases where an iron-clad case can be made that the advertisement led to a particular sale.

Of course they wouldn't. It betrays almost the entire foundation of marketing and advertising itself. Building brand recognition, forming brand opinion, encouraging new social and personal practices, etc are big parts of advertising. And now because the Internet is around, we're just supposed to give companies all of that brand building and everything else completely for free, only having them pay for specific sales funneled directly and provably through an advertisement? Can I get an ad played during the Super Bowl and only pay the TV networks when someone can provide proof the ad was the cause of their purchase? Can I get an ad in the newspaper like that? Radio? Roadside billboards? Where? Where else do I get to just rob the person hosting the advertisements of basically all advantages of advertisement and only rarely pay them for providing the venue?

I far preferred project wonderful’s model where The advertisers bid for add space. That made so much more sense.

Aparently it was shut down? I wonder what happened.

Edit: it looks like they were focused on independent blogs and since those have far less traffic now they couldn’t afford to stay open. That really sucks, at least it’s a good example of how the web is a much worse place when it becomes centralized.

No worries, just switch to a browser that doesn't do that and marketers can go back to fingerprinting you instead

Why wouldn't a marketer fingerprint you while also using the attribution system? Why couldn't a browser without the attribution system have all of the same anti-fingerprinting tools as a browser that has one?

The problem is that currently if a browser does break every tracking mechanism they may be interpreted as running an adblocker, alternatively site operators may just block that browser entirely.

So if a browser does want to protect its users it is necessary to provide a fallback to allow site operators to make revenue from ads.

Hence this proposal: provide a system that allows the necessary steps for ads to work, without violating user privacy. Then browsers can start more aggressively blocking trackers.

> Then browsers can start more aggressively blocking trackers.

Will browsers be able to? Are vendors encouraged to do so?

Safari already does actively work to block trackers.

Ending the arms race is of value. If you offer a fair thing, then you can push the shady guys out.

DRM support in the browser allowed video on demand in a way that video providers were okay with. It ended the content war for video.

It's a post on webkit.org, not mozilla.org.

Click attribution can be handled completely server side. The browser can't protect you.

If you don't want to be tracked, then don't click on the ads.

Actually, if you don't want to be tracked you have to prevent the advertiser's code from identifying you, which is borderline impossible.

You could potentially stop their code from running on your computer, but you can't stop them from running code on their servers, and if you make yourself hard enough to fingerprint, CAPTCHAs become impossibly difficult.

Fingerprinting has its limitations and is not a practical way to pass data from the advertiser to the ad network.

Plain old cookies and unique url parameters are the bread and butter of ad tracking. It is a much more accurate and practical way of tracking you.

Considering that Mobile is about 50% of web traffic and that cookies are not very useful on mobile as well as ITP, I would say fingerprinting has been a very practical in building user profiles.

Cookies still work on mobile and ITP can be bypassed. Cookies are still king.

It is just that trackers are relying more on first party cookies than 3rd party ones.

I'm unsure as how you would identify people across apps using cookies but.. okay.