AdTruth Joins W3C: Q&A With Ori Eisen, Founder and Chief Innovation Officer

Device recognition specialist (no cookies required) AdTruth, a division of 41st Parameter, has further upped its pro-privacy ante by joining the World Wide Web Consortium (commonly known as W3C) – specifically the Tracking Protection Working Group, which is developing guidance for implementing and adhering to Do Not Track (DNT) functionalities for browsers, publishers, marketers, advertising technology companies and others. Founder and Chief Innovation Officer Ori Eisen gave us some thoughts on why AdTruth joined the W3C and publishers shouldn’t fear DNT while sharing the advantages of device identification over other tracking technology.

Why did AdTruth decide to join the W3C? Why do you want to be a part of developing guidance for Do Not Track policies?

At AdTruth, we believe actions speak louder than words. Too many companies offer pro-privacy and pro-consumer rhetoric but do little to substantiate their claims. The result is nothing more than marketing blurbs. As AdTruth was being developed, we sought out privacy leaders, like Mozilla, to find out how we could provide tracking capabilities and still respect consumer privacy.

Mozilla’s Firefox was the first browser to support Do Not Track across multiple platforms and we recognized this was a simple and effective way to give consumers additional privacy while browsing the Internet. We added DNT support to our device recognition solution and quickly won the praise of Mozilla on their privacy blog for being the first commercial solution to adhere to DNT.

Obviously we’re strong believers in DNT. It has an important role in self-regulation, user privacy and ultimately choice. The FTC and the EU are both urging a solution like DNT to be the cornerstone of privacy in digital advertising. The W3C is taking an active role by bringing industry leaders from both sides of the debate to develop a comprehensive DNT standard. We fully support this effort and believe it is critical to take an active role in this conversation.

Should publishers be scared of do-not-track functionality?

Publishers are often the forgotten players in the debates on privacy and data ownership. Unfortunately, while they were focused on building a sustainable eCommerce business or migrating their content online, the networks they depended on to drive traffic and revenue ended up causing a bit of a mess in terms of perceived privacy.

Should they be concerned over DNT? Of course not! What they should be scared of is the alternative. The less able we as an industry are to address users’ very reasonable privacy concerns, the more likely regulators are to step in and impose solutions that no one will like.

Can you give a brief description of how AdTruth’s device recognition technology works?

It’s very simple really. The first time someone visits a site or service that uses our technology, a snapshot of their system is taken – it includes things like the device type, its operating system, the time and on and on. We use so many variables to create a statistical probability of recognition (none of which, by the way, include any PII or even an IP address) that, like snowflakes, no two devices are alike.

The next time that device returns to the site, it is matched against saved profiles. Once a match has been made, the AdTruth technology functions very much like other approaches to tracking – but without the sticky privacy issues. DNT is already a part of the technology’s DNA and any other privacy choice or compliance signals like the DAA’s OBA opt-out is very easy to integrate.

What are the chief advantages of device recognition over cookies, pixels and other tracking techniques? What are the disadvantages?

Where would you like me to start? Cookies, whether on the grocery shelf or on your computer, have a fairly short shelf life. It’s measured in days, whereas our approach lasts much, much longer.

Then there is the challenge of mobile devices. So many simply do not accept cookies at all which makes using them as part of an integrated marketing strategy difficult – not only to track a campaign’s performance but also to implement advanced targeting and personalization capabilities. We’re able to create a unique ID for any type of device – smartphones, tablets, computers, gaming systems, etc. If it can connect to the Internet, we can recognize it.

Now there are companies that claim to do what we do; but they don’t seem to understand the realities of the advertising industry. We do. Our technology is installed on-premises at a client’s location. This is important because it means our approach is faster and adds no latency to the process. Even the few fractions of a second it takes to make a call to a centralized server to match a device against known device profiles and serve a targeted ad are enough to impact performance – and that’s completely unacceptable. Our on-premises approach also gives our clients complete control over their own data and privacy rules.

The biggest benefit of the hosted/centralized model for our competitors is that it gives them the ability to sell user data. No doubt it’s lucrative but it’s completely antithetical to our pro-privacy view of the world.

We also have a very interesting – and patented – approach to ensuring the highest degree of certainty when identifying a device. We call it TDL, or time differential linking. Every device has a clock and that clock measures time down to the millisecond. Of course virtually no two clocks say the same time (just try asking people at the next party you’re at – you’ll get a different time from everyone). When two devices look similar to us, we’re able to use TDL to tell the two of them apart. It’s a very powerful way to ensure the identity of a given device and it’s something no other technology can match.

The other difference – and this is perhaps the most troubling – is that some tracking techniques try to hide what they’re actually up to. They might not drop a cookie or other tracking tag per se, but instead bury it so deep in a user’s system that no amount of cache clearing is ever going to dislodge it. This is just wrong.

How do you see the great online privacy debate changing in 2012? What factors will become most important?

2012 is going to be a huge year for privacy – mostly driven by developments in the EU. Obviously we’ve had a lot of news out of Brussels in the last week or so but that’s just the tip-of-the-iceberg. In May, opt-in will go into effect in the UK and that’s going to be a big deal.

With Google consolidating their 70 different privacy policies into one overarching privacy policy and terms of service (I feel like I’ve gotten a lot of emails on this over the past few days), Facebook moving everyone to Timeline; and who knows what else on the horizon, 2012 is going to be a big year.