Google’s IP Protection Raises Concerns for Some Advertisers

Google’s IP Protection aims to be a privacy-forward feature that blocks websites from tracking users’ digital footprint, but some advertisers worry this is just another power grab. 

Google is seeking public comment on its revised IP Protection feature, part of its Privacy Sandbox initiative. They believe a two-hop process may offer consumers maximum protection against covert site tracking. A few months back, AdMonsters explored how it will impact publishers. Now, let’s see what advertisers are saying about it.

A Quick Recap

Google’s IP Protection is a proposed feature that blocks websites from tracking users’ digital lives. They introduced the feature three years ago under the name “Gnatcatcher” and conceived it as an opt-in. 

To prevent covert tracking, Google is considering a two-hop privacy proxy system. First, the feature will send traffic from Chrome browsers to a privacy proxy, creating a secure and private tunnel from the browser to the destination website. This means that the destination website will not see the IP address assigned by the ISP for that session.

There’s also talk about routing some (possibly all?) through an external CDN for additional protection, but the specifics are still murky.

Some Advertisers are Worried

Some have raised concerns about the potential impact of IP Protection on ad targeting and measurement. Location-based targeting will take a hit, which for some advertisers means more than just retargeting users’ mobile devices as they pass by a brand’s retail outline.

Some brands — think online betting and gaming apps — need to know a user’s IP address of origin to comply with local laws. Take, for instance, Illinois, which permits online betting, and Missouri, which does not. The two states share a lengthy border, and St. Louis, Missouri, is just four miles from East St. Louis in Illinois. Countless people commute across state lines for work. It’s easy enough to target a reader of a St. Louis website with an online gaming app. Yet, the advertiser could face legal ramifications if that person is a Missouri resident.

Geolocation is also helpful in ensuring the right user sees the right ad content. Let’s say an insurance provider wants to target users during open season in the Upper Valley, which spans Vermont and New Hampshire. Without knowing the user’s IP of origin, the insurance provider can waste ad spend targeting consumers who don’t qualify for its services. IP addresses have been instrumental in helping advertisers display the right ad content to the right user, and they fear they will lose this efficiency with widespread IP blocking.

At present, Google is planning to limit IP Protection to its sites, but that’s not enough of a comfort to some advertisers. “The spirit of using proxy IPs for increased privacy is in the right direction as long as it is focused on the bad actor domains tracking IPs. If, however, it bleeds across to all domains and impairs personalization, targeted ads, and other useful functionality offered by ABM providers, it could certainly present new challenges,” Chris Golec, founder of Channel99, told MarTech last year.

It’s a concern shared by privacy lawyer and GDPR expert Atis Gailis, who wrote in a GDPRBuzz post: “Google’s IP Protection feature is a significant step towards enhancing user privacy. However, the challenge lies in striking a balance between protecting user privacy and maintaining the functionality of legitimate use cases.”

Not Everyone is Buying the Privacy Argument

Part of Google’s reasoning is that “IP addresses can be stable over periods of time, which can lead to user identification across first parties.” The word “can” is pretty important here.

There are different types of IP addresses, including public, private, dynamic, and static. Private IPs are those used by corporate Intranets; one IP address serves all the corporate network devices. Individual devices remain private, making tracking individual users by covert third parties difficult, if not impossible.

And 55% of users access the internet via mobile devices, which are generally very dynamic and change every few hours. IP data providers have noted that the same mobile IP address can be observed in locations thirty miles apart within very short time frames. A user’s mobile IP address can change 20 times a day!

IPs that provide residential connectivity tend to have more stable addresses, but according to Forbes, 77% of people use VPNs for personal use, taking it upon themselves to protect their privacy. 

Some critics have expressed concerns that the feature may not provide meaningful privacy benefits and could be used to further Google’s data collection efforts. It’s a land grab if you will. On a blog for ProtonVPN, Ben Wolford calls IP Protection privacy washing. “The idea behind IP Protection is much the same. It shields your computer’s IP address from other websites while passing all your web traffic through a server owned by Google. This gives Google a God’s-eye view of every website you visit at all times while using Chrome, whether you are logged in to your Google account or not.”

He’s not alone. “As with all aspects of the Sandbox, IP Protection is an anti-competitive technology that Google is attempting to impose upon the web under the veil of privacy. It removes an important piece of data from Google’s competitors whilst they can continue to make use of it,” writes Thomas Clayburn for The Register.

This land grab is precisely why The Movement for an Open Web (MOW) filed a complaint with the UK’s Competition and Markets Authority (CMA) last November, stating that Google’s new IP protection methods are anti-competitive. In addition to the unfair advantage, MOW is concerned that IP Protection will make keeping kids safe on the web more challenging.

Advertisers who share these concerns can voice them to Google, as the feature is still in the proposal stage.