The Ethics of Modern Web Ad-Blocking marco.org

Marco Arment:

Web ads are dramatically different from prior ad media, though — rather than just being printed on paper or inserted into a broadcast, web ads are software. They run arbitrary code on your computer, which can (and usually does) collect and send data about you and your behavior back to the advertisers and publishers. And there’s so much consolidation amongst ad networks and analytics providers that they can easily track your behavior across multiple sites, building a creepily accurate and deep profile of your personal information and private business.

All of that tracking and data collection is done without your knowledge, and — critically — without your consent. Because of how the web and web browsers work, the involuntary data collection starts if you simply follow a link. There’s no opportunity for disclosure, negotiation, or reconsideration. By following any link, you unwittingly opt into whatever the target site, and any number of embedded scripts from other sites and tracking networks, wants to collect, track, analyze, and sell about you.

To make matters worse, most publishers neglect to adequately inform their readers about what ad networks and analytics software they use, or how many of them are presently in operation.

Vox Media’s privacy policy is typical of most larger publishers’ policies. It notes that they or third parties can set cookies, use pixel tags, and serve (targeted) advertisements. It’s only deep into the privacy policy that they link to a page where they list some of their third-party providers. However, it is woefully out of date; Vox lists 13 third-party scripts, but Ghostery counts 26, including those from Aggregate Knowledge (cross-device targeting), Criteo (retargeting), and Lotame (cross-platform visitor tracking). Gross.

Some publishers, like Bloomberg, do not list third-party scripts in their privacy policy. Ghostery found 14 third-party scripts on their homepage, of which 12 are for advertising or tracking purposes.

Still other publishers, like BGR, don’t have a privacy policy at all don’t link to their privacy policy,1 because they are assholes. BGR uses 24 third-party scripts on their site, including 17 trackers and advertisers.

  1. BGR’s privacy policy hasn’t been updated in decades. “When visiting our site, some general information is collected including […] Operating system (e.g., Windows 95) Browser software (e.g., Microsoft Internet Explorer, Netscape) Internet Service Provider (e.g., Earthlink, Verizon).” ↥︎