Earlier this week, 20 web advertising companies wrote to the World Wide Web Consortium (W3C)’s Advisory Board to ask that the standards organization revise its governance process to prevent ad tech giants like Google from running roughshod over the concerns of others with an interest in the web.
“We believe that the W3C governance process aims to represent all stakeholders of the web,” the letter says. “Unfortunately, as the web has grown in size, a disparity in organizational size now threatens this governance process.”
The signatory ad firms worry that technical terrain of the web is being reshaped to accommodate the interests of large companies like Google that can afford to have dozens of technical types participating in standards meetings and advancing their own interests.
As James Rosewell, CEO of data service biz 51degrees and one of the letter’s signatories, put it in a recent Twitter post, “At the moment Google proposals are bypassing incubation and going straight to prototyping.”
As he noted previously in a letter [PDF] to the UK’s Competition and Markets Authority, “Google contributes over three times as many individuals as the next largest contributor (Microsoft) to the W3C.”
The ad tech world is in the midst of major turmoil and is anxious about its future viability and how the $330b annual online ad revenue pie will be divided. Google and Facebook dominate their respective markets, as the UK’s CMA noted in a recent report [PDF]. Other ad-focused firms worry they’ll get less and less of the crumbs as web browsers skew more toward privacy. Roswell is concerned that personalized advertising could be impeded.
Part of the issue is legal regulation and the rules platform companies like Google impose on their ecosystem. Ongoing and expected antitrust inquiries into the practices of large platform companies may shake things up, but regulators haven’t had much success reining in tech giants over the past decade.
But advertisers also worry about web standards, the technical rules that get built into browsers and can be interacted with via application programming interfaces, or APIs. These web specifications represent a law of sorts in that they determine what is and isn’t possible in web applications.
Google forges Open Usage Commons to manage open-source project trademarks, lobs hot-potato Istio at it
For example, web browsers in the past allowed third-party cookies, by which advertisers could track people online and deliver targeted ads. Given the privacy problems of past approaches, browser makers Apple, Brave, Microsoft, and Mozilla now block third-party cookies by default and Google plans to phase them out in two years, alongside a number of other changes that will limit information available to advertisers but won’t limit data available to platform providers like Google.
New technical systems for web ads and web privacy have been floated in the hope of reconciling these often conflicting interests. For example, there’s Google’s Privacy Sandbox proposals, but fans outside of Google appear to be scarce and discussions about the scope of these technical specifications remain contentious.
“My issue is that the W3C and web standards groups need to follow established norms for a technology resource that’s used by four billion people,” said Rosewell, in a phone interview with The Register.
“It’s crazy that every few years we’re reacting to random events by dominant market players. If that happened in the telecom industry, it would be a nightmare. It would be like if your handset suddenly stopped working.”
An example of Google’s approach to the W3C can be seen in the Choclate Factory’s decision last year to block a proposed revision of the charter of the W3C’s Privacy Interest Group for fear it could limit the company’s power to decide how it builds its Chrome browser.
Wendy Seltzer, strategy lead and counsel for the World Wide Web Consortium, told The Register in a phone interview that the W3C Advisory Board intends to discuss the issues raised in the letter in a call next month.
Seltzer said the W3C has wide, active participation from a variety of interested parties. “I think we have a good governance process for review of work that’s on the standards strack,” she said. “And at the point when a proposal comes up from a working group, the entire membership has the opportunity to deal with concerns.”
While Seltzer declined to get into the role of specific organizations, she allowed that the W3C doesn’t have control over everything. “There are some participants who are also implementers, she said in response to a question about Google. “They can implement a proposal with or without going through any W3C process and we have no way of standing in their way.”
What the W3C can do, she said, is bring implementers in for discussion and when a proposal gets put forward as a standard, review and feedback can be provided.
Many of the changes affecting the ad industry follow from clear privacy violations and a browser architecture model that has proven to be both insecure and insufficiently defensive of sensitive data. Google, as both an ad service provider and steward of Chrome user security and privacy, faces the challenge of pleasing everyone, including shareholders.
The Register asked Google for comment but we’ve not heard back.
“It is undeniable that people from Google made significant and positive contributions to the security mechanisms of web browsers, improving security and privacy of web browser technology,” said Lukasz Olejnik, an independent privacy researcher and consultant and former member of the W3C Technical Architecture Group.
“At the same time,” he said, “some people express concern that some web browser features are meant only for the big platforms. We are currently in an apparent debate over the future of web architecture, including from security, privacy and advertising point of view. I am convinced that you can have a friendly and useful web browser architecture that respects user privacy. To maintain the current consensus model in web standardization, input should be welcome from all stakeholders, including the smaller ones.”
In an email to The Register, Peter Snyder, privacy researcher at rival browser maker Brave Software, said, “Brave is concerned that Google has a disproportionate role in web standards, and as a result, that the direction of the web could disproportionately reflect Google’s priorities.”
Where Google’s interests align with web users, he said, everyone benefits. But where they diverge, specifically with regard to issues like privacy, tracking, and allowing individuals to understand and control the code executing on their devices, the company’s outsize role in shaping web standards becomes an issue.
“A common pattern is that features (new and existing) will only be standardized because they’re shipped in Chrome first, before reaching standardization (and horizontal review) and other browsers then need to implement the non-standard to avoid breaking websites,” he said.
“Ironically, this pattern of other browsers needing to adopt these non-standards inadvertently aids the eventual formal standardization of these features later on, since having multiple feature implementations is a prerequisite for W3C standardization.”
As a result, he said, standardization isn’t so much about what browser makers believe would be good for the web and their users. Rather, it becomes a matter of bolting privacy on top of features that have already shipped and websites now expect.
“For example, during privacy reviews,” Snyder said, “PING (the privacy review body in the W3C) will frequently raise serious privacy issues in proposed standards, only to be told ‘well, the features already in the wild, so we can’t fix that issue.'”
Snyder would like the W3C to provide horizontal review groups – which review proposed standards to ensure they meet specific requirements related to privacy, internationalization, and accessibility – receive more resources and a more formal role to ensure technology isn’t put before people.
He also argues that the W3C should strengthen the role of civil society groups in the standards process, especially with regard to groups with interests that diverge from browser vendors. “While some civil society groups are members of the W3C, their role is in practice often advisory at best, and sometimes ignored (the EFF leaving the W3C due to the DRM fiasco is just one example),” he said. ®
Follow me for more information.