Ad Blockers and Server-Side Tracking, Part 1: The Ever More Challenging World of Client-Side Tracking

Lukas Oldenburg
7 min readNov 17, 2019

--

In the first part of this series on Ad Blockers and Server-Side Tracking, I will look at how the proliferation of technologies like Safari’s ITP have put the good old “client-side” tracking into limbo. This will ultimately lead not to less tracking, but instead to less transparent tracking — at least for those companies that can afford it.

In the world of Digital Analytics and Tag Management (which normal people probably call “the tracking world”), there has been quite a buzz lately about technologies that limit the ability to track users — client-side, that is! Nobody seems to care about server-side tracking, maybe because it is not as visible, because it is not as easy and cheap to implement and thus not as common, even though the big tech-savvy companies have been doing it server-side forever (ever wondered why there is no Google Analytics on Google Search?).

A Wealth of Technologies Impeding (ITP) or Blocking Your Trackers

Most notable on the “restrict-the-(client-side)-trackers” front are Safari’s Intelligent Tracking Prevention (ITP), as well as the alleged spread of Ad Blockers, i.e. browser plugins, browser functionality (like Firefox’s Incognito mode or Opera’s built-in Ad Blocker) or even new browsers like “Brave” that pride themselves in “privacy” by automatically trying to block everything that looks like an ad or a tracker. Apple’s ITP is not as “brutal” as Ad Blockers: ITP “simply” limits a tracker’s ability to recognize users across longer time spans or domains. ITP is also not as stupid as Ad Blockers which simply try to match requests to a long list of URL patterns and then block those that match, often destroying actual website functionality that way.

Ad Blockers — good or bad?

It is a difficult question whether these blockers are “ethically” good or bad. On the one hand, in Germany there have been lawsuits by large publishing houses trying to outlaw tools like “Ad Block Plus” (so far unsuccessful, but we are in for another round). The Publishers’ — imho understandable — argument was that content is not free, and if people do not want to pay for content, then content comes in exchange for ad impressions, tracking, and user (or cookie-based) profiling. If you are surfing their sites and block these ads, you should not be allowed to see their content, they reason.

As much as I can sympathize with this, on the other hand I totally understand that people do not want to give their data to trackers by companies with a history of grave disregard for user privacy and data scandals like Google, Facebook, Amazon, Twitter (which gets the prize for the most stupid apology ever), and the like — companies that have always embraced a “strategy” of “let’s do something that’s obviously out of bounds, and then, in case it comes out, let’s pretend that we didn’t know what was going on.”

While the answer by Google & Co. has been to invent methods that try to work around ITP (“Conversion Linker” Tags, “GTAG”, “Parallel Tracking”), the answer by many sites has been to block users with Ad Blockers, asking them to disable the blocker or subscribe to a paid model (most track you anyway even if you subscribe).

Another answer to the Ad Blocker panic is that some companies have started to switch to a pure or partially server-side form of tracking, thus making it invisible to the outside world what is tracked and to which first- or third-party service (Ad Network, Analytics provider etc.) their data goes — unless some privacy officer finds the time to check on what is happening inside that company (difficult), or some data scandals happen.

Ad Blockers ultimately lead to less, not more tracking transparency

In other words, Ad Blockers and tracking prevention mechanisms may ultimately lead to the opposite of what they intended: Less transparency about tracking and more (and even more intransparent) stuff done behind the curtain. Ad Blockers (and privacy-enhanced browsers, ITP etc.) can block only what they “see” (e.g. a request to the Tag Management script URL, a cookie set by JavaScript instead of server-side), but if stuff is happening server-side, they have no chance to block reliably across sites.

And maybe more unfairly, the sites that can only afford the more primitive client-side tracking technologies (like a normal Google Analytics tracking script injected via Google Tag Manager) are the ones that are blocked while the big guns can hide behind the curtain. While privacy is rather easily controlled on the sites of the little guys, organizations that have too much data already anyway are cashing in big time because they have the technology to do so.

As much as web developers are right to complain about the “obtrusive” and “resource-intense” client-side tracking scripts that delay page load, as much we have to admit that, at least, these trackers are rather “transparent” in terms of what data they are tracking and where they are employed. Everyone can view the cookies they set, the requests they trigger in your browser, the data that is in these requests. Without that, Ad Blockers could not block them.

Spears of Equal Length

On content sites, the “nothing is for free” argument against Ad Blockers is more easily understandable, but what about E-Commerce? If I go shopping on an E-Commerce site, I am only giving (money to that shop), not taking, so why would it be justified to say “we want your money AND your data”? Very likely no E-Commerce shop will start blocking out users with Ad Blockers anytime soon. But also here, not being able to track and optimize their offer, their navigation, search, recommendations and yes, their (re-)targeting would be a clear disadvantage to their competitors, so they will keep tracking you as long they can —as long as there are no clear and enforced rules for all (Swiss like to speak of having “spears of equal length”).

“Spears of equal length” is probably one of the biggest aspects when talking about the impact of new legal frameworks (GDPR etc.). The main issue with the well-intentioned GDPR is that it seems almost impossible to enforce fairly. Figure that: German privacy authorities have been flooded with 200'000 cases of complaints against websites using Google Analytics! That feels like police in Berlin trying to get a hold of every jaywalker. And you guessed it, most EU Cookie Consent banners are meaningless or manipulative. Apart from some very rare market segments, respecting privacy unfortunately seems to cost more than disrespecting it or staying in the gray area.

The new verdict of the European Court of Justice now asks for explicit consent to cookies. What will this change? Maybe a couple more organizations that will scrutinize what they are actually tracking (which imho is the best that GDPR has brought so far). Maybe some fines. Definitely, even more nerve-wrecking cookie overlays and popups (oh really, cookies on this site??). And most definitely, it will increase the move towards less transparent tracking mechanisms.

So in summary, Ad Blockers and rougher legal frameworks are a double-edged sword in terms of their consequences for privacy.

The Less Obvious Consequences of Ad Blockers for Your Data

To finish this article, let’s get look at the less obvious impacts of Ad Blockers on a typical Digital Analytics endeavour which will be a good bridge to the rest of this series:

1. Incomplete Data causes Widespread Mistrust in Analytics Entirely
People, especially in less data-mature companies, quickly question the quality of the entire data and the tool that reports it when they see it differs by “SO MUCH” from the “real” data (e.g. a shop backend). It can be enough that those 3 high-value orders from yesterday are missing for a Category Manager, and soon the whole Category Management team will mistrust ALL of your data.

Mistrust in data quality is a grave showstopper in any data initative, and once established, it is almost impossible to get rid off. People do not like to change their mind and have no time to give things a second or third try. Thus, complete data will help massively when you have to play the “data missionary” in such a company.

2. Ad Blockers Make Your Ads Look Better

Ad Blockers’ initial purpose was to block out ads from the screen. Thus, people with Ad Blockers do not see many ads, thus, they can’t click on ads, thus, they will never arrive on your site via an ad, but because the Ad Blocker also blocks your Analytics, you will never know about these people. So Ad Blockers skew your traffic data: There may be a higher “organic” or “unpaid” percentage of your traffic than you think. Thus, ironically, Ad Blockers will make your Ad Performance (at least in terms of percentage of your traffic) look better!

3. More unblocked data to report on will also make your partners happier

Your third-party partners (affiliates, cooperating sites etc.) will like it when you can report to them that they make more revenue through their links on your site. For example, an online shop often sells products from big brands, and those brands usually do not have their own online shop, but simply link to other shops. They of course want to know how much revenue those links bring. So if you want to look like an important partner shop, it is also in your interest to report the full value your affiliates and partners bring.

In Part 2 , I will analyze how you go about the difficult topic of finding out how much data you are actually missing by comparing backend to frontend data (the age-old and absolutely not trivial “the numbers do not match!” problem). Because you need to quantify the impact of those Ad Blockers somehow, right?

--

--

Lukas Oldenburg

Digital Analytics Expert. Owner of dim28.ch. Creator of the Adobe Analytics Component Manager for Google Sheets: https://bit.ly/component-manager