“If you are not paying for it, you are the product”
This is an oft repeated, widely used aphorism, associated with our use of digital products such as free apps, and social media. This is an extremely reductive statement, and is not quite true.
It also can be said that it is emblematic of how when you simplify something very complex, you sometimes can completely miss the point or, even worse, you don’t understand it at all. In a time, where big tech is vilified very quickly for “data mining” and “artificial intelligence” it is really important to understand how the business of serving ads really works.
So again, this post is for my better understanding, and it is always a good idea to write about it so that I can explain it better to myself. If you do read this, and find some mistakes, then forgive me and please point it out to me.
Also, ad serving, attribution, data privacy, algorithms etc is an incredibly sophisticated and complicated business. It is already hard for experts to explain this. I am trying to understand this, without being an expert, so there would be some simplifications(look at me criticising simplifying things, and then going to simply them).
Alright, let’s get into it.
First things first. Put it simply, on the internet, there are only two ways to make money:
- You are paying for the product through a one-time purchase, subscription or micro-transactions
- Or you are shown ads
How is data collected and why no one cares about you in particular (except for your mom)
When you use an app or a website, you give away information. Some information you give knowingly, and some not. Here is a list (non exhaustive) of what kind of data companies collect. Apple, Google, Facebook(Meta) are the obvious names, but there are several companies that work in this domain who collect information about you through various channels.
The most important thing to remember: The data collected is in aggregates (for the most part). All information any platform or company is collecting about you, they are collecting about everyone else. And then then the data is sliced and diced and used in a way clusters of people can be targeted with personalised ads. In theory, it would be possible to send a targeted ad to one person, but that does not have a very good business case, so for all practical purposes the information is aggregated. This doesn’t mean that the aggregated information can’t be misused. Anything can be misused if there are ill intentions. The ads business, for the most part, does not really have “bad” intentions. They just want you to buy more stuff. There can be a moral and philosophical argument against buying and creating nudges that result in greater consumerism, but that’s not the point of this essay.
Now let’s classify this information (as Meta does).
- Your activity and the information you provide
- All the things you do on an app. Information you share, things you do, things you buy or interact with
- If its not end-to-end encrypted, then messages can be read too
- Friends, followers, connections etc
- Same as above, but for your friends
- App, browser and device information
- The device and the software
- Device identifiers like the IDFA and GPS ADID ( will come to this more detail)
- GPS location
- IP addresses and network information
- Information from cookies (more about this in a bit)
- Information from partners, vendors and third parties
- Your device information
- Websites that you visit and cookie data
- Apps you use
- Games you play
- Purchases and transactions you make
- The ads you see and how you interact with them
- How you use our Partners' products and services, online or in person
Everyone gets a cookie! But what is a Cookie?
A cookie is a data file sent from your browser to the device. The cookies help transfer information from website to another. The kind of information cookies collect:
- Account user names
- Email addresses
- Purchases you’ve made
- Items and websites you have viewed
So with all of this information and with sophisticated algorithms, I can be classified into various buckets. Ex: I am 29 year old male, who likes football, lives in London, watches sports, shops online, orders food online, takes the metro, stays up till late on weekends etc. With all this information, it is also easy to estimate my purchasing power. So with my preferences and purchasing power, I can be shown an ad of a product, depending on what category of people the ad is targeting
Ex: So if Nike wants to run an ad for their new sneaker line, for 25-30 year olds, who are interested in football, lives in UK and watch sports, I will be shown that ad. So will another million people.
In essence, no one cares about 1 person. It’s too insignificant. In aggregate, the data becomes useful and companies can utilise this information to serve relevant ads, making it easier to reach the right audience. It would be annoying for me to see ads for hearing aids, because I probably don’t need it. So it helps everyone:
- The companies: The customer acquisition cost is low, helps boost sales
- The user: Relevant ads help you find things you would like, and discover products you otherwise would not have
- Ad network and other players in the ecosystem(Meta, Google, Apple etc): They make money as they get paid for this service
So far I haven’t talked about Apple and its concerns about privacy. Just a few things before we get into that.
What is IDFA (or GPS ADID) and why does it matter?
IDFA stands for Identifier For Advertisers and it is a unique random number assigned by Apple to a user’s device. Information that apps, websites track about you, is matched to the IDFA. That helps the advertisers target users based on their information, without any “personal information” being revealed. So the IDFA from my phone would include information about my online activity but will be attributed to - (to put it simply) 29 year old Indian who lives in London and has XYZ preferences, not to Apurv Chaturvedi - the individual.
GPS AAID stands for Google Play Services Android Advertising ID and it is the Android equivalent for IDFA. So your activity on the Apple device will use IDFA, and on the Android device will use GPS AAID. To put it very simply.
As you can probably understand now, IDFA is really important as it stores a lot of valuable information about you, even after it is anonymous. As mentioned before, no one care about you. Businesses care about aggregates. So a lot of data, anonymised, is great to classify people into very specific buckets, and target ads more effectively. More the information the advertisers have about you, better the ads that will be shown to you.
How does an ad get served?
As mentioned, there are only two ways to make money on the internet:
- Paying for that product: One-time or subscription or in-app micro transactions
- Or watch an ad, and continue to use the service after a minor interruption
All apps / websites function this way. Whether it is your music streaming app like Spotify or the countless games that have billions playing everyday. Your news apps, dating apps or whatever you use, you get the idea.
So here is a simple way to understand this.
- I (User) open the app. Say: Candy Crush or Subway Surfers ( One of the most downloaded games with over 2bn downloads)
- Candy Crush has an ad space they can sell. It is the screen that would appear after you complete a level. Or whatever. Candy Crush is the “Publisher” of the ad.
- User’s phone will send the unique IDFA, to an ad server.
- Simply said, all the ad spaces with the “Publishers” are listed on “Ad Servers”. Think of them as list of all available ad spaces with all the apps. They are sort of the gatekeepers, and they decide what ads will be shown. They are also responsible for recording insights from the ads, and then report that data to advertisers.
- The Ad Server then sends this information (IDFA) to an Ad Network. An Ad Network is a collection of advertisers. Example: Meta, Apple, Google. These are the big names you have heard of. Some other names are Media.Net, App Lovin, InMobi etc. that you might not have heard of.
- The Ad Network matches this IDFA with their data set. All the data that they already have about you that we discussed above. So they know now, the “User” is male, 29 years old, lives in London, into football, and the world cup is coming soon.
- The Ad Network (Meta) bids on the behalf of Nike with an offer to buy the latest England jersey and sends this bid to the Ad Server.
- The Ad Server will collect all the bids from all the Ad Networks. The best bid ( a function of a lot of things, which I cant probably explain) wins, and that ad is shown.
- I see the ad for the latest collection of the England jersey, I click on it and (may) end up buying the jersey. This is a conversion leading to a purchase.
- When the device ID, IDFA, is passed through this (over simplified) system, it is a relatively anonymous way of reaching the right audience for products. This ensures ads are relevant.
- What this means for the other players. Nike has low Customer Acquisition Cost (CAC). Candy Crush makes money by selling the ad space. The Ad Server and the Ad Network also make money. Nike pays for this. And the Candy Crush game can remain free.
- And all this happens in a matter of milliseconds. Not even seconds.
Apple introduces ATT - App Tracking Transparency and everyone loses, except Apple
Since iOS 14 was launched, and if you’re an iPhone user, you may seen this pop up when you use an app which is not made by Apple.
Everyone is wary of privacy concerns when it comes to personal data. The first instinct is to “Ask App not to Track”. What this does is that it forbids the device to send the IDFA to the ad server. The IDFA, which is helped to serve you the relevant ad.
And when this happens, the ad networks are targeting users blindly. They have less information about users, the targeting is less accurate and relevant as they cant match the IDFAs to their databases anymore.
So now Nike has to pay more as the Customer Acquisition Cost goes up since the ads are not optimised for audiences. This would eventually be passed on to the consumers through higher prices.
So basically everyone loses. Except Apple.
But why did Apple do this?
Because Apple is trying to build their own Ad Network. They will control all ads shown across the Apple ecosystem, and basically get advertisers to spend money on the Apple Ad network, over Facebook or Google or any other ad network.
So Apple really does not care about privacy that much. At least not when it comes to serving ads.
Serving ads is a complicated business, and millions of dollars are spent on customer acquisition. With rich data, the marketing teams can analyse which channels work best, attribute success to different channels/networks/strategies. This helps everyone, and brings the cost down for the advertisers as it reaches the right people for a particular product.
This move by Apple has been criticised by everyone in the industry, and would promote even more silos within the industry. Which does not seem to be great news.
Again, ad serving is an extremely complicated and sophisticated business. And this is my attempt to understand it a bit better than say - your average journalist.
Sources:
https://www.facebook.com/privacy/policy
https://uk.norton.com/norton-blog/2015/07/what_you_need_tokno.html
https://clearcode.cc/blog/what-is-an-ad-server/
https://www.adjust.com/glossary/idfa/
https://www.adbutler.com/blog/article/what-is-ad-tech-the-ad-tech-ecosystem-explained/
https://www.appsflyer.com/glossary/app-tracking-transparency/