HUMAN Blog

The Privacy Shift and What it Means for Fraud Prevention

Written by Alexis Hochleutner, Adam Sell, and Joe Tallett | October 31, 2023

Navigating the Next Stage of Digital Evolution: Privacy, Security, and the IP Privacy Conundrum 

As the digital world evolves, so do user privacy and safety implications, leaving indelible marks on regulation, corporate policies, and technological innovation. The (ongoing and upcoming) decline of third-party cookies and the crackdown on cross-site tracking will dramatically impact digital marketing, increasing user trust and privacy-first innovation of the digital experience, while diminishing the effectiveness and measurability of digital media in the customer journey.

Marketers can be comforted that ad fraud protection does not hinge on 3rd party cookies or cross-site tracking. However, while the media world grapples with a cookieless future, the next battle for digital privacy looms on the horizon, posing a threat to detection and defenses against ad fraud, as well as the overall safety of the digital world.

IP addresses are emerging as the next frontier for privacy debate, with major web platforms launching and exploring methods to address IP privacy concerns. This ongoing wave of privacy enhancements intensifies the implications: IP privacy carries extensive consequences, potentially affecting not only the field of marketing but the overall security of the digital landscape.

IP is a critical anti-abuse signal employed not only in digital marketing but also across various sectors such as banking, e-commerce, and online communication. High-entropy signals like IP addresses are crucial for fraud detection because they provide a rich and distinct data set, making it easier to attribute actions. However, the use of IP addresses for tracking and surveillance has triggered user privacy concerns. 

Balancing user privacy and security is a delicate act. In a privacy-only, unsecure media landscape, a loss of confidence in digital channels would lead to less investment in and less revenue for content creators. In this scenario, there is a greater vulnerability to fraud with reduced security and less competition for content and audience. Privacy & security are integral components of the digital experience, and finding the right equilibrium is paramount. The challenge is preserving high-entropy signals for cybersecurity while shielding them from malicious actors. 

Preserving Digital Security: The Vital Role of IP Addresses in a World Without Distinction

Security companies like HUMAN rely on high-entropy signals like IP addresses for effective fraud attribution, safeguarding legitimate activities while combating fraudulent ones.

A successful ad fraud operation hinges on maintaining diversity within the IP space, creating the appearance of millions of distinct devices. While this diversity is attainable through residential proxy networks, it comes at a cost and is still often detectable. Threat actors don’t have control over IP addresses and can't change them programmatically. This limitation is deeply rooted in how the internet operates. For decades, IP addresses have been essential for maintaining the integrity of digital transactions, securing online accounts, and thwarting malicious activities. They form the bedrock of online safety, enabling the industry to distinguish friend from foe.

Picture a world in which every digital request is an indistinguishable clone of the next, devoid of any distinguishing features or characteristics. It’s akin to a physical world where every individual bears identical faces, fingerprints, and attributes. Now consider the implications of such a world on our ability to differentiate between genuine and spurious traffic, or identify malicious behavior. It becomes abundantly clear that in this context, our existing methods would struggle, rendering the tasks of detection and attribution insurmountably challenging.

Privacy and Security: The Industry Call to Action for Navigating the Digital Future

While there will continue to be conflict between privacy and security, the first step to finding common ground is acknowledgement that privacy and security are not mutually exclusive, but rather two sides of the same coin. Protecting user data and online activities is paramount, but it's essential to acknowledge that tools like IP addresses are vital for maintaining digital security. These IP addresses have been the foundation of fraud identification and prevention for decades, and existing proposals for IP privacy and IP protections would mean diminished fraud detections. IP hiding exposes a vulnerability where bad actors can spoof clicks and impressions at scale without the expense or operational challenges of IP diversification.   

There is no silver bullet to navigating the path to digital safety and user trust. Privacy-related restrictions should come with privacy-preserving replacements that have a net-zero or net-positive impact to detection efficacy. When that cannot be achieved, carve outs for security use cases should be considered. This means that a diverse set of experts across media, marketing, and technology need to weigh in on privacy proposals.

At the Worldwide Web Consortium, HUMAN has been an advocate for the Web Environment Integrity proposal and equivalent attestation protocols. This will help us transition from trusting or filtering based on devices, IPs, and cookies to trusting or filtering based on attestations from operating systems, browsers, device manufacturers. Given the impact of the upcoming privacy changes, the industry must invest in finding alternatives to high-entropy signals like IPs, when possible, and in developing protocols and protections when IPs are required to maintain security. Investment in privacy-respecting APIs, robust protocols like privacy pass, encryption methods, and attestation mechanisms may safeguard security without compromising user privacy. Achieving this balance is both a business and technological challenge.  

The industry's ability to proactively seek the delicate balance between privacy and security is pivotal, shaping the future of online interactions and data protection. In an era where data is a valuable asset and a potential liability, this equilibrium is the linchpin for constructing a digital world that is safe, secure, and respectful of user privacy.

Get Involved…. Key Industry Initiatives


Worldwide Web Consortium (W3C)

The Worldwide Web Consortium (W3C) is at the forefront of shaping the standards and principles that govern the World Wide Web. These standards encompass essential aspects such as accessibility, internationalization, privacy, and security. Within this framework, HUMAN takes a proactive role in leading the Anti-Fraud Community Group. This group's primary focus is to identify and define scenarios related to fraud and abuse while actively developing web features and APIs. Their efforts are underpinned by a commitment to upholding user security, ensuring privacy, and maintaining accessibility. For more information on W3C, take a look at their recently updated privacy principles  (here)

Prebid.org

Prebid.org is an active membership of leaders within the ad tech industry that supports Prebid products and works with the community to define and implement enhanced solutions.The HUMAN Product team has launched the Measurement Task Force within Prebid, with the aim of maintaining critical signals for verification partners. Through collaboration with Prebid, HUMAN seeks to enhance observability and fortify the digital advertising ecosystem.

This collaboration underscores the industry's dedication to fostering trust, safeguarding user privacy, and ensuring a secure and reliable digital advertising environment. The ever-evolving landscape of digital advertising continues to pose multifaceted challenges, but through collaborative efforts, innovation, and a commitment to the delicate balance between privacy and security, the industry charts a path toward a more secure and transparent digital future.

IAB Project Rearc 

In 2020, IAB launched Project Rearc in response to the deprecation (or limitation) of third-party cookies and other identifiers, being disrupted by consumer privacy approaches taken by browsers, operating systems, and new privacy regulations across the globe. This taskforce brings together over 800 business, policy and technology specialists from across the world, from 487 companies, who represent various components of the digital supply chain.