Sorry, we could not find the combination you entered »
Please enter your email and we will send you an email where you can pick a new password.
Reset password:


By Thomas Baekdal - August 2020

If we want to fix ad tech and privacy, 2020 is the year to do it

This is an archived version of a Baekdal/Basic newsletter (it's free). It is sent out about once per week and features the latest articles as well as news and trends about the media industry. If you want to get the next one, don't hesitate to add your email to the list.

This newsletter is going to be slightly different in that I'm going to talk about just one topic. It's about Ad tech/privacy, and how we as publishers need to act.

2020, the year where we need to change

This year has certainly been... uhm... interesting, in both good and bad ways. On the good side, we have a tremendous shift towards direct revenue (membership, subscriptions, donations, others), but we have also seen advertising taking quite a hard hit.

This is not really surprising to anyone. Despite that a few publishers have experienced increased digital growth, advertising revenue overall is down for most publishers, and has been trending downwards since 2008.

The pandemic then caused a further shock to the system and has, in turn, created an accelerating downward effect. What this means is that once this pandemic is over, nobody is expecting the advertising levels to recover.

So that's a problem.

But 2020 has been a year of change in many other areas. Look at the BlackLivesMatter protests, the problem with white male dominance in workplaces, we are seeing more and more publishers face questions over pay ... not just in relation to women or those of color, but pay in general. Pay your freelancers, your contributors. The old model isn't acceptable anymore.

But another big thing that is changing rapidly is privacy. People have had enough, and they demand change.

If you ask the public, there is overwhelming demand for privacy. There was a recent study in the US where 91% of the public demanded privacy online.

That's in the US. I don't have a specific number for Europe, but it's likely the same here if not more. And we have GDPR ... which every publisher seems intent on trying very hard to implement in a non-privacy focused way.

Sadly, we see a very real problem with publishers not listening to this, still trying to create models where they can be allowed to track people. We see media associations who try to be as bad as possible, and even lobby the governments for the right to track people.

As a media analyst, this worries me a lot. Right now, the publishing world is putting itself in a very bad position, and I fear the long-term damage this will cause.

So let's talk about the problems with privacy.

A story about responsibility and privacy (for publishers)

My first story today is my latest Plus article where I talk about how we as publishers are responsible for making this change. This is something I have been debating over the past 8 years, and every time I have been met with a wall of excuses.

So in this article, I take you back to the early 2000s, before I became a media analyst, to tell you two stories of how the company I worked for then handled things when we were met with a public crisis.

And then I go into how this relates to publishers today, and why only we can fix this.

So please take a look at: A story about responsibility and privacy (for publishers).

We blame Google, but...

When it comes to privacy, there are two ways we can look at it. We can look at who is violating people's privacy by telling outsiders what you are doing.

For example, if you go to a shop to buy a present, the shop then violates your privacy by suddenly going around the city and telling everyone else what you just bought.

We can also look at who is violating our privacy by collecting and profiling this data. So maybe one person in the city is writing down what everyone is telling him, and now suddenly he has this huge list of things that he knows about every person.

These two things are very different.

In the first case, the damage is a lack of trust. You trusted the brand to not go around telling everyone what you buy from them. Why would they even do that? They are not supposed to tell anyone about that. You don't mind that the shop knows what you bought, but don't tell others about it.

But in the second case, it feels more like stalking and surveillance. If someone scoops up all the information about what you do, from all the shops you visit, and then puts it into a database, that feels insanely creepy. And if on top of that they start to use fancy machine learning to derive even more information, we move into the sphere of an outright violation. Some outside creepy guy should not be doing that.

Of course, in many cases these work together. The shop tells the creepy guy what you bought so that the creepy guy can tell the shop what you bought in other places ... except in many cases, the creepy guy doesn't even do that. Instead, he just promises some value in return, but actually keeps the data for himself.

Everything about this is wrong in so many ways, and we all know this. This is not an acceptable exchange of value. This is an outright violation of a very important level of trust.

In the media world, we see this all too often. As publishers, we are the shops who completely violate the trust our readers have in us, by adding sometimes more than a 100 outside trackers to our sites ... thereby telling all of these outside stalkers everything the reader looks at.

The stalkers, in this case, are the third party ad tech companies. They take all this information that we give them, turn it into profiles for each person, and then they pretend to sell that back to the publishers by creating better ad targeting (although in most cases that's highly questionable).

The public don't approve of this, and why would they? And the question is who is responsible for stopping this? The answer is obvious. It's the press who are responsible.

But wait a minute, you say. It's not us who are doing this. It's Google. You should blame Google!

No ... this cannot be solved by blaming Google.

Think about the relationship here. The readers come to you as a newspaper, and then you as a newspaper give personal data to Google and often a whole bunch of other outside companies. As a publisher, you are violating the trust and respect your readers have in you.

But I can also show you this in another way.

Many have analyzed how tech companies and publishers compare in relation to privacy. For instance, Reuters Institute posted two reports, one before and one after GDPR, which are very interesting to read.

But I have also done my own analysis. Last week I looked at about 80 different publishers from around the world. And the result is as follows.

I decided to look at two factors. First, I looked at how many requests a site made when you are reading an article, and secondly, I looked at how many external domains it was loading (how many outside companies they are sending data to).

First of all, let's talk about requests.

Requests are something we often hear about in the industry, but are one of the most irrelevant things to look at. For instance, a couple of weeks ago the Washington Post wrote an article about TikTok. It was not a bad article, but it said this:

Jackson, from Disconnect, said the app sends an "abnormal" amount of information from devices to its computers. When he opened TikTok, he found approximately 210 network requests in the first nine seconds, totaling over 500 kilobytes of data sent from the app to the Internet. (That's equivalent to half a megabyte, or 125 pages of typed data.) Much of it was information about the phone (like screen resolution and the Apple advertising identifier) that could be used to "fingerprint" your device even when you're not logged in.

OMG, how scary is that?

Well, let's take a look. First we compare it to other tech platforms, and it revealed this:

So a few tech sites have 100s of requests, just like TikTok.

As Washington Post put it:

TikTok doesn't appear to take any more of your data than Facebook. That's not a compliment.

Hmm... so... what about media sites?

Well, I looked at about 80 different newspapers, and the way I measured it was to look at how many requests they made during the loading of an article, and the time it took me to read it.

The result was this:

As you can see, only 10 of these publishers made fewer requests than TikTok, everyone else made more... and a lot more. The worst was the Daily Mail with a staggering 3,233 network requests.

But even other big sites like the Guardian made 517 requests, the Washington Post made 367, LeMonde made 1,053 requests, etc.

The problem with requests is that it's a misleading metric. A network request is anything that a site has to load. So if you have a page with 10 pictures, a stylesheet and some type of script, that alone would be 13 requests. So imagine then a newspaper page, where there are far more pictures and other elements, on top of all the tracking.

So, looking at requests is a terrible metric.

A much better metric is to instead look at how many outside domains a site is loading something from. For instance, we all know the Facebook pixel that is on most publisher's sites. That's an image, loaded from Facebook that the publisher has put on their site.

The question then is, how many outside domains do different sites load? And also, how many of those are loaded directly, and how many are loaded indirectly (for instance, a script loading one domain which is then loading from another domain)?

Well, first of all, if we look at the tech sites, it looks like this.

As you can see, almost all the tech companies either load none or very few things from outside domains. And this is typical of the tech sites. They might have a lot of data because other sites have given it to them, but if you, for instance, go to Google Search, Google is not loading anything from any outside site. It's all 100% Google.

In other words, most tech sites are entirely focused on first party tracking on their own sites. However, where things start to go horribly wrong is when we look at publishers.

For the same 80 newspapers I measured, it looks like this:

I mean, just look at this mess. 85% of the sites are loading more than 20 outside domains, and many of them a lot more. The Daily Mail, Express and Chicago Tribune are the worst offenders, with more than 100 outside domains loading into each page. And a lot of these are indirect (meaning the publisher does not even know what is going on).

For instance, take the Daily Mail. Through the scripts they have directly chosen to put on their site, each page is loading elements or scripts from all of these outside domains.

And here we see the usual sources, like Amazon, Facebook and Google ... because every publisher is sending data to them. But there are a lot more domains than just Google.

But on top of this, some of these outside domains then load other domains into the site.

Mind you, just because an external domain is loaded doesn't mean it's doing anything bad. For instance, the domain 'ssl-images-amazon' looks like it's just an image server. That may just be loading an image and not doing any tracking at all, but it could also be used to load an advertising pixel that is tracking.

The point is that this is a total mess, and it's our mess. The tech companies aren't doing this, so if you try to go after Google and 'regulate this', it will hurt publishers far more than them.

This problem might have been created by the ad tech companies, but it's on us as publishers to fix it for ourselves. Our readers demand that we stop doing this.

I don't like the IAB

As part of this discussion about privacy, we also need to talk about the IAB, the Interactive Advertising Bureau, which sets the standard for how publishers measure advertising, and how they have implemented GDPR.

I dislike the IAB because it's an organization that is focused on trying to get publishers to be the worst that they can be. And over the past several years, this organization has caused a tremendous amount of damage to publishers.

Let me explain.

Many years ago, brands were demanding more accurate metrics about how their advertising performed online. And so what did the IAB do? They came up with the metric standard that publishers should count an ad if only 50% of the ad had been in view for 1 second (or 2 seconds for video).

In other words, the IAB tried to come up with something where they pretended to listen to what brands wanted, without actually doing anything at all. They were trying to get publishers to use the least useful metric that they could possibly get away with.

Google, on the other hand, was also met with this demand for better metrics, and they thought they could do much better. And so they came up with the TrueView metric. It is defined like this:

You pay when a viewer watches for at least 30 seconds or to the end of the video (whichever is shorter) or clicks on a card or other elements of your in-stream creative.

So let's put this on a graph. It would look something like this.

So as a brand, where would you place your ad? Where would you feel most secure in the metrics you were seeing? It's obvious. Google is the clear winner here, because they actually listened to brands, while the IAB didn't.

In 2020 we are talking about privacy instead, and the IAB is at it again trying to advise publishers how to implement this in the worst way possible.

Again, I can illustrate this with a line representing the degrees of privacy that you offer. The public demands better privacy, but the IAB is not focused on that. It is instead trying to help publishers just barely be compliant with the law, while still entirely focused on not giving the readers any privacy.

Just think about this. Every single IAB standard GDPR dialog is designed to get people to give up their privacy, but in a GDPR compliant way.

This is so incredibly bad. And this isn't just the IAB who is doing this, many media organizations have the same focus. Here in Denmark, the Danish news organization is doing the same thing.

They went out to the government to ask what the minimum steps would be, and they provided that as a guide to Danish publishers. So it's the same problem. They are advising publishers to be as bad as they can possibly be, while technically being just above what they are legally required to do.

This is stupid!

When your customers demand something from you, you need to focus on meeting that demand, or even better, try to exceed it. You need to focus on trying to be the best you can be.

So don't listen to the IAB or other organizations like them. They are causing direct harm to you as a publisher, and following their advice makes you less valuable in the eyes of brands and readers.

Be better!

Junk Mail, Explained

Finally, I want to end this newsletter with a video from Johnny Harris, a wonderful journalist you should follow.

He recently posted this video about his experience with junk mail. It's from a US perspective, but it simply illustrates the anger and frustration that people feel towards this.


Listen to his frustrations, and think about where you are as a publisher in all of this.

2020 is the year for change!

This is an archived version of a Baekdal/Basic newsletter (it's free). It is sent out about once per week and features the latest articles as well as news and trends about the media industry. If you want to get the next one, don't hesitate to add your email to the list.


The Baekdal/Basic Newsletter is the best way to be notified about the latest media reports, but it also comes with extra insights.

Get the newsletter

Thomas Baekdal

Founder, media analyst, author, and publisher. Follow on Twitter

"Thomas Baekdal is one of Scandinavia's most sought-after experts in the digitization of media companies. He has made ​​himself known for his analysis of how digitization has changed the way we consume media."
Swedish business magazine, Resumé


—   newsletter   —


The opinion, speculations, and reaction crisis


The impossible AI debate...


Human vs non-human journalism


New strategy guide: On-demand vs time-based moments, and how they define publishers


Two different worlds of new digital media, one failing doesn't mean anything


Ranking the value you create for your audience