Your Quick and Dirty Guide to IP Address Targeting After Apple’s Declaration of War – AdExchanger


IP addresses – Internet Protocol, for the uninitiated – have been used as a geo-targeting and cross-device measurement mechanism almost since the day digital advertising was born.

But it’s always been a risky proposition from a privacy perspective – and now the writing is on the wall with Apple’s plans to remove IP addresses from Safari and hide them in Mail by default.

Apple will automatically mask IP addresses in its browser through Intelligent Tracking Prevention, and people who subscribe to Apple’s new iCloud Plus service will also be able to double their traffic through a feature called Private Relay.

The overall impact of Apple’s moves will likely be minimal at first, as they only apply to the Apple universe.

But even so, it “definitely signals that IP-based location targeting may not be available for much longer,” said Nishant Desai, director of technology and partnerships at Xaxis.

IP addresses have already been subject to regulatory review.

It is already considered personally identifiable information in Europe; their status as personal data under the California Consumer Privacy Act is ambiguous at best; like cookies, IP addresses were never intended to be used as an advertising identifier. It’s hard to do IP targeting without triggering the creepy thread – and on top of that, IP-targeted ads aren’t that accurate.

Yet IP addresses have long been co-opted as a proxy for location, an ingredient in cross-device identity graphics, a component of fingerprinting technology, and as a pseudonymous identifier for targeting.

Here’s how IP targeting is used today and what could replace this signal for advertisers in the future.

DL over IP

To be clear, IP addresses — the numerical labels assigned to Internet-connected devices that allow them to identify each other on the web — aren’t going anywhere. They are the cornerstone of how the Internet works.

Internet service providers assign IP addresses to their customers, which come in two forms: static and dynamic.

Static IP addresses are typically used by businesses and stay the same over time, much like a phone number or physical address. However, most consumers have dynamic IP addresses that change and update over time, usually when the router is restarted.

This is why B2B marketers often see success with account-based marketing campaigns that target a specific business IP address or group of IP addresses, while campaigns targeted at consumer IPs can be random.

Comic: Privacy PatrolSimilarly, corporate VPNs can screw up targeting, because it might look like someone’s traffic is coming from New York, while they’re working from a home office in suburban Philadelphia.

“IP addresses can be useful for identifying users, but you can’t use them the same way you would with a deterministic ID,” Desai said. “If you’re using an IP address in a device graph or to help identify a user, you should be aware that at some point the ID will likely change or was never initially accurate.”

“Naive” Use Cases

One of the two main ways to use IP for advertising purposes is to approximate the location of a device or group of devices and target based on that signal.

A company like Neustar that has a large database of IP addresses can help DSPs and other ad serving technology providers perform a reverse lookup to determine the geolocation associated with an IP address so that it can be used to target by city, state or zip code. These signals can be relayed by a publisher in the bidstream.

But although IP addresses are commonly used as a location-based targeting mechanism, the practice is simplistic, “naive and riddled with pitfalls”, said Bosko Milekic, CTO and co-founder of data connectivity platform Optable. .

Beyond privacy concerns – IP addresses are part of a request in the header with a user agent string, which means there is no method for users to accept or opt out – IP-based targeting can be extremely ineffective.

“Suppose you fly to Denver for 24 hours and your device registers as having visited the city – for the next three months, you will only see real estate listings for obscure neighborhoods in Denver,” said Ana Milicevic, director and co-founder of the digital consulting firm. Sparrow Advisors. “It hurts the consumer experience, because the ads are so obviously poorly personalized, but it’s also not good from a buyer’s perspective, because they’re throwing money out the window – the signal indicating you’re in Denver doesn’t necessarily flash again when you leave.

Visitors from major metropolitan areas are often flagged for campaigns upon arrival, as there are more campaigns going on that are looking for users.

“And the way recency is interpreted in targeting, if someone posts a signal in a particular area, that person is still tracked as being there for about 30 days,” Milicevic said.

IP and TVC

But in the connected television (CTV) space, IP targeting can be applied with a greater degree of sophistication, Optable’s Milekic said.

It is possible, for example, to analyze IP addresses found in network traffic to assemble an understanding of consumers and devices in a household over time. This requires detecting when household IP addresses change, which is not trivial to do, Milekic said, because the frequency with which IP addresses are refreshed can vary by region, country and ISP.

“When implemented effectively, however, an IP address can be used to infer possible links between devices in a common household, which in turn can be used to improve the scale and depth of targeting and measurement in CTV,” he said.

The question is whether this type of analysis will remain viable — or even feasible — if other browser makers and platforms follow in Apple’s footsteps.

Comics: the fine printThis uncertainty is partly responsible for the move to connected authentication on streaming services. Even ad-supported services often require a login.

“While walled gardens will always have their way, removing IP addresses could be seen as a loss to the open internet, recipe sites and so on,” Milicevic said. “Advertisers and the monetization ecosystem will be affected, but will users care? Probably not.”

Move on

The slow removal of third-party cookies and the renewed focus on IP addresses as a vector for privacy issues are both proof that the pendulum is swinging away from the widespread sharing of global identifiers that began with the advent of auctions. in real time, says Milekić.

“We are now seeing it swing the other way,” he said, “with more emphasis on connectivity to happen more directly and in a more controlled, sanctioned, configurable way – and, if possible, limit the amount of information exchanged”.

For example, location APIs developed by major platform providers including Google, Facebook, and Apple have begun to emerge as a way to add location awareness to an application. The API triggers a browser or application to request permission to access a user’s location.

People can also give permission to allow specific apps and sites to determine their location using a combination of cellular data, GPS, Wi-Fi, and Bluetooth. Asking for consent means advertisers will have a smaller group of people whose location they can pinpoint, but it won’t be impossible to do – if you ask.

But asking really only works on an individual level.

Targeting households is another matter and will remain a huge challenge from a permissions perspective, especially in the CTV environment where co-viewing is the norm.

Parents, for example, might not want a company to collect data generated by their children, Desai said, but there’s no easy way to say, “Use this data point in a profile, but don’t use that one”.

Without an effective mechanism for managing permissions at the household level, advertisers, publishers and technology providers will need to be as transparent as possible, Desai said.

“People just want to know what data companies collect about them and how it’s used – whether it’s an IP address or anything else,” he said.


Comments are closed.