Will Adblockers and the GDPR Break Your Service?

Apple's World Wide Developer's Conference (WWDC) and Google's IO are an annual peek into the future of two web technology giants. This year (2017), both institutions revealed native advertisement and tracker-blockers for Safari and Chrome. Consumers rejoice! No ads! No trackers. But, wait, those can be really useful for developers and creators -- and what's this about GDPR? What happens now?

At first glance, it may feel like a strange move for Google to block advertisements; aren't advertisements the bread-and-butter of Google's income? For Apple, a pro-privacy stance makes sense; Apple sells paid, not free services that don't rely on advertisement revenue. While they have differing motivations, both companies are part of an onslaught against bad advertisements and nefarious tracking technology.

When the major, competitive companies begin to support consumer trends, that's an indicator that a large industry shift is in motion. When governments do, you know something significant is afoot. This sounds good, right? Bad advertisements and trackers make the web a more dangerous place and they put the general public at risk. Let's dig a little deeper.

A Few Bad Apples

A bad advertisement is one that:

  • "Malvertises". As hard as portmanteaus are to take seriously, malveritising is no joke. Given how common advertisements are in high-traffic and high-reputation websites, advertisements become a sneaky attack vector. Advertisement networks are often used to inject malware or perform phishing schemes on those who click on them. The Online Trust Alliance (OTA) was the last one to publish statistics. The OTA determined that, in 2012, nearly 10 billion advertisement impressions had been compromised.

  • Blares sound and music at you. You're working in a quiet spot, you mouse over something by mistake and suddenly your speakers blare about the latest truck you should buy.

  • Leads to a poor quality company. Would-be customers may click into something that, if it had a physical store-front, you would not walk within a block of.

  • Is Invasive. The article is finally getting interesting when suddenly you're bombarded by things you should purchase or signup for.

  • Contains overly sexualized or depressing material. Nothing like preying on base human desires and deep-seated insecurities. One weird secret! Doctors HATE her!

As a result of these anti-patterns - and a healthy, general concern for privacy - there has been a dissolution of public trust in advertisements and trackers. To protect themselves, consumers choose to block ads and trackers entirely.

As a good person trying to build an honest business, the loss of advertisement revenue on quality content you create or hobbled analytical intelligence into your users' actions is unfair punishment for the shady behaviour of others.

The bad advertisers and the irresponsible, opaque data-hoarders have put whole industry sectors at risk. You should be aware of what this means and what you can do about it.

A Spoiled Bunch

There is no need to worry about native advertisement blocking that might pop-up in Safari or Chrome. Companies like Apple and Google want content creators and publishers to succeed. In fact, they need them to. What they're trying to end are practices that cause harm, which we've listed above.

Standardization will lead to advertising platforms that serve less invasive advertisements. When consumers don't feel overwhelmed, manipulated, and under-attack by advertisements the push-back may be less than the current state where people block everything and anything they can.

... Although, it may be too late. Let's consider existing third-party content/tracker blockign software. Third-party blockers are less gracious and don't discriminate against high-quality versus low-quality sources, which browsers intend to do.

Browser plugins like Ad-Block Plus, Ghostery, and Disconnect.me do a fair, if over-zealous, job blocking ads and client-side scripts. Google Analytics is an example of a third-party script that these plugins detect and remove. Once blocked, the user isn't "tracked" and the site-owner receives a "phantom visit", which is to say no record of the visit.

Indicative of a global shift, these technologies are now backed in spirit by toothy changes to data collection policy. Enter the General Data Protection Regulation, set to be enforced within the European Union in March of 2018. The GDPR will make it so that any individual within the EU has the right to be forgotten, must receive a clear description of how their data will be collected, and any agreement to data collection requires explicit opt-in.

It goes deeper! Any breach involving personal data must be made public and apparent to the effected users within 72 hours. Data protection practices must be at the fore-front of any application that collects data from anyone in the EU, lest they risk malfeasance. Failure to adhere to these new regulations will result in a fine of the greater of 20,000,000 Euros or 4% global turnover.

In the same way that bad advertisements caused a disproportional response in the form of full-content blockers that effect good advertisers, the response from the European Union will significantly impact marketing, advertising, and analytics services.

... Harsh - What Can We Do?

The third-party blockers we mentioned, Ad-Block Plus, Ghostery, and Disconnect.me, eliminate client-side scripts. They detect and prevent JavaScript <script>s from running. If you use - or are - a service like VWO, Crazy Egg, New Relic, FullStory or Mixpanel, blocking software can out-right disable these features.

A solution is to serve third-party scripts at the edge-server. This keeps cumbersome JavaScript away from the client. The edge-server paradigm is safer and provides privacy benefits when compared to using the client; serving someone else's JavaScript from the client is dangerous. Fly exists to solve this problem.

Writing trackers into the server instead of the client checks one box: treating data protection as a primary concern. With the GDPR however, you need to notify anyone of exactly who is collecting data and what data is being collected. You need to present them with an opt-in. You'll need to be able to erase and fully reveal what has been collected each time it is requested.


As the web matures, part of the endearing, wild, and dangerous spirit from its infancy is slowly being secured away. The end result is a safer and more padded experience for everyone. A few bad apples have caused a significant decline in consumer trust in web advertisements and tracking methods. Consumers responded in the extreme by blocking everything possible. Governments are starting to catch up by clamping down on the wild funneling of user thought, action, and feeling in the form of aggregate data.

To adapt to the shifting landscape, you can get ahead of modernized blocking technologies by looking for services that all you to apply third-party features at the edge. Fly is one of them. However, if you rely on data collection as a core element of your business, regulations like the GDPR may push you into innovation new frontiers. We're excited to see how you adapt.

Fly started when we wondered "what would a programmable edge look like"? Developer workflows work great for infrastructure like CDNs and optimization services. You should really see for yourself, though.

Show Comments

Get the latest posts delivered right to your inbox.