‍

We’re now a couple of weeks into Apple’s latest iOS privacy move. If you want to track users between apps and the web, or from an ad through the app store to an install, then you need to ask permission, and Apple has deliberately framed the question such that almost no-one will say yes. On some reports, CPMs are already down by half.

We could spend a lot of time arguing about the rights and wrongs of privacy and Apple’s framing and steering and use of its market dominance, but it’s probably more useful to suggest that all Apple has really done is implement the EU and California’s cookie laws, ‘but in apps’, and in an especially aggressive way. Step up another level, and this reflects a pretty broad shift in attitudes towards privacy in general and the huge inverted pyramid of complexity and nonsense of third party ad tracking in particular. Chrome and Safari are turning off third party cookies anyway. The cookie apocalypse is upon us and the tracking model of the last 25 years is going away.

What happens next? No-one in advertising quite knows. There are dozens of different projects for new ‘private’ ways to track users across different sites with different identity or logged-in models, but the most interesting remains Google’s FLoC, in which the browser analyses your behaviour and puts you into (mostly) anonymous, interest-based cohorts. The publisher can ask for a cohort and show you ads, but your actual activity never leaves your device. Apple does more or less the same thing on iOS in its News and Stocks apps, except that Apple also serves the ads and displays the content, so the underlying publishers see nothing at all (except a wire transfer). I think it’s very likely that Apple is looking at offering this in third-party apps and in Safari as well (I wrote about that here). So, Apple and Google want to move the tracking from the server to the client, and to one company with one point for the user to control instead of disaggregation across hundreds of publishers and ad-tech companies.

‍

There’s a bunch of reasons why this might not work, not least that no-one except Google and Apple want Google and Apple to have that much control over publishing and advertising. But it’s also worth stepping up another level again, and asking what advertisers are trying to do, anyway. People say ‘privacy’ so often that one can lose sight of the fact that advertisers don’t care who you are - they just want to show ads to people that might be interested in them, and not to show ads to people who won’t be interested. They don’t want to ‘violate your privacy’ - they want to show diaper ads to parents, car ads to people who want a car and watch ads to rich people.

Before the internet, that meant car ads in car magazines and watch ads in the Economist. Ads were based on context, and on inferring the audience from the context. The internet gave advertisers the opposite axis - it let them show ads based on the reader instead of the page. One side-effect of this was relocation of value - you can target an Economist reader a week later on a different website. If FLoC works, you can still do that. But the counter-case is that the value gets re-concentrated in the places with high-value context, rather than following the high-value readers around the web. It also gets re-concentrated in places with first party data. We will not be able to track you across different web sites, but we can still track you inside the same website, if it has lots of content and you spend lots of time there - Instagram or Facebook, but also the New York Times or the Guardian. The strong get stronger, which of course is the great tech policy trade-off - privacy versus competition.

The publisher, meanwhile cares about neither the ads nor your web browsing history, but about the money, and the harder the ad business has become, the more that publishers have shifted emphasis to pay walls, memberships and commerce. When those publishers are in the news business, this is another trade-off - pay walls (and privacy!) conflict with reach and public purpose, and again they tend to work best for the strongest. But way beyond news, if ATT/IDFA really does halve the CPMs, a lot more apps might have to change their business models. How many apps are funded by ads that won’t work so well now, and how many were using ads as the best way to acquire users and will have to find a new way to do that?

‍

Now, step up one more level again: why were brands buying ads anyway? Well, to reach a consumer, and how else are they doing that? The joke in D2C for a while now has been that ‘rent is the new CAC’. Should you spend your acquisition budget on ad networks, or Instagram… or on same-day shipping, a pop-up shop in the right part of Manhattan or London, or 100 shops, or free returns? Before the internet you couldn’t choose between shops or ads, but now that’s all the same algebra - how do you reach and serve a customer? If the cookie apocalypse resets the numbers for display, that money can go to search, but it can also go to Fedex or landlords. Which lever do you pull? The entire ad privacy fight is one moving part in a debate about how you reach your customers and how you spend a total of, perhaps, $7-800bn in the USA alone each year.

‍

Benedict Evans is a Venture Partner at Mosaic Ventures and previously a partner at a16z. You can read more from Benedict here, or subscribe to his newsletter.