Google’s latest attempt to meet privacy concerns and regulations (IP proxies) is causing a bit of a stir.
Thanks to Anu Adegbola’s investigative research, initial plans were uncovered. Now that we’ve had a bit to process, we’re going to dive into:
- What are Google proposing to do (per their GitHub)?
- Who will it impact?
- What can you do to prepare?
Before we dive too deep into the weeds, it’s important to define all the pieces in play:
- Internet Protocol (IP) Addresses: A unique number assigned to devices connected to the internet. These are how you’re able to access information on the internet and act as a “calling card.”
- Click Fraud Protection: Tools designed to block malicious IP addresses (bots) from engaging with ads/sites. They are able to identify and block the root IP address that’s causing the issue.
- Location Targeting: A PPC strategy that allows you to serve ads to a user who is in, regularly visits, or shows interest in a given location.
- Exclusions: The act of telling an ad platform you do not want traffic from a place, audience bucket, website placement, or people who use specified words in their queries (negatives).
A final note: This is in active development, and Google has not yet made firm statements about how it will be applied.
Expect this post to be updated around/after Google Marketing Live when we anticipate the search giant will make more concrete announcements about it.
What Is Google Proposing To Do?
Google is proposing to use two proxies to mask IP addresses.
This means an IP address would make the call to a site for information (including Google search), and the IP will be converted to a randomly assigned different IP for non-approved third party tools.
That randomly assigned unique IP will then be converted to a third IP address. In this way, the user will be able to access all the site information. However, their personal IP address will be masked unless they consent to share it.
In action, the flow would go something like this:
- I search for [things to do in Iceland] using my real IP to access Google’s search results in my Chrome browser.
- My IP connects with Google’s systems and will be converted to a proxy IP. This proxy IP will be the IP that engages with any third-party tools after a second proxy masking.
- Google will serve me a beautiful search engine result page (SERP) full of videos, images, and links (paid/organic) for me to get ideas.
- I click on the link to Frost and Fire (our favorite hotel in Iceland, where we went on our honeymoon).
- My IP engages with Frost and Fire’s DNS. Any third party tools like analytics, call tracking, or ad platforms will receive the double proxied IP unless I say it’s ok for them to have my actual IP.
- I view the site and choose to consent to tracking or not. If I choose not to be tracked, my IP will remain obscured.
Google proposes using cohorts to help with the geo element, focusing on countries with some state/sub-country targeting.
However, it also acknowledges it cannot be 100% accurate. Currently, the threshold to be considered for a cohort is 1 million unique web cookies across a two-week period.
To put this in context, HubSpot found that only 31% of sites get more than 50,000 unique visitors per month. A 2018 study from Research Gate found that domains only have 10 cookies (median).
There is a real possibility that Google will need to merge interests/location cohorts to meet the minimum. There is no word yet on whether exclusions will be impacted by the location targeting.
Who Will It Impact?
In theory, this is a huge gain for privacy because you can access all internet properties without any company knowing who or where you are.
On the other hand, if brands aren’t sure who you are, they might serve you entirely irrelevant ads or need reminders about your preferences.
Location Targeting
One of the reasons people are concerned about this is the location targeting issue (and lack of transparency).
As you can see, these proposed location cohorts are much bigger than conventional location targeting. Brands that are used to targeting some cities or designated market areas (DMAs) because they’re more profitable than others might need to target states.
This is especially critical in low-search volume industries and low-population areas of the world.
For example, Boston (a fairly major city) has ~651,000 people. While many in the Boston area live in the surrounding cities or commute from out of state, some businesses might want to target Boston specifically.
With this new rule, it is very possible that targeting Boston (the city) won’t be possible anymore – even with it being a college town with high internet usage.
On the other hand, the whole state of Rhode Island has just over 1 million people. While many businesses are subjectively close together, people in Rhode Island tend not to want to go more than 15 minutes by car.
Additionally, almost 30% of Rhode Island has no internet. This means that many users in Rhode Island would likely be absorbed into other states’ cohorts, or would be lumped together in a single statewide target.
Ginny Marvin, product liaison at Google, confirmed the location thresholds aren’t new.
Click Fraud
The other major consideration is click fraud technology. For years, brands have gratefully availed themselves of click fraud services to block malicious IP addresses.
If the original IP address is obscured from both Google and the end site, it will be really hard to truly protect against those bots.
As Google said in its GitHub post:
- The destination origin doesn’t see the client’s original IP address.
- Google can’t see the origin that clients interact with.
- No single proxy can see the origins that clients interact with and the clients’ original IP address.
- IP addresses of the proxies cannot be used as stable identifiers.
- We are using a list-based approach, and only domains on the list in a third-party context will be impacted. More information below.
I expect click fraud tech will need to adapt to a modeled workflow to account for malicious IPs not opting into sharing their IP address.
Whether they choose to block IPs predictively based on the listing mechanic or use other signals remains to be seen.
However, as it stands now, Google would be removing the ability for sites to protect against malicious bots, which impacts paid and organic.
User Experience
It’s worth acknowledging its impact on the user experience and what people will give up in the name of privacy.
As it stands now, ad platforms do their best to serve relevant ads to relevant users. If brands aren’t able to understand who their users are (existing customers included), it will be impossible to avoid serving ads to existing customers.
The saving grace is that this is opt-in and requires users to log in. While some may opt-in because they enjoy the idea of perfect privacy, I would be very surprised if users maintained the setting.
Here’s why:
- People like ease of life. Having to reconfirm information and remind a brand about their preferences gets old quickly. I’m not saying people won’t find the positives outweigh the negatives, but I expect folks to get a rude surprise if they opt for perfect privacy.
- Getting ads from a brand you already do business with is a source of constant frustration for many today. It will only get worse if brands lose the ability to protect their existing customers. Google’s customer match and Performance Max verbiage include a clause that they might not be able to fully protect users due to technology.
What Can You Do To Prepare?
The biggest thing is getting your exclusions ready. As of now, there is nothing in any of the documentation around exclusions being impacted.
Google exclusions allow you to exclude people in a specified location, or who show interest in a specified location. You have always been able to exclude locations within a target location. Until this goes away, this is the easiest way to make sure you’re setting your budgets up for success.
However, keep an eye on your status column. I expect a lot of “Eligible: Misconfigured” as Google and advertisers figure out how surgical they can be with exclusions.
Another really important step is to communicate with your customers about this change. An informed user is an empathetic user.
You can get ahead of many friction moments by owning that this is a potential technical limitation on your ability to sequester existing customers from marketing efforts.
Read the full GitHub documentation and give feedback. Google needs to understand how this will impact us and whether it will achieve the desired results (balancing privacy with utility).
Do some research on your main markets and their internet usage. Tools like BroadbandSearch.net are great for giving you a sense of how likely you are to be put in a focused or muddled cohort.
Final Thoughts
Big shout out to Optmyzr’s Fred Vallaeyes who noticed that most folks were panicking prematurely and didn’t catch that the proxy masking was focused on third party tools only. As Google reported in their latest blog post, users will be able to block IP addresses in their PMAx campaigns. So IP exclusions are still very much a tool in our arsenal.
I don’t think this is a bad thing until it’s implemented and we see what functionality makes it into the final version.
Am I nervous about the location targeting piece (especially for niche industries and smaller population areas)? Absolutely.
Do I think all my Google Ads (and other ad networks running on Chrome) are going to implode? No.
At the end of the day, we still have our creative, and a lot of effort has been invested in modeling technology.
We just need to get better at convincing our customers to consent to data sharing and trust in modeling.
More resources:
- Local SEO For Non-Physical Businesses: Overcoming The Challenges
- How To See Google Search Results And Rankings For Different Locations
- How Search Engines Work
Featured Image: Funtap/Shutterstock