├── owl.png
├── barn-owl.png
├── owl-pink.png
├── README.md
├── src-img
├── barn-owl.webp
├── owlwebp.webp
├── owl.pxd
│ ├── metadata.info
│ ├── QuickLook
│ │ ├── Icon.tiff
│ │ └── Thumbnail.tiff
│ └── data
│ │ ├── originalImportedContentDocumentInfo
│ │ ├── 43096AF0-3173-418B-9717-4D72B7213128
│ │ ├── 6FBC734D-BE56-42C7-A2FB-9C8B3E583363
│ │ ├── 840F9A8A-C404-4198-9EEF-BA6E5A7F2060
│ │ ├── 85FB7668-07AF-4340-9E32-C456CA457A81
│ │ ├── 9B67EF81-1B35-462A-A954-61F13B1D2AD6
│ │ ├── AAE94F31-EE48-404F-A158-594581C4A589
│ │ └── FE5BB698-A7BF-4F8D-A4FA-477E175BBD2D
└── barn-owl.pxd
│ ├── metadata.info
│ ├── QuickLook
│ ├── Icon.tiff
│ └── Thumbnail.tiff
│ └── data
│ ├── originalImportedContentDocumentInfo
│ ├── 85FFFBAC-F90B-4114-BF89-BA4BB1701D38
│ ├── B8B6EF5A-36A8-41F5-B01F-5E2A43110DA3
│ ├── DED49B18-00C5-49C7-87D7-C438EBA695FB
│ └── EA457466-9040-4772-B65C-8C7C7656F99F
├── LICENSE
├── .gitignore
├── proposal.svg
└── index.html
/owl.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/owl.png
--------------------------------------------------------------------------------
/barn-owl.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/barn-owl.png
--------------------------------------------------------------------------------
/owl-pink.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/owl-pink.png
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # garuda
2 | Governance of Ad Requests by a Union of Diverse Actors
3 |
--------------------------------------------------------------------------------
/src-img/barn-owl.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/barn-owl.webp
--------------------------------------------------------------------------------
/src-img/owlwebp.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/owlwebp.webp
--------------------------------------------------------------------------------
/src-img/owl.pxd/metadata.info:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/owl.pxd/metadata.info
--------------------------------------------------------------------------------
/src-img/barn-owl.pxd/metadata.info:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/barn-owl.pxd/metadata.info
--------------------------------------------------------------------------------
/src-img/owl.pxd/QuickLook/Icon.tiff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/owl.pxd/QuickLook/Icon.tiff
--------------------------------------------------------------------------------
/src-img/barn-owl.pxd/QuickLook/Icon.tiff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/barn-owl.pxd/QuickLook/Icon.tiff
--------------------------------------------------------------------------------
/src-img/owl.pxd/QuickLook/Thumbnail.tiff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/owl.pxd/QuickLook/Thumbnail.tiff
--------------------------------------------------------------------------------
/src-img/barn-owl.pxd/QuickLook/Thumbnail.tiff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/barn-owl.pxd/QuickLook/Thumbnail.tiff
--------------------------------------------------------------------------------
/src-img/owl.pxd/data/originalImportedContentDocumentInfo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/owl.pxd/data/originalImportedContentDocumentInfo
--------------------------------------------------------------------------------
/src-img/owl.pxd/data/43096AF0-3173-418B-9717-4D72B7213128:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/owl.pxd/data/43096AF0-3173-418B-9717-4D72B7213128
--------------------------------------------------------------------------------
/src-img/owl.pxd/data/6FBC734D-BE56-42C7-A2FB-9C8B3E583363:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/owl.pxd/data/6FBC734D-BE56-42C7-A2FB-9C8B3E583363
--------------------------------------------------------------------------------
/src-img/owl.pxd/data/840F9A8A-C404-4198-9EEF-BA6E5A7F2060:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/owl.pxd/data/840F9A8A-C404-4198-9EEF-BA6E5A7F2060
--------------------------------------------------------------------------------
/src-img/owl.pxd/data/85FB7668-07AF-4340-9E32-C456CA457A81:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/owl.pxd/data/85FB7668-07AF-4340-9E32-C456CA457A81
--------------------------------------------------------------------------------
/src-img/owl.pxd/data/9B67EF81-1B35-462A-A954-61F13B1D2AD6:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/owl.pxd/data/9B67EF81-1B35-462A-A954-61F13B1D2AD6
--------------------------------------------------------------------------------
/src-img/owl.pxd/data/AAE94F31-EE48-404F-A158-594581C4A589:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/owl.pxd/data/AAE94F31-EE48-404F-A158-594581C4A589
--------------------------------------------------------------------------------
/src-img/owl.pxd/data/FE5BB698-A7BF-4F8D-A4FA-477E175BBD2D:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/owl.pxd/data/FE5BB698-A7BF-4F8D-A4FA-477E175BBD2D
--------------------------------------------------------------------------------
/src-img/barn-owl.pxd/data/originalImportedContentDocumentInfo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/barn-owl.pxd/data/originalImportedContentDocumentInfo
--------------------------------------------------------------------------------
/src-img/barn-owl.pxd/data/85FFFBAC-F90B-4114-BF89-BA4BB1701D38:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/barn-owl.pxd/data/85FFFBAC-F90B-4114-BF89-BA4BB1701D38
--------------------------------------------------------------------------------
/src-img/barn-owl.pxd/data/B8B6EF5A-36A8-41F5-B01F-5E2A43110DA3:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/barn-owl.pxd/data/B8B6EF5A-36A8-41F5-B01F-5E2A43110DA3
--------------------------------------------------------------------------------
/src-img/barn-owl.pxd/data/DED49B18-00C5-49C7-87D7-C438EBA695FB:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/barn-owl.pxd/data/DED49B18-00C5-49C7-87D7-C438EBA695FB
--------------------------------------------------------------------------------
/src-img/barn-owl.pxd/data/EA457466-9040-4772-B65C-8C7C7656F99F:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darobin/garuda/main/src-img/barn-owl.pxd/data/EA457466-9040-4772-B65C-8C7C7656F99F
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2021 Robin Berjon
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Logs
2 | logs
3 | *.log
4 | npm-debug.log*
5 | yarn-debug.log*
6 | yarn-error.log*
7 | lerna-debug.log*
8 |
9 | # Diagnostic reports (https://nodejs.org/api/report.html)
10 | report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
11 |
12 | # Runtime data
13 | pids
14 | *.pid
15 | *.seed
16 | *.pid.lock
17 |
18 | # Directory for instrumented libs generated by jscoverage/JSCover
19 | lib-cov
20 |
21 | # Coverage directory used by tools like istanbul
22 | coverage
23 | *.lcov
24 |
25 | # nyc test coverage
26 | .nyc_output
27 |
28 | # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
29 | .grunt
30 |
31 | # Bower dependency directory (https://bower.io/)
32 | bower_components
33 |
34 | # node-waf configuration
35 | .lock-wscript
36 |
37 | # Compiled binary addons (https://nodejs.org/api/addons.html)
38 | build/Release
39 |
40 | # Dependency directories
41 | node_modules/
42 | jspm_packages/
43 |
44 | # TypeScript v1 declaration files
45 | typings/
46 |
47 | # TypeScript cache
48 | *.tsbuildinfo
49 |
50 | # Optional npm cache directory
51 | .npm
52 |
53 | # Optional eslint cache
54 | .eslintcache
55 |
56 | # Microbundle cache
57 | .rpt2_cache/
58 | .rts2_cache_cjs/
59 | .rts2_cache_es/
60 | .rts2_cache_umd/
61 |
62 | # Optional REPL history
63 | .node_repl_history
64 |
65 | # Output of 'npm pack'
66 | *.tgz
67 |
68 | # Yarn Integrity file
69 | .yarn-integrity
70 |
71 | # dotenv environment variables file
72 | .env
73 | .env.test
74 |
75 | # parcel-bundler cache (https://parceljs.org/)
76 | .cache
77 |
78 | # Next.js build output
79 | .next
80 |
81 | # Nuxt.js build / generate output
82 | .nuxt
83 | dist
84 |
85 | # Gatsby files
86 | .cache/
87 | # Comment in the public line in if your project uses Gatsby and *not* Next.js
88 | # https://nextjs.org/blog/next-9-1#public-directory-support
89 | # public
90 |
91 | # vuepress build output
92 | .vuepress/dist
93 |
94 | # Serverless directories
95 | .serverless/
96 |
97 | # FuseBox cache
98 | .fusebox/
99 |
100 | # DynamoDB Local files
101 | .dynamodb/
102 |
103 | # TernJS port file
104 | .tern-port
105 |
--------------------------------------------------------------------------------
/proposal.svg:
--------------------------------------------------------------------------------
1 |
16 |
--------------------------------------------------------------------------------
/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 | Governance of Ad Requests by a Union of Diverse Actors (GARUDA)
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
23 |
54 |
55 |
56 |
63 |
64 |
65 | Multiple proposals exist to reform programmatic advertising on the Web. Some, most
66 | notably PARAKEET,
67 | the FLEDGE bid server,
68 | and ongoing work by Prebid, rely on the existence of a
69 | trustworthy server that can perform tasks such as anonymising ad requests. This type
70 | of model has interesting properties, notably they are easier to audit and do not require
71 | moving significant chunks of logic into the browser, but they also suffer from the problem
72 | that the server itself must be trusted, even while sitting outside the realm of the user's
73 | control.
74 |
75 |
76 | This document drafts an overall vision and governance model able to support such
77 | trustworthy utility servers by having them owned and operated by an entity governed in
78 | common by different constituencies. The name comes from Garuda,
79 | which Wikipedia describes as "the king of birds" and "a protector with the power
80 | to swiftly go anywhere, ever watchful."
81 |
82 |
83 |
84 |
85 |
The Impossible, Inescapable Reform of Advertising
86 |
87 | Digital advertising has rightly become despised through decades of mismanagement, but it
88 | nevertheless is an essential utility. While other business models do exist and should
89 | prosper, they are simply insufficient to make up for the loss that eradicating advertising
90 | would cause. Our only option, then, is to fix it.
91 |
92 |
93 | Most parties support reform, but it is proving politically difficult to achieve.
94 | Advertising is a complex environment involving multiple stakeholders that run completely
95 | different organisations yet the pieces they provide must all more or less fit together for
96 | the system to function. The current system operates poorly — in some parts staggeringly so —
97 | but it does operate. Changing the way in which some parts fit together requires different
98 | stakeholders to agree to change in matching ways, and therein lies the rub.
99 |
100 |
101 | Coordinate change is difficult at all times, but in digital advertising it is particularly
102 | challenging because most of the parties actively distrust one another.
103 |
104 |
105 | We therefore find ourselves presented with a choice: reform can either happen through
106 | vertical integration which will favour the most integrated, or it can happen through
107 | multistakeholder standards. The latter is preferable as it can bring forward a healthier
108 | ecosystem in which more voices are represented, but it can only exist if we develop a
109 | principled governance structure to foster trust between stakeholders.
110 |
111 |
112 | This is where a trustworthy server becomes a particularly useful construct. Since it
113 | has to be trusted by all stakeholders (no one would trust such a server operated by
114 | just one type of party), it provides a common space for browsers (representing users),
115 | publishers, and adtech intermediaries to meet, and where they can be put in a position of
116 | needing to achieve consensus for the system to operate.
117 |
118 |
119 |
120 |
Objective
121 |
122 | The goal of Garuda is to make a trustworthy advertising server
123 | possible. The notion of a trustworthy advertising server is a potentially very
124 | powerful one in that it can enable a number of highly-desirable use cases in advertising
125 | technology, notably that of anonymising requests. However, trust does not appear as if by
126 | magic and it needs to be designed for.
127 |
128 |
129 | Several suggestions have been made in order to make this trust possible, but none of them
130 | works today:
131 |
132 |
133 |
134 | Just trust the publisher/intermediary/tech company. This is not a
135 | realistic option, certainly not for a system meant to operate in the wild and at this
136 | scale. The web is trustworthy because there is no need to trust a website. This
137 | property needs to be imported here.
138 |
139 |
140 | Use some form of secure multiparty computation magic. Purely
141 | mathematical solutions are great in that they are highly enforceable; however it is not yet
142 | clear that this problem can be solved in full that way, straight from the browser.
143 |
144 |
145 | It's open source! That is great, and whatever Garuda produces will be
146 | open source, but just because something is open source doesn't prove that the system
147 | running it is actually running that open source implementation as is — it's pretty easy to
148 | cheat.
149 |
150 |
151 | Rely on regulation or contracts. Our jobs as technologists would be a
152 | lot simpler if we could treat technology as neutral and offload figuring out the hard
153 | human parts to legislators. Unfortunately, that approach is not just not simple but
154 | simplistic. The past two decades of digital advertising regulation have relied on
155 | contractual obligations and user-hostile choice architectures, with effectively nothing to
156 | show for it.
157 |
158 |
159 | Move everything into the browser. The browser is intended as a point of
160 | maximal trust for users, and to a large degree this trust is inescapable. Unfortunately,
161 | there is no longer consensus in the Web community that all major browsers are acting as
162 | trustworthy agents for the users and there is suspicion of self-dealing from some vendors,
163 | particularly relating to advertising. Rebuilding trust in browsers is a highly desirable
164 | outcome, but sits outside the scope that we tackle here. This proposal endeavours to deal
165 | with the cards we have been given and not those I might wish we had had instead.
166 |
167 |
168 |
169 | Garuda's core tenet is that we can solve problems of trust with human arrangements. On the
170 | downside, these are necessarily imperfect and they incur some overhead. On the upside, a
171 | group of people with effective checks and balances can handle complex and evolving
172 | situations better than anything else — and provide a strong foundation atop which to build
173 | trust between parties that, historically and structurally, do not trust one another much.
174 |
175 |
176 |
177 |
Responsibilities
178 |
179 | Garuda is an institutional arrangement composed of several constituencies and groups that
180 | together form the Garuda institution. The
181 | [=Garuda institution=] has several responsibilities:
182 |
183 |
184 |
Shepherding the technical standards that define the Garuda trustworthy server
185 |
186 | Garuda will need to cooperate with the W3C and with
187 | WPT in order to guarantee that the technical
188 | standards that define how all parties integrate and interact with the trusted server are
189 | interoperable, royalty-free, and in line with the ethical principles of the Web and the
190 | Internet ([[?ETHICAL-WEB]], [[?RFC8890]]).
191 |
192 |
Managing the open source implementation and maintenance of the trusted server
193 |
194 | The trusted server will be developed in an open source manner, but changes made to the code
195 | will need to be aligned with the objectives of the [=institution=], which will need to be
196 | reflected in the change review process. Further, there is no expectation that software
197 | development will be entirely carried out by the community; rather the [=institution=]
198 | should provision sufficient resources to underwrite the entirety of the server's
199 | development.
200 |
201 |
Operating the worldwide network of trustworthy servers
202 |
203 | The [=institution=] will operate a network of trustworthy servers with high-performance
204 | SLAs and an arrangement that enables easy auditing. This is intended to be core
205 | infrastructure for the entire Web, and requires a level of quality and scale to match.
206 |
207 |
Ensuring the general health of the advertising ecosystem
208 |
209 | By providing a common space where stakeholders must reach some form of consensus in order
210 | for the system to operate, the [=institution=] is taking on some responsibility for the
211 | health of the broader digital advertising ecosystem.
212 |
213 |
214 |
215 |
216 |
Governance Model
217 |
218 | This section provides only an outline of the governance model for the [=Garuda institution=].
219 | At this stage, my purpose is solely to describe the approach and sketch out enough of its
220 | mechanics to establish feasibility. Development of the full principles and bylaws will, by
221 | nature, have to be an open and multistakeholder exercise.
222 |
223 |
224 | Significant parts of the Internet's infrastructure operate under more or less formal
225 | governance arrangements. Standards, of course (W3C, IETF, WHATWG, TC-39), but also top-level
226 | domain names, internet peering, or the ISRG and Let's Encrypt. We can make this work for
227 | advertising too.
228 |
229 |
230 | The [=Garuda institution=] is comprised of two primary bodies: the [=Governance Board=] and
231 | the [=Legal Entity=].
232 |
233 |
234 | The Governance Board is tasked with the oversight of the
235 | [=institution=]. It concerns itself primarily with the [=principles=], which it will control
236 | for in the behaviour of the [=Legal Entity=] as well as the technical standards and open
237 | source implementation of the trusted server. It also names the [=Executive Director=].
238 | All [=Board=] deliberations are public (with perhaps a few exceptions for personnel matters).
239 |
240 |
241 | The Legal Entity takes care of day-to-day operations. It is
242 | responsible for maintaining, deploying, and operating the trusted server at requisite SLAs
243 | and at reasonable cost, as well as of research into future technology that Garuda could use,
244 | with organising the various working groups that will bring stakeholders together to help
245 | evolve Garuda over time, and with the elaboration of policy positions which Garuda will
246 | cooperate with regulators on. It is run by the [=Executive Director=].
247 |
248 |
249 | The [=Board=] selects (by consensus) an Executive Director every three years or
250 | whenever the post becomes vacant. There is a strong assumption that the [=Executive Director=]
251 | will not necessarily be renewed: every time a new [=ED=] must be selected, the [=Board=] is
252 | expected to review multiple candidates. The [=Board=] can revoke the [=ED=] with a
253 | [=supermajority=]. The [=ED=] leads the [=Legal Entity=].
254 |
255 |
256 | Garuda operates according to fundamental ethical principles
257 | (which need to be written before it kicks off, [[?ETHICAL-WEB]], [[?RFC8890]], or [[?PUP]]
258 | are good starting points). These [=principles=] can be changed with [=supermajority=]. The
259 | purpose of these [=principles=] is to guide the [=Board=]'s discussions and inform its decisions.
260 |
261 |
262 | There are three primary constituencies: browser vendors (vendors, not engines, and
263 | expected to proxy for users), publishers, and adtech intermediaries. For each of them,
264 | there are inclusion criteria that are based on volume of the traffic they see through the
265 | trusted server. The volume threshold can differ per [=constituency=], it is designed to
266 | prevent gaming the system by spawning multiple entities. Entities with sufficient volume
267 | have voting rights on a one-entity/one-vote basis, there is no volume proration.
268 |
269 |
270 | Any entity eligible to be part of a [=constituency=] has some voting rights. These voting
271 | rights allow them to elect their representatives to the [=Governance Board=] for that
272 | [=constituency=]. Candidates can be nominated by any entity with voting rights.
273 | [=Board=] seats are open for three years with a third being renewed every year.
274 |
275 |
276 | Each [=constituency=] has three representatives on the [=Board=]. No company can have more
277 | than one representative, even if it participates in different [=constituencies=]. If one
278 | [=constituency=] has fewer than two candidates in a given election, then it gains zero
279 | representation. (If interest from that group is too low, it shouldn't be taken over by a
280 | single party.)
281 |
282 |
283 | Supermajority: some changes require a [=supermajority=] of the [=Board=].
284 | [=Supermajority=] is defined as:
285 |
286 |
287 |
288 | ⅔rd of the members of the [=Board=] vote in support; and
289 |
290 |
291 | at least one [=Board=] member from each [=constituency=] must vote in support (so if the
292 | three members from one [=constituency=] are agreed against, they effectively have veto
293 | power).
294 |
295 |
296 |
297 | The [=Legal Entity=] is financed through a very small tax on advertising. Two models are
298 | possible: one is a flat fee per request, another is a percentage of effective CPM. The
299 | latter is preferred in that it will incentivise Garuda to increase effectiveness of
300 | advertising (whereas the former incentivises volume) but may prove more complicated to
301 | build, especially in terms of how to avoid lying about it (so long as it's above the
302 | provided bid floor). The amount and type of the tax is determined by the [=Board=]. The
303 | overall taxation structure might further depend on the type of operation requested, since
304 | not all are equally computationally expensive, and making sure that we properly cost in
305 | computational cost is important from an ecological point of view.
306 |
307 |
308 | Part of the tax should further be set aside to provide financial support to stakeholders
309 | who cannot afford to pay someone to spend time in [=Board=] discussions, so as to ensure that
310 | participants from companies of all sizes, and from all backgrounds the world around can
311 | participate with equity.
312 |
313 |
314 |
315 |
Use Cases
316 |
317 | The immediate focus is on getting enough of a PARAKEET-like structure off the ground, so
318 | that we can have an open source system and the server infrastructure to operate it in a
319 | trustworthy fashion up and running. This should enable sufficient anonymisation in the ad
320 | environment to make it safe for users, and enable novel publisher techniques. But longer-term,
321 | more can be done from this position because the PARAKEET server creates a "place" of sort
322 | which can broker multiple adtech functions in such a way that multiple stakeholders have to
323 | reach consensus as to how it works. This can progressively build a way out of the current
324 | unilateral, conflict-driven model that is causing so much strife across the ecosystem.
325 |
326 |
327 | Some problems that this could help address are listed below. Note that I am deliberately
328 | staying at a very high level for the time being as I do not believe that any of these should
329 | be the first area of focus.
330 |
331 |
332 |
333 | Fraud: putting control over fraud prevention not just with
334 | intermediaries would incentivise making it more effective. The trusted server has
335 | access to detailed user information that can support fraud detection. How this would
336 | integrated safely with fraud detection vendors is an open question.
337 |
338 |
339 | Malvertising: users and publishers have strong incentives to prevent
340 | malvertising, but are not usually in a position to do much about it. This would also help
341 | provide the line of defence that they expect. Detecting malvertising at the trusted server
342 | level will cause less revenue loss than when it happens on the publisher side. This should
343 | also make it easier to collaborate across servers to weed out dangerous creatives.
344 |
345 |
346 | Privacy: the system is designed for that, but it could be extended to
347 | protect user privacy in further contexts.
348 |
349 |
350 | Accountability: the current system is opaque and operates with no audit
351 | or control, and not visibility from most actors including publishers and users. Garuda
352 | could help bring about a position of farm-to-table accountability and traceability for
353 | creatives, of revenue transparency, and could help comply with coming regulations such as
354 | the DSA — though that would also require changes to upstream intermediaries as well.
355 |
356 |
357 | Brand Safety: this is a topic that needs to be managed with publisher
358 | input, instead of the system we have now that doesn't work for anyone. Attesting agents on
359 | the Garuda server could analyse the content of the page using a methodology of their own,
360 | and pass an attestation in the bid that the page is brand safe. The methodology in
361 | question would only be allowed to run on Garuda after consensus is found that it is not
362 | unilaterally detrimental to publishers.
363 |
364 |
365 | Creative Quality: ad creatives are produced with low quality
366 | engineering and are often highly wasteful of resources, with the cost of poor experience
367 | being borne by the publisher and user. This is a point of intervention for the server.
368 | Managing creative quality is similar to malvertising at a technical level, but the
369 | governance is different: we need the stakeholders to agree on what quality can get
370 | blocked, and the buy side needs to be informed that their ads are being dropped.
371 |
372 |
373 |
374 |
375 |
Known Issues
376 |
377 | These issues need to be addressed before this can move forward.
378 |
379 |
380 | One core problem in institution provision is how to pick who is legitimately in a given
381 | constituency, or put differently who is the polity? Garuda selects the polities of its
382 | constituencies through volume thresholds as measured by the trusted server. This is expedient
383 | for some constituencies, but does not work for all (see below).
384 |
385 |
386 | Another core problem is how to ensure that the constituencies are balanced?
387 | Historically, the interests of the buy-side and of the intermediaries have often aligned
388 | against users, with publishers splitting between the two. A system in which some stakeholder
389 | constituencies that are almost always aligned have a guaranteed majority will lack the checks
390 | and balances to be effective, fair, and credible.
391 |
392 |
393 | This can in part be addressed with principles (which we need anyway, and that would
394 | prevent approaching users from an adversarial angle), which can't be changed without support
395 | from at least one entity in each constituency, and also from the fact that if
396 | user-hostile tactics were to become supported in Garuda then enough browsers would just walk
397 | as to void their constituency, returning the world to ad blocking as the logical line of
398 | defense. But that offers relatively weak protection.
399 |
400 |
401 |
Users are not represented
402 |
403 | Traditionally, user agents have taken on the role of aligning with users. As detailed in
404 | [[?RFC8890]], this is an architecture that presents multiple advantages. Unfortunately,
405 | in recent times, some user agents have drifted away from this position of trustworthiness,
406 | and this complicates the process of relying on them as representatives of users.
407 |
408 |
409 | Additionally, the problems created by advertising often target underrepresented and
410 | marginalised communities, issues which browser vendors have limited expertise in
411 | combating. Browser vendors are not, either in terms of their employees or their legal
412 | structures, very representative of the global community, notably of the global South.
413 |
414 |
415 | Establishing a legitimate worldwide polity for humankind (including those not yet
416 | connected whose participation could be helped by a healthy advertising ecosystem) is not a
417 | problem that we can solve, however we should seek ways to increase representativity. One
418 | option could be the UN (possibly as an observer).
419 |
420 |
421 |
422 |
The buy side is not represented
423 |
424 | The buy side is where the money comes from and is the set of sources who have the strongest
425 | incentives to keep everyone honest in terms of fraud, effectiveness, and brand safety.
426 |
427 |
428 | It is not obvious how to pick a good polity for this group either. There is also a risk
429 | that they could align excessively with intermediaries, which would unbalance the
430 | governance structure and undermine its credibility.
431 |
432 |
433 | One potential solution is to make it so that the Garuda system knows who is paying for
434 | every creative that it eventually serves. If the system supports farm-to-table traceability
435 | and revenue transparency, this is a requirement anyway as the creative will need to contain
436 | verifiable information about who paid for it and how much. Extracting this payment
437 | information would make it possible to establish a volume threshold (in spend) for the
438 | buy-side to be represented. This would not address balancing issues — unless users also
439 | got a constituency of their own (or intermediaries lost theirs).
440 |
441 |
442 | Another potential option would be the WFA (possibly as an observer).
443 |
444 |
445 |
446 |
447 |
Acknowledgements
448 |
449 | I stole a bunch of ideas from Mark Nottingham, and a few from Cullen Jennings too. Aram
450 | Zucker-Scharff, Mihir Kshirsagar, and Reuben Binns provided a lot of invaluable feedback.
451 | Many thanks to Juan Ortiz Freuler for organising a discussion session around Garuda at the
452 | Berkman Klein Center for Internet & Society before it was even public, as well as to
453 | Levin Kim, Crystal Lee, Sahar Massachi, Tom Zick as convenors of the Ethical Tech
454 | and Big Tech Governance groups, and the attendees of the session for a spirited and
455 | constructive discussion.
456 |
457 |
458 | I am very grateful for my colleagues at The New York Times for supporting this work,
459 | atypical as it may be.
460 |