It’s easy to see why the behavioral advertising business feels threatened lately. Already some of the most popular browser add-ons are for blocking ads and tracking. (Here’s one list.) As of last May, according to ClarityRay, 9.26% of all ads were being blocked by browsers. For tech content, the rate was 17.79% and in one country (Austria) the rate was 22.5%. Ad blocking was highest with Mozilla (17.81%) and lowest with Explorer (3.86%).

Not surprisingly, Microsoft smelled the demand and defaulted Do Not Track in the “on” position with its next version of Explorer. Also not surprisingly, this proved controversial.

And now comes Ad Networks Beware: Firefox to Block Third-Party Cookies: New policy could squeeze online behavioral advertising, by Katy Bachman in AdWeek. She begins,

The Interactive Advertising Bureau lashed out Saturday at a new Firefox policy to block third-party cookies, effectively cutting off ad networks’ ability to track users. That could be put a crimp in the growing online behavioral advertising business, but give privacy advocates a victory in their attempts to give users more control over their online information.

Mike Zaneis (@MikeZaneis), the organization’s svp and general counsel tweeted that Mozilla’s new policy was nothing less than “a nuclear first strike against the ad industry.”

Firefox will begin blocking the cookies from third-party ad networks by default beginning with distribution of Firefox version 22 on April 5. The browser would allow cookies from first party websites that users visit, according to Jonathan Mayer, a grad student at Standford University who wrote the patch for Mozilla.

Firefox’s new cookie policy is similar to Apple Safari, but “slightly relaxed,” Mayer said in a blog post.  In practice, both Google Chrome and Microsoft Internet Explorer allow third-party cookies.

The links are mine.

For a good picture of the debate at work, read the whole thread below Mike’s tweet. In it you’ll see how hard it is to draw lines we don’t want others to cross. If we’re Mike and the IAB, we want to draw the line as far out as our self-reguatory principles for online behavioral advertising allow. That line is inclusive of (presumably) harmless forms of tracking. If you’re Chris Saghoian (@csaghoian), one of the creators of Do Not Track (and a voice in that thread), the line not to cross is the personal one that surrounds one’s private spaces. Among those is the vehicle called a browser, in which one would like to drive around the Web enjoying car-like independence.

Here in the VRM world, we are in the second camp. But we’d rather leave the fighting up to others, and instead extend an olive branch toward cooperative development of tools that shake hands and work together across both kinds of lines. That’s what I did at the last link, in September. Since then I’ve enjoyed a positive back-channel conversation that I’d like to keep moving forward.

Also in play are regulatory urgings. This was behind George Simpson‘s Suicide by Cookies, at MediaPost. He begins there by framing up a problem:

Evidon measured sites across the Internet and found the number of web-tracking tags from ad servers, analytics companies, audience-segmenting firms, social networks and sharing tools up 53% in the past year. (The ones in Mandarin were probably set by the Chinese army.) But only 45% of the tracking tools were added to sites directly by publishers. The rest were added by publishers’ partners, or THEIR partners’ partners.

Then he builds the correct forecast of regulatory squeezery, and concludes with this:

I have spent the better part of the last 15 years defending cookie-setting and tracking to help improve advertising. But it is really hard when the prosecution presents the evidence, and it has ad industry fingerprints all over it — every time. There was a time when “no PII” was an acceptable defense, but now that data is being compiled and cross-referenced from dozens, if not hundreds, of sources, you can no longer say this with a straight face. And we are way past the insanity plea.

I know there are lots of user privacy initiatives out there to discourage the bad apples and get all of the good ones on the same page. But clearly self-regulation is not working the way we promised Washington it would.

I appreciate the economics of this industry, and know that it is imperative to wring every last CPM out of every impression — but after a while, folks not in our business simply don’t care anymore, and will move to kill any kind of tracking that users don’t explicitly opt in to.

And when that happens, you can’t say, “Who knew?”

More background on all this can be found at Wharton’s Future of Advertising Program, where they asked a bunch of people “What could/should ‘advertising’ look like in 2020?” I answered here. My bottom lines:

Here is where this will lead by 2020: The ability of individuals to signal their intentions in the marketplace will far exceed the ability of corporations to guess at those intentions, or to shape them through advertising. Actual relationships between people and processes on both sides of the demand-supply relationship will out-perform today’s machine-based guesswork by advertisers, based on “big data” gained by surveillance. Advertising will continue to do what it has always done best, which is to send clear signals of the advertiser’s substance. And it won’t be confused with its distant relatives in the direct response marketing business.

The follow-up question was, “What do we need to do now for this future?” My answer to that one:

Three things.

First, make sharper distinctions between brand and direct response advertising — distinctions that make clear that the latter is a different breed, with different virtues, methods and metrics.

Second, follow and encourage the development of tools that give individuals more independence and ability to engage.

Third, do more research on the first two, so we have better tracking of trends as they develop.

Our job with ProjectVRM is the last two.