Gnatcatcher

Overview

Google's Gnatcatcher is designed to prevent marketers from using IP address for geographic targeting or to detect fraud. ^[1]

Gnatcatcher is an umbrella term for two proposals that impact the use of IP addresses.

The first Gnatcatcher related proposal is Near-Path Network Address Translator (NAT), which routes traffic through Google proxy servers to hide the client IP from other third-party organizations.^[2] Routing traffic through a proxy-server causes all traffic to appear to originate from the same pool of IP addresses. Although Google calls these proxy servers " IP privatizing server (IPPS)," there is no guarantee that Google itself does not use data from this re-routed traffic for its own business purposes.

The second Gnatcatcher related proposal is Willful IP Blindness proposal, which requires organizations to self-certify that they are masking IP addresses when transferring information to their supply chain partners.^[3] Google suggests that it will impose Gnatchatcher or similar Privacy Budget processes on organizations that do not agree to mask IP addresses when working with their partners.^[4]

Impact

Google recognizes that geolocation is often used to help provide more relevant experiences as well as complying with regional regulations. "IP-based geolocation is used by a wide swath of services to serve content that is relevant to users (readers of news in Boston probably don’t care much about restaurant openings in Baltimore) as well as conforming to local laws."^[5] Gnatcatcher suggests that Google may allow Google-designated organizations to receive native traffic that avoids the Google proxy servers. Google has suggested it might provide people's geolocation via a Geolocation API.

Without access to accurate geographic information, organizations would be less able to comply with regional privacy regulations.

By removing the technographics that are often used to detect non-human traffic via Gnatcatcher, marketers would not be able to rely on existing fraud detection and prevention services. Moreover, by not being able to detect which publishers' sites have relatively more non-human traffic more of marketers budgets will be spent on fraud.

Given Google has alternate methods of collecting geolocation data via its consumer software and services, Google could use its extensive login data and Maps service to address many use cases that rivals rely on without requiring people to authenticate. Without access to similar accuracy of geolocation data rivals would not be able to provide may similar consumer services (e.g., store locations near you, weather near you, traffic directions, etc.).

Regulator Perspectives

The UK CMA noted (5.45-46) that should Google impair rivals' access to IP address, Google's proposal would:

1. "lead to Google’s rival publishers offering a worse service to both users and advertisers when competing with Google to attract advertiser spend to their ad inventory,"
2. " hamper Google’s rivals’ abilities to detect fraud and limit their ability to optimize their online content to... a user's geographic location."^[6]

Note: Google has made no commitment that it will blind its own B2B software and services from using IP address nor offer this service for free.

Open Questions

• Will Google guarantee to people that their proxy servers will not log any personal data?
• Will Google guarantee that it will not use any data from this re-routed traffic for any business purpose?
• Given many publishers rely on supply chain partners for personalizing their web properties, will Google allow publisher control over which organizations receive native traffic that avoids the Google proxy servers?
• Will Google allow people to opt out of Google's geolocation tracking?

References