IAB's SafeFrames Review by Laurent Nicolas, Founder & CEO of Alenty

The SafeFrames initiative is interesting because it emphasises that viewability is a very important topic. It shows that the industry is ready to make very important efforts to insure that ad-viewability will be correctly measured. Correctly means, “so robustly that it can be used for billing”. Many players in the industry dream of a world where unviewable ads are not invoiced anymore. The benefits will be shared among all the stakeholders and advertisers will, de facto, get more efficiency. Publishers may lose some inventory, but only the worst ones will be impacted. Ad-viewability will decrease the total inventory, which is the best way to increase prices.

This ideal world needs a robust viewability measurement method. Most viewability measurement companies have decent methods for non-iframes ads, but iframes make it more difficult. An iframe is a page within a webpage. Like all pages, it can be generated by any domain name, including a domain name different from that of the page where it is contained.

This is where all the interest and difficulty of iframes lie. An iframe cannot freely communicate with the page in which it is embedded if the pages are not served by the same domain; and more’s the better: the aim is to protect visitors’ privacy. For instance, the page may know where the visitor has come from (referrer), while the iframe does not. The page knows where the iframe is, the iframe doesn’t. An iframe is a sort of safe, whose security is guaranteed by the browser.

IAB pushes viewability measurement, so they want the iframes issue to be solved. They want it so much that they have worked very hard on a solution, called SafeFrames, to open a door in the wall of iframes.

However I am afraid that it will not be used.

1. Getting all websites to adapt to this standard will take years. Allowing iframes to share information with pages requires a pretty heavy set-up (a new domain name, js scripts availability, etc.). The “same name” rule that SafeFrames try to overcome is managed by browsers. They have the capability to solve a security issue is a few hours or days. Some websites may fear that SafeFrames open a door in this security wall and could be used by hackers to get information that they are not supposed to have. In this case, how quickly will the issue be corrected?

2. Even if the site uses SafeFrames, the iframe issues won’t be solved if the ad is within another iframe (nested iframes may not be able to access the SafeFrame API). So you must control the whole ad-delivery chain, not only the website. So when a site has made all these efforts to install SafeFrames, the measurement system may still not be able to work. As iframes are often used to “hide” the URL of the page on blind networks, nested iframes are pretty common.

3. It is possible to measure viewability in unfriendly iframes without this feature. Alenty has done this successfully for years now. Is this feature pushed by companies in this field who are not able to solve this problem? Alenty does not need SafeFrames.

4. The website can “cheat” and provide false or wrong information. As their goal is to have as many viewable ads as possible, they should not be the ones reporting if the ad has been seen. If the measurement company cannot double check that the ad was actually seen, then the information is useless. If the measurement company can measure if the ad was seen, then SafeFrames are useless. Only third-party companies can be independant.

5. comScore has sued many companies who measure viewability. Will they sue the websites who install SafeFrame 1.0? They are involved in the IAB technology council that pushes SafeFrames, isn’t there a kind of conflict of interest?

Nevertheless, one very interesting part of SafeFrames is the ability to display dynamic ads (expandable ads for instance), without interfering with the page content. It will be possible to deal with this in HTML5, where iframes can change their size, but it is not 100% ready yet. Will this restricted feature be interesting enough for websites to adopt SafeFrame?

A viewability measurement solution in iframes, such as Alenty’s, is available, robust, it does not require publishers’ side integration, and is already widely used, even for billing. In such an easy solution, why use a heavy solution like SafeFrame?