From the Deck’s new privacy policy:

As a network we have never issued cookies or tracked readers in any way. The only data we collect is gross impressions: the total number of times an ad has been served during a month. We have never known, or have had any way to know, who was served what ad. Basically, aside from our surveys, all we know is what we can learn from our server logs.

We have never allowed third-party ad serving via iFrames or Javascript. In years past however, we did allow for simple “standard” third-party ad serving. We discontinued that policy in 2014. As that technology became increasingly sophisticated, we felt we could not adequately police those situations. Nor do we have any desire to do so.

On rare occasions, we have allowed specific advertisers to use a simple 1×1 tracking pixel for limited periods of time. Given the current environment, we’re not going to be doing that any more. We have never allowed the injection of scripts, page takeovers, interstitial splash pages or any of the other tomfoolery that so frustrates readers. Smart marketers do, of course, use specific links in their ads, which in combination with the gross impression data, allows them to evaluate performance.

I wish Carbon Ads would mimic more than just The Deck’s ad format (seriously, just look at that privacy policy). Don’t get me wrong, I love Carbon Ads. But I would prefer they take a stronger stance on privacy by only tracking the total number of ad impressions per month for each ad, like The Deck.

Of course advertisers will continue to point ads for their products and services to specific URLs to track performance, but I’m perfectly fine with that. What I’m not okay with is the “industry-standard” practice of tracking users across multiple websites with cookies. The Deck doesn’t do that and has still managed to build a very successful and continuously growing company. Everyone should follow their lead.