This is yet another example of why sending the Referrer header is insane. It's a massive privacy breach by design. Anything serious about protecting privacy needs to stop intentionally betraying the user's browsing path and simply remove the header from all HTTP requests.
Anything that functionally relies on a valid referrer is at best an unfortunate but necessary casualty. However, I suspect that far too often this is simply a way to obfuscate the usual tracking. If you tie your functionality to something designed to violate user privacy, don't be surprised if that functionality breaks when the privacy leak is finally fixed.
If you're using Firefox, the Smart Referer add-on strips out the HTTP Referer and the value of document.referer (in JavaScript) from cross-domain requests. It includes a default whitelist, and is customizable.
This extension is most effective if you also use an ad blocker (like uBlock Origin) and Firefox's first-party isolation feature, although Smart Referer will still help prevent tracking even if you don't.
You can also set this directly in about:config under network.http.sendRefererHeader:
0 = never send the header
1 = send the header only when clicking on links and similar elements
2 = (default) send on all requests (e.g. images, links, etc.)
If you want more granular control (like sending referrers but only the root of the domain) all of the various network.http.referer flags for Firefox are listed here:
I fail to see why sending the referer is a privacy concern. Following that logic, every datapoint is a privacy concern. From screen resolution to mouse movement, everything can be abused to build profiles. Referer headers have a host of valid usecases but if you are opposed any data being shared you'll probably dismiss all of them.
> Following that logic, every datapoint is a privacy concern
I think it's a reasonable login when we're talking about data points sent implicitly. In my ideal world the website just gets the resource identifier, and browser cares for the rest.
> I fail to see why sending the referer is a privacy concern.
From the article:
>> The Zeus platform monitors contextual data such as ... what URL they have used to arrive there ... The publisher will then match that data to its existing audience data pools ... to create assumptions on what that news user’s consumption intent will be. The technology uses machine learning to decipher the patterns.
They are explicitly stating they use Referrer-like data to track users.
> They are explicitly stating they use Referrer-like data to track users.
To me, "track user" means persistently ID one person. This sounds more like inferring anonymous interest, like inferring that someone arriving from ESPN.com might be interested in your sports section.
If that person comes back tomorrow from The Financial Times, you might infer that they are interested in the economy.
But without cookies, I don't see how you would recognize that visit as the same person as yesterday and integrate the sports and economy interests into a persistent profile. Each visit would be self-contained, which doesn't fit my definition of "tracking."
> But without cookies, I don't see how you would recognize that visit as the same person as yesterday and integrate the sports and economy interests into a persistent profile.
If you gather enough of that "anonymous" data, and particularly if you combine it with other data sets (as they claim they are intending to do), then it's not that hard to recognize individuals based on their usage patterns and metadata.
Going with that premise for the sake of argument: Nah, probably not.
But that premise is well-known to be in conflict with established reality. Identifying specific individuals from these sorts of data points is famously, disturbingly easy to do. People even do it just for fun, almost like it were an Advent of Code challenge. That's the reason why there will never be another Netflix Prize.
So that probably makes me part of a group composed of several hundreds of other visitors who exhibited the same behavior. I fail to see how that violates my privacy. You'd probably learn a lot more about me by watching me walk from my office to the parking lot.
>You'd probably learn a lot more about me by watching me walk from my office to the parking lot.
well I don't really expect the newspaper that I read to watch me walk from my place of work to the parking lot. In fact I don't want them to watch me at all because I don't expect newspapers to be in the surveillance business.
When I buy a newspaper at a store the guy behind the counter doesn't follow me three blocks to figure out how I drink my coffee at the coffeeshop, yet curiously enough this is how the internet works, everyhwere
> When I buy a newspaper at a store the guy behind the counter doesn't follow me three blocks to figure out how I drink my coffee at the coffeeshop, yet curiously enough this is how the internet works, everyhwere
But if you keep returning to the same news stand, he'll probably reach for the newspaper you like when he sees you coming. This is the equivalent of what the Washington Post does now. Not following you to the coffeeshop like the ad tech of today.
I don't object to a business or individual I interact with to getting to know my preferences better, that's inevitable and a good thing. What he doesn't do however is commodify my personal information and sell it to third parties and advertisement agencies so that they in turn can try to manipulate me and show me stuff I don't want, and I also suspect no newspaper vendor runs a high tech operation in the basement that, without my explicit knowledge runs some sort of panopticon like experiment on my personal data.
Do you know what I'd really like to see? A sort of frame in frame of what the algorithm sees that tracks me while reading a Wapo article, directly shown to the reader. It'd be interesting to see how people would react if they were aware of how exactly they're being followed around and analysed.
>What he doesn't do however is commodify my personal information and sell it to third parties and advertisement agencies so that they in turn can try to manipulate me and show me stuff I don't want, and I also suspect no newspaper vendor runs a high tech operation in the basement that, without my explicit knowledge runs some sort of panopticon like experiment on my personal data.
Where in the article do you see that WaPo does this? I was under the impression that this is WaPo-only data, collected by WaPo and used by WaPo. Too sell advertising space, yes. But that's because you're not paying them directly.
>Do you know what I'd really like to see? A sort of frame in frame of what the algorithm sees that tracks me while reading a Wapo article, directly shown to the reader. It'd be interesting to see how people would react if they were aware of how exactly they're being followed around and analysed.
I would love that too, but as long as it doesn't explicitly mention them by name I guess people don't care. Look at Facebook, here people never had any problem sharing really private information in exchange for free information and entertainment.
>"Anonymity in real life is much different than anonymity in the lab, and most people are content to be “one in a million” even if they cannot be “one in 6.7 billion.” In any data set, highly unique individuals (i.e. the outliers) may stand out, much like today’s celebrities do not enjoy the same level of anonymity as the average citizen. However, the fact that some individuals may be identified in a particular data set does not mean that any (or all) individuals may be identified in the data set."
If my site is getting hammered by visitors I would like to be able to easily discern if it's because I'm featured on HN's frontpage or if I'm victim of a DDOS attack.
A similar line of argumentation has been historically used to push every outrageous thing on innocent people since forever. You sell the "abuse" as defense for a shocking crime. Ok, you only said DDoS when the usual is terrorism and child abuse. But the bottom line is the same: I need to take something private from you to defend myself.
What would you think if all stores took every measurement they could about you without disclosing it and eventually justified it by saying "how else would I know you're not a thief"?
A referrer header is not an outrageous amount of information. It's the store-equivalent of asking "Where did you learn about us?" Taking it away would hurt smaller sites and do nothing against large companies and ad networks.
The store is asking, the site is not. And 99% of people are trained to click "Accept" after years of dark pattern abuse and they have very little understanding of what happens in the background. I hope you understand that my point isn't to bash a webmaster but rather bring in discussion the principle of the whole thing. Seems that everybody draws the line for what is acceptable in such a way that it perfectly covers their own needs.
I've seen people that insist that using facial recognition is not different from what humans are doing naturally, now done also with electronics. We can agree the implications are different.
You sell the "abuse" as defense for a shocking crime.
This works the other way around too. You use the abuse of non-personally identifiable information (by combining it with other data points, illegal without consent in the EU) to take useful data away from innocent webmasters.
> to take useful data away from innocent webmasters.
Webmasters who are collecting data about me or my machines (excluding the data about my direct use of their site) without my permission are not "innocent webmasters".
I'm surprised that in 2019 people (especially on HN) still believe/claim that users trying to hang on to their personal data "abuse" this to "take useful data away from innocent webmasters".
There are dozens of real life situations where covertly collecting such data would be considered completely unacceptable and yet my comment arguing this was still substantially downvoted.
But I guess my point is being in a technically literate community makes no difference when it comes to making a buck. Once one agrees to take a "not an outrageous amount" of private data for a bit of money, they'll agree to take an outrageous amount for outrageous money. And I think this is a perfectly accurate explanation for what FB, Google, [you name it] are doing.
Doesn't your argument work against encryption just the same? With such an argument aren't you actually punishing 99.9% of the internet population for what the 0.1% is doing?
But in general it's the only way to understand who's linking to you. Sure, not essential, but useful to see in general, especially when search engines could send it and you could see what keywords people used to find your site. If it were gone, as it is in many cases now due to https, people will adjust.
That's not exactly true. Referrer is only hidden if it's explicitly asked by using a meta tag:
<meta name="referrer" content="no-referrer" />
Or by using Referrer-Policy:
Referrer-Policy: no-referrer
The default behavior is no-referrer-when-downgrade. This means that referrers from https to http are hidden. But https > https is still visible. And with https adaption reaching saturation, referer headers are usually still sent.
Cross-origin sending of the Referer header can be disabled in Firefox with network.http.referer.XOriginPolicy, along with a variety of other Referer-related options [1]. I have it set to 1 (and XOriginTrimmingPolicy to 2) and haven’t experienced (m)any issues.
There are very goods reasons for the Referrer header to be used. If you see a lot of traffic going to a URL with a typo, you will want to know where that typo is. If someone hotlinks to a large file in your domain, you will want to know who it is and block it. Any alternative would be much more intrusive.
> you will want to know where that typo is ... you will want to know who it
I know you want to know those things. Find another way to handle those issues.
To be a "good reason", you need to show why your reason is worth paying the high price of betraying every user's browsing path to every server. Worrying about hotlinks and typos... "ain't the same fuckin' ballpark, it ain't the same league, it ain't even the same fuckin' sport".
> Any alternative would be much more intrusive.
Did you consider only serving that "large file" only when accompanied with a proper session cookie created when they loaded the HTML file? There are many solutions to those problems, including some that are sever-side-only.
I understand your concerns very well, but I have a different perspective. I don't modify my Referrer header. I want to let the websites I'm using where I came from. A referrer by itself is innocuous - only when you combine it with other nefarious techniques it wreaks havoc on users privacy. But on it's own, in an anonymous browser environment that I tend to use, it's actually quite useful.
It's not really "design"--the header name is even misspelled. This one always felt like, at the time in the early days of the web, it'd be interesting data to pass along. Since then, things like image hotlinking started to depend on it, and Google got better about hiding referrer data, so there wasn't the same motivation to fix it as implementing same-origin policy. If the web were invented today, yes, I doubt that this would be a thing.
It was how you did sessions before Cookies and JavaScript existed, and existed because it was a problem that needed solving. Converting forms to wizards and the first Internet shopping carts.
I agree. There are some add-ons that spoof/disable this header for you, but as you said, this breaks some sites. I agree, as a consumer, that website that rely on the header are out of luck with regards to my business, but at work I don't always have a choice with regards to which online tools we use. But white listing the things that break is a fine solution in that case.
I forge the referer as the root of the site, except in the case of news sites that allow referers from google news to bypass the paywall, in which case I always forge that. This very rarely breaks anything (one out of a million sites expect an external or specific referer.)
and I wanted to recall that google employees repeatedly removed chromium's project code to restrict or disable referrer headers.
I personally was involved in 3 distinct times. And after that gave up chromium and the lie of google-independence completely.
and so should you. If they tweak things to reach their profit goals, they will also do the same when any agency "asks" them to. it's a slippery slope, and they already crossed
Total online ad spend works out to about $1/person/day in the US.[0]
We have collectively sacrificed our privacy because we're collectively not willing to pay $1/day for what used to be called newspapers and magazines ($1/day is equivalent to subscribing to a daily paper or a couple magazines, as most people did in days of old). There is a cost to providing news. The industry made clear it preferred to sell subscriptions but consumers collectively said no I want free beer and laughed at newspapers and magazine publishers for being so stupid as to try to sell subscriptions. Having been told no I won't pay for subscriptions the industry was dragged forcibly from what was unquestionably its preferred subscription model into the ad tracking supported model we have today. All because costs people can see (subscriptions) are less palatable than far higher costs they can't see (ubiquitous tracking).
> we're collectively not willing to pay $1/day for what used to be called newspapers and magazines
> The industry made clear it preferred to sell subscriptions but consumers collectively said no
That's not how I see it.
People were happy to pay for cable TV and get no ads. But ... cable channels were all too happy to take that payment AND the money from ads. Magazines and newspapers aren't any different, and neither is the internet.
I would be happy to pay $1/day, even twice as much, to not be tracked. There is no one I can pay that to, and there never was; and if such a thing would have existed, they would still likely start tracking at some point, as happened with cable TV and ads.
That's not anywhere near enough. The guy who can pay is worth way more than the guy who can't pay. The $1 is the arithmetic mean but the distribution isn't uniform.
And the end result is that the people who are not willing to pay $1/day are subsidizing me, the person willing to pay much more - because the currency is ads and tracking — of which I opt out as much as I can through uBO, uMatrix and a variety of other tools.
>The industry made clear it preferred to sell subscriptions but consumers collectively said no I want free beer
I do want free beer, but the problem wasn't that consumers didn't want to pay for a subscription, it's that we don't want to pay for 300 subscriptions. If you try to pay for a subscription to every news website that deserves your money, you're paying a lot more than $1/day
Flattr (https://flattr.com) fried something similar, but unfortunately never took off really. The initial idea as I understand it (May have changed since) is you pay a set amount per month and tip articles you read. The amount tipped is the amount you pay per month divided by the number of people you tip. Therefore you never pay more than your subscription amount.
The idea of 9x extra hidden value lurking in the system is a nice concept but unlikely to be present. It's unlikely to be present on the advertiser side because if advertisers were actually reaping 10x the value of their digital ad costs, ad prices would rise significantly because advertisers would be willing to pay significantly more than they do today. The excess positive value is unlikely to be present on the consumer side because as already commented the consumer is reaping a huge net negative hidden value as a result of the ubiquitous tracking it drives.
Paying money to ad companies to not show you ads is a protection racket. I imagine if one of the larger players actually tried it they would get sued. And personally, supporting companies I would rather disappear isn't going to get much traction. It is a lot more than $1 a day per person who believes advertising is a requirement of a modern, functioning society.
I'm not paying $1 to every website I want to visit, that's way too much money. I happily give up some amount of my privacy to save myself the cost, especially considering the privacy I'm giving up is the kind of thing I'd tell a stranger readily.
It's not like WaPo is asking for my family's deep dark secrets...
All of this money and effort to create something that has never scientifically been proven to work: Super-targeted ads, instead of contextual ads.
The context is already there. Each article on a newspaper already provides the context.
What is the true purpose of this? The true purpose is psychological control and manipulation, as well as making additional money with the data beyond ads.
Psychological manipulation gives the ability to actually create demand. And this is what this is about, because that's the only way to actually increase revenue in a meaningful way.
If you can target a person everywhere on all channels, and all the time, you can do things that are not possible with simple contextual ads, and the profiles that are being created are for lots of different purposes, not for ads.
I wait for the day some newspaper actually does an in-depth investigative study into the level of manipulation that drives sales in ad-tech, because I suspect that the entire system feeds off low-educated and poor people, for example lower-class stressed-out people who struggle to lose weight and are prone to manipulative ads. This is the target audience that you can manipulate into spending 500$ instead of 50$.
> All of this money and effort to create something that has never scientifically been proven to work: Super-targeted ads, instead of contextual ads.
Have you worked in the field? Because I have, and I can tell you that ads targeting works. I've built some of these systems that people love to hate on HN. Hundreds of PhDs at Yahoo Labs, Google, FB etc have worked on this for decades and run thousands of A/B experiments. Are you saying that all these people are fraudulent / incompetent and that somehow the whole market cap of Google and FB combined (above 1 trillion dollars) is just a complete fraud?
Contextual advertising works, but much less than behavioral targeting. Anyone who has seen and worked on the data knows that.
Knowing that you just visited Best Buy website 10 minutes ago and searched for a camera is _much_ more relevant to figure out which ad to show you on nytimes.com right now than the content of the article you're reading on nytimes.com
Speaking as a PhD, I can assure you that just because PhDs research ways to make a thing work does not mean it does. Nor are they, or those hiring them, immune to presenting their results in the most optimistic possible way.
I am personally acquainted with several active fields that have been trying to make things work for 20+ years with very moderate success. They present their results which amount to "barely better than nothing" in order to keep funded. They also make the same arguments you do, "it stands to reason that it should work", to keep the money flowing.
There is the drug industry, which is chock full of new drugs that are barely better than placebo or generics, if they are at all. The results are hyped because it keeps the cash flowing. It would not be entirely true, but nor would it be too far off the mark, to say that almost the entire drug industry is based on fraud and exaggeration. And that industry is far more transparent WRT data and superficially altruistic than the advertising industry. This example is perfectly parallel because no one denies advertising works, just like no one denies antibiotics work, but the difference between new and old drugs, just like new and old advertising methods, seems to be greatly exaggerated.
Google built its entire empire based on contextual advertising, not behavioral targeting. With Facebook you may have an argument, but Facebook has a very special dataset not available anywhere else, and I would also add that Facebook makes the same amount of money whether behavioral targeting really works, or if they've just convinced their advertisers that it does.
I am neutral on the subject of whether it works because I have never looked into it, but "lots of self-interested people say that it does" is not convincing, and the fact that such an argument is so frequently made makes me think there is no actual proof.
> Google built its entire empire based on contextual advertising, not behavioral targeting.
True. But why do you think Google goes to a great length to track you all over the web? They literally have thousands of engineers doing just that. If there was 0 value for Google in behavioral targeting, and given their monopoly on search and the great value contextual advertising already brings for search, they surely wouldn't bother with tracking.
Assuming that behavioral targeting does not work, which I do not know, several possible reasons:
1. They started tracking when behavioral targeting seemed like a reasonable hypothesis, and keep doing it now to build a dataset in case it might work in the future.
2. Google does lots of things that are speculative and generate no revenue, and the general attitude in the industry is "why not collect all data we can because storage is cheap in case we can somehow use or sell it later". If we applied your overall logic to every part of Google, they would probably have 500 employees.
3. If Google can persuade advertisers that it works, they still make more money from them even if Google knows that it does not. Thus BT can generate value for Google without generating any for advertisers.
4. If everyone else in the industry also makes these claims about behavioral targeting working, any company not claiming to do it too would be at a competitive disadvantage.
Also, it is possible that BT "works", say, 1% better than CA. In that case it technically "works and generates value" but most reasonable people would say in that case that it does not justify the privacy tradeoffs or general hype.
Google built their empire on contextual advertising, but it's not the only kind of advertising they do these days.
Also, Google's revenue isn't necessarily derived from what ads provide the highest ROI; it's derived from what ads people want to buy. Regardless of what anyone at Google thinks about contextual vs. behavioral ads, it's in Google's interest to go nuts with behavioral ads simply so that they aren't letting all the other adtech companies keep all the behavioral ad spend uncontested.
> But why do you think Google goes to a great length to track you all over the web? They literally have thousands of engineers doing just that.
As far as I understand even as the British empire became smaller the number of people employed to oversee the colonies went up.
Bureacracy will find a way to generate work for itself and it would be a shame to have all those data scientist wasting their time on fixing actual problems instead of making reports about how smart the current system is ;-)
> Knowing that you just visited Best Buy website 10 minutes ago and searched for a camera is _much_ more relevant to figure out which ad to show you on nytimes.com right now than the content of the article you're reading on nytimes.com
The concern here is that you're just selling a camera that they were already going to buy. So the ad agency wins, Best Buy _thinks_ they win because they register a conversion, but you didn't actually create any value.
In my experience when the PhDs say "this doesn't work," the PMs say "that's fine, because we still get to say we have machine learning [insert other buzzword] and the customer thinks it's delivering value."
> Contextual advertising works, but much less than behavioral targeting. Anyone who has seen and worked on the data knows that.
I admit this is possible, and my gut feeling is that properly implemented targetted ads should be immensely effective, but theory isn't implementation, and I'm taking your word on it either way.
Driving the user back to BestBuy.com to convert into a concrete sale seems much more valuable than "well, they searched for cameras so they might come back one day and pull the trigger. Fingers crossed!"
Why wouldn't Best Buy pay for that?
I search things on Amazon all the time without checking out. Those aren't locked in as eventual purchases at all. There are even things in my Amazon cart as we speak that I probably won't buy. I'm often a mere teeter from pulling the trigger. Coming home drunk or being reminded at the right moment sometimes push me over the edge.
There's obvious value in giving me the right shove.
> The concern here is that you're just selling a camera that they were already going to buy. So the ad agency wins, Best Buy _thinks_ they win because they register a conversion, but you didn't actually create any value.
I agree. The industry is (too slowly) moving towards measuring the actual causal effect of ads to remove the correlation/causation leap that has unfortunately been the norm. But it's much harder to implement given the very fragmented ecosystem, and big players in a monopolistic situation at this point have little incentive to do so.
In reality, it's not uncommon for the causal ad effect to be 10x smaller than the claimed correlational effect.
> The concern here is that you're just selling a camera that they were already going to buy.
Are you sure of that? Why would he not buy it on Amazon instead of Best Buy? Why would he choose that Sony camera instead of that Nikon ones?
Ads made him choose that model, at that price, at this specific shop. All theses variables could have changed and he would have still bought a camera, but nothing guarantee that theses variables would have been the same and Best Buy wouldn't have that sale.
Best Buy did win, because someone else didn't.
That's all considering he was already going to buy that camera and it wasn't a poor impulsive choice, which sadly happens too often in this world.
I mean, building a panopticon to show me things I've already looked at may be effective but it seems like it's not the most worthwhile use of hundreds of PhDs for several decades? I also appreciate how Google continues to pay to show me Pixel 3A adds days after I purchased it.
Perhaps the advertisements you see after a purchase are intentionally delivered. Maybe testing has found a consumer is more likely to value and keep (vs return) a purchase, or recommend it to their friends, when related ads continue to be served for $time.
I don't work in the field. I think part of the reason why my perspective diverges from yours is probably that your profession is extremely intransparent about what actually happens behind the curtain. Obviously people will speculate and err on the side of caution.
I should probably clarify that I did not mean to say that it doesn't work. What I meant is that it doesn't really work out for the publishers. The parties who profit are just first and foremost the platforms, then come the advertisers, and the publishers come last.
That explains the 1 trillion market cap. And also why Criteo didn't lose money after Apple blocked them from following their users.
I wonder if you can provide me to a study about the difference between Apple/Safari users and Google/Chrome users when it comes to advertising effectiveness, because since Safari users can not be tracked, that means according to your statement the revenue from Safari users would be way less.
What's the case for building these kinds of systems in 2019? I would love to hear your perceptive on this.
If I were to play devil's advocate to this article, (and this isn't necessarily my perspective) I would say that FB/Google have already carved up the ad market, and even their businesses are under pressure from native ads on Amazon.com, which is where a huge portion of e-commerce takes place.
The twist though is that this is the Washington Post we're talking about, so this plan may have benefited from the business mind of Jeff Bezos himself who knows these businesses very well.
> What's the case for building these kinds of systems in 2019? I would love to hear your perceptive on this.
The business case has become very tenuous at this point. Because of the dominance of Google and FB + the increased pressure from regulators on privacy, most third party companies are getting crushed. GDPR increased the market position of Google which also gives them less incentive to do behavioral targeting as it's legally riskier, and they don't need it to beat the competition on ad spend as they control publishers inventory. So they'll probably push more in the direction of AMP and controlling content.
What I expect in the coming decade is a regression to "the old world" of TV advertising: ads are going to become spammier and spammier as it's going to become increasingly difficult to collect and use data to make them relevant. And big players won't have an incentive to do so because they'll control content even more.
>Are you saying that all these people are fraudulent / incompetent
This sound vaguely like an appeal to authority - or perhaps I'm not using the correct phrasing, but the underlying logic of "X number of scientists can't be wrong" isn't a good look. While I hate when people say things like "evolution is just a theory", it's not a good idea to use # of scientists who hold a view as a proxy for if it's valid if the idea is much less tested than things like evolution or climate change.
Well the original claim was extremely grand. I was trying to bring some nuance to the typical HN comment on ads which usually goes along the lines of "oh I saw a terrible ad yesterday, Google is so dumb and evil and ads don't work based on my own anecdote".
What I'm saying is that maybe it's not unreasonable to believe that some of the most successful tech companies of these last decades didn't completely build their empires on sand and that maybe what they sell is not 100% BS.
> Knowing that you just visited Best Buy website 10 minutes ago and searched for a camera is _much_ more relevant to figure out which ad to show you on nytimes.com right now than the content of the article you're reading on nytimes.com
This sounds reasonable. But there is quite a way from that to the current implementation which seems to be along the lines of:
if(male) {
showDumbDatingSiteAds();
}
It doesn't take very many PhDs to come up with that, does it?
> Contextual advertising works, but much less than behavioral targeting.
There is credible evidence on both sides of this particular debate. But to me, that's not a relevant issue. The issue is what is right vs what is wrong, and behavioral targeting is just wrong.
> Are you saying that all these people are fraudulent / incompetent and that somehow the whole market cap of Google and FB combined (above 1 trillion dollars) is just a complete fraud?
TLDR: despite your models the result I see as a male in Norway are ridiculous and laughable.
Longer version: All I can say is that the last 10 or so years the ads I have gotten have served no other cause than to make me despise the advertisers and distrust any claim about working AI.
Maybe I'm extremely unusual, but I would think this
- pushing mostly crappy dating site ads
- for 10+ years
- to a married man
- who is generally very happy
- and has small children
- while not pushing ads for major infosec events
- and not for family holidays
can hardly be considered very smart unless you are paid handsomely to show those ads regardless of if they work or not, especially as I've repeatingly clicked x -> not interested -> irrelevant.
Seing how Google is botching search accuracy, Google+, Reader etc etc I feel I have good reason to think the company in sum is a lot dumber than the people who work there.
And yes, I think so highly of most men in my exact position that thet won't fall for the crap I've seen.
And, based on my talking with others it seems not to be a fluke: if you are man this seems to be their best (and often their only) idea of what ads might be useful.
Or maybe it works on enough other men to pay off.
But personally I've now concluded that my best explanation is that Google is dumb or deliverately fleecing their advertisers.
PS: Facebook ads have been somewhat better for me. I actually bought something from one once.
It’s proven to work in the area where it matters: convincing people to buy ads. Marketeers pay more for showing ads to targeted audiences than for showing them to random audiences. The Washington Post doesn’t care if you buy the toothpaste that is in the ad on their page.
Marketers care about performance. Targeting allows for higher performance. If I ran a baby product company, I want to target people with babies or who are expecting.
The open secret there is that it's infeasible to accurately measure ad performance, and embarrassingly easy to come up with metrics that would make basically any ad campaign look like a success without looking suspect to anyone but a trained statistician.
Which will work out just fine, so long as your advertising client isn't someone like RStudio.
Yup. There's no reason to expect that an industry whose sole specialty is being manipulative and dishonest to behave virtuously when dealing within the industry. Adtech companies compete against each other too.
That's about the only gimme, and it'll only cover a portion of the hypothetical payoff for the ad - some other, potentially larger, number of people never click, but do remember and come back later. Or if you're trying to sell things in meatspace, it's really hard to ever be able to say, "More people came to our store because we ran an ad."
If you do get enough profit from directly traceable conversions to cover the campaign, yeah, that's a gimme - you may not know your actual ROI, but you do know that its lowest possible value is still positive. That said, I don't work in adtech, so I don't really have any way of knowing how common that is.
> number of people never click, but do remember and come back later
For major brands they may remember.
Otherwise I think it is reasonable to assume that clicking on ad is most established way for user to check product. Once user navigated to website, he can be reliably tracked by site owner.
Possibly. But, at the same time, "it is reasonable to assume" is the epitaph carved into the gravestone under which economics's credibility got buried alive.
I'd feel better assuming that question's answer is simply unknown until a few different people have performed a few different field experiments.
For my part, for example, I pretty much never click on ads, because they typically get shown to me at a time when I'm already busy doing something else. But, if I later perceive a need to buy a product of that kind, there's a decent chance I'll remember the name, and therefore be more likely to Google them or take a closer look when I see them mentioned on Wirecutter. I have no idea how typical I am on that front, but, tangentially, I do at least suspect that, if clicks were really the end-all-be-all of hawking product, then there wouldn't be quite so many billboards by the side of the highway.
> I'd feel better assuming that question's answer is simply unknown until a few different people have performed a few different field experiments.
there is whole industry of such people, and they vote by investing dollars into specific type of advertisement, which is reflected in Facebook and Google revenues growth.
> likely to Google
This is another channel of how dots can be connected.
Correlation != causation. The parent wasn't discussing internal metrics, but rather establishing a cause-effect relationship between the targeted ad and your conversion.
It’s always hilarious to look at ads and try to figure out why they think I’m the right audience for them.
Facebook keeps showing me ads for a cup with a hidden compartment for alcohol in the lid, and for various gun safes. Apparently they’ve decided I’m an alcoholic who attends a lot of festivals, and a gun owner. Neither one is remotely correct.
The other day a different site showed me an ad for a capsule containing a 360° panoramic camera that a proctologist can use to inspect people’s digestive tracts. I’m not any sort of doctor.
It would be one thing if all this abusive technology was used to show me relevant stuff. But they do all this nonsense and end up showing me ads for butt cameras?!
Facebook will always show you an ad. First the system tries to select a relevant ad with the highest predicted income ($$$) for FB winning the auction for your screenspace (the placement). If FB can't find a perfectly relevant ad the algorithm will choose a less relevant ad, But it will always show you an ad.
The thing is FB does not select a relevant ad from all available ads on FB, but only from a subset of ads matching a certain targeting setting that in turn matches your profile or interest. And this targeting setting is set by the uploader of the ad. And in some cases advertisers select a targeting that does not make any sense at all. (They target you by error.)
Does the placement algorithm like to show you a non relevant ad? Most likely not because on average it yields less money for FB. It could be that FB does not have much information on your interests or your privacy settings disallow using this information and the algorithm does not know what is relevant to you. And/Or the advertiser had a very high bid for the placement and the placement algorithm decided a less relevant ad with a high bid yields more money than a more relevant ad with a low bid.
(This is often the case if the advertiser decided to pay per ad-view and not per ad-click. Pay-per-click ads only yield money to FB if they are relevant, because users don't click on non relevant ads. Per-per-view ads always yield money for FB.)
But in the end it's not facebook who is to blame. It's the advertiser setting up stupid targeting and placement bids. (I once burned through 10000€ in one minute because of an erroneous targeting setting while showing the right advertisement to the wrong people...)
Most ads are not that targeted. That's a fallacy that seems to come up on HN but the reality is that most ads you see are generic large buys across very wide populations. Targeting costs more and the increased acquisition costs don't always pay off for every product. Also most ad systems will always fallback to show you an ad no matter how lacking the targeting is, because a filled ad slot is better than an empty one.
It doesn’t much matter to me whether it’s badly targeted or untargeted. At the end of the day the result is the same: they pour all this effort into abusive tracking and then it doesn’t even achieve the result that’s supposed to be the reason they do it.
I'm surprised Facebook's showing irrelevant ads to you. The few times I have to use Facebook the ads are so relevant that it is downright creepy. They are known for buying people purchase history from credit card company, but they are still stuff I have not figured out how they made the connection, for example, I get ads for very specific product that family members with a different last name and who don't have facebook, bought recently.
It gets really spooky when you start getting ads for something that was mentioned a couple times in Messenger. Wouldn't be surprised if they are scraping DMs now, too.
Each article on a newspaper
already provides the context.
What is the true purpose of this?
I'm no ad lover, but I can't imagine stories like "Care worker found guilty of murdering 13-year-old girl" and "Foreign oil tanker seized in Gulf, state TV reports" really lend themselves to contextual ads?
Dead-tree newspapers and TV networks, and the companies who bought ads in them, made plenty of money without any invasive ad-targeting. Just like many companies today make plenty of money without child labor and sweatshops. Everyone uses them when they're allowed at all because of the race to the bottom, but that doesn't mean no one can function without them.
People reading an article about a tragedy are no more likely to be interested in background check services than the population as whole. That's useless targeting, it's not even targeting.
How many fancy globes and maps do you think are sold? Enough to fund all of the geopolitical news being reported?
People reading an article about a tragedy are no more likely to be interested in background check services than the population as whole.
Are you sure about that? New mother, wondering where she is going to find a babysitter, wouldn't feel an increased pressure to think about security cameras and background checks after seeing something like that? I can't speak for all of them, of course, but of the few I've known such things become topics of neighborhood conversation. Perhaps you have better data.
I suspect parents are a particularly juicy target. Being a fresh parent myself, I've already noticed I have much different emotional reactions to news reports and even movie scenes involving safety of children.
I totally buy that in the above murder example, an ad for security cameras would be very effective.
I agree with dhimes that targeting people reading about a tragedy would actually work quite well. Certain people read about those kinds of things, and those people are definitely more susceptible to buying certain products. If you're worried about something happening to your child, a security camera advertised within the context of such an article would be great targeting. Remember, even the best ad targeting right now only gives a certain edge over showing random ads. It's not like you need 100% of people that read the article to purchase the product.
And there are plenty of geopolitics books sold, and usually at a high price point, too. Someone commented elsewhere in the thread that $1/person/day is total online ad spend in America, so the bar isn't too high.
Furthermore, I'm responding to someone who was thinking of the _worst possible headlines_ for selling related ads. There are plenty that lend themselves better to ads: "new national park in [place near you]" could have ads for tons of very high value products... I just checked RV rentals, and even a fairly small and old RV went for $300+/night near a national park. Tack on some fees and a family could easily spend $2500, of which a large amount is profit (I imagine) with a small/old RV like that. Perhaps it has another ad too, to catch those interested in ultralight backpacking, people in that community can spend $500+ on one single piece of gear easy. And a third ad, to catch everyone else not interested by the above - an ad for a general camping/wilderness/hunting goods store.
The more I think about it, the more I'm sold that it's actually a great idea.
I'm not sure what ad network they use, but the ads on https://www.zerohedge.com/ seem to be a good example of a "financial apocalyptic paranoia" targeting.
Exactly, fear is a good motivator. In our community mailing list every time there is an earthquake somewhere in CA, emails start flying about earthquake insurance.
In the above case, a crime is a good motivator for people to start looking into protection and crime prevention options.
So, yes, I think there is some real value in exploring context as the Ad driver.
You don't sell the subject matter. You sell the emotions it expects to generate in the reader. You put the ads designed to be attractive to the person feeling anxious or outraged or amused next to the article that is expected to engender anxiety, outrage or laughs. Fear and anxiety are great ways to shift crappy products. Pepper spray, tasers, alarm systems, funeral planning services would all benefit from your murder story obviously. Financial products for your oil tanker less obviously (specter of war creates worry about finance and movement of capital to 'safe' investments like gold)
Technically the journalists should have editorial independence and a firewall between them and marketing. So they could in theory investigate their own paper's revenue stream.
Although in this case they wouldn't have to frame it in such stark terms because ad tech is widely used.
“Stuck” may not be the best word for a profitable journalism company that ensures its readers that they aren’t being tracked nor individually manipulated.
Are there any digital news outfits that don’t subject their paying readers to unethical (IMHO) advertising?
Even with the BBC though there are conflicts of interest.
For example, when the BBC introduced compulsory logins for its iPlayer service so that it could, amongst other things, form political profiles on users just in case viewers decided to be in the audience of it's political shows such as Question Time.
I distinctly remember hearing the BBC News team interviewing the BBC's own staff and coming to the consensus with themselves that they were "striking the right balance".
There were no descenting voices on the programme and discussion about why creating political profiles for people might be a bad thing.
Radio 4's 'Feedback' [1] bills itself as "The programme that holds the BBC to account on behalf of the radio audience" and frequently interviews BBC employees.
Obviously there are fraught incentives from them paying for their own criticism. Not sure cancelling the program would improve the situation though.
> All of this money and effort to create something that has never scientifically been proven to work: Super-targeted ads, instead of contextual ads.
Oh, it works to some extent. Trust me, advertisers and ad networks look at this stuff very, very closely. They have the data. I know only rough numbers, but a.) the difference is surprisingly small, yet b.) big enough that they can't just stop.
I'm not sure what scientific bar of proof you would need to see passed, but Google stalks users and targets them because it makes them more money. The ads perform better. Their systems fall back on context, when they can't do the more lucrative stalking.
I think it's a downward spiral, it only works because each player is forced to play along due to fundamentals of game theory.
So what we are seeing is that the methods become more ruthless every day, but everyone needs to conform, and it's a race to the bottom.
The end result is spending-fatigue and numbness in response to normal ads that are not hyper-addictive.
I also think it does not really pay off for publishers. It only really pays off for the middle men and those players who sell unethical products aimed at manipulation.
Contextual ads work fine for some things (printer ads for "printers" searches and reviews), but for things that aren't e-commerce, context is much less interesting, and it's more effective to show a retargeted ad for printers on a news article on the latest laser research than an ad for laser pointers.
I have a pretty hard time believing it contextual ads works just as well as targeted ads because the ONLY time an ads ever worked for me, was because it was targeted.
When the netbook trends started, I was interested in buying one. I made a few research on the subject but once done, that was it. A few days later, I got a Best Buy ads about the exact netbook I searched about and the price was great and I bought it.
It wouldn't have happened if it was contextual. Sure it may have happened that later on I would have got an ads of that netbook on a technology website, but it would have been one out of thousands.
People keep doing re-marketing campaigns. Theses have to provide a better return than normal advertising or else why would you do the effort? That show right there that targeting works.
You mean like the petabytes of data generated every day by 2 of the biggest companies on the planet? Did you just make up this claim?
The industry is not dumb, its more politics and technical wars that lead to bad experiences than anything else. There's a balance between detailed targeting and context, with the major problem in the former being data quality and identification. This is why Facebook can do a great job when you're logged in, but a generic ad network will suffer with crummy ads.
You don't notice the good ads, only the bad ones, so you're skewed into thinking they never work even though that's far from the truth.
From the article, better contextual targeting appears to be the goal of WaPo's project:
> The Zeus platform monitors contextual data such as what article a person is reading or watching, what position they have scrolled to on a page, what URL they have used to arrive there and what they’re clicking on. The publisher will then match that data to its existing audience data pools, which it has accumulated over the last four years, to create assumptions on what that news user’s consumption intent will be. The technology uses machine learning to decipher the patterns.
> Each article on a newspaper already provides the context
That doesn't work when the articles are optimized for creating fear and panic to drive "engagement". In the best case, it would look like they're trying to tastelessly profit from the problem - eg an ad for Suboxone.
Psychological manipulation does not require persistent personalized targeting, it just helps. Base consumerism is driven by contrasting a horrible hyperreality with stability/escape - the context of the ad must be different from the context of the story.
> All of this money and effort to create something that has never scientifically been proven to work
There are parts of the online ads business that are very scientific. They run A/B tests to figure out what will make them the most money, and they're very good at it. Amazon, for example: say you look at a blender there and don't buy it. Amazon has cookied you, and can then target that cookie on other websites, showing you pictures of the blender trying to get you to come back and complete your purchase. They have very good metrics showing how much they should pay for these remarketing ads, and they make a lot of money from it.
> Each article on a newspaper already provides the context.
The article you're reading does give some information. There are a few kinds of articles that people are especially likely to read before spending money ("what kind of phone should I buy", "which credit card should I get", "what do I do if I've been diagnosed with mesothelioma") and ads on those pages are worth a lot. But if you look over the front page of the Washington Post ("Opioid death rates soared in areas where pain pills flowed", "At rally, crowd responds to Trump’s criticism of Rep. Omar with chants of ‘Send her back!’", "House votes to kill impeachment resolution", "This German city had few foreigners. Then refugees changed it in some surprising ways") or any other general interest publication you'll see that most articles are targeted at, and going to be read by, a very wide range of people.
Aren't A/B tests super short-term and specific to single advertisers? In the end the money in the system is limited, and if one competitor achieves a high level of revenue via A/B testing, someone else probably loses that amount of money.
I wonder whether Ad-tech has seen a reduction in revenue after Apple introduced Intelligent Tracking Protection, as these users can not be tracked via cookies.
This source claims there was no significant dip for Criteo for example:
The conspiracy theorist in me suspects that they only introduced cookie blocking after they were sure that other fingerprinting methods were reliable enough that they didn't need cookies anymore. They can pretend like they're "doing something" when blocking cookies in and of itself is another variable they can use to fingerprint you.
I read a number of martech and marketing sites (because it's good to know your enemy), and the discussions there strongly indicate that this isn't the case.
They've been spending quite a long time freaking out about the impending death of the cookie, and talking about ways to mitigate that.
> Aren't A/B tests super short-term and specific to single advertisers?
They don't have to be short term. I currently have an A/B test I'm watching that I've been running for over a year, and other people I work with have some that have been running even longer. The reason to run a test long term, though, is either (a) you think the world might change such that your results won't remain valid or (b) you think a short-term measurement isn't a good estimate because of user learning. I'm not sure why you think a short-term measurement would be a problem in this case: a short experiment where an advertiser switched from personalized to pure contextual ads would lose a lot of money, and I don't see why you would expect that amount of money to decrease over time.
> In the end the money in the system is limited, and if one competitor achieves a high level of revenue via A/B testing, someone else probably loses that amount of money.
It's not zero sum, not at all! Let's say you sell board games. You advertise on board game review sites, but there's not that much traffic there because most people who buy board games spend most of their time on unrelated sites. If you figure out a new way to identify people likely to buy games and start advertising to just them you bid up the cost of advertising to those users, and displace, say, low-value belly fat ads. What happens? You start bringing in a lot more money, because you're selling more games. Some of that money goes to the sites you're advertising on, which now make more money because someone has figured out how to better advertise to their audience. And the belly fat advertiser makes less money, because the pool of ad space no one wants for anything has dropped slightly. But the amount of money they're losing is much less than the amount you and the site owners are gaining, because people are buying more board games.
> I wonder whether Ad-tech has seen a reduction in revenue after Apple introduced Intelligent Tracking Protection, as these users can not be tracked via cookies. This source claims there was no significant dip for Criteo for example.
I would guess Criteo isn't losing money because they've switched to tracking users via other means. They were caught [1] using HSTS supercookies, which led browser makers to remove HSTS as a tracking vector [2], and I suspect they've moved on to other methods. But (a) it's hard to tell externally since so much fingerprinting can be done passively and (b) I work for a Criteo competitor so I'm probably biased to think poorly of them.
Showing me the products like that are so annoying, because google doesn't know I purchased them elsewhere and keeps showing them forever.
Please, after a reasonable time try to show me things people who have brought X typically buy after 2 weeks. As an example I would have paid for a curtain service to my new appartment, but google kept pushing (bad, paid) apartment search sites at me.
I now google products only in incongnito mode, since it get so annoyed by this behaviour.
Facebook decided initially that as I was single I must be interested in paid dating sites (even though, statistically I would be better of with a site with a larger audience), so please don't take this as an attack on Google, but as an attack on limited machine learning.
>I wait for the day some newspaper actually does an in-depth investigative study into the level of manipulation that drives sales in ad-tech, because I suspect that the entire system feeds off low-educated and poor people, for example lower-class stressed-out people who struggle to lose weight and are prone to manipulative ads. This is the target audience that you can manipulate into spending 500$ instead of 50$.
> The context is already there. Each article on a newspaper already provides the context.
While that's true, I'd imagine the vast majority of articles aren't all that useful to sell against. What ads do you put next to "Trump racist tweet controversy"? Flights to Canada, perhaps...
Trump tweets are clickbait and generate outrage. You just need an targeted to people in that mood. And probably a much better return per click than selling ads targeted to people who have been searching for health cover, because they are already in the comparison stage or are no longer in the market, where as the clickbait ad targeted at people pissed off at the government gets to make some first impressions.
YouTube is targeting me with hyper-manipulative ads. I had one that was a five minute explanation about What Racism Really Is and another was about how European Socialism Doesn't Work. Neither of which had anything at all to do with the videos I was watching.
Political organizations are paying YouTube to target you with manipulative ads. Maybe that's splitting hairs but we might as well be precise about who has what role.
Things I would never have imagined a big old newspaper having their IT team whip up:
> The Zeus platform monitors contextual data such as what article a person is reading or watching, what position they have scrolled to on a page, what URL they have used to arrive there and what they’re clicking on. The publisher will then match that data to its existing audience data pools, which it has accumulated over the last four years, to create assumptions on what that news user’s consumption intent will be. The technology uses machine learning to decipher the patterns.
For me it works like this: the default is disabled. When something doesn't work (actually The Washington Post works great, much better than with JS on), I esitmate the tradeoffs: if it's a really useful website with JS functionality that is actually useful to me (say, with JS doing the math notation rendering or an app I badly need), I enable JS. Otherwise, why bother?
JS is like ads used to be: first they put it everywhere, then you get fed up and just switch it off.
Do you block all JS, including 1st party and inline scripts, or only 3rd party scripts and resources?
I've used uBlock Origin to block all 3rd party scripts and frames for a while, but I'm seriously considering going full default-deny all scripts and other active content.
I default deny all, then selectively enable scripts to add missing functionality. It can be a pain to get Gawker sites to work, but the vast majority work perfectly after enabling first party scripts and maybe cloudfront.
I'd suggest a selective scriprlt blocker like umatrix (my recommendation) or noscript. Do note you will have to invest some time toggling & refreshing on some of the more complex sites until you figure out whatever web of cdns and auxiliary scripts is used to run their stuff
Not the GP, but I block all scripts by default with NoScript, then selectively enable them, starting with the first-party scripts. I've learned to identify likely tracking domains and have memorized several of the more widespread ones, so over time this technique has proven effective.
It should be noted that the so-called "cookie law" is about more than just cookies. It's about all user data and who can access it and for what reason.
If this more tightly controls who user data is given to then that is a big improvement. If it's just trying to find technical loopholes in the law... well EU law tends to take a dim view of that.
No, which is why years ago I developed the habit of not clicking links, but copying them and pasting them into a new browser instance. That also gives me the opportunity to delete the tracking parameters that are added to a lot of links.
If they don't see a referer, then they can assume that you typed in the URL or bookmarked the page.
That could signal higher intent than someone clicking a random clickbait link to your site.
Other events could prevent the referer from being sent too, but you can filter some of those out using other tracking methods and looking at user behavior.
WashingtonPost has been ahead of the curve on this for a while. Here is my anecdotal experience with their tracking.
WashingtonPost allows a non subscriber to view a few articles per month and if you went over the limit it would require a login. I had been able to circumvent that by clearing out my cache, cookies and local storage or using the anonymous mode. But now that does not work anymore.
I am able to work around this by disabling javascript. Your move WashingtonPost!
Could Firefox's containers be extended, and include an option to resist fingerprinting?
This would limit the information sent by the browser (maybe run everything in a lightweight VM with standardized performance, feature and settings), including the referrer used to open the containerized tab (which might be done already).
The VM sounds complicated, but we already have qemu running in browsers. Reduce the timing granularity, randomize I/O slots, and lie about the RTC, and fingerprinting becomes much harder, unless I am missing something?
Side note: I am against fingerprinting me across websites as an individual, but I am perfectly OK with fingerprinting me about my interests, provided everything is done in a stateless manner: if I spent more time on the technical section, which 80% people skimmed over, maybe offer me more technical articles at the bottom?
But please, do not keep information about me. Tracking would be illegal under the GDPR provisions anyway, AFAIK, cookies or not.
Firefox has privacy.resistFingerprinting which takes a variety of steps to, well, resist fingerprinting. The functionality was ported from Tor Browser. However, some aspects may be frustrating to the user (set window dimensions, no zoom-level memory, etc.).
There are, of course, many other privacy-related configs in Firefox. Relevant to the Referer header is settings under network.http.referer.* (see https://wiki.mozilla.org/Security/Referrer).
If I understand it correctly, this is what tor browser does, in addition to using the tor network itself to as-close-to-anonymize you. Tor browser has warnings that encourage you to not-resize your browser because that could be used as fingerprinting data.
Well, I was thinking about enabling those on specific domains only (leveraging the container feature).
An interesting (research) approach would be to taint the data that can be used as fingerprinting, and forbid its exfiltration, perhaps with different levels of aggressiveness.
Example: a webGL game requires my wwindow width, GPU capabilities, etc? fine. But now, the thread that has this data cannot send anything to the other threads.
It would require some adjustments, and tightening the side-channels (making available download bandwidth/timings/etc more granular, for once). I do not expect it to be completely fingerprinting-resistant, but it would go a long way.
Once they have better tracking, wonder if they would use it to manipulate news items on a per-customer basis. That is show one news item to this person but not to that person. Or maybe change the tone or phrasing in the articles.
> The Post plans to license the Zeus platform to publishers both domestically and internationally
It is for ads, and newspapers adjust their content for different regions. But I wonder if they intend to do what they do for ads for news stories. They may choose to hide some, bring some to the top or even reword them. So if I go to WaPo's front page, I'll see different "news" than what my co-worker next to me sees.
> and reaches a combined 750 million unique users globally, according to the publisher. The theory is that in doing so, publishers can compete more effectively with the scale and data-targeting opportunities provided by Facebook and Google.
I’m surprised WaPo isn’t trying something simpler and more disruptive: making a point of selling non-targeted ads. Targeted ads may be somewhat effective at selling a specific product, but they’re creepy and they don’t help build a brand. Non-targeted ads are not creepy and signal that a brand is legitimate.
Of course, it’s much harder to apply metrics to this type of ad, since conversions aren’t the point.
Daringfireball.net does this kind of non-targeted advertising. I would love to see a major publisher (other than TV) try it.
I'll not say it would be impossible to run a general news website this way, but Gruber's website is basically pre-targeted already. Advertisers know pretty much exactly what they're getting with his audience - affluent, tech-focused Apple-aficionados with disposable income. It works great for him and his advertisers, but isn't a generalizable example.
If I understand what they're proposing, this is a method of ad targeting that I don't actually object to. It doesn't involve spying on me, identifying me, or tracking me (either on or off the internet).
It's closer to, but not completely, how ad targeting should be done -- based on the context the ad appears in rather than trying to figure out my own personal characteristics.
I admire steps taken to improve the privacy of ad-supported media ecosystems, so this effort by WaPo should be applauded on it's own. Their results, taken along with NYT's switch back to content-only ads in the EU [1] might help spread the word that all the creepy ad-tech isn't even necessary or beneficial!
That said, I'd like to make a simple request of media outlets... Please build a rate plan which provides all of the benefits of subscription, adds the expected profit from advertising, and then let me buy it to experience your content ad- and tracking-free. Please!
In 2018, it made $202MM in revenue from digital display advertising. [1] Averaged across an annual reader base of 125MM worldwide, or 91MM in the U.S. alone [2], that averages out to just $1.62 or $2.22 per customer. Let us pay it to opt-out! Where is the harm?
> what URL they have used to arrive there
This is yet another example of why sending the Referrer header is insane. It's a massive privacy breach by design. Anything serious about protecting privacy needs to stop intentionally betraying the user's browsing path and simply remove the header from all HTTP requests.
Anything that functionally relies on a valid referrer is at best an unfortunate but necessary casualty. However, I suspect that far too often this is simply a way to obfuscate the usual tracking. If you tie your functionality to something designed to violate user privacy, don't be surprised if that functionality breaks when the privacy leak is finally fixed.
If you're using Firefox, the Smart Referer add-on strips out the HTTP Referer and the value of document.referer (in JavaScript) from cross-domain requests. It includes a default whitelist, and is customizable.
https://addons.mozilla.org/en-US/firefox/addon/smart-referer
It's also open source.
https://gitlab.com/smart-referer/smart-referer
This extension is most effective if you also use an ad blocker (like uBlock Origin) and Firefox's first-party isolation feature, although Smart Referer will still help prevent tracking even if you don't.
https://www.ghacks.net/2017/11/22/how-to-enable-first-party-...
You can also set this directly in about:config under network.http.sendRefererHeader:
If you want more granular control (like sending referrers but only the root of the domain) all of the various network.http.referer flags for Firefox are listed here:https://wiki.mozilla.org/Security/Referrer
Doesn't have a few of the features that your extension has, but it's done the trick for me!
I'm not the developer of the extension (just a user), but thanks for the about:config tip!
Has the 0 setting broken anything in your experience?
"something designed to violate user privacy"
I fail to see why sending the referer is a privacy concern. Following that logic, every datapoint is a privacy concern. From screen resolution to mouse movement, everything can be abused to build profiles. Referer headers have a host of valid usecases but if you are opposed any data being shared you'll probably dismiss all of them.
> Following that logic, every datapoint is a privacy concern.
Yes, every data point is a privacy concern.
Even the DNT header is a privacy concern.
> Following that logic, every datapoint is a privacy concern
I think it's a reasonable login when we're talking about data points sent implicitly. In my ideal world the website just gets the resource identifier, and browser cares for the rest.
> I fail to see why sending the referer is a privacy concern.
From the article:
>> The Zeus platform monitors contextual data such as ... what URL they have used to arrive there ... The publisher will then match that data to its existing audience data pools ... to create assumptions on what that news user’s consumption intent will be. The technology uses machine learning to decipher the patterns.
They are explicitly stating they use Referrer-like data to track users.
> They are explicitly stating they use Referrer-like data to track users.
To me, "track user" means persistently ID one person. This sounds more like inferring anonymous interest, like inferring that someone arriving from ESPN.com might be interested in your sports section.
If that person comes back tomorrow from The Financial Times, you might infer that they are interested in the economy.
But without cookies, I don't see how you would recognize that visit as the same person as yesterday and integrate the sports and economy interests into a persistent profile. Each visit would be self-contained, which doesn't fit my definition of "tracking."
They didn't say no cookies. They said no third-party cookies.
> But without cookies, I don't see how you would recognize that visit as the same person as yesterday and integrate the sports and economy interests into a persistent profile.
If you gather enough of that "anonymous" data, and particularly if you combine it with other data sets (as they claim they are intending to do), then it's not that hard to recognize individuals based on their usage patterns and metadata.
But does it matter if you don’t know who they are?
Going with that premise for the sake of argument: Nah, probably not.
But that premise is well-known to be in conflict with established reality. Identifying specific individuals from these sorts of data points is famously, disturbingly easy to do. People even do it just for fun, almost like it were an Advent of Code challenge. That's the reason why there will never be another Netflix Prize.
It does to me.
Why?
So that probably makes me part of a group composed of several hundreds of other visitors who exhibited the same behavior. I fail to see how that violates my privacy. You'd probably learn a lot more about me by watching me walk from my office to the parking lot.
>You'd probably learn a lot more about me by watching me walk from my office to the parking lot.
well I don't really expect the newspaper that I read to watch me walk from my place of work to the parking lot. In fact I don't want them to watch me at all because I don't expect newspapers to be in the surveillance business.
When I buy a newspaper at a store the guy behind the counter doesn't follow me three blocks to figure out how I drink my coffee at the coffeeshop, yet curiously enough this is how the internet works, everyhwere
> When I buy a newspaper at a store the guy behind the counter doesn't follow me three blocks to figure out how I drink my coffee at the coffeeshop, yet curiously enough this is how the internet works, everyhwere
But if you keep returning to the same news stand, he'll probably reach for the newspaper you like when he sees you coming. This is the equivalent of what the Washington Post does now. Not following you to the coffeeshop like the ad tech of today.
I don't object to a business or individual I interact with to getting to know my preferences better, that's inevitable and a good thing. What he doesn't do however is commodify my personal information and sell it to third parties and advertisement agencies so that they in turn can try to manipulate me and show me stuff I don't want, and I also suspect no newspaper vendor runs a high tech operation in the basement that, without my explicit knowledge runs some sort of panopticon like experiment on my personal data.
Do you know what I'd really like to see? A sort of frame in frame of what the algorithm sees that tracks me while reading a Wapo article, directly shown to the reader. It'd be interesting to see how people would react if they were aware of how exactly they're being followed around and analysed.
>What he doesn't do however is commodify my personal information and sell it to third parties and advertisement agencies so that they in turn can try to manipulate me and show me stuff I don't want, and I also suspect no newspaper vendor runs a high tech operation in the basement that, without my explicit knowledge runs some sort of panopticon like experiment on my personal data.
Where in the article do you see that WaPo does this? I was under the impression that this is WaPo-only data, collected by WaPo and used by WaPo. Too sell advertising space, yes. But that's because you're not paying them directly.
>Do you know what I'd really like to see? A sort of frame in frame of what the algorithm sees that tracks me while reading a Wapo article, directly shown to the reader. It'd be interesting to see how people would react if they were aware of how exactly they're being followed around and analysed.
I would love that too, but as long as it doesn't explicitly mention them by name I guess people don't care. Look at Facebook, here people never had any problem sharing really private information in exchange for free information and entertainment.
But that's because you're not paying them directly.
No ads or tracking are disabled for subscribers. Paying them directly makes no difference.
That's utterly stupid.
> as long as it doesn't explicitly mention them by name I guess people don't care.
I should not be subjected to spying just because most of my neighbors don't mind being spied on.
every datapoint is a privacy concern
Yes, this.
33 bits.
> 33 bits.
Context: There are about 2^33 people on earth, so it takes roughly 33 bits of information to identify a single person.
(In practice, it's probably slightly more bits because not all bits carry unique information.)
33 bits is not nearly enough: https://www.innovationfiles.org/33-bits-of-nonsense/
>"Anonymity in real life is much different than anonymity in the lab, and most people are content to be “one in a million” even if they cannot be “one in 6.7 billion.” In any data set, highly unique individuals (i.e. the outliers) may stand out, much like today’s celebrities do not enjoy the same level of anonymity as the average citizen. However, the fact that some individuals may be identified in a particular data set does not mean that any (or all) individuals may be identified in the data set."
From screen resolution to mouse movement, everything can be abused to build profiles
That's correct. I want none of these available without my explicit consent.
What’s a valid use case?
If my site is getting hammered by visitors I would like to be able to easily discern if it's because I'm featured on HN's frontpage or if I'm victim of a DDOS attack.
The referrer header is in no way a tool to differentiate real users from a ddos attack.
I disagree. A fake referer is easily checked: Is my link really on the frontpage? If so: all good. If not: it's getting suspicious.
A similar line of argumentation has been historically used to push every outrageous thing on innocent people since forever. You sell the "abuse" as defense for a shocking crime. Ok, you only said DDoS when the usual is terrorism and child abuse. But the bottom line is the same: I need to take something private from you to defend myself.
What would you think if all stores took every measurement they could about you without disclosing it and eventually justified it by saying "how else would I know you're not a thief"?
A referrer header is not an outrageous amount of information. It's the store-equivalent of asking "Where did you learn about us?" Taking it away would hurt smaller sites and do nothing against large companies and ad networks.
> A referrer header is not an outrageous amount of information.
But it does reveal information that is none of the website's business.
> It's the store-equivalent of asking "Where did you learn about us?"
No, it's not. Actually asking that question would be the equivalent. What this is is surveillance.
The store is asking, the site is not. And 99% of people are trained to click "Accept" after years of dark pattern abuse and they have very little understanding of what happens in the background. I hope you understand that my point isn't to bash a webmaster but rather bring in discussion the principle of the whole thing. Seems that everybody draws the line for what is acceptable in such a way that it perfectly covers their own needs.
I've seen people that insist that using facial recognition is not different from what humans are doing naturally, now done also with electronics. We can agree the implications are different.
> to take useful data away from innocent webmasters.
Webmasters who are collecting data about me or my machines (excluding the data about my direct use of their site) without my permission are not "innocent webmasters".
I'm surprised that in 2019 people (especially on HN) still believe/claim that users trying to hang on to their personal data "abuse" this to "take useful data away from innocent webmasters".
There are dozens of real life situations where covertly collecting such data would be considered completely unacceptable and yet my comment arguing this was still substantially downvoted.
But I guess my point is being in a technically literate community makes no difference when it comes to making a buck. Once one agrees to take a "not an outrageous amount" of private data for a bit of money, they'll agree to take an outrageous amount for outrageous money. And I think this is a perfectly accurate explanation for what FB, Google, [you name it] are doing.
Doesn't your argument work against encryption just the same? With such an argument aren't you actually punishing 99.9% of the internet population for what the 0.1% is doing?
But in general it's the only way to understand who's linking to you. Sure, not essential, but useful to see in general, especially when search engines could send it and you could see what keywords people used to find your site. If it were gone, as it is in many cases now due to https, people will adjust.
Google has used encrypted search terms in the referrals for years now.
Cross-origin sending of the Referer header can be disabled in Firefox with network.http.referer.XOriginPolicy, along with a variety of other Referer-related options [1]. I have it set to 1 (and XOriginTrimmingPolicy to 2) and haven’t experienced (m)any issues.
[1] https://wiki.mozilla.org/Security/Referrer
There are very goods reasons for the Referrer header to be used. If you see a lot of traffic going to a URL with a typo, you will want to know where that typo is. If someone hotlinks to a large file in your domain, you will want to know who it is and block it. Any alternative would be much more intrusive.
> you will want to know where that typo is ... you will want to know who it
I know you want to know those things. Find another way to handle those issues.
To be a "good reason", you need to show why your reason is worth paying the high price of betraying every user's browsing path to every server. Worrying about hotlinks and typos... "ain't the same fuckin' ballpark, it ain't the same league, it ain't even the same fuckin' sport".
> Any alternative would be much more intrusive.
Did you consider only serving that "large file" only when accompanied with a proper session cookie created when they loaded the HTML file? There are many solutions to those problems, including some that are sever-side-only.
I understand your concerns very well, but I have a different perspective. I don't modify my Referrer header. I want to let the websites I'm using where I came from. A referrer by itself is innocuous - only when you combine it with other nefarious techniques it wreaks havoc on users privacy. But on it's own, in an anonymous browser environment that I tend to use, it's actually quite useful.
Sadly, the industry chose to abuse it to the detriment of the users. Enough reason to take it away.
It's not really "design"--the header name is even misspelled. This one always felt like, at the time in the early days of the web, it'd be interesting data to pass along. Since then, things like image hotlinking started to depend on it, and Google got better about hiding referrer data, so there wasn't the same motivation to fix it as implementing same-origin policy. If the web were invented today, yes, I doubt that this would be a thing.
It was how you did sessions before Cookies and JavaScript existed, and existed because it was a problem that needed solving. Converting forms to wizards and the first Internet shopping carts.
I agree. There are some add-ons that spoof/disable this header for you, but as you said, this breaks some sites. I agree, as a consumer, that website that rely on the header are out of luck with regards to my business, but at work I don't always have a choice with regards to which online tools we use. But white listing the things that break is a fine solution in that case.
I forge the referer as the root of the site, except in the case of news sites that allow referers from google news to bypass the paywall, in which case I always forge that. This very rarely breaks anything (one out of a million sites expect an external or specific referer.)
and I wanted to recall that google employees repeatedly removed chromium's project code to restrict or disable referrer headers.
I personally was involved in 3 distinct times. And after that gave up chromium and the lie of google-independence completely.
and so should you. If they tweak things to reach their profit goals, they will also do the same when any agency "asks" them to. it's a slippery slope, and they already crossed
Total online ad spend works out to about $1/person/day in the US.[0]
We have collectively sacrificed our privacy because we're collectively not willing to pay $1/day for what used to be called newspapers and magazines ($1/day is equivalent to subscribing to a daily paper or a couple magazines, as most people did in days of old). There is a cost to providing news. The industry made clear it preferred to sell subscriptions but consumers collectively said no I want free beer and laughed at newspapers and magazine publishers for being so stupid as to try to sell subscriptions. Having been told no I won't pay for subscriptions the industry was dragged forcibly from what was unquestionably its preferred subscription model into the ad tracking supported model we have today. All because costs people can see (subscriptions) are less palatable than far higher costs they can't see (ubiquitous tracking).
[0] https://www.vox.com/recode/2019/6/24/18715421/internet-free-...
> we're collectively not willing to pay $1/day for what used to be called newspapers and magazines
> The industry made clear it preferred to sell subscriptions but consumers collectively said no
That's not how I see it.
People were happy to pay for cable TV and get no ads. But ... cable channels were all too happy to take that payment AND the money from ads. Magazines and newspapers aren't any different, and neither is the internet.
I would be happy to pay $1/day, even twice as much, to not be tracked. There is no one I can pay that to, and there never was; and if such a thing would have existed, they would still likely start tracking at some point, as happened with cable TV and ads.
That's not anywhere near enough. The guy who can pay is worth way more than the guy who can't pay. The $1 is the arithmetic mean but the distribution isn't uniform.
And the end result is that the people who are not willing to pay $1/day are subsidizing me, the person willing to pay much more - because the currency is ads and tracking — of which I opt out as much as I can through uBO, uMatrix and a variety of other tools.
You know, if craigslist charged for some of their ads, then actually had a tracking-free newsdesk...
You could recreate the newspaper.
>The industry made clear it preferred to sell subscriptions but consumers collectively said no I want free beer
I do want free beer, but the problem wasn't that consumers didn't want to pay for a subscription, it's that we don't want to pay for 300 subscriptions. If you try to pay for a subscription to every news website that deserves your money, you're paying a lot more than $1/day
I can't wait for there to be a ubiquitous method to tip pennies (or fractions of a penny) to strangers on the internet easily.
I'd happily throw a nickel at a good article, but I don't want to have to make a per-publisher account to do so.
Flattr (https://flattr.com) fried something similar, but unfortunately never took off really. The initial idea as I understand it (May have changed since) is you pay a set amount per month and tip articles you read. The amount tipped is the amount you pay per month divided by the number of people you tip. Therefore you never pay more than your subscription amount.
Blendle tried it. They had a bunch of good publishers signed on, and the platform created. But apparently people didn't want it.
Do you think the content owners wouldn’t take the marketeers $1 if you paid $1? You pay for a printed newspaper and it has ads as well.
Exactly. The publication that is the content of this article is a paywalled, subscription-based site. This is not an either/or situation.
While a fair point, cost is not value. It is the lower bound of value.
It could be that targeted ads are creating $10 value per person but it only cost $1 per person, $9 of which goes to the advertiser/consumer.
The idea of 9x extra hidden value lurking in the system is a nice concept but unlikely to be present. It's unlikely to be present on the advertiser side because if advertisers were actually reaping 10x the value of their digital ad costs, ad prices would rise significantly because advertisers would be willing to pay significantly more than they do today. The excess positive value is unlikely to be present on the consumer side because as already commented the consumer is reaping a huge net negative hidden value as a result of the ubiquitous tracking it drives.
Paying money to ad companies to not show you ads is a protection racket. I imagine if one of the larger players actually tried it they would get sued. And personally, supporting companies I would rather disappear isn't going to get much traction. It is a lot more than $1 a day per person who believes advertising is a requirement of a modern, functioning society.
I'm not paying $1 to every website I want to visit, that's way too much money. I happily give up some amount of my privacy to save myself the cost, especially considering the privacy I'm giving up is the kind of thing I'd tell a stranger readily.
It's not like WaPo is asking for my family's deep dark secrets...
All of this money and effort to create something that has never scientifically been proven to work: Super-targeted ads, instead of contextual ads.
The context is already there. Each article on a newspaper already provides the context.
What is the true purpose of this? The true purpose is psychological control and manipulation, as well as making additional money with the data beyond ads.
Psychological manipulation gives the ability to actually create demand. And this is what this is about, because that's the only way to actually increase revenue in a meaningful way.
If you can target a person everywhere on all channels, and all the time, you can do things that are not possible with simple contextual ads, and the profiles that are being created are for lots of different purposes, not for ads.
I wait for the day some newspaper actually does an in-depth investigative study into the level of manipulation that drives sales in ad-tech, because I suspect that the entire system feeds off low-educated and poor people, for example lower-class stressed-out people who struggle to lose weight and are prone to manipulative ads. This is the target audience that you can manipulate into spending 500$ instead of 50$.
> All of this money and effort to create something that has never scientifically been proven to work: Super-targeted ads, instead of contextual ads.
Have you worked in the field? Because I have, and I can tell you that ads targeting works. I've built some of these systems that people love to hate on HN. Hundreds of PhDs at Yahoo Labs, Google, FB etc have worked on this for decades and run thousands of A/B experiments. Are you saying that all these people are fraudulent / incompetent and that somehow the whole market cap of Google and FB combined (above 1 trillion dollars) is just a complete fraud?
Contextual advertising works, but much less than behavioral targeting. Anyone who has seen and worked on the data knows that.
Knowing that you just visited Best Buy website 10 minutes ago and searched for a camera is _much_ more relevant to figure out which ad to show you on nytimes.com right now than the content of the article you're reading on nytimes.com
Speaking as a PhD, I can assure you that just because PhDs research ways to make a thing work does not mean it does. Nor are they, or those hiring them, immune to presenting their results in the most optimistic possible way.
I am personally acquainted with several active fields that have been trying to make things work for 20+ years with very moderate success. They present their results which amount to "barely better than nothing" in order to keep funded. They also make the same arguments you do, "it stands to reason that it should work", to keep the money flowing.
There is the drug industry, which is chock full of new drugs that are barely better than placebo or generics, if they are at all. The results are hyped because it keeps the cash flowing. It would not be entirely true, but nor would it be too far off the mark, to say that almost the entire drug industry is based on fraud and exaggeration. And that industry is far more transparent WRT data and superficially altruistic than the advertising industry. This example is perfectly parallel because no one denies advertising works, just like no one denies antibiotics work, but the difference between new and old drugs, just like new and old advertising methods, seems to be greatly exaggerated.
Google built its entire empire based on contextual advertising, not behavioral targeting. With Facebook you may have an argument, but Facebook has a very special dataset not available anywhere else, and I would also add that Facebook makes the same amount of money whether behavioral targeting really works, or if they've just convinced their advertisers that it does.
I am neutral on the subject of whether it works because I have never looked into it, but "lots of self-interested people say that it does" is not convincing, and the fact that such an argument is so frequently made makes me think there is no actual proof.
> Google built its entire empire based on contextual advertising, not behavioral targeting.
True. But why do you think Google goes to a great length to track you all over the web? They literally have thousands of engineers doing just that. If there was 0 value for Google in behavioral targeting, and given their monopoly on search and the great value contextual advertising already brings for search, they surely wouldn't bother with tracking.
Assuming that behavioral targeting does not work, which I do not know, several possible reasons:
1. They started tracking when behavioral targeting seemed like a reasonable hypothesis, and keep doing it now to build a dataset in case it might work in the future.
2. Google does lots of things that are speculative and generate no revenue, and the general attitude in the industry is "why not collect all data we can because storage is cheap in case we can somehow use or sell it later". If we applied your overall logic to every part of Google, they would probably have 500 employees.
3. If Google can persuade advertisers that it works, they still make more money from them even if Google knows that it does not. Thus BT can generate value for Google without generating any for advertisers.
4. If everyone else in the industry also makes these claims about behavioral targeting working, any company not claiming to do it too would be at a competitive disadvantage.
Also, it is possible that BT "works", say, 1% better than CA. In that case it technically "works and generates value" but most reasonable people would say in that case that it does not justify the privacy tradeoffs or general hype.
Google built their empire on contextual advertising, but it's not the only kind of advertising they do these days.
Also, Google's revenue isn't necessarily derived from what ads provide the highest ROI; it's derived from what ads people want to buy. Regardless of what anyone at Google thinks about contextual vs. behavioral ads, it's in Google's interest to go nuts with behavioral ads simply so that they aren't letting all the other adtech companies keep all the behavioral ad spend uncontested.
> But why do you think Google goes to a great length to track you all over the web? They literally have thousands of engineers doing just that.
As far as I understand even as the British empire became smaller the number of people employed to oversee the colonies went up.
Bureacracy will find a way to generate work for itself and it would be a shame to have all those data scientist wasting their time on fixing actual problems instead of making reports about how smart the current system is ;-)
Knowing that the user is not a bot is pretty important to avoid ad fraud.
This might be enough incentive to do some user tracking, all by itself?
> ...track you all over the web? They literally have thousands of engineers doing just that.
Seriously? If that's true, most of them must be hanging out on the roof.
> Knowing that you just visited Best Buy website 10 minutes ago and searched for a camera is _much_ more relevant to figure out which ad to show you on nytimes.com right now than the content of the article you're reading on nytimes.com
The concern here is that you're just selling a camera that they were already going to buy. So the ad agency wins, Best Buy _thinks_ they win because they register a conversion, but you didn't actually create any value.
In my experience when the PhDs say "this doesn't work," the PMs say "that's fine, because we still get to say we have machine learning [insert other buzzword] and the customer thinks it's delivering value."
> Contextual advertising works, but much less than behavioral targeting. Anyone who has seen and worked on the data knows that.
I admit this is possible, and my gut feeling is that properly implemented targetted ads should be immensely effective, but theory isn't implementation, and I'm taking your word on it either way.
Driving the user back to BestBuy.com to convert into a concrete sale seems much more valuable than "well, they searched for cameras so they might come back one day and pull the trigger. Fingers crossed!"
Why wouldn't Best Buy pay for that?
I search things on Amazon all the time without checking out. Those aren't locked in as eventual purchases at all. There are even things in my Amazon cart as we speak that I probably won't buy. I'm often a mere teeter from pulling the trigger. Coming home drunk or being reminded at the right moment sometimes push me over the edge.
There's obvious value in giving me the right shove.
> The concern here is that you're just selling a camera that they were already going to buy. So the ad agency wins, Best Buy _thinks_ they win because they register a conversion, but you didn't actually create any value.
I agree. The industry is (too slowly) moving towards measuring the actual causal effect of ads to remove the correlation/causation leap that has unfortunately been the norm. But it's much harder to implement given the very fragmented ecosystem, and big players in a monopolistic situation at this point have little incentive to do so.
In reality, it's not uncommon for the causal ad effect to be 10x smaller than the claimed correlational effect.
> The concern here is that you're just selling a camera that they were already going to buy.
Are you sure of that? Why would he not buy it on Amazon instead of Best Buy? Why would he choose that Sony camera instead of that Nikon ones?
Ads made him choose that model, at that price, at this specific shop. All theses variables could have changed and he would have still bought a camera, but nothing guarantee that theses variables would have been the same and Best Buy wouldn't have that sale.
Best Buy did win, because someone else didn't.
That's all considering he was already going to buy that camera and it wasn't a poor impulsive choice, which sadly happens too often in this world.
I mean, building a panopticon to show me things I've already looked at may be effective but it seems like it's not the most worthwhile use of hundreds of PhDs for several decades? I also appreciate how Google continues to pay to show me Pixel 3A adds days after I purchased it.
Perhaps the advertisements you see after a purchase are intentionally delivered. Maybe testing has found a consumer is more likely to value and keep (vs return) a purchase, or recommend it to their friends, when related ads continue to be served for $time.
A corrolory to Hanlon's razor suggests that never attribute to intelligence that which can adaquetely be explained by stupidity.
He's probably in an audience for targeting, and the audience is presumably only updated every so often.
I don't work in the field. I think part of the reason why my perspective diverges from yours is probably that your profession is extremely intransparent about what actually happens behind the curtain. Obviously people will speculate and err on the side of caution.
I should probably clarify that I did not mean to say that it doesn't work. What I meant is that it doesn't really work out for the publishers. The parties who profit are just first and foremost the platforms, then come the advertisers, and the publishers come last.
That explains the 1 trillion market cap. And also why Criteo didn't lose money after Apple blocked them from following their users.
I wonder if you can provide me to a study about the difference between Apple/Safari users and Google/Chrome users when it comes to advertising effectiveness, because since Safari users can not be tracked, that means according to your statement the revenue from Safari users would be way less.
What? Criteo is worth 40% of what they were prior to the safari change.
That is correct - My previous employer spends $30k/day on programmatic ads, and they spend $0 on safari. Worse targeting, worse performing.
What's the case for building these kinds of systems in 2019? I would love to hear your perceptive on this.
If I were to play devil's advocate to this article, (and this isn't necessarily my perspective) I would say that FB/Google have already carved up the ad market, and even their businesses are under pressure from native ads on Amazon.com, which is where a huge portion of e-commerce takes place.
The twist though is that this is the Washington Post we're talking about, so this plan may have benefited from the business mind of Jeff Bezos himself who knows these businesses very well.
> What's the case for building these kinds of systems in 2019? I would love to hear your perceptive on this.
The business case has become very tenuous at this point. Because of the dominance of Google and FB + the increased pressure from regulators on privacy, most third party companies are getting crushed. GDPR increased the market position of Google which also gives them less incentive to do behavioral targeting as it's legally riskier, and they don't need it to beat the competition on ad spend as they control publishers inventory. So they'll probably push more in the direction of AMP and controlling content.
What I expect in the coming decade is a regression to "the old world" of TV advertising: ads are going to become spammier and spammier as it's going to become increasingly difficult to collect and use data to make them relevant. And big players won't have an incentive to do so because they'll control content even more.
So I expect even more HN hate for ads :)
>Are you saying that all these people are fraudulent / incompetent
This sound vaguely like an appeal to authority - or perhaps I'm not using the correct phrasing, but the underlying logic of "X number of scientists can't be wrong" isn't a good look. While I hate when people say things like "evolution is just a theory", it's not a good idea to use # of scientists who hold a view as a proxy for if it's valid if the idea is much less tested than things like evolution or climate change.
Well the original claim was extremely grand. I was trying to bring some nuance to the typical HN comment on ads which usually goes along the lines of "oh I saw a terrible ad yesterday, Google is so dumb and evil and ads don't work based on my own anecdote".
What I'm saying is that maybe it's not unreasonable to believe that some of the most successful tech companies of these last decades didn't completely build their empires on sand and that maybe what they sell is not 100% BS.
> Knowing that you just visited Best Buy website 10 minutes ago and searched for a camera is _much_ more relevant to figure out which ad to show you on nytimes.com right now than the content of the article you're reading on nytimes.com
This sounds reasonable. But there is quite a way from that to the current implementation which seems to be along the lines of:
It doesn't take very many PhDs to come up with that, does it?> Contextual advertising works, but much less than behavioral targeting.
There is credible evidence on both sides of this particular debate. But to me, that's not a relevant issue. The issue is what is right vs what is wrong, and behavioral targeting is just wrong.
> Are you saying that all these people are fraudulent / incompetent and that somehow the whole market cap of Google and FB combined (above 1 trillion dollars) is just a complete fraud?
TLDR: despite your models the result I see as a male in Norway are ridiculous and laughable.
Longer version: All I can say is that the last 10 or so years the ads I have gotten have served no other cause than to make me despise the advertisers and distrust any claim about working AI.
Maybe I'm extremely unusual, but I would think this
- pushing mostly crappy dating site ads
- for 10+ years
- to a married man
- who is generally very happy
- and has small children
- while not pushing ads for major infosec events
- and not for family holidays
can hardly be considered very smart unless you are paid handsomely to show those ads regardless of if they work or not, especially as I've repeatingly clicked x -> not interested -> irrelevant.
Seing how Google is botching search accuracy, Google+, Reader etc etc I feel I have good reason to think the company in sum is a lot dumber than the people who work there.
And yes, I think so highly of most men in my exact position that thet won't fall for the crap I've seen.
And, based on my talking with others it seems not to be a fluke: if you are man this seems to be their best (and often their only) idea of what ads might be useful.
Or maybe it works on enough other men to pay off.
But personally I've now concluded that my best explanation is that Google is dumb or deliverately fleecing their advertisers.
PS: Facebook ads have been somewhat better for me. I actually bought something from one once.
It’s proven to work in the area where it matters: convincing people to buy ads. Marketeers pay more for showing ads to targeted audiences than for showing them to random audiences. The Washington Post doesn’t care if you buy the toothpaste that is in the ad on their page.
Marketers care about performance. Targeting allows for higher performance. If I ran a baby product company, I want to target people with babies or who are expecting.
I guess they should care in the sense that poor ad performance will cause marketers to question the effectiveness of ad buying with WP?
The open secret there is that it's infeasible to accurately measure ad performance, and embarrassingly easy to come up with metrics that would make basically any ad campaign look like a success without looking suspect to anyone but a trained statistician.
Which will work out just fine, so long as your advertising client isn't someone like RStudio.
Yup. There's no reason to expect that an industry whose sole specialty is being manipulative and dishonest to behave virtuously when dealing within the industry. Adtech companies compete against each other too.
> it's infeasible to accurately measure ad performance,
how come? You can measure your conversion rate, cost per conversion, etc.
That's about the only gimme, and it'll only cover a portion of the hypothetical payoff for the ad - some other, potentially larger, number of people never click, but do remember and come back later. Or if you're trying to sell things in meatspace, it's really hard to ever be able to say, "More people came to our store because we ran an ad."
If you do get enough profit from directly traceable conversions to cover the campaign, yeah, that's a gimme - you may not know your actual ROI, but you do know that its lowest possible value is still positive. That said, I don't work in adtech, so I don't really have any way of knowing how common that is.
> number of people never click, but do remember and come back later
For major brands they may remember. Otherwise I think it is reasonable to assume that clicking on ad is most established way for user to check product. Once user navigated to website, he can be reliably tracked by site owner.
Possibly. But, at the same time, "it is reasonable to assume" is the epitaph carved into the gravestone under which economics's credibility got buried alive.
I'd feel better assuming that question's answer is simply unknown until a few different people have performed a few different field experiments.
For my part, for example, I pretty much never click on ads, because they typically get shown to me at a time when I'm already busy doing something else. But, if I later perceive a need to buy a product of that kind, there's a decent chance I'll remember the name, and therefore be more likely to Google them or take a closer look when I see them mentioned on Wirecutter. I have no idea how typical I am on that front, but, tangentially, I do at least suspect that, if clicks were really the end-all-be-all of hawking product, then there wouldn't be quite so many billboards by the side of the highway.
> I'd feel better assuming that question's answer is simply unknown until a few different people have performed a few different field experiments.
there is whole industry of such people, and they vote by investing dollars into specific type of advertisement, which is reflected in Facebook and Google revenues growth.
> likely to Google
This is another channel of how dots can be connected.
> It's really hard to ever be able to say, "More people came to our store because we ran an ad."
Offline attribution and targeting based on offline intent is totally a thing that companies do today.
Correlation != causation. The parent wasn't discussing internal metrics, but rather establishing a cause-effect relationship between the targeted ad and your conversion.
Parent didn't provide much clarity about how he derived his opinion and what is the problem exactly with ads performance measurements.
It’s always hilarious to look at ads and try to figure out why they think I’m the right audience for them.
Facebook keeps showing me ads for a cup with a hidden compartment for alcohol in the lid, and for various gun safes. Apparently they’ve decided I’m an alcoholic who attends a lot of festivals, and a gun owner. Neither one is remotely correct.
The other day a different site showed me an ad for a capsule containing a 360° panoramic camera that a proctologist can use to inspect people’s digestive tracts. I’m not any sort of doctor.
It would be one thing if all this abusive technology was used to show me relevant stuff. But they do all this nonsense and end up showing me ads for butt cameras?!
Facebook will always show you an ad. First the system tries to select a relevant ad with the highest predicted income ($$$) for FB winning the auction for your screenspace (the placement). If FB can't find a perfectly relevant ad the algorithm will choose a less relevant ad, But it will always show you an ad.
The thing is FB does not select a relevant ad from all available ads on FB, but only from a subset of ads matching a certain targeting setting that in turn matches your profile or interest. And this targeting setting is set by the uploader of the ad. And in some cases advertisers select a targeting that does not make any sense at all. (They target you by error.)
Does the placement algorithm like to show you a non relevant ad? Most likely not because on average it yields less money for FB. It could be that FB does not have much information on your interests or your privacy settings disallow using this information and the algorithm does not know what is relevant to you. And/Or the advertiser had a very high bid for the placement and the placement algorithm decided a less relevant ad with a high bid yields more money than a more relevant ad with a low bid.
(This is often the case if the advertiser decided to pay per ad-view and not per ad-click. Pay-per-click ads only yield money to FB if they are relevant, because users don't click on non relevant ads. Per-per-view ads always yield money for FB.)
But in the end it's not facebook who is to blame. It's the advertiser setting up stupid targeting and placement bids. (I once burned through 10000€ in one minute because of an erroneous targeting setting while showing the right advertisement to the wrong people...)
Most ads are not that targeted. That's a fallacy that seems to come up on HN but the reality is that most ads you see are generic large buys across very wide populations. Targeting costs more and the increased acquisition costs don't always pay off for every product. Also most ad systems will always fallback to show you an ad no matter how lacking the targeting is, because a filled ad slot is better than an empty one.
It doesn’t much matter to me whether it’s badly targeted or untargeted. At the end of the day the result is the same: they pour all this effort into abusive tracking and then it doesn’t even achieve the result that’s supposed to be the reason they do it.
It doesn't achieve it because it's not used. They cant control what advertisers do with their campaigns.
I'm surprised Facebook's showing irrelevant ads to you. The few times I have to use Facebook the ads are so relevant that it is downright creepy. They are known for buying people purchase history from credit card company, but they are still stuff I have not figured out how they made the connection, for example, I get ads for very specific product that family members with a different last name and who don't have facebook, bought recently.
It gets really spooky when you start getting ads for something that was mentioned a couple times in Messenger. Wouldn't be surprised if they are scraping DMs now, too.
And the alternative explanation is even worse: modern behavioral model (at times) as so good that they know what product to sell you before you do.
The ads I get from Facebook have gotten much more generic and less creepy after I started using Firefox with the Facebook container plugin.
That's the low quality untargeted ad each time.
Dead-tree newspapers and TV networks, and the companies who bought ads in them, made plenty of money without any invasive ad-targeting. Just like many companies today make plenty of money without child labor and sweatshops. Everyone uses them when they're allowed at all because of the race to the bottom, but that doesn't mean no one can function without them.
For the first, security cameras, background check services, etc.
For the second, political ads on all sides, as well as ads targeted to the reader. (Perhaps a book about geopolitics? A fancy globe/map?)
I shared your initial reaction, but after thinking about it a bit more deeply I feel like it could actually work.
People reading an article about a tragedy are no more likely to be interested in background check services than the population as whole. That's useless targeting, it's not even targeting.
How many fancy globes and maps do you think are sold? Enough to fund all of the geopolitical news being reported?
People reading an article about a tragedy are no more likely to be interested in background check services than the population as whole.
Are you sure about that? New mother, wondering where she is going to find a babysitter, wouldn't feel an increased pressure to think about security cameras and background checks after seeing something like that? I can't speak for all of them, of course, but of the few I've known such things become topics of neighborhood conversation. Perhaps you have better data.
I suspect parents are a particularly juicy target. Being a fresh parent myself, I've already noticed I have much different emotional reactions to news reports and even movie scenes involving safety of children.
I totally buy that in the above murder example, an ad for security cameras would be very effective.
I agree with dhimes that targeting people reading about a tragedy would actually work quite well. Certain people read about those kinds of things, and those people are definitely more susceptible to buying certain products. If you're worried about something happening to your child, a security camera advertised within the context of such an article would be great targeting. Remember, even the best ad targeting right now only gives a certain edge over showing random ads. It's not like you need 100% of people that read the article to purchase the product.
And there are plenty of geopolitics books sold, and usually at a high price point, too. Someone commented elsewhere in the thread that $1/person/day is total online ad spend in America, so the bar isn't too high.
Furthermore, I'm responding to someone who was thinking of the _worst possible headlines_ for selling related ads. There are plenty that lend themselves better to ads: "new national park in [place near you]" could have ads for tons of very high value products... I just checked RV rentals, and even a fairly small and old RV went for $300+/night near a national park. Tack on some fees and a family could easily spend $2500, of which a large amount is profit (I imagine) with a small/old RV like that. Perhaps it has another ad too, to catch those interested in ultralight backpacking, people in that community can spend $500+ on one single piece of gear easy. And a third ad, to catch everyone else not interested by the above - an ad for a general camping/wilderness/hunting goods store.
The more I think about it, the more I'm sold that it's actually a great idea.
I'm not sure what ad network they use, but the ads on https://www.zerohedge.com/ seem to be a good example of a "financial apocalyptic paranoia" targeting.
Exactly, fear is a good motivator. In our community mailing list every time there is an earthquake somewhere in CA, emails start flying about earthquake insurance.
In the above case, a crime is a good motivator for people to start looking into protection and crime prevention options.
So, yes, I think there is some real value in exploring context as the Ad driver.
You don't sell the subject matter. You sell the emotions it expects to generate in the reader. You put the ads designed to be attractive to the person feeling anxious or outraged or amused next to the article that is expected to engender anxiety, outrage or laughs. Fear and anxiety are great ways to shift crappy products. Pepper spray, tasers, alarm systems, funeral planning services would all benefit from your murder story obviously. Financial products for your oil tanker less obviously (specter of war creates worry about finance and movement of capital to 'safe' investments like gold)
You’re waiting for newspapers to investigate why their own primary revenue stream is unethical?
Technically the journalists should have editorial independence and a firewall between them and marketing. So they could in theory investigate their own paper's revenue stream.
Although in this case they wouldn't have to frame it in such stark terms because ad tech is widely used.
Newspapers get huge amounts of referral traffic from Facebook, it hasn't stopped them investigating Facebook's practises.
Facebook is an adversary, though. Big difference.
Le Canard Enchaîné disagrees [0]. Still stuck in the old ways of paper printing though.
[0] https://en.wikipedia.org/wiki/Le_Canard_encha%C3%AEn%C3%A9
“Stuck” may not be the best word for a profitable journalism company that ensures its readers that they aren’t being tracked nor individually manipulated.
Are there any digital news outfits that don’t subject their paying readers to unethical (IMHO) advertising?
If no, I’ll continue to read via dead trees.
there are state-sponsered media like BBC, etc.
Even with the BBC though there are conflicts of interest.
For example, when the BBC introduced compulsory logins for its iPlayer service so that it could, amongst other things, form political profiles on users just in case viewers decided to be in the audience of it's political shows such as Question Time.
I distinctly remember hearing the BBC News team interviewing the BBC's own staff and coming to the consensus with themselves that they were "striking the right balance".
There were no descenting voices on the programme and discussion about why creating political profiles for people might be a bad thing.
Do you have a reference for that discussion?
Radio 4's 'Feedback' [1] bills itself as "The programme that holds the BBC to account on behalf of the radio audience" and frequently interviews BBC employees.
Obviously there are fraught incentives from them paying for their own criticism. Not sure cancelling the program would improve the situation though.
[1] https://www.bbc.co.uk/programmes/b006slnx/episodes/downloads
Not to hand but I'm just having a search for it.
I'm pretty sure it was PM with Eddy Mare on Radio Four and from memory would have been back in 2017.
> All of this money and effort to create something that has never scientifically been proven to work: Super-targeted ads, instead of contextual ads.
Oh, it works to some extent. Trust me, advertisers and ad networks look at this stuff very, very closely. They have the data. I know only rough numbers, but a.) the difference is surprisingly small, yet b.) big enough that they can't just stop.
I'm not sure what scientific bar of proof you would need to see passed, but Google stalks users and targets them because it makes them more money. The ads perform better. Their systems fall back on context, when they can't do the more lucrative stalking.
Probably.
I think it's a downward spiral, it only works because each player is forced to play along due to fundamentals of game theory.
So what we are seeing is that the methods become more ruthless every day, but everyone needs to conform, and it's a race to the bottom.
The end result is spending-fatigue and numbness in response to normal ads that are not hyper-addictive.
I also think it does not really pay off for publishers. It only really pays off for the middle men and those players who sell unethical products aimed at manipulation.
Contextual ads work fine for some things (printer ads for "printers" searches and reviews), but for things that aren't e-commerce, context is much less interesting, and it's more effective to show a retargeted ad for printers on a news article on the latest laser research than an ad for laser pointers.
I have a pretty hard time believing it contextual ads works just as well as targeted ads because the ONLY time an ads ever worked for me, was because it was targeted.
When the netbook trends started, I was interested in buying one. I made a few research on the subject but once done, that was it. A few days later, I got a Best Buy ads about the exact netbook I searched about and the price was great and I bought it.
It wouldn't have happened if it was contextual. Sure it may have happened that later on I would have got an ads of that netbook on a technology website, but it would have been one out of thousands.
People keep doing re-marketing campaigns. Theses have to provide a better return than normal advertising or else why would you do the effort? That show right there that targeting works.
> "has never scientifically been proven to work"
You mean like the petabytes of data generated every day by 2 of the biggest companies on the planet? Did you just make up this claim?
The industry is not dumb, its more politics and technical wars that lead to bad experiences than anything else. There's a balance between detailed targeting and context, with the major problem in the former being data quality and identification. This is why Facebook can do a great job when you're logged in, but a generic ad network will suffer with crummy ads.
You don't notice the good ads, only the bad ones, so you're skewed into thinking they never work even though that's far from the truth.
From the article, better contextual targeting appears to be the goal of WaPo's project:
> The Zeus platform monitors contextual data such as what article a person is reading or watching, what position they have scrolled to on a page, what URL they have used to arrive there and what they’re clicking on. The publisher will then match that data to its existing audience data pools, which it has accumulated over the last four years, to create assumptions on what that news user’s consumption intent will be. The technology uses machine learning to decipher the patterns.
Yes, that's why I'm hesitant to call this move unambiguously good. But it does seem better than most.
> Each article on a newspaper already provides the context
That doesn't work when the articles are optimized for creating fear and panic to drive "engagement". In the best case, it would look like they're trying to tastelessly profit from the problem - eg an ad for Suboxone.
Psychological manipulation does not require persistent personalized targeting, it just helps. Base consumerism is driven by contrasting a horrible hyperreality with stability/escape - the context of the ad must be different from the context of the story.
> All of this money and effort to create something that has never scientifically been proven to work
There are parts of the online ads business that are very scientific. They run A/B tests to figure out what will make them the most money, and they're very good at it. Amazon, for example: say you look at a blender there and don't buy it. Amazon has cookied you, and can then target that cookie on other websites, showing you pictures of the blender trying to get you to come back and complete your purchase. They have very good metrics showing how much they should pay for these remarketing ads, and they make a lot of money from it.
> Each article on a newspaper already provides the context.
The article you're reading does give some information. There are a few kinds of articles that people are especially likely to read before spending money ("what kind of phone should I buy", "which credit card should I get", "what do I do if I've been diagnosed with mesothelioma") and ads on those pages are worth a lot. But if you look over the front page of the Washington Post ("Opioid death rates soared in areas where pain pills flowed", "At rally, crowd responds to Trump’s criticism of Rep. Omar with chants of ‘Send her back!’", "House votes to kill impeachment resolution", "This German city had few foreigners. Then refugees changed it in some surprising ways") or any other general interest publication you'll see that most articles are targeted at, and going to be read by, a very wide range of people.
(Disclosure: I work on ads at Google)
Aren't A/B tests super short-term and specific to single advertisers? In the end the money in the system is limited, and if one competitor achieves a high level of revenue via A/B testing, someone else probably loses that amount of money.
I wonder whether Ad-tech has seen a reduction in revenue after Apple introduced Intelligent Tracking Protection, as these users can not be tracked via cookies.
This source claims there was no significant dip for Criteo for example:
https://www.thedrum.com/news/2018/08/01/despite-apple-s-game...
The conspiracy theorist in me suspects that they only introduced cookie blocking after they were sure that other fingerprinting methods were reliable enough that they didn't need cookies anymore. They can pretend like they're "doing something" when blocking cookies in and of itself is another variable they can use to fingerprint you.
I read a number of martech and marketing sites (because it's good to know your enemy), and the discussions there strongly indicate that this isn't the case.
They've been spending quite a long time freaking out about the impending death of the cookie, and talking about ways to mitigate that.
> Aren't A/B tests super short-term and specific to single advertisers?
They don't have to be short term. I currently have an A/B test I'm watching that I've been running for over a year, and other people I work with have some that have been running even longer. The reason to run a test long term, though, is either (a) you think the world might change such that your results won't remain valid or (b) you think a short-term measurement isn't a good estimate because of user learning. I'm not sure why you think a short-term measurement would be a problem in this case: a short experiment where an advertiser switched from personalized to pure contextual ads would lose a lot of money, and I don't see why you would expect that amount of money to decrease over time.
> In the end the money in the system is limited, and if one competitor achieves a high level of revenue via A/B testing, someone else probably loses that amount of money.
It's not zero sum, not at all! Let's say you sell board games. You advertise on board game review sites, but there's not that much traffic there because most people who buy board games spend most of their time on unrelated sites. If you figure out a new way to identify people likely to buy games and start advertising to just them you bid up the cost of advertising to those users, and displace, say, low-value belly fat ads. What happens? You start bringing in a lot more money, because you're selling more games. Some of that money goes to the sites you're advertising on, which now make more money because someone has figured out how to better advertise to their audience. And the belly fat advertiser makes less money, because the pool of ad space no one wants for anything has dropped slightly. But the amount of money they're losing is much less than the amount you and the site owners are gaining, because people are buying more board games.
> I wonder whether Ad-tech has seen a reduction in revenue after Apple introduced Intelligent Tracking Protection, as these users can not be tracked via cookies. This source claims there was no significant dip for Criteo for example.
I would guess Criteo isn't losing money because they've switched to tracking users via other means. They were caught [1] using HSTS supercookies, which led browser makers to remove HSTS as a tracking vector [2], and I suspect they've moved on to other methods. But (a) it's hard to tell externally since so much fingerprinting can be done passively and (b) I work for a Criteo competitor so I'm probably biased to think poorly of them.
[1] https://twitter.com/gothamresearch/status/942800208441827329
[2] https://webkit.org/blog/8146/protecting-against-hsts-abuse/
Showing me the products like that are so annoying, because google doesn't know I purchased them elsewhere and keeps showing them forever.
Please, after a reasonable time try to show me things people who have brought X typically buy after 2 weeks. As an example I would have paid for a curtain service to my new appartment, but google kept pushing (bad, paid) apartment search sites at me.
I now google products only in incongnito mode, since it get so annoyed by this behaviour.
Facebook decided initially that as I was single I must be interested in paid dating sites (even though, statistically I would be better of with a site with a larger audience), so please don't take this as an attack on Google, but as an attack on limited machine learning.
>I wait for the day some newspaper actually does an in-depth investigative study into the level of manipulation that drives sales in ad-tech, because I suspect that the entire system feeds off low-educated and poor people, for example lower-class stressed-out people who struggle to lose weight and are prone to manipulative ads. This is the target audience that you can manipulate into spending 500$ instead of 50$.
Why do you think you're immune or any different?
because I never see any ads :P
20-30 percent of people use ad-blockers, and I think I already know the demographics compared to the exposed population.
But for a serious argument, I refer to the studies on delayed gratification and the association with education and upbringing.
> The context is already there. Each article on a newspaper already provides the context.
While that's true, I'd imagine the vast majority of articles aren't all that useful to sell against. What ads do you put next to "Trump racist tweet controversy"? Flights to Canada, perhaps...
That's an easy one, you sell #IStandWithIlhan shirts. Next ad? MAGA hats, so you can sell to both sides.
'Take back control of your health cover'
Trump tweets are clickbait and generate outrage. You just need an targeted to people in that mood. And probably a much better return per click than selling ads targeted to people who have been searching for health cover, because they are already in the comparison stage or are no longer in the market, where as the clickbait ad targeted at people pissed off at the government gets to make some first impressions.
> Super-targeted ads, instead of contextual ads.
Did you read the article? The point of this new platform is contextual ads, instead of personally-targeted ads.
It's more like a mixture of context and client-targeting (referer for example)
> What is the true purpose of this?
I believe that from the hosting site perspective one of the principal benefit is sweet talking investors.
Bingo.
YouTube is targeting me with hyper-manipulative ads. I had one that was a five minute explanation about What Racism Really Is and another was about how European Socialism Doesn't Work. Neither of which had anything at all to do with the videos I was watching.
I see what they are doing and I don't like it.
Political organizations are paying YouTube to target you with manipulative ads. Maybe that's splitting hairs but we might as well be precise about who has what role.
Yes, it's proper to blame everyone involved in this.
Is this Jeff Bezos's influence?
Things I would never have imagined a big old newspaper having their IT team whip up:
> The Zeus platform monitors contextual data such as what article a person is reading or watching, what position they have scrolled to on a page, what URL they have used to arrive there and what they’re clicking on. The publisher will then match that data to its existing audience data pools, which it has accumulated over the last four years, to create assumptions on what that news user’s consumption intent will be. The technology uses machine learning to decipher the patterns.
Yet another extremely compelling reason to simply disable all javascript (and other active content) by default.
For me it works like this: the default is disabled. When something doesn't work (actually The Washington Post works great, much better than with JS on), I esitmate the tradeoffs: if it's a really useful website with JS functionality that is actually useful to me (say, with JS doing the math notation rendering or an app I badly need), I enable JS. Otherwise, why bother?
JS is like ads used to be: first they put it everywhere, then you get fed up and just switch it off.
Do you block all JS, including 1st party and inline scripts, or only 3rd party scripts and resources?
I've used uBlock Origin to block all 3rd party scripts and frames for a while, but I'm seriously considering going full default-deny all scripts and other active content.
I default deny all, then selectively enable scripts to add missing functionality. It can be a pain to get Gawker sites to work, but the vast majority work perfectly after enabling first party scripts and maybe cloudfront.
I'd suggest a selective scriprlt blocker like umatrix (my recommendation) or noscript. Do note you will have to invest some time toggling & refreshing on some of the more complex sites until you figure out whatever web of cdns and auxiliary scripts is used to run their stuff
Not the GP, but I block all scripts by default with NoScript, then selectively enable them, starting with the first-party scripts. I've learned to identify likely tracking domains and have memorized several of the more widespread ones, so over time this technique has proven effective.
Why would you need to memorize them when you can just mark them explicitly untrusted?
This is exactly what I've been doing for years!
It should be noted that the so-called "cookie law" is about more than just cookies. It's about all user data and who can access it and for what reason.
If this more tightly controls who user data is given to then that is a big improvement. If it's just trying to find technical loopholes in the law... well EU law tends to take a dim view of that.
If I type in the address bar a URL or click a bookmark rather than click a link, is the referrer still sent?
No, which is why years ago I developed the habit of not clicking links, but copying them and pasting them into a new browser instance. That also gives me the opportunity to delete the tracking parameters that are added to a lot of links.
No.
If they don't see a referer, then they can assume that you typed in the URL or bookmarked the page.
That could signal higher intent than someone clicking a random clickbait link to your site.
Other events could prevent the referer from being sent too, but you can filter some of those out using other tracking methods and looking at user behavior.
> If they don't see a referer, then they can assume that you typed in the URL or bookmarked the page.
... or followed a link from an IM or some other source outside of the browser. Too many possibilities to really assume anything and draw conclusions.
You can also disable/spoof referer in about:config
WashingtonPost has been ahead of the curve on this for a while. Here is my anecdotal experience with their tracking.
WashingtonPost allows a non subscriber to view a few articles per month and if you went over the limit it would require a login. I had been able to circumvent that by clearing out my cache, cookies and local storage or using the anonymous mode. But now that does not work anymore.
I am able to work around this by disabling javascript. Your move WashingtonPost!
Well, the next move looks obvious to me.
Or use something like outline.com
Could Firefox's containers be extended, and include an option to resist fingerprinting?
This would limit the information sent by the browser (maybe run everything in a lightweight VM with standardized performance, feature and settings), including the referrer used to open the containerized tab (which might be done already).
The VM sounds complicated, but we already have qemu running in browsers. Reduce the timing granularity, randomize I/O slots, and lie about the RTC, and fingerprinting becomes much harder, unless I am missing something?
Side note: I am against fingerprinting me across websites as an individual, but I am perfectly OK with fingerprinting me about my interests, provided everything is done in a stateless manner: if I spent more time on the technical section, which 80% people skimmed over, maybe offer me more technical articles at the bottom?
But please, do not keep information about me. Tracking would be illegal under the GDPR provisions anyway, AFAIK, cookies or not.
Firefox has privacy.resistFingerprinting which takes a variety of steps to, well, resist fingerprinting. The functionality was ported from Tor Browser. However, some aspects may be frustrating to the user (set window dimensions, no zoom-level memory, etc.).
There are, of course, many other privacy-related configs in Firefox. Relevant to the Referer header is settings under network.http.referer.* (see https://wiki.mozilla.org/Security/Referrer).
If I understand it correctly, this is what tor browser does, in addition to using the tor network itself to as-close-to-anonymize you. Tor browser has warnings that encourage you to not-resize your browser because that could be used as fingerprinting data.
Well, I was thinking about enabling those on specific domains only (leveraging the container feature).
An interesting (research) approach would be to taint the data that can be used as fingerprinting, and forbid its exfiltration, perhaps with different levels of aggressiveness.
Example: a webGL game requires my wwindow width, GPU capabilities, etc? fine. But now, the thread that has this data cannot send anything to the other threads.
It would require some adjustments, and tightening the side-channels (making available download bandwidth/timings/etc more granular, for once). I do not expect it to be completely fingerprinting-resistant, but it would go a long way.
Once they have better tracking, wonder if they would use it to manipulate news items on a per-customer basis. That is show one news item to this person but not to that person. Or maybe change the tone or phrasing in the articles.
> The Post plans to license the Zeus platform to publishers both domestically and internationally
Does that imply data sharing as well?
> That is show one news item to this person but not to that person.
I imagine they do this to some extent already. Personalization is nothing new.
> Personalization is nothing new.
It is for ads, and newspapers adjust their content for different regions. But I wonder if they intend to do what they do for ads for news stories. They may choose to hide some, bring some to the top or even reword them. So if I go to WaPo's front page, I'll see different "news" than what my co-worker next to me sees.
> But I wonder if they intend to do what they do for ads for news stories.
I actually pay money to read the WaPo. If they started "personalizing" the news like that, I'd cancel my subscription and stop reading them at all.
There are a lot of things that I think are made worse by personalization, and what news reports I get to see is toward the top of that list.
Seems to by this implication:
> and reaches a combined 750 million unique users globally, according to the publisher. The theory is that in doing so, publishers can compete more effectively with the scale and data-targeting opportunities provided by Facebook and Google.
I’m surprised WaPo isn’t trying something simpler and more disruptive: making a point of selling non-targeted ads. Targeted ads may be somewhat effective at selling a specific product, but they’re creepy and they don’t help build a brand. Non-targeted ads are not creepy and signal that a brand is legitimate.
Of course, it’s much harder to apply metrics to this type of ad, since conversions aren’t the point.
Daringfireball.net does this kind of non-targeted advertising. I would love to see a major publisher (other than TV) try it.
I'll not say it would be impossible to run a general news website this way, but Gruber's website is basically pre-targeted already. Advertisers know pretty much exactly what they're getting with his audience - affluent, tech-focused Apple-aficionados with disposable income. It works great for him and his advertisers, but isn't a generalizable example.
If I understand what they're proposing, this is a method of ad targeting that I don't actually object to. It doesn't involve spying on me, identifying me, or tracking me (either on or off the internet).
It's closer to, but not completely, how ad targeting should be done -- based on the context the ad appears in rather than trying to figure out my own personal characteristics.
I admire steps taken to improve the privacy of ad-supported media ecosystems, so this effort by WaPo should be applauded on it's own. Their results, taken along with NYT's switch back to content-only ads in the EU [1] might help spread the word that all the creepy ad-tech isn't even necessary or beneficial!
That said, I'd like to make a simple request of media outlets... Please build a rate plan which provides all of the benefits of subscription, adds the expected profit from advertising, and then let me buy it to experience your content ad- and tracking-free. Please!
[1] https://digiday.com/media/gumgumtest-new-york-times-gdpr-cut...
A case study in this: The New York Times
In 2018, it made $202MM in revenue from digital display advertising. [1] Averaged across an annual reader base of 125MM worldwide, or 91MM in the U.S. alone [2], that averages out to just $1.62 or $2.22 per customer. Let us pay it to opt-out! Where is the harm?
[1] https://s1.q4cdn.com/156149269/files/doc_financials/annual/2...
[2] https://nytmediakit.com/digital
Are there any ad networks out there that do not track users?