
When the business model is the privacy violation - randomwalker
https://freedom-to-tinker.com/2018/04/12/when-the-business-model-is-the-privacy-violation/
======
textmode
One argument he raised in the House hearing was that collecting data on users
allowed more targeted ads which in turn made ads more efficient and therefore
more economical, which levels the playing field more for small businesses
versus large ones in terms of advertising.

However, that is an argument favoring the customer, i.e., the advertiser, not
the product, i.e., the user.

During the Senate hearing, he was asked about Ms. Sandberg's comment that if
there were no ads then users would have to pay. Mr. Zuckerberg pointed out
that users can opt-out of ad targeting/data collection,[1] making the ads they
receive more generic and less "relevant", but currently Facebook _offers no
option for users to pay not to receive any ads at all_.

The still unasked question is, "Why not?"

If some users could not afford to pay, as Mr. Zuckerberg suggested in both
hearings, then they could opt-in to advertising. How would this affect the
business model?

Further, if those users were disappointed at how the ads they were being shown
were not "relevant", then they could opt-in to ad targeting/data collection.

1\. The default setting is opt-in. As we know, most users do not change
default settings.

~~~
default-kramer
I have been thinking about what would happen if all browsers had perfect ad
blockers enabled by default, starting tomorrow. I think years later we would
look back and decide that it was the right thing to do, despite the immediate
short-term economic damage.

~~~
iAMAGuest
I like pretty much everyone else dislikes advertising, but it is a genuine
source for a company to generate revenue.

I really don't know any other real alternatives other than making the user
pay, which would in turn make the internet just basically one big subscription
model. The majority of the "free" services which many people enjoy now, like
YouTube, Facebook, etc probably could not exist as they do.

What is needed is some clear boundaries (legislation), and education. I
believe without advertising that the internet would not have been what it is
today, and I don't think it would have exponentially better.

~~~
michaelchisari
Do we know how much Youtube, Facebook, etc. make in ad revenue per user? It
can't be much. If micro-payments are an option, the ability to pay $0.75 a
month for an ad-free social network would be fantastic.

~~~
iAMAGuest
I think the problem behind this is that ad revenue is not the same as a
subscription revenue. You cannot assume that if a user was worth $3 a month in
ad revenue that that would translate to a $3 a month subscription.

For example, I would have no doubt the the customer acquisition cost for an
"free" application with advertising is a lot lower than trying to sell that
same user a membership.

When it comes to social networks I would suggest that the stickiness is
because your friends/family etc are on the same network. It's not if you are
willing to pay, it is only really worth it, if your friends are willing to
pay.

If you are talking more about a paid and free version, then there are already
services out there like YouTube Red (available in some areas for $9.99+ USD).
There are always options out there.

~~~
snovv_crash
What about all the work that goes into maintaining the ad network and
distribution, advertiser acquisition etc? That isn't free either.

------
DesiLurker
I just wanna say one thing about this, when I found out that FB was looking to
find healthcare data from hospitals and other providers to like to peoples
profile it sent the chills up my spine. that is seriously creepy. if something
like is available then probability of it being abused is almost 1. right now
my facebook usage is fairly low but I'll delete my account for sure if there
is any truth to that.

~~~
lotu
That sounds like an explicit HIPA violation and is very much against the law
for both the hospital to share the data and Facebook to do that linking. It
sounds tin foil hat conspiracy to me.

~~~
pwinnski
There is no evidence that any hospitals agreed, but it is no fantasy or
conspiracy that Facebook tried.

[https://www.theverge.com/2018/4/5/17203262/facebook-
medical-...](https://www.theverge.com/2018/4/5/17203262/facebook-medical-data-
sharing-plan-healthcare)

------
IBM
I think this op-ed is very relevant to this [1]. There's no doubt the internet
companies will aggressively oppose any attempt to pass privacy legislation in
the US, but there's no reason why that needs to be all tech companies. Apple,
Microsoft, IBM, etc could play a major role in balancing their influence.

[1] [https://www.nytimes.com/2018/04/11/opinion/silicon-valley-
lo...](https://www.nytimes.com/2018/04/11/opinion/silicon-valley-lobbyists-
privacy.html)

------
CryptoPunk
A more accurate title would be: the government revenue model is the privacy
violation.

Governments cannot be genuine allies of the people against corporate
surveillance, and for example, encourage privacy technology like public key
cryptography, and client-side encryption, when their primary sources of
revenue: the income and sales tax, depend on rampant and overt criminalization
of privacy (KYC laws, income disclosure laws, record keeping mandates on the
private activity of private citizens, etc).

------
throw2016
Spyware and adware 10 years ago were considered extremely shady and
unacceptable and certainly not in the mainstream like now with Google and
Facebook.

Who would have thought then it would take these shady practices a mere 5 years
to transition into the mainstream.

Advertising via textual context and immediate location is ok. Everything else
is a dark pattern and incentivizes uncontrolled surveillance, profiling and
data hoarding and should automatically be disallowed in a civilized society.

------
BadassFractal
Is it fair to say that privacy violation as the business model is generally
more profitable than privacy as the business model?

~~~
manjushri
If information is power, then that is like asking if having more power is more
profitable than having less power.

------
crowbots
Funny story, i have never seen any ad anywhere in the internet or never
clicked on any one for sure. i wonder why product makers pay so much for
advertisement to google n fb.

i have seen advertisement in tv when i used to watch tv a lot and am sure i
have never bought those stuff jus because they advertised them, most of time
we will just swap channels for few mins and advertisement wud b gone away.

And in internet it is very effortless to jus scroll past stuff that we are not
paying attention to, i guess i most of the time ended up scrolling thru ads,
thats y i dont remember buying anything because i saw some ad.

------
zmmmmm
> Thus, hashing completely fails to address the underlying privacy concerns

I don't understand their argument against pseudonomous identifiers (well, part
of the problem is they present it without a lot of argument). Are they arguing
that companies will reverse the hash, or that they will de-anonymise it using
additional data? Otherwise it seems harmful to me to tell people that using a
different identifier per web site is useless (a bit like telling everybody
that locking your car is useless because a determined thief would break in
anyway...)

------
yuhong
My Google DoubleClick Mozilla essay talks about this exact topic:
[http://yuhongbao.blogspot.ca/2018/04/google-doubleclick-
mozi...](http://yuhongbao.blogspot.ca/2018/04/google-doubleclick-mozilla-
essay-final.html)

~~~
lotu
An interesting if rather long read. However I’m not sure if your solutions of
voluntary donations and cryptocurincies have viability. Voluntary donations
have high friction to get a user to start donating (You don’t want to donate
to a site you only visit twice and who knows if you will visit the site in the
future). Cryptocurincies are unproven at this point.

You also don’t mention how targeted advertising is critical to many small
business. If you have niche or specalized product it can be very difficult to
find people that want to buy it, you are limited to only places where those
people are in high concentrations, it is quite reasonable to expect that the
elimination of targeted advertising would quietly erase these business as they
are no longer able to find their consumers. Diffrent payment models don’t
address this.

~~~
yuhong
It is unfortunate that it is not more famous. I did mention that there are
sites that depends on targeted advertising that would be affected in the final
version of the essay, though there is not much detail about it. Feel free to
come up with other solutions BTW. I have a Google Group you can join:
[https://groups.google.com/forum/#!forum/google-mozilla-
probl...](https://groups.google.com/forum/#!forum/google-mozilla-problems)

------
known
I think every website should comply with
[https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Sec...](https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard#History)

------
ianstallings
With new regulations like GDPR coming online FB's business model is basically
kaput. They're going to need to rethink their whole stance if the world
follows EU's lead. Given that Zuckerberg was called to testify in front of
congress, I think we're probably going to see much more action.

~~~
idoh
On the contrary, the GDPR helps Facebook. As background, I am a product
manager dealing with GDPR issues right now. The requirements are quite
onerous, but they are not intractable. I am sure that Facebook, with their
army of engineers and lawyers will be able to find a way.

Facebook already has traction, and if push comes to shove can anonymize their
data so it is at least still somewhat valuable.

However, the window is closing for any new social networks to get started,
because the startup costs are simply too high and you can't growth hack like
you used to.

What I am saying is that it is quite reasonable to assume that Facebook will
be the last social network out there, that they will survive and no new
competitors can emerge. If any hope of competition gets removed, then that
benefits FB.

~~~
lotu
100% to this. I’m an enginer also working on GDPR and you sound exactly like
my product manager. GDPR is likelly to result in the number of advertising
technology companies going from thousands to dozens. One of the requirements
is that you inform users who you are sharing the data with. If you have a list
of ~10 companies is allowed under GDPR, but a constantly change it list of 500
companies is not. The result massive consolidation.

This is very ironic because one the the complaints of the EU against companies
like Facebook or Google is that they are monopolies in the advertising space,
and then they passed a law that will have the effect of force it their
competion out of the market place.

It’s a real shame that no one is really covering this aspect of GDPR.

~~~
forapurpose
> One of the requirements is that you inform users who you are sharing the
> data with. If you have a list of ~10 companies is allowed under GDPR, but a
> constantly change it list of 500 companies is not. The result massive
> consolidation.

Are you saying that GDPR puts a limit of between 10 and 500 on the number of
companies you share data with, or are you saying that it's impractical to
share a constantly changing list of 500 companies with the user?

The latter seems easy to do: Just create a webpage and keep adding the names
of new companies. Email a link or the list to the user as needed. Do I
misunderstand?

~~~
PeterisP
As the adtech data sharing usually doesn't fall under any other legal reasons
that would allow you to use that data, you need to get _consent_ for the new
companies. If the user ignores your email and takes no action (doesn't opt
in), you don't have their consent, and can't share their data with the new
companies.

But IMHO that's the whole point, the legislation is a response to users saying
that they don't really want such companies to exist - the business practice of
taking my private data and sharing it to the world 500 companies will now
require my explicit opt-in _freely given_ consent (i.e no "we'll refuse
service if you don't consent"). The expectation and intent of this law is that
I and pretty much every one else will simply not provide that consent, and
that business practice will become impractical and die out, as it should.

