They still want to know how you proceed round the store, because that helps them optimise shelf layout, identify hard-to-find items, and so on. So yes, they might use the standard in-store CCTV to observe your journeys, and when they figure that you and people like you always have difficulty finding the eggs (seriously - why is it always so hard to find the eggs?), they'll move the eggs somewhere more prominent, so they can sell more eggs and you can buy what you came to buy.
But that's as far as it goes. They don't follow you out the store, let alone into your bedroom. They don't match anything with third-party data, let alone your mobile phone number. The store just wants to know where to put the eggs.
Unfortunately, your bouncers have simply been told to "hurt them if you have to, I’ve really had enough of it". So last time they came in, they smashed the CCTV cameras. The store-owner remonstrated with them a bit but the whole debate around bouncers has become so polarised that there was really no point arguing.
And if this metaphor seems a little obscure, this is why it is irresponsible, populist and ultimately self-defeating for uBlock and chums to block self-hosted Piwik and other such internal analytics tools. Because some of us are trying to do the right thing and your bouncers are still beating us up.
Sure, it may be frustrating when a user blocks tracking tools (especially self hosted ones) but that's the their choice.
We got by for decades without analysing user habits (even in a local only context, without correlation with third party data). There are so few examples of cases where analysing user behaviour was a make or break factor in a store's survival. Sure, it can be useful to know what a user looked at and, as you suggest, how difficult it is to find the eggs. But there are better ways.
Physical stores at one point (and still now, in many cases) respect that user choice. Want to participate? Get a loyalty card. We'll watch how you spend, but we'll give a little something back to participants.
On the web, the solution is simple. Do it on your application servers back end. Have your request handler (which should probably know a lot more about your user in the context of your application than any third party tool) log user requests and actions. You'll be able to tie data gathered to a logged in user and their local purchase or browsing history.
You'll get to know your user better and you'll avoid third party tools that creep out a growing proportion of your users.
You're not entitled to participation in analytics.
Oh Mary just gave birth, Henry is currently sick, Walter likes his coffee a little stronger, James a little weaker (something with his stomach). Danielle drinks only tee, has two kids and the marriage is not really happy. And so on. A lot bordered on gossip, a lot was very valid and relevant information. People talked.
So it was totally normal in a smallish community for the store owners to have an extensive profile on every customer. All in their head for sure, but non the less. And guess what - everybody benefitted. The clerk could recommend based on what he knew. People would be directed to relevant produce.
By the way this works even today. If I buy at my normal place I get personalized recommendations for cheese from the lady behind the counter. We talk, she knows a little bit about my tastes and I get to try new things.
I grew up in a town with <1000 year round residents. We had a general store like this. We avoided the general store as much as possible. Some families went as far as getting their mail through another town because the local post office was inside the store.
The reason is quite relevant to this thread. The shopkeeper, his wife, and all the regular customers who sat around to chat while they drank their coffee were gossip hounds.
People valued their private lives more than letting a social circle they weren't involved in know anything about them. Not who sent them mail, and not even what type of breakfast cereal they liked.
"Everyone benefitted"? Nah, I think you've just heard too much "small town community" bullshit from politicians.
What's the relevant produce for an unhappy marriage? Whiskey?
I'd actually talk to a few people before I'd say "everyone benefited" because many didn't and absolutely hate it. I've seen people rearrange their schedule and go way out of the way just so they can run an errand in peace and with some privacy and dignity. Myself? I know I've avoided places specifically because I'd be likely to see someone I know there.
Having a conversation once in a while with the person selling you cheese (which is choice!!) isn't the same thing as being tracked.
Not everyone wants personalized recommendations either. Or recommendations at all, most people know what they want and are creatures of habit.
I don't want recommendations at all from anyone who is selling me something! The incentives are misaligned to say the least. What if you found out the cheese salesman got commission from certain brands? You'd think she'd suddenly recommend them?
But I do not. I want a choice, the choice to share my data and have personal recommendations, or not share anything and have generic ads. But no one give me that choice, so I have to take it by "hiring the bouncers"
The way to get there is to separate the browsing/shopping process from the tracking/recommendations. Instead of bouncers we should have personal shoppers. The majority of people I speak to have no problem with trackers so there is no reason not to make it more transparent where users can choose which data they want to share and for what purpose.
If you don't like it, that's your prerogative - you can go somewhere else. If enough people do that, the person who owns the site loses out. But I can't see why it's not entirely within a provider's rights to say "if you use our service, you must agree to X. Otherwise, Y."
I think a better use of resources than the clunky EU cookie law would be to say "sites can analyze what visitors do on their site - but only there." Then it's truly opt-in (by virtue of using the site), and sandboxed. There's no "following you home" - the site owner would only have access to what you do on their site.
There was trust because they were all part of a community. That's not the case with anonymous trackers that people aren't even aware of.
Youtube's recommended videos are unfailingly terrible, and Amazon's recommended products just feel like annoying add-ons that might "accidentally" get bundled into my cart if I hover my mouse too near them. I generally already have something in mind if I want to buy/watch online.
I'll stick with recommendations from friends/actual people. That's why last.fm/spotify has been so great for music discovery relative to pandora/rdio - you can browse real people's collections instead of an algorithm's guess of what you might like.
Wait, what? Do they know that you are browsing? Seems also creepy...
The web is mostly not like this. The ad and tracker networks are on multiple sites and are so agressive and successful at retargeting that it almost induces paranoia. Sadly out of ignorance the innocent small business is using a network that's borg like in their assimilation of everywhere.
Tesco, Forbes and the agressively multi round funded startups can fuck off. Especially as they give no shits for apparently anything. Fuck that man, get bigger fast. Let me show you this ad for VisualThing++ for the 96th time, even though it's well over a week since you accidentally clicked on the maximise on rollover sound playing flash abortion.
Back when I was being persuaded that all advertising and tracking online was becoming evil I'd innocently visit somewhere work connected say SEOMoz, as was, then see ads for them EVERYWHERE, for ages. Like the bad commission only salesman who ruins parties and friendships with only one topic of conversation I'd go read something in the evening on sports and the ads would be having a conversation about Moz, or random startup service we looked at for work. WTF man fuck off and stop following me!
Even on the web the good ol days, as you describe them, wouldn't be so bad, but that's not what we have. Not even close.
Depends when you start counting the decades. Since Netscape and the 'coming out' of the www, we've always paid attention to where people go on our own web pages.
But (continuing the metaphor) now they're tracking what each customer buys and when, where they came from and where they go, where their eyes wander and how long they look at an item...
Then sharing that data with other stores to profile customers, and find out who's sick, pregnant, graduating, on a diet, what political candidates they support...
Tracking today is nothing like tracking site visitors in the '90s.
Amazon isn't going to not data-mine the shit out of my purchases, even though I paid for a product.
I do question the value of all that data collection though. Sure it's interesting, but I don't really believe that data collection and analysis at the current scale translate directly to more sales. Honestly what's the value of tracking me around the net, how is knowing what sites I visit going to translate to a sale of some product?
Exactly! I subscribe to SiriusXM for my car, because I really like the music options. Last night I looked at installing it on my phone. It requires access to my contacts (why?); to my phone status and identity (what the heck?); to direct-dialing my phone (WTF‽); to view my network connexions; to pair with Bluetooth devices; to install shortcuts.
It plays music. It should need access to my SiriusXM username and password, and to the network. That's it. There's no way that I'll install the app: I may be paying, but I'm apparently not the customer.
However, unlike Walmart who would get on the phone with an account executive with Conde Nast (GQ's publisher) and talk through the campaign, most website advertisers and publishers do not have people dedicated to doing 1-1 sales. Publishers want the most money possible per ad unit and advertisers want the most sales possible within a reasonable acquisition cost. To balance those two things out and create value on both sides, ad exchanges and the demand platforms that tie into ad exchanges provide tons of targeting and remarketing opportunities. That allows advertisers to target their most profitable audiences. However, in order to offer all the rich and detailed targeting options, the exchanges and platforms have to know what individuals are doing so they can create personas and profiles of you.
If this happened magically in the magazine industry and magazine ads could be customized to the individual reader, then Walmart might buy some space in GQ if they learned a small portion of GQ readers are actually bargain hunters and shop at Walmart all the time for clothes and only read GQ more for their interviews and cocktail recipes rather than for men's fashion info.
So, to say that analysing user behaviour is new is probably an overstatement, at least in the BBS example.
What I'm suggesting is that applications can completely unobtrusively log visitor data internally, without requiring the client to make additional requests. In the same way that ad networks could serve data through your own application backend (rather than being requested by the client), if the ad networks and advertisers could stomach losing access to cross site user data tracking.
The GP was complaining that users still block Piwik and other self-hosted solutions. Of course they do. I'll block every single request I can, if it's not just fetching the content that I want.
Some developers and content providers complain that by blocking analytics services (including internally hosted ones) means they'll be left completely in the dark. This is wrong. They can always log visits through their web app code on the server side - they'll have the benefit of complete request context access ("Is the user logged in?", "Is their account in credit?", "Did they buy this item at some point in the past?") but simply won't be able to correlate this data with other websites logs (a benefit to the users, from a privacy perspective).
As a user, there is absolutely no benefit to me whatsoever of your site knowing my age, income bracket, recent (off-site!) browsing history and interests. None. Ad networks, advertisers and content providers will benefit. I won't.
Do you block images, css, and other stuff that doesn't pertain to the content at hand?
> What I'm suggesting is that applications can completely unobtrusively log visitor data internally, without requiring the client to make additional requests. In the same way that ad networks could serve data through your own application backend (rather than being requested by the client), if the ad networks and advertisers could stomach losing access to cross site user data tracking.
Yeah if all you want is referrer, user agent, url requested, and ip. But what about other great information in help with making your site BETTER for your users, like screen size?
> As a user, there is absolutely no benefit to me whatsoever of your site knowing my age, income bracket, recent (off-site!) browsing history and interests. None. Ad networks, advertisers and content providers will benefit. I won't.
I find it strange given the demographics of HN that people still believe by me putting Pwiki on my site to gather analytics about my visitors, that somehow taps into your bank account to see your income, requests your tax documents, downloads your birth certificate and gives me a full list of your last 100 visited urls.
That data is only available if I somehow put a tracking pixel on as many sites as I can. Such as a 3rd party script.
So because of that I can see blocking Google Analytics, or 3rd party trackers, but what are you doing by blocking 1st party stuff like Pwiki other than giving a big fuck you to the website owner?
No. In many cases, the styles and images are content that I'd actually like to see. In some cases, sure - I'd eagerly jump right back on that Gopher train and trim out all the extra crap you want to funnel into my browser.
> Yeah if all you want is referrer, user agent, url requested, and ip. But what about other great information in help with making your site BETTER for your users, like screen size?
> I find it strange given the demographics of HN that people still believe by me putting Pwiki on my site to gather analytics about my visitors, that somehow taps into your bank account to see your income, requests your tax documents, downloads your birth certificate and gives me a full list of your last 100 visited urls.
You're being facetious. I don't think anyone made this suggestion. I know I certainly didn't.
My issue with things like Piwik is primarily the additional requests my browser makes to help you accomplish something that you could have done on the server side. When I'm reading your blog, my browser shouldn't be expected to make extra requests once the content has loaded, just to give you a better idea of how people use your site. It doesn't benefit me, and you're not entitled to my cooperation. I can choose to block Piwik if I'd like. You can always log the limited data on server side.
> [...] giving a big fuck you to the website owner
And by expecting users' browsers to make additional requests (using additional data, and additional CPU cycles - however few), I could maintain that you're "giving a big fuck you" to the user.
This sense of entitlement to user data, usage data, analytics, and the right to make the client behave as you wish is relatively new over the past decade. I don't like it, and it sets a dangerous stage for the future of the web.
Furthermore, the eggs are hidden on purpose, such that people have to walk a long way along aisles filled with high margin impulse buy crap. As a customer, this "optimization" is actively trying to exploit my atavic weaknesses and damage my health. Thank you very much, I don't sense a whole lot of sympathy for me here, just a race for the quick and dirty buck.
As to eggs in the back of the store, yes milk and eggs are always in the back of every store I can recall. We all know the game. Why piss off your loyal customers? Too many MBA's? I don't know, but it's obviously not working. I don't like shopping anymore. I don't think I'm alone.
I can't think of any brink and morter store that's doing well. And they always blame the Internet?
Whole foods was doing great for years. Now with uniformed security guards roaming around, tired workers, sneaky product placement; their quarterlies are the chits. They blame competition. It's not competition. Your stores became like everyone else. By the way, the CEO did promise to make staples affordable and he delivered. Milk, eggs, butter, and bread are cheaper than Safeway, along with their brand of product. There 365 products are reasonably priced.
I am very respectful to pretty much every store I shop in.
By respectful, I treat the store like I live there. I put away items of I didn't need. I don't just leave the item in the cart, or in another area of the store. I don't mess up shelved items, like books, etc. I treat the employees with respect, and try to make their horrid jobs easier.
That said, when I walk into a store like Home Depot. A store that is tracking my movements throughout the store with CCTV, and takes a picture of my mug at every isle, checkout, bathroom entrance, point of sale, etc.; I could care less about how I treat the store. Do I care that every one of my transactions is transferred to some server in Richmond Virginia--yes!
It's funny, I used to like the company. I was glad when they opened up near me. The employees seemed like they liked/respected their employer. I used to go to their stores just to browse. I usually ended up buying something.
Jump foreward to today. I only shop there if I absolutely have to. I walk into that chit box, and can't get out quick enough. If I don't need a product in my hand it goes anywhere except where it was located. My mood changes once I walk through those doors and look into those cameras. I don't think I'm the only one who dislikes being monitored, tracked, and manipulation with product placement.
Their employees seem like they are working in a correctional facility. literally every employee seems misserable.
Home Depot is a perfect example of too much tracking(I don't know all their digital tracking tools--I just feel like I'm being watched. I don't like showing my ID when returning an item with a receipt.), bad security, and general useless advice from MBA's who should have at least one year of grunt level retail work before being promoted to screwing up a store.
I have a feeling tides will turn eventually.
It's similar to price checking something on Amazon, not even logged in, and then them spamming you about that item. Your average person is so overloaded and unobservant that these things apparently don't set off their creepy detector.
 I started doing so because it's easier to return items, and I try not to keep stock when a store can do that for me. Speaking of returns, they run your license with a 3rd party verification company that is obviously also surveilling you. Furthermore, if this company's digital voyeurs decide you should no longer be able to return items, you have little recourse. I believe using a credit card avoids them wanting to see ID , and obviously prevents their system from denying your return.
 Although I've got my license's serial number / 3D barcode covered with blackened masking tape. A picture, name, address, and birthday is more than enough to "identify" me for civilian purposes, thank you very much.
First, a precision: EasyPrivacy blocks Piwik. uBlock Origin enables EasyPrivacy by default. If you think it's wrong for Piwik to be blocked, bring the issue to EasyPrivacy maintainers.
Now, why is it "irresponsible" for Piwik to be blocked?
Some of us just do not like to have all our movements scrutinized, even by 1st parties -- I personally consider this a healthy stance, I just do not like to be treated as a product.
Also, what guarantee there is that all the data collected by one 1st party through Piwik is not sold to any number of 3rd parties? There is no guarantee -- thus all tracking deserve to be blocked as much as it can. It's for the same reason I choose to not disclose my phone number or postal code at the cash register when they ask in brick-and-mortar stores.
That's why I think the orbital strike option of block everything all the time is ultimately selfish. I think individuals should make some attempt to block ads/tracking that they think is itself immoral but not block what they consider fine.
For example, I don't block ads in google search results since they are unobtrusive and clearly marked as ads.
And that is your choice and I can respect that, but please, don't be one of those entitled people who complain about a website completely blocking you for blocking their stuff.
And for the record, I love uBlock and your work. I use it myself, but I use it in blacklist mode only. Which I feel is the best way to do it. Block the shady sites, don't hurt the ones who just want to get a little analytics.
You should be honored I had the content you wanted to see and agree to what I require in exchange to view said content.
So many people claim they'd rather pay a fee to view a site than have an ads shown to them.. But in practice, I highly doubt anyone would pay for the amount of sites they visit daily that display ads in exchange for delivering the content they want to see.
If server costs are a worry then definitely spend some time on thinking about slimming down the presentation to the point where those are no longer a worry.
Whether that page gets viewed 10K or 100K times doesn't bother me, if it would get into the millions I'd have to do something about it (probably slim it down even further).
I haven't ran a site in the last 5 years that had an advertisement on it. But I have ran sites in the past that served over 400,000 unique visitors a day, and the only way I could afford to continue delivering the content that those visitors came for was to either require them to pay for it, or put advertisements on it.
I couldn't afford at that time a $1500/mo server bill to give content out for the love of it. It was a full time job just to curate and provide the content let alone work a full time job to pay for it too.
I see both sides. If you want to block ads and trackers, I fully understand and that is your right. I just don't like the fact that people feel entitled to the content of the website without agreeing to view the other stuff on the same page.
Once again, if you block my ads, go for it, your right. But it's also my right to deny you that content on the fact that you blocked my ads.
That is the problem here.
So now the unintrusive, non tracking ads (the good guys, if you wish) will be lumped in with the rest, because they are a very small fraction of the total and people that have finally had enough of all this can't be bothered to be precise enough about how hard they slam the door.
And I'm not complaining about companies that block me because I run an ad blocker, I couldn't care less, their loss, not mine, there is enough content out there that you couldn't consume it in several lifetimes if you wanted to.
Have a good weekend and happy high five Friday.
To which the answer is "no, now take the business model that you thought required this and shove it somewhere anatomically improbable".
The advertising industry and tracking has gone too far. The amount of websites with local analytics is small. I suspect that nearly all US based shops with local analytics is breaking (EU) data protection law. Why should I assist them in breaking the law when it harms my privacy?
Honestly, we only need a statistically significant sample for a few buckets...so unless uBlock and chums hit ~85% none of this effects me. The same is true for virtually every "good actor" in the space.
You just need to be able to run an A/B test that is statistically accurate + analytics + RUM.
Ad blocking is a reasonable proxy for tracking blocking since they usually go hand in hand. [e.g. uBlock]
Real world, I see ~35% block rates at $DayJob. I don't care about that at all and I'm amazed any "good actor" would given 65% of the population is more than enough for as many statistically accurate samples as you'd need.
So when you say "you are doing the right thing", what isn't included in the above?
This is actually factually incorrect.
Some hints here:
And it goes even deeper than that.
The major reason why companies will self host analytics services is not because they are trying to protect the privacy of their visitors, it is because they don't want to give out business critical information to third parties.
Now, this became a little distracting. Every now and then I had to wait for the guy to catch up, who was crawling along with me trying to measure the width of my foot steps with an inch rule, and then there was this guy, who insisted to peek into my pockets and to keep track of its contents in a quart book he had attached to the lining of my coat. (Over time, my coat became that heavy, I had to stop and rip out the lining in order to proceed.) Yay, it was all to my best ...
Then, something funny happened as stores began to engage in something they called "optimizing". Had the super market around the corner once sold 5 different sorts of cheese, it was now just 3 with the 2 best selling ones missing (they didn't have much potential for future optimization as they were sold out constantly). Some months later, they started to hide the bread behind a fake wall as soon as I entered and pushed whole piles of umbrellas in my way (since I had once bought one on a stormy afternoon a year ago – I would have understood, if it had been bagels, because I started to buy these as I was searching for the bread in vain.) That is, until last Halloween, when I discovered that there was still bread to buy, when I entered the shop in disguise.
Last month, I bumped into a girl that looked rather familiar, just as I was preparing my wig and false mustache for getting some bread at the super market. Remember Cookie? She is still working at a store, inside the server room. We chatted a while, and now I'm a habitual to her work place again. The store is a bit farther away than the fancy super market, but it really outweighs the inconveniences of the other place.
> hurt them if you have to
> they smashed the CCTV cameras
What? Nope. Not at all. You can still track everybody without a blocker, can you not? Or what harm do you incur that translates into harm or property damage in your metaphor?
And maybe make all this optional for those that don't want to be tracked. (I mean allow them to register and opt-out of server-side tracking too.) I think they might even start to like you and become sort of loyal.
...when they figure that you and people like you always have difficulty finding the eggs (seriously - why is it always so hard to find the eggs?), they'll move the eggs somewhere more prominent, so they can sell more eggs and you can buy what you came to buy.
You think that stores are in business to sell you eggs, and are slightly puzzled that eggs aren't easy to find. But you confidently continue proceed despite direct evidence that stores don't act like you think they should.
The answer to your question is that stores are in business to sell you as much as they can, and the eggs are just there to get you to see everything they have to offer. If they made it easy to buy eggs then your life would become easier and they make less money.
Stores know this because they hire consultants who tell them what to do. And the ones who refused, made less money then got out-competed or bought out by the ones who followed the advice. Now they all know to bury eggs, and the big ones make each store's layout different so that they can maximize how much consumers wander.
You know what else those consultants told them? Candy bars are high profit items, but nobody is going into your stores to buy junk food. Those are impulse buys. So put them right where everyone is forced to stand and wait for the cash register to make it as hard as possible to avoid the impulse.
Look down the cereal aisle. They put cereals with healthy branding at eye level for moms, and the obviously exciting cereals at eye level for kids. Note that branding and reality are unrelated. Take a look at the serving size and sugar per serving on all the boxes. No matter what the branding, most of the cereals work out to be about the same.
It goes on and on. Marketers have fine-tuned their art to a science. No matter where you look, they have mastered details you wouldn't have thought of. And while they aim to hit your emotional buttons, they do NOT fundamentally aim to please YOU. You're not the client. The store is their client, and your being unable to stop opening your wallet is the product that the store is buying.
Given this, a little more difficulty in "finding the eggs" is a good trade-off, especially since it's not like designers are naive and consigned to random interface choices, and you can actually still do A/B-type testing without user tracking.
Otherwise, users have to trust that site owners, out of empathy, will do the right thing with data, and that a broader network of tracking won't occur -- despite that it's totally rational from the site owner's perspective to broadly track users. That strategy is beyond brittle; it's unbelievable.
They fill the center with junk and the fresh food, eggs & milk along the sides. Often eggs & milk (commonly used together) are on OPPOSITE halves of the store!
You, the store owner, may know that; but how do I, the customer, know it? How do I know you aren't selling data from that CCTV camera to others, who don't own your store and don't have the use for the data that you do? Even if you aren't doing that today, how do I know you won't tomorrow, when someone shows up with an offer you simply can't refuse? And so on and so on.
You're right that this is a sad situation, when people's desire for privacy means cutting off access to data even for the (few, I suspect, but still...) store owners who actually want to do something with it that might benefit the customer. But it's what we have. If you want to know where to put the eggs, you'll have to figure it out some other way.
uBlock didn't block it. I blocked it, by using uBlock, which I picked because of its stance on trackers. So its more like I found a cloak of invisibility so I don't show up on your cameras. You can't blame the store selling the cloaks, because I and every user like me chooses to wear them. You have to blame the user for using the cloak... but to what point? You are blaming me for not letting your code run on my machine.
Take for example how the FBI wants to have automatic access to the data in all iphones through a backdoor. Would that be considered OK if they asked lockers makers to make their locks accept a master key so they would be able to enter in anybody's house, so they could monitor further people they suspect to be terrorist?
Of course that would cause an uproar, but the general public being so uneducated with technology, I guess they don't see how the two are related.
Didn't TSA do exactly this, only to have CAD designs of the master keys reverse-engineered from a photo and posted in GitHub? https://github.com/Xyl2k/TSA-Travel-Sentry-master-keys
I don't know. But I know that it would be absolutely normal to pick your lock and/or knock down your door if they had a warrant. It would even be OK for them to ask the lock company, door company, and landlord to help them do that. For that matter, the landlord could even be compelled to surrender his master key for the entire apartment complex.
All of those things could happen out here in the big blue room, and nobody would blink an eye. Funny how these metaphors to the physical world clear things up, isn't it?
What if the FBI would ask all landlords to install a special door to every apartment, but only the FBI has the key to this special door? What if someone successfully copies that key? Now they have access to all apartments.
Second off, the FBI is not asking for a special door to every apartment. They are asking a lock manufacturer to create a key and use it to unlock a single lock that is brought to them, after the lock manufacturer explicitly designed their locks to make the creation of such a key possible, so that this legal case would exist.
There is an interesting debate to be had here, but this rhetoric using overly simplified analogies is not it.
But hey: what if the lock company makes a standard lock, with a plain ol', low-security, five-pin key, and attaches it to a bomb that destroys the apartment when it's picked incorrectly? Does the lock company now get to beg off when the police come looking for help opening a single door?
"Oh, we'd love to help you, officer, but you see...if we help you open this particular lock, then all criminals will know that you can disable the bomb, and that would make all of our locks less secure!"
Which is what they are trying to achieve when they asked Apple to put a backdoor in their Iphones.
I hate to break it to you, but the FBI is part of the Department of Justice. I think you mean that a warrant needs to be issued by the judiciary, which (as far as I know) is a truism. Courts issue warrants, there is a warrant in the Apple case, and it in no way involves a "backdoor" being placed in all Apple phones.
You really might want to look up some of the facts about this case. It's not nearly as general as you think it is.
However, any attempt to execute and finetune legislation and regulation to explicitly include the online is generally either ridiculed (example: the EU "cookie law", which is actually a "don't track without explicit permission" law) or portrayed as anti-American protectionism on forums like HN.
In the world of ads, I'm constantly reminded that I don't have the perfect body and that my blender does not look as good as the latest model - I really don't want that, because my blender works fine and looks ok.
So yeah, I block ads and I don't really see why I should feel bad about that, the non-tracking feature is a nice bonus.
So the web will go back to sites that either require payment to enter or are run by people who post stuff out of enthusiasm. Sounds like a nice place to me.
On the internet, you are actually better off allowing sites to make money with these old fashioned banner style ads. The alternative on the web is baking this predatory persuasion into the content itself.
By blocking ads, you are pushing your enemy deeper into the medium. Deeper into the story selection process, deeper into the layout decisions, deeper into an app's data harvesting, deeper into the entire editorial philosophy of a publication.
If you have a instagram account with ~30k or so followers, you start getting offers to promote products for example. If you have less, you can still get deals, but then you have to hunt for them.
But this will happen regardless of ad blocking, because it is profitable. I certainly don't know how to avoid it, except to generally assume that all content is commercial content in for-profit sites. And also on some others.
For instance I can draw a little cat in my agenda to remind myself to call a particular friend that day. The police will tell me: "what? you have not written that in plain english? You must tell me what it means and if you don't you will go to prison". (In the UK one can go to jail for refusing to decrypt one's own data)
I go buy the Telegraph at my local newsstand and the guy will tell me: "can I see your papers please?" "But I just want to buy a newspaper" "yes but I must report to the police every day who reads what, by the way I must also know which pages you intend to read" (the UK is passing a law that would force all ISP to record what websites their customers view)
If a store has policy of "If you come into our store, we'll have employees follow you home" and you don't like that policy, then don't go to that store. That simple. It doesn't make sense to go into the store and have your goons beat up their employees. That might mean that you can't go to the stores you want to go to, but that's how it goes. It seems as clear online as it does in the physical world.
(tldr without the analogy: The overwhelming majority of people don't care about being tracked online because there are no obvious ill effects. The problem with ad blockers is that it makes more sense to just avoid sites that show ads, but most people don't want to do this because it would exclude their favorite sites.)
In the end, they get my data, along with a picture and whatnot and I personally wasn't even involved. Heck, I could even use a dumb phone and my phone number would be all over the place.
Recently, Facebook asked me once again to add a phone number "to protect my account". One time, my real phone number was prefilled in the box! They pretend that they don't have it, but since some of my friends use messenger, they surely have it somewhere in my shadow profile (a download of "all my data" obviously didn't contain it).
I've updated the post to reflect this problem.
Ownership is much more nuanced than you're making it seem. It depends on where and how the data was collected and further, how the data is used.
Take car ownership. The department of motor vehicles tracks who owns what car, including non-dealership title transfers. That information gets sold to companies like Experian. Anyone can buy it (https://www.autocount.com/). So a company like Yelp, who knows where you live (you do like restaurant reviews from "current location", right?) can cross-reference that with AutoCount data to figure out what car you own. Is that weird? Sure. Is that wrong? Maybe. But it's been going on from before the internet, so I don't understand what's so different now.
If the idea that some websites sell their access logs really disturbs you, don't request pages from websites that do that. Just like someone who is afraid of heights can't go to high places, people averse to ad tracking won't be able to go to most websites. Most people don't want to give up their favorite websites, so ad tracking persists.
Many companies that produce or aggregate content do so with the expectation that their efforts will be rewarded with money from ads. When you use an ad blocker, you reap the benefits of their work while knowingly depriving them of what they expected to earn in return. It would be better if you just didn't read their content, effectively voting against their behavior with your feet. Blocking the ads is having your cake and eating theirs too. It's rather benign, there are much worse things, but it isn't really right either.
So your whole argument here is based on a strawman.
You seem to be knowledgeable about online advertising and forthcoming with sources. Do you have any evidence that anything near 50% of online ad data sold is based on the highest grade profile data? Because I'm certain that is not the case. I think you're confusing the business of selling profile data on individuals, which is indeed very old, with modern ad targeting. It's hard to persistently match that up with an ip address and cookie, you see. Which is why major ad buyers prefer to buy cookies that tag large demographic buckets like "young males in the midwest with an interest in cars" instead of the names and profiles of individual people. It's common sense more cost efficient, and access log data is much more prevalent and reliable than profile data.
I don't think that any of this works in the way that you think it does. Yes, re-targeting is creepy, cookies are rampant and the average page loads way too many external files. But companies do all of these things for a reason, whether you understand the details or not. If you don't like how they do business, you can just stop going to their websites.
Only a small fraction of the actual bids will ever be on 'high grade data', but what you are missing is that all of the data is available all of the time.
So no, I'm not confusing anything. The advertising industry will use the data available to determine the value of an impression, if the value isn't there they will pass. But they still use the data in that decision, so whether it gets sold or not is not the key element.
> If you don't like how they do business, you can just stop going to their websites.
No, you can't. See there are these little things called widgets that pop up on websites that have absolutely nothing to do with the attempt to sell you something later and since you have absolutely no idea where you will be hit next you can only 'stop going to their websites' after you've been bitten.
But: (1) the number of parties that only use site specific trackers is relatively small to the number of parties that use networks, (2) even those parties usually carry facebook/google and other embedded resources, effectively still leaking your data and (3) in the end, you can't be sure that they don't combine that data on the backside with data procured elsewhere.
But there are numerous services that provide analytics and have no part in tracking you elsewhere. Is Mailchimp involved in cookie trading? Segment? Intercom? Mixpanel? To my knowledge, no, there is nothing there -- they only know you via session cookies in the browser, and those businesses do not make data available to third-party ad networks.
Even in cases where they do bring in data, such as Intercom using FullContact to merge an email address with social data from Twitter, it's a one-way API call from Intercom, with nothing identifying the actual sites that will make use of it.
I 100% agree with you on trackers/beacons like "Scorecard Research", and to a lesser extent, Google Analytics, but "you can't be sure" seems like weak ground on which to take a strong categorical stance against any use of analytics tracking. There are real differences to the value they provide and the ability they have to do beyond that even if the incentives are there.
And the 'value they provide' is never provided to the users, always to their clients at the expense of those users.
edit: ok, found this: http://www.groovypost.com/howto/news/dynamic-pricing-use-chr...
But it's still a little weak as proof.
I hope you realize that major political parties now buy this data and use it to target their campaign pitches to people in close elections. Do you buy diapers? You're probably interested in family issues. Do you buy gun parts? Let's classify you as leaning republican...
It goes way beyond uses that you would imagine. (PS: this is why if you ever sign up for a membership card at a retailer you should just use a fake name / address...)
Actually that depends on the laws of the country the store is in.
Yes, they 'follow' you around, but they are essentially invisible and mostly aim to improve the targeting of ads/information.
It's easy to forget that a lot of this technology is very new and for a while there will be cases where it's seen as intrusive. Things will only get better over time.
So Metiix Blockade was born out of this frustration... Now I have "bouncers" protecting my whole network for every one of my devices.
I hate when a web page decides what ads and trackers it wants to pull down from the Internet. With Blockade, I have taken back control of that process and I get to dictate when and where I want to provide my information.
I love feeling like I have the real internet back. No more of these ads and trackers taking over every place I go.
 https://pi-hole.net/  https://github.com/quidsup/notrack  https://github.com/gorhill/uMatrix  https://github.com/jakeogh/dnsgate  https://gaenserich.github.io/hostsblock/
They made an (anecdotal) video by promising a free cup of coffee in exchange for your contact list on your phone:
https://www.youtube.com/watch?v=AYXM56YJWSo (Dutch unfortunately)
My wife has an Android phone, I have an iPhone. Recently, I wanted to install some app on her phone and it is still beyond my understanding, why Google still doesn't allow to deny certain permissions. It's all or nothing.
And no, a fucking video editor shouldn't require access to my contacts, my browsing history and the accounts on my phone.
Android imho is unusable until they let me deny certain permissions, because often, the "best" apps ask for basically everything.
Android isn't the problem. Google is the problem.
 As in, you can restrict access to things like location, contacts, calendar etc.
Would be great to make one similar combining the two concepts in regards to sharing phone data.
'Please plug in your phone here, we need to get some data from it'
I've been operating browser separation (Google in Chrome, social in Chrome incognito, and everything else in a locked-down privacy mode only Firefox - all with uBlock) for a while, and also use anonymising VPNs for anything I really don't trust, and my own VPN with streisand and Dnsmasq (with a hosts very similar to https://github.com/StevenBlack/hosts/ ).
On my mobile every link I click in any app I open in Dolphin Zero (still on that DNS blocking VPN - which blocks all trackers in apps too), and I only keep apps I actually use and trust the publishers of on my device.
It feels like a chore (manually copying links from one browser to another depending on trust level), I wonder whether it's worth it sometimes... but then I occasionally get to see someone else's experience of the web and it's so incredibly and perniciously been invaded by advertisers that I am glad I do all of this.
It's become so bad that I even had to change my uBlock origin rules for my online bank ( https://banking.smile.co.uk/SmileWeb/start.do ) to block even first-party scripts... because they use Adobe, Omniture and Tealium tools to measure stuff and for A/B testing of their online banking features.
I now block absolutely everything and tell others to do so too, but unfortunately there is collateral damage.
The very sites I care about may not require advertising revenue, but do value tracking data that helps them spot errors, debug things, find out what screen resolutions they should cater for. Their analytics, client-side debugging, this is all now rendered useless to them.
PS: If you happen to work on Firefox for Android, please enable browser.privatebrowsing.autostart to be configured via about:config. I would love to default enable private browsing in a UA capable of running uBlock on my mobile.
I also bank with smile.
I've just confirmed that Ghostery is blocking Adobe, Omniture and Tealium trackers, but I was able to log into my account no problem. I also transferred some funds to a linked account.
What aren't you able to do with smile? And is it something specifically with the way uBlock blocks?
Their use of one of their trackers meant that the first time I ever arrived at their site (every time, because private browsing) it would set things up that touched their server and triggered Smile's security thing.
It was a minor inconvenience... but then I looked into it and noticed how much tracking they were doing.
My view on bank websites is that the only party that I should be speaking to is the bank, securely. No other party, ever.
I now block absolutely everything on my banking website, but I was very surprised this had to be done. A bank, of all sites, should never ever use a third party anything.
Oh you want location data here it is, this morning I've been all over the planet. Want to know all the websites I'm visiting, sure, here's a million of them.
Just based on the fact that they keep trying to sell you the thermometer after you already don't care kind of points out that they're being had, and I'm all for helping it happen
Now they either require you to login to get the "mobile" experience, like Facebook or Twitter, or they use probabilistic statistics to identify you without cookies.
That guy reading a newspaper in the park with a paper bag over his head and 4 goons on the lookout, feeding us uninformative/unlikely data, that guy is with 90% certainty Jacques Mattheij.
(When cookie-tracking was more common we set up a cookie-swap program. Stopped after a few months out of security concerns.)
It's funny how a law that actually confirms a right that is solidly anchored in the declaration of human rights would result in technological circumvention rather than - the expected outcome - compliance.
If necessity is the mother of invention, profitability is the mother of circumvention.
(Great blog post, btw.)
If you're going to war, sure. But that's a lot of wasted resources.
One would hope that we can find a peaceful solution. But war is always an option.
Some will disagree, but I think the comparison was spot on.
I already have adblock plus on my computer.
They didn't need credit cards or scores because they could identify your store credit account by your face, and your creditworthiness by your family's reputation.
If you were buying something out of the ordinary, you better believe your parents/spouse/church/friends/entire town would hear about it from the shopkeeper, who knew them all as well as he knew you.
A juicy conversation on a party line telephone shared with neighbors, interesting metadata on the postal mail also handled by people who know you and your business, a sighting in public with someone not your spouse, a visitor at an odd time of night, a strange car in your driveway - all these things could quickly become a public affair.
Technology is not bringing us a particularly new invasion, but it is helping at least that side of the "tight-knit communities" of old scale to modern population size and density. I think this is a horrific development, and it's certainly quantitatively unprecedented, but not qualitatively.
Sorry for being unclear, I'll see if I can tidy that up.
That's not the same as cancelling all your accounts and credit cards; you'd still have them, just not your visit data.
The most extreme thing you could do in the real world is delete your identity and start over from birth.
I used to help lead the paid search group at a top search agency and had a real birds-eye view of where things were moving in that role.
Everything is moving towards audiences. While keywords and search queries are signals that highlight intent, ultimately the audience piece is what the advertiser cares about--that's just one component of it. This is why FB, Google and everyone else under the sun wants companies to upload their CRM data, and then they use that for retargeting (1st party, or 1P data), or building lookalikes.
Then you have Adobe and other companies trying to get companies to sell this data on a marketplace as 2nd party (2P) audience data for retargeting.
There are also companies like LiveRamp and others that try to get companies with login data to provide cookie matches against hashed email addresses to keep cookies fresh and prevent them from just being deleted once and forever. I've been approached by these companies, and always turned them down because it just felt dirty.
That said, this thread seems to draw the usual crowd of everyone who hates anything related to advertising. I'm not going to try to change your opinions because I know that is not going to happen. However the reason all of this data gets shared is because it allows better targeting which leads to more relevant ads, which leads to more purchases.
Think about that for a second.
People are purchasing more when the content is more relevant to them. Nobody is holding a gun to their head making them take out their wallets and hit "Purchase." They are saying "this product/service is relevant to me and I want to buy it."
In that manner, advertising is helping people who want to purchase said thing. The issue comes in with the fact that because targeting isn't perfect (and I doubt anyone wants the level of tracking needed to make it so), and because a lot of advertising is building awareness (not simply retargeting and reminding you to buy something you initially displayed interest in), it becomes intrusive in a manner people dislike.
Unfortunately, because of the data available, there's still plenty of people who say "hmmm, I didn't know about this, but it seems interesting, I'll check it out" and then they purchase. So from an advertiser's standpoint looking at a spreadsheet of data they see "this audience segment had a conversion rate of X and an ROI of Y" and they keep doing it if it is profitable because that is what they are optimizing for.
I actually enjoyed Jacques piece, and I do think that there is some very questionable stuff going on in the ad space. The example of a random app tracking and selling data totally unrelated to said app is a great example. Companies are finding that they can monetize their data without visibly degrading the user experience by showing ads, and still get paid on a CPM rate for it, so expect to see more of that.
At the end of the day, I say all of this to highlight the fact that often is left out of pieces like this, which is that things are the way they are now because it works. Advertisers wouldn't be doing it if it didn't work, which means consumers are voting with their wallets in large enough numbers to keep fueling this behavior. In Jacques restaurant example, he was put off by the restaurant special promoted on his phone. I'd probably behave the same way because I've developed an aversion to the more invasive aspects of my industry and I'm overly sensitive to it now. But Joe Consumer? They see a relevant deal that will save them money and say "hmm, I like what they are offering, and it is a fair price, I guess that just made my decision easier" and they go eat at the restaurant. So the restaurant sees that of all the Jacques that see the ad and keep walking, for the pittance they pay they get enough Joe's in the door to make it profitable, and they keep doing it.
The positive feedback loop created by more targeting leading to higher profits means that it is working and we'll see more of it until the feedback loop is broken. Ad blockers are one avenue towards attempting to break it, and legislation is another. The question is whether pulling on those two levers will be enough to reduce the efficacy of the feedback loop to the point where advertisers stop doing this.
And a final note to those who might respond to my post. Please note that I'm not trying to paint an overly rosy picture of what advertising does or in any way trying to defend some overreaching aspects of it. I think people should own their data and be entitled to controlling how it is used. That is not the reality of the world we live in though, and so I'm simply making observations about how it impacts the various parties involved beyond just the protagonist of Jacques' story. I think there are more "clean" ways of doing advertising, that rely on a strong creative message, etc. Or viral ads that get shared because they are creating great content. But at the end of the day the media person's job is to take that ad/content and get it in front of the audience they are targeting.
And from an advertiser standpoint, if the targeted approach is vastly more profitable than the untargeted approach of how things worked in the early Mad Men days (and it most definitely is), I have to say I can't really blame them for taking that path.
I'd be curious if there are any companies out there who position themselves as "ethical advertisers" and do what you outlined in terms of advertising without the privacy tradeoff. I'd also be curious how they might fare against competitors who don't take that stance. Again, people are voting with their wallets, and right now they are saying that they are ok giving up their data in exchange for free content, and that they'll continue buying things from companies who leverage said data to communicate with them.
They may spend less money, so it is clearly a 'win' for the advertiser and the property to do as much tracking and profiling as they can get away with (and they do).
> And from an advertiser standpoint, if the targeted approach is vastly more profitable than the untargeted approach of how things worked in the early Mad Men days (and it most definitely is), I have to say I can't really blame them for taking that path.
I don't blame them either, but then they should not blame the users for the inevitable backlash.
> I'd be curious if there are any companies out there who position themselves as "ethical advertisers" and do what you outlined in terms of advertising without the privacy tradeoff.
Unfortunately the good are suffering with the bad.
> I'd also be curious how they might fare against competitors who don't take that stance.
They made less money in the short term. But in the longer term there may be some life there, too early to tell.
> Again, people are voting with their wallets, and right now they are saying that they are ok giving up their data in exchange for free content, and that they'll continue buying things from companies who leverage said data to communicate with them.
That's mostly because people have no idea what is in their profiles in the various silos.
It's a bit like getting people to click blindfolded on a EULA and then later to say 'hey, you agreed to this', which in my opinion is simply not fair and taking advantage.
I definitely concede this is a valid point in that visitors aren't exactly given a chance to opt out. I think we can both agree that if it were opt in, that wouldn't satisfy advertisers, but I think the EU approach around cookies is a bit heavy handed and ruins web experiences. I wonder if there isn't a happy middle ground somewhere.
Again, make no mistake, I think users should be in control of their data and data ownership is going to be one of the hot button issues of the next decade as tracking only becomes more pervasive and data storage becomes cheaper. But I also think that a large number of people like to jump to the conclusion of "I hate advertising" while at the same time buying stuff because of relevant, highly-targeted ads. What people don't realize is that publishers and such would have to resort to even more aggressive placements and approaches to make up the greater lack of revenue they'd suffer if they weren't able to offer highly-targeted inventory.
Jacques, you are definitely one of the standout posters on HN and I've come to recognize and respect your viewpoints as someone who has a pretty solid understanding of the ad industry and its various components. While I appreciate the perspective you painted in this piece, I'd challenge you to play devil's advocate and write another version of the story from the standpoint of an advertiser, a publisher, or a consumer who is less sensitive to advertising than you or I may be. This is a complicated issue and I don't think it is as black and white as your story makes it out to be. Exploring all sides of a problem tends to bring out those gray areas than just a single viewpoint.
Plus I'm a fan of your writing style, so I'd love to see this sort of analogy extended to the other players in the game ;)
But that's definitely a valid request, the viewpoint shift alone would be worth doing because it may help to figure out what could be done instead.
I think the publisher is the most interesting perspective of the options you listed and one that I can identify with.
People mention there's no choice anymore. Wrong! It's still there, just like it was 10 or 15 years ago. Stop sharing your personal information online and the whole tracking thing doesn't matter anymore.
This analogy seems completely flawed imho. Nobody can get inside my home, or force my door or any of that nonsense, unless I specifically allow them when they ask!
I fail to understand how all these trackers can read my browsing history without me installing <popular plugin> and allowing it access to my browser? Or how are they going to read my contact list from my Android phone, or the one from my Thunderbird? Through thin air?
Nobody took the choice from us, we just happened to open wide our front and back doors, and then complain that random people come in and look through our stuff.
Being online is no longer optional, giving merchants and authorities your information is in many cases also no longer optional.
If you stop sharing your personal information online you will not be able to participate in a very large chunk of society's functions, some of which are mandatory. Heck I can't even the local tax office website without receiving a bunch of stuff that tracks me.