Hacker News new | past | comments | ask | show | jobs | submit login

Anyone in the ad-tech industry that can comment on the ITP changes? It's the thing I look forward to the most.

>Updates to Intelligent Tracking Prevention add new restrictions to cookies, further reducing the ability of hidden third parties to track users across websites they visit. To do that, support for partitioned cookies was removed for domains Intelligent Tracking Prevention identifies as having cross-site tracking capabilities. Going a step further, Intelligent Tracking Prevention now also limits long-term tracking for JavaScript first-party cookies.

It further entrenches Facebook and Google's monopoly on adtech and solves nothing against the companies that people worry about most (and ironically give up the most data too). It also does nothing to stop the wild-west of mobile app tracking.

The ideal solution would be to offer up the device's Advertising ID to the browser, just like it is available to mobile apps. That would remove all the tracking pixels and workarounds and improve privacy as the user can easily reset their ID whenever they want to.

> It further entrenches Facebook and Google's monopoly on adtech

How so?

They have 1st party connections to their users through both apps and websites and will always know who the person is. ITP does nothing to stop them. Amazon will be the 3rd major adtech company soon and ISPs will also be unaffected as they're starting to build up more adtech businesses themselves.

ITP is mostly a PR play for Apple's "privacy" marketing push that again hurts publishers and smaller independent internet companies.

Quote: „Going a step further, Intelligent Tracking Prevention now also limits long-term tracking for JavaScript first-party cookies.“

That means nothing in practice. These companies have the data, reach, and 1st party connection for those cookies to be constantly replaced and augmented with plenty of other signals.

Since this is downvoted, I'll be extra clear: these companies have websites and network traffic that billions of people use directly which means they can serve HTTP cookies and other signals which are not touched at all by ITP.

While also completely ignoring the real issue native apps.

> It further entrenches Facebook and Google's monopoly on adtech

Just don’t use those sites. I don’t.

Are you being sarcastic? Or seriously suggesting the billions of users of Google and Facebook should just stop using them? If it was that easy then why all this trouble with ITP in the first place?

Why would this be sarcastic?

I haven’t used Facebook for about 10 years now.

I stopped using Google last year. DDG is great.

What’s so hard?

>> What's so hard?

Ah the classic HN comment.

The problem is you don't speak for the billions of people use various Facebook and Google services to live their lives without easy alternatives. When someone is using Gmail to run their small business or using Facebook to keep in touch with their distant relatives, I'm sure saying "what's so hard" is all it takes to get them to see the error of their ways.

I don't use those sites either, but a rather large fraction of websites include javascript from Google. You can try to avoid those sites, too, but it's a lesser Internet.

And a better Internet IMO.

How can Safari 12.1 impact mobile apps?

The point is that mobile apps are 1000x more intrusive than anything on the web (which was always designed for anonymous users).

Apple does not do anything to stop mobile apps tracking even with the app store review and the ability to scan them both on submission and as they're running in the OS. Mobile apps are 90% of the source of adfraud and privacy issues on iOS.

Meanwhile Mobile Safari (even without ITP) has caused numerous problems with apps trying to offer webviews for content while trying to keep users signed in. There are numerous effective improvements to be made instead of messing with cookies.

Somewhat aside:

After discovering mitmproxy, I checked out various apps on my Macbook. Found plenty that at least phoned home to Google Analytics on boot. Some even phoned on every action/keypress.

Not sure why HN has such a hard-on for native/mobile apps. You get performance at the expense of basically everything else. There's no dev toolbar. No extension system. No customization. No uBlock. You take it all or nothing. And you need intrusive tools like mitmproxy or Little Snitch just to get insight into their network traffic.

Native apps often (not always) get you not just performance, but also efficiency, no annoying browser chrome, adherence to platform UI conventions, and utilization of platform-specific features (no lowest common denominator syndrome).

Electron apps can get rid of the browser chrome at least, but it comes with the cost of a redundant copy of Chromium for each app, which is worse than running in-browser in terms of resource consumption.

Web apps would be great if they could deliver the things mentioned in the first paragraph on top of their security/privacy benefits, but I don’t see that happening any time soon.

Anything that's using a web view is affected, so this definitely affects ad tracking in mobile apps like Instagram. It shouldn't affect the apps themselves unless they start making other workarounds to persist identifiers for their advertisers, which they almost certainly will do.

All this talk about tracking prevention, but it also seems like safari 12.1 REMOVES link tracking (<a ping>) prevention: https://lapcatsoftware.com/articles/Safari-link-tracking.htm...

That’s just the author of that post not having thought through the security model. <a ping> doesn’t do anything which isn’t already commonplace – it just does it without performance and reliability impacts. Without that feature, everyone still gets tracked but they have to wait for often-buggy JavaScript or server redirects to complete before navigating.

Interesting, but given it’s a link already controlled by the website I don’t see the difference between ping and simply linking to a tracking URL like google already does. This just allows websites to retain proper semantics.

Feel free to educate me though :)

document.cookie is also already controlled by the website, but due to everyone <script src>'ing 3rd party trackers like GA it looks like they felt the need to limit this api. So why remove the possibility for blocking the same scripts from doing foreach('a').attr('ping','3rdpartytracker/uniqueId/'+this.href)?

Nothing's stopping those scripts today from converting all links to bouncing through a redirect domain for tracking, and yet scripts aren't doing that.

That has UX implications, with the mouseover statusbar link target popup and the right/middle mouse click to copy-url/open-in-new-tab features making it much more obvious.

Okay, so imagine it’s adding click event handlers which use XHR/Beacon to avoid the user-visible rewriting. That’s the same impact but everything is slower and you have edge cases where navigation fails with no user feedback at all.

A ping attribute does nothing if you have a content blocker and block the URL it would have tried to contact.

Adobe has a write-up about the impact this has on the Adobe Marketing Cloud:


This was super interesting. I like how they keep saying something like "Adobe respects consumer privacy options."

>> Adobe respects consumer privacy options.

They do. Is that a problem?

I'm in analytics, not ad tech, though they are pretty well coupled.

This is a pretty concerning move. One week is super aggressive. There are several ways around their restrictions, but I really wish I didn't have to consider them.

Long story short, if you reflect a client-side cookie back from the server-side (by having the host site set up a CNAME to your collection servers), then it sets an HttpOnly cookie that will last as long as you tell it.

This technique is pretty effective at also skirting adblockers, which is why I really wish it weren't the easiest solution, as my company has been very conscious of not trying to work around ad blockers and the intent of web site visitors.

This is going to surprise and confuse a lot of customers in the analytics world, but ultimately, they'll adapt and we'll make do.

It will ultimately also accomplish nothing except hurting publishers and giving people less relevant ads.

Well, they are lucky that Apple doesn’t promote its content blocking framework built into iOS.

But cry me a river over publishers being hurt by less effective ads or supporting their business based on ads.

Ads are bad enough on desktop with plenty of real estate. They make sites unusable on mobile.

I’m going to try out Apple News+ soon. If it is any good, I’ll pay for it

You've posted the same thing dozens of times and I've replied to them before. Advertising as a concept is different from online ads as an execution. The latter is bad but there is no replacement for advertising based business models.

Good for you if you pay for the news but you don't represent the billions of people on the internet and what they want, what they can afford, and how they value it is well known. Advertising isn't going anywhere.

Shouldn’t you disclaim your own biases that you are “currently working on a B2B marketing company”?

I have no business interest in not wanting ads.

I've got nothing to hide. This is my real name. Yes I'm in marketing, I'm known in the industry, I wrote about ad blocking [1], built an adblocker, spent 6 figures to test alternative payments [2], am part of every initiative to make ads better [3], and have spoken with senators to push for regulation. Does that work as a disclaimer?

But what does business interest have to do with discussing advertising as a concept vs implementation? We can discuss highly technical topics with nuance but when it comes to ads, why is there such a visceral and emotional reaction?

1. https://techcrunch.com/2016/01/16/ad-blocking-a-primer/

2. https://news.ycombinator.com/item?id=19038820

3. https://instinctive.io/blog/instinctive-is-a-founding-member...

And this why ads are a problem. From your own article.

Options include continuously changing domain names and server-side ad rendering.

People clearly have expressed their intent not to want ads, yet you want to have systems to force it on them. If people have signaled that they don’t want to ads, do you really think it is your target market. Who exactly is it serving?

Ads, especially on mobile with limited real estate, slide shows, etc makes web pages unreadable. I specifically don’t use the Facebook app or any other app that doesn’t use the SafariViewController (which supports content blockers) to display external links.

Btw, no I didn’t search for your name on the internet. I just went to your HN profile. I thought anyone who so vehemently defended the adtech business must have a business interest in it.

Most content producers want nothing more than to diversify from a dependency on ads so I knew it didn’t come from anyone on the content side.

That's still mixing up concept vs implementation. I described 4 reasons why adblockers are used in the first place. You won't find anyone else in adtech who's criticized the the formats and experience becoming too intrusive but it's not something that gets solved easily, and a big part of the problem is because people outside the industry are not willing to cooperate.

As far users: It's not about wanting ads, it's about wanting content. The cost is paid for by ads. People make that choice willingly, and that choice is rarely relevant to any product's target customer profile, but the process is serving both users and advertisers by facilitating the trade in attention vs content. Sure content producers want direct payments, and the rise of patreon and subscriptions shows success, but the scale and reach of that is inherently limited. Very few people can afford to pay for all the varied content from so many different sources that they consume daily. That's the fundamental problem.

If only a company was bundling content from various publishers and showing ad free articles for $10 a month.....

Ok? That's not an argument. We're just going in circles.

Bundling is just a stage in the cycle of payments that every medium goes through every few years and doesn't change the fact that most content still is, and always has been, paid for by advertising.

Irrelevant ads are better for customers because they dont work as well.

That makes no sense. Marketing is about efficiently matching customers with products filling their needs and wants. Advertising is the communication that makes this system work and relevancy is a core factor.

Irrelevant ads only waste time and money and work against both sides.

It isn't. Marketing and advertising in particular is about making people buy the product that the company paying for the advertising wants to sell. It uses lies and emotional manipulation to make people think that they need that product. Helping customers fulfill their needs and wants is not helpful when these needs and wants would not even exist without ads.

This is particularly obvious for ads for stuff like coke: Everyone knows coke exists. Ads for it do not inform at all, they only manipulate.

If ads were useful to the customer, then there would be no need to embed them with useful services, let alone to force customers to expose themselves to them by turning of their ad blockers. It would not make sense to give customers a choice between paying for a given service or suffering from ads: Those are signs that the value of ads for customers is negative. If it were positive, you could even charge extra for them.

Despite being a very bad method of informing customers, ads might be defensible if they were the only one. But they aren't. Classifieds may technically be ads, but they differ fundamentally from others in that customers specifically seek them out. That indicates that customers do get value from them.

Another suitable method of informing customers are newspapers and magazines, especially specialized magazines and ones like Consumer Reports. Their interests are aligned with the customer because it's the customer who pays them.

Admittedly, there is a problem with those publications: Most of them also contain ads. That means advertisers can influence their reporting with the threat, spoken or unspoken, to no longer advertise in them. This is another way ads make products worse and obviously not an argument in their favor.

That's a conflation of several different things and redefining marketing from the actual definition to be what you want doesn't make a good argument. Lying in ads is illegal and "manipulation" is just another word for influence, the same as when you recommend something to your friend. Whether you trust a brand or not is no different than whether you trust a friend which is why we have branding and customer loyalty in the first place.

Advertising is communication and has no inherent usefulness; the value is in the outcome. The user isn't suffering, they're choosing a way to convert attention to currency as a way of paying for the content they want. It's a choice they willing make and having the option to transact that way is a net positive for both sides.

Relevant ads are worse for me as they are most likely to change my behaviour. My interests don’t really align with those of the advertisers.

If you're interests don't align then they wouldn't be relevant. You're also in charge of your behavior, no ad can make you do anything.

As I stated before, irrelevant ads are the #2 complaint by users.

>no ad can make you do anything

That is clearly wrong as advertisers wouldn't knowingly pay for ads that have no effect.

I’ve got a novel idea. Publishers can make content that people are willing to pay for and charge money.

It's not novel, it's been used for centuries. The industry is a lot smarter than you think. But people don't value news and can't pay anywhere near enough compared to what they consume.

Ads allow people to read what they want, when they want, for how much they want, regardless of publisher name or how much wealth they personally have.

How’s that whole get lots of customers and sell ads working out?

Are they making the $40 per month per user that the WSJ gets?

It's working out fine. 90% of the content and services on the internet is paid for by ads.

There's also cycles. TV went through OTA to cable bundles to a-la-carte streaming and is now heading back to ads and bundles as people have reached their limit on payments. Music is in the bundle stage. New formats like podcasts are still in the early ad stage. Online publishers are at the peak of the direct payments stage and heading to news bundles next, which you mentioned yourself.

Regardless of the cycle, ads pay for the most and are almost always part of the deal because it's incredibly hard to sustain content production with rising costs at any price that consumers actually want to pay.

If it’s “working fine” then why are all of the newspapers struggling with digital except the ones that are actually charging customers?


Adblockers. It is technical hammer that breaks the content-for-ads trade-off.

If there was an extension that you can install with 1-click that lets you order from Amazon.com for free, would people not use it? Does that suddenly mean that Amazon is no longer valid as a business?

These companies will either use technical countermeasures, or switch to different revenue models, or go out of business. But individual producers don't change the fact that most content is paid for by ads, powered by 2 of the biggest companies on the planet.

And nothing of value will be lost. If a business can’t survive market realities, so be it.

On the other hand, there is always the “1000 true fans” way of making money. Keep your expenses down and write content a few people are willing to pay for.

Ben Thompson over at Stratechery has well over 2000 subscribers the last time he gave out numbers, now its closer to 4000 probably. They pay him $100 a year for one article delivered 4 or 5 days a week including a free article.

John Grubsr over at Daring Firebsll is able to charge $6500 a week for a sponsorship- one article on the website and in the RSS feed at the beginning of the week and one thank you post at the end of the week.

No horrible privacy invasive ads, no ad networks, etc. It is basically an Apple centric blog he’s been building since 2002.

When Google killed Reader, he lost half of his readers but he was still able to charge his same rates. Advertisers were able to reach a desirable demographic.

They’ve tried. It isn’t as simple as that. If it were it’d happen.

It works for newspapers that people care about -- the WSJ, NYT, and I'm sure there are others.

Ads aren't working too well either with the increasing use of ad blockers -- even on mobile and Google and FB sucking all of the ad revenue up.

People want less relevant ads, that’s the point.

They want less ads, not irrelevant ones. Relevancy is the #2 complaint by consumers about ads.

If ads were relevant to the topic of the site, and had no creepy follow-you-around-the-web behaviour they’d be a lot less offensive.

We agree. The problem isn't advertising, it's the implementation of online ads.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact