I've gone down the road of trying to create a super private browsing experience.(www.privacytools.io for a good start).
The issue is the web experience degrades rapdily and quite frequently is unusable. You have to block CDNs for a start if you really wanna go full paranoia mode. And there's too many other issues to list here.
But the biggest issue, is that Google's CAPTCHAs become unsolveable. I mean literally they wont let you pass. You will get served a large sequence of captchas. I've experienced up to 6 for a single verification. And not only do you get more, but they deliberately add an excruciatingly slow delay to each image. It can take 10-15 seconds to solve a single image set, and then you still need to do 5 more.
Also interesting side note, it seems they are injecting adversial noise into the hard captcha, as I noticed faint distortions in most of the images.
Bur even with your best effort to solve them you will not get through. Ive repeated this experiement many times. It seems that preventing browser fingerprinting is the thing that really makes them put up a redflag, but its hard to know for sure. And I'd like to emphasize that none of the privacy modifications I was using make any significant change to normal browser functionality. You still have JS, you still have cookies (through Firefox containers).
Anyway the scary thing here is its very easy to extrapolate this further and get to an internet where you either opt in to be tracked, or you are effectively throttled/gated on huge parts of the web.
Google CAPTCHAs have gone from asking the question "Are you human?" to "Which human are you?".
And the beautiful, incredible irony is how this contrasts with Google's very public stance on net neutrality.
"Internet companies, innovative startups, and millions of internet users depend on these common-sense protections that prevent blocking or throttling of internet traffic, segmenting the internet into paid fast lanes and slow lanes, and other discriminatory practices. Thanks in part to net neutrality, the open internet has grown to become an unrivaled source of choice, competition, innovation, free expression, and opportunity. And it should stay that way. "
Do as I say. Not as I do.
>Google CAPTCHAs have gone from asking the question "Are you human?" to "Which human are you?".
This is a good way to put it. I wonder if the Googlers that work on ReCaptcha are somehow able to convince themselves they're Making The World A Better Place, like most Googlers somehow manage to.
Passwords, access cards, biometrics, hardened doors, guards carrying machine guns, rooms without numbers, and on the inside of all that: google captcha.
Were they accessing a secure government site that was serving CAPTCHAs?
Or were they accessing a public site from a government facility with browsers that were so locked down that they triggered CAPTCHAs?
The first would be kinda stupid. The second would be funny. Or tragic, I suppose.
Maybe none of these are convenient for you but for some websites they work quite well. Invite only communities often have far less trolls and virtually no spam.
I'm not in a position to decide on a human verification mechanism, but I used to do WordPress and Drupal CMS work as a freelancer. The number of non-technical people setting up their own sites on these platforms vastly outnumbers the people who even are aware of some of the downsides to Google reCAPTCHA. Until the mechanisms you described implementing are as easy as installing a plug-in, Google reCAPTCHA is here to stay.
you can test it by trying to create a new account
its dead simple and looks to be pretty secure
you have to orient an object so that its not upside down
Strategically-placed honeypot form fields get you to 99.5%.
I run a site that gets ~1.2 million visitors a month. YMMV.
But there seems like there should be a technological solution. Google knows what a "legitimate" user looks like. Either because they come from a safe IP, or they're registered Google users, or they have a normal established browser history. But using your legitimate identify compromises your privacy, because then your IP/user-account can be correlated to your personal identity.
So, let's create zero-knowledge proof identity schemes. Using your legitimate, but non-private, identity you "register" an ephemeral, private anonymous identity. But it's done using zero-knowledge proof, such that Google has no idea about who a particular anonymous identity besides that it must belong to one of its several million legitimate identities.
What's "malicious" about simply opening a page on a website? Google bots are doing this all the time and they don't have to solve CAPTCHAs.
Google plays the long game though. By setting themselves up for being the gatekeeper of bot traffic, any bot belonging to a competing search engine cannot possibly index the web as well as Google can.
How does a good, non-Google not solve a Google Recaptcha?
> How does a good, non-Google not solve a Google Recaptcha?
I'm not sure if it's antitrust, because I would imagine that website admins would _like_ Google to have access to their site while excluding others.
What people fail to realize, I think, is that if this practice had been common, something like Google would have never came to be in the first place! Imagine if websites blocked all but AskJeeves user agents from crawling them?
But even just looking at it from a purely technical perspective... If CAPTCHAs are intended to be "completely automated public Turing test to tell computers and humans apart", then its quite clear that they no longer accomplish this. I am a human and I can't pass. The model is wrong, build a better one.
That's what google says the are for, but they aren't used that way by everyone. Many websites use them not to detect machines but to slow down the humans. They want to make something burdensome so they add the captcha. Maybe they want you to subscribe, pay money, to avoid it. Maybe they just want you to spend a few more seconds looking at of some banner ad. Or maybe including a captcha ticks a useless security box on some compliance form.
Google’s CAPTCHA probably knows that you are a human, some of your answers are correct, and Google already uses the answers you give to improve its Maps offering like it always has. The fact that it still won’t let you pass is presumably a way of punishing you for trying to stay anonymous.
Depending what they data is. It might take more points and samples but I think most people would be surprised how few data points you need before you can be identified.
Even from the most mundane things and especially if they have non anonymized data to compare or find you agaisnt
Google doesn’t implement it directly, but any CloudFlare powered website that shows you a Google Captcha because of CF is supported.
Even if there was (there isn't) I wouldn't waste a single second thinking about or advocating for it. The only sustainable "solution" can come from Congress and it would look almost exactly like GDPR.
All of which is an obnoxious form of unpaid labor to train their AIs.
Ultimately it may all be moot : we're slowly moving towards the point - still years or decades off, admittedly - when effective de-anonymization of the public internet will become a reality. For better or worse, I guess.
Machines solve them much better than I do, way faster and way better.
And the most important thing, it does not frustrate or mentally exhaust me, like the thing does to people.
But using nested VPN chains, in a VM with a basic Firefox install with NoScript and an ad-blocker, I see hardly any CAPTCHAs. Sure, everything that I do is tracked and correlated. But it's just linked to a VPN exit IP, and a made-up persona. I actually go out of my way to link everything in this VM to Mirimir.
And your solution is good. But its kind of ridiculous that we have to jump through hoops like that to stay private.
Could you share more specifics, please? Reading your comment, that really didn't sink in for me. And I wonder what you're blocking that Tor browser doesn't. And/or how Tor browser reduces CAPTCHA incidence.
It is ridiculous. But for me it's been a hobby. For over 20 years now ;)
The internet punishes anonymous browsing. Every site out there wants to track you. Across websites! Just imagine ordering a Big Mac at the McDrive. Suddenly a McDonald's employee walks out and puts a GPS tracker under your car. How would you respond?
Within a few years, I wouldn't be too surprised if they'll be printing GPS trackers on packaging ;)
There's a GreaseMonkey script that eliminates this delay.
This would probably be hard to do with canvas-based browser fingerprinting, but might work with the various other fields. Basically create a large pool of 'profiles' based on common browser settings, then assign one at random to clients.
Basically, make it look like thousands of users on the same machine.
i've noticed the same... vicious.
No, you need to think of the NYT (and any reputable newspaper) as being two separate entities: the newsroom and the advertising department, with a firewall between them . You really don't want the newsroom killing a story because it makes the practices of the advertising department look bad.
Also, demands that the people who expose bad privacy practices have perfect privacy records themselves is to demand for privacy advocates to kill themselves a circular firing squad , so no one wins but the advertisers and privacy-invaders. Personally, I want these exposés carried by the publications with the greatest numbers of readers, and I'm not going to gripe too much about practices of those publications as long as the message gets out.
If the advertising department is the entity responsible for the private-browsing situation, when a reader says "The New York Times" in this context, it should be read as "The New York Times' advertising department".
Ideally, the public editor (which the NYT no longer has) would do so, prompted by readers.
They aren't really though, they both make money on my privacy with relatively little consent. If that's the bad thing, I'm not sure I care that one of two parties says "sorry, I know this is bad" while still doing it. This could actually make them the worse of the two parties.
> . You really don't want the newsroom killing a story because it makes the practices of the advertising department look bad.
this feels like bait, no one is asking for the newsroom to kill the story, they are asking for the newsroom to kill the practices of the advertising department.
> Also, demands that the people who expose bad privacy practices have perfect privacy records themselves
Its not a demand that they have perfect privacy records. Its kinda just pointing out that these authors have control of who they publish for and that its quite hollow to warn people about a poisonous medium in a way that draws more people through that medium.
This isn't to say they are bad people, just that they aren't great for pointing out bad practices they take part in 10 years after society has already baked them in.
I do warn that my opinion is colored by a belief that news orgs are responsible for a large part the of the normalization of our lack of privacy and current relationship with marketing. Which I see as sort of proto you-gotta-beleive-me methods.
[edit for formatting]
> They aren't really though, they both make money on my privacy with relatively little consent.
They are and they aren't: they're two separate parts of one business. The advertising department makes money for the owners, while the newsroom writes the stories (and is hopefully insulated enough from the interests of the owners and ad department that it can be honest).
> this feels like bait, no one is asking for the newsroom to kill the story, they are asking for the newsroom to kill the practices of the advertising department.
The newsroom doesn't really have that authority. The firewall is there to protect the newsroom from the advertising department, because the ad department is naturally more powerful (due to newspapers being businesses and the ad department being the part that actually collects much of the revenue).
> Its kinda just pointing out that these authors have control of who they publish for and that its quite hollow to warn people about a poisonous medium in a way that draws more people through that medium.
The world is more complicated than that. It's more poisonous to distract from the warnings just to point out they weren't published in some low-reach niche publication whose privacy practices satisfy some random internet commenter.
If you actually care about privacy, you should celebrate these articles because they might reach a wide-enough audience to actually cause real action to fix the problems.
They could refuse to publish their articles for a corporation with such an "immoral" advertising department, but they don't, because they aren't genuine in their beliefs.
That's an un-nuanced and extremely uncharitable statement. Have you ever heard the saying "choose your battles?" Don't you think people have to prioritize the actions they take to support their multifarious beliefs? You can have genuine beliefs without being destructively unreasonable.
I'm pretty sure the people in the New York Times newsroom value public good of having a functioning "fourth estate"  over having a tracker-free nytimes.com website, and thus are unwilling wage some destructive pyrrhic war with their employers over something as trifling as the latter. Especially when they can instead write a widely read series of articles that bring light to those practices, and perhaps lead to wider change.
I would suggest
> the New York Times newsroom value public good of having a functioning "fourth estate"
AND it being well funded
AND that they are a part of it both individually(authors) and as an organization (NYT brand)
> over having a tracker-free nytimes.com website
or tracker-free alternatives/competition.
No, not really. The GGP was basically pushing "we could destroy the village in order to save it" logic." The NYT is one of the few newspapers that may be able to weather the economic maelstrom that journalism is in the middle of, so it makes no sense for its journalists to go to war with its management over a niche issue, to satisfy a few strident people in the internet peanut gallery. I think it's pretty obvious that the turmoil the GGP's idea would cause would have far more negatives than positives.
Running all these stories definitely has more positives than negatives.
> AND it being well funded
> AND that they are a part of it both individually(authors) and as an organization (NYT brand)
Those are things you need for a functioning forth estate. Some people used to think that blogs (e.g. sites that lack the things you listed) could replace newspapers, but they were wrong.
>> GGP was basically pushing "we could destroy the village in order to save it" logic."
Why do I feel any criticism of reporters reads that way to you? I don't think they want to destroy reporters/the 4th estate at all it seems like what they want is the content creators to try and work for "moral" people and use the power they have as content creators to do so. This is not hugely simple and i agree with you on that. The false dichotomy your pushing into it is that any change which is hard is equivalent to destruction, or that any change that is fought for is someone going to "war" with the 4th estate.
The 4th estate existed before they rebuilt their village on sand. We would rather a solid foundation over them complaining about the sand they built the village on, while also claiming that attempts at change are just not feasible. Complaining about a thing and then saying but its okay as long as i get mine is exactly the thing about it seeming hollow.
>> Those are things you need for a functioning forth estate. Some people used to think that blogs (e.g. sites that lack the things you listed) could replace newspapers, but they were wrong.
I mean the fourth estate is not defined as being any individual reporter or brand. So this is a claim on your part that no reporter should lose or leave or protest their job and no paper should ever go defunct if we have a functioning fourth estate... I don't even really know how to address this claim, but it seems like its probably not what you mean? The point of adding those two things was to draw attention to the incentives of the individuals.
As for blogs, they also generally have trackers, the reason they couldn't replace newspapers was not the lack of trackers on them and people don't go to the new york times to see the ads.
It really feels like your painting a picture of this all or nothing situation with no individuals in it. while this person
> I don't mind paying a small subscription but let me choose to deny your advertisers information on how I consume your content.
seems to want to pay reporters instead of being tracked and this other one
> They could refuse to publish their articles for a corporation with such an "immoral" advertising department, but they don't, because they aren't genuine in their beliefs.
seems to be a "stop claiming your so good please" situation as opposed to the "destroy them all muhhaha" thing your claiming.
> niche issue, few strident people, peanut gallery, pyrrhic war, low-reach niche publication, some random internet commenter.
Common now, really? we are good enough for them to write a bunch of articles about our issue just not good enough to actually try and do anything? And we can't point out the hollowness of that position?
I guess I'm sorry I responded, I felt your original comment was informative but of two side channels that weren't really a response to the content of the comment you where responding to. That is to say while both things you stated in your OP where true neither seems to contradict the idea that the NYT wants it both ways, they actually seem to explain the method by which they achieve having it both ways. I hoped we could get to a better shared understanding of the positions but now I feel like your seeing my and the others arguments as "burn it to the ground" as opposed to "Its nice that they started talking about it being bad a little more frequently, it would be nicer if they chose not to do it, or at least tried to support some alternatives".
I may be missing something here but they make money for the reporters as well right? I don't know, if the firewall involves the money as well, my opinion of the authors would change mildly as the benefits are less obvious/direct making it a easier mistake to fall into though I think the criticism stands either way.
> news department .... hopefully insulated enough from...
> to protect the newsroom from the advertising department
Right and I get that in most cases this works out. In this case the dynamic seems to insulate the marketing department actions from the meaningful critique given by the news room, and the news room from the moral/ethical implications of
benefiting from those actions. This moral/ethical insulation is the thing I am questioning.
> The newsroom doesn't really have that authority.
Thats why the Chinese firewall thing felt like bait, no one wants the newsroom to kill the story, and the news room as a corporate entity can't kill ads. The people creating the content though, the individuals... they could start producing
content for people who don't do this sort of stuff.
I mean I'm not even saying they should boycott the benefits and winfall of the system that every one around them is deeply embedded in already. I'm saying that as content creators, who are now aware of the situation, they are close to the only people who could populate a different system with content and users.
> It's more poisonous to distract from the warnings
This is not what is going on, the warning stands, people who are mad at the reporters for reporting this stuff like its a new hot scoop are not mad because they want to have no privacy... they seem to be mad because its been yelled about for
years. By both reporters and security experts, and the trend has only accelerated. At least that's what im mad about. Its not a "your bad" but a "stop claiming your so good please"
> celebrate these articles
I do, and have since they started coming out years and years ago (I even try and local archive them)... but I celebrate the article, and remember that the author could do better. This is why I see the comment about wanting it "both ways" as
valid. It sounds harsh but its not a claim that the reporters are the evil ones and shouldn't talk about privacy, its only the acknowledgment that they could take more steps not to be enablers and that they could actually bootstrap an
alternative. It's not really even a claim about this specific author or mainstream outlet.
> actually cause real action to fix the problems.
I don't think they will, I think they will just keep doing what they are doing (and have always done) then participate in the change (if it ever happens), and claim its what they wanted from the start, which brings me back to the idea of wanting it both ways.
We know that news companies work with PR firms to publish ads as articles. The "suit" PR that is famous here.
We also know that news companies sometimes kill or refuse to cover sensitive stories that might reflect poorly on their benefactors or their politics. We know that the news companies attack social media as being toxic while demanding preferential treatment on the platforms they say are evil. I don't think we should view anything industry or government with rose colored glasses. The forces of money and corruption are felt just as much in the news industry as it is in every other industry and government.
But I agree with you that as long as the message gets out, it is a net benefit to society. It is better The NYTimes exposes privacy concerns even though they themselves violate their customers privacy. We don't live in an ideal world so we should hold everyone to an unattainable ideal standard.
A business is an organization that needs to make money to survive. Such an organization will find ways to make money, or cease to exist. No amount of law will change the nature of this dynamic.
Keep in mind that the journalist who did the research and wrote the article did not have a say in how the employer who enabled them to write this piece generates revenue.
In a way, she did. She is not an NYT employee, but rather, a professor at UNC Chapel Hill who could have published this piece elsewhere.
To be clear, I don't fault her for her choice at all. Just pointing out that we all "opt-in" to this system when we participate in it, and that's a part of the problem.
By not being a NYT employee she has even less of a say in the matter. I'm sure she knows that nobody's going to read her article if it's published in The Daily Tar Heel.
If someone gave you the opportunity to publish an article in The New York Times would you say no?
I should also point out that the print edition of the NYT is still widely circulated, and it seems this article would have appeared in the Opinion section, tracker free :-)
* with money from dubious origin
This really is a significant point.
All-visitor paywalls already crumbled, and a few of the worst excesses of tracking at least getting debated, so this is a place where users can get actual traction. It's the same sort of collective action problem as voting, true; writers and publishers have far more influence than any given reader. But it's also true that the space is far more open than voting.
There are a lot of news sites (e.g. The Boston Globe) which have shut out incognito access, filled their sites with trackers, and loaded up on dark patterns to push people towards misleadingly-priced subscriptions. And for almost everything they publish, there's minimal cost to just... not reading it. If it's a major story, it will be covered elsewhere. I know I'm not changing the world when I skip their links, but I'm protecting a bit of my own data, and putting a bit of pressure on them to do better.
I think the effectiveness of all of this stuff is way overrated. I have money, I will spend it, but with all the tech in the world the industry still can't put a relevant ad in front of me.
It’s been said in other comments, but a lot of advertising is for products which are useless or unpalatable or unhealthy. Just look at how much alcoholic drinks and soda drinks advertise. Maybe we should tax advertising revenue.
My guess is that it is because most ads suck, because a) 90% of all products are crap, and b) good products don't need that many ads.
If somebody comes up with a better whatever, I will probably hear about it, but most new products are not revolutionary enough for that, but they are also not revolutionary enough for me to be interested in them as an ad.
If I was being shown ads for products around my hobbies I would:
1. Definitely discover companies and products I wasn't aware of.
2. Buy stuff I probably didn't need but would be tempted into owning.
The key here is to further define "a sufficiently high degree of accuracy." Sufficiently high degree of accuracy to... do what? Predictions from these models are typically only sufficient to move [INSERT METRIC] in the aggregate, there is no need to be more accurate than that.
For your case: most of these models are noisy and operate over sparse data. That means any individual prediction can be arbitrarily bad, even to the point of complete randomness. The models only need to be marginally more accurate in aggregate than the a priori average prediction for each item without conditioning on any user features.
Your intuition is correct. "Computer algorithms ... can now infer ... your moods, your political beliefs, your sexual orientation and your health" in the context of this article is hyperbole.
For instance, to predict moods you need to source ground truth variables. Users don't normally give this information out for free. Even in the case the user updated their status with "My current mood is x" there is bias you have to account for that is likely prohibitive to the task. People self censor their emotions on the internet. This means sourcing the data in some other way, maybe through a questionnaire. Either way you won't have nearly as much data and the resulting model will likely be much noisier. Modeling the other user features mentioned have similar pitfalls.
The thing about advertisers of dreck is that they don't mind paying to annoy one million uninterested people to get one new customer.
The only way to keep privacy online is to compartmentalize. Use one proxy and profile browser for discussing politics, another for HN/Reddit, yet another for LinkedIn. And always block everything you don't need. Start with ads since you virtually never need ads. Use various nicknames and avoid Facebook if you can swing it.
Beyond that you only need a secure (up to date) OS, Signal, and maybe occasionally Tor. It may or may not hold up against an NSA-level adversary but you will easily lose most advertisers and corporate surveillance.
And even using multiple personas, you must take care to avoid linking them. No common social media, forums or mail lists. No cross-linking, or mentioning each other. No telling anyone about links between them. And as much as possible, no shared interests, especially specific ones.
Instead of using one OS with multiple browsers, it's better to compartmentalize in multiple VMs. Each VM should reach the Internet through a different nested chain of VPNs. And for more anonymity, you can use Whonix for Tor. Also, it goes without saying that the machine should be full-disk encrypted, and that you should avoid Windows.
When it really matters, you should use multiple physical machines, on separate LANs. And of course, be careful not to share USB drives among them.
The "fingerprint" of the writing style, the interests and "likes" and "dislikes" patterns is often enough, the more one writes the more "uniqueness" can be determined.
What we need is new social norms. Most people don't point video cameras at their neighbors' windows, not out of fear of being caught, but because it's just wrong. Similar norms should apply online, and people and companies who do it should be shunned.
What bothers me much more is that it might be possible to identify somebody through text analysis.
Come on! Are you even serious? It basically requires you being a hermit, because these people is fucking everyone. I think I'm pretty close to being as discreet as possible while being considered more or less normal, but it seems to be of no use — I'm not even always sure how fresh-new fake account on Facebook (or such) can imply this or that connection, or how youtube can recommend a video on some quite specific interest I might have shown a while ago on a completely different device.
And I don't know about you, but I'm not feeling ready to refuse to interact with a girl/friend/relative because they are using whatsapp. I can only hate fb and wish Zuckerberg a painful death, but I don't see how I can realistically avoid being monitored.
For the first time we probably have the technology that could help realize something like this if we knew what the shape should look.
Unfortunately we will never have that because that would mean the shaping had already been done.
Then again, if you think about it, maybe the shaping has been done and the shapers already have what they want...
> ... tracking and stalking
I think governments have a vested interest in being able to track
Why do you think this is a choice? This is definitely not a choice any more. It has been 10+ years since Facebook removed your choice to not use it from society.
Step outside and walk around. You will be photographed. Those photographs are going to Instagram and you are in the background. Your face is scanned by Facebook and they know where you go and what you do in the day. Facebook will know your location because other apps that you use will send Facebook your location without you even knowing it. Other people's actions online, who are tracked more vigorously, like emailing you or even meeting you in person for a coffee, will give further info to Facebook. Your cell signal location and your credit card history are probably up for sale and Facebook probably buys that too.
You want to opt-out by staying home? Just order stuff online? I'm sure Facebook will still find a way to figure you out. There is no such thing as not-using-Facebook, or opting out any more. Saying that there is a way to choose not to be tracked is dangerous and wrong.
> ...and not giving out your phone number to people who use these services.
The tracking they can do is so far past just linking phone numbers though. Trying to keep a phone number secret simply isn't going to work and if it did, it would be ineffective in protecting you from being tracked.
Epic: translate is disabled
Iridium: 403 on using inline translate
Chromium: 403 on using inline translate
API key errors abound. After wasting way too much time I went back to Opera and finally found inline translation with this extension: https://chrome.google.com/webstore/detail/google-translate/a...
Now everything is well. Thanks for your tip however!
>Such tools are already being marketed for use in hiring employees, for detecting shoppers’ moods and predicting criminal behavior.
Surely, it's just a matter of time before we start gaming systems like this?
You already have online reputation management for products and services. So how long is it before someone offers shaped online profiles for individuals as a service?
Ironically, that's exactly what the NYT has started doing recently! I think they've realized just how lucrative selling these interferential insights can be; regardless of how accurate these metrics are, advertisers eat them up. How long until NYT writers start receiving pressure from upper management to produce content that maximizes emotional output from their readers? It's possible that proper restraint and separation of departments can be maintained, but I think history has shown that when profit motives are involved, greed often usurps ethics.
> Ironically, that's exactly what the NYT has started doing recently!
No, that's not what the NYT is doing at all, and it's disinformation to say that it is. Facebook was inferring the emotional state of its users, the NYT was inferring the emotional content of its article content . Those are very, very different things.
 From your link: "The result was an artificial intelligence model that predicts emotional response to any content The Times publishes... Perspective targeting allows advertisers to target their media against content predicted to evoke reader sentiments like self-confidence or adventurousness." (emphasis mine)
> nytDEMO will also soon launch Readerscope, an AI-driven data insights tool that summarizes what The Times audience is reading using anonymized data to visualize who is interested in which topics and where they are.
> Readerscope can be used as a content strategy tool to develop creative ideas for branded content or campaigns by searching a brand’s target audience segment (e.g., millennial women) to understand what they're reading, either as topics or as representative articles exemplifying those topics. It can also help brands find the right audience or geography for a certain message by searching a topic (e.g., human rights, philanthropy or travel ) and seeing which audience segments over-index for interest about that subject. Topics are algorithmically learned from The New York Times article archive using state of the art natural language processing, and all of the reader segments are targetable with media on NYTimes.com.
I'm not convinced that is different from Facebook's model - it's just less powerful.
Advertisers have always tried to place their ads alongside content that favors their brand identity, sure, but that's about the style of the content. That looks like Burton sponsoring top-tier snowboarders or Chanel advertising in Vogue. Watching Olympic snowboarders might make some people feel adventurous, but Burton's placement is also aspirational and cultural, a way of simply forming an association between the brand and high performance.
The NYT model didn't just put content alongside stories about adventure, it put content alongside stories expected to evoke adventurous sentiments. If a story about a daring Arctic expedition makes you feel relieved to be comfy at home, it could still associate a brand with adventure, but it's outside the sentiment target. That is inferring the emotional state of users, rather than of content. The main difference is that the NYT was making session-level judgements, rather than long-term ones. I find that much less objectionable (even if it's only out of a lack of data), but it's still in the category of mind-state targeting rather than content alignment.
The only difference between this and what the NYT is doing is the former requires slightly more research on the part of the advertiser, to learn what the show or article is about.
To decide whether to air your commercial alongside a drama or a comedy, all you need to do is watch the show (and perhaps collect viewer demographics). To decide which section of the print NYT to advertise in, all you need to do is read it. But Project Feels was only possible by studying the behaviors and emotional responses of readers. It didn't try to alter those emotions in specific ways, so it's not equivalent to Facebook's project, but it's also not the same as content-based targeting.
You're implying that the NYT's ML software is capable of finding some kind of secret, subliminal emotional traits that wouldn't be detectable to a human reader. I don't find this believable at all.
What I'm interested in is the switch from choosing to appear alongside a category or keywords (content targeting) to appearing alongside a type of story, with its more specific impact. The impact of ML isn't better-than-human parsing, it's almost certainly worse-than-human. It's just a question of adding story-level targeting which wasn't previously available, along with access to user studies that go beyond demographics and engagement to self-reported emotions.
Facebook does in fact decide to basically torture people into a depression with its power. Facebook is an evil entity and their intentional emotional torture exerted onto its users far surpasses the kind of thing you're quoting NYT for. Not excusing NYT here but Facebook is next-level-evil when it comes to psychological experimentation on unwilling and non-consenting users.
 Lots of articles on this, here's a random one from Google searching: https://www.theatlantic.com/technology/archive/2014/06/every...
(edited for accuracy, millions->thousands)