What a silly, fragile business model whose days are numbered.
It's amazing to consider how much revenue has been generated, predicated on completely unnecessary and (now) easily disabled browser features.
I have to imagine that like the cigarette manufacturers of yore, companies whose lifeblood is based on this kind of nonsense are kept up at night wondering where the money will come from when this house of cards collapses.
I, for one, have no trouble finding things to buy via search, rankings, or research, and give not one care if I never see another advertisement for the rest of my natural life.
I do not hold to the notion that advertising, in any form, is a necessary evil of capitalism. An inevitable parasite, perhaps.
How do you think those search results, those research rankings, are generated? People pay to advertise their sites at a certain level in search results too. Just because they are not immediately obvious advertisements doesn't mean they are not in fact advertisements.
If worst comes to worse, they can just track your behavior on their website alone.
So first you need to join an ad network. Then you could be paid more for higher revenue visitors.
It's also about the way in which to split the pie. (how much should go to this creator?)
Or consumer profiling. (It seems our product is enjoyed by men in their mid 40s who like sci-fi)
Or marketing research (it seems our product sells the most in winter).
There's plenty of ways to make use of this data. That's why it's so valuable. It's not uncommon to see 7 digit contracts for high profile news/gossip outlets, for example.
That's what I keep hearing. Never heard what are those ways, specifically, and where the value worth the money comes from.
> Or consumer profiling. (It seems our product is enjoyed by men in their mid 40s who like sci-fi)
OK, let's say you learned that. Let's say now you know there's more demand for beard trimmers among mid-40 males with interest in sci-fi than among teenage females with interest in Rihanna. Now what? I still fail to see what a bunch of random (and possibly entirely spurious) correlations costs in money.
> Or marketing research (it seems our product sells the most in winter).
You don't need to track me for that. You need to track your inventory. That's basic stuff every merchant having a functioning brain is already doing.
For years people used custom ROMs to block Android gps data collection and Google didn't care. Then someone added the option to send random data instead and Google filed a C&D within days.
Edit: Yes, I understand that it is annoying for the ad networks to have to register lots of wasted clicks, but that doesn't benefit me at all. It just makes my own browsing slower. I figure at least 20% of the people browsing the web would have to use the extension for it to make any difference to the ad networks, and it's probably higher than 20%. That's never going to happen.
Individual people opting out of tracking doesn't meaningfully attack the ad tracking infrastructure, and will always be limited to a small percentage of technically proficient users who care about privacy.
A collective approach feeds bad data into their infrastructure, making their data less meaningful for ad tracking and also helping protect the privacy of everyone.
Yes it compromises on privacy compared to just plain adblock. But if it hides all ads anyway, does it matter if nobody is making money off of you? The noise that the ad-clicking introduces must mess with your ad interest profile at least a little.
> I figure at least 20% of the people browsing the web would have to use the extension for it to make any difference to the ad networks, and it's probably higher than 20%. That's never going to happen.
They have tried though:
So it means, they are worried about at least enough to bother.
Now, looking at my stats I just don't see as many clicks as before. So perhaps, Google just fixed their backend code to detect these clicks and moved on without triggering the Streisand Effect by fighting against this project publicly further.
The tracking will still be there, but the tracker will never know if you granted access or not, it would always look legit.
Unfortunately, I imagine that would be tough to pull off in practice because the problem isn't just with web browsers, it's with every piece of software that embeds telemetry SDKs.
Already happens. I don't see nearly as many clicks accumulated in AdNauseum as I used to a few years ago.
Google tried to ban the extension https://adnauseam.io/free-adnauseam.html, but they've probably been reminded about the Streisand effect and just fixed their code to check for it and ignore it.
Followup question off of GP's: if networks know to filter click-fraud out based on metrics as simple as browser version, then aren't those same metrics exploitable to avoid tracking? Firefox's resist fingerprinting setting locks the reported browser version to the latest ERS. If I have that turned on, will every ad click I make be ignored?
Keep in mind, the big goal I have with misinformation is to confuse user profiles; not to generate fake clicks or waste money -- it's to make is so that my actual data profile is either unreliable or outright ignored.
If this kind of filtering is so ubiquitous, then would it be feasible defense to get user browsers to act like bots instead of getting bots to act like users? How bot-like would I need to be before advertisers started assuming the data they collected from me was untrustworthy?
One thing that ultimately breaks through the noise isn’t what ads you see or click on, but what you actually buy. If you buy things and aren’t completely blocking every ad network, you’ll massively boost the signal. Also any real browsing routines will still be in the data, and I am assuming a lot of ad networks are informed by out of band data they purchase and things like ISP data they buy.
Ultimately the proof is in the pudding. You should experiment with various approaches and then see if you are served relevant ads, if you aren’t, you’re winning :)
FWIW I get a ton of irrelevant ads because of retargeting. I visit a lot of my customer’s websites in doing my job and they’re not usually sites I’d go to, so most of the ads I see on FB and Twitter are based on retargeting from those sites.
But at the end of the day it doesn't really change much. They're going to detect signal somewhere or another. Where they detect it, they keep the data and source locations, where they don't they update their spam ML models. Unless you start going to the illegal side of the spectrum (DDOS, widespread fraudulent ad engagement, etc) you're not even going to piss them off, really. They won't even notice you.
And in that parallel universe, what ends up happening is that the ad companies provide you proxies to run on your server, and tracking is accomplished via the variety of "no-cookie" tracking options that already exist.
It's slightly better, because the bar for tracking would be raised a bit, but since there's money as a motivation for getting over it, mostly it would be passed.
The alternate reality I'm interested in is the one where the net was slightly less idealistic in the beginning and offered fewer free services, and people got used to paying for things rather than expecting them for free. I've banged this drum before, but one of the most shocking things to me is in general just how little money advertising is making per person, and how little money it would take to make it so that advertising wasn't even remotely worth it to anybody on the net if we paid directly for things.
(I worked out earlier this year that at most, Facebook makes $17/year/per user, and that's revenue, not profit: https://news.ycombinator.com/item?id=19459604#19462402 That means if you paid them $5/month, or $50 as a bundle for a year, you'd be increasing more than doubling their revenue for you. And who knows what Facebook could be if you were paying for it, and all those engineers were working on making Facebook better for you, instead of working so hard on tracking you and serving ads. You'd be paying $5/month for that Facebook instead of this one.)
For the long tail at the bottom, a few bucks is too much.
And if you're just socialising with a small group, ultimately, the next available free-tier service, or Frank or Francine spinning up a Friendica node or Mailman instance is a viable alternative (or if not that than something else).
Keep in mind that FB started as a small exclusive network (a few hundreds of Harvard undergrads), and grew largely through cache and aspirational appeal. (danah boyd has developed this idea at length.) Now, it has at best neutral appeal other than it's where everybody is, which, if they go somewhere else, it instantly loses. And sticking everyone with a high fee will do that.
Also, the costs of revenue -- of simply billing for and collecting on services -- will almost certainly exceed all other costs of service, as will new-user recruitment. Which is why "free" keeps on winning (until it doesn't).
For a lot of people, facebook is basically the internet. It's their messenger, their photo album, their event calendar, and their community church group.
Having the cost somehow bundled with bandwidth would make it seems a lot less significant a fee.
Otherwise I agree, an internet where every community wants $5/m here and $5/m there is basically the multi-streaming-tv hell that people complain about.
Probably more interesting is the question of what's stable in 2030. There are steps governments could theoretically take to really turn the tide of things. One of my favorites is a 1-cent-per-impression advertising tax. I am well aware of how expensive that it relative to a normal ad impression today; it's part of the point. Let the really lucrative stuff like luxury goods and mesothelioma ads continue, but kill the massive surveillance industry sprung up to wring literally .001 cents per impression more out of you at the cost of creating 80% of a ready-made police state. I think the costs the advertising industry are externalizing on to us are hard to overstate; I would quite literally and with full knowledge of what I am saying put them as on par with environmental externalities.
I have always been intrigued by the idea of micro transactions. In a modern formulation, duplicate Reddit, but replace upvotes with 0.001 cents donations (to who? I don't care). If you hold shift and click the up arrow, it'll do 0.01. Hold control shift and click for 0.1 cents. Then have larger options you can drill into. People would throw around a lot of mili-cents. But at some point, "whales" would be sure to emerge as well.
I have no idea why this isn't happening, thus I must assume there are legal and financial barriers to implementing it.
What I've found is that a small subset of sites don't work without third party cookies (PlayStation store login being the only one I care about) and that a lot of sites don't expect localStorage access to ever fail (eg Codepen, I've had to fix some of my own sites that assumed localStorage access never throws).
I think that would be a good option. Allow first-party cookies for session tracking (logins, etc) but block third-party cookies.
Also I don't want to screw with advertisers' perception of who I am. If anything, I really like how ads are actually relevant to me -- it's a lot better than the days of penis pill banners. I just want them to stop following me around so closely and putting my "anonymized" data at risk of exfiltration by hackers or governments.
Heap doesn’t sell or share data to third parties, we don’t do any cross site identifiers, or fingerprinting. We aren’t in the ad business, that’s Google and FB.
In other threads folks have said “but you can’t control what might be done with Heap data in the future” that’s right. I’m happy and pretty secure, and will fall on a sword if Heap ever becomes an unethical company.
(I’m commuting for the next hour but will get back to reply soon)
This doesn't help me one bit, though :/
> We may share or transfer your information in connection with a prospective or actual sale, merger, transfer or other reorganization of all or parts of our business.
I understand that you are assuming any acquisition will lead to some malicious or unethical intent, but I’m not so cynical, that said, it’s be nice to have some protections.
In the US we’re especially screwed because ISPs have largely blocked off competition that could offer privacy.
Most analytics tools that aren’t coupled with ad networks aren’t trying to get around ad blocking extensions, even though it’s pretty easy to do. Like, surprisingly easy. Unethical companies are doing that and more - see the aggressive stance Apple has taken with ITP. They’re not reacting to general cookie sharing, but to companies that are attacking the browser’s storage mechanisms to expose data from other sites.
Long story short, vote for privacy forward leaders if you live somewhere that allows you to.
Laws like GDPR and the CCPA are moves in the right direction. Heap is already compliant with both and I hope more protections continue to make their way to the public.
Edit: I know we are GDPR compliant and intend to be CCPA compliant but I’m not sure we are yet since it isn’t yet in effect.
Might want to pack a lunch.
You're talking about crippling the business model of two of the US' most profitable companies (Alphabet and Facebook), not to mention the lifeline of many digital startups whose business revolves around packaging and selling user data.
And the people who would be in charge of putting forward such legislation would presumably be the same who depend on this level of tracking to hold their congressional/Senate seats the next time an election rolle around.
And the legislation will also be developing outside the US, notably in Europe and Asia.
That's not ideal. It's a start.
EDIT: If anything I can see publishers and advertisers trying to lobby for DMCA style laws that will make it an offence to circumvent tracking and profiling. They can spin such techniques as just an attempt to generate revenue and to circumvent them is as bad as music or software piracy.
With the right changes to how we talk about privacy, we could start treating it like a security issue. Make data sharing a flaw that needs to be corrected. Start to talk about ad-tech as malware and lump those that would work on these systems in with those that would write remote access trojans or ransomware.
Unfortunately nobody in the EU seems to be interested in punishing sites that bend the law by making "deny" difficult to click or even blocking the content if you click deny.
I'm aware this is an uphill battle. It may well be a hill I choose to die on.
For further thoughts / arguments:
Many of the arguments for Sci-Hub generalise to all information. This piece also specifically invokes the arguments of the CUNY Graduate Center and Joseph Stiglitz (Nobel laureate economist) on information as a public good:
"What the academic publishing industry calls "theft" the world calls "research": Why Sci-Hub is so popular"
"Why Information Goods and Markets are a Poor Match"
"The Medium Is the Message: how the technological and revenue environments shape content"
"Forbes asks: Why do programmers hate advertising so much?"
"A Modest Proposal: Universal Online Media Payment Syndication"
"Specifying a Universal Online Media Payment Syndication System"
"Richard Stallman's "Internet Sharing" content syndication proposal (2012)"
A general problem of advertising, not otherwise addressed, is that it tends to produce shit content. Though this essay doesn't directly address that, it's very much a Tyranny of the Minimum Viable User dynamic:
Another is that advertising tends strongly toward oppressive rather than liberating informational regimes: https://old.reddit.com/r/dredmorbius/comments/6b32jo/what_ma...
And problems with other proposed payment alternatives, such as micropayments:
"Repudiation as the micropayments killer feature (Not)"
A general bibliography on publishing and media:
"Media, Advertising, Sustainability, Externalities, and Impacts: A light reading list"
TL;DR: I've been thinking about this for a while.
Mind: getting to public goods payment is going to be difficult. I don't deny that in the least. Partial approaches may well be a viable path there. Sci-Hub, ZLibrary, Library Genesis, the Internet Archive, libraries (public, offline, online), file-sharing, samizdat press, #pdfme, and other measures are appropriate.
And "how do authors/creators" get paid: UBI/GMI would be a good start. Performance/lectures are an option. Publishing-as-a-shingle (in the professional advertising sense) is an option. Patronage and grants are presently used and have a long and storied history. As discussed in the essays above, both technology and business model effect the forms and types of works created. Advertising has been tried and found wanting.
> Among all the sites I visited, news sites, including The New York Times and The Washington Post, had the most tracking resources.
So hat-tip for the self-awareness. Now how about "sweeping your doorstep" ?
That's clear and not being disputed. When people mention workers calling out management, it's sort of in a praising way. They're commending management for at least allowing workers to call them out.
Many institutions would not allow that to happen, so it's good to point out the Times when they do.
They do it in the open. They say they do it. They tell you they know it's bad, this thing they do. And they do it anyway.
It doesn't make them better than others to pay lip service and not change. If anything, they lead by example and it makes them worse for having done so.
Shop lifting is a crime, but hey, everyone does it, so watch me pocket this candy bar. And some beer. And a TV. And maybe I'll just grab some money from the cash register. And yeah, I think I'll steal the assistant manager's car to get away. See? This is just how the world works!
Upper management can interfere but usually this is done via the editor and usually only when they really don't want a story to run (e.g. they think it'll bring too much heat or it accuses one of their friends of paedophilia).
This is really frustrating because I've had my comment ready to go for weeks.
In terms of costs I'd say it's neglectable, it runs on a container in our existing infrastructure. Required resources and maintenance are minimal.
Is there an answer to this dilemma that doesn't involve foregoing ad purchases, which seem pretty important to growth and revenue?
Why? What would happen if you didn't have that data?
Wrapping back around to your question: "What would happen if you didn't have that data?" The answer is that Facebook/Google/Any Given ad service could just make up numbers about how ads performed.
The attribution data gives you two hard data points:
1. How much you paid for the ads
2. How many sales/leads you received
Everything else like views, clicks, video views expanded with sound on in Guatemala, etc. are all prone to manipulation and mis-reporting.
I recently reformatted, switched to Firefox, and installed Multi-Containers, Auto-Delete, and uBlock Origins; open to suggestions on what other robust, stable, mainstreams extensions I should try :)
But I agree that this level of privacy invasion should be illegal.
Is there any easy way around that?
Hell, I've been a software developer for years, and once built my own PC, but I balk at the idea of building a pi-hole. For a lot of people you may add well ask them to change the engine in their car.
Until there is a plug and play solution to privacy I do believe it belongs to the digital 1%.
If I go in public someone might photograph me or see me. If I visit a website, it might log information about my visit (to show me ads).
Sounds fine to me. I like reading free news articles, paid for with ads. If I don’t like it I can stop reading them.
My point is that the expectation of privacy is unreasonable in every situation. For example, it's unreasonable in public or when doing business with others.
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdw.com *.richrelevance.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.hotjar.com cdw.needle.com nexus.ensighten.com api.bluecore.com bluecore.com px.spiceworks.com *.liadm.com scripts.demandbase.com triggeredmail.appspot.com connect.facebook.net d31y97ze264gaa.cloudfront.net *.bounceexchange.com www.googleadservices.com *.doubleclick.net *.google-analytics.com st1.dialogtech.com bat.bing.com *.googleapis.com nsg.symantec.com analytics.po.st px.ads.linkedin.com po.st *.cnetcontent.com selectors.cnetcontentsolutions.com *.akamaihd.net *.google.com *.twitter.com *.justuno.com *.liveclicker.net www.netapp.com dpm.demdex.net *.d41.co *.cxense.com static.ads-twitter.com vault.pactsafe.io pactsafe.io *.webcollage.net *.ziftsolutions.com *.simpli.fi pixel.mathtag.com *.googletagmanager.com *.googlesyndication.com googletagservices.com t.sellpoints.com a.sellpoint.net media.flixfacts.com www.youtube.com media.flixcar.com *.flix360.com *.easy2.com *.go-mpulse.net *.cdnwidget.com *.rlcdn.com *.flixsyndication.net *.adobe.com *.hotjar.io *.eloqua.com *.swogo.net *.swogo.com *.nanovisor.io *.btttag.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.cdw.com *.bazaarvoice.com cdw.needle.com *.cnetcontent.com *.justuno.com *.webcollage.net *.ziftsolutions.com t.sellpoints.com a.sellpoint.net media.flixcar.com *.easy2.com *.amazonaws.com platform.twitter.com *.typekit.net *.adobe.com *.nanovisor.io *.btttag.com; img-src 'self' *.cdw.com *.bazaarvoice.com *.qualtrics.com cdw.needle.com nexus.ensighten.com px.spiceworks.com *.liadm.com *.bounceexchange.com www.googleadservices.com *.doubleclick.net *.google-analytics.com bat.bing.com nsg.symantec.com *.cnetcontent.com selectors.cnetcontentsolutions.com *.akamaihd.net *.google.com *.justuno.com www.netapp.com dpm.demdex.net *.cxense.com vault.pactsafe.io pactsafe.io *.webcollage.net *.ziftsolutions.com *.googletagmanager.com t.sellpoints.com a.sellpoint.net media.flixfacts.com media.flixcar.com *.flix360.com *.easy2.com *.amazonaws.com platform.twitter.com *.linkedin.com *.tribalfusion.com *.company-target.com www.facebook.com events.bouncex.net *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.adobecqms.net *.turn.com st2.dialogtech.com secure.insightexpressai.com px.gumgum.com *.bluekai.com k.intellitxt.com *.everesttech.net *.adnxs.com sync.fastclick.net simage2.pubmatic.com us-u.openx.net ads.yahoo.com pixel.rubiconproject.com *.advertising.com magnetic.t.domdex.com *.rfihub.com *.mathtag.com *.mathtag.co *.amgdgt.com *.casalemedia.com www.bluecore.com *.prod.bidr.io cdn.optimizely.com syndication.twitter.com x.bidswitch.net pe.intentiq.com loadm.exelator.com insight.adsrvr.org um.simpli.fi acuityplatform.com data: *.dotomi.com *.flixsyndication.net liveintent.com cbssports.com maxpreps.com wogo ce.lijit.com soma.smaato.net cs.admanmedia.com eb2.3lift.com live.sekindo.com *.adobe.com *.sc.omtrdc.net df7xs8p1yjitw.cloudfront.net *.core.windows.net *.nanovisor.io *.btttag.com; frame-src 'self' *.cdw.com *.bazaarvoice.com *.qualtrics.com *.hotjar.com *.liadm.com *.bounceexchange.com *.doubleclick.net nsg.symantec.com selectors.cnetcontentsolutions.com *.google.com *.twitter.com *.liveclicker.net *.cxense.com *.webcollage.net *.ziftsolutions.com pixel.mathtag.com *.googletagmanager.com googletagservices.com a.sellpoint.net www.youtube.com media.flixcar.com *.easy2.com www.facebook.com *.rlcdn.com rs.gwallet.com *.liveclicker.com pages.cdwemail.com www.emjcd.com *.dotomi.com *.flixsyndication.net cdw.zuberance.com *.hotjar.io *.eloqua.com *.swcontentsyndication.com www.cisco.com *.nanovisor.io *.btttag.com; font-src 'self' 'unsafe-inline' *.cdw.com cdw.needle.com *.googleapis.com *.cnetcontent.com *.webcollage.net a.sellpoint.net media.flixfacts.com media.flixcar.com *.easy2.com *.flixsyndication.net *.typekit.net *.adobe.com *.nanovisor.io *.btttag.com; connect-src 'self' *.cdw.com *.richrelevance.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.hotjar.com cdw.needle.com nexus.ensighten.com api.bluecore.com px.spiceworks.com *.liadm.com scripts.demandbase.com triggeredmail.appspot.com d31y97ze264gaa.cloudfront.net *.bounceexchange.com www.googleadservices.com *.doubleclick.net bat.bing.com *.googleapis.com nsg.symantec.com *.cnetcontent.com *.akamaihd.net *.google.com *.justuno.com www.netapp.com *.d41.co vault.pactsafe.io pactsafe.io t.sellpoints.com a.sellpoint.net *.go-mpulse.net platform.twitter.com *.company-target.com www.facebook.com events.bouncex.net *.cdnwidget.com wss://*.hotjar.com p.po.st *.cdnbasket.net *.akstat.io data.g2.com data.g2crowd.com *.adobe.com *.hotjar.io *.swogo.net *.swogo.com *.nanovisor.io *.btttag.com; object-src 'self' a.sellpoint.net *.nanovisor.io *.btttag.com; worker-src 'self' blob: *.nanovisor.io *.btttag.com; media-src 'self' *.cdw.com *.cnetcontent.com *.webcollage.net media.flixfacts.com www.youtube.com blob: *.flixsyndication.net *.nanovisor.io *.btttag.com;
How much does it reduce tracking? Or at least make it not useful to the tracking firms?
Depending on how closely you stick to the recommend configuration (default window size and such) it'll at least minimize some of the tracking capability of most sites.
The best methods to prevent tracking IMO are ublock origin + decentraleyes + HTTPSeverywhere (Http is leaky) in incognito mode, periodically you should destroy the session (restart your browser).
Tor really only helps with the IP part, the rest are extensions + incognito mode.