Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] Google accused of secretly feeding personal data to advertisers (ft.com)
85 points by SanchoPanda 17 days ago | hide | past | web | favorite | 26 comments

This seems to be the canonical version of this story:


If the claims are true, man, Google has descended very far from their high “don’t be evil” perch. If true they are hardly better than content farms and herbal medicine sites. What a disaster.

I guess all the steady hands have cached out and retired leaving the new people to their own devices without the benefit of company history to guide them.

Does nobody click the "your ad choices" button on each ad? I assumed a good amount of participating companies[0] build ad profiles at the same pace Google does.

0: https://youradchoices.com/participating

The cookie name sound rather similar to a parameter used for AD id matching in tracking pixel api https://developers.google.com/authorized-buyers/rtb/cookie-g...

by hidden webpage do they mean an empty iframe that stands in place of the traditional pixel or js script? If so, this is old school methods.

I had to fill out a Google survey about my wireless habits just to read the article.

Bite the hand that feeds you much, FT?

FYI changing the link to a google redirect did not fix the paywall for me.

Two levels of things here: Google/Doubleclick and the GDPR and then this particular "push page" issue.

- GDPR instructs that an organization maintain control of people's data. "Control" in the legal sense of it where you know who is getting the data, what their data handling practices are, how it's going to be used, etc.

- Real Time Ad bidding is the process where you land on a site and then that site has a JS snippet which passes your information (it can be more than this, but lets just say your IP address) to an Ad Auction where advertisers bid on showing you an ad. They do geolocation, company lookups, check retargeting cookies, etc. and then whoever offers the most money to show you an ad gets their banner on the page you are looking at.

- Google's Doubleclick is one of the largest Real Time Bidding setups.

Side Note: a frequent comment I see on HN is that "IPs are not personally identifiable" which is true in the abstract, but they are identifiable enough that advertisers are willing to spend significant amounts of money on ad bids.

You may immediately see the problem here: it's impossible for you (the person browsing) to give meaningful consent to share your information with all these companies participating in the ad auction because the site you just browsed to has zero flipping idea who they are and in any case there is a constantly churning audience of literally tens of thousands of companies participating in these auctions.

All of that is the context then for this newest development: push pages.

Google/Doubleclick is attempting a bunch of different approaches to deal with the fact that the GDPR shatters the current privacy destroying setup of anytime you land on a site with their JS include that your information is sent to several thousand companies unknown to you.

They're trying to implement psuedo anonymous identifiers [1] they're trying pull back on cross site matching, etc. all of which hurts their bottom line. So what this "push pages" looks like is an attempt at a technical workaround to some of the legislative hurdles raised by the GDPR. By moving the JS+Cookie setting to the Google domain they're able to say (in some context) that it's a 1st party cookie and not a tracker and able to do more sophisticated matching.

Side Note: another frequent comment I see on HN about the GDPR is that "It's too vague, why doesn't it just say what I can and can't technically implement" and this is exactly why: if the law is laid out in technical terms instead of intentions and actions it's easy to find loopholes (aka moving some aspect of tracking from a site to Google's page).

1 - https://support.google.com/analytics/answer/2763052?hl=en

I can't read it and if I want to subscribe they want me to subscribe using Google and after reading your title

I feel lost in an endless maze

Reading articles online in social media has evolved into social and collaborative effort where most people don't have to read the article itself.

HOWTO for (de facto) collaborative and delegated reading in the social media:

1/ You can upvote and comment articles based on the title without reading the article itself. If the subject is interesting, you agree with the title or you want to know more, upvote. When the article gains enough popularity and attention, the collaborative reading happens in three batches of comments.

2/ First batch of comments is from people who didn't read the article but want to say something or steer the discussion. They either use the title as writing cue to write what they think, or try to guess the article content and comment on it.

3/ Second batch is comments to the first batch from those who skimmed the article and correct the misconceptions the first batch of commenters had and provide information from the article.

4/ Third batch of comments comes from those who read the article or are subject experts or both. They correct the first and second batch comments and even correct errors in the original article. Sometimes the third batch never happens and the quality of the community reading suffers.

Ironically, hitting „web” and opening the article from a google search results page, works.


There absolutely are moderators who do a good and thoughtful job. This post has been up for 23 minutes at this time. Chill for a second and they'll get to it. Jesus.

From the FAQ [0]:

"It's ok to post stories from sites with paywalls that have workarounds.

In comments, it's ok to ask how to read an article and to help other users do so. But please don't post complaints about paywalls. Those are off topic."

[0] https://news.ycombinator.com/newsfaq.html

Somehow it made it to the top of HN, do that many people subscribe?

Why is this flagged, please? Don't tell me it's because Google employees here banded together?

Looking below, it's an FT low-content wrapper that adds little to: https://news.ycombinator.com/item?id=20876683 — and has paywall complications: https://news.ycombinator.com/item?id=20876487

So maybe the original Brave post would survive unflagged? https://news.ycombinator.com/item?id=20876248

The Financial Times is being questioned as a low quality rag? How does it answer the question of flagging? So we routinely flag blogs and wrappers?

I'm just not buying the 'it isn't Google employees doing it' thesis.

Ignoring the paywall, if the allegations are true, this is extremely sketchy behavior from Google. Is there something weasel-worded into the privacy policy that lets them do this after they’ve promised not to?

This article is centered around evidence submitted by Brave CPO Johnny Ryan. If you're not an FT subscriber, they have a blog post about it here: https://brave.com/google-gdpr-workaround/

This article seems to have more details but I'm still a little lost in it all. They actually link to a sample "push page" in that post:


Ah, actually, this explains things a bit better:


So there's a "realtime bidding system" where when the user access a page, google goes out to bidders in realtime to figure out which ad to show. I haven't quite figured out the rest but in the process somehow, those networks are able subsequently match up details about the user.

EDIT from the Brave article:

>>> Every time a person visits a website that uses RTB, data about them is broadcast to tens or hundreds of tracking companies, who let advertisers compete for the opportunity to show them an ad. The data can include the category of what they are reading – which can reveal their sexual orientation,[4] political views,[5] their religion,[6] and health conditions including AIDS,[7] STDs,[8] and depression.[9] It includes what the person is reading, watching, and listening to. It includes their location. And it includes unique, pseudonymous ID codes that are specific to that person,[10] so that all of this data can be tied to you, continually, over time.

EDIT why does this article keep getting flagged? Can it just be redirected to the Brave post instead?

Do they have an example of this data that is broadcasted to advertisers?

Ironic that the submitted link needless goes through google servers, giving them more data.

When I used a completely blank browser session, the google referrer allowed access to the site. This may have been inconsistent across more users or triggered an anti-abuse mechanism by the FT restricting access.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact