Hacker News new | past | comments | ask | show | jobs | submit login
Google to stop selling ads based on your specific web browsing (wsj.com)
670 points by ghshephard 44 days ago | hide | past | favorite | 321 comments



There's an archived, no-paywall, version here:

https://archive.is/qlvcE


I remember a small story, decades ago, about a company/univeristy which was left holding the bag when the government cancelled their contract. They were constructing a lens system to go into a satellite which could purportedly read the issue date on a dime lying on the sidewalk. It was something like $15M. The implication was that the government had found something even better, and gone with that instead. If Google is publicly giving up on a particular, unpopular technology to buy some PR, I strongly suspect that they've already figured out something which will work "better" behind the scenes.

There's a lot of confusion over what this story is actually saying, and, given the obscurity with which Google deals with it's tech, I don't think this is going to get cleared up, leaving room for a lot of speculation. But one thing is absolutely certain: There's no possible way that Google is going to make a change to their biggest money maker that would make them LESS money. Maybe that just means that they consider their duopoly enough of a barrier that advertisers will be forced to accept less-targeted marketing, but I doubt it...


Yep - without having read the article due to paywall, they're likely referring to FLoC (Federated Learning of Cohorts) https://github.com/google/ads-privacy/blob/master/proposals/...

https://blog.google/products/ads-commerce/a-more-privacy-fir...

Make no mistake - as far as I can tell, this preserves Google's ability to track that you are, say, a new parent because you've searched for baby clothes. What it won't know is which new parent you are. The system is designed to give probabilistic assurances of k-anonymity. But Google will no doubt tune those "cohort" memberships, and the value of "k," to capture the vast majority of current advertiser needs, while still being able to communicate to antitrust inquiries and the public that they are not giving people unique identifiers. If anything, it hurts their competition more than it would hurt them, because it allows them to thread the needle in a privacy-conscious world.


> without having read the article due to paywall,

https://archive.vn/qlvcE


Solution #1: Remove Javascript and CSS.

     curl -s https://www.wsj.com/amp/articles/google-to-stop-selling-ads-based-on-your-specific-web-browsing-11614780021 \
     |sed -n '/<meta property=.og:title. content=./{s//<title>/;s/\" ./<\/title/;p;}' \
     |egrep -o "(<p>.*</p>)|(<title>.*</title>)"  > 1.htm
     firefox ./1.htm
Solution #2: Use browser that does not process it.

     links  https://www.wsj.com/amp/articles/google-to-stop-selling-ads-based-on-your-specific-web-browsing-11614780021 
Unfortunately some countries block archive.is websites (e.g., at DNS-level), so archive links will not work for everybody.


Solution #3: Use Bypass Paywalls

Free extension that can remove paywalls from many of the big news sites. Works on Chrome, Edge and Mozilla.

https://github.com/iamadamdev/bypass-paywalls-chrome


Still used to the 90s when any Level of bypassing would get you labeled as a hacker, and people would demand you get fired or arrested.

Just knowing how things worked resulted in a number of people assuming I could hack banks, and either asking me too, or shunning me. Or flat out accusing me of it.

Umm you could go around mugging people much easier then I could hack stuff. That explanation never went over well.

Had to ask one boss to stop threatening employees to have me hack them. It was in jest, but I was terrified at how people would react if they thought I bypass security. Didn’t help that I knew how, as security was crap back then.

I leaned to keep my mouth shut, and refused to keep up with security stuff. Can’t hack if I don’t know how.


To each her own, but I see the complex browser such as Chrome, Edge and Mozilla as part of the problem. Javascript too. Neither is inherently problematic, but both are too often used to create problems for users (to serve advertisers' interests) rather than to solve them. For example, without Chrome/Edge/Mozilla plus Javascript, "paywall" does not work. Yet I can still read the WSJ article just fine with either Chrome/Edge/Mozilla nor Javascript.

Much like a tech company that wants www readers to believe it is working to solve a problem www users are having that the tech company itself created (which, it just so happens, is not a problem at all for advertisers).


Useful, bookmarked your comment, thank you.


> Make no mistake - as far as I can tell, this preserves Google's ability to track that you are, say, a new parent because you've searched for baby clothes. What it won't know is which new parent you are.

If you've searched for baby clothes in Google there's absolutely nothing in the FLoC proposal that stops Google from inferring that you're a parent from that search and, idk, storing a bit in your profile or something.

This proposal is about allowing ad targeting to interests or whatever without tracking your visits across the web - your browser generates the cohorts clientside (idk how the cohort assignment algorithms get standardised on, I guess that's where the 'tuning' would go). And yes, you could just tell your browser not to do that, or have it only use the most recent n days' data, or randomize your cohort, or freeze your cohort in time, or blocklist certain sites from ever entering your cohort, and so on.

Where this ties into tracking if you're a parent is that while it doesn't prevent tracking that, it does lessen the incentive - if you're a parent, you're likely going to wind up in a parent-y cohort. Is the signal from the original search still going to be useful enough to warrant keeping around?

(obligatory: googler, but nothing to do with ads)


If the browser is supposed to send the information, what are they going to do with those of US who do not use Chrome? Are there plans to force firefox to follow the plan, and how will they prevent others from, say, making an extension to mess with the cohort numbers?


I think the expectation is other browsers will implement by default - the intention incidentally is that FLoC isn’t a google specific tech, it enables private targeting by any ad vendor. The proposal seems to mostly to be by googlers but the association is with WICG which seems to have people from all over.

As I noted in my original message - yes, its client side, you can do whatever. (‘Whether the browser sends a real FLoC or a random one is user controllable’ https://github.com/WICG/floc)


The user controllability is genius, that neatly ties up their problem. They have a legitimate option to get out of being targeted, which they know almost no one will ever use. They could probably even add a setup prompt on install that says something like "Let us know which of these categories apply to you, so we can tailor your browsing to your interests" and get people to fill out half of it for them so they don't have to guess.


> "Let us know which of these categories apply to you, so we can tailor your browsing to your interests"

This prompt will never happen. The last thing Google wants is any additional association between their brand and advertising.

Google's mode of operation has always been to sneak in the back door and count how many boxes of cereal you have while you are looking at underwear. Knocking on the front door and to ask if they can come in would likely never occur to them.

There is no mention of Chrome being an ad supported product anywhere when you install it. They want that association completely out of people's heads.


This is a misunderstanding of what these cohorts are. If you read the [FLEDGE readme](https://github.com/WICG/turtledove/blob/master/FLEDGE.md) you can see that there are multiple types of owners of cohorts that fall into 3 categories:

1. Advertisers - who would add you to a cohort they own, so say "Nike - womens-running-shoes"

2. Publishers - who'd want these cohorts to better allow for advertisers to advertiser on their site, so "NYTimes - business-section-reader"

3. Third party ad-tech companies looking to create audiences for advertisers who work with them, so "Example Agency - mens-formal-wear". They'd partner with publishers so that when you go to somewhere like GQ or Man of Many and read an article on tuxedos then you'd get added to the cohort.

So you are right, you'd never see a prompt to add in your interests, but this isn't because Google doesn't want to associate with specific brands, it's that Google isn't necessarily an owner of a cohort (though they totally could create their own under any 3 of those categories).


I would bet many will be highly local though, by city/neighbourhood/block level


This would hopefully kill the endless cookie questioning


Cookie popups are now part of our superstitions, our Internet rites. A decent web page, it doesn't just track you and molest your integrity -- it asks first!

I don't think we'll get away from the cookie popups, ever. It's just like the "I agree to the TOS / EULA" checkboxes. Legally toothless, but you'd better have one, just in case.


And cookie popups are now part of any corporate general counsel's requirements if you're even running first-party cookies and/or any kind of analytics, regardless of third-party-cookie changes. They're not going anywhere.


I disagree. There is are many knowledgeable people out there that spend their time looking at the requirements of GDPR etc. and how those relate to cookies. If you can be properly advised that the kind of cookies you use aren't contravening the various privacy directives, it won't be long until they disapear.


I know one place where they were forced to add a cookie popup as part of a GDPR compliance tickbox exercise. The kicker? They didn't have any cookies. After a fruitless attempt to persuade the person working through the aforementioned exercise that you only need a cookie popup if you have cookies, the popup was implemented.

Of course you need to store the user's preference. So now the site needed to have a cookie. One cookie which just stores the fact that the user has or hasn't consented to cookies.


This could easily be solved with DNT.


It could have but because DNT wasn’t made part of the GDPR and sites refused to do the right thing on their own it went no where.

Even cookie pop ups are not respected. If you visit Facebook sites by accident they’ll leave their tracking cookies before you’ve had a chance to read the terms and leave the site.


I know. But it doesn't matter as DNT is universal. If you enable DNT, websites SHOULD (or better: MUST, but unrealistisc I know) honor that. For technical/functional cookies you don't need permission. The rest is off, DNT answers the question of "Do you accept" with a browser-based "No.".


Chrome isn’t critically important to Google’s advertising and data initiatives. It’s important for a lot of other things, but that’s beside the point.

Google doesn’t really need much more that what it has. It has third-party big data, Gmail, Google Search and a very recent optimized cache of everything important that it’s crawlers can get and more. People get so caught up in the minutia; Google is big, like category 100 Hurricane big, where people laugh and say there is no category 100; but that’s what it is- classification system aside.

Anti-trust and pro-privacy are distractions that Alphabet, Google, etc. can put their left-fielder on while they run the bases, because they play both teams.


They need a crippled browser that can't be used to bypass their revenue stream. Controlling the most popular browser gives them an important moat.


Presumably people would just block the ads instead?

Either way I reckon it's the same thing stopping people from just sending random data over google-analytics. So, not a whole lot, other than whatever anti-spam mechanisms google bothered to put in place.


>> just sending random data over google-analytics.

Back when I was in the security field, I heard discussions about this sort of thing as a form of attack. The question was whether a computer that sent false or incorrect information was either engaging in a DOS attack or was violating the CFAA in that it was using false information to access a service. The DOS attack would be on the tracking system rather than a website resource, false information to degrade the effectiveness of the tracking system overall. The CFAA angle would be that participation in ads/tacking was part of the contract for accessing the 'free' service, that by blocking ads or sending false info the user is using a false credential to access the service. At the time, many thought that by using an ad-blocker that users were failing to pay, passively stealing website content. Those who sent false information were engaged in active theft.


I'll grant that sending fake data is more active than merely not loading ads, but I personally consider not loading ads about as malicious as failing to read a billboard, or failing to subscribe when a webpage says 'Subscribe now'.

I don't think I'll ever quite understand the idea that the user is under any obligation to do whatever. Just because their user-agent might have some default behaviour doesn't mean that the user-agent should be expected to act in the interest of the server.

Though there's an argument to be made that sending lots of false data in response to a request to post personal information to google-analytics is a bit like manipulating a public survey by sending in silly answers. I'm not sure to what extent that is illegal but I'll grant that it's not exactly ethically correct.


>> not loading ads about as malicious as failing to read a billboard

Because, at this time, ad blocking tools are relatively benign. But what if we think of them more as content-blocking or content-management tools? What if I have a tool that blocks only right-wing advertisements or content? What if I have a tool that blocks all images of women showing too much skin? Block images of black people? Such not-neutral tools would radically change public perceptions. Legislation might follow.

There was a comical toll out there that would replace the text "Trump" with "The idiot" on viewed websites. That's the thin edge of this wedge.


Just because something is evidence of objectionable political view doesn't mean it should be forbidden.


This is approximately the time when you go from passively not agreeing to be tracked or have your attention stolen or your computer compromised by ad networks to collaborating with your fellow citizens to destroy the business of the ad networks by making it difficult to impossible to operate. In truth if every free ad supported service ceased to exist the internet would go on none the less.


I'm deeply interested in these issues as well - the criminal aspect of the CFAA being disconnected from actual harm caused to people is insane to me.

There does seem to be momentum towards a narrow reading of the CFAA when it comes to providing false information against terms of service, though, as per these 2013 analyses... though they fall short of actually giving any guarantees.

https://www.whiteandwilliams.com/media/alert/247_Coverage%20...

http://tsi.brooklaw.edu/cases/matot-v-ch

On the other hand, a denial of a motion to dismiss in Ticketmaster v. Prestige from 2018 seems to have drawn a distinction between breaching terms of service alone, and being told in a cease-and-desist not to breach those terms; the latter more clearly outlines what would be considered exceeding authorized levels of access.

https://casetext.com/case/ticketmaster-llc-v-prestige-entmt-...

Where does false information end and privilege escalation begin? Can that question depend on whether your privilege escalation is something as simple as "I'm now able to avoid the fine-print contract that I need to watch certain types and customizations of ads in order to access the service?" What constitutes sufficient notice to a user that certain actions are explicitly forbidden, if a C&D does but terms of service do not? All questions that, as far as I can tell, haven't been fully answered.

(Obligatory: Not a lawyer, the above is not legal advice.)


> The CFAA angle would be that participation in ads/tacking was part of the contract for accessing the 'free' service, that by blocking ads or sending false info the user is using a false credential to access the service.

I'm horrified whenever I see people having this perception of the issue, and worried that it'll get accepted by the legal system as the correct view.

From my POV, the only contract that exists between me and a random ad-loaded website is the one negotiated between my computer and their server - that is, the HTTP protocol, which clearly stipulates that I can render any reply you send me in whatever way I like. This contract provides many tools for expressing the intent of gating content behind some requirements (like payment, or receiving different content first), but the common rule is: you don't send the content you're gating before the client proves they've met the requirements.

And honestly, I'd consider mixing ads into content to be borderline CFAA (the ads themselves being abusive and often fraudlent, and sometimes malware) - and sending software intending to compromise my user agent (like trackers, or ad-blocking busters) to be crossing the CFAA line. Unfortunately, I don't think the lawyers would agree with me :(.


Are you horrified when a movie theatre doesn't want people sneaking in their own food and drink? Some consider that trespass in that you have broken the contract you agreed to when buying the ticket. They can call the cops and have you arrested for accessing the theatre in contravention of the rule. I could see an equivalent for websites that adopt a "no ad blocking" rule.


Can you cite this actually happening?

If you are asked to leave and do not leave I can see you possibly being arrested for trespassing, but I fail to see what you would be arrested for by bringing in food from outside the theatre. Sure, they could ban you from coming back to property (and this could lead to trespassing arrests, if you did return) but thats about it.


I'd expect such websites to communicate it, though, and do the minimum of work to prevent me from entering with ad blocker on. I'm fine with paywalls, and even "disable your ad blocker" walls - they're up-front, and in agreement with spirit of the HTTP protocol.

Much like cinemas. If I try to bring in food I didn't bought at the cinema store, I will be stopped at ticket check and refused entry. Also, the cinema doesn't require me to buy food as a condition for watching the movie. If they did, I'd consider it the price of entry.

What current ad-loaded websites are doing is the equivalent of letting you in to watch a movie, and then having someone come to you as you're watching, and poke you and yell at you because you didn't buy anything at the store.

> They can call the cops and have you arrested for accessing the theatre in contravention of the rule.

I've never heard of a cinema calling cops on people who snuck in food into the theatre. Is that US-specific?


It only happens when people are discovered, begin arguing, are told to leave, and don't. It's mostly drunk people who have brought alcohol into a movie. Cops remove them as trespassers who refused to leave after being told to.


I might imagine that Google Inc could sell a product to Mozilla Inc which they could embed in their Firefox browser, enabling them to sell FLoC data to Google. For example.


> If the browser is supposed to send the information, what are they going to do with those of US who do not use Chrome?

What would stop them from implementing FLoC in the cloud for non-Chrome users? Fundamentally, where the data is stored is meaningless. So long as they are pushing everything through this same "FLoC" model, they are claiming they won't be tracking individuals.

So on Chrome, FLoC is local—your own browser working against you—for Safari and FireFox, FLoC is cloud based.

So long as the web sites in question are running Google Analytics, they still have the software on your system on a huge number of sites.


> for Safari and FireFox, FLoC is cloud based

This would require being to identify a user when they are on many different sites (cross-site tracking), which all the major browsers intend to prevent.

(Disclosure: I work at Google, speaking only for myself)


First, you have to understand that Google as a company has lost all credibility in much of the community. There have been too many issues like this one where Google gives you the impression they are turning off tracking... but doesn’t actually stop tracking you.

https://www.independent.co.uk/life-style/gadgets-and-tech/ne...

There was also the Do not Track setting, which Google ignored. So in my book (and I’m not alone here), anything coming from Google is taken with a huge grain of salt.

For some time, there has been a sort of cat and mouse game between advertisers and browser makers. Do you know Google isn’t using fingerprinting to identify us? Or just IP or some other means?


> Google as a company has lost all credibility in much of the community

What I'm saying is Safari [1], Firefox [2], and Chrome [3] are planning technical mitigations that would prevent anyone from implementing a cloud-based FLoC. Even if you don't believe Chrome, it wouldn't be possible in Safari or Firefox.

> Do you know Google isn’t using fingerprinting to identify us? Or just IP or some other means?

https://blog.google/products/ads-commerce/a-more-privacy-fir... has "once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products" and "our web products will be powered by privacy-preserving APIs which prevent individual tracking while still delivering results for advertisers and publishers" which seem pretty clear to me? Additionally, I work in client-side ads infra, and I'm pretty sure I would know if Google were fingerprinting users to target ads.

[1] https://webkit.org/tracking-prevention-policy/

[2] https://wiki.mozilla.org/Security/Anti_tracking_policy#1._Cr...

[3] https://www.chromium.org/Home/chromium-privacy/privacy-sandb...


From what I've read on FLoC (not much so I may be wrong), wouldn't having anonymized ad-targeting be a good outcome? Google and websites still get their ad revenue, and we still get ad-supported products. I guess there's always the possibility of a badly-anonymized algorithm leaking data, but other than that it still seems like a step up from that invasion of privacy being a given, no? If I'm misinterpreting the jist of FLoC, let me know.


I think an important question with the FLOC stuff is sort of brushed aside.

So, you have millions of users, and you make it "k-anonymous", or "anonymous if you squint real good". Is it really possible to find k such that privacy is meaningfully preserved, given the heaps of other information you have?

Say I belong to some cohort, and you know my IP address. I think this would be enough to fingerprint me reliably, never mind OS version, browser, plugins, etc.


> and you know my IP address

https://www.chromium.org/Home/chromium-privacy/privacy-sandb... links to https://github.com/bslassey/ip-blindness for how they intend to handle this.

(Disclosure: I work on ads at Google, speaking only for myself)


Even if they stay with cohorts, I assume people will be members of a variety of them.

New parent. Lives in Springfield. Works at a power plant. Drives a car. Owns house. Horrible credit rating. Married with 2+ kids. Voted in last election. Ex military. Ex astronaut. Once purchased an effective baldness cure. How many seemingly large cohorts does it take before you are really talking about one clearly identifiable person?


> How many large cohorts does it take before identifying a person

It takes 33 “perfect” yes/no questions to identify uniquely anyone on earth. It is seemingly large since each question splits the world in two.

Of course this is in a perfect world, but I remember seeing quizzes which would guess any object given a few yes/no question. Or perhaps it was people.


> Of course this is in a perfect world, but I remember seeing quizzes which would guess any object given a few yes/no question. Or perhaps it was people.

https://en.akinator.com/


Couldn't get to Dianne Morgan in 40 guesses. The closest it got was to ask in sequence whether the character was British, blonde, an actor and a comedian.

Not many probably know the person in question with her real name - but almost everyone who's ever watched Charlie Brooker's productions should recognise her as Philomena Cunk.


This game is incredible. The question always seem to be unrelated to the person to guess, and suddenly it guessed perfectly.


Very easy to break if you guess real-world people not famous for acting, sports or politics.


On the other hand, I tried to get it to guess Mia Dolan and it took 36 questions, two of which involved Five Nights at Freddies


It doesn't load the CSS for me, Android/Firefox :-(


Does your person have glasses? Is your person male? Does he have facial hair?

At that point the kids usually go for broke and ask me if my player is Susan.


https://en.wikipedia.org/wiki/Guess_Who%3F

"Each player starts the game with a board that includes cartoon image of 24 people [...] Players alternate asking various yes or no questions to eliminate candidates."


> Even if they stay with cohorts, I assume people will be members of a variety of them.

No, users are only in a single cohort: "cohort = await document.interestCohort()" -- https://github.com/WICG/floc

(Disclosure: I work on ads at Google, speaking only for myself)


Err, what? So there would be one cohort of "new-parent-lives-in-springfield-works-in-power-plant-etc-etc" (combining multiple unrelated interests), it just has to have thousands of people in it?

Do cohorts allow advertisers to say, "Show this ad to anyone in a cohort with an affinity for 'new-parent' over threshold X?" is that so?

Do they let advertisers say, "here are the cohorts of our best 1000 customers, please show ads to anyone else in those cohorts?"

Would people in "my cohort" be the 1000-10000 people most like me in browsing habits in the world?

(Disclaimer, have tried to buy limited quantities of ads in the past, interested in some part as an advertiser)


> Would people in "my cohort" be the 1000-10000 people most like me in browsing habits in the world?

Yes: "a browser can group together people with similar browsing habits, so that ad tech companies can observe the habits of large groups instead of the activity of individuals. Ad targeting could then be partly based on what group the person falls into."

> there would be one cohort of "new-parent-lives-in-springfield-works-in-power-plant-etc-etc" (combining multiple unrelated interests), it just has to have thousands of people in it?

I mean, there aren't thousands of new parents who live in Springfield and work in a power plant? You would be in a cohort like "43A7".

> Do cohorts allow advertisers to say, "Show this ad to anyone in a cohort with an affinity for 'new-parent' over threshold X?" is that so?

Not really? An advertiser or (ad tech company) might learn, over time, that people in cohort "43A7" are very likely to be interested in baby clothes while people in cohort "5B7E" are more likely than average but not by that much. So they might be willing to bid more to show baby clothes to someone in 43A7 than in 5B7E, and not bid at all for most other cohorts. But the browser API just gives you an opaque cohort identifier.

> Do they let advertisers say, "here are the cohorts of our best 1000 customers, please show ads to anyone else in those cohorts?"

From my reading of the spec, that seems like it would work well.


Fascinating... Thank you for digging in on this!

Could a browser vendor send down a mapping of cohort hashes to interest vectors? I don't see anything in https://github.com/WICG/floc that suggests that couldn't happen, and it seems like it could greatly enhance utility without too much sacrifice to privacy. For example, it'd allow an advertiser to target all cohorts who like american football, I'd think.


I think this can be built on top of the proposed API? For example, a site about American football could publish/sell the cohort frequencies they observe.


Ah, that's interesting. Different from what I was talking about but certainly makes sense.


While I completely agree with your point, and the number required is probably pretty low, the point of FLOC is that no one will need to identify a real person for any “proper” reason.

Advertising rarely is about targeting “John doe” but usually about targeting “[men] && [in Springfield] && [searching for a baldness cures]”.

(I still will do everything in my technical power to disable floc, and still will never trust google). But I do think the implementation removes most of the advertising incentive to track on an individual person level.


Legitimate advertising. What about the other stuff? What about advertisers who want to swing very specific voters? What about nefarious people who want to put a malware link in front of a specific person. [active military]&&[over 55]&&[lives beside base X]&&[awake before 6am]&&[college education]&&[searched for "retirement planning"] will probably get you the most senior officer at a base/unit. Same too with senior politicians.


> Legitimate advertising. > What about the other stuff?

Thats what makes FLOC tolerable. The legit stuff is enabled, and it makes it harder to get the other stuff (not impossible of course).

> What about nefarious people who want to put a malware link in front of a specific person.

It'll at least be harder than pre-floc (ideally).

The point is to remove the incentives to collect as much data about an individual (you don't need full profiles of someone) by creating even easier ways to get useful targeting without the direct individual identification.

---

(also, i'm broadly against tracking in general, just to be clear. The point you raised is very valid - esp with existing methods).


Am I the only person who prefers well-targeted ads? If I see a targeted ad for a power supply IC on a random website, sometimes that's interesting and useful. On the other hand, Twitter is terrible at targeting and the ads are just annoying. Half are ads for random "as-seen-on-TV" quality products and the other half inexplicably think I am an oncologist.


I suppose there is nothing against well-targeted ads as long as the user has consented to having their data being used for targeted-advertising purposes.

The current landscape, however, does not prioritize user-privacy and serves ads to unsuspecting users who do not always know the terms they agreed to.

Moving away from the present opt-out to an opt-in model would give the user a say in how they would like to be tracked across the web. This is also what Apple is trying to do with its "nutritional-info" (not fanboying Apple here) labels. A user is free to consume the content they would like, but they have a right to know how their data is being used.


Would that method benefit from Googles existing people database? I'm thinking it would, and maybe disabling current tracking will kick the ladder out from potential competitors!

Still probably a step in the right direction.


> that they are not giving people unique identifiers

How far can this data be reversed? If I have a group of ten people can google tell with high reliability that probably three of them are homosexual, two have Alzheimer's and none are pregnant?


Why is it compared to "random user grouping"? I'm probably misunderstanding something, because it doesn't seem hard to be few hundred percent more accurate than randomness.


There are probably a few things going on:

* Google sees the writing on the wall: people are becoming more privacy conscious, but more importantly governments in many countries are making motions to suggest this sort of tracking could be regulated in the future. They need to stay ahead of the curve.

* The value of tracking people in this way may be less than everybody seems to think - not all data about a person's activities is equally monetizable. Just because you read an article about Julius Caesar and then looked at some clickbait article about Britney Spears doesn't mean an advertiser can sell you a chariot.

* Google in making the first move can create an advantage for itself in the market

* Much of Google's revenue comes from their own properties -- in the case of search, they are already well positioned to show you relevant ads because you have shown intent. No need for cookies there.

* Google has a dominant position with Chrome and the article suggests they want to do fingerprinting of a person's browsing behavior and put people into different cohorts without sending the raw data to Google. This is similar to how Apple does machine learning on device. If Google has exclusive access to these cohorts, they have a strong incentive to move to a cookie-less model because it puts other ad networks at a disadvantage.


It seems like you could get most of the benefits by just doing content aware adverts? Is the advert showing on a page about guitars? Show an advert about guitars and music accessories. We don't need that advert to follow us around for the next month.

It also completely eliminates the creep factor and conspiracies around adverts. "How did they know I was interested in this, are they listening to my phone?" goes away when its the same as the content you are looking at currently.


This is what DDG does and they're not exactly rolling in dough.

Also there are a plethora of contexts where this wouldn't work well. For example, Instagram has the best targeted ads I've ever seen – basically every ad I get is for something I would consider buying.

I don't think their ads would work nearly so well if I got an add for a guitar just because my friend tagged her post with #guitar.


That may not maximize ad revenue however. For instance if the Going rate for placing guitar ads is low (not many people bidding to show guitar related ads) but mortgages is quite high google (or someone) would rather show the expensive mortgage ad than the cheap guitar ad.


Yeah it's unclear to me that having a list of all the pages you've visited (or similar) provides a strong enough signal that advertisers will bid higher or result in greater conversion. In some cases it surely will, but then it becomes a question of what proportion of Google's revenue is dependent on this scenario. If it's not a significant portion, Google might just say the potential regulatory and PR headache is not worth it.


I don't agree, I've been searching for a new backpack on my iPad which is too old for an ad blocker. Now every single website, regardless of context, is packed full of adds for backpacks.

A constant bombarding reminder that I need a new backpack. 90 percent of websites I visit are not about backpacks. I'm getting 90% more ads about backpacks.


Thats a possible factor, at the same time, how many times have you looked at something random that you don't intend to buy and then you see adverts for days for this thing you don't want. How much is wasted on this? I'd say that at the moment you are looking at backpack review posts, that's the highest chance of you clicking on and buying a backpack.


not to rain on the parade here but reading the date on a dime puts you well into sub-milliarcsecond territory, well past what is possible to resolve with even a diffraction limited optical light telescope of any kind from space.

Bigger telescope systems can resolve smaller objects, but even if you were to yeet an enormous, optically perfect, 10m telescope into the very lowest earth orbit possible (not maintainable due to atmospheric drag) you would still be a couple orders of magnitude away from being able to read the date on a dime.


What does"sub-milliarcsecond territory" mean? I know nothing of satellite tech.


it's an angular measurement. applied here it means the angular resolution of an optical system.

a degree of arc is divided into minutes of arc (MoA)(1/60 degree each), and there are 60 arcseconds in a minute of arc.

Two points that are 1 milliarcsecond apart, projected on a flat surface 200km away, are about 1mm apart on that surface.

edit: (can plug "tan(0.001 arcseconds) * 200km in mm" into google to check this out for yourself)


I believe his intent, especially with the word "purportedly", was so infer that the proposed system had amazing abilities, less than it was intended to be a perfectly accurate description.


I agree that it wasn't intended to be literal fact, just figured I'd take the opportunity to flex my mediocre optical systems knowledge. :p


Could you describe what size of optical telescope you'd need to put in space to read the date on a dime? I'm very curious


Check out this chart.

https://en.wikipedia.org/wiki/Diffraction-limited_system#/me...

I would guess that you'd need 0.25mm resolution, which at 200km would require 250microarcseconds angular res, which doesn't even register on that graph at any wavelength or size of telescope lol

edit: this is a very 'spherical cow' analysis. i'm pretty sure that atmospheric effects will kill your ability to image stuff like this well before angular resolution will.


That chart is beautiful. While not really Tufte's dream of ‘a ton of measurements in little ink’, that chart shows me everything I'd want to know about this one relation.

Also, perhaps there's a need for a better naming system than one that produces ‘Extremely Large Telescope’.



Impressive! I was going to comment going on gut feeling from layman's understanding of resolving power of optics, but glad to see someone who knows more nail it.


> even if you were to yeet an enormous, optically perfect, 10m telescope

10m is a tiny aperture: https://en.m.wikipedia.org/wiki/Synthetic-aperture_radar


Having a system that's almost as good but less offensive to some people (the Privacy Sandbox) seems like a reasonable enough justification to change tactics.

Keep in mind that advertisers really don't care what your name is or where you live. They care that you are into action movies and buy fancy shampoos. The other stuff just creates trouble.


> Keep in mind that advertisers really don't care what your name is or where you live. They care that you are into action movies and buy fancy shampoos. The other stuff just creates trouble.

Google cares on their own.

And current advertisers may not care but who knows what kind of technology they may come up with in the future where that data might be valuable, having extra data has never been a problem for google.


it's important to remember that google's goal isn't to track you, it's to make money. So finding something that works better isn't necessarily a better way to track you, just a better way to make money.

tracking, including the costs of collecting and storing all that data as well as the PR cost of people being creeped out by all that data you store, is expensive. Given how accurately i'm targeted by most advertising (not very) it seems perfectly reasonable to assume that ads will be just as effective and just as revenue-generating if their tracking becomes a bit less granular.


> Given how accurately i'm targeted by most advertising (not very)

I think the problem is not ad targeting, but ad inventory. They want to sell things we don't need, that's the real cause of the low efficiency.

They should better focus on things people actually need at the time of search.


it's the same end result though - whether they don't have the ad inventory to make use of hyper-detailed tracking, or they're just not very good at turning the tracking into targeting, then either way performing the hyper-detailed tracking is a waste of money and they can make more money by spending less on tracking me.


> Maybe that just means that they consider their duopoly enough of a barrier that advertisers will be forced to accept less-targeted marketing, but I doubt it...

My guess is that they smell a change in the regulatory wind (EU and possibly US as well) and anticipate that if they get out ahead of it, those regulations will serve as a competitive moat against other advertisers.

That, or their A/B testing has confirmed ad quality isn't remarkably improved over the combination of search-tuned ads, adsense topic ads tuned to the site the user is browsing, and display ads tuned by data the site owner vends to Google about the user to fine-tune ad selection for them. They have enough data to know one way or another, and if it turns out there's not enough value-add to justify retaining all that user browsing state, dropping collation and storage of it can free up room for dozens of new projects.

It's easy to forget that one of the major constraints on what Google can do, at their scale, is storage and processing; they're so big that from most people's vantage points, those resources seem limitless, but inside Google, they know exactly how much they aren't doing because the machines and networking they already own are already pushing petabytes of data around and are already near max peak capacity for their mission-critical applications. Sometimes, the cheapest way to get more space for a new bet or an existing mission-critical task is to just stop doing something else.


Or it could mean that they have data showing that all that tracker targeting isn't actually providing the value to advertisers that they claim it provides and want to move on before that becomes common knowledge.

I'd love to see my scenario be true, but I'm afraid that it's much less likely than yours.


That's true for the B1 bomber. During the presidential campaign, when Reagan complained about the jobs lost due to its cancellation, Carter arranged for security clearance for him to know about the F-117 and stealth technology which rendered the B1 obsolete. Later on, Reagan restarted the B1 production anyway.


There is some overlap, but the planes serve different purposes. The B1 is still in service.


heavy bombers reached their ceiling, i think with the b-52. developing new bombers, as far as i can see, is a criminal waste of resources, post Cold War.


The B-52 can be detected with COTS equipment by anyone who can solder and watch a Youtube video. The B-2 could not be detected by the most advanced radar equipment available to the time of its launch, and even today most equipment not fielded by or funded by Russia or the US could not detect it. Your mailbox key literally has a larger RCS than the B-2.


Forgive my ignorance, but I'm probably not the only one who is wondering what COTS and RCS mean here?


COTS = Commercial off the shelf (stuff you could pick up in a Radioshack before they became mini-Bestbuys, basically).

RCS = Radar Cross-section (a bit more field-specific, more or less how "big" the thing looks on radar, but it is a bit jargony -- it depends on things like the material and radar wavelength).


COTS -> Commercial off-the-shelf

RCS -> Radar cross section


COTS: Commercial off the shelf, stuff you can buy easily.

RCS: Radar Cross Section - how big of a reflection an object makes at radar wavelengths.


"Customer Off The Shelf" and "Radar Cross Section"


Commercial Off The Shelf

Radar Cross Section


russia doesn't need bombing anymore. The stealth bomber has had the rug pulled out from beneath its feet. It was effectively obsolete from day one.


Google owns the operating system running on half of all Americans' phones (and an even larger share overseas). On top of that, Chrome OS is continuing to gain market share.

I think this is your answer right there.


I think your last paragraph is the answer. Targeting ad with personal information is questionably profitable to me. I am almost not caught by the ads in websites but by some search results (google search first page) or article in forums like here or reddit or some people I followed. Maybe Google just find out they actually do not need such garbage personal information. I said garbage because lots of them are really caused by random events (sometimes you are interested in something. But after that period of time, you would not ever get in touch with it again) or fake information. And, the ecosystem to store these information is expensive.


> There's no possible way that Google is going to make a change to their biggest money maker

To be fair, Google's biggest money maker is their SEA, which doesn't rely on your behavioral data, since user intent is given through a search query.


In my completely anecdotal experience, Facebook has been far, far, better at targeted advertising than google.

Facebook seems to know what Kickstarter products I’ve backed, what specific miniature paints I like and seemingly which I’ve already bought. Possibly because a lot of my miniature hobby socialising takes place in messenger and on Instagram.

Google by contrast is so bad at advertising, that I often have to re-search on duck duck go to find a webshop that I can actually use post-brexit. Maybe because google knows I don’t speak Spanish, Italian and suck at German? But I mean, I still buy stuff from Spanish websites using the translate function in chrome, so, shouldn’t they know better?

Anyway, for me personal and anecdotal, it seems google is really bad at predicting what I want. I mean, even for content. The front page of YouTube is full of videos I’ve already seen...


Yep, third-party cookies must be very inefficient by now, as well as the js GA script that enables tracking. This is probably the first two things ad-blockers block.

Of course they move away from this, the must have brainstormed and tested new ways for years. OTOH, it is stunning that we’ve invented tech that is stable even when an ad-blocker interferes with the webpage, cookies, js, requests, etc. Try that with binaries! (which is probably where they plan to move the code)


> their biggest money maker

Correction: if you go by the profit reports from Alphabet, Google Display Ads is not their biggest money maker by a long shot. That's still Search Ads


Point of information: that's a point of information.


You right


> I strongly suspect that they've already figured out something which will work "better" behind the scenes.

Oh stop it with these conspiracies.

Google (like Facebook) has been pushed in this direction for ~2-3 years by changes in Safari to the point that Google has started preparing for this pro-actively

Why do you think Google hasn't complained like FB about the upcoming changes in ios ?


Do you know our Lord and Savior Unified ID? https://www.thetradedesk.com/us/knowledge-center/what-the-te...


It is known that personally yargeted advertisements are relatively ineffective compared to advertising targeted at a group. For example, advertising for luggage on a travel website tends to lead to higher click through rates rather than showing a personalised advertisement. Personalized ads often try to market products you just have bought.


(I've worked in adtech for over 15 years.)

Advertising is just applied sociology, and sociology is just applied statistics. So statistically significant and unbiased sampling is what makes advertising work.

Highly-targeted and personalized ads are a crutch due to the fact that unbiased sampling is pretty much impossible on the internet. (There's a joke about this: "an online poll has shown that internet penetration has now reached 100 percent".)

Neither advertisers nor publishers actually want to collect high-resolution data, it's a huge cost with very little benefit.


> a satellite which could purportedly read the issue date on a dime lying on the sidewalk.

In the future, you don't have to rely on serendipity to find money on the street. You just use a satellite to find it for you.


Some of us already use them to find Tupperware in the woods!


this legend is decades old actually

the US hegemony relies on a perception of omnipotence, so there will always be a lot of boisterous claims


Two-service veteran here. In my observation, most people also "learn" about the military from Hollywood, which is almost always comically bad at portraying the kinds of people, cultures, technology, tactics, etc. actually in the military/government. What would 24 have been without Chloe's ability to hack the video camera on a 1980s alarm clock by logging into a GPS satellite?


Yeah, I feel like there were technological surprises by the federal government up to the 1980s but not really since then, but perception has been riding off of that

Even the NSA presentations and code leaks this century didnt really have surprises more just angst about their lack of accountability


> There's no possible way that Google is going to make a change to their biggest money maker that would make them LESS money.

I know this sounds laughable given how toothless regulators have been thus far, but let's not forget that a) fines under GDPR have been growing and are likely to continue to do so, with ad tech in a particularly awkward spot, and b) both the EU and US governments and regulators have started nosing around big tech on a variety of fronts, including privacy and antitrust concerns.

Given that, the cost-benefit analysis becomes pretty complicated. They may feel a shift to a scheme which lowers revenues while avoiding regulatory scrutiny now makes sense.


Spot on. They're not going to abandon their core, their bread & butter, their monopoly without a new & improved Plan A.

Full disclosure: I'm reading The Age of Surveillance Capitalism and I get more skeptical (and fearful) with each page turn.

https://www.wnycstudios.org/podcasts/otm/segments/living-und...


I feel like the phrase “tracking individual people” is how Google is going to keep tracking you as well as they did before.

With the announcement of federated learning of cohorts [0], it allows Google to use their massive amount of information they have on you already, as well as their dominance in AI to cut out the easy way of tracking people, and make it harder for anyone else to personalize ads.

Don’t get me wrong it’s a good thing that we are removing third-party cookies, but the idea that Google is confident they can track you without them makes me worried for the future of advertising. This move is undoubtedly going to cement google as the best ad tracking company for some time into the future.

[0]: https://www.cnbc.com/2021/01/24/google-extremely-confident-a...


With regards to the existing footprint of Google, it's useful to keep in mind that Google and Facebook combined are already catching 74% of advertising dollars spent online, as per the bloomberg article shared here today: https://news.ycombinator.com/item?id=26325950

It's also worth noting that other groups have proposed systems that would not result in Google creating another monopolistic product line. Google did not seem very interested in such alternatives.


Exactly this. It's Google saying "we don't need third party cookies to track people", and removing them just makes life harder for their competitors.


Google isn't the only one doing this though. The Trade Desk and the wider programmatic industry seem to be somewhat pushing to unify around Unified ID 2.0 especially as they released it to the public. (Eg one company isn't the gatekeeper on the cookieless future for ad targeting.


Yeah what is the cohort size and how many cohorts can a person be part of? This sounds like an underhanded way Google can say they don't track individuals while in practice it is almost the same.


> what is the cohort size?

"The browser ensures that cohorts are well distributed, so that each represents thousands of people."

> how many cohorts can a person be part of?

It's just:

    cohort = await document.interestCohort();
See https://github.com/WICG/floc

(Disclosure: I work on ads at Google, speaking only for myself.)


Only thousands? The x-client-data field all google owned servers get from chrome has over 65000 possible values. Wouldn't that make a combination of both unique again?


The X-Client-Data header is for evaluating the effect of Chrome changes, not ad targeting:

"Additionally, a subset of low entropy variations are included in network requests sent to Google. The combined state of these variations is non-identifying, since it is based on a 13-bit low entropy value (see above). These are transmitted using the "X-Client-Data" HTTP header, which contains a list of active variations. On Android, this header may include a limited set of external server-side experiments, which may affect the Chrome installation. This header is used to evaluate the effect on Google servers - for example, a networking change may affect YouTube video load speed or an Omnibox ranking update may result in more helpful Google Search results." -- https://www.google.com/chrome/privacy/whitepaper.html


> The X-Client-Data header is for evaluating the effect of Chrome changes, not ad targeting:

And my personal browsing habits are for me, that doesn't seem to stop Google from inventing new and imaginative ways to use them for ad targeting. The id is also long enough to be unique in a group of thousands, which is a size range in which the groups created by this new way of targeting ads apparently are.


Absolutely, and I'm not even sure it's a good thing that we are removing third-party cookies. I mean, if we take a step back: why should I even hate them? Yes, there are problems with them, there have been exploits using them and all that, but I'm pretty confident there will be similar problems with pretty much anything, because there's always a clever way to abuse some technology that was created with the best intentions in mind. And cookies, at least in theory, mean that you are putting me in charge of whatever tracking token you assigned to me: I can open my browser settings and clear it at any time. It's a good thing.

Of course, there are reasons why they aren't such a good thing as I make them sound to be. And the fact that you don't feel in charge of them should rather emphasize, than negate my point: if such a simple thing turns out to be something you learn to hate, don't you ever dream of something more complicated and less transparent to be your salvation.

And ever since federated learning became "the next big thing" I was arguing here on HN (rather unsuccessfully, I feel) that this doesn't mean that there's suddenly "no tracking", buying into that is just naïve. I'm not directly commenting on FLoC API, both because I don't know it well and because it's usually about making a stronger point anyway: that performing learning client-side and then submitting some sort of "depersonalized data" means better privacy and essentially is having your cake and eating it too. But I think it's just misleading to describe things this way. The idea that "sensitive data" is your document id, your name/surname and such is hopelessly outdated. In fact, it's funny that anyone even believes that, because if you are not a complete bureaucrat, it should be clear that you are not your name or some other sort of ID number, you are your behaviour. It's just that people are used to the idea, that Big Brother needs that simple ID number to keep you in line. But perhaps he doesn't anymore.

What I'm saying is essentially that sending "depersonalized data" is just obfuscating which personal & sensitive data is actually exchanged. And (again, not in the context of FLoC API, but more generally) it can be any data: I think we all remember funny stories how completely impartial GPT-3 learns someone's phone number and such.

So, this, and all of what you already said about the monopolization of people-tracking market.


> With the announcement of federated learning of cohorts [0], it allows Google to use their massive amount of information they have on you already, as well as their dominance in AI to cut out the easy way of tracking people, and make it harder for anyone else to personalize ads.

yes, yes yes yes. This proposal is that:

* the web have no individual tracking

* the browser, instead uploads our every activity across all sites into the cloud

* the cloud/browser-operators (google, firefox, microsoft, opera, brave) take these troves of big data & apply machine learning to generate cohorts

* the browser then places us into these cohorts

this would, as parent post suggested, absolutely "cement google as the best ad tracking company". it also makes it radically harder to create a new browser. Brave would have to become not just browsing software you run on your computer, but a cloud-service, gathering reams of data like Google, generating cohorts out new big data systems. how is Lynx/elinks supposed to become compliant with this new proposal? how is anyone other than the already existing giants of the world supposed to do this?

bold bold bold plan organize & own all the worlds data here. privacy on the web, but none in the web browser: brave new world Google. you madmen.


In floc no personal data or web history is uploaded to the cloud. This is the essence of "federated learning" - your browser does the big ml computation, then just uploads the result.


Where does the data to compute on come from?

Personal information will attempted to be scrubbed, but it very much is an upload of one's detailed web history to the cloud. Google alleges they wont know it's my tracks, but these federated learning systems are all powered by endless reams of data gathered from us.

That the decision of which cohort we are in can be done locally does not change the fact that that data has to come from somewhere, is gathered, en-mass, via huge bulk collections, of very specific, detailed data. It is only weasel words that it is called "not personal data"; our individuality is being harvested, tracked, modelled via these systems. That the information is free of personal identifiers does not make me feel much better about this all.

And it is something few other enterprises will ever have the capability to repeat or compete with. It mandates the web browser be powered by clouds & big data.


> It’s difficult to conceive of the internet we know today — with information on every topic, in every language, at the fingertips of billions of people — without advertising as its economic foundation

What’s difficult to conceive is how the currently bloated and monetization heavy internet could survive without advertising. An internet composed of relevant and useful information stored as light weight documents could easily (and used to) exist without advertising. Without ads we probably wouldn’t have millions of identical recipe sites with infuriating backstories, pop ups, share buttons, in-line promotions, etc. but we would still have people sharing their grandmother’s apple pie recipe on personal sites along with a few paid services that add real value instead of SEO garbage and social fluff.


> An internet composed of relevant and useful information stored as light weight documents could easily (and used to) exist without advertising.

Any concrete traffic measurements between those sites then and now? I'd be extremely surprised if traffic didn't shoot up by orders of magnitude.

That's also assuming that no ads means we'd go back to the mid-90s internet. Pretty sure there are still companies that would like to do business online, even without targeted ads. The tactics would change, that's it.

> Without ads we probably wouldn’t have millions of identical recipe sites with infuriating backstories, pop ups, share buttons, in-line promotions, etc.

True for pop-ups, in-line promotions or ads. But SEO will be a thing as long as we have search engines. Hell, earlier search engines were getting gamed with keyword stacking all the damn time. Bringing you on the page and showing you ads wouldn't be enough to make money, but I don't see how you'd even get rid of sites wanting traffic. Unless you're really advocating for getting rid of commercially motivated sites - which I'll assume you're not, as it is kind of delusional, IMHO.

> we would still have people sharing their grandmother’s apple pie recipe on personal sites along with a few paid services that add real value instead of SEO garbage and social fluff

That's a whole lot of extrapolation, and a rather subjective judgement call. Hell, one could definitely call this very site "social fluff".


Yes, nothing more frustrating than quickly looking up a recipe detail whilst in the middle of cooking it and having to scroll deep, deeep, deeeeep down the useless SEO text only to scroll past that one tiny detail. My wife and I are creating our own cooking book as a PWA. Only bullet points, no fluff. Short: useful.


> What’s difficult to conceive is how the currently bloated and monetization heavy internet could survive without advertising.

The no-monetization web ship sailed circa 1995. The internet is about a lot of money and it will be about even more money. If it's not monetized through ads, it will be monetized in other ways (probably regular sales but most likely subscriptions).


I should have specified ad monetization or product placement, brand promotion and things in that vein. I’m not against commercializing of the internet but I am against the ad revenue model that heavily distorts the content and presentation. I don’t know what the winning model looks like, lots have been suggested like micropayments, subscriptions, donations, and others more far fetched but none of that can take root until we remove the toxic ad industry.


I'm still kind of surprised to see people think of the internet as this static information library it was originally thought as. It hasn't been this way for decades.


It is also a flat out lie because the "information on every topic, in every language, at the fingertips of billions of people" is not funded by ads, ads fund google, which keeps a 70% cut for themselves. Information is basically impossible to monetize these days unless people charge. Google does not create information, it copies/steals it.

It is difficult to conceive Google without advertising as its economic foudnation.


How did you come up with "google keeps 70% to themselves" fact?

Google revenue cut is around 30%, not the other way around.



I think this is an anectode.


Whats odd about the recipe story is my folks have accumulated quite a collection of cookbooks over the years, yet for mysterious reasons both prefer to endlessly scroll through the ad infested nightmare on every cooking site recommended by the Google app. Some of these sites have an Ad after every sentence.


As somebody that has quite a few shelf-meters (shelf-yards) of cookbooks: If I'm looking for a specific recipe, it's still faster to go through the online recipes than getting out the cookbooks and going through the index and finding it. My phone is also more practical to lug around than a cookbook.


Thats true.


Nostalgia is a hell of a drug


>>Google plans to stop selling ads based on individuals’ browsing across multiple websites >> to target ads without collecting information about individuals from multiple websites

Key words:

Individual: They might still track persons by group, by placing people into pools of like-minded internet users and track the browsing trends of this group.

Browsing: Geographic location, sleep cycles, or media streaming/viewing preferences are still on the table.

Multiple: Tracking within one website is still a thing. YouTube habits are still a go.

Websites: Apps, and everything we do with them, are not "websites".

While I think this is a step in the right direction, I don't see this statement as very limiting. It only addresses a very narrow type of tracking.


Yeah at which point does their sub-grouping effectively reduce us back down to identifiable individuals in everything but name?


> "Instead, Google says its ad-buying tools will use new technologies it has been developing with others in what it calls a “privacy sandbox” to target ads without collecting information about individuals from multiple websites. One such technology analyzes users’ browsing habits on their own devices, and allows advertisers to target aggregated groups of users with similar interests, or “cohorts,” rather than individual users."

I'm having a hard time parsing this out, and seeing what's actually changed. How do they determine an individual's "cohort(s)", without collecting information about that individual across multiple websites?

Is it simply that the data is collected and processed client-side, rather than server-side? Would using a non-Chrome browser effectively opt-out altogether, then? I find this difficult to believe.


The idea is that they group you with N other similar people where N is large enough to anonymise you enough to stop the worst complaints but small enough that advertisers still find it useful.

Some sort of principal component analysis to determine your "cohort".

An advertiser isn't that interested that you are you. They care that you are, for example, 55 with an interest in gardening and have been looking at lawnmower review sites.


So if I look up the specs on a pair of Bose QC-35's, I won't get internet-stalked with ads for that specific pair of headphones for the next 3 weeks whenever I pull up a weather report? But in stead I may see an uptick in general audiophile ads if I'm constantly reading articles about new gear that comes out? At least that sounds like a partial win in my book -- the first case was too creepy because it was so blatant. The second one may be worse because it is more subtle, but it creeps me out less for some reason. Kind of like how 2-3 decades ago when computer magazines were a thing, I kind of expected ads for computer parts in those magazines.

Edit: Actually, come to think about it, I wonder how people would have felt in the 80's if they got one of several editions of a newspaper based on magazines that they also subscribed to. Households that subscribed to fitness magazines would get a newspaper with more gym membership and weightlifting gear ads, and households that received woodworking magazines would have more Craftsman ads in their newspaper. Would people appreciate the customization of the paper, or would they see it as an invasion of privacy?


> if I look up the specs on a pair of Bose QC-35's, I won't get internet-stalked with ads for that specific pair of headphones for the next 3 weeks whenever I pull up a weather report

The WSJ seems to be describing https://github.com/WICG/floc, but the kind of remarketing you're describing is what https://github.com/WICG/turtledove is intended to support. Advertisers would still be able to run that kind of personalized ad, but the browser API would not allow them to learn your browsing history in the process.

(Disclosure: I work on ads and Google, speaking only for myself)


To me, ads following you around the internet about a specific thing that you browsed is just an example of how the targeting ad system is broken. A better ad system would see that you were interested in specific item and then advertise other items that mesh nicely with the use of the specific item. If you bought A, then there's better chances you's be willing to spend money on B too.


Or you can just use an effective ad blocker (I use uBlock Origin) and not see ads at all. IDK why everyone doesn't do this.


"Owners of QC-35s" can easily be a cohort, especially since there's a lot of people in that group and it's easy hit the anonymization score required.


You may still be stalked about the Bose QC-35's. It really depends on how they create the "cohorts". The new design doesn't tell us their intent here. People who are interested in Bose QC-35's could be a "cohort" you are put into.


It's still bad. If you are in the X cohort and buy Y, the seller will know that you are in the X cohort if the seller targeted X, even if Y has nothing to do with X. This is the fundamental breach of privacy that Google can't get around.


Unfortunately if enough people have been looking at Bose QC-35s then there's no reason why that couldn't be a fact about your cohort.


I thought this was how it already worked..


Here's Chrome's technical page for Privacy Sandbox: https://www.chromium.org/Home/chromium-privacy/privacy-sandb...

The bit you're quoting sounds like the WSJ trying to describe https://github.com/WICG/floc. That depends on the browser choosing to support the API, yes.

(Disclosure: I work on ads at Google, speaking only for myself)


This feels like some slight of hand targeting the current political and legal efforts looking into Google.

For example, if they aren't collecting information on you than how do they have enough information to create cohorts? Is it that they are deeming information processed on your local computer running their software something that isn't them collecting? This seems like a form of misdirection.

Without knowing the technical details (which one never knows with Google), it leave me the impression that they have moved some of their categorization software client side (Chrome, web workers, etc) and are saying that they aren't collecting the data in that case.

Is it Google using remote devices as edge devices to do a bunch of work they'd been doing server side?


This is probably related to the "ban" of third party cookies [1] and most likely they just found a way without using cookies but other technologies - most likely biometric features + Chrome data in case you're using Chrome

[1] https://www.cookiebot.com/en/google-third-party-cookies/

Edit: I did not have time to read it, but here is the paper and probably something like the algorithm they want to use: https://github.com/google/ads-privacy/blob/master/proposals/...


So now you, and your intellectual soulmates (whom you haven't met yet) will be targettable as a group. Hmm


A non-Chrome browser is always a good idea.


Hypothesis: the real motivation is that Google has determined the following:

1) we can sell all our ads for just as much money anyway, even without targeting based on web browsing, because the advertisers will take what we let them get

2) targeting based on browsing history is more complicated, requiring more developers and server capacity, which Google could certainly afford but it has plenty of other things to do that pay off better

3) it turns out that advertising based on what website you are currently on, works just as well anyway; to put it another way, all that "show a person who just bought a car an ad for another car" targeting was not really working.

"We respect privacy" sounds better than "our targeting accomplished almost nothing and you'll buy the ads anyway."


> to put it another way, all that "show a person who just bought a car an ad for another car" targeting was not really working.

Boy that sure is true for me and has been for a long time. I'm often bewildered not by how accurate my ads are, but rather by how braindead they seem to be. I'm not convinced algorithm-based ads work at all.

In fact I would hypothesize that ads are often more effective when they are unexpected, for something the viewer has never considered buying before. A targeted system would hide such ads.


Excellent point which I had not considered before.


Well this is kinda obvious - and a good thing I guess? If Google can sell ads without tracking everyone, that seems like the best win? It protects our privacy and removes them from the fight for more tracking in pretty much the easiest way possible.


Google doesn't work that way, and in general a corporation pretty much converges to a point where they will put resources on wherever there's dollar.

You are underestimating the big picture, which is - google is really left between apple and regulations (gdpr, ccpa etc) pushing privacy front and google have no choice but to go in this area.


"...will put resources on wherever there's a dollar."

Yes, but it may be that they've decided there's no dollar here. Or, to put it another way, they get that dollar whether they track your browser history or not, so why bother? It's more like cutting corners, which corporations are most certainly willing to do, but in this case we like it (but that is probably only incidentally of interest to top executives).


The best ads I got were on Facebook, and based on something to do with my history, although in what way exactly, I cannot be sure. I got an ad about Triplebyte (got numerous job offers from that); ads for concerts that I was interested in; and ads for art exhibitions very specifically related to my interests (which I would have 100% missed if not for the ad).

So I'm super disappointed that I will not be getting such ads from Google. In fact, it annoys the hell out of me that people who are concerned about privacy created such a strong anti-ad-personalization movement. This harms people like me who prioritize getting valuable information over privacy. I think people should be allowed to enable their own privacy settings, but activists and politicians should not force their ideology on the society to such an extent as to scare corporations away from personalization.

Though to be fair, I don't recall a single useful ad from Google in my life. So maybe I overestimate the damage the privacy advocates are causing.


So one of the biggest privacy invaders on the planet is charting a course towards "privacy first"?

If you believe this, maybe you would like to buy a bridge?


A lot of people work at google. A subset of googlers are very focused on privacy first.


- Yeah, I'll believe it when I see it

- It also doesn't seem too unlikely, given more and more talk of the possibility that "targeted" ads don't actually work that much better than non-targeted ones, and Google are in the best position to verify that. Switching to ad models that are not based on exact user tracking, as long as they have the monopoly position might be the best way to ensure future profitability before they lose their users due to privacy concerns. All the AI and other technical and other monoplistic (AMP, Maps, etc.) advantages might be good enough to beat any tracking-based competitiors.


... possibility that "targeted" ads don't actually work that much better than non-targeted ones

They don't and here is why --- if you search but don't purchase through a Google ad, you're likely to still see ads for the item following you all across the internet for months after you made a purchase elsewhere.

This does nothing but annoy the user.


Oh no, no, no. It's "more privacy first." And that may not be "privacy first" at all.


"Privacy first" is Google-speak meaning "the first thing we do is eliminate your privacy".


It's a good time to pivot. Google is one ad-block away from loosing 70% of their revenue [1]. They should adopt the model that DuckDuckGo uses [2] and offer ads based on search query vs user data tracking.

[1] https://www.statista.com/statistics/266471/distribution-of-g...

[2] https://spreadprivacy.com/duckduckgo-revenue-model/


They should also offer a paid search engine with more advanced features and better results. I would pay for that if the cost were reasonable.


You mean one where SEO-driven garbage content didn't flood the ten first pages of results? Isn't that a lost battle, ie, wouldn't the same guerilla army of SEO marketers who've driven things to where they are right now find ways to pollute that too?


I used to keep a txt file containing something like:

-site:highrankingspamsite1.com -site:highrankingspamsite2.com etc

And then I would paste that in at the end of each query.

Today they've removed that kind of spam so I don't need that.

Today my problem is that they fuzz my queries to include useless results. Not a spam problem rather than a problem of Google not realizing that I only want relevant results.

But of course, removing results that doesn't contain what I search for is easy and not an interesting machine learning problem so why should anyone care to fix that?

(That said: lately things have improved, so maybe I should just shut up and hope nobody at Google notices and puts back the insane fuzzing.)


> Today they've removed that kind of spam so I don't need that.

Try looking for images and see how many results in the first "pages" are not from Pinterest.


If you want to avoid the term expansion, just put double quotes around the words you want to hard require.

As for including "useless" results - that's never a goal, the goal is always to rank the results in the best possible way. What's the best possible way varies depending on the user, and relatively large term expansion is useful for certain users in certain cases.


> If you want to avoid the term expansion, just put double quotes around the words you want to hard require.

Lucky you if that consequently works for you. It is getting better lately, but from 2009 to 2019 they've more or less consequently ignored both dpuble quotes and their own verbatim option.

BTW: the way you write make it sound like you work in search. Is that correct?


I don't, but I collaborate with people that work in search, and regularly hear detailed presentations about aspects of it.


Which is fine, except even that seems to be ignored sometimes.


A paid search engine could have advanced features like "exclude this site from future results" or "don't show me content like this" that used semantic AI profiling. It could leverage more CPU-intensive and data-intensive AI features because you are paying for it so the economics work.

Free search incentivizes the cheapest (in CPU and other resource terms) search possible and monetizing in ways that add the least actual value.


I'd pay for the old Google Image Search and the ability to blacklist Pinterest.


You can pretty easily implement this! There are a few Chrome/Firefox extensions that modify Google Image search to look like it used to, and as far as blacklisting Pinterest, I'd recommend creating a custom search engine in Chrome (I assume this is possible in ff too?) with that parameter as a part.

Settings > Search Engines > Manage Search Engines > Add

Then input:

- Search Engine: Google Images

- Keyword: i

- URL: https://www.google.com/search?tbm=isch&q=%s%20-site:pinteres...

Then typing i<space> in the url bar will use that search engine. I've got about 30 of these for various sites and they're a great time saver! (Chicago Craigslist, Google Maps Directions to <place>, DuckDuckGo I'm Feeling Lucky, Wikipedia search, etc.)


I pay for Google One and would love it if they included no ads in with that. I bet a lot more people would take it up too.


A drag and drop filter builder alone and I'd fork over a subscription.


Id say the title is incorrect, as its still selling ads based on your browsing - its just they arent directly capturing the addresses - instead using some ML for cohort analysis via their "Privacy Sandbox".

It seems to me that this is actually giving them more reach, as now it wont just be websites using google analytics, etc - but EVERY website you visit, unless the site owner specifically opts out - a google-made blackbox that sees EVERY site you visit and labels you accordingly

Few questions for the knowledgeable:

  - Is it be possible to disable?
  - Will they be releasing the datasets for how these ML models are constructed?
  - Do sites in "incogito mode" contribute to analysis?


See https://github.com/WICG/floc

> Is it be possible to disable?

"A site should be able to declare that it does not want to be included in the user's list of sites for cohort calculation. This can be accomplished via a new interest-cohort permissions policy." For a per-user opt out, a browser extension could easily block it.

> Will they be releasing the datasets for how these ML models are constructed?

"The browser uses machine learning algorithms to develop a cohort based on the sites that an individual visits. The algorithms might be based on the URLs of the visited sites, on the content of those pages, or other factors. The central idea is that these input features to the algorithm, including the web history, are kept local on the browser and are not uploaded elsewhere — the browser only exposes the generated cohort."

This code will be in the browser, which is open source.

> Do sites in "incogito mode" contribute to analysis?

"All sites with publicly routable IP addresses that the user visits when not in incognito mode will be included in the POC cohort calculation."

(Disclosure: I work on ads at Google, speaking only for myself)


So to reiterate:

> Is it be possible to disable?

No. You suggest this is possible with an extension, but it clearly wouldn't be permitted in chrome store (as per well known ad-blockers). Why wouldn't it be a setting in the browser? Clearly anti-user practices.

> Will they be releasing the datasets for how these ML models are constructed?

No. You suggest that the code is in the browser (which i doubt - its certainly not at the moment!). Even if it were it is effectively useless without the training datasets. i.e. its a blackbox.

> Do sites in "incogito mode" contribute to analysis?

No (at least this one is a positive "No") :)


> it clearly wouldn't be permitted in chrome store (as per well known ad-blockers)

Why wouldn't it be permitted? Many ad blockers [1][2][3] are in the Chrome store. Disabling a browser feature is a very standard usage of extensions.

> Why wouldn't it be a setting in the browser?

It might be! I don't know what Chrome (or other browsers that choose to implement the API) will decide. The proposal is not that far along yet. You could consider filing an issue at https://github.com/WICG/floc/issues

> You suggest that the code is in the browser (which i doubt - its certainly not at the moment!)

https://github.com/chromium/chromium/tree/master/chrome/brow...

[1] https://chrome.google.com/webstore/detail/ublock-origin/cjpa... [2] https://chrome.google.com/webstore/detail/adblock-plus-free-... [3] https://chrome.google.com/webstore/detail/ghostery-%E2%80%93...


Anti-trackers are blocked from the chrome store. Adnauseum, for example.

That code you linked to collects hashes and sends them to google via chrome sync... There is nothing there that labels cohorts


I am a little curious why Google did not just announce that they were getting behind the system that Mozilla and Apple started talking about a year or 2 ago? (Or at least that they were working with them on something)

Otherwise like many others this makes me think that Google is still doing something fishy here and I don't trust it.

Edit: For anyone curious what I am talking about https://webkit.org/blog/8943/privacy-preserving-ad-click-att...


Maybe they see the writing on the wall and they are conceding that they don't _need_ website visit tracking at the individual level. Instead, just mapping individuals into _categories_ is sufficient for targeting.

They'll categorize websites (as they already do) and put you into that category, but forego tracking exactly which website/page put you there. The specific page is probably more granularity and privacy invading than they need to continue printing money. Think Netflix movie categorization; who cares which movie I watched put me into the Norwegian-Horror-Romance-Action category, as long as my preferences are known, targeting will continue working.

While it's great for debugging how someone got into a bucket, all that's really needed is the bucket, not the raindrop. I'm certain they'd like to continue knowing those buckets though, so getting ahead of that is critical to their business.


The systems could be identical down to the last byte, and Google would never join. Google is in no world going to hand over control of their prime revenue-generating stream to TWO of their arch-rivals.


What Mozilla and Apple announced was meant to be a standard that worked across all browsers (if accepted).

It is in Google's best interest that whatever system they use works regardless of browser.

Largely I agree but Google's relationship with Mozilla and Apple is a little more complicated than "arch-rivals".


I suspect the entire "show users ads based on their browsing history" simply doesn't work. I don't recall ever being interested in any of the ads targeted at me.

What works for me is, I buy "Mopar Action" magazine for the ads. Back in the day I bought computer mags for the ads. And so on. Those ads were targeted at what I was actually interested in at the moment.

For another example, recently I've become interested in Film Noir movies. I go looking for them, and I get ads based on my interests last month. No sale. I look at Film Noir websites, and I want to see Film Noir movie ads, not movies I was interested in months ago. If I look at a woodworking web page, I want to see ads for woodworking tools.

On my own web pages on programming, I wish Google and Amazon would run ads based on the page content. Amazon has a way to suggest that, and I tried it out. All it would serve for weeks was Batman movie ads. Why would anyone looking at a programming page want to see Batman movie ads? I finally just disabled the Amazon ads. It's similar with Google ads.

Note that serving relevant ads in this manner has absolutely no requirement to know my browsing history.

P.S. I actually still run Amazon ads on my programming pages. However, I don't let Amazon pick the product anymore. I pick it myself, and my page generation program picks one of those products for each page. The products I pick are from a self-curated list of the best programming books available.


This is not true, they say they are switching from third-party cookies to FLoC.

The EFF calls FLoC "bad for privacy". More information here:

https://www.eff.org/deeplinks/2019/08/dont-play-googles-priv...


Paul Graham on Twitter "What this news tells me is that Google has found a way to target ads just as effectively without using this data."

https://twitter.com/paulg/status/1367118518592888834?s=20


This seems like a pretty poor take by pg. It ignores the years of friction over targeted ads that have been leading up to this change. Apple and Mozilla have also shifted strategies in this area.

It seems the right time for Google to pivot, if not a little too late.


Or if its less efficient it might increase ad spend - not to be to cynical


Honestly, is that bad?

I have no objection to targeted ads.

I have a multitude of objections to systematic privacy invasion for profit.

If they can somehow target ads while preserving my privacy, I'm all for it.


This proposal won’t protect your privacy. It just helps cement their monopoly and provides a better signal. Pg’s analysis is spot on.


Google's monopoly on ad tech is entirely orthogonal to the issue.

As for PG's tweet, I think it's a bit much to call that single sentence an "analysis". At best it's an opinion, and not a very nuanced one at that.

Please explain how this isn't potentially an objective improvement of end user privacy over things like third party cookies, browser fingerprinting, or other mechanisms of identity tracking.


How is this orthogonal to their monopoly? They’re explicitly blocking direct competitors’ tracking mechanisms in favor of one they control.

I answered your other questions in a sibling comment.


What does Google's monopoly have to do with the privacy implications of the method they're now favouring?

Either it's a more privacy-preserving method than current techniques and technologies or it's not, irrespective of the competitive landscape of the ad tech industry.

I think it's objectively the case that this is certainly better than assigning unique identifiers to every user and tracking those IDs + associated segmentation in third party databases that are ripe for abuse.

Is it perfect? No. But I didn't realize we were just gonna go full nirvana fallacy, here. If that's your bar, nothing short of eliminating targeted advertising entirely will satisfy you, in which case, frankly, you're being unrealistic.


It's anonymized and the ad targeting algorithms are run client-side, with the relevant browsing data never leaving your device.

How is that not a big improvement in privacy for ad targeting vs the current system?


As the EFF has pointed out, the cohorts the machine learning algorithm exposes are targeted enough to be used as an individual identifier.

Also, this solution does nothing to prevent the abuses of the resulting user clustering that we’ve already seen (such as targeting addictive pharmaceuticals to addicts, or youtube promoting conspiracy theories).

The article says they plan to embed the data collection into the operating system as well as web browser, so people on Android will have even more of their privacy stripped away for ad targeting.


> As the EFF has pointed out, the cohorts the machine learning algorithm exposes are targeted enough to be used as an individual identifier.

Yup, deanonymization is a problem.

That's better than no anonymization now.

But I agree, it's not perfect, and frankly, I don't think there is a perfect solution that prevents bad actors from deanonymizing users.

The real solution to this issue is regulation and transparency.

> Also, this solution does nothing to prevent the abuses of the resulting user clustering that we’ve already seen (such as targeting addictive pharmaceuticals to addicts, or youtube promoting conspiracy theories).

This has nothing to do with the privacy implications of this technology.

Personally, I think you (and the entire advertising industry) are massively overestimating the effectiveness of targeted advertising, but... shrug

> The article says they plan to embed the data collection into the operating system as well as web browser, so people on Android will have even more of their privacy stripped away for ad targeting.

They already do this!

Again, this is still objectively an improvement.

Does it fall short of eliminating targeted advertising entirely?

Yes.

Personally, I'm a realist and recognize that ain't happening, so we should welcome any movements that make the industry a little less invasive and destructive.


Don't let perfect be the enemy of progress, I say.


Isn't the ability to sell targeted advertisements pretty much the foundation of their business plan? The business plan they showed investors and stockholders? Maybe they'll stop indexing my behaviour against my name or social security number, but to stop tracking me or using that information is the kind of behaviour that leads to class action suits by shareholders. I suspect that this lede will only be true if one allows some pretty creative definitions of "stop", "selling", and above all "specific". The only purpose that adjective has in this sentence appears to be to grant that sort of flexibility. "Oh, no, we're not tracking that specific human being. We're only tracking the use of the computer he's sitting in front of."


It seems like they're claiming to stop one particular kind of tracking, not targeting advertising all together. More than likely as a step to avoid regulation or to appear to be practicing good faith.

Or web browsing patterns turned out to be low-signal for ad delivery.


This article is full of basic self-contradictions.

The very first sentence:

  It’s difficult to conceive of the internet we know today 
  —with information on every topic, in every language, at
  the fingertips of billions of people — without advertising 
  as its economic foundation.
He literally describes Wikipedia, which is not based on advertising as its economic foundation.

Immediately after that, he says:

  72% of people feel that almost all of what they do online is being 
  tracked by advertisers, technology firms or other companies, and 81% 
  say that the potential risks they face because of data collection
  outweigh the benefits
If that's true, then we are already far past the point where everyone just expects intrusive spying to be a normal part of web use. If that feeling were going to disrupt the advertising business, then it would already have done so. Therefore, his next comment is categorically false (though I wish it were true):

  If digital advertising doesn't evolve to address the growing
  concerns people have about their privacy and how their
  personal identity is being used, we risk the future of
  the free and open web.  
I think another comment here by user samschooler nails it - Google wants to block intrusions by its competitors under the guise of protecting privacy, while opening up new doors to tracking that only it can take advantage of.

The right way to respect user privacy in advertising is much simpler: just use what they voluntarily gave you (i.e., the words in their search terms) to present relevant advertisements. That may not provide as great of a "benefit of relevant advertising", as he puts it, but that's fine with me.


This is not a major change from their previous stance.

> investing in tracking technologies that uniquely identify web users as they move from site to site across the internet.

Fundamentally they are still tracking people and still using your information to sell you advertising. They are just relying on hardware you buy and your own software to do it.

One thing I've been curious about this whole time as they've been talking up "FLOC" is what they are doing with regards to other browsers. Are they simply giving up on the ability to track non Chrome users and rely on market share?

The other piece this doesn't mention is it very specifically says "Web Browsing", not tracking in general, for example across applications on mobile devices or via integration into Android.


“Keeping the internet open and accessible for everyone requires all of us to do more to protect privacy — and that means an end to not only third-party cookies, but also any technology used for tracking individual people as they browse the web.”


I never thought I would mistrust Google as much as I already mistrust Facebook, but here we are.

You can target ads based on the content of the webpage they are displayed on instead of constantly spying on everyone.

How about we go back to that?


sure, just drop everything and go back to 1999 :)


Or adopt strict privacy laws.


It's unfathomable that this has become such a complex ordeal, except insofar as that confusion has been a source of profitability for advertisers.

The first principles are exceedingly simple:

What I want: for small, insurgent, creative businesses who want to specifically get my attention to be able to do that through inexpensive, surgical messaging rather than mass advertising.

What I don't want: for middlemen (or anyone) to facilitate this using information I didn't intend to make public and can't verifiably stop my browser (and other tech) from shedding.


I briefly hoped this meant they were giving up on ad targeting.

However, my reading of this is that they’ve given up on embedding trackers in websites, and instead will embed trackers at the operating system level, where they can gather even more information.

The stuff about cohorts describes standard clustering algorithms that have been used for ad targeting for decades.

This doesn’t sound like a win for privacy. It sounds like greenwashing of a massively expanded surveillance infrastructure.


I don't understand this prediction (emphasis mine):

> Google’s heft means that its move is also likely to stoke a backlash from some competitors in the digital ad business, where many companies rely on tracking individuals to target their ads, measure their effectiveness and stop fraud.

Isn't this just an opportunity for these guys to differentiate themselves from the 900 lb gorilla? And if that tracking really leads to ads with higher conversion rates then those competitors will do better than Google (until, if those ads really are better, the latter reverses its decision).

BTW this is not in any way a defense of intrusive tracking, which I consider both a tragedy and a significant waste of money. My intuition is that this tracking adds little to no benefit. I suspect we're still in the at least "50% of advertising spend is wasted"* world; more like 70%-80%. This is another nut to be cracked, and one unlikely to be addressed by any incumbent.

* Attributed to John Wanamaker (among others, though I feel he is the most likely source)


“The Times They Are A-Changin'.” These types of moves from Google are interesting, while not unexpected given the mounting regulatory pressure they are facing. It’s a bit unclear which stake-holder Google is trying to optimize for: Chrome users, AdSense publishers, or itself. Time will tell how this all shakes out, but it’s important for people to realize that there are a growing number of alternatives available if you care about privacy and retaining control over your browsing activity. Neeva is a good example of an alternative search engine which prioritizes user privacy by following a subscription monetization model, avoiding the ad-ecosystem all together.

Disclaimer: I work at Neeva[1], and these opinions are my own.

[1] https://www.neeva.com


I am biased to think this was going to be just a bunch of hoopla coming from Google. They are the last company I'd expect to actually care about user privacy.

"That’s why last year Chrome announced its intent to remove support for third-party cookies," aka only Google's cookies are "safe". Sounds like Google is going to try and block it's competitors from being able to gain the information Google uses to make money (tracking information for ad revenue.)

Also this was written like someone needed to fill in the article for a C-Level headline after the headline was already chosen. Disappointing that a company like this maintains it's stranglehold on a market and tool (now commodity) that regular people have no understanding of.


> remove support for third-party cookies," aka only Google's cookies are "safe"

If you are on a site, first-party cookies are cookies for that site and third-party cookies are cookies for any other site. It is "third-party" from the perspective of the site, not the perspective of the browser.

(Disclosure: I work for Google, speaking only for myself)


> However, Google will still allow its advertising customers to target users across its range of services — from YouTube, to Gmail, and Search — if users are logged into their Google accounts, Digiday reported. The announcement also doesn't affect mobile apps and mobile-app trackers. Similarly, the announcement also doesn't prevent publishers from selling ads based on information about how a user behaved on their specific site.

Looks like Google can still target users who are signed in. From this article: https://www.businessinsider.com/google-to-stop-tracking-indi...


Will Facebook follow suit now, or continue to whine about Apple’s impact to small businesses?


1) Google is switching to cohort-based analysis rather than individual data. It's not a complete shut off.

2) Google already has plenty of 1st-party data from search, gmail, maps, news, etc which is more than enough to sustain the same targeting abilities.


the threat of regulation can be a powerful thing.


I think this is it. This response shows that if anything we need to hasten regulation proceedings.


But then, governments will choose who the winners are (and will charge for this).


No, governments will decide the rules of the battle. In corrupt systems it will be choosing the winner, in a sane one it would make who wins inconsequential.


For all the hullabaloo about the Emperor’s new pErSoNaLiZeD ads, I have yet to see one about a video game or movie or book that I loved and didn’t discover through chance or word of mouth.

Meanwhile if I search for a coffin even once Amazon keeps recommending more to me. Way to go ya boffins.

@People working in the ad/tracking racket: Please, instead of trying to guess who I am or what I like, why not just let me TELL you?

Let me provide some criteria (“pixel art”, “chiptune music”) and feed you some examples (Fez, MegaMan) and try to show me similar games. Then I might actually spend some money because of an ad for once.


I can't imagine that they're willingly giving up piles of money. Assuming they aren't, that may mean that individual tracking & targeting simply didn't add much value in attracting customers and sales.

Or they've but up such a massive database of individual behavior that they can now generalize that to targeted groups instead of individuals.

The article also just says they won't sell ads or invest in that technology, not that they won't still track and use the data in some other ways. They've probably invested plenty already to not need to push it further.


> that may mean that individual tracking & targeting simply didn't add much value in attracting customers and sales.

No, personalized advertising is the key to Google's ad success.

The main reason Google is doing this is to cement their ad monopoly. They have all the data now, when they turn off 3rd party cookies, no one will be able to compete with them.


Yeah, sort of what I meant by my last bit... They simply don't need it any more.


Out of the goodness of their hearts no doubt


Is this even possible? Won't their ML ad models still have seen data from when they DID track people across sites? And even if they stop using those models, won't the structure and tuning of those models have been derived from cross-site-tracked data? This sounds a lot like a computer vision company saying "we have stopped using imagenet in our model training!". Did you really re-train from scratch? Ok, even if you did, now did you also happen to re-derive your network architecture from your own data?


>...a proliferation of individual user data across thousands of companies, typically gathered through third-party cookies.

Is this really the main culprit? I get the impression that a lot of the tracking work has to do with server side data gathering based on ip addresses, matching web sites, shared login data, embedded pixels and probably all sorts of other clues. I would love to be wrong about this.

If I am correct then "blocking third-party cookies" is mainly a feel-good marketing ploy.


Half the top pages on Google are now AMP links - which are hosted on Google. So no Google doesn't need to track you across websites because you never leave Google.


It seems like Google is aiming for regulatory capture

https://en.wikipedia.org/wiki/Regulatory_capture

While Google can now expect inevitable regulation, shaping that regulation in their interest will still benefit them by excluding new competitors (for example, by forming it so that execution depends heavily on trade secret and/or patented algorithms).


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: