Instead of more palatable user tracking, how about we tell advertisers and internet companies: fuck off, we don't want any tracking? How about we hunt down and eliminate all features that allow cross-site information sharing? How about we treat attacks on user privacy as security problems of the web standards, à la Tor, and build technology that aggressively hides any user signature in any layer, from rotating IP and MAC addresses to user agents, referers and canvas leaks?
But wait you say, how would the very useful internet ecosystem survive without advertising revenue? Well, there is nothing wrong with advertising per se, it's a natural part of a free market economy. It's ok to target ads to the user's search terms or social feed. The problem is that, in the pursuit of advertising revenue, a cutthroat economic competition pushed advertisers to mine more and more personal data simply to stay competitive. It's a low sum game: it doesn't bring much more money in advertising or make the internet significantly more useful, but it destroys the privacy of everyone. A spectacular market failure ripe for correction.
I wrote a long, but low effort comment where my thesis was that I think it’s ok for companies to pay for your attention, but the problem is that they are paying Google.
I ended up reaching the conclusion that we should ban paying money for your attention, but I haven’t thought of better alternatives for businesses to grow or expand online yet.
USPS becomes vehicle for junk mail
Telco becomes vehicle for robocalls
Television a ratio of value to ads that gets smaller and smaller
Internet becomes vehicle for ad revenue
All of these things are companies abusing communication platforms for your attention and we seemingly are never willing to pay more than advertisers are, maybe because by the time that decision happens folks move to the next platform.
The meta thing is that the Internet is a meta platform and we can keep making new communication methods, but we are still stuck with Google.
> On the contrary, users are consistently willing to pay more than advertisers when given the option.
Problem is: there is a huge difference between paying even one cent and not paying. If you ask for $0.01, you will probably get the same result as asking for $0.10 or even a dollar. And if the only thing you have to offer is a mildly interesting blog post, no one will give you a dollar, so, if you want that cent per view, putting an ad is the only option. Micro transactions turned out to be largely a failure.
Another option is to find an editor/platform that gives you a share of a larger subscription. But even then, most people don't want to pay. For example, the usual reaction when I mention YouTube Premium is "why would I pay for something free?". And it gives even more power to large platforms: YouTube can reasonably ask for $10/month given the amount of content, it is much harder for a small player.
So what is the solution? Braved tried something with BAT, but it is still an ad-based solution, and I don't really trust it. Carriers tried it with the equivalent of premium-rate phone numbers. Governments suggested tax-based solutions, none of them convincing.
> I ended up reaching the conclusion that we should ban paying money for your attention, but I haven’t thought of better alternatives for businesses to grow or expand online yet.
I think western society struggles with banning things. But we've shown an aptitude for taxing vices. It's all about the money, right? Rather than banning, would taxing this economy achieve a compromised version of what you're seeking?
The problem is that if you tax it the government becomes incentivized to increase attention selling.
If the money isn't destroyed you will end up in smaller scale corruption. One example that comes to mind is HK zoning fees and the government's increasing dependency there of.
Maybe I'm being naive; I work with some peers who smoke habitually. They pay a hefty tax for their habit. I don't really see the government's incentive to keep them at it to collect more taxes happening. Is it super sneaky and I just don't see it?
I think for certain "unpalatable" vice taxes, the increase in revenue is usually not worth the bad publicity. But one example I can think of regarding cigarette taxes is the increase in smuggling they cause, and as a consequence a lot of "government action" to prevent said smuggling. What ends up happening then is you get to see a glimpse of the thinking not being "lets keep people from smoking" but rather more in terms of "lost revenue" or "tax money stolen by smugglers".
On some level, if the tax is there to "discourage" people, then the fact that they're willing to buy "smuggled" goods to save a bit of money shows you that they're not discouraged enough and they're not your target audience.
Care to share the math? Prevailing opinion in Western Europe is that smokers cost a lot of money to the state and taxpayers due to them usually not dying directly but struggling with illnesses for years, which cost money to treat.
>I ended up reaching the conclusion that we should ban paying money for your attention
I don't think that's either possible or desirable. Attention seeking would simply take on sneakier forms that are indistinguishable from legitimate distribution of information and protected free speech.
Instead of somewhat independent ad funded publications, you would get publications that are owned by product companies (or political parties) themselves. The content they publish would be far more biased. Subscription based publications wouldn't stand a chance against those free and well funded company owned publications.
Advertising is very annoying, but I think it can be more transparent than almost any other form of influencing people.
Tracking for personalised advertising is an entirely separate issue. That's where I think a blanket ban could work.
Your reasoning is accurate; but doesn't most of what you're describing already occur _as well_?
Often progress is about eliminating one large negative externality, only to discover that there are others to handle too.
The 'submarine' type content you're referring to is somewhat addressed by trust networks, fact checking, link reputation, and various other techniques.
One large question is whether we're ready for all of the economically-motivated actors to start shifting into that space.
PS: You make a good point about transparency. It's nice that (at least the most honest) adverts are identified clearly as such.
Could we have similar transparency in content? ("I wrote this because I'd been thinking about it after reading an article by X about Y yesterday, and here is the source)
>but doesn't most of what you're describing already occur _as well_?
I believe it would happen on a far greater scale, because it would be the only way to get the message across and competition from independent ad funded publishers would cease to exist.
Today, it's more difficult for a product company to justify the expense of running their own large scale publishing and influencing operation because it would have to outcompete advertising in terms of effectiveness.
People will always try to get other people's attention for their own gain. Trying to stop this is a quixotic endavour. I think we should regulate to limit the negative impact of this social constant, not try to stop it altogether.
>Could we have similar transparency in content?
Yes, I do think we could. But I also think that people would still prefer high quality if biased company bloggers to paying for expensive subscriptions. Don't forget that most subscription based publications show adverts to their subscribers as well. Without advertising, subscription prices would rise steeply.
> People will always try to get other people's attention for their own gain. Trying to stop this is a quixotic endavour. I think we should regulate to limit the negative impact of this social constant, not try to stop it altogether.
I'm not necessarily advocating either to stop it, or to limit the impacts - just to make it visible. Once the power/influence structures (and the associated leverage they use) are evident, the manipulative ones will be abandoned and the authentic ones will succeed.
One potentially negative unintended consequence: closed systems like Facebook become even more powerful than they already are. Their revenues will dwarf (even more than they do now) any other free digital platform that can't re-create a fully targeted ad product entirely in-house.
Without Google AdX and the mess of disturbing cross-site tracking, I can't see why advertisers wouldn't just spend 100% of their digital budgets in walled gardens. It would just be so much more effective.
Assuming tracking works (I have my doubts it boosts conversion), there has to be an equilibrium price, right?
That is, advertising camping gear on a camping review site (without tracking) still has some nonzero commercial value even if facebook tracking exists and works.
> That is, advertising camping gear on a camping review site (without tracking) still has some nonzero commercial value even if facebook tracking exists and works.
Precisely this. Go back to the advertising model where you place the advertisements in relevant locations. It's like going into the local pizza parlor and seeing an advertisement for a local plumber.
"Joe's Pizza" in Somewhere, NY can still say "I only want advertisers who want their ads shown in 30 mile radius of Somewhere, NY".
Flip the entire thing on its head and go back to camping sites showing camping ads, and auto parts stores showing ads for the latest amazing oil filter. They don't need to know who the user is at all. They are on a camping related site, they probably want to see camping related advertisements.
Tracking definitely works, at least in my experience. That's why Google and Facebook have completely taken over the entire digital ad ecosystem. They just have much better data, and your spend is an order of magnitude more effective than buying directly from publishers.
Take the camping example. If I sell camping equipment, I can try to reach out to blogs directly, but I will have to place hundreds of campaigns for $100 each, track and monitor them all separately, and count on each of the blogs to deliver them accurately in good positions with no fraud. Or I can just buy one massive campaign with Facebook that runs across Facebook and Instagram and targets people who are interested in camping and maybe even expressed purchase intent. That's the better option every time. The transactions costs of dealing with individual websites are prohibitive.
Google (and the other tracking companies) just distribute that same option across the open web. If you get rid of it, Facebook wins absolutely.
I like the idea, as one commenter expressed, that the open web would be better without advertising. But I think the reality of an infinitely powerful Facebook is that the open web would be a wasteland and afterthought.
There is nothing stopping Google or Facebook from offering content-based advertising to advertisers, publishers and users--sidestepping any issues with multiple small ad deals. A regulator could demand it if they wanted, and together publishers and advertisers could too. Individual users just don't have the same power, and resort to adblockers--which is pretty much their only option if they don't want to be tracked when a site doesn't have a subscription option.
Fair point. If you prohibit everyone, including walled gardens, from targeting based on user behavior or user data, that seems like a plausible solution.
It's a purely regulatory solution, though, not technical as the top level comment suggested :)
Opt-in user targeting could still be fine (like offline loyalty programs), and it would be healthier than the current norm of opt-out through ad-blockers.
Tracking is not necessarily about boosting conversion, though definitely an aspect of it, but it's also about trying to prove the value of the advertising spend to begin with.
If I wanted to be generous I could point to the fact that advertiser revenue allows companies to realise a revenue stream other than having to directly charge a customer, be that subscription or increased prices. And so it could be argued that as a consumer you get an indirect benefit from advertising dollars, it's not clear that it's actually exploitive in that sense.
Full disclosure, I run adblockers and used to work for an adtech company.
I have the same reservation about ever more tracking increasing conversion, but I would guess in reality the equilibrium price might come as more people use adblockers vs those who would turn them off if they could be assured they weren't being tracked and only being served some form of a content-based ad.
For a large site like Facebook, adblockers might have a small effect, but for smaller sites seeing 30-50% adblocked traffic, their choices might be direct ad sales, and likely little else. I saw a post about ethical-ad-server recently, and maybe such ad servers should be the ones default unblocked by adblockers.
I think the big thing is that opt-out tracking should be illegal. It's total bullshit that giant partnerships like ad choices and just collect and share tons of info about you with the flimsy veil of an opt out system[1] that NEVER. EVER. succeeds. Like this is big tech you think they don't know how to write an opt out program that actually works, they solve problems in all sorts of domains, I think if they _wanted_ it to work they could do so very easily. Not to mention that in opting-out, you have to agree to let them track you anyway with a different cookie that is supposed to keep you from being tracked.
Profiling has to be done with acording to a privacy assesment analysis and can only be done if the assesment shows no elevated risks and / or the risks that exists are taken into account and contingencys are planed for.
Yes it is quite some work and overhead, but you are extracting information and use it in a way the person could not foresee or conceptualize even exists within the data.
I gave up on trying to maintain forks of web browsers, because their extension API deliberately doesn't allow modifying response bodies. It's just impossible to maintain any fork of any browser because of the sheer amount of features that rely on JS APIs for websites and the amount of commits upstream.
Ad Blockers are just a dirty hack that completely relies on Chromium respecting the Content-Security-Policy headers for all domains. If Google decides to blocklist their own domains for HTTP header modifications, we're fucked. Quite literally.
That's the reason why I kinda started to build my own browser (without a rendering engine for now) that focusses on filtering, parsing, and peer-to-peer offloading traffic and sees itself as a mixture between web browser, scraper and proxy that can be used as a cache for others. It has the idea to act as a web filter service + a webview to render its UI rather than being a render engine and document engine. [1]
I hope that with this market niche there's a way to make this kind of effort sustainable for the future, because all other web browser fork projects I've seen so far are dying off due to no funding and too much work to maintain the codebase.
It's just not feasible to compete in the everday user's browser market. Lots of companies have tried, and lots of companies have failed.
> If Google decides to blocklist their own domains for HTTP header modifications, we're fucked.
I mean, you could just stop using Chrome if this happened, if you haven’t already. All the other popular browsers would be unaffected, and I’m sure projects like ungoogled-chromium would patch a change like that out.
I'm using Ungoogled Chromium. But let's don't kid ourselves, this is just a temporary solution. There will always be the point where it's impossible to maintain patches and keep up with the cat and mouse game upstream.
Also all the other popular Browsers are either based on Chromium or based on Gecko, an engine that has no developers anymore since last year.
When I wrote about sustainability, that's exactly what I was talking about.
You're confusing gecko and servo. Servo is an experimental web engine which was being developed by Mozilla to test experimental tech. Recently its dev team was laid off. Gecko is the production engine that Firefox is based on, and it's still under full steam ahead development by engineers employed by Mozilla.
The Mozilla Corporation receives nearly all of its revenue from Google. As their market share inevitably trends toward zero (iOS defaults to Safari, Windows to Edge, and Android to Chrome), their negotiating power with Google and other search engines will suffer.
Yes, this is a serious issue. However, I wouldn't claim that Mozilla has any negotiating power with Google even today - Google is likely to continue to fund Mozilla in order to stave off potential antitrust action.
Are we counting open source contributors or paid developers here?
Because I think there's a difference in assumption vs reality here. External contributors work in their free time and are, as I'm trying to point out in my other comment, unsustainable as a work model [1] [2]
This cannot happen on an individual level. We need to take the internet standards writing process back into the hands of citizenry. The hacker ethos is long dead and all technical bodies have become negotiating tables where giant corporations divvy up their turf.
If we make the internet standards hand all this power back to the browser users, then Google will clearly just not implement that particular standard. They have plenty of precedent of going their own way, establishing it as the way the web works, and then getting the standards written retrospectively to cover it. (Not singling out Chrome here - most of the major browsers have done this at some point.)
There's nothing wrong with advertisement, but adtech on the internet turned malignant years ago. It's one thing showing me a banner or short text, another to stalk me all over the net, keep all surveillance data forever, and bombard me with megabytes of useless trash each time I want to see some site. The difference between normal advertising and what we have now is the difference between healthy cells and cancer. Instead of taking their part in the ecosystem, they are destroying it.
All it would take is one multimillionaire/billionaire to look at philanthropy through a different lens for this to become a reality.
What we need is a social movement with funding for Adblock work and outreach. The entire advertising industry is a house of cards waiting to fall. Someone with a grudge and the money to back such a movement could singlehandedly wipe out the revenue of places like Google, Facebook, and most of traditional and print media in a year or two. A couple million in investment could wipe hundreds of billions of dollars in revenue out.
I really wish that ads would be targeted based on server side information. As in what website you’re on, or what search term you put in. I really don’t think ads based on my past behavior are useful to me or my purchasing tendencies.
That's not enough. If anything, it can make tracking more pervasive and harder to control.
The server fingerprints the user and shares this info with an ad network, fetches and injects a personalized ad. Same result, zero accountability: no way to delete server side PII, no way to know what information was collected, no way to know how it was actually used. Even worse, the server gets to read the ad delivered to you, which may leak even more information.
There is no purely technical solution which can replace regulation.
I think "server side" distracted from my point. I'm not offering a technical solution, only that I really wish ads would be targeted solely on what you're looking at. Similar to how magazine and newspaper ads are targeted.
> there is nothing wrong with advertising per se, it's a natural part of a free market economy.
There is plenty wrong. Even Adam Smith's purely theoretical concept of "free market" requires buyers and sellers to be purely rational actors and be fully and correctly informed.
Advertising has one goal: making customers less rational and more biased towards a given product.
While that is true to some degree, the primary motivation of advertising is to close the information gap, to make sure customers know about your product.
Because you can't both trust and not trust websites at the same time.
The web is built around the model that websites can create a session with remembered state (well ever since cookies were invented). You can't have that feature without also trusting the website with that shared state.
At least not with the level 9f interactivity expected. Maybe lynx could manage it, but you'll never get all the side channels out of an attack surface the size of a modern html5 browser.
I think we should disable local-storage entirely, all of it. 99% of the websites out there don't need cookies. And for the 1% that do need it, how about we build tech around a central authority issuing "cookie issuing" licenses that the browsers respect. Have it become a process and trust-chain similar to certificates so that we can block/ban root certs that allow tracking en-masse.
But until then, please developers stop putting the damn shopping cart in cookies and local-state, just persist it on your damn DB and only allow me to have a cart after creating an account with you. That is your damn consent for you to track me, not your stupid GDPR popup that you spam me and every other visitor to your site.
That would fall under the 1%. They get a cert or whitelisted or something such that browsers would "allow" them to request the browser to store cookies. Perhaps the type of data to be stored is also restricted in the certificate itself so the site can't deviate from the storage they've been granted.
I don't know, it's just a random thought and not fully fleshed out. I'm sure there are millions of much smarter individuals than me that could figure out the details and nuance. Point is that we need to think outside the box if we are to fix the web. But doing it incrementally with "input" from ad-companies such as google is not going to work.
So you want the ability to be a modern website held by a centralised authority? The world is not a world of static websites anymore; it is a world of applications accessible by a web browser. That would be a huge and unjust centralisation of power.
The most should be a consent popup, similar to how websites request to use the camera.
You are just opening up yourself to abuse. Sybil attacks are one of the biggest problems in computing and tracking helps us mitigate it. A truly private internet can't handle bad actors and such will be unable to scale.
You can tell them what you want, if people are stupid enough to continue to download and use Chrome, they lost their free will on the subject to the almighty google!
FLoC enables ad selection without sharing the browsing behaviour of individual users.
FLoC provides a privacy-preserving mechanism for interest-based ad selection.
As a user moves around the web, their browser uses the FLoC algorithm to work out its "interest cohort", which will be the same for thousands of browsers with a similar recent browsing history. The browser recalculates its cohort periodically, on the user's device, without sharing individual browsing data with the browser vendor or anyone else.
When I first got my iPhone, I searched for Youtube on the app store. The first result I got was tiktok - an ad that takes up a third of the screen. Its a terrible UX and confused the hell out of me. I seriously thought Apple was supposed to be user-friendly and anti-advertising...
It... says "Ad" in a alt-colored tag, has a completely different background. Only one ad, vs. google.com, which can show up to 4 identically-styled ads.
Apple isn't anti-advertising, they're anti-tracking, pro-privacy. They're not in the business of selling ads anywhere near the scale that Google is -- the App Store ads in particular are simple, and they cancelled their iAd program a few years ago.
I realized that after looking at the result for ~5 seconds, but I still think its a dark pattern and it could easily induce someone into installing that app by habitually clicking the 'get' button. I guess it just shocked me that the one of the first things I saw on an iPhone was an Ad.
But yes, looking at ads on the Google Play Store recently tells me I made the right decision to switch to an iPhone.
I've been looking to switch from Google Pixel to iPhone but I still see the same shit on the "other side". On iPhone you still get an advertising ID in your OS to track you that you can't disable. You still get ads in system apps. It's like a veneer on top of the same crap.
Why wouldn't they? Apple is in the same business Google is of selling ads and in-app payment processing for apps on their platform. In one respect, Google is better than Apple for warning you ahead of time when an app contains ads. That's not an endorsement, mind you. There's other things Apple does better than Google. But there's no "good guy" here. Only less-bad guys.
Very thin distinction here given that they can still be purchased by advertisers and Apple has every interest in being the only company monetizing on their platform so the number of parties seeing this is irrelevant if the point was the surveillance problem.
'Ads you see on the App store or Apple News' and 'ads on the the entire web' is very substantial distinction, as is the scope of the surveillance involved. Another one big one is - you can turn the Apple thing off.
This is a pretty naive argument and distinction as well.
It's pretty obvious Apple doesn't have financially valuable properties on the web but they have plenty in their application ecosystem.
In Apple's view Apple News is how people consume news, not go to the web where the user experience isn't custom tailored by Apple. Apple News is barely different than Google AMP that everyone rages against, try to get someone to share a link to a piece of news from Apple News and it will come with the ask to subscribe or download it.
So in Apple's ideal plan almost every place where today ads are displayed will be inside Apple News.
And hey, I wasn't aware there exist another App Store where people can buy applications or in-app purchases on iOS.
And yeah you can turn FLoC off too both today and when it will be in production.
Lastly, when did the argument move from "advertising bad, tracking data always bad, targeted advertising terrible" to "if Apple does it then I'm good with it"?
when did the argument move from "advertising bad, tracking data always bad, targeted advertising terrible" to "if Apple does it then I'm good with it"?
It'd be a lot cooler if you could respond to my actual argument without namecalling and putting words in my mouth. For one thing, it's rude; for another, it doesn't contain much of a counter-argument.
You said the distinction between what Apple does and Google does is 'thin'. The distinction is Apple does this in two specific services of their own, one of which is completely optional and in both cases, the cohort bucketing and tracking can be turned off. Google is putting it in the browser people use to do just about everything on the internet. A roughly similar thing would be Apple adding cohort bucketing to Safari. They haven't. These seem, to me at least, some significant distinctions. Why do you think they aren't?
I replied. You are considering Apple's system better despite the fact that Apple's goal is to re create the web environment in their own apps so they can monetize it in their platform.
So your argument is maybe valid (I don't think so, tracking is tracking and this isn't just contextual targeting) only now, as time goes by and Apple accumulates more power your argument is back to being invalid again.
FLOC is being introduced now in advance of privacy features coming in chrome (removal of third party cookie and privacy budget) which apparently will hurt ad revenue. FLOC is supposed to help targeting without exposing user data.
The idea with this proposal is to avoid browser fingerprinting. Cross site cookies are going away and there are essentially two possible paths for ad networks to compensate: a common approach like FLoC is adopted, or ad networks will continue to do ever more advanced fingerprinting based on things that are identify you individually and hard to obfuscate like graphical rendering and audio quirks. The proposal is if Google adopts FLoC they won’t use browser fingerprinting.
Which reality is better is up for debate but they won’t be doing both for the same client.
They will absolutely do both because nothing stops them fingerprinting us otherwise. Anything based on goodwill and hope should be considered false starts.
There's a third option: we make it hard enough to fingerprint users that doing so is too costly when compared to what the ad networks gain from doing it.
If I must have ads, I'd prefer not be tracked by hundreds of untrustworthy companies, and I'd also prefer not see irrelevant ads... This therefore seems like the best bad option...
I strictly prefer irrelevant ads less likely to influence me.
I really have enough projects, TODO lists, interesting things to buy to last for lifetime of 250 years.
Why I would want ads likely to influence me? There is basically no chance that ad will show me useful, worth using object or service to buy that I would not discover anyway.
It would be just another scam more effectively targeting me.
This has not been true for me. I have discovered interesting things in Facebook ads that I would not have discovered and bought otherwise. (They were obscure Kickstarter projects)
I have a fundamentally different view of this: I don't want people advertising to me at all, and I am perfectly fine -- happier, really -- if I "miss out" on buying something I might like because I didn't "get to" see an ad for it.
Advertising is psychological manipulation at its worst, and we'd all be much better off without it.
"Advertising is psychological manipulation at its worst"
Hyperbole is unbecoming.
Off the top of my head I'd say grooming someone for sexual abuse is a significantly worse form of psychological manipulation. I speak from having experienced both, and only one has had a catastrophic effect on my life.
Most Kickstarter campaigns I get shown on FB are from third party services that just upload the Kickstarter breach list (my email is in it). Could that have happened to you?
> I have discovered interesting things in Facebook ads that I would not have discovered and bought otherwise.
I've never had this experience, between Google, Facebook, and Amazon. Every "targeted" ad I've been exposed to has either been for something I already have, or for something that's insufficient to my needs.
Because of this, and because I dislike the invasiveness and anti-privacy of modern advertising, I started keeping a log of all of the ads I can remember. Then before I make a purchase, I lookup the product on that list and pick a different company to buy from. If you, as a company, use invasive advertising, I will not be your customer.
That seems counterproductive. You will be worse off by using irrelevant data in evaluating the choice of a particular product, and the company that paid for the advertisement likely won’t even miss your sale.
> You will be worse off by using irrelevant data in evaluating the choice of a particular product
What do you mean irrelevant data? I am much better at choosing a product that suits my needs than Google and friends are. The only irrelevant data is the one provided by the ad companies.
> the company that paid for the advertisement likely won’t even miss your sale.
If that's true, then why do you think they advertised to me? Why would they possibly choose to advertise to people who they weren't interested in selling to?
If you intentionally discount a product based on the fact that they advertised it to you, you’d be making a decision based on some property not intrinsic to the product, which means that you might not purchase the optimal product.
This would all be ok if the tradeoff was a strong signal to the seller that advertising has a negative impact on sales, but I’m positing that the impact of that one sale is negligible and well within the noise threshold of an extremely noisy process. For all you know, if the seller notices at all, they might conclude that they didn’t advertise to you enough.
However I’m totally ignoring any utility you might gain from a principled approach and if it works for you, then more power to you.
> If you intentionally discount a product based on the fact that they advertised it to you, you’d be making a decision based on some property not intrinsic to the product, which means that you might not purchase the optimal product.
Very true, I've considered this many times. What it comes down to is that I value companies that prioritize investing in their product rather than their advertising, so on the whole I'm more likely to get what I want if I stay away from products advertised to me.
> This would all be ok if the tradeoff was a strong signal to the seller that advertising has a negative impact on sales, but I’m positing that the impact of that one sale is negligible and well within the noise threshold of an extremely noisy process. For all you know, if the seller notices at all, they might conclude that they didn’t advertise to you enough.
This argument kind of ignores the whole underpinning of economics. Let's consider a different situation and apply your argument. Let's say a company sells a toothbrush that doesn't clear plaque away very well. Over time, as I use this toothbrush, I'll find that I'm getting cavities on my back teeth. So I stop buying that brand of toothbrush. Under your argument, my doing that would be a weak signal, because it's just one sale lost for X dollars spent on advertising. The seller doesn't notice, and keeps on pumping out toothbrushes, and lots of people get lots of cavities. I know this is not analogous to the situation you're talking about, but it's still a plausible situation, and if your argument is correct, it should be correct across most situations it's applicable to.
And thanks, I do enjoy your confirmation of my power.
I agree that there is some chance that some products will be genuinely useful.
But overall risk of getting persuaded to buy worthless products or scammy "investments" seems to not be worth discovering real gems.
Overall I would prefer both scams and genuine offers to be as far as away from my interests as possible.
Obviously, I would prefer actually useful offers to be close to my interests and to have no scams/worthless trash/malware/porno in my ads, but it appears to not be an available option.
Its very interesting in that when people read "relevant" ads, they usually take the meaning as "relevant to buyer".
But in reality, ads are always "relevant to seller/advertiser". Seller is almost never interested in selling you anything but what makes most profit from you. Eg. A decathlon might be better cost/benefit ratio wise, but you will always get an ad for Nike, because Nike is paying for the ad, not decathlon.
Such is the lie that was fed to us, and most of us accepted it. Tragedy of the commons indeed.
There are plenty of good products that only get discovered because of advertisement. People aren’t constantly searching for every single one of their pain points at once.
One day, you may have a need for a product, and someone who previously solved your need can’t afford to make the product anymore because only a small percentage of people realized it was a solved problem.
Honestly I have no problems with ad's as long as it doesn't involve any tracking (or lets call it what it is spying).
If blog or similar can finance part of their cost with Ad's, why not.
Sure on slow internet it's a somewhat different matter.
Anyway Ad's okay, but tracking for me is spying and should be treated like that, i.e. it should be illegal.
There are ways to have personalized ads without it, like local learning which then selects to get an add for a specific topic, with that a side could still track which ads you got, but it would be much less useful as FLoC, and then you add additional steps to even further decrees any chance of tracking.
Companies still get implicit feedback by what adds get selected more then others.
People can explicitly blacklist annoying (or offensive) adds making sure they don't see them ever again and if enough do so in turn making that app not seen much more at all etc. etc.
But the FLoC cohorts are WAY to small/identifiying to not allow you to be tracked fairly easy with it. Just combine it with other identifying aspects of browsers (there are a lot) and I wouldn't be surprised if it's often allows a 100% unique identification.
And given that you likely wont be able to "ad-block" FLoC this makes it way worse then the status quo.
This is a more concise repost of a previous comment that I posted too hastily.
It's fair to believe that ads are 'ok' - it's also possible that people in general don't want them. Hosting low-traffic websites on a smartphone with cellular data is just-about-feasible now.
Rather than inventing very technically clever ways to continue on our existing path, as Apple and Google are doing, I think it'd be pleasant to simply move beyond the advertising model of content on the internet.
If asked, I don't believe people would want to be tracked or have ads mixed into their content.
I don’t know that’s the whole question, though: I know that I, personally, would be unwilling to pay a subscription fee for every site I’ve gotten information from. I wonder how many people would choose advertising if the choice is posed as ads or content subscriptions/micropayments.
This assumes that most of the content would require much funding to operate.
Could we make it cheap enough to host a personal blog and/or wiki on a smartphone for, say, $10 a year?
The economics would be very different as sites scale up their traffic (compare with, for example, The New York Times).
I think the (relatively) small number of high-traffic sites would be able to find revenue streams to support their hosting - perhaps those would be where subscriptions would be effective.
It’s not just that, removing ads as a funding source make the barrier to entry higher for someone who wants to launch a competitor to the platforms: medium, substack, NYT, etc.
This may of may not be good, but I’m a bit concerned that destroying the adtech industry may have ripple effects that end up being worse than some middle way like FLoC
If you could give me a world in which ads were always static images with a link behind them and nothing more. Where they never move, never pop, never animate, never play sounds or video, never run scripts etc etc...
Yeah, in that world, ads would be ok with me. Sure they're pointless because I won't click on them - but not really worse than having a blank spot in the page because of an ad blocker.
While I have no problem with the concept itself of advertising, I do have a problem with modern implementations of ads. Almost invariably, they are loud (vocally and visually), intrusive, obnoxious and almost coercive in their use of language. They are intended to dumb down the target audience, rather than enrich their targets' lives.
I do have a problem with everything that attacks my ability to think freely.
I'm not sure you can separate the two. Advertising as a concept is rooted in the economic system within which it's operates. Fundamentally it's a competition for the most "effective" ads. Advertising "as a concept" is meant to influence, and obstensibly obnoxious ads can effectively influence their target audience.
I'd also like to support websites I visit, though, if I don't have the money to directly donate to them and if I am going to purchase a product anyways (think visiting an amazon product page, leaving it for a day, then clicking an ad for it to give x% to the website). Many websites today wouldn't exist without ads since a lot of their traffic is people who don't go out of their way to donate to websites they find useful. If I can do this without giving up privacy I'll turn off my ad blocker (and I already do for websites I find useful).
Preach. I don't consent to tracking. I don't want my browser helping anyone track me in any way. I don't want to be pressured and manipulated into buying things I don't need. Advertising is not moral and I owe nothing to anyone who tries to manipulate me.
Websites can move to more efficient and lighter methods of delivery to cover the absence of advertising revenue. Anyone skilled who works in the advertising industry is freed to offer his skills to better human endeavours. Everyone wins.
> Anyone skilled who works in the advertising industry is freed to offer his skills to better human endeavours.
I don't want to be rude, but won't they just end up losing their livelihoods? If the advertising industry goes, most programmers will see their salaries drop hugely. Even those not working in advertising will see a drop due to the flood of supply.
I like this analogy. Why should I be concerned about the collapse of an industry whose dominant effect is to make the world a worse place? Especially if, as in advertising, that effect is the intended outcome, rather than an externality, as in coal production.
I don't agree. The more likely outcome would be complete domination of big brands because they own the mindshare (e.g. people will remember Amazon.co.uk, they will not remember hundreds of small businesses too).
Even if you were not directly influenced by advertising, you probably were indirectly through word of mouth.
Plainer HTML and very little Javascript which will reduce development and running costs. As witness, this very website. It supplies all that is necessary and no more. It is very successful.
With harmful incentives removed, this would encourage websites to focus on good writing and less on being 'content farms' to drive up engagement for the advertisers.
All I want from most sites is the text. Not adverts, trackers and those damnable autoplaying videos that jump out and follow me down the page. I use the reader mode in most cases. Why is it necessary to use reader mode if not to cut the useless cruft? Why can't the web just be like that?
I'm not stealing anything by instructing my computer not to run code against my consent. No one is entitled to my CPU time. Least of all are advertisers.
Also, the store isn't freakishly stalking me and noting down all my habits whilst sharing what it has collected with its friends, or indeed anyone who will buy the data.
Besides, candy is impossible to replicate in the same way that data is. Theft of physical objects is a materially different act from advert blocking and avoidance. I'm not obligated to view adverts in every public space because they fund the local government. I'm not denied access to the cinema because I arrive 10 minutes after the start time to avoid the adverts. Or back in the day when I taped TV shows and fast-forwarded the adverts, had I a responsibility to view them?
They're useless noise that contribute no value to anyone beyond whoever pays for them, and therefore I find it a moral responsibility to limit my exposure to them and restrain the harm they do to others. And curiously, I am much more content and much less impulsive in my spending habits since I installed uBlock.
> I'm not stealing anything by instructing my computer not to run code against my consent. No one is entitled to my CPU time. Least of all are advertisers.
One might argue that you are then not entitled to view the content on ad-supported pages as well.
I use an ad blocker too because many ads are just horribly intrusive, but I honestly can’t blame any page circumventing ad blockers, nor do I believe that I am somehow morally entitled to an ad-free, compensation-free browsing experience.
Narrowing all of this down to CPU time misses the point entirely in my opinion.
> They're useless noise that contribute no value to anyone beyond whoever pays for them, and therefore I find it a moral responsibility to limit my exposure to them and restrain the harm they do to others.
They‘re literally paying for the content you get to view for free.
> One might argue that you are then not entitled to view the content on ad-supported pages as well.
Then they shouldn't serve the page in a way that it can be viewed without also viewing the ads. Ad-blocker-blockers are a thing, and I am happy to close that tab and never visit the site again when I see one.
> They‘re literally paying for the content you get to view for free.
Hopefully someday they'll be forced to find a business model that doesn't include destroying the privacy of their website's visitors.
> One might argue that you are then not entitled to view the content on ad-supported pages as well.
This is true, and websites are entitled to try to detect and block users who use adblockers. And users are entitled to use better adblockers that are harder to detect.
The person you're replying to is not accusing you of stealing, they are using stealing from a candy store as a metaphor for how a certain amount of behavior that a company doesn't like is tolerated because it is not worth the effort to stop. The point is that Google could prevent most people from using ad blockers any time they wanted, but don't view it as worth the bad PR (or choose not to for other reasons).
This is a rhetorical bait-and-switch. The "stealing candy from a store" messaging is crafted to imply moral failure. The implication is there when you present the situation with that framing—you can't just walk it back when called out on it!
Nobody frames, say, taking a bathroom break when the ads play during a football game this way.
Well, someone else is covering it in post it notes and serving it to you. Again, the same issue applies, if everyone covers the ads in the journal then the advertisers will leave the journal and it will have to shutdown.
Also, the store isn't freakishly stalking me and noting down all my habits whilst sharing what it has collected with its friends, or indeed anyone who will buy the data.
Many retail stores do, actually, through wireless tracking, cameras, and/or purchase history. They will buy and sell consumer data through the likes of Acxiom.
It would be great to have a ublock equivalent for the physical world.
There is: paying with cash, not using loyalty cards, and refusing to supply zip codes, phone numbers, and whatever else they rudely ask for get you 92% of the way there. For the rest, you can wear a Groucho mask while in the store. But that only works if Groucho masks become popular.
I would respect the Adblock crowd more if they didn’t run around describing their actions as brave or “morally responsible.” It’s ok to admit that you’re taking something without return!
As if you have never run to the bathroom during a commercial break.
No one is under any obligation to accept advertising. Only since the modern web have advertisers and content providers made this an argument on ethics.
Oh, please. Tell me you've never fast-fowarded or muted the TV or changed channels during a commercial. Tell me you've never been reading the newspaper or a magazine and skipped reading the ads.
I'm not really sure what crowd of us you think claims that ad-blocking is "morally responsible". I certainly don't see it as a moral issue at all. I just don't want so see ads, period. I think they're psychologically manipulative garbage, and I don't want them in front of my eyes, infecting my brain.
If someone wants to publish something behind a paywall, I'll pay if I think it's worth the price. If someone wants to put up an ad-blocker-blocker and refuse to serve that content to me, that's fine too; I'll live without their content.
If a server is going to send me bits over the wire, I am going to decide how I view those bits, and which bits I do and do not want to see.
I'm grateful that you would take the time to speak with me. I know it's an expensive thing to do.
I'll start with ~~a humorous point for an autistic person~~ the worst kind of pedantry. An object cannot be no one's and mine at the same time. If I own it, then it isn't no one's. To the degree the CPU is indeed yours, then it is someone's CPU. Obviously, there's some conversational implicature embedded in your claim here, and that's what we're here to clarify.
For the record, I'm on your side. Your overall argument is something everyone needs to hear. So, I'm not here to destroy your assertion, but I think it should be weakened. There's a lot packed in there.
I take your proposition to mean, roughly, that the CPU in your possession is something only you have a cluster of moral claim rights to (which corresponds to a cluster of moral obligations of others to you regarding that CPU), with no possibility of overriding reasons, caveats, or provisos. Now, you could be speaking about political claim rights, but I don't think that's the case here (correct me if I'm wrong). Is that a fair interpretation, and do you wish to maintain that? Can you think of any exceptions? Are there any adjacent possible worlds in which that is not the case?
It’s been said many times, but if the business model is advertising then you’re the product.. not the quality journalism or content. They’ll focus on generating content to increase engagement instead of perfecting what you think it is they are supposed to deliver.
Perhaps it is time for an advertising model to die out as the default.
This is why I’m more than happy when sites say “adblocker detected, please disable or leave”.
I will not render your ads. I’d be happy to put that in the first http request to your site. If that means no site for me, then quite honestly 90% of my browsing is a waste of time anyway.
Lets not pretend that ads help people with less money. Ads are designed to manipulate people into buying things they don't need.
They encourage people to believe their self worth is linked to the things they own. That a persons status in society is somehow associated with how much money they have to spend.
> Lets not pretend that ads help people with less money.
Who's pretending? Ads naturally and quite effectively price-discriminate, and so they do make internet content cheaper for people with less money.
You may have problems with excessive consumption, but many people in developing countries do not. They desperately need the free content (educational, informative, and otherwise) that the current internet model provides them.
My family is made up of poor immigrants, many of whom are back in their home country. Free communication systems are a godsend for them.
While I love libraries and public broadcasting, I learned to code as a poor kid through library books, they are not the full solution and they never provided free, instant, and any time international communication for people.
Well then stop tracking me around the internet and then we'll talk. Ads used to just be 1 direction. Give up the feedback path and I'll be fine as long as I don't get 5 pop ups blocking the article I'm trying to read and THEN fingerprint me and follow me to the next website.
Look up the legal definition of "theft". In your analogy the candy would be the user's privacy and attention, which the adblocker denies the store use of. It is only theft if the store owns the user's privacy and attention. Are you so owned?
No. If advertising became impossible, vendors seeking to compete would be forced to make products good enough to be enthusiastically-shared, word-of-mouth, and everything in the world would be significantly better than it is.
I still watch traditional TV. Whenever commercials start I zap to another channel immediately. Would I mind if these commercial channels disappeared? Probably not.
I used to hold this view, and I argued that exchanging ad impressions for web content was some sort of social contract. I think this would be defensible if not for the massive privacy violations, and the fact that Google and Facebook continually alter the deal, and pay politicians to ensure we have no seat at the table to negotiate.
That is a pretty poor argument. There has never been any guarantee that ads will be rendered, and users rapidly learn to ignore areas of the screen where ads typically appear (I have seen user studies to this effect). "Reader mode" will basically prevent ads from being rendered, unless the ads are purely text and are inlined with the main text of the page. Calling ad blockers "theft" is as ridiculous as calling ads themselves "theft" -- after all, the ad companies are using a large fraction of the bandwidth users paid for, and the CPU cycles and electricity on their computers, without having been asked to do so and without having asked permission.
If websites really find that ad blockers are killing their revenue, they will switch to a paywall model, and maybe micropayments will finally happen (or perhaps a service that allows users to subscribe to large numbers of websites at a time). Whether or not that is a good thing depends on who you ask.
On the contrary, the websites who display ads steal screen space on my machine without paying me for it, some of them even steal computing time by running unauthorized scripts.
I was kidding, of course. Neither running an ad blocker nor running a website that runs script is stealing anything.
However, I do run an ad blocker and I'm completely fine if every company that relies on ads for income goes out of business. In fact, I'd appreciate it.
This sounded good when I first heard it, but by now I understand 'relevant' to mean 'tailored to optimally influence my behaviour', eg showing me articles about the futility of voting if my political preferences are likely to lean a particular way.
It's not because the way it's made it makes it easier for hundreds of untrustworthy companies to track you...
It says it's about respecting the privacy of users better but in practice it fails very bad at doing so the only thing it archives is allowing Google to disable cookie based tracking and with that makes it harder for 3rd party trackers to be google independent (it not harder for 3rd party trackers if they use/abuse the FLoC Id and generay there are many ways to track users which are not cookie based so especially when it comes to the very bad offender of invasive tracking it doesn't make a difference or becomes even easier, but some of the smaller google ad (and analytic) alternatives will have it harder).
Not every web page has an associated strong commercial intent. Most sites, quality sites, would lose out to commerical junk sites if only commercial sites could make money from ads.
While you can often come up with relevant tie-ins for websites (a weather site could sell vacation packages, a news site could sell... insurance?) it turns out that for a huge fraction of websites relevant commercial interest is just very low.
Brave is a free open source product that you don't have to pay for or use. It's a browser with an integrated ad blocker. I opted into Brave, no one forced me to. I asserted my right as a user to run software on my machine how I see fit when I browse the web. The ad model of the web is exploitative, monopolistic, privacy invasive, abusive to everyone, and makes the whole open web ecosystem bow down to the whims of Facebook and Google.
I have opted into using Chrome, no one forced me to. I have asserted my right as a user to run software on my machine how I see fit when I browse the web. The ad model of the web allows me to freely browse the web while providing a source of income to those who work hard to provide the services and information I seek on the web.
The reason I trust them is that I can monitor what info is sent from my pc from the brave app. So that’s a good thing. They aren’t tracking and reporting all my browsing so that’s good.
I’ve never done anything with the crypto part. I just use them as a clean, ad-free browsing experience. There’s ad blockers for other browsers but brave is the easiest for me to use.
Of course, you can pretty easily see it traded on exchanges. [0]
There’s over a million web creators accepting bat just from brave [1] and while that’s not everyone or even a big percentage it’s not “few web creators.” If you don’t want to give to web creators you’re free to cash out and donate cash to charities. So that’s a plus that’s not possible with other browsers.
Note, I don’t use the crypto feature in brave, I’m just annoyed by people spreading FUD about stuff.
That just seems like hyperbole actually, and from a biased opinion or vested interest.
Brave seems to handle privacy very well considering the choices available, and has made a number of good privacy decisions from what I can see after watching browsers evolve for 25 years. I have switched to using Brave and installing it for those I support.
The crypto thing is 1) easy to turn off, 2) an attempt at a possibly better business model where users aren't just sold with it. Regardless I simply turn the crypto setting off.
I prefer irrelevant ads because I learn about new things outside of my bubble.
Who knew that ship designers could buy special plugins for CAD environments? Even though I could have guessed it (In fact, I made this example up), it’s still fun and interesting to be surprised.
I don't think there is a time in the last decade where I received a "relevant" ad. The most relevant they have been is spamming adverts for products I already purchased.
the option to be tracked by one untrustworthy company? oh and they’re also in charge of the “anonymization” algorithm, oh and they also decide who is exempt due to protected status (race, income, etc), did I also mention they make the browser most people use and are one of the world’s largest advertising providers?
where is the better part? is it the fact that this makes fingerprinting easier? or that floc makes more data available to advertisers than cookies?
The issue with FLoC is it based on a false premise. Advertising can be successful without needing to build a tracking profile on a person as they traverse multiple websites.
For example if I visit a website that follows trends in computer hardware... advertisers may pay to put ads in this site to PC parts, etc. If I visit a site about popular camping locations.. advertisers can purchase ads that are relevant to camping,gear, travel etc.
The very idea that we need a tracking identity that monitors and identifies behavior from site to site is ridiculous.
It's based on a lie, but it's also a lie that's entirely fundamental to Google's existence: The reason Google is the giant it is is because of the delusion you need user tracking and that only Google has enough user data to do it well.
If you get rid of user tracking, anyone or their brother can sell ads, and then why deal with Google?
I would expect that it's practical to reverse engineer the cohorts into a browsing history. This means that an interested party could derive browsing information from a page visit rather than needing to instrument thousands of websites with cookies.
There isn't really any hard bound on how much information could be leaked via these algorithms.
Cohorts could be reverse-engineered to give you a probability space of browsing history, which would be identical for any user in the cohort given a single sample.
> There isn't really any hard bound on how much information could be leaked via these algorithms.
With ~33k cohorts, there is literally a hard bound of just above 15 bits per visit. That's still theoretically a lot if you have some other stable identifier, but practically speaking most users on most sites will have an identical cohort and it will drop off rapidly as cohorts stabilize into groups appropriate for ad targeting.
Barring the other considerations I've mentioned in the comments here, that's still immeasurably better for individual privacy than ~infinite bits per visit from stable third-party cookies.
"This API democratizes access to some information about an individual's general browsing history (and thus, general interests) to any site that opts into it. This is in contrast to today's world, in which cookies or other tracking techniques may be used to collate someone's browsing activity across many sites."
Can the user detemrine whether a site has opted in without sending an HTTP request the site (and thereby recording the access in her browsing history).
"Sites that know a person's PII (e.g., when people sign in using their email address) could record and reveal their cohort. This means that information about an individual's interests may eventually become public.
"As such, there will be people for whom providing this information in exchange for funding the web ecosystem is an unacceptable trade-off. Whether the browser sends a real FLoC or a random one is user controllable."
Can advertisers determine whether a FLoC sent is real or random.
I can imagine some FLoCs if sent would trigger ads that were undesirable, perhaps damaging to the user's reputation, embarassing, etc.
As described, this system compels users to accept targeted advertising (what Google and Facebook want every user to do). There is no opt-out. There is no such thing as non-targeted ads. Users of browsers that support FLoC can either send real FLoC or random FLoC, but they cannot send no FLoC. If they choose randomised FLoC, they might receive ads targeted to cohorts with which they do not want to be identified. As the next paragraph states, the FLoC when compbinaed with other data can indeed be used as an user identifier. Choosing "randomised FLoC" might mean being publicly identified with undesirable cohorts. For example, IP address might become associated with an undesirable cohort.
"A cohort could be used as a user identifier. It may not have enough bits of information to individually identify someone, but in combination with other information (such as an IP address), it might."
"The expectation is that the user's FLoC will be updated over time, so that it continues to have advertising utility. The privacy impacts of this need to be taken into consideration. For instance, multiple FLoC samples means that more information about a user's browsing history is revealed over time."
"Second, if cohorts can be used for tracking, then having more interest cohort samples for a user will make it easier to reidentify them on other sites that have observed the same sequence of cohorts for a user."
"A cohort might reveal sensitive information."
"Some people are sensitive to categories that others are not, and there is no globally accepted notion of sensitive categories."
"It should be clear that FLoC will never be able to prevent all misuse. There will be categories that are sensitive in contexts that weren't predicted."
"A site should be able to declare that it does not want to be included in the user's list of sites for cohort calculation. This can be accomplished via a new interest-cohort permissions policy. This policy will be default allow."
Default is no privacy. Nice.
"... a site can opt out of all FLoC cohort calculation by sending the HTTP response header:
"We will analyze the resulting cohorts for correlations between cohort and sensitive categories, including the prohibited categories defined here. This analysis is designed to protect user privacy by evaluating only whether a cohort may be sensitive, in the abstract, without learning why it is sensitive, i.e., without computing or otherwise inferring specific sensitive categories that may be associated with that cohort. Cohorts that reveal sensitive categories will be blocked or the clustering algorithm will be reconfigured to reduce the correlation."
Well, this appears to negate the claim that no browsing history is sent to the browser vendor. To conduct experiments and develop this system, Google needs to collect and process user browsing histories.
Most users never even change defaults let alone install extensions. There is no described option to disable FLoc in the browser. Why not. Surely the design decision not to include an option to disable FLoC was intentional. That's the point I was making.
Wait, what? Async? Isn't your cohort supposed to be precomputed?
And undefined would still have to be handled anyway, as browsers without support wouldn't have the attribute at all (at least for several years after it was accepted, for everything to get the new feature).
So, FLoC is a mechanism for facilitating your being targeted by commercial propaganda, but not as accurate/personalized as other mechanisms by Google, Amazon and others. Am I getting it right?
But - if the regular, more accurate/personalized, mechanisms work in Chromium - why use the less-accurate ones?
Because Chrome’s competitors have all gotten rid of 3rd party cookies for privacy reasons, and Chrome wants to launch and claim the same feature but not damage the ad business.
This post might give some answers [1]. FL is a machine-learning framework where models can be trained while keeping users' data on their device rather than sending it to a server.
That's a very interesting move. The patch seems fairly small, but now it's a patch that Brave needs to maintain and update every time they merge a new upstream version.
That's what makes me wary of the whole Chromium fork concept. Every time Brave/Vivaldi/Edge/etc decide to take a different path from Google's they effectively add to their maintenance burden forever, even if like in this case they actually disable an unwanted feature.
How long until the list of patches to backport for every new version of Chromium becomes so large that they have to pick and choose which one to keep maintaining and which one to give up on? If tomorrow Google decides to push a very deep change to the way, say, extensions are handled that makes them less effective at ad blocking, will Brave accept the burden to suddenly have to maintain a very deep fork of the browser in order to maintain old functionality?
I'm effectively FUDing right now, but my concern is genuine. I'm very perplex that you can make an effectively anti-ad, pro-privacy browser based on the source code of one of the biggest ad companies in the world.
From what I'm remembering, Eich said that once they got big enough, they'd be willing to fork a browser if necessary. I wouldn't put that past Brave considering how many changes it's had (used to be on a different browser engine, also used to use Electron). They'll probably have to grow a bit before this happens though.
I maintained a fork of webkit ~12 years ago and it was a nightmare to maintain because every couple months they would massively reengineer systems and result in hundreds of non-trivial file changes. And because webkit had a brain-dead way of implementing multi-platform support it meant you spent days or weeks re-integrating these changes.
There is a small team of folks here constantly working on rebasing the next Chromium version on Brave. They fight these deviations and try to minimize the patching as much as possible- so future versions are easier and easier. We even have some clever UI patching for the Polymer pages
There definitely have been challenges - for example, with Chromium 69, the network delegates were moved over to NetworkService which broke our shields code. But I'm really proud of the work done to minimize things. For a long time, the team rebasing Chromium was just one person... and we've always delivered Chromium upgrades and updates to Brave users within 24-48 hours of Google's stable channel
The idea of a fork is that it is independent from what it was forked from, you pull what you like and leave aside negative changes, if the license allows this. At least that's the idea. Of course companies with huge manpower such as google can evolve "standards" in a pace that a small independent fork can't keep pace, but we shouldn't just give up.
I think the type of fork that OC was referring to would be a project that forks to provide a change in feature set, yet still tries to remain up to date with upstream. So, not a hard fork.
My guess is they run the cost benefit analysis with every Chrome release. Then just give up and accept the change unless it's obviously low cost or in an area they've already forked.
is pretty abhorrent looking. First-class advertising support in a browser is a major turn-off. Google is probably only a few steps away from losing controlling stake in Chromium, and stuff like this certainly will lead others to flock away.
Why is it abhorrent? FLoC doesn't compromise your privacy. It does interest inference client-side, away from bigcorp servers. It doesn't leak any information about you. But all the "privacy" people are totally against it anyway.
Why? Because they just hate advertising. The whole "third party cookies are bad" thing has always been a sham: it was never about privacy. It's always been about killing advertising itself.
Advertising is a scourge on the internet, and society in general. I doubt anyone would really miss those awful things. So yes, I want to kill advertising.
>> Why is it abhorrent? FLoC doesn't compromise your privacy.
You misunderstand - Google is in the business of compromising your privacy. They have lots of teams of lots of very smart people figuring out how to compromise your privacy.
Further, they are in the real world business of doing it. They are not naïve as your comment was - they find the balance of how far they can push it, by a combination of monopoly power, and also cunning politics, PR and posturing - they are fighting tooth and nail and using every tactic and trick in the business, with an unlimited budget - specifically to compromise your privacy for their financial and political power gain. Any area where they 'seemingly' back away from compromising your privacy, is where they have done extensive cost benefit analysis, and come up with alternative trickier or less understood ways to get what they want but that is more politically acceptable.
This is the underlaying reality - the rest of the details of FLoC etc is an information battleground where you as a user are fighting unlimited budget teams that are highly motivated to exploit your privacy. Advertising is in fact just one slice of the power they wield by exploiting your privacy along with everyone else on the planet's.
If you try to look at just FLoC in isolation you will miss the forest for the trees, as the results of FLoC are correlated with many other sources of information.
FLoC's motivations are some balance of:
- reducing PR fallout due to increasing awareness of their exploitation of everyone's privacy
- keeping full access to information they already extract from you and everyone else, and in fact increasing it as possible
- reducing or hindering other parties access to the total information so they gain more relative power
The rest my dear chap is details and their teams and teams of analysts working on this have all day every year to outsmart you in the details of how this is implemented.
all obnoxious ads are bad, but I tend to find the less targeted ones, for example the ones for payday loans or ambulance chasers, more obnoxious than products based on my hobbies.
Good to see Brave sticking to their privacy guns. FLoC is a brazen attempt for Big Ad (aka. Google and its ilk) to keep their spying-on-users gravy train going, now that GDPR and similar laws are making their old methods illegal (without consent).
No one wants to consent to being spied on, so FLoC is circumnavigating the GDPR consent requirements, letting them spy on all Chrome-users without consent.
Except with FLOC you can watch your network connection in/out and see that, instead of a persistent identifier being used to track you, you only send your interest categories. FLOC's intent is to keep their money making operation afloat, but this time without direct web browsing activity tracking of users.
Not sure why it is supposed to be significant improvement.
"FLoC cohorts will comprise thousands of users each, so a cohort ID alone shouldn’t distinguish you from a few thousand other people like you. However [a tracker now] only has to distinguish your browser from a few thousand others (rather than a few hundred million). In information theoretic terms, FLoC cohorts will contain several bits of entropy—up to 8 bits, in Google’s proof of concept trial. This information is even more potent given that it is unlikely to be correlated with other information that the browser exposes. This will make it much easier for trackers to put together a unique fingerprint for FLoC users."
"as your FLoC cohort will update over time, sites that can identify you in other ways will also be able to track how your browsing changes [...] a FLoC cohort is nothing more, and nothing less, than a summary of your recent browsing activity."
> but this time without direct web browsing activity tracking of users.
Your FLOC cohort is a summary of your web browsing activity. FLOC doesn't solve the privacy problems that trackers create - it just hands them your browsing history on a silver platter.
It cuts down the fingerprint to a pool of just a few thousand and then you can just use other fingerprint items to get down to a completely unique id that you can track.
It's similar to Spectre. We had more pressing issues back then. As those issues are solved, we moved to more tricky ones which did not get much attention before.
You're going to drive yourself crazy if you try to make sense of "privacy"-advocate objections on an object level. It's not actually about privacy. No matter how much FLoC or something FLoC-like preserves your actual privacy, advocates will be against it. That's because they don't actually care about privacy and have always used concerns about "privacy" as a pretext for killing ads.
Then fix fingerprinting. "But fingerprinting!" is yet another pretext for just trying to make advertising in general non-viable for aesthetic or ideological reasons.
True, we have to make advertising non-viable, that's the point.
Id gladly pay for my content just to watch the ad-tech industry die, its not just about "ads", they are building the infrastructure for the surveillance police state.
There are no specifications about what the cohorts will be, Google is literally leaving that for the ad companies to figure it out. It wouldnt be suprising it at all they realize a way to make small enough cohorts in such a way you can be fingerprinted.
The bottom line is that you are giving them your browsing data, obfuscated by fancy algorithms. Unless you trust ad-tech to have the best interests about your privacy (ha!)
So to be clear, "Big Ad" is like, dentsu, Publicis, Omnicom, etc. Companies that don't show up on HN much (but do ultimately buy the services which pay a ton of HNer's salaries).
They don't like Google very much, but Google owns a ton of space to put ads on, lots of first-party traffic with interesting properties, and more accurate targeting models than most other companies combined. So they have to work together. Real Big Ad would all rather keep the third-party cookie and not have to deal with FLoC, because they know they're already trapped in dealing with Google based on market demands, and FLoC will give Google even more forceful technical leverage.
Google is an integrated part of “Big Ad”, they’re the largest advertising company in the world. And now they’re using their ownership of the most popular browser to sneakily install FLoC on their unwitting user’s machines.
If you view the market through only this lens it becomes very easy for partisan interests (e.g. Brave, just as much an advertising company as Google) to trick you. Google is notable for how disintegrated it is from the rest of the ad business, between its technology monopolies and vertical integrations.
Is there any evidence behind the idea that FLoC is more privacy-preserving than third-party cookies? Intuitively that is not obvious to me at all, especially given there are so many other fingerprinting techniques it could be combined with.
"FLoC cohorts will comprise thousands of users each, so a cohort ID alone shouldn’t distinguish you from a few thousand other people like you. However [a tracker now] only has to distinguish your browser from a few thousand others (rather than a few hundred million). In information theoretic terms, FLoC cohorts will contain several bits of entropy—up to 8 bits, in Google’s proof of concept trial. This information is even more potent given that it is unlikely to be correlated with other information that the browser exposes. This will make it much easier for trackers to put together a unique fingerprint for FLoC users."
"as your FLoC cohort will update over time, sites that can identify you in other ways will also be able to track how your browsing changes [...] a FLoC cohort is nothing more, and nothing less, than a summary of your recent browsing activity."
The second paragraph you quote is literally the counter example of what I just said.
There needs to exist a way to identify you in other ways and in the future cookies won't be one of those. So a site that has your information because you shared it with them will be able to see your cohort changing, otherwise you'll look like a new user each time.
And yeah I'm extremely familiar with FLoC, more so than the EFF.
The link you posted examines the issue in detail, IP address on its own is already on its own a decent identifier at the household level, and used today, and that's why there is a specification on Willful IP Blindness proposed by Google.
But IP alone is imperfect as well anyway for tracking.
Interesting, didn't know that. In that case then how does it identify a cohort in a useful manner? Surely websites will need to temporally tie together the values to be able to target ads?
The cohort semantic meaning is stable, although not disclosed an ML system would learn its correlation to a given goal.
Cohort membership changes pretty frequently instead. So the system may put all people that browse mostly golf sites together in cohort 12345 that only the algorithm knows it's about golf sites, people enter and leave that cohort on a daily basis and you can only be a member of a single cohort at a time.
Why would the cohort membership change frequently? Isn't it based on your browsing habits? I don't think my habits change frequently—do most people's?
Also, even if I take for granted that everyone's cohort changes daily, how does that imply anonymity? Like say my habit is that I check emails a ton on Monday, go on YouTube on Saturday, read the news on Sunday, etc... so my habits are changing daily, okay, but not weekly, right? Or maybe I do them in a different order on another week, but I'm not going to develop 1000 different habits across 1000 days, right? Shouldn't some kind of frequency analysis provide fairly consistent results?
Cohorts cannot be too small (or they are not published), nor too big (or they are not particularly useful for capturing a particular set of behaviors/interests). The algorithm will balance these two constraints which will lead to any individuals coming in and out of particular cohorts. The semantic meaning of a cohort will likely change over time as well. For that, FLoC is proposing adding version IDs
“Why would the cohort membership change frequently? Isn't it based on your browsing habits?” -> cohorts need to be rebalanced over time, so your cohort membership could change.
I don’t think that’s the real goal. The real goal is to remove cookies so that compares other than google cannot use them for tracking. Then google uses FLOC as a substitute; they’re the only ones who can use FLOC so it works out great for them.
The cohorts are created automatically by the browser, so that users with similar browsing histories group together. Everyone has equal access to them, through document.interestCohort.
Google (and a small number of other companies, notably Facebook and Amazon) are also able to continue "traditional" profiling due to their extensive first-party traffic / backend integrations.
If FLoC goes as they plan, there will be less tracking overall, but the tracking there is will be considerably more centralized, less technically transparent, and cement incumbent market advantages. (All totally coincidental unfortunate side-effects of Google's concern for your privacy.)
The recursive irony here is that Alphabet implemented FLoC to put a moat around tracking adtech, and Brave consumes Chromium for its own means of generating revenue from vending a browser (BAT), so of course there’s no reason to propagate FLoC.
I don't understand why tracking is not being considered as mechanism helping companies to manipulate consumers into buying their stuff, essentially amounting to fraud?
If you were going to track someone in real life and manipulating them into buying something, you would certainly end up in jail, so why is this allowed over the internet? Because consumers don't see companies who stalk them? In my opinion the whole tracking business should be illegal.
Advertising is providing information about the product, so that consumer can make an informed decision whether to buy it or not. Creating messaging tailored specifically to an individual exploiting various vulnerabilities or their situation is not.
While FLoC does sound like a bad idea, I think it would be helpful if critistism was coupled with counter proposals. What do the critics see as ideal solution here: making all of the free services paid? having just more content-based ads? or something different?
The local pizzeria can say "only show advertisements that want to be shown within 30 miles of Somewhere, NY. The site for expecting mothers can show ads for baby products.
Contextual advertising. Flip the entire thing upside down and let the sites declare to the advertisers what niche they fill, and let them get relevant advertisements.
Brave is a really, really great alternative to Chrome. I started using it about a year ago, and it is pretty much Chrome, with less ads and spyware in it. Great software.
The ecosystem is broken, add work but many products have marketing costs built into them that are over 30% of what you pay for, in some cases, over 50% of your monthly fees are marketing expenses. In fact, in SaaS software, a world class company spends 33% (3:1 CAC ratio) on sales and marketing. I don’t mind ads or even having embedded marketing costs in the products I buy, what frustrates me is how long and hard I have to work in addition to all of the waste on marketing to find what a product does, what it costs, what it’s strengths and weaknesses are. And google does nothing to help. I get millions of pages to read, thousands of reviews (many of them fake) and at the end of the day, everyone of us has to waste our time figuring these things out. Go shop for auto insurance or a mortgage or a new piece of software or anything that costs over $1000 annually and you will see what I am talking about.
Yes it's just exploiting both sellers and users. The market power is broken. Google needs to be broken up, and advertising and general web browsing needs to be completely non-identifiable, or our civilisation is heading to a micromanaged dystopia of stalinesque proportions.
What's going to happen is that sites will enumerate which FLoC IDs represent which set of interests, and just use send that data off together with whatever unique ID they're already tracking you with.
It's based on your browsing history, so companies will now be able to get an aggregate of your interests without having to actually track you across other sites.
My questions about FLoC are who controls the definitions of cohorts? Is it possible for someone to take advantage of cohort information in a way which leaves Google completely out of the loop? Do users (and system administrators) have any control over what cohort information is saved or transmitted by the browser? If they do have control over it, is it enforceable? (e.g. The DNT header is useless because services are not compelled to obey the request.)
What's really telling is how many people and companies think they're entitled to running ads on my computers and phones, as if I'm the one who is doing something wrong by choosing what I see or don't see.
I have no problem paying for content. However, I'm not going to feel guilty for not going to a movie theater early so that I can see all of the trailers and commercials that are shown before the movie I want to see. I'm also not going to feel guilty for fast forwarding through commercials on TV.
Content creators are not entitled to decide what ads I choose to see and not see.
They have the right to demand compensation, but the appropriate way to do that is to gatekeep - i.e. don't provide access until the user pays (or promises to pay).
When they serve content with ads, they are not demanding anything.
Too many folks commenting here seem to think that FLoC doesn't compromise privacy, when it is yet another bit of differentiation that can be used to fingerprint a browser.
It's a particularly granular one, as well, placing users into manageable cohorts of only a few dozen thousands in size, or so is claimed.
Combine FLoC with a handful of other fingerprint bits and you can track an individual.
Browser fingerprinting is besides the point here. The whole reason they want to fingerprint you is to build up an advertising profile. FLoC cuts out the middleman by giving every single site you visit access to the proceeds of the cross-site tracking. It's like saying "There's too many cameras pointed at my house, so instead I'm going to start publically streaming my life 24/7".
I think there should be an option where you either pay for content you consume on the web or targeted (aka efficient) advertising pays for it. All I care about is my PII information not to leak and be accessible to random people.
I don't see any other way and I can't see what these people at EFF are arguing for? It's easy to just keep saying no to everything.
"At Vivaldi, we are committed to protecting our users from online trackers, and we would not want to enable any kind of user behavioural profiling. The FLoC experiment does not work in Vivaldi, because it relies on several hidden preferences being set, and we do not enable these options in Vivaldi. Our future plan is to prevent the Floc component from functioning, no matter which way it is implemented."
Sorry if this has been asked before but why does google need any of this? Assuming a user is logged into Google, Google already knows a lot about the user.
Is this about users who are not logged into google? Is this to share information with vendors such as WPP? What is the point of this?
With third party cookies disabled, the Google Ads scripts running on non-Google websites cannot tell you're logged into Google and what's your Google profile. All they know is someone is visiting the site. For them to decide what ads to display, interests have to be gathered through different means. This new FLoC is a way for your browser to let them know what you're interested in.
How this is actually going to go -- people will find out in x months/years that it's fairly easy to create a cohort of 1, if you do enough filtering. The only issue is that now it's ostensibly outside of the scope of GDPR.
It's already happened with facebook targeting[0], imagine how much more specific the information at Google is.
Brave [0] is a web browser, built from Chromium, but with built in ad and tracker blocking.
FLoC stands for Federated Learning of Cohorts. The third party cookie is dying, and FLoC is a way for companies to group people together and track them, rather than tracking individuals. Here's more info about that [1] and here's an EFF article about why it's dangerous [2].
> Brave is a free and open-source web browser developed by Brave Software, Inc. based on the Chromium web browser. It blocks ads and website trackers, and provides a way for users to send cryptocurrency contributions in the form of Basic Attention Tokens to websites and content creators along with the ability to keep the cryptocurrency they earned.
> Third-party cookies are the technology that powers much of the surveillance-advertising business today. But cookies are on their way out, and Google is trying to design a way for advertisers to keep targeting users based on their web browsing once cookies are gone. It's come up with FLoC.
> FLoC runs in your browser. It uses your browsing history from the past week to assign you to a group with other "similar" people around the world. Each group receives a label, called a FLoC ID, which is supposed to capture meaningful information about your habits and interests. FLoC then displays this label to everyone you interact with on the web.
Brave is the first global digital ad platform built for privacy, offering advertisers the opportunity to participate in a premium, brand safe, and opt-in ad ecosystem, designed for a future without 3rd party cookies.
Brave claims to be a privacy oriented web browser. It is apparently based on Chromium and someone identified a Chromium feature that was phoning home (I.e. Google servers) with some informations reducing user anonimity
(At least that's what I understood from a quick look)
I'm going to be that guy tonight. I never post online. I don't see value in posting online. But I feel as if I have to weight in on this conversation.
I run an online business. I depend on ads. I hate being tracked.
Here's the deal, Google is tracking you no matter what. Even if they aren't using your information for advertising, you still feed them all the best first party data in the world. You give them your search queries, emails, your phone location etc..
Your information is valuable. Even if you block online advertising, you are still going to be targeted in the real world the same way.
Facebook, yes they are shitty too, but again, they are fed all this information. Now, their information is 3rd party. They get pixel fires about you that allow them to coorelate data about you, but it isn't first part exactly.
In the advertising world you target the person or you target on page. The issue with on page is there just isn't enough content about a subject to target and frankly, just beacuse you read something, doesn't mean you are interested in buying it.
I don't care if it's a cookie, or FLoC, or what ever, people are going to be monitored, it's too large of a business. As an individual if you are afraid of it, you have the choice to use Brave or what ever. But at large scale, most people don't care. I believe that this tracking rhetoric is dangerous. At least we are having the conversation about tracking and allowing the people who don't want to be tracked to avoid it. If it were the inverse, these things would still happen behind closed doors, because it's extremely profitable.
Governements have been tracking people forever. Some choose to do evil, populations revolt. People can always beat governments.
Yes I am bias becuase my business does depend on paid advertising like many others. I understand the "big brother" effect. But I also know that other agencies (NSA/CIA) are already doing these things and are either forcing the tech companies to collect the data and share it or are willing to do it. The fact that we all focus on private companies being the crux of the problem and aren't focus on the 3 letter agencies.
Either way, we live in new uncertain times and the US economy has always been about consumerism. These ads have generated incredible amounts of wealth for indvidiaul companies and the tech companies. I do agree that Google makes too much money. As an advertiser, I know that their algorithm is essentially a black box and as an advertiser we are getting fucked. We have no real transparency that our bids are true. We are hoping to hit a CPA and just keep to it.
I can tell you that in the last 2 years, online advertising performance has dropped a lot. It's a combination of people having less money and our economy doing worse and there's a lot more competition. I suspect that these companies are inflating their bids artificially. We know that Facebook penalizes people it doesn't like but provides absolute no transparency on the system. These penalties also cost you more money - which is bullshit.
All of these companies have no support to contact and you are at the beck and whim of a 3rd world outsourced tech support agent that can't do anything.
To summerize. I agree tracking is bad. But you offer all of your data up every time you use email or a search engine. It's all collected and there is no better alterantive. At least these companies are providing a service for businesses to thrive. I think they make wayyyyy too much money. If you think disabling FLoC is going to stop anyting, you havn't looked at the big picture.
If people want to stop being tracked, get off the internet, don't use a search engine, don't use email. But that isn't practical. If you think any of these "Privacy Safe" companeis are doing anything other than just charging you and still handing your data over to what ever 3 letter agency requests it under an NSL, you're crazy.
Privacy or any other illusion of it on the internet, is mostly a game of musical chairs. If it's not GAFAM getting your data, it's 3 letter agencies. Or worse, both.
True anonymity has no place on the clearnet. The sooner we come into acceptance with this fact, the better we'll be able to protect ourselves from this rigged game. [0]
Tor is the only place you can go to find anonymity. I agree, if your goal is not to be tracked, by any of the above adversaries, go offline. We tend to laugh at guys who attempt this and call them looney, but it won't be so funny in the not-so-far-away future given how communication tech is advancing at such a fast pace with things such as 5G and IoT. It's easy to see governments achieve total surveillance within the next half-century.
I also agree that not enough spotlight is shone on government's ability to coerce tech companies to hand over user data, whether live monitored or subpoena'd. These tech companies like to play-act all tough e.g Apple, but the reality is they apply for business licenses & other similar considerations from the govt. It wouldn't be far-fetched to deduce such favors esp ones that come with competitive advantage in an industry come with hidden strings attached. Am not surprised to see govts such as UK's brazenly attempt to put backdoors into encryption technologies. [1]
Your question assumes that transparent, behavior-based, cross-site user interest tracking is somehow essential functionality for the web and we just have to find the right way to do it.
I think most people who are criticizing FLoC would challenge the idea that this class of functionality needs to or should exist at all.
Content creators want to get paid as much as anyone else and it's either through direct payment by the consumers or by embedding advertisement in their content.
All this FloC, third party cookies, etc. are efforts to make that advertisement route more efficient. So my question is what are the critics proposing instead? Get rid of ads and just ask the audience to pay per view or make everything a subscription? Not paying content creators (ad blocking) is certainly not a sustainable alternative.
The reason non-tracking ads pay less is that tracking ads are now the norm. If standards/laws were implemented to protect privacy and block such tracking, content providers (if they are so inclined) would make as much money with non-tracking ads as they do now with tracking, since there would be no invasive competition.
Your daily paper didn't have a list of your interests yet succeeded in making money through advertising. Why can't they now?
Simple advertisements like billboards. One image, no stalker tracking, no global user profiles, no malware, and no animation or movement.
Advertising was effective as an image or text that shows the reader a value proposition. What we have these days is stalkers and information rapists pretending to be advertisers.
Many things are wrong probably, here are some I can think of: it is extra data for more accurate fingerprinting, it is not really an alternative to tracking users because companies using it doesn't mean they'll stop tracking you, it's likely going to become another de facto web standard imposed by Google and used in conjunction with other tracking methods may more accurately reveal your browsing habits and history because it reduces the guess/search space from the whole web to a handful of websites in your cohort.
Disabling FLoC is reactionary, performative, and honestly, counterproductive.
Ad industry: "Look. We listened to your concerns about ad privacy. Here's a solution that gives you everything you want. Now we can serve interest-based ads without tracking you across the internet. You win."
Brave: "We don't want a solution. We want to be sanctimonious and angry!"
>Ad industry: "Look. We listened to your concerns about ad privacy. Here's a solution that gives you everything you want. Now we can serve interest-based ads without tracking you across the internet. You win."
(Actually does nothing or the sort, continues tracking users while making user experience even worse and some crucial Web features unusable for indie devs.)
>Brave: "We don't want a solution. We want to be sanctimonious and angry!"
(Pushes "ad industry" out of the way and performs its own tracking and ads.)
But wait you say, how would the very useful internet ecosystem survive without advertising revenue? Well, there is nothing wrong with advertising per se, it's a natural part of a free market economy. It's ok to target ads to the user's search terms or social feed. The problem is that, in the pursuit of advertising revenue, a cutthroat economic competition pushed advertisers to mine more and more personal data simply to stay competitive. It's a low sum game: it doesn't bring much more money in advertising or make the internet significantly more useful, but it destroys the privacy of everyone. A spectacular market failure ripe for correction.