This is a great example of why Google FLoC is not incentive-compatible with consumers nor business owners. Amazon (like Facebook) has a monopoly on ad targeting on their target properties—- properties they own. Google FLoC is Google’s attempt to (further) monopolize their target properties—- the web at large, which Google does NOT own. Google does NOT pay to service the traffic they generate. Google does NOT pay to fulfill consumer orders. Google wants you to think they’re acting in your best interests with FLoC. Maybe if Google offered more free GCloud credits and subsidized conversions they generate, that would be a different story. (Maybe Google could start by paying Wikipedia for some of the traffic they generate). But Sundar wants you to think FLoC is about privacy, because Sundar has said time and time again that Google has lost people’s trust.
Google's investments in the web has been massive. Your whole framing can be flipped on its head be pointing out that Google, unlike Amazon has been willing to make such huge investments in the one public platform we've got.
Obviously Google does it for self interested reasons, but thank goodness they do - you can hate Google and targeted ads all you want but without Google pushing web and ad tech forward it would stand little chance against the competing proprietary platforms.
Your suggestion that Google pay sites for the traffic they generate should like that ridiculous News Corp/Australian shakedown of Facebook and Google, which people were only able to justify based on their hatred of the target companies and a willingness to sacrifice the web to their ends.
"... it would stand little chance against the competing platforms."
Little chance of what. It sounds like this is framing the web as some sort of commercial venture. And Google is the gatekeeper. A venture where they can effectively make sites "appear" or "disappear" from the web and they decide what the public will or not see. Google watches the traffic, shows what is "popular" and buries the rest. Everyone begs for Google's favour to show their site "at the top, on page one". If not an organic listing, then Google will let anyone pay to be "at the top, on page one" in the form of an ad that looks much like a search result.
That's a very dysfunctional "public platform". (The Google founders wrote about how dysfunctional it was to sell out that way in their 1998 paper announcing their new, alternative search engine.) No one ever agreed the only way the "public platform" would be useful is for a few big corporations to control it. That is a recent idea held only by those who stand to (continue to) benefit from its realisation.
News Corp is bad, Google is bad, Facebook is bad, but c'mon this does not mean the web has to be bad. If one cannot see the difference between "the web" and a few big corporations, then some "reframing" is defintely in order. The web is a medium not a destination. Google, Facebook and others trying to emulate them are all acting as middlemen on the medium.
On the contrary, the end-to-end federated Internet was doing just fine before Google came along, and will do just fine, perhaps better, when it's gone and no longer trying to co-opt every god-damn standards process for their own preferences. No-one has a monopoly on innovation: most inventions are driven by necessity, and large companies stifle genius, they don't foster it. Far from being the greater good, Google is remarkably pig-headed, and often downright incompetent outside of selling ads; even the usefulness of their flagship search is in decline.
> Far from being the greater good, Google is remarkably pig-headed, often downright incompetent outside of selling ads...
As is the nature of dualities, the web has benefit immensely from Google's investments even if it would have chartered a different (and in your opinion, a better) course had Google not existed in the first place. Someone pointed out, you couldn't say the same for Amazon. As for incompetence: imho, webrtc, which Google standardized and open sourced, is likely the single most important innovation on the interwebs (in terms of impact) just ahead of Microsoft's XMLHttpRequest.
> webrtc, which Google standardized and open sourced, is likely the single most important innovation on the interwebs (in terms of impact) just ahead of Microsoft's XMLHttpRequest.
Thats a really weird claim. We can point to some real ways google has benefited the web: Their search engine is excellent, and was a huge leap forward when it was released. SPDY/QUIC are set to become the next HTTP2/HTTP3. And google chrome has made the browser a much more powerful and compelling platform over the last few years. If anything they're investing too much - and hurting the web by making it hard for other browser vendors to keep up.
But webrtc?? Webrtc is still mostly a toy, barely used outside of video conferencing. Its insanely overcomplicated for any other use case. And I still haven't seen a compelling reason to use it for anything else. Decentralized communication doesn't buy you much when the site itself is still loaded from a centralized server.
More important / impactful than XMLHttpRequest? No, I think not.
What is the point of having a WebRTC standard if Google doesn't even follow it? Mozilla Firefox is given the shaft for many services because they don't support Chrome-only WebRTC APIs? Chrome and Google are bad for diversity on the web.
This all assumes that without Google this would not happen. But I fail to see why is this so. Linux happened without single corporation controlling it.
Linux was helped along massively when IBM embraced it and invested a $billion in it in 2000.
RedHat benefited significantly from funding by large corporations in it's early days.
Undoubtedly these companies helped shape the Linux ecosystem. A single company doesn't control it, but as big as Google is a single company doesn't control the web either.
> This all assumes that without Google this would not happen.
To be fair, I am not the one that's assuming things here. I am speaking of how Google has indeed contributed when they really didn't have to (as pointed out with the example of Amazon).
> Linux happened without single corporation controlling it.
What does linaro.org have to do with linux? I've been using linux since a decade before linaro.org was founded, and this is the first I've heard of it. Did you mean the Linux Foundation?
linaro.org contributes ARM-related work that directly impacts largest deployment of Linux (Android). And how long before ARM takes over servers as well?
I meant to highlight that Linux, not in its entirety but parts of it, is indeed driven by orgs (that you haven't even heard of).
there's no chance that webrtc is a more important innovation than XMLHTTPRequest... the web would be just a bunch of hyperlinked text and images without XHR...
Yeah it would have been an interesting world if Java hadn't sucked so bad (and MS hadn't tried to kill it) and the web had remained a hypertext document platform and all the deep interactivity ended up in applets and Java Web Start apps. Both pros and cons to that.
Java, Flash, Silverlight, lets not pretend that Java was the only attempt. Sad part is that flash and java plugins got killed over security exploits while the always growing API surface of current JavaScript implementations still gets consistently owned in Pwn2Own style competitions.
Last I heard you still had to call out into JavaScript, manipulating the same old DOM to get anything done.
Maybe someone could set up a library that implements Swing on top of a HTML Canvas? Just waiting for all the classes to download would help with that nostalgic feeling.
The cheerpj implementation of swing seems to work quite well. Just some lag when it loads resources not quite asynchronously and hard crashing sometimes when I switch the look and feel to Motif. Better than I expected.
Google was great until 2004 or so. I think uncle Sam made them an offer they could not or simply did not want to refuse. Then this Schmidt guy came and did the actual damage
Like mostly everyone, I was amongst those people who heavily recommended Google (really cool) products to friends & family.
Retrospectively, I feel so stupid to have promoted « free products paid by an advertising company » for years.
I know Google duped everyone on this so I don’t feel to be stupid alone. But still, in hindsight, there were no possible future where Google could stay on top without doing dirty things. We didn’t see the targeted ads coming.
I certainly hate ads more than the average person, probably even more than the average hell, but it feels strange to hear people sometime speak about Google as if targeted ads were the worse thing that could happen on the internet.
I've seen censorship, identity theft, money laundering, online harassment, online crime, information theft on very large scale to target, arrest and hang political opponents... All of which Google used to oppose more than any other big tech co. But somehow, the pitchforks are out against targeted ads.
You know, I'm not saying that Google is evil or that it behaves with bad intentions. And I have no problem with targeted ads as a product. It's a pretty efficient product that helps a lot of business to have their chance. I acknowledge that. But at what cost ?
For me, Google is "evil" for what it is, not what it does. And I think that Google is an utterly dangerous company with such unbelievable amount of precious data that could change the course of the history in a really bad way if it falls into the wrong hands in the future.
Who knows who will control Google in 5, 10 or 50 years ? Nobody knows. But we can be sure that in 50 years, the data that Google collects about us today will be lying on some hard disk drive, ready to be used for who knows what.
Google is able to define and store indefinitely "who you are". And the human history is full of times where "who you are" or even "who you were" were some really dangerous information that threatened your liberty or your life.
> But we can be sure that in 50 years, the data that Google collects about us today will be lying on some hard disk drive, ready to be used for who knows what.
I would sometimes worry about that. At some point internet privacy will be completely erased, not by malicious or greedy corporate practices but by algorithms scraping all of big data on the internet. This will ultimately be inevitable, almost everything you've ever posted on the internet will at some point be retroactively traced back to you.
The upside is that this isn't what's going to happen to your data, nor to my data. This is what's going to happen to _everyone's_ data. As long as the whole world bites the dust together, I can see the actual damage being minimized.
Of course, this does not take into account living within governments that don't care about human rights and that you happen to disagree with or be critical of.
Yes, there are reasons to be worried. Not sure Google knows that much about us though. At least compared to Amazon, your bank, your phone/broadband provider...
50 years from now the technology should have improved so much that Google will look laughably blind and powerless, I'm afraid. Let's not forget that Google, for all its evil, is still just an aging part of the dying old internet, that was naively brought into existence to be interesting and useful at a time when the world was not expecting that such a thing was possible.
Now the technology is slowly aligning with expectations and will soon assist on surveillance and control. We will miss targeted ads.
> As for incompetence: imho, webrtc, which Google standardized and open sourced, is likely the single most important innovation on the interwebs
Complex browser-based alternative to TCP? Standardized alternative to Socket.io? I can't say its not useful but webrtc is hardly the most important thing...
Was it though? Search kind of sucked before Google came along. Javascript in the browser was a joke. Google Maps and Mail were revolutionary.
I'm not as positive about Google today as I used to be in the past, but I don't feel it's fair to pretend that they didn't help us take giant steps forward.
Many of my primary sources of information have been obliterated by Google; they've also taken giant steps backwards, one case in point being the abridgement of the DejaNews archives, and frankly, no, search did not suck prior to Google: I always had better results writing queries for Altavista, and to this day I continue to use more specific predicates in the same fashion because results are often irrelevant otherwise - predicates that are, depressingly, having an ever-decreasing impact on the outcome.
One consequence was the preceding generation of search engines being harder to drive for everyday folks, and a relevance approximation thereby more immediately accessible on the consumer scale, but let's face that the algorithmic approach also spawned a whole bottom-feeding industry of SEO snake oil vendors and their merry-go-round of clickbait, malware, and global-scale consumer surveillance. The incentive to hang yourself from a single keyword means that Google became the foster parent of AOL's Eternal September.
My personal feeling on the matter of Gmail and Google Maps is that they are best attributed to their personal creators (Paul Buchheit, and the Rasmussens, respectively), not the corporation. The seed of Google Maps was an acquisition, after all, and many other technologies I've seen offered up in neighbouring threads as proof of Google's benevolence were either acquisitions, or ones where substantial parts of any credit must be shared (webrtc has been mentioned; it is both).
Javascript in the browser still sucks mightily, and although it's not an argument I particularly wish to stir up there's plenty to say in support of that perspective. What's more, many of the best solutions are the product of independent/small/OSS groups, although I will confess a soft spot for TypeScript. Consequently, and especially w.r.t Gmail, Youtube, Maps, and <whatever Google Apps is called this year>, Chrome starts to look like the Lotus Notes of today: a thick client, developed by a large firm, in support of its specific service & platform offerings.
I have a different opinion regarding Altavista search results quality. The results were so bad that most of the times I had to also try Hotbot, Ask Jeeves and various directories (Yahoo, dmoz, etc). They were not good search engines but the web back then was way smaller and there was a high chance that you could have different content on the other engines.
That’s the reason why Google, a very small newcomer, crashed the entire search engine market.
Search sucks now. Searching on google is like talking to someone with no long term memory. It's like nothing prior to the last, maybe, 24 months exists.
Also one needs a black magic ceremony to be able to come up with a search expression that actually works without Google jumping in and help me by rewriting it.
> By this point I would (maybe) pay a monthly subscription for a really good websearch like google circa 2005-2010
UI changes and new features aside, the web is just so much more adversarial nowadays. It's no wonder so much rubbish floats to the top of Google because the reality it's drowning out all the other content.
If you had the source code for 2005 Google it would be objectively worse today than it was then.
I'm often ridiculed for this idea when I voice it, but on day soon I'd like to make a search engine that is only whitelisted domains, with opinionated / hand curated weightings.
Just be prepared: the future of the internet is navigating politics. You better be prepared for people to be upset at query X returns results too right/left/up/down for their political preferences. Then senators start tweeting at you.
What would be an incentive to innovate past launch?
I'm trying to think of any changes to Wikipedia that happened after it launched and can't think of any. It surely does its job, but it doesn't change and there is no drive. Wiki concept was novel at the time, they did and continue to do an amazing job, but there's no evolution there. Or maybe I'm just a blind or unaware or biased - but, honestly, I tried to think of something and nothing came to mind.
Google constantly tries out some new things. They're really bad at maintaining them, they can't stop inventing chat services, they suck a lot and we could bash them endlessly, but let's credit what's due - they're always exploring some frontiers.
Wikidata is a pretty neat thing that the WMF created well after Wikipedia launched. And it's not like the Mediawiki software has stood still since then, it's way more advanced now.
Just because cars still mostly have 4 wheels doesn't mean automotive engineers haven't been innovating the past 100 years.
When runnaroo.com was shut down I was surprised that it was done by single person who managed for some searches to return better results than Google.
Which among other things shows that patents are bad for innovation in new and quickly changing industry. Google came up with their algorithm and heavily patterned it. As an invention it was not ground-breaking, but it matched very well how web worked. This gave them essentially monopoly in search from which they massively profited. At least now those patents expire.
I've never heard of anyone saying patents have much to do with Googles success, can you point me to something about that? To me their infrastructure and scale was the big edge they've had over everyone
Google's investment in the web is just like Microsoft's "Embrace, extend, extinguish" strategy, just far more sophisticated and nuanced. Just like the new Microsoft's so-called new-found embrace of Linux, open standards and interoperability. It's all a sham.
Garbage like AMP, or flexing their dominance in the search market to force websites to comply with this or that or risk delisting, is garbage.
You are kinda' making my point in highlighting AMP: one of the most hated Google 'contributions' to the web.
Why did they do it? Because news website were heavy, slow, bad experiences compared to Facebook Instant news and Apple News etc. and so they those proprietary options were winning. AMP was designed to allow web sites compete with that.
It was reported that Apple News is taking 50% cut. When media companies keep customers on their own sites they have many options - more are now running their own ad business entirely (NYT most recently). For many reasons I hated to see those proprietary platforms crush the web sites, but the web sites really were too slow and heavy.
I'm certainly not telling you to like AMP - my point is that even their most hated, ham fisted product fits into this mold. It is totally open in every important way (look it up if you don't believe me) and it made a big difference in allowing sites to compete with proprietary platforms.
MS is happy to use/embrace Linux, Chrome (even AMP) etc. but contributing is new to them. The embrace & extinguish thing is not the same when the company is creating and contributing the tech themselves.
>Why did they do it? Because news website were heavy, slow, bad experiences compared to Facebook Instant news and Apple News etc. and so they those proprietary options were winning. AMP was designed to allow web sites compete with that.
They could have prioritized websites with fewer tracking/ads/scripts.
I don't believe that Google cares at all about whats good for the web. They simply want to exploit it and pocket the money (as opposed to re-invest any major portion back in the infra/community) - in that sense, they're no different than any other nameless/faceless corporation.
They are now moving to scoring sites based on their speed, but any big change they make to their search algorithm is done very slowly and with tons of advance warning - AMP was something of a quick stop gap.
They are a for profit corporation in the end, so it is unfortunate to depend on them, of course, but I think they need to care about the health of the web - their profits tomorrow depend on it. And I think they've demonstrated it by creating so much tech that they give away.
> They could have prioritized websites with fewer tracking/ads/scripts.
The downside comes down to the end user experience if those websites being prioritized have lower quality material, which in turn might force those users to use a different search engine that might not care about that if it means they're getting more users.
That's 100% bullshit. Google made AMP to lock media companies into their ad network. All AMP pages have to use their ad network exclusively.
If they wanted to penalize slow sites they could have… penalized slow sites. There are numerous metrics (paint time, etc) that they can track for that.
If there's one thing that's clear from visiting any news publisher's website, it's that news publishers are unable to build sites that are fast and mobile-friendly. But one things news publishers do know how to do is rig up their CMS to also publish to proprietary systems like Facebook Instant Articles.
The magic of AMP was that it tricked publishers into thinking they were publishing to one of those proprietary systems, when in reality they were building a fast mobile website! Because it imposed strict rules rather than just "faster is better", publishers could throw out all of the stupid, awful practices they'd built up around making websites. Can't use that bloated framework of the week, AMP doesn't support it. Can't give the ads department free reign to ship whatever third-party scripts they please, AMP doesn't support it. Don't worry, website team, we're not threatening your jobs -- AMP is just another proprietary reading system, just like Facebook's.
> If there's one thing that's clear from visiting any news publisher's website, it's that news publishers are unable to build sites that are fast and mobile-friendly.
No, it shows that they're not motivated to build fast and lightweight sites. If Google search severely penalised bloated websites, bloat would soon improve.
> would stand little chance against the competing proprietary platforms
Citation needed. What proprietary platforms would have taken hold if not for the grace of gmail?
> Your suggestion that Google pay sites for the traffic they generate should (sic.) like that ridiculous News Corp/Australian shakedown of Facebook and Google
I think the point is that nobody would go to Google if they didn't need to look something up on Wikipedia. So while Google helps users discover content and funnel them towards sites, Google would be 100% useless without the content that ultimately drives the traffic. The status quo, where Google lays 100% claim to the traffic and gets to control monetization, is frankly not in anybody's interest. So why should we accept it?
Yes, you can definitely flip my argument or criticize it however you please. But I think what would help decide things is to see the hard $$ numbers on why Google thinks FLoC is actually inventive-compatible. They must have done a study here in order for FLoC to get the OK for launch. Maybe that study is right, maybe it’s wrong. But Sundar has—- several times—- admitted that Google has lost trust, and now Google is trying to sell a big change without showing the whole picture. That’s standard MO at McKinsey, but Sundar is now on a much bigger stage. Given the recent evidence showing how closely Google worked with Facebook to bias ad auctions, I think it’s high time we review how Google assesses incentive compatibility.
While I agree with you that Google paying for serving requests or some other equity mechanism sounds just plain odd, there are few tools to deal with multinational monopolies. Tesla is making bank right now in no small part from carbon offsets and consumer tax benefits—- that’s all because Aramco and big oil won’t diverge from their shareholder interests. Google usually welcomes novel web/social mechanisms and it’s very telling when they so thoroughly refute the interests of news sites. Or try to solve the problem with something crappy like AMP.
> but without Google pushing web and ad tech forward it would stand little chance against the competing proprietary platforms.
To give some evidence for this, Google pushed hard for PWAs - it serves their interests since they can focus on one platform for their desktop platforms, but also means that on Desktop (via Chrome) and Android each web app can just install themselves without having to distribute a native package or go through an app store.
>> Your whole framing can be flipped on its head be pointing out that Google, unlike Amazon has been willing to make such huge investments in the one public platform we've got.
True, as are some of the counterpoints. I don't think it contradicts OP's point though. FLoC is designed by Google, for Google's needs. Some/most of those are genuinely privacy related, the way that they're related is via advertising/targeting/tracking... which Google rely on for all their revenue.
Amazon, meanwhile, doesn't benefit from FloC much... hence conflict.
These datasets are being used as defining advantages by both companies. Why should amazon want to adopt/feed google's new analytics project?
> Obviously Google does it for self interested reasons
My understanding was Google works a ton on open source and essentially making "the internet" better so that people will ultimately use Google more (since Google is the backbone of the internet) and therefore consume more ads.
All of these tech advancements definitely helps the world more than it helps Google but I'm failing to know why/how FLoC helps the community more than it does Google? Not saying Google is in the wrong to do things out of self-interest, but this scenario is a little different
> make such huge investments in the one public platform we've got
How are things like AMP justifying this goal?
Ofc every company is doing things to advance its own interests, in that regard, Amazon has 0 incentives to share customer data which is truly unique/invaluable, with Google, or any 3rd parties.
> (Maybe Google could start by paying Wikipedia for some of the traffic they generate).
How is this different from arguing that sites, such as Google or Facebook, should have to pay to link to news articles? I appreciate and support Wikipedia, but I don’t think Google should be expected to help pay for it (though I’d appreciate if they did as a form of public service).
The problem with Wikipedia is that Google copies so much content and moreover Wikipedia is a non-profit trying to cover their huge bandwidth budget. It seems a better alignment of incentives would be for Google to pay into the Wikimedia Endowment as a function of content served inside Google search results.
They gave a paltry $2m to the endowment a couple years ago. ...and how much did they make off serving Wikipedia content?
Google has publicly recognized that they have a problem with trust and incentives. So when they admit that and continue to non-execute on addressing core problems, that's when the monopoly needs to be rebalanced.
> The problem with Wikipedia is that Google copies so much content and moreover Wikipedia is a non-profit trying to cover their huge bandwidth budget.
Wikipedia doesn't run ads on their pages, so Google showing content from Wikipedia directly in the search results doesn't take away any revenue from Wikipedia. If anything it reduces their operating costs to have Google serve the content (with attribution!) rather than sending users directly to Wikipedia's servers.
> (Maybe Google could start by paying Wikipedia for some of the traffic they generate).
What does this mean? You think Google should pay for people who are sent to wikipedia.org after a Google Search? Or you think Google should pay for the information they scrape from Wikipedia and display to users on a Google search results page?
> Maybe if Google offered more free GCloud credits and subsidized conversions they generate, that would be a different story.
I'm pretty happy with all the free youtube content, search engine results, email, storage, word processor, spreadsheet, slide shows, messaging, and more I get
This cannot be stated enough. I think just YouTube alone would be enough to justify Google's existence.
Meanwhile Amazon has Twitch, and people there don't seem to think too highly of how things are being managed (they somehow managed to break every single adblock available and at this point have won against adblockers).
Wow, the bias in this article is unbelievably blatant:
"[Amazon is] preventing Google’s tracking system FLoC — or Federated Learning of Cohorts — from gathering valuable data reflecting the products people research in Amazon’s vast e-commerce universe"
Compare with, e.g.:
"Amazon is taking steps to protect its user's privacy by blocking Google's heavy-handed overreach in leveraging its Chrome browser to spy on user's personal shopping habits and sell that information to other retailers".
(Note: I'm not saying my rewrite is unbiased. It's not. It's just biased in a different direction to highlight the contrast.)
Yeahhhh, but Amazon makes a ton off their own ad business and is trying to turn everyone's personal devices into a mesh network they own. They don't give af about user privacy.
So your suggesting that add long as our personal information is in their hands and is utilised for maximizing profits but hasn't leaked we shouldn't worry about privacy?
It's pretty complicated and my understanding could be wrong and definitely not an expert. All the stupid CIA-style names that keep changing don't help. Turtledove, fledge, sparrow lol.
But from what I think I know that's kind of right technically, but kind of not in terms of actual real privacy.
Yes, the actual browsing data, e.g. for the basic floc cohorts only what amazon product page you visited, is no longer 'sent' to ad networks (that's a pretty big oversimplification of how ad networks track you but for brevity). That data is parsed in your browser to generate a cohort ID for you.
But this cohort ID is exposed to the world document.interestCohort() and is what's used for targeting and tracking.
To me it seems that the cohorts are so small "thousands of people" + IP or UA it's basically the same as a semi-long lasting uuid.
And if you have like even 10 different cohort IDs, even if some of them are 'fake'/'noise' that's probably enough to ID you alone
BUT when you layer on the other proposals (Fledge/Turtledove/Dovekey or whatever) - which I don't understand that much maybe someone else can explain - it seems like it basically collect this page/product level data and makes it available to DSP etc for tracking/ad serving (again if not technically 1:1 basically in consequence given the sizes of these groups).
Like one of the proposals talks about a 'trusted' key/value server which doesn't seem that different from what already happens? The original proposal wanted to move the entire ad bid/target/serve process into the browser.
The point of FLOC is that you are only ever part of one. There's no combining the different cohorts that a user is in to be done, because there is only ever one for each user. Now, there is some legitimate discussion on his to handle changes to cohorts, since simply changing the users cohort ID in response to a user changing their browsing interests leaves the user open to such a set intersection attack. Some people have suggested options such as freezing the ID for the lifetime of the site's state to prevent it.
FLEDGE/Turtle*/etc. is a different issue. I'm not sure it will be more private than 3rd party cookies since the spec is not very clear and it has so many moving parts. I have heard from some Chrome devs that if it doesn't end up better for privacy than 3rd party cookies, it won't get past the origin trial stage.
Ah that makes a bit more sense thank you for that info.
The docs/images they use make it look like an array but I just read the origin trial info page and it says ocument.interestCohort() only returns cluster id and algo version id.
still though the point stands i think. even say 1 million people in one cohort id # (they use 'thousands' to describe) + ip + UA and it's pretty unique, until apple and others proxying everything as recent posts suggest. Add whatever 8 bits or however many privacy allowance entropy and it's probably very unique and trackable over time if you have say TTD scale.
totally! it's very very confusing and I don't understand some (ok maybe a lot lol) of the RTB/context/retarget proposals and multiple RTB stakeholders have submitted their own too and they all have really stupid confusing names. But that's what I gather that it's basically the same result. It feels like the only way to do similar retargeting, conversion tracking is to have one 'trusted' source who gets all the data
Does it matter whether the code Google wrote to do it executes on your device or on their servers? In the end they try to group people based on their Amazon browsing behavior and Amazon doesn't want that. Nor should any sane user want that, and Google knows that that's why it's opt-out instead of opt-in.
Thank god they figured out it is illegal in Europe to do this without opt-in and didn't roll out FLoC here...
What I don't get about the reporting on this topic: Isn't all this opt-out stuff just necessary while Google is testing FLoC and it'll be opt-in(!) after it leaves Origin Trial phase? Or is this Google employee straight up lying* here? https://twitter.com/Log3overLog2/status/1384337637763387394?...
I don't think he's straight up lying, but I do think the truth is probably more than what he's saying.
Like perhaps using AdSense, Google Analytics, Google Sign In, etc, will include a buried implied "opt in" for your site at some point.
Google is quite good at rolling out changes slowly enough to spread out any outrage. Watching the progression of ads take over their SERP pages, it was very slow and subtle. No ads, then just sidebar ads. Then one ad below the first one or two results, then above them, eventually leading to some pages with nothing but ads above the fold. Over many, many years.
I'm also curious how much info Google will choose to expose to Floc on their various sites. Within Gmail, for example, they could be very generous to other advertisers, or not. They already have the info, so I assume they could only expose a cohort interest of "email" if they wanted to.
The floc repo currently says "The algorithms might be based on the URLs of the visited sites, on the content of those pages, or other factors." Which is not super helpful. It seems like Google could fairly easily hide info from Floc since they own both sides.
All of the reporting is ignoring this fact because everyone who's commenting on this issue is ignoring this fact in favor of their own assumptions about how the platform works. "Opt-out for testing, opt-in for production" has been the design from day one, but a lie can run 'round the world before the truth has got its boots on.
(And while the author does say "Best guess", this isn't just an empty Google promise—if this changes, it would change the entire tenor of consensus-based standardization discussions that are happening here, and significantly lower Google's standing in the web standards community, which they care a lot about)
Not just an empty Google promise, but really not even a promise at all. This is just some poor guy that really wants to believe his employer "won't be evil" while the rest of the world already knows they are. But hey, a few more years of making money from his stock options and more obvious moves from Google and then he'll leave and talk like he's the world's biggest privacy advocate...
Kinda like when Steve Jobs downplayed concerns about the 30% cut from the app store by saying it's not important because everybody is using web apps anyway?
"Our best guess". The author of those tweets literally admits that they don't know what will happen. Personally, I'm not as inclined as them to give Google the benefit of the doubt until the absolute last minute.
I know there is skepticism that the opt-out http header is useful. Mostly because the places deploying it wouldn't call the floc API anyway.
But, it is certainly useful to publicly see floc sentiment. As far as I know, Amazon hasn't said anything publicly about floc, but now we know they are aware and doing something about it.
I saw that GitHub and The Guardian also rolled out the header.
Waiting for a website tracking who all has opted out to pop up.
I think the header also has value as a "last resort" to catch any unintentional use of floc if your org doesn't want it.
As far as I understand the explicit call to FLOC will only be a requirement once it has gained traction. Right now Google is still using whatever they can to make it viable, so explicitly opting out is necessary for anyone who wants to be on the safe side.
We blocked FLoC at my company because we couldn’t see the benefit in allowing it. If, in the future, an obvious value shows itself, then we’ll re-evaluate. But at the moment there’s only a business and reputational cost to allowing Google to harvest our users’ data.
We blocked it as well. Since we deal with health data, it seemed unethical to allow Google to add people to the "possibly sick" bucket and use that as part of their marketing.
That's an interesting one, in all GDPR countries medical data has an even higher requirement as it's a case of special personal information. So Google scooping that up without clear user opt-in could result in large penalties.
I hope they do decide to add the HTTP header to disable FLoC by default, unless site admins specifically opt in. From the discussion I've seen, it hasn't been decided for sure yet.
The website is really a third party here, the browser is choosing to track users browser history and report a summary statistic on it to anyone who asks, there's nothing the website can do about that.
Chrome has promised to listen if websites say they don't want to be included in the browser history they calculate that statistic on, but it's all client side, there is nothing the website can actually do but request that they aren't included.
Nowhere in this document does it claim that a summary of your browser history is being sent to websites. It explains the actual process of how cohort IDs are generated and used.
I think the problem here is just one of language, a summary statistic is a number calculated from a set of data that gives you some idea of the contents of the data, but condenses it in a way that you can't reproduce the original data. Common examples for numeric data sets are things like mean, mode, median, standard deviation. Common examples for data sets consisting of a finite list of strings (such as browser history) would be things like average length, character frequency, count, etc. The cohort id generated is unambiguously such a summary statistic.
I think language could be an issue here, but the problem as I see it is that cohort ID doesn't contain even a summary of the data. It's really just a number.
The website or ad network is able to read those numbers and build profiles on them, but it's still divorced from the user and their specific data.
I think a better comparison is that of a hash. It sums up the data, but is just a unique identifier for it. Of course with a cohort ID it's non-unique (by design).
Because the browser is only sending a number, it retains the ability to change, randomize, or obscure that number. That's an important privacy consideration of the system.
For what it's worth, I do think more work is needed. One of Mozilla's suggestions which I liked was to automatically send a missing ID on occasion, just to keep things a little hazy and reduce fingerprinting viability.
Fingerprinting is inherently less-necessary as a result of FloC, and you need to balance it to not become necessary again, but it's a way to protect users that fully opt-out without themselves become fingerprintable.
Rather than the browser sending a summary of your history, it calculates a cohort ID. That ID is sent to websites, and the website then has the job of associating IDs with interests.
So instead of building a profile on specific users, the website (or ad network) builds profiles on cohort IDs. Users can change IDs, or mask theirs altogether if they wish.
We actually respected DNT at an ad tech company I worked at and people still gave us grief for "tracking" them. We literally just 200'd the request immediately for all DNT requests. No processing, no tracking, nothing.
Hilariously, I even opposed removing the code later because I wanted us to be a good citizen but it was practically dead code because people were still calling us evil. They could literally set their UA to play along (or use one that set it by default).
I think we always kept the code in but it only incurred cost and we got blamed anyway. I think, looking back, I should have just removed that piece of middleware since no user ever really cared. It wasn't worth it for the org to pay for code so I could have a clean conscience.
We tried 202 and 204 and both led some UAs to show broken image placeholders. But during the time we did that people assumed that we were tracking them just incompetently ("Look! They've revealed themselves!" style).
Maybe we tried some other codes but anything but 200 was unsafe to many UAs (you could 3xx but UAs would break on 304 too because the tracking pixel wasn't actually cached). Anything that led to UA breakage was verboten anyway on our side since we didn't want anyone to have a broken experience because they set DNT. That would have been bullshit.
We were dumb-enough to handle P3P headers too (which AFAIK no one really used in the end). Lots of dead code. Ugh.
I've seen people say dnt could be ignored because it's off by default in some configurations(safari), and user did not make a choice. Would be interesting to see what kind of mental gymnastics these people would apply here to ignore user's opinion.
You might enjoy this project. Its a browser plug-in that submits random search queries over time to ruin the accuracy of companies tracking https://trackmenot.io/
A cynical view would be that Google paid large sums to advertise Chrome on prime time TV while sideloading it with Flash and Java installs, which lead to an outsize user base, which lead to outsize influence at W3C on specifications.
We should make a darkUI along the lines of prohibitive cookie policy modals that detect Chrome, and forces the FLoC in user's faces. It'll get ignored and be as useful as the cookie policy windows, but it'll be funny. Maybe add to the window "Don't like this message? Try Firefox instead!"
“Cookie policy modals” is bad naming: they‘re specifically there to get consent to track, regardless of the method you use to track in the first place.
Don't worry, Google will just "accidentally" break compatibility for those extensions in a way that's totally not just anticompetitive behaviour, because they've never done that sort of thing, like breaking other Google properties undermine Firefox before, no sir.
Why do we believe the Googs will actually honor this flag? If it's just an HTTP header, the browser can be made to just act like it's not there. All of these "flags" are essentially honor policy level things (just like robots.txt), but if the thing is not even told to look for the flag, there's nothing stopping from doing exaclty what is being asked not to do.
They've been respecting robots.txt and tracking opt-outs for years, right? Just one whistleblower and it's over. Why risk it? Also: Afaik it's opt-in after it leaves Origin Trial phase [1].
> They've been respecting robots.txt and tracking opt-outs for years, right?
Sort of. Kind of.
googlebot only respects part of robots.txt, the part that refers specifically to itself. It doesn't respect global robots.txt rules.
Google also explicitly don't really respect the disallow rules:
> However, robots.txt Disallow does not guarantee that a page will not appear in results: Google may still decide, based on external information such as incoming links, that it is relevant. If you wish to explicitly block a page from being indexed, you should instead use the noindex robots meta tag or X-Robots-Tag HTTP header. In this case, you should not disallow the page in robots.txt, because the page must be crawled in order for the tag to be seen and obeyed. [0]
No, but almost everyone ignored it and it never matured out of Candidate Recommendation:
> Efforts to standardize Do Not Track by the W3C in the Tracking Preference Expression (DNT) Working Group reached only the Candidate Recommendation stage and ended in September 2018 due to insufficient deployment and support. [...] Despite supporting it in its Chrome web browser, Google did not implement support for DNT on its websites, and directed users to its online privacy settings and opt-outs for interest-based advertising instead. The Digital Advertising Alliance, Council of Better Business Bureaus and the Direct Marketing Association does not require its members to honor DNT signals.
sorry, wasn't meaning to imply Googs ignores robots.txt. I was going for conceptually it is easy to ignore it, just as it is easy, conceptually, to ignore HTTP headers.
>and tracking opt-outs for years, right?
is this provable? if i opt-out with my g-account in the browser on a desktop, that should imply i want out of all tracking, yet you have to do it on each app on each platform. it's wack-a-mole that is impossible to win.
Google does a lot of shady stuff but they're a pretty sue-able entity, not some fly by night unknown data broker. If they say they will respect robots.txt and floc headers they probably will. They are surely collecting whatever data they want in other ways anyway.
Chromium is open source? We still don’t control releases but having the open source version it should not be too hard to reverse engineer and see if they messed with it.
We believe it because Google submitted the permissions-policy header / attribute (which allows a site owner to control the permissions for a lot of things apart from interest cohorts, such as geolocation, fullscreen etc) and because we have no choice.
The organization controlling "the thing" is the entity that asked for the feature, so we believe the thing will both know about it and honor it.
Counterpoint: Google makes billions of dollars from tracking and collating behavior across sites. If this impacts revenues more than they would like, the bet's off. There's a breakpoint here, and it's probably lower than people outside the company would expect.
I'm curious, with third-party cookies being fased out, and alternatives like FLoC being met with resistance, could this drastically cut the size of Google's revenue's down? If the ads can no longer be accurately targeted, I imagine that would mean the main value of AdWords is no more, and that's the foundation that entire company is built on.
It depends on what kind of ads - IMO the sunset of third-party tracking cookies gives an advantage to companies like Google.
Products that target based on actual user intent benefit from cookie blocks, as that cannot be meaningfully blocked ever. (i.e., when you search for "brunch" ads relating to brunch show up)
Products that target based on behavior away from the product will suffer - but morally I'm ok with that.
Google happens to own one of the most intentful products out there - you directly tell the product what you want to see! The main pain for them will be loss of targeting ability in their network ads displayed on 3rd party sites - but their first-party products I suspect will see a boost in the new world.
Minor correction: AdSense would be the product affected by this. AdWords (now Google Ads) is the ads shown on Google's search result pages, and are contextual (depending on the search). AdSense, AdMob and Google Ad Manager makes up Google's ad network, which accounts for a much smaller part of revenue (about 12%, where AdWords accounts for ~57% and YouTube ads ~10%).
Has everyone forgotten OTA broadcast television? Where Geritol spent a fortune advertising on the Lawrence Welk Show? And Kellogs flooded Saturday morning cartoons?
I may be wrong, but I don't think advertisers have boosted their budgets in the age of targeted advertising. Google has done well to replace the old channels for advertising with their own pipeline. For the last twenty years it has mattered which ad platform could more accurately target your demographic. Google has won most of that war. Today, you pay Google whether the ad is targeted or not. So now, they can shift the battlefront to create other barriers to entry. And to keep people dependent on their infrastructure to package and deliver advertising at all.
I believe the biggest "victim" of the increasing difficulty of cross-site tracking are content websites.
A content website has nothing to sell, assuming it's not behind a paywall. They are typically funded using general purpose tracking ads. The ads are based on other websites you visit and have nothing to do with the content you're reading.
These websites may face a serious threat, and need an entirely different model. The most straight-forward alternative I imagine to be contextual non-tracked ads. Ads related to the content you're reading.
Other victims are to be found in the shady world of data aggregators. Their entire existence is based on cross site tracking.
Whilst websites and data parties may suffer, Google will continue to hoard data. Almost every website will continue to use Google analytics, Google fonts, Google Tag Manager, the like. This on top of the wide array of consumer products you may use: Android, its various Google apps, Gmail, Youtube, all of it.
It's virtually impossible to avoid Google touchpoints, they will continue to know more about you than you do about yourself. They don't need AdWords for that.
Probably, but it would "trash which "cohort" Google thinks I belong in"; there's really no reason to fool Google into putting you into a specific cohort as opposed to just a random/"broken" one; either way, your true cohort is obscured.
Unless you were studying the impact of ads you receive based on cohort, like https://their.tube.
I remember reading about it on here a while ago and some Googler said that it was easily identified as automated clicking on their end, they have pretty sophisticated antifraud systems.
Just don’t use chrome ?
Or if you really like chrome
Use a chromium browser that won’t implement cohorts , why bother feeding it disingenuous data instead of just not feeding it anything ?
> There is a caveat regarding FLoC blocking on Whole Foods pages, however. While other Amazon-owned domains mentioned here that block FLoC do so using Google’s recommended approach involving sending a response header from HTML pages, Whole Foods blocking employs a tactic that sends an opt-out header from Amazon analytics requests.
What do they mean here, that the actual page request does not send the "no FLoC" HTTP header but the requests from Analytics do?
Amazon has a pretty big advertising platform too , I think they’ll try to spread this header on all the websites that use their ad platform.
So they might be trialing it this way because of that, to help boost their ad platform and hinder floc , so that google cannot drop third party cookies that easily , as floc’s on browser processing makes google the defacto judge on what information do they add into floc identifiers and what they do not , meanwhile themselves getting all the unrestricted data from their browsers separately.
By hindering mass scale adoption of floc , they’re trying to delay dropping of third party cookies , to slow down google from getting an advantage over them.
Atleast that’s what I think , they might be testing it for other reasons, only an Amazon exec can answer it specifically.
It's all pointless, it will win out eventually because it makes sense and Google isn't about to stop tracking you regardless of FLoC. All it does is disincentivizes smaller players from doing their own tracking which you'll have no control over anyway.
Personally I don't see depersonalized targeting as a bad thing. Better than advertising dish washers to people who just bought a dish washer or some such nonsense.
I got a great one from eBay yesterday; Because you bought Ratchet & Clank: Rift Apart PS5, we thought you might like this; Ratchet & Clank: Rift Apart PS5.
Jokes aside, if it was a multiplayer game that wouldn't be an impossibility.
I like the recent trend of friend-copies of games that are co-op first like "It Takes Two", "Operation Tango" (is that name correct?) and the two-player Wolfenstein I forget the name of.
I've read that these ads target you because by buying a dish washer your category went from "no idea" to "people who buy dish washers online". So while your chance of purchasing a dish washer right now might be low, as you just bought one, the calculated probability of you buying one has actually gone up.
Additionally, it alleviates the creepiness factor a bit ("they're so bad at tracking, they don't even realize I just bought one!", so you don't think about the perfect match with headphones you were just offered) and they might simply have missed the purchase.
They are just trying to help you out. They know there are "if you find it cheaper in the next 30 days, we'll refund the difference" policies out there. So those ads are actually much more helpful than you are giving credit. They can't help it you chose poorly and used a site that did not have that policy. /s
The point of the offer is that you don't have to do that. You just report that you found it, they verify, and then they will refund the difference in prices. Very few vendors do this, but it is a legit offer to help alleviate those post purchase regrets.
That's not the reason you keep seeing ads for products you just bought. Google was aware of your interest in the product yet was unable to track that you actually bought one. So they think you're still looking.
Excuse my rant about this free piece of content, but this is one of those sites that render the reading experience horrifying with giant subscribe and menu bars. It feels like reading something on a smartwatch is more easier.
I never understood what FLoC offers to users directly (rather than to advertisers) -- FLoC requires a user to opt into it, right? Why would I do this as a user, what incentive does Google give me?
Amazon just wants a cut of Google's profits, just like Apple takes its cut for the Safari search deal. The fact that this has become public means that Google didn't foresee this.
If Firefox had larger market share, Chrome wouldn’t have been able to make this opt out for websites rather than opt in because it would have given them a bad public image. I don’t think it’s fair that some company gets to force every website maintainer (most aren’t extremely technical and just use Wordpress or something similar) on earth to muddle through documentation for their particular setups to 1) learn it exists and 2) turn it off if desired.
This wording annoys me. The websites have nothing to do with it. Google choosing to turn it's browser into spyware that leaks information about what you used to do with it isn't the websites fault, the webserver doesn't do anything and doesn't have anything done to it, there is nothing for it to opt out of.
Google chose to give websites a way to request that the users browser doesn't include the fact that they visited this website in it's cohort calculation. That's fine, but the messaging around it is a transparent attempt at shifting the blame. It's not the website opting out or in, it's the website acting as an uninvolved third party bystander asking google to stop. Asking why a website didn't opt out is equivalent to a thief asking "well why didn't you stop me?" to the person looking on from the sidewalk.
We shouldn't accept this messaging. We should be very clear that Chrome is the entity spying on you, not the website, and that the website has no power to decide whether or not chrome spies on you, only the ability to make a polite request that it doesn't (or more accurately, does so less).
> If Firefox had larger market share, Chrome wouldn’t have been able to make this opt out for websites rather than opt in
FLoC is only opt in for testing the proposal[0]. As a sibling comment says this is technically performative but publicly signals a stance against the proposal.
Though we also shouldn't forget that Amazon loves third party tracking and happily falls back to IP address associations if cookies aren't available.
Isn't it the opposite. It's opt-out for testing and is supposed to be opt-in when it goes live? I mean, I just disabled it and I am certain I didn't opt-in to it given that I had to go to about:config to have the setting show up.
You can opt-in to actively be a part of FLoC, but if you don't opt-out, Google may randomly choose you to be part of their testing.
Edit: I think your point may have been from the perspective of a website owner. Sorry.
From a purely implementation standpoint, defaulting to opt-in instead opt-out leads to a long and arduous user migration process. Especially if it's a major change and/or somewhat controversial. Furthermore it tends to fragment the userbase and accumulation of tech debt (e.g. feature disparity). I think this is a huge factor in iOS versioning having such good consistency across its install base.
I've been using FF since forever (first Navigator, then a macos variant called Camino, and after it EOL'd, Firefox; tried quite a few others too, but always returned to FF). Never a problem, except of course with websites that don't test if it works on Firefox.
> shoot the messenger, it won't fix Firefox bugs or help their market share.
Your message doesn't really contribute to it either. If you hate Firefox with a passion and wish that Alphabet dominates the world and turns us all into clicking zombies, keep spreading it. Otherwise, better not.
You can't access HN with Firefox? This website loads one simple html file, one style sheet with a handful of media queries, three gifs and a small js file, which only seems to do things like voting and hiding. While FF 3.6 won't do the styling properly, even that ancient version should be able to display the contents.
If Firefox wants a bigger market share they need a significantly better product. That's just how the world works. I don't use Chrome but I sure as heck don't use Firefox.
I find this behavior pretty hostile. Every other online order I can track right from my email except for Amazon's. Facebook also does something similar with its 'so-and-so made a post's emails.
Actually, I'm on the other end of the spectrum. Google letting itself to parse everything, and doing it without my active consent is borderline creepy from my perspective. At least it can say "Hey, I've found a package, shall I track?".
Instead I use an application called FindMyParcels which I register my packages and get push notifications for them. It's a one man operation and works pretty well for me, so I didn't get bothered by Amazon's decisions.
Neither of these two companies are angels, but when they compete instead of forming a bigger eye-of-sauron, it's a win in my book.
Actually, it is. If I choose to browse Amazon's site, and they do first party tracking of what I'm doing on their site, then that's actually okay with me. How else are they going to offer me my browsing history, "Recommended by your browsing history", "Recommended by your previous purchases", etc. That goldmine is literally none of Google's business and all of Amazon's.
First party tracking is less creapy. When I walk in the shop, I know the shop assistant is looking at me. I don't expect the shop assistant of an unrelated shop at the other end of the mall to watch me.
Not seeing how anything going on with Floc hinders catch-all tracking that Google already does on the vast majority via Chrome. Floc is just a dummy throw-bone that allows Google to screw-but-not-quite all other ad networks by disabling third-party cookies.
