Hacker News new | past | comments | ask | show | jobs | submit login
With New Ad Platform, Facebook Opens Gates to Its Vault of User Data (nytimes.com)
190 points by 001sky on Sept 29, 2014 | hide | past | web | favorite | 115 comments

I think the thing that frustrates me the most about all of this is not the privacy, but the fact that Facebook gets exclusive access to data that I think is rightfully public knowledge. I'm fine with advertisers knowing that I really enjoy hiking, what my salary is, etc., but I don't like that they have to go through Facebook to get that knowledge. Ideally, they would go through me, or even better some publicly available repository of data that I've allowed to be assembled.

But there is also data that I may not want to be public knowledge. If Facebook scans my chat logs, then Facebook knows a lot about me that I would not want some of my friends and family knowing. And I wouldn't be surprised if their TOS permits them to scan my chat logs.

And you can also do interesting oracle attacks with this. Let's say I'm trying to figure out if my son is homosexual. (Substitute for any fact Facebook may know, and for any person you want to investigate). I already know a ton of things about my son. Age, where he lives, what sports he plays, his favorite foods, etc. So I create one really specific ad that's guaranteed to include only my son and maybe a few other people. This one is only shown to homosexuals. Then I create an alternate ad that targets the same group, but only heterosexuals. Then I just need to watch which ad appears on my sons computer, and I suddenly know what Facebook thinks his sexual orientation is.

> If Facebook scans my chat logs, […] their TOS permits them to scan my chat logs.

Your language betrays your cognitive dissonance. It it not your chat log. It was never your chat log. You typed characters into Facebook’s chat log, and the chat log is Facebook’s. There is no “permitting” needed. When you use Facebook (or Google, or whatever), you live in a glass house, an aquarium, with overseers who do not consider you a person with integrity, but more as a kind of pet to be inspected and analyzed at will. Facebook distracts you with “privacy settings”, but those apply to other pets in the aquarium, not its overseers. It might be discomforting to think of yourself as a pet in an aquarium, but you have chosen this yourself, by using Facebook.

The question if Facebook is permitted to scan your chat logs is therefore meaningless; there is no such concept. Facebook “scans” all its chat logs, all the time. (That’s why they have their chat logs.) The “privacy settings” have nothing to do with actual privacy from Facebook — like Monopoly money, it has no validity outside the tiny world of its own. Like “deleting” things, it appears to you to delete things, but does not actually delete them as far as Facebook is concerned — it is all logged and saved, forever. I could go on, but I’d better not.

(The same goes for Google and all the other cloud and social services.)

> The “privacy settings” have nothing to do with actual privacy from Facebook — like Monopoly money, it has no validity outside the tiny world of its own.

See also: People who believe they can disable the face recognition.

Also people who belive Chrome incognito mode means Google does not know what you're typing into that address bar and that there's no history or log of what you just visited.

Incognito mode is as upfront as possible that websites can record what you type. It's not what incognito is about, or meant to be about.

It's not "websites" that record what you type, but Chrome itself that sends every character you type into the address bar back to Google.

This is a configurable setting in Chrome.

They should fix the Incognito message then. Check to see if the search-as-you-type feature is on, then include the default search provider in the list of people who can see your data.

Absolutely right. If you SSH-ed into my personal computer and started typing into a file, everyone would laugh if you claimed that what was in the file was your data. You're not doing anything different when you type into Facebook. If it quacks like a duck its a duck. Its data that sits on their systems, that you have no legal or contractual protection over. Its not your data, its their data. You're just the one generating it.

Folks desperately want to deny the physical nature of cloud services, and pretend that its the same as storing something on your hard drive at home. They want to believe that the software abstraction that shows local and cloud documents together is real. But you can't will away reality.

No, it is not "their data."

When I rent a safe deposit box from a bank, and store my valuables in it, my valuables do not become the property of the bank.

Likewise, just because I store some data on someone else's computer system does not make that data theirs.

Now, we may not yet have a good enough legal framework for protecting our data; in Europe, laws about this are better, while in the US you are expected to just use contract law for this purpose, and of course with online services you have no way of negotiating the contract and they always claim the right to do anything they want with the data.

But that does not make it "their data"; it just means that our laws need to be updated to better protect our data and not allow companies to simply claim they can do anything they want in non-negotiable user agreements.

There is a difference between is and should be. Your valuables stored in a safe deposit box are still yours because its illegal for banks to look inside a safe deposit box outside an emergency. But no such laws exist for cloud data, and more importantly, every interaction you have with a cloud provider happens against the background understanding that the cloud provider has zero obligation to you regarding any data you put on their systems.

You can argue that things should be different. What I am talking about is how things are.

The law is miles away from actually treating it as your property in someone else's hands. Europe has so far only started addressing the issue of "private information", which is data about you which you might or might not own.

The law around physical property in someone else's hands is on the other hand well established, and is referred by English speaking lawyers as "bailment". If you entrust people with your stuff and they misbehave, they are then liable for their negligence about it. So the legal theory should be simple, but "on the internet" is masquerading the issue. If I send some clothes to the dry cleaners to get cleaned, it is still my clothes. If I send some emails to be cleaned by a spam filter service, it suddenly is no longer my emails anymore. There is no reason why we need any new law to correct this, but there is political work to make it enforceable.

: https://en.wikipedia.org/wiki/Bailment

Depends what you are talking about when you say "their data". At a base level Facebook can read it, delete it, copy it, move it, etc. and you cannot, so it only makes sense to say they own it and you do not.

It's only when you add a shared construct like some system of ethics or law that your definition of data ownership make sense.

It's the difference between ownership defined by abilities and ownership defined by rights. It's a failure of the English language.

Computer security, especially, encourages you to think in base, practical (there must be a better word for this) terms. Since you can't guarantee other actors will respect your rights, you fall back to "If I don't want X done then I must make it physically impossible to do X rather than just wrong to do X".

> When I rent a safe deposit box from a bank, and store my valuables in it, my valuables do not become the property of the bank.

Depends on the T&C [1]. Two things here, (1) you agreed to the FB terms and (2) took no steps to ensure your privacy despite these ever changing terms. More applicable digital lockbox hypo: when you put a gig of encrypted data on S3, AWS doesn't scan it and try to sell it to advertisers because you didn't agree to that. Further, they'd have to crack your encryption (i.e. PGP) as well if they wanted to violate those terms.

With AWS you get what you paid for. With FB, advertisers get what they paid for you.

[1] https://www.facebook.com/legal/terms

Yes it's their data. The moment you click "I AGREE", it becomes their data.

There's some serious equivocation going on here around the ownership of the data. It's your data; you own copyright on it. Per the TOS, you grant them an "irrevocable, royalty-free license" to do things with the data.

(The set of things they can do with the data is subject to change, with notification, but if those changes are "adverse" to you, you have the right to revoke that consent. What happens to your data after that consent is revoked is something that probably needs to be explored legally, but it's pretty widely known that Facebook never actually deletes anything. And the TOS do say "irrevocable", after all...)

All that said, it's not their data. (Effectively) unlimited access, yes; ownership, no.

> If you SSH-ed into my personal computer and started typing into a file, everyone would laugh if you claimed that what was in the file was your data. You're not doing anything different when you type into Facebook.

Actually, I disagree on that detail. An account on a Unix computer, accessible by SSH, is a known thing with known cultural implicit privacy guarantees. I have servers, which I can certainly call “mine”, with users, who have SSH access. I would absolutely not consider any file they type into to be “mine” — it is theirs.

I certainly agree with you and I feel the same way but we aren't corporations (well, I'm not and I'm assuming you aren't either). I host e-mail for many others on my personal mail server and the only times I've looked at someone's mail was to troubleshoot an issue (and that just involved grep'ing to find the right file (maildir) and then examining the headers).

The ethical sysadmin may think like that but the owner of the box has sudo (by proxy by replacing said sysadmin with a pliant one). Data then belongs to the box owner.

Those are just expectations. They're not anything you can beat someone over the head with, and as such are illusory.

That's a horrible analogy. Facebook's data use policy specifically says "While you are allowing us to use the information we receive about you, you always own all of your information" [1], so nobody should laugh when people claim it's their data. It's just that as part of sharing the data with Facebook, you give them extensive rights over what they can do with it.

[1] https://www.facebook.com/about/privacy/your-info

> It it not your chat log. It was never your chat log. You typed characters into Facebook’s chat log, and the chat log is Facebook’s.

But... that's just a cynical observation of the current, wild-west-style situation of data abuse. Society will slowly grasp the significance of what's going on and restore some sanity, ...right??

I am convinced that it will only happen if we succeed in making it a political issue. No one company or service can fix this, since all the incentives work towards more surveillance, not less. This type of so-called collective action issue is what politics and lawmaking exist to solve, so it is there a solution must be created.

At the least, those of us who actually care, but don't have infinite amounts of time to admin a LAMP stack, email server, XMPP server, and whatever else, will eventually be able to run Sandstorm[0] on a home server and be done with it. (I'm working on an appliance distro which will set this up more-or-less automatically.)

[0] https://sandstorm.io/

Hey, I'd like to hear more about this "appliance distro". E-mail me? (kenton@sandstorm.io)

But the best we can ever do is make it "wrong" with some non-perfect level of enforcement.

They will always have the ability to do what they like with the data they have control over.

you have taken a highly condescending and counterproductive method of argument. You list neither the specific provisions in the TOS, nor does you cite any law or custom to validate your position.

1) messages sent through chat are not specifically covered by Facebook's TOS, as such, the individual's premise that it is is false

2) whether or not the content is Facebook's property is irrelevant, privacy laws in QC forbid publication of this content under most circumstances (exceptions being public safety etc

finally, anyone who honestly thinks anyone working for Facebook has any occupational need to look at their chat logs has a rather inflated opinion of themselves

Actual publication of anyone’s chat logs is not what anyone is reasonably concerned about – it is a diversion. The real thing which Facebook does is total information analysis of everything about everybody, storing this analysis internally, and making the results available to unknown numbers of external parties, or alternatively allowing external parties to specify analysis algorithms to be specified, run them internally, and report the results to external entities. None of these things involve publication of any actual content provided to Facebook.

Also, the idea that the danger is that Facebook employees should read any chat logs is also a straw man argument – a distraction. Nobody except straw men actually puts forth this as a major problem. You would have been right to dismiss it, except that nobody made that argument. To be fair, it might happen, but the scale at which it even could happen is by definition limited, since Facebook cannot have that many employees with the time and inclination to do it. The real issue is the above procedure of eternal storage and analysis – on behalf of external parties and/or for internal use.

Your arguments are highly diversionary, and seem to be aimed at confusing the issue.

Facebook has the ability to scan and monitor chat logs and this is not prohibited either by their TOS or provincial law (for Quebec at least). However I am not sure you realized that I took the discussion a step further by pointing out, although I admit I should have made this clear to begin with, that the concept of ownership of the content of said logs can be divided into several different aspects.

There is the intellectual ownership (the ideas contained in the logs), there is the right to consult and have access to the logs, there is the publication right etc. These rights are also independent of one another, someone may have the right to consult the logs, but not to publish, or may have the right to publish, but only once someone who has the right to consult this information has given it to them

Also, it bears mentioning that simply claiming my argument is a straw man argument without actually telling me how that is so does nothing to show that it is so the issue of ownership was discussed in the first half of my commentary where i mentioned that Facebook's TOS allowed them do do what was described as such I addressed and confirmed OP's position

I then added that there were implications with what was being discussed and proceeded to give an example. Taken alone, yes it would be a straw man argument on my part, however, the point behind my commentary was to show that the practical damage that could be done by such a practice as monitoring and storing the information of chat logs would be minimized by the fact that not everyone can consult and publish that content

> Facebook distracts you with “privacy settings”, but those apply to other pets in the aquarium, not its overseers.

Indeed. I have argued before that the "privacy settings" are actually harmful. You should be making everything publicly available, because why would you give facebook access to this data but not your friends? Unfortunately this is contrary to what most people think. Of course, facebook doesn't actually allow users to make all the data available, in fact it's not even available to the user himself.

You give your doctor information you don't give your friends, you give your telephone company information you don't give your friends.

There are reasons to give private entities information that you don't want shared with the world.

Is it then a regression then from telephone and postal mail times ?

Yes, because with postal mail (a.k.a. snail mail) it was both technologically hard to open and scan mail without detection, and expensive to employ the number of people necessary to do it. With phones it was not hard at all technologically, but still expensive to employ people, and it was also rather expensive to record and store the data thus obtained.

Today, the technology to scan everything and keep it forever is trivial, and storage is very cheap.

PGP is a thing, that makes your mail mathematically impossible to open by brute force.

And you can self host your own XMPP servers or use any other peer to peer chat client like SIP.

Call me when that's something my mom can do. She needs secure communications too.

Have her sign up to a secure XMPP provider and communicate over that. Or host her an XMPP server on your end she can use. It is as simple as register -> use an xmpp messenger -> secure communications.

And encrypted snail mail has been a thing since ancient times. So what?

The good news is that you can always just stop giving Facebook information about you. I have largely stopped using Facebook a couple of years ago, though I joined in 2004. I use text, email, phone to communicate. I don't really have any urge to sign in and view my feed, the most interesting stuff I find on HN and Reddit. If there is something truly important about a friend, I'll hear about it whether or not I use Facebook. In general, the less I use Facebook the more focused and productive I am. Thats just me though, I have plenty of friends signing in on a daily basis and consuming the newsfeed like popcorn.

Even if you never visit Facebook, you still provide it with information about you. Most of the links you visit from reddit or HN have an embedded Facebook Like button, which gives Facebook information about the sites you visit. FB uses that information to target ads to you. http://www.forbes.com/sites/kashmirhill/2014/06/13/facebook-...

True. There are lots of tools to block that, however, on the desktop anyway:

1. AdBlock Edge (or Plus, but Edge doesn't have loopholes): https://addons.mozilla.org/en-US/firefox/addon/adblock-edge/

2. Disconnect: https://disconnect.me/disconnect

3. Ghostery: https://www.ghostery.com/en/

And I'm sure others….

I definitely agree with what your saying regarding ownership of your own data (photos, posts, comments, chat, etc..) and I definitely agree.

The second part of your comment strikes me as a bit ridiculous though. I cant invision a scenario in which someone would attempt to narrow down a group of users, given the provided selectors, to the point at which they know their 'target'(your son in this case) is in that group, and then(based on some boolean value (such as homosexuality)), figure out which ads are being served to that user in order to discern something about the user. (In this case seeing a certain ad would allow you to discern sexual orientation).

MarkCuban's post below (marked dead now) seems relevant, despite being decidedly offensive/inflammatory.

Why would _anyone_ go through all of that trouble when logging into the account directly or passively collecting network activity would yield the same answers?

If you're going to somehow attach the ads being served to a physical human (watching your sons computer screen to see what ads show up? Monitoring his traffic to see which ads are served?) you've already broken Facebook's model.

I _strongly_ believe that advertising is the wrong way to go about yielding revenue from a webapp in terms of the value it adds to our society(not that it isn't profitable for one entity). I just think your second statement/argument is a weak one.

> If Facebook scans my chat logs

There's evidence of scanning private updates & comments, going back to 2012 [1]. We could assume chat messages would be fair game in Facebook's eyes, though I haven't seen any confirmation.

[1] http://allthingsd.com/20120112/facebook-gives-politico-deep-...

You can use Bridgy to syndicate content to social networks from your personal site: https://indiewebcamp.com/Bridgy

Example here: http://dangillmor.com/2014/04/25/indie-web-important/

Facebook has already declared your data (i.e., the data you entered into Facebook) as theirs, to monetize at will.

There are several rational responses, but when some other entity keeps drinking your privacy milkshake, maybe the best way to respond is to poison the well.

Make any or all of the valid profile data fake. Potentially change it once in a while to something else also false. Don't invite people you normally would friend. Definitely don't use the profile for anything important.

What you described in your last paragraph has already been done, and it works. Here's an article about a prank performed using a similar idea: http://mysocialsherpa.com/the-ultimate-retaliation-pranking-...

> publicly available repository of data that I've allowed to be assembled

aboutthedata[0] by Acxiom is headed in that direction I think - just specifically for the ads they control, I think. I interned there, but I wasn't involved with aboutthedata.


> I think the thing that frustrates me the most...

If you're really upset, then just quit FB. Otherwise, keep baa-ing with the rest of the sheeple. I quit 3 years ago when their abuses got to be too much. Amazing, I still have the same friends and enjoyable life. I suspect most people would discover the same.

Rather aggressive, but I agree. I deleted my profile 2 years ago, got back few more minutes of my daily life, and read more books.

I am still on GPlus since it doesn't have any noise (and going by the trend, it's not likely to replace facebook anytime soon) - only tech oriented people use it, and I am fine with it.

the fact that Facebook gets exclusive access to data that I think is rightfully public knowledge

The way I see it is the raw information itself isn't secret/private, but Facebook is the one who busted their collective asses collecting and organizing it. Similar to how companies don't have unlimited rights to Craigslist's data, the company owns the database. Facebook can't come sue you for sharing your personal information with other people- it's still YOUR information- but their catalog is theirs to do with as they see fit.

A (probably poor) analogy is a calculator. You, oh holder of the calculator, do not own mathematics. You don't have a license on the numbers that go in, nor the numbers that come out. Numbers belong to everyone. But you do own the calculator, and it is entirely within your rights to control who uses it and how.

Yeah, it is that easy. You don't even have to make up your own ad, you can just watch to see if other people's ads that are targeted to homosexuals are showing up on that computer.

You should take a look at what these guys are doing datacoup.com

I created a secondary account only to handle our pharmacy's facebook page to promote our brick and stones shop. There's no eshop yet, so I tried to run ads (spend about 30 EUR so far), but the targeting is awfully off the mark. I didn't spam any of my friends, tried just to use ads. Results are lousy. I targeted a specific Greek city, surrounding areas and specific ages and all I get are 'likes' from people in other cities, which have zero value to me at the moment. So in a sense I'm just waisting money.

I don't know if this new system will be available for small shops, but the current system for narrow areas (> 50k inhabitants) doesn't seem to work properly.

Facebook ads generally seems... weird. Even the ads on Facebook itself is very often plain wrong.

That's not to say that Facebooks ads won't work in some or most cases, but there are definitivly case where they are surprisingly wrong. For me personally I don't recall ever seeing an ad on Facebook where I felt that they where targeting me directly.

It might be that the only interesting piece of info about me is that I'm male and above a certain age. I would just think that given what Facebook knows about me they would be able to target my much much better.

Currently the company that does product targeting the best seems to be Amazon, but only in the books department.

Its because Facebook can't afford to not show you an ad. So, when no one specific is paying them, you get lowest-common-denominatored.

It would be interesting to collect ad statistics from a broad range of Facebook accounts to see what they do get shown, since it would speak volumes about who's actually paying them.

That would be an interesting way to turn the tables. We are on their platform so the user data is theirs but we are also on their platform so the ad data is ours. Of course, this would need an app (or plugin or whatever they are called in Facebook-land) and a critical mass of people to install it.

I believe I would reactivate my account just to partake in this. Turning the tables sounds fun. Mine the data of the data miners.

I am almost certain that FB would put a stop to it though, as hypocritical as it may be.

Yeah I don't even look at them anymore. They feel like they aren't targeted to me at all. I get adverts for tax rebates for uniformed workers (I work as a web developer which is listed on my profile) and 'Barclay's investment opportunities' despite having neither the time nor money at the moment to invest in anything.

i always rejoice when google shows me adds for tampoons or perfume, just because it shows that the add targeting stuff is not perfect.

That's because generally people doesn't find any value in liking a pharmacy facebook page. If you're doing a clearance sale & run an ad to promote it, the result might turn out differently.

I did this too. Run a campaign about a short time offer just to test the waters, spend about 12€ in 48 hours, almost 2.5k saw the add, 17 clicked on the add, 2 of them"liked" the add.

The thing is that I dont know how to increase the page fans and run successful add campaigns wothout literally spamming everyone, which is something id rather avoid. Also i would to have 500 fans which arw i terested in the products then 1000 friends who liked the page because of me, but are not interested. Anyway, i will write a blog post in future woth specific numbers:budget etc.

Try going to Facebook and turn of any adblockers, then see if their ads actually advertise products you want.

If you are single you end up with ads for crappy dating sites, if you are not you get ads for child care products (likely also crap, or at least overprized).

Why? Because the crappy services are the only services where it makes sense to advertise on facebook.

Oh WOW. 30 euro and no results? Facebook ads don't work!!!!

Oh WOW. 30 euro and no results? Facebook ads don't work!!!!

Do you really need to be so snarky to make your point? It makes it unpleasant for everyone else to browse comments.

Re. your point, if you want to dip your toe in the water to see if FB ads work for you, then how much do you need to spend? I think starting at < €100 is reasonable.

Yeah, I'm just cranky before my coffee. It's my bad.

It's not a matter of total spend. Advertising, and marketing in general is about a lot of tests. The best way to approach it is to read a lot of material beforehand. Then map out the outcomes you want out of the advertising. Figure out what your KPIs are, set goals for those KPIs based on what you've read. Then set a daily budget according to your goals. And start running tests. After a month you can look at your results and see what worked, what didn't and you can start thinking why those things happened or what didn't happen.

The budget is something specific for every individual business. You can't really say, you need $X to get started. It is not an easy process. That's why I sometimes overreact to statements like OP's. Advertising is not something you can do in 15 minutes before bed. You need to educate yourself, be dedicated and persistent to make it work continuesly.

If you want to make it work, I suggest Neil Petel's quicksprout university for a very, very basic introduction.


I'm a bit confused as to how to read your statement. atmosx simply said that from what s/he saw, the ads ignored the targeting settings.

That suggests a problem that is not fixed by user education, testing or throwing bigger budgets at it.

People have always asked for a solid Google Adsense competitor. Maybe this will be it. Though looks like it's not wide open yet, publishers have to apply/ be certified: http://atlassolutions.com/partners/

But you could imagine this being pretty massive.

Google's got a ten-year headstart in this domain. It'd be great to see a worthy product from a formidable competitor, but I'm going to wait a while to hear some of the experiences of other publishers before I implement. I doubt that they're truly ready to compete with the AdSense platform at this point.

I will certainly test it out on all my sites - honestly I wonder what took so long, adsense has been ripe for competition for too long now

Facebook is the only platform that has the scale necessary in the english speaking world to attempt a full-blown competitor to AdSense. I'd suspect that Facebook's relatively slow crawl toward full monetization is part of the reason they didn't do it sooner. They're just now getting the ad machine up to speed.

I'm also curious to see what kind of results Amazon's new ad network efforts yield. Narrower scope in some regards, but they obviously have incredibly valuable data.

For anybody asking the question, "Why Atlas?", please see http://atlassolutions.com/why-atlas/introduction/:

> New possibilities for a new advertising reality. Atlas drives advertising impact for today’s multifaceted brand journeys.

A lot has been written about Facebook's epic engineering staff, but the copywriting talent the company employs is clearly second to none too.

Two slight typos on the signup call to action however:

    Atlas, a next generation ad serving and measurment platform, 
    lets advertisers, agencies, publishers and partners increase
    results through the poiewr of real world data. Find out how it
    can work for you.

fixed, thanks

Type fast and misspeel things.

I miss Bill Hicks.

I still think the primary problem is that Facebook does not understand intent and so it will still be a 2nd class citizen compared to Google.

That's the same problem google has w/ display ads. In this sense FB would have an advantage anyway because their demo targeting is much, much more precise.

They're getting pretty good though at predicting intent.

A couple months ago, I was looking for a cheap hotel in San Diego on several travel websites outside of Facebook. I didn't click any FB like buttons on those websites but not much later "Hotels in San Diego" ads started appearing in my feed.

Ad networks have cookies on the travel sites you visited


Those sites probably cookied you with an FBX retargeting pixel and then followed you to FB.

> They're getting pretty good though at predicting intent.

Yes, by tracking you to other sites - you know the sites you thought were not facebook.

FB has its hooks into many services as an authentication provider and sharing channel. There is plenty of intent to be mined there. Definitely different than what Google or Amazon have, for sure, but just different--not necessarily inferior depending on the usage.

That's why they're rolling this out via Atlas, an enterprise ad server. They're focused on brand dollars, which go toward demographic targeting rather than intent/behavioral.

If you thought that retargeting was bad because you saw the same advertisements for the same things no matter where you were, you haven't seen anything yet.

Apples to apples, this is less of an answer to adwords and more along the lines of an adsense competitor. IMHO This launch will take a huge bite out of quantcast + any cookie pooling/dmp companies. It will also be interesting to see how adroll and other retargeting companies end up fairing.

Budget-wise, I think this will expand the pie for over all ad spend rather than suck out any air from googles ad platforms.

Chris Dixon basically describes this game plan 4 years ago, http://cdixon.org/2010/05/15/facebook-is-about-to-try-to-dom...

what is interesting I think, it that facebook more or less might make all private data peddlers irrelevant. I could be bad or it could be better in a sense that your data will be in one place instead of a thousand different unknown places. it would be easier to target by eff such well branded target.. IMHO.

The key questions I have are:

- Will this respect DoNotTrack? - Will Facebook users be able to opt-out of this targetting? - Will it respect my privacy settings when I set all my "personal" data to "Only me" or "Friends only"?

I find it quite abhorrent that a service, so personal, is now truly using that data against me whilst I'm outside of the service. I will be among the first to leave if the answer to all these questions is no.

The people selling ad space as well as the people buying ads won't have access to your personal data, so yes, they will be able to utilize your "only me" personal data. You ask FB to target certain profiles and FB handles the rest. This is considered keeping your private data private (and rightly so IMHO, but I know some people who disagree)

I don't know if the "like" buttons around the web respects the DoNotTrack, but I expect no changes in Facebook's tracking behaviour.

It will be interesting to see how advertisers take advantage of this data without alienating people. A lot of people don't mind seeing a targeted ad on Facebook since they have a relationship with them but would be disturbed to see a very target ad in another app. Target saw this when trying to deploy their targeting to pregnant women, they had to camouflage their pregnancy product coupons with other random ones as "some women react badly" [1].

Also article claims that Facebook isn't selling your data but aren't they really if advertisers are going to get to set a cookie for usual advertising accounting of reach and view caps? E.g. Buy campaign targeting users with qualities X,Y & Z and then set a cooking on users who saw the ads so now I know they are all X,Y & Z.

[1] http://www.nytimes.com/2012/02/19/magazine/shopping-habits.h...

I'd expect it to go one of two ways:

Either you just happen to see a lot of ads all over the web for bars and day trips in Thailand after you did a Facebook check-in at the airport saying you're on your way to Thailand


The ads will be similar to what you see on FB, eg your friend Jonathan likes the new diet coke, why don't you try some, john? With the ad clearly outlined as not being part of the site with a "ad delivered by Facebook" disclaimer and clear FB styling.

Advertising is a tricky business.

Facebook's Like button was really a brilliant move by Zuckerberg because it essentially gave FB a tracking page of the majority of the Internet. I don't mean this in a nefarious way: this is how display advertising works. A cookie allows the advertiser to see what sites you visit and, from your behaviour, develop a profile of your interests, likely age/gender, etc (all based on modelling).

I should also point out that before the inevitable cries about privacy, an advertiser doesn't care about you, specifically. They care about the characteristics of groups of people because that's the only way statistical modelling works anyway. If you visit some fishing sites, you as an individual may or may not be interested in fishing. Take 1000 people like you and there's a much higher chance that a member of that group is much more interested in fishing than the general population.

Anyway, I thought a couple of years ago that FB was poised to become a major player in the display advertising business. This hasn't come to pass. Not because they couldn't. They simply have chosen not to go down that path. They don't' want to risk cheapening their platform by becoming another AdSense (which is the lowest CPM you can get and is really for the very long tail).

This is one reason advertising is tricky. It's a balancing act where you're trying to cultivate premium publishers and advertisers while segmenting both (premium, remnant, long tail, etc) without cheapening the premium side, which is where you make all your money.

So you can buy an impression on the WSJ through a guaranteed reservation. This by far generates the most money for the site and is how the WSJ would like you to buy advertising. Still, they can't sell all their impressions this way so there are various sources for monetizing so-called "remnant inventory". Thing is, you don't want your premium advertisers buying impressions through those (cheaper) channels instead.

So Facebook seems to clearly be protecting its potential value. It really is potential value until it's realized.

I have a theory about this: I don't think all that data we give Facebook is actually all that valuable. What sites you visit on the Internet vs what you tell Facebook is really the difference between what you do and what you say. What you say is filtered through how you perveive yourself, how you think others perceive you and how you want them to perceive you. What you do (IMHO) is a far more genuine representation.

So time will tell. I think at this point if you see FB enter the display advertising space, it's a de facto admission of failure (meaning it hasn't met expectations) of monetizing all that data.

Disclaimer: I work on display advertising for Google.

> an advertiser doesn't care about you, specifically

Of course they do. They just haven't figured out how to personally market to individuals without running afoul of regulations or public sentiment. Removing those impediments is a marketing wet dream.

Why would that be the case? If somebody wants to sell me fishing poles, the only data that's valuable to them is data that predicts how likely I am to buy fishing poles. And I don't think there's any data an advertiser could capture that would do a better job of that than what Google and Facebook already have on offer.

If you are an advertiser for a product (let's say a fishing) pole and you are targeting a certain demographic (let's say people who might buy a fishing pole) and you know that the person you are targeting, beyond just being interested in fishing pole, is also a family man, you might show an ad that emphasises how fishing is a family act and brings people together. Alternatively if the person you are targeting is a person who likes solitude, you might emphasise the peace and silence of fishing on your own.

That is one reason why knowing your individual target is valuable beyond targeting a certain demographic - you can tailor your ad to the individual, which in theory will increase the likelihood of a sale.

I think what OP's referring to is forms of "targeted up-sell", where they could choose what kind of fishing poles to sell to you. Here, the deal might be a favourable one, but not for you (but for the sellers of course).

There was that (in)famous NYTimes article from a few years ago about how the target supermarket was successful in finding out a teenager's pregnancy before the girl's father did, and sent her coupons for baby items (which is how the father first got wind of the likelihood of his daughter's pregnancy).

So, as the OP says, it gets murky and grey very quickly as you get into "personalised" selling.

We "live in interesting times" indeed.

Sure, but I guess we're talking at cross-purposes. Target didn't (I presume) send that girl the coupons, after all, but everybody who matched certain segmentation provided by the ad platform . That's what I take the earlier poster to mean about advertisers not caring about "you specifically". Segmentation is valuable, certainly, but not individualization.

I was trying to give you quick summaried, multiple points of targeted advertising in my reply. Others who replied have taken the fishing example and pointed out how detailed targeting could go for that specific case.

And the particular case that you are now picking on could be argued as a corner case that captures both segmentation and individualisation at same time.

Anyway, the point has been made about why individualisation could be a tricky curve by me and the others. Choose whichever example(s) gives you the best rationale.

Really? Let's say I'm a fly fishing lodge... What do you think I'd pay more for:

1) someone who visits fishing websites 2) an individual who purchased (verified by credit card data) $5K worth of fly fishing gear

I would agree with quite a bit of this.

However I would disagree with your statement that it is a de factor admission of failure of monetizing all that data. If anything, it is Facebook laying the foundations for a very powerful data asset once it gets the other pieces of the puzzle in place. Let's not forget that Google's own GDN was once the red headed step-child of the display space only a handful of years ago due to quality issues (and the Search Partner Network still suffers from quite a bit of this as covered in a recent article on Search Engine Land[1]).

In any event, all of this data that they have, and that Google has, etc. are largely wasted because of both of their failures to leverage it to the fullest capacity and solve the issue of cross-channel attribution analysis and optimization.

Perfect example...it is 2014--why the heck can't I get view-through revenue data in the AdWords UI when using the AdWords conversion tag and/or syncing with GA? You most certainly have the data. Why should that be limited to advertisers who pay for DFA to get the exposure-to-conversion reporting capabilities?

More importantly, why has nobody tackled the truly large scale, cross-industry problem of true global frequency capping and tracking? I realize it is in part because there is little incentive to play nice with others, but that seems like a problem Google should try to solve as it would provide tremendous value in the form of a drastic reduction in wasted impressions (and thus higher-performance display campaigns). In the end, it is the users that suffer from being bombarded by ads from multiple networks/DSPs/etc. because of the few options to limit exposure across initiatives without setting up complex audience segmentation and negative lists.

Getting all of this data under one roof/GUID is only useful if there are tools to optimize against it at that scale and level of complexity. That means making data-driven attribution a priority and proving the incremental value of impressions and view-throughs. Letting advertisers view their data through multiple attribution lenses or define their own is still falling short because attribution should not be based on static values. This is a problem that Google has the chops to solve, and that the average advertiser lacks the resources, expertise, and technology for. I've been pretty disappointed in your solution thus far. This is data you should expose to the masses in an actionable manner that would dramatically help them sell Google display solutions. Admittedly I haven't had a chance to try GA Premium's data-driven attribution features, and I'm dying to know how Adometry will be incorporated into your products, but it can't come soon enough.

As it stands right now though, I still can't easily show with data that view-throughs are worth a damn--even if I did have said revenue data. Oh, and don't get me started on video display units...why has AdWords for Video still not been fully merged with the main AdWords platform? It is ridiculous that I need to use a separate platform and split my budgets/data/reporting if I want to run Trueview ads for a retargeting campaign.

Anyway, thanks for bearing the brunt of my unloading on Google's display efforts. I've been particularly frustrated with them as of late, and now that I'm client-side without the massive collective budgets I sat on top of as a senior-level individual at a top agency partner, I don't get as many opportunities to share my candid thoughts to Googlers about how to improve things. I actually live/work in Mountain View though if you or any display Googlers want to grab a drink and discuss further.

[1] http://searchengineland.com/will-ask-com-google-arbitrage-ev...

The article re-articulates the requisite disclaimer that Facebook does not sell or reveal "personally identifiable" information about you.

This is misleading on both abstract and practical levels.

Practically, if a company runs an ad that targets certain data points, then converts a customer based on that ad, then the company now knows that those data points apply to that customer.

Abstractly, at what point do we define ourselves as "personally identifiable" these days, and when does it stop mattering? That is, we spend a great deal of time online generating data-based profiles that become very real identities in their own right. If these identities are of a world where we spend so much time and are effectively being bought and sold, then does it matter that our street address or first name isn't included?

Anyone who has ever felt creeped out or "big-brothered" by retargeting is experiencing exactly this breach of his/her alter online identity.

Question: I usually use one web browser for social media and gmail, and another web browser for everything else. Does this positively effect privacy?

It certainly effects the utility to advertising frameworks for tracking cookies but I would think that IP address tracking might be enough to track users.

Related: I use Incognito Mode in Chrome for browsing any sites that I'm not logged into. Also, I run Ghostery. Do either of these things actually work?

Well it will prevent persistent cookies across sessions, but you can also be tracked by ip address.

I suspect it won't negatively affect privacy directly (unless you're taking less care as a result of your feeling of safety). That said, mechanisms such as flash cross-browser cookies are technically possible [1], and I'm sure are in use in the wild.

[1] see for example the evercookie (http://samy.pl/evercookie/), which even lists the various delivery mechanisms for cross-browser persistence, about halfway down the page.

Anyone else think it is a bad move that they have a separate site? Atlas by Facebook - http://atlassolutions.com/. I understand that they want to sell ads to companies but they aren't fooling anyone (nor are they trying to) and they might end up confusing more people than they help.

Atlas is an established brand in the big agency/brand space. For now that's what this product is focused on.

> The Facebook login is most useful on mobile devices, where traditional web tracking tools like cookies and pixel tags do not work. If a person is logged into the Facebook app on a smartphone, the company has the ability to see what other apps he or she is using and could show ads within those apps.

Anyone know if Whatsapp will be using Atlas, either overtly (displaying ads), or covertly (harvesting data in the background)?

Does anyone know if the new system supports the custom audience feature (targeting specific phone numbers or email addresses)?

facebook ads are junk and have been proven to be so

before you waste any money, watch these two videos:



I know many mobile game devs who say that Facebook is, by far, their most effective advertising.

If you're not buying likes, then the quality of likes doesn't matter. Many (most?) of the ads on the sidebar aren't for page likes, they're links to businesses/products, like most other ads on the net. ROI is easily measured there -- more revenue generated via sales/signups than the cost of the ad or you cancel it. Facebook ads are profitable for many businesses. They are for mine.

I agreed with you up to the "ROI is easily measured there" part Dan.

I've never used Improvely so I'm not sure how deep down the cross-channel attribution rabbit hole you get with it, but social, and display in general, are far from being solved problems with regards to measuring ROI.

There are of course a few cases where ROI is indeed easily measured. Someone sees a FB ad, clicks it, and converts without any other touch-points in their path to conversion. I think we can all agree FB would get 100% attribution credit in this instance.

But the second you throw in any sort of existing brand awareness generated by other channels, or FB's contribution to said awareness for driving conversions in more last-touch inclined channels, it becomes very murky indeed.

There's a reason all of the 3rd party dynamic attribution vendors like VisualIQ, Convertro and Adometry have been bought up by the big players.

Would love to know your thoughts on solving for this problem though as it is increasingly a large one as the targeting side of the display world continues to eclipse progress of actually measuring the performance of said display efforts at a staggering rate.

Well, you said it yourself. Track everything you possibly can, then get an SQL server and start modeling. Nowadays, you can do basically everything you need in excel. I wouldn't say it's easy by no means, but if you are dedicated you can make it work. Just get a book about MMM and start tinkering with the data.

I would disagree with you. if executed correctly they can generate a really great return. it entirely depends on what you're promoting and how you're promoting it just like any other channel.

People with no marketing or advertising background, spending laughable amounts of money declare that an extremely sophisticated platform is junk.

It's like me saying Boeing's products are junk, because I can't assemble a spaceship.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact