blog: Don Marti


Notes from my talk at Southern California Linux Expo

13 March 2023

Here are notes and links from my talk at Southern California Linux Expo. This is not exactly what I said but the links should be right.

title slide

Introduction: limits of individual protection

I need to start with a disclaimer. Privacy tools will not get you privacy, but it's important to do them anyway.

  • Most privacy tools and settings make you different from others, so more fingerprintable (hi, Linux nerds)

  • Out of band surveillance, which privacy tools can't touch, is still there (and the more you participate in the modern economy, the more you're surveilled)

  • companies fail to comply with existing laws (yes, they complain that they're "confusing" and somehow that seems to work in a lot of cases.) And they play legal tricks to build up and use friendly jurisdictions.

  • the more you try to protect yourself, the more crappy ads you get. How long can you stand getting the miracle cure ointment ad featuring the "before" picture—before you give up and try to get tracked so you get more legit ads?

By itself, no set of privacy tools is going to be able to get you to an acceptable level of privacy. If that's what you came for, you can split, go get a coffee or something. Privacy tools are worth doing, but only as part of a cooperative program to address a much larger set of problems.

Am I here to argue the privacy point of view or the pro-business point of view? Yes. First of all, surveillance advertising competes directly with product innovation for investments. The economics literature on the effects of shifting investment away from surveillance is going to be interesting. In the meantime, we have evidence from mobile games and mobile game advertising, which is a fast-moving behavioral economics lab that helps spot trends early. As mobile game developers lose much of their targeting info to Apple's App Tracking Transparency, they compensate by investing more in content and gameplay.

Surveillance also puts us at greater risk from internal strife and external adversaries. Bob Hoffman told the European Parliament, Tracking is also a national security threat. The Congress of the United States has asked U.S. intelligence agencies to study how information gleaned from online data collection may be used by hostile foreign governments. (More on that: Microtargeting as Information Warfare by Prof. Jessica Dawson of the Army Cyber Institute) All right, all right, fine, you came for open source privacy tools advice so I will include some. We'll do some fun tips, but I will try to put them in context. Here's number one.

Privacy tip: fix YouTube

This one is an easy example of a tracking risk. The video you came to watch is great, but the stuff that gets suggested after that is the first step down the rat hole. A case before the Supreme Court right now covers YouTube running ISIS recruiting videos. And one of their biggest stars was just arrested in Romania for human trafficking. The recommendation algorithm on there will take you to some pretty dark places, pretty fast. But there are also videos on there you have to watch for school, or work.

What I want is a YouTube setup that will not just protect my privacy, but also reduce the number of YouTube impressions I generate. (Also I want to visit my family members at college or at a legit job, not at terrorist training camp.)

This requires two browser extensions. First, use the Multi-Account Containers extension to put YouTube in a separate browser container. That's a separate space with its own logins, storage, and cookies.

Make a YouTube container

Click the extension, select "Manage Containers" and make a new container for YouTube. Then go to YouTube and choose "always open this site in container."

Second, use Enhancer for YouTube to turn off the problematic features.

  • Turn off autoplay

  • Hide "related videos"

  • Enable "Theater Mode" to make main video wider (and fill in the space left by related videos)

  • All your other least favorite features of YouTube can also be hidden.

Turn off growth hacking features of YouTube

Don't use the native mobile app for YouTube. There are also alternate front ends for YouTube and other services. LibRedirect is an extension to automatically redirect to those services. But they aren't as future-proof, because it's easier for YouTube to break them.

Privacy violations as part of a larger problem

Privacy is downstream from other problems. Surveillance capitalism isn't a thing because advertisers care about your personal data. If you do a "Right to Know" most of what you get is wrong. According to Oracle, I am a soccer mom of four.

I hate to break it to you, but those startups that tell you that you can make money selling your personal info to advertisers are wrong. Your data has value as a short-term intermediate reaction product, as an input to two kinds of deceptive practices.

  • First of all, the B2C scams: ad targeting lets the legit advertisers show their ads to the affluent users who can afford stuff. And they typically target younger people. Targeting generally cuts off at age 34 or 54. So what do social media platforms do with all the ad slots that the legit advertisers don't buy, and that go to older and poorer people? Right, they get the not so legit ads.

I haven't been doing this. Will this be my last SCALE?

  • Second is the B2B scam: tricking advertisers into sponsoring content that they would choose to avoid, such as Russian disinformation and copyright infringement. User tracking lets ad intermediaries sell an ad impression that claims to reach a high-value user, but on content that no reasonable advertiser would choose to support.

Hey, look, it's a real car ad on a scraper site.

NewYork News Times, real legit looking site here people

How can such a large industry get away with this kind of conduct for so long? Professor Tressie McMillan Cottom wrote,

"From buying a gallon of milk to making a dinner reservation, all the way up the chain to electoral malfeasance, so many of our interactions feel weighted away from social connection in favor of extracting every ounce of unfair advantage from every single human activity. Not to overstate it, but a pluralistic democracy simply cannot function when most of its citizens cannot trust that the arrangements that they rely on to meet their basic needs are roughly fair."

To put the privacy problem in context, privacy violations as we see them are downstream from changes in business norms. We're pulling on one tentacle of a much bigger threat than just the obvious personal privacy issues such as swatting, identity theft, price discrimination, and investment scams.

The relative payoffs of production and predation (or “making” versus “taking”) are determined by legal mechanisms for enforcing contracts and protecting property rights, but also by social norms and interpersonal trust. — Stephen Knack

The more common that scams become in our markets and society, the more trust we burn, the more unnecessary risk we take on, and the more wealth we miss out on. This is not an advertising problem, as Bob Hoffman said—it's a surveillance problem. Some kinds of advertising can have economic signaling value that does help build trust, but only if the medium is set up for it. (Fixing digital ads to pull their weight and fulfill the signaling role of advertising is a hard problem, and I should bug Rory Sutherland some more about how to solve it.)

Privacy tip: mobile apps

Native apps can track you in ways that web sites on a well-behaved browser can't. In-app browsers inject JavaScript. Apps contain tracking SDKs. Privacy filters are limited.

Banning TikTok is a start, but all apps containing the TikTok SDK are TikTok, as far as harvesting your info goes. And other apps and/or SDKs could be sharing your info with other people you don't want it shared with. There are a few ways to deal with surveillance apps.

  • Delete your account

  • Switch to using the service on the web

  • Limit your use of the app (For example, make a habit of checking Signal before you check surveillance apps, so people learn that it’s a better way to reach you.)

Remove all the surveillance apps from your phone that you can. This doesn't necessarily mean cut off people who you can only reach on a surveillance app.

What do you think? The more you tell, the more you sell, right?

Social connections mean you live longer, so apps required to communicate with friends and family are worth spending some of your personal "privacy risk budget" on. In general it's better to accept some risks on social connections and collaborating, but be stricter when it comes to shopping and entertainment.

Good news: privacy is on the way up

Right now we're in the middle of some positive privacy trends: more effective enforcement of existing privacy laws and regulations, more interest in new ones, and some software improvements that make some kinds of tracking harder. Here in California, some recent news includes

  • the Sephora case, which makes it clear that common surveillance marketing practices are sales under the CCPA

  • the Attorney General's office has been clarifying rules on Global Privacy Control, and doing a sweep of law-breaking apps

  • CPPA, the new privacy agency, is starting up

State privacy law map More states are probably going to get privacy laws this year, so those outside California will be able to join in.

We have some advantages if we sound like we know what we're doing. Surveillance and the attitudes underlying it are not changing right away, but you can shift things if you approach each action with something easy for the other end to do, and act like you know what you're doing. They're going to balance the time required to act on your privacy mail against the risk of not acting on it, and if the risk looks big enough, easier to do the right thing.

screenshot of "watchdog groups will test the law"

Enough of those and we shift the relative expected payouts of surveillance and non-surveillance investments. (Like RCRA got many companies to just cut down on hazmat instead of dealing with the required record-keeping.)

Privacy tip: mobile phone settings

Check your phone settings. On Apple iOS there are two settings for surveillance ads: one for most companies' ads, and one for Apple's own ads. Don't forget to check both. (Yes, you probably have to scroll down for the second one. Well played, Apple.)

  • In Settings, go to Privacy & Security, then Tracking, and make sure Allow Apps to Request to Track is turned off.

  • Also in Settings under Privacy & Security, find Apple Advertising and make sure that Personalized Ads is turned off.

On Android, you can open Settings, go to Privacy, then Ads and select Delete advertising ID.

More info: How to Disable Ad ID Tracking on iOS and Android, and Why You Should Do It Now | Electronic Frontier Foundation

The kind of ad that privacy nerds get

If you get these settings right, your mobile app ads will get really crappy, really fast, but you're limiting mobile time and maximizing web time, right?

General principle: trying to herd the money away from the worst places.

We said we would try to retrain the surveillance business.

Address the worst practices first. Doing the easy stuff first can create the wrong incentives. That's why I put YouTube first here. Then level up your privacy skills and toolset.

Level 1: mix of effective and ineffective privacy practices and tools

Level 2: effective privacy practices and tools

Level 3: effective practices and tools applied in an effective way

Remember you are not going to be able to get individual protection that's meaningful while still participating in society. It's more about driving transformation.

Privacy tip: Google Chrome

This is a big year for Google Chrome.

  • Manifest v3: coming next year, will limit the ability of content blocking extensions to block dynamically. On the Google Chrome browser, ad blockers, along with tracking protection tools that work in a similar way to ad blockers, will soon be limited in what they can do. If your chosen privacy tools and settings are not going to be supported, you might have to switch browsers. Browser compatibility has gotten a lot better recently, so if you switched because a site you like was broken on your old browser, please check it again. (This may or may not affect other Chromium-based browsers.)

  • Privacy Sandbox: a variety of projects, including a mix of some actual privacy features, one big on-browser ad auction (an ambitious project) and some anti-competitive shenanigans. It looks like 2023 will be the summer of double ad JavaScript on Google Chrome: you'll still have the old cookie-based stuff, but you'll also have an experimental ad auction running inside the browser.

Because Google both competes as an adtech intermediary and releases a browser, antitrust concerns mean they have to try to make the browser fair to all the other adtech intermediary companies they compete with. This is now the subject of an ongoing investigation by the Competition and Markets Authority in the UK. James Rosewell, CEO and founder of a mobile data company called 51Degrees, started a long, complicated process.

If you do decide to keep Google Chrome, there is a bunch of brouhaha about the impending end of third-party cookies, but you can turn them off today without breaking much, if anything. (Sites already have to support browsers that don't do third-party cookies.) From the Ad Contrarian newsletter:

  1. Open the Chrome browser. Click the three dot thing in the upper right corner.
  2. Click "Settings"
  3. In the left column click "Privacy and security"
  4. Click "Cookies and other site data"
  5. Click "Block third-party cookies"

Google Chrome also has new in-browser advertising features, confusingly lumped in Privacy Sandbox. Check chrome://settings/privacySandbox.

Topics API preferences

The text in this settings screen is not especially helpful. Google's "Topics API" is a general-purpose system to categorize users based on sites you visit. There's nothing about it that's limited to ads. Will probably be more useful for price discrimination, and worse, helps incentivize deceptive practices to drive web traffic. (Looks like that message is in open-source Chromium, so filed an issue. Anyway, if you have Google Chrome, turn this off.

The attribution tracking chain

Attribution tracking chain

This is an oversimplified chart, but it's a good start for learning about the "attribution tracking" chain and how to break it.

If you break the link between surveillance data on what you buy and surveillance data on what ads you saw, then it's harder to justify investments in surveillance advertising— remember, we're trying to move money from surveillance to other investments here.

That's the main reason why you have YouTube on a browser container that is never used for anything else. It interferes with the attribution link between a video view and a sale.

Privacy tip: remember to vote

California has the CPRA because people voted for Proposition 24 in 2020. The CPRA isn't perfect, but voting made a difference. While you're voting, please don't eliminate a candidate from consideration just because they're using the big surveillance platforms. They're hard to avoid completely. In today's environment it's generally better to make a little progress than to achieve privacy purity but lose the actual election.

Breaking the chain: where?

Once you have a mental model of the attribution chain you can allocate your time most effectively.

  • Software tools are usually lower effort but shorter range: they can protect an activity like a web session but can't reach out to affect server to server communications.

  • Legal tools can reach out further, but are higher effort. And companies don't always comply.

Different surveillance threats can be addressed at different levels. In general, earlier and more automated is easier, but legal tools have a longer reach, since they can touch systems that you don't have a network connection to, and that automated tools can't see.

Here's a list of places to make a difference, from earliest to latest.

  • Don’t do a trackable activity (example: delete a surveillance app, don’t visit a surveilled location)

  • Don’t send tracking info (example: block tracking scripts)

  • Send tracking info that is hard to link to your real info (examples: use an auto-generated email address system like Firefox Relay, or churn tracking cookies with Cookie AutoDelete)

  • Deny consent or send an opt out when doing a tracked activity: Global Privacy Control

  • Object, exercise your right to delete, or opt out later, after data has been collected but before you are targeted (CCPA Authorized Agents, RtD automation tools like Mine)

Privacy tip: CCPA script

Delete your info from the largest surveillance firms. Here's a partial list. Later on we'll cover how to make a personalized list based on who has info on you.

I do these pretty quickly with Mutt and shell.

    ccpa privacy@example.com

The script is here: CCPA opt out, nerd edition

The sample letters, as templates, are in this privacy-docs Git repository.

Teaching the escalation path:

If you're protected from a company by automated tooling, you can mostly relax.

If they accept a GPC, almost as good. Remember that GPC applies to all uses of your information, not just the current session.

Manual opt outs are where things start to get time-consuming. Most opt outs are either not compliant, or take advantage of loopholes in the regs to make you do extra work.

If they give you any grief on an opt out, and make opt-out as hard as a "right to know" (Rtk), then go ahead and escalate to an RtK. According to one study, a manual RtK can cost a company $1400 to handle.

Then if they give you grief on your RtK, you can file a complaint with the AG.

Be patient. Right now there are way more companies that have your personal info than companies that have a qualified CCPA manager. Be patient, and remember, any individual request might end quickly or turn into a long thread. The object is to change the expected payoffs for investments in surveillance relative to other investments.

Privacy tip: keep your Facebook account

Why does it matter if a company is sending my info to Facebook if I never log in to Facebook (or related sites?)

Just as the lowest point on a toxic waste site is generally a good place for a sampling well to check the progress of remediation, Facebook is a good place to sample for your personal info. It's a low point to which most of the firms who have your info will eventually share it.

Remember, get a Facebook account, but don't install the mobile app.

  • click on your face

  • select Settings and Privacy from the menu, then Settings

  • Select "Ads" on the left column

  • Under "Ad Preferences" select Ad Settings

(We're getting close...)

  • Select "Audience-based advertising"

Facebook ad settings

  • Now scroll down and select "see all businesses"

You're probably going to get a lot of these. Let's have a look at a few.

Facebook audience examples

First is a store where I actually bought something. Facebook's biggest advertiser at one point.

Then a DTC retailer that I've never heard of. Who sold them a list of "hot prospects?" I remember when this list used to be all car dealers.

Then two surveillance marketing companies—they can get a Right to Delete.

Finally another retailer, wait a minute, I haven't bought from this one either. The closest I have come to this one is the year that they had the LinuxWorld conference and the Talbots managers meeting at the same convention center in Boston. Remember, surveillance marketing and scam culture are two overlapping scenes—you can often see when a legit company has been sold a customer list that isn't. (maybe the scammer who got the car dealers has moved on to retailers?)

Facebook health ad

Of course, while you're there, building a list of who to send opt outs to, don't buy anything from the ads.

Privacy tip: Browser checkup

Remove extensions you aren't sure about. A lot of spyware and adware gets through.

Run the EFF checkup tool, "Cover your Tracks". Sad but true: the more custom your Linux setup is, the more fingerprintable you are. Technical protections won't cover you, browser protection needs to combine the technical and the legal.

Turn on Global Privacy Control. This will automate your California do not sell for sites you visit. Still not supported everywhere, but will have more effect as more companies come into compliance and more jurisdictions require companies to support GPC.

Content blocking. This next one is a tricky subject, so I'm not going to say anything about it. I'll just quote the FBI's public service announcement, Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users.

FBI Public Service Announcement on search advertising

FBI scam protection tips

It all comes back to scam culture. Be warned when looking for an ad blocker on browser extension directories. A lot of them are spyware or malware.

Some privacy extensions I use include:

Browser extensions part 1

  • ClearURLs to remove tracking parameters from URLs, and often speed up browsing by skipping a redirect that's just there for tracking.

  • Cookie AutoDelete. Cleans up cookies after leaving a site. Not for everyone—it does create a little extra work for you by making you log in more often and/or manage the list of sites that can set persistent cookies. But it does let you click agree with less worry since the cookie you agreed to is going to be deleted.

  • Facebook Container because, well, Facebook.

Browser extensions part 2

  • NJS. This minimal JavaScript disable/enable button can be a good way to remove some intrusive data collection and growth hacking on sites where the real content works without JavaScript.

  • Personal Blocklist is surprisingly handy for removing domains that are heavy on annoyances and surveillance, but weak on actual information, from search results.

  • Privacy Badger blocks tracking scripts and will also turn on Global Privacy control for you, by default. This will not have much of an impact right away but will start to do more and more as more companies come into compliance. (More companies are required to comply with California privacy law than there are people who understand how to comply California privacy law.)

These are relatively new, still getting more and more effective as more companies come into compliance.

If you have tried an authorized agent service in the past and gotten nowhere, try again. Because of the Sephora case last year and the enforcement sweep this year, companies are staffing up. And hey, if you have made it this far, you could probably qualify for one of those privacy manager jobs.

Hope to see you at SCALE next year.

Conference program listing

Most of us have built up a collection of privacy tools, including browser extensions, settings, and services. But privacy threats keep changing, while at the same time new kinds of tools and services have become available. This talk will help maximize the value of your privacy toolset for today's best options, while helping you plan for the future.

Not only can you protect yourself as an individual, but your choices can help drive future investments away from surveillance into more productive areas. (Surveillance marketers and their investors think they can train us -- but with the right tools we can train them right back.)

Today most of us are at level 1 or 2 on privacy.

Level 1 You do something about privacy and take a mix of effective and ineffective actions

Level 2 You take mostly effective actions, but don't allocate your time and resources for maximum effect

Level 3 You take effective actions, efficiently selected and prioritized

Ready to level up? Now that California law codifies our right to check out how our personal information is shared, that means we have an opportunity to optimize our privacy toolkits and habits, and focus where it counts. We'll cover:

  • Ad blocker myths and facts, and why the surveillance marketing business loves some ad blockers

  • The most important privacy extensions for most people (and they're not what you'd think)

  • Corporate surveillance about you that never touches your device, and how to reach out and block it

  • Don't use the law on a problem that a tool can solve faster, but don't try to stretch a tool to solve a problem that needs the power of the law

  • Where to add extra protection for special cases

Each of your individual privacy choices has a bigger impact that just the protection that it provides for you. In the long run, your real impact will be not so much in how you’re protected as an individual, but in how you help drive future investments away from surveillance and toward more constructive projects.

How Can Advertisers Stop Funding Piracy? Block Sellers, Not Domains

This Is What Happened When I Tried Using AdChoices (Spoiler: It Didn’t Work)

Notes on Privacy Extremism

The Cookie Mullet

WTF is the global privacy control?

Big changes coming for GDPR enforcement on Big Tech in Europe?

Websites Selling Abortion Pills Are Sharing Sensitive Data With Google

The Triumph Of Safari, by Magic Lasso

Google to SCOTUS: Liability for promoting terrorist videos will ruin the Internet

Schools sue social networks, claim they “exploit neurophysiology” of kids’ brains

use a Large Language Model, or eat Tide Pods?

31 December 2022

The current hot Internet trend is large language models (LLMs). Before that it was NFTs, and before that it was eating Tide Pods. I know that these things go in cycles, but perhaps this hype cycle may have moved on too quickly, and there may be some advantages to the previous generation. Let's compare.


  • Tide Pods are available from many sources including online retailers, supermarkets, and convenience stores.

  • LLMs require substantial training investment, so are available from a limited number of sources at present.

  • Advantage: Tide Pods

Mitigating the adverse effects

  • The health effects of eating Tide Pods are already well understood. Poison control center staff members are already trained in this area, and are reachable quickly with a convenient toll-free call.

  • Fixing the results of actions taken based on LLM output could require specialized knowledge that presents challenges in training and/or hiring.

  • Advantage: Tide Pods

Time required

  • Tide Pods can be eaten in seconds, with or without chewing.

  • LLMs can produce text faster than most humans can read it, so may represent an open-ended time commitment.

  • Advantage: Tide Pods


  • After you have learned not to eat Tide Pods, the rest of the pods in the package are useful for laundry.

  • Clearly useful applications of LLMs remain to be discovered.

  • Advantage: Tide Pods

Educational value

  • Eating Tide Pods helps teach you not to believe everything you find on the Internet

  • LLMs help teach you not to believe everything you find on the Internet

  • Advantage: (tie)

This objective evaluation shows that organizations considering investing in LLMs should also consider, as an alternative, eating Tide Pods, which may be a technical direction that is faster and less costly to evaluate. Winding down from an investment in a hot technology is always challenging, but will likely be more manageable for organizations that did not buy in at the top—where LLMs are today and NFTs were last year—but instead consider the lessons to be drawn from organizations that are now ending NFT projects, and increase the ratio of learning to both cost and risk by choosing a better characterized technology.

Don't eat Tide Pods. Don't believe everything you read on the Internet. Don't eat Tide Pods.

Damn girl, look at this confirmed list

How Putin’s war and small islands are accelerating the global shift to clean energy, and what to watch for in 2023

⌥ User Stylesheets Are Still Pretty Great and Should Be More Widely Supported

The internet is up for grabs again

User Generated Content and the Fediverse: A Legal Primer

I drove for Lyft for a week and learned its business model is broken

This is the year of the RSS reader. (Really!)

The hidden upside of tech layoffs

Porn, Piracy, Fraud: What Lurks Inside Google’s Black Box Ad Empire

Cross-context behavioral advertising is ‘sale.’ It is time to get over it.

The Unbearable Uselessness of Crypto

“Judas goats” were once key players in meatpacking plants

Junkware is Elder Abuse and a Menace to Society

How Google’s Ad Business Funds Disinformation Around the World

Legacy Cities: an extended remix of my talk at PopTech 2022

We’re going to need a lot of solar panels

The Improbable Rise and Savage Fall of Siegfried & Roy

a survivability onion for privacy tools?

29 October 2022

This is intended to be part 1 of a series of notes on figuring out how to apply Integrated Survivability Assessment, or something similar, to personal privacy protection.

Starting with some good news. There are several versions of the Survivability Onion but most appear to be US government work and so not copyrighted. I'm going to borrow it because it looks like a good starting point for setting priorities for designing a privacy tools and and services stack. Yes, in the long run, the real impact of individual privacy measures will be not so much in how you’re protected as an individual, but in how you help drive future investments away from surveillance and toward more constructive projects.

It would be good to get more privacy people leveled up:

Level 1 mix of effective and ineffective actions

Level 2 effective actions, but applied haphazardly (this is about where I am now)

Level 3 effective actions, efficiently selected and applied

If you want privacy, prepare for surveillance? All right, onion time.

Integrated SoS Survivability Onion chart, showing layers: pre-emptive encounter, pre-emptive kill,
  avoid/prevent encounter/exposure, avoid detection, avoid targeting, avoid engagement, avoid hit/application, avoid kill

A survivability onion is a way to visualize layers of protection. From Integrated Survivability Assessment:

The separate and independent “layers” of functions, which the threat has to “penetrate” to kill the system in a typical engagement, are most often represented mathematically by independent probabilities; thus, the overall probability of survival is the product of the independent component probabilities.

Since you have limited resources when designing an armored vehicle or whatever, you can apply your limited weight and money budgets to the most effective combinations of layers. The object is to maximize the probability of survival, which is the product of the probabilities of the attack getting through each layer.

And hey, that sounds familiar. We have a limited amount of time, money, and political juice for privacy stuff too. I think we can visualize the protection options in a similar way. Here's a first attempt at a survivability onion for a personal privacy stack, with some examples of what fits into what layer.

  • Don't do a trackable activity (delete a surveillance app, don't visit a surveilled location, boycott a vendor)

  • Don't send tracking info (block tracking traffic, either by using a tool like Disconnect to keep a tracking script from loading, or using a network filter like Pi-hole to prevent tracking SDKs from communicating with their hosts)

  • Send tracking info that is hard to link to your real info (use an auto-generated email address system like Firefox Relay, churn tracking cookies with Cookie AutoDelete)

  • Object or opt out when doing a tracked activity (Global Privacy Control)

  • Object, exercise the right to delete, or opt out later, after data has been collected but before you are targeted (CCPA Authorized Agents, RtD automation tools like Mine)

So that's step one—define the layers of the onion.

Next step: assessing threats. (Will add a link here soon.)

Devs: It’s Time to Consider IPFS as an Alternative to HTTP

The Remote Control Killers Behind Russia’s Cruise Missile Strikes on Ukraine

Keep your family’s internet private with Total Cookie Protection on Firefox

Collections: Strategic Airpower 101

Google Ads has become a massive dark money operation

Rent Going Up? One Company’s Algorithm Could Be Why.

honest answer to a CCPA email

09 October 2022

(When privacy people send an opt-out, RtK, or RtD, you have to acknowledge it. May never see them again, so why waste the opportunity? This is a draft of a letter to include with the response. Might not get this approved as is, though.)

Dear [name],

This attachment does not contain any information specific to you or any legally required information.

Still reading? Good. First of all, I want to wish you well on your privacy quest. I hope that you will return and check out our company someday in the future, when all this corporate surveillance stuff is over.

Sometimes, when you're installing and configuring privacy protection tools, or taking actions like the request you sent to us, it can feel like you're barely making any progress. But each of your individual privacy choices has a bigger impact that just the protection that it provides for you. In the long run, your real impact will be not so much in how you're protected as an individual, but in how you help drive future investments away from surveillance and toward more constructive projects.

Please keep doing what you're doing. You're not just making a better society, you're helping me. If creepy surveillance works less well as a way to reach you, then I won't have to deal with as much creepy surveillance at work. And the less that creepy surveillance matters on the company side, the less risk and work for you. We can help each other out here.

Nobody has time to do every possible privacy tip. From the inside of the corporate surveillance business, I have a pretty good point of view to see what works best. From what I can see, here are some of the steps that you can take that look like they will be most effective over the next year or so.

Remove surveillance apps from your phone. This includes not just the obvious ones (Facebook, Instagram, and WhatsApp are all one company, and we all know about TikTok by now) but also a lot of other apps that have surveillance built in. It's hard to tell which apps are feeding into which data practices, so in general it's best to just keep the number of apps down.

If you know people who are only reachable on a surveillance app, you can't always completely switch away. Some options:

  • Remove the mobile app, but continue using the service from a trustworthy browser.

  • Keep the app but avoid adding new contacts. Add new contacts on Signal.

  • Make a habit of checking Signal before you check surveillance apps, so people learn that it's a better way to reach you.

Check your phone settings. On Apple iOS there are two settings for surveillance ads: one for most companies' ads, and one for Apple's own ads. Don't forget to check both.

  • In Settings, go to Privacy & Security, then Tracking, and make sure Allow Apps to Request to Track is turned off.

  • Also in Settings under Privacy & Security, find Apple Advertising and make sure that Personalized Ads is turned off.

On Android, you can open Settings, go to Privacy, then Ads and select Delete advertising ID.

These settings are only one layer of protection. Both iOS and Android have a lot of apps with other surveillance techniques—so get rid of extra apps when possible. Source: How Mobile Phones Became a Privacy Battleground—and How to Protect Yourself

Turn on Global Privacy Control. This will automate your California do not sell for sites you visit. Still not supported everywhere, but will have more effect as more companies come into compliance and more jurisdictions require companies to support GPC. A lot of companies are still violating the law in the same ways that one major retailer did, but expect GPC to have more effect in the near future. More info on the Global Privacy Control site.

Privacy Badger will turn on Global Privacy control for you, by default. This will not have much of an impact right away (I'm adding this update in December 2022) but will start to do more and more as more companies come into compliance. (More companies are required to comply with Caliornia privacy law than there are people who understand how to comply California privacy law.)

Delete your info from the largest surveillance firms. Since you sent us a CCPA email, you're probably already working on this, but just in case:

Both California and Vermont have data broker lists, so you can make a copy of the full list and work your way down, or try one of the services that does Right to Delete for you. (A lot of surveillance firms are still not complying with the law, so will contact you even if you use an authorized agent service. For now, if you are good with mail and shell scripting it can sometimes be faster to send Right to Delete mails directly once you get a system going.) The agent services are promising and making progress. Consumer Reports Permission Slip is easy and worth a try. (I worked on the original research and processes leading up to this one.)

Check your browser. This is especially important if you have an ad blocker. Some sources recommend an ad blocker as a privacy tool, but it's not that simple. Many ad blockers are either adware, or contain a paid allow-listing scheme that allows tracking by default. Visit EFF's Cover Your Tracks to run a test.

If you use YouTube a lot, it's probably a bigger surveillance risk than most random sites. Put YouTube in a separate browser profile to limit tracking, or even use it from a different browser. (That's a link to a set of tips that won't just limit tracking—you can also get rid of auto-play and recommended videos to limit the YouTube rat-hole effect.)

On the Google Chrome browser, ad blockers, along with tracking protection tools that work in a similar way to ad blockers, will soon be limited in what they can do. See Ad blockers struggle under Chrome's new rules. If your chosen privacy tools and settings are not going to be supported, you might have to switch browsers. (Browser compatibility has gotten a lot better recently, so if you switched because a site you like was broken on your old browser, please check it again.) Once your browser passes the EFF test (you might have to install Privacy Badger to do it) you are probably good for most purposes. In case you're interested, some helpful privacy extensions include:

  • Cookie AutoDelete. Cleans up cookies after leaving a site. Not for everyone—it does create a little extra work for you by making you log in more often and/or manage the list of sites that can set persistent cookies. But it does let you click agree with less worry since the cookie you agreed to is going to be deleted.

  • Facebook Container because, well, Facebook.

  • Link Cleaner. Get rid of tracking parameters in URLs, and speed up browsing by skipping data collection redirects.

  • NJS. This minimal JavaScript disable/enable button can be a good way to remove some intrusive data collection on sites where the real content works without JavaScript.

  • Personal Blocklist is surprisingly handy for removing domains that are heavy on annoyances and surveillance, but weak on actual information, from search results.

If you do decide to keep Google Chrome, there is a bunch of brouhaha about the impending end of third-party cookies, but you can turn them off today without breaking much, if anything. (Sites already have to support browsers that don't do third-party cookies.) From the Ad Contrarian newsletter:

  1. Open the Chrome browser. Click the three dot thing in the upper right corner.
  2. Click "Settings"
  3. In the left column click "Privacy and security"
  4. Click "Cookies and other site data"
  5. Click "Block third-party cookies"

Google Chrome also has new in-browser advertising system, confusingly called Privacy Sandbox. Find it at chrome://settings/privacySandbox and turn it off, or find it in Settings. Source: Here's how to opt-out of Google Chrome's Privacy Sandbox (FLoC) trials)

Finally, remember to vote. California has the CPRA because people voted for Proposition 24 in 2020. The CPRA isn't perfect, but voting made a difference. While you're voting, please don't eliminate a candidate from consideration just because they're using the big surveillance platforms. They're hard to avoid completely. In today's environment it's generally better to make a little progress than to achieve privacy purity but lose the actual election. Thank you for reading, and see you on the other side of the surveillance mess. We'll get there.

notes on chapter 6

I Scanned the Websites I Visit with Blacklight, and It’s Horrifying. Now What? – The Markup

Disconnect Research Featured by Consumer Reports: TikTok Tracks Your Sensitive Web Activity, Even if You Don't Use TikTok

Mozilla reaffirms that Firefox will continue to support current content blockers

Data brokers and scammers team up to target the elderly, vulnerable

A showdown between an ad tech firm and the FTC will test the limits of U.S. privacy law

Facebook Engineers: We Have No Idea Where We Keep All Your Personal Data

A Free Period-Tracking App That Doesn’t Sell Your Data, by Naomi Kresge, Bloomberg

YouTube algorithm pushed election fraud claims to Trump supporters, report says

California Attorney General Announces $1.2 Million CCPA Settlement With Sephora Amid Ongoing Enforcement Sweep

Websites Can Identify If You’re Using iPhone’s New ‘Lockdown’ Mode, by Lorenzo Franceschi-Bicchierai, Motherboard

GPC and the CCPA F.A.Q.


07 October 2022

Don't forget to move the cat! It's street sweeping day on our side of the street.

On my old Android phone, I once made an alarm for move car on street sweeping day. But I did a typo, so I used to get alarms about moving the cat. We don't have an actual cat, but it's now an in joke here anyway. Did you move the cat? Meow! It's just one of those things. And now I miss my old phone.

I miss it, but it's right here. I just picked it up. If I turned it on, I would be able to visit a web site, or take a picture, or whatever. All the hardware is in perfect working order. But I can't take the risk of actually using it for all the stuff that people expect me to use a phone for, because it's no longer getting software updates. And of course we all agree that it's important to keep your devices updated. The updates stopped, so I switched phones. (Yes, I had to abandon my plan for an all USB-C device collection and buy some Lightning cables.) I had a useful thing that I had to turn off for the last time.

I still have my old phone, but I don't have it in a way that matters, in a way that I could really use it. It's satisfying to keep a useful thing working, and the opposite of satisfying to put something in the e-waste box, or worse, the maybe for projects later stack. I know that Google has no legal obligation to me, there's NO WARRANTY, that's life in the big city. I shouldn't care, right? It's just a phone. Somebody at Google nailed one of their OKRs by letting my old phone go out of support. They won. I lost.

Topics API notes and links

10 September 2022

(Update 14 Sep 2022: add non-sensitive but possibly user-unacceptable use cases)

Some notes on how Google Topics API is likely to affect various web stakeholders, in order by priority of constituencies. Numbered links are to issues in the GitHub repository.

31 Jan 2023: Google has made a commitment to the Competition and Markets Authority in the UK that Google Search will not use a site's decision to opt-out from the Topics API as a ranking signal.


  • Topics API rewards deceptive sites and traffic sourcing practices. Topics API leaks valuable audience data from one site to another. As I wrote on AdExchanger, this is a problem that it shares with third-party cookies—enabling the monetization of low-value sites of little interest to users. As the proposal currently stands, any site that a user can be tricked into visiting, or that their device can be manipulated into visiting, is in a position to collect ad revenue based on Topics API data that the browser supplies.

    Topics API gives people an additional incentive to create deceptive sites and drive traffic to them by deceptive or harmful means. Operators of deceptive sites will see users as Topics piñatas—hit them with something like email spam or a deceptive link, get them to drop valuable Topics, profit. Technically this is no worse than third-party cookies, but third-party cookies are on the way out for a reason, and Topics API is positioned as a longer-term thing.

  • Topics API enables price discrimination. Topics API would help retail, travel, and other sites identify more or less price-sensitive users based on their interests. And Topics API is more likely to be used for personalized pricing than other data sources, because it looks safer. Many existing sources of data, such as geolocation or device info, might be correlated with membership in legally protected groups of people. However, Topics API is carefully intended not to be tied to sensitive information, which lowers the perceived risks of using the API for personalized pricing. (see #34)

    Topics API discrimination does have some public sector uses that might be acceptable in some jurisdictions but not others. Users in the USA might accept the TSA using Topics API to optimize passenger screening, the IRS using it to select taxpayers for audits, or the CDC using it for public health data collection. But some other countries might use it for purposes that are not acceptable to some users there.

  • Topics API could reveal sensitive information or identify individuals in combination with other data. Some privacy concerns for users are covered in a blog post from DuckDuckGo.

Some uses of Topics API outside the conventional publisher/advertiser use cases would be more or less acceptable to users, even if Topics API is successful in removing the ability of a caller to detect a sensitive user characteristic.

Some jurisdictions might require use of a public-sector caller by sites—so not all callers are necessarily chosen or approved by the first party.

  • HMOs or public health services classifying patients by healthy/unhealthy habits

  • LMSs classifying diligent and distracted students

  • Tax authorities classifying likely big-spending users for tax audits

There are some users who prefer personalized advertising, about 31-36% of them, but a future personalize my ads feature would need to be designed to avoid user harms that would affect both personalizers and non-personalizers.

Web page authors

  • Topics API enables leakage of audience information across sites. The main beneficiaries of Topics API audience data leakage would be sites that advertisers would not choose to support, along with the adtech intermediaries that enable them. Ad revenue that goes to sanctioned, copyright-infringing, brand-unsafe or other problem sites is not available to the authors of legit web pages (and a waste for advertisers, but they're not on the list of constituencies that I'm using). Cross-site data leakage is a problem for users because of the incentives covered above, but also a problem for legit web sites because of revenue. (And yes, it is better for users when ad revenue goes to sites they like, and not sites they got tricked into clicking through to.)

  • Topics API is biased in favor of large, general-interest sites. Topics API assigns only one or a few topics to each domain. A niche site that covers one or a few topics would provide significant commercially valuable data to the system, while a large site such as YouTube, that covers every topic, would provide no usable information. This is a pretty obvious problem for competition policy, so I'm kind of surprised they left it in.

  • Topics API encourages consolidation of third party services. The more sites that a third-party service runs on, the more useful information it can collect from Topics API. Since an individual site can't get usable information out of Topics API, sites will have to A/B test different combinations of third-party iframes as callers. Sites will keep callers that provide more good Topics, and drop others. After repeated cycles of A/B tests, where callers that get dropped by one site start providing worse data to other sites and get dropped there too, we would be left with one domain doing all the Topics API calls. (see #82) This is also a pretty glaring antitrust issue.

The Topics API README states that,

One of (Interest-based advertising)’s benefits is that it allows sites that are useful to the user, but perhaps could not be easily monetized via contextual advertising, to display more relevant ads to the user than they otherwise could, helping to fund the sites that the user visits.

This goal can be achieved without the extensive leakage of site audience data made possible by Topics API. Seller-Defined Audiences is an alternative that would give a data gatekeeper role to sites that produce trusted content, which would help avoid creating incentives to harm users and increase revenue opportunites for web publishers that users trust.

Web authors and publishers might be able to ameliorate some of the effects of Topics API by, for example, opting out their signed-in users, or opting out of Topics API data collection entirely until YouTube channels are treated as separate areas with their own topic sets, on an equal footing with domains (see #17).

Update 31 Jan 2023: The SEO problem is fixed. (Opting Out Of Google’s Topics API Won’t Affect Search)

User agent implementors

User agent implementors have limited developer and tester time available to implement and support new features. All software projects must leave some good ideas un-implemented in order to devote time to the features they decide to do. And as the feature set of a browser grows, so does the required ongoing maintenance. Choosing to implement and support Topics API, even for a large company, would mean failing to do a useful feature. Some Google Chrome features are good, and out ahead of other browsers. It would be a waste to keep putting time into this one.

From WebKit standards positions: The Topics API · Issue #111

A Privacy Analysis of Google’s Topics Proposal by Martin Thomson at Mozilla

W3C TAG review

'Likely to cause substantial injury:' Why the FTC put Kochava in the spotlight

You’re being tracked through your email. Here’s how to stop it.

Apple Already Decimated Meta’s Adtech Empire. Now, It’s Honing In On Facebook's Advertisers, Too., by Shoshana Wodinsky, MarketWatch

Inside Fog Data Science, the Secretive Company Selling Mass Surveillance to Local Police

We disabled Google AMP at Tribune Publishing

AADC compliance questions for small web sites

28 August 2022

(update 31 August 2022: third-party analytics for option 2?)

I am not a lawyer, and this is not legal advice. I'm just trying to figure out what would be the right questions to ask a California lawyer about how a small or medium web site can comply with AB-2273: The California Age-Appropriate Design Code Act, if it becomes law. What would be the available options?

This is not about apps, games, services that develop a lot of their own code, platforms, or UGC forums. See California Legislators Seek To Burn Down The Internet — For The Children by Eric Goldman for some questions on those. Compliance issues for games, especially those with an in-game economy, will be a lot more interesting. This is just about regular web sites that have unique content, but pretty generic functionality.

Will fill in with more info as I learn it.

Option 1: Don't be a business as defined by CCPA/CPRA. A CPRA business has to have at least one of the following:

A) annual gross revenues in excess of $25,000,000

(B) annually buys, sells, or shares the personal information of 100,000 or more consumers or households

(C) Derives 50 percent or more of its annual revenues from selling consumers’ personal information.

Typical RTB web ads, as used by a small/medium site, are based on sale of personal info by the CCPA/CPRA definition. Some other third-party tools, like comments and social widgets, also sell info on the users. So if we get 100,000 or more normal ad users in a yearyear, not month (that is, visitors who are not blocking trackers or opting out of sale), then a for-profit site is a CCPA/CPRA business, and required to comply with AADC. And if we have fewer than 100,000 annual users but make half our money or more from RTB ads, we're also a business.

Option 1A: don't run the site as a for-profit business: start or find a non-profit org to own the domain and assets

Option 1B: stay under $25 million in revenue and either don't run any RTB ads or third-party resources, or shut them down for the year after 99,999 visitors saw the ads.

Option 1C: (and this is where it gets tricky, do not know if this would work) Stay under $25 million, run RTB ads, but do all the right legal and configuration incantations to put all third parties on the page into a mode where no sale is happening. Basically treat all the users as if they had done a CCPA opt out. Does this work?

Or could we combine 1B and 1C, and flip the ads to opt-out mode after 99,999 users in a year?

Option 2: don't make the site likely to be accessed by children. That's a hard one. Likely to be accessed by children can be any of these:

(A) The online service, product, or feature is directed to children as defined by the Children’s Online Privacy Protection Act (15 U.S.C. Sec. 6501 et seq.).

(B) The online service, product, or feature is determined, based on competent and reliable evidence regarding audience composition, to be routinely accessed by a significant number of children.

(C) An online service, product, or feature with advertisements marketed to children.

(D) An online service, product, or feature that is substantially similar or the same as an online service, product, or feature subject to subparagraph (B).

(E) An online service, product, or feature that has design elements that are known to be of interest to children, including, but not limited to, games, cartoons, music, and celebrities who appeal to children.

(F) A significant amount of the audience of the online service, product, or feature is determined, based on internal company research, to be children.

The tricky part here is that COPPA children (under 13) are different from AADC children (under 18). Trying to comply by making a site not likely to be accessed by children might work if we were talking about COPPA-age children, but under-18s? People that age had better be reading about a lot of different stuff— they're going to be voting soon. (Is the webcomic Terminal Lance likely to be accessed by children because it's of interest to 17-year-olds thinking about joining the Marine Corps when they graduate from high school?)

Option 2 looks like a dead end. We might start off thinking we're not running a kids site, but no site maintainer can know if their niche topic is going to get covered in a MOOC, a YouTube video, a Discord or Reddit thread, or whatever, and all of a sudden the site becomes a must-visit for teenage users. (which is not a bad thing, right? Hey, kids, go get prepared to win Internet arguments about Sparta.)

There might be a way to do option 2, if the site has a third-party analytics provider that has age information. Would an aggregated report on the site audience be good enough to claim that the site is not likely to be accessed by children? If a site could rely on this, then that would let you leave RTB ads in normal mode and not do any of the remaining compliance stuff.

All right, let's keep going. If option 1 didn't work, and we don't have a way to show that the site is not likely to be accessed by children, then maybe we actually have to do DPIAs, plus either age estimation or put every user in the max privacy protection category.

An independent site is probably going to be running WordPress or some other open-source or SAAS WCMS. So we're likely going to be able to ask around and borrow mostly workable DPIAs from open source (like sites can borrow the WordPress privacy policy today) and we will get sent DPIAs by every ad network or third-party service that we're signed up for. More paperwork, but should be something that can be dealt with. (Hosting providers and ad services might add DPIA management to their service packages, too.)

Age estimation is not age verification (no, you won't have to pay a creepy vendor owned by a pr0n site to track your users, if this becomes law somebody else will launch a lower-risk estimator service) but it's still an extra piece of code to add. But it looks like this is a task that third party service(s) will either tell sites how to do and check up on, or do themselves. (We won't have to do it if we were able to use Option 1.) If a site kept running RTB ads and didn't either (1) put the ads in opt-out mode for everybody or (2) start running age estimation, then all the third-party services would be taking a compliance risk. It's going to be like having to get a CMP, right?

Impact on the future of web ads?

It looks like the options for most sites will be

  • remove RTB ads and other third-party resources that count as a sale or share

  • put all third parties into opt-out mode for all users maybe???

  • rely on 3rd-party analytics to prove that the site is not likely to be accessed by children maybe???

  • Do DPIAs (copied from the same open source projects as site code?) and turn on whatever age estimation service the third parties will require.

This is extra work for legit sites, but I'm cautiously optimistic about the big picture here. The first rule of understanding the impact of a proposed tech standard or regulation is that you can't just look at the likely impact on small legit sites—you have to look at the relative impact on small legit sites compared to the impact on harmful sites/apps/channels (scrapers, terrorists, etc.) and the third parties that enable them. In this case, AADC means increasing existing legal risks for apps and third parties, and the advertisers that use them, so should help push up the value of ads on legit sites. A lot of advertisers who get told they're reaching high-value adult audiences are really having their ads shown in apps for kids—if AADC makes that harder to do, it's good news for the legit sites that actually reach those adult audiences.

To review, the web ad crisis is more of a supply and demand story than a privacy story. We have a problem mostly because third parties can artificially increase the number of saleable ad impressions, by offering ads on content that no advertiser would choose to sponsor. Creepy trackers mostly aren't creepy because they want to be creepy, they're creepy because they want to sell some advertiser an ad impression they wouldn't otherwise buy. In general, regulations and tools that make third parties reduce the number of ad impressions they can sell are a step in the right direction.

No one law gets us all the way to the point where a fully-opted-out site is going to be viable on ad revenue alone, but it's a step.

Analysis of California’s Claims Against Sephora

Time Till Open Source Alternative

As Ad Industry Embraces First-Party Web, Media Owners Must Modernize Structure

Lawsuit accuses Oracle of facilitating sales of 'billions' of folks' personal data

Period-Tracking Apps Won’t Say Whether They’ll Hand Your Data Over to Cops

Nonprofit Websites Are Full of Trackers. That Should Change.

iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser

Use one big server

Show HN: I built a self hosted recommendation feed to escape Google's algorithm


custom audiences laundering

17 August 2022

Everyone else getting ready for the CPRA rulemaking?

It looks like a tricky CCPA loophole is catching on, and I'm not sure of the best way to address the problem.

As I have mentioned before, the easiest way to catch a company violating the CCPA is:

  1. Buy something with Global Privacy Control turned on.

  2. Log in to Facebook and check Ad Settings. Look at Audience-based advertising.

  3. If the name of the company you bought from is in there, they sold (exchanged for something of value) your info, probably by sending it to Facebook as part of a Custom Audience, or possibly by using Facebook Conversions API. Anyway, they broke the law and got caught.

Simple, right? Looks like a way to make open-and-shut CCPA cases at scale. The new California privacy agency will be able to just copy over the same paperwork, because all the surveillance marketers are following the same tutorials.

Unfortunately, surveillance marketers already have a workaround. I have seen this doing RtKs (which is a good example of why RtKs matter).

  1. The original company (the business) collects customer email address from an opted-out customer, and possibly hashes it.

  2. Business passes the email address, or hash, to a third party.

  3. The third party passes the email address or hash to Facebook, and then deletes it. They can't tell which of their client businesses passed information on which people (or they claim not to be able to).

That way, the name of the third party, not the name of the business, shows up in Facebook Ad Settings. Under the draft CPRA regulations, the third party is required to comply with a Right to Know or Right to Delete, but as far as I can tell, there's no additional requirement for the third party to disclose who the original business was, or to be able to.

So a business that wants to violate the CCPA can run their Custom Audiences through a third party, and switch to a new third party if the old one builds up too many RtDs.

It looks like all we can really do is list the third parties involved in this scheme and RtD them? I know this is a good argument for why everybody needs an Authorized Agent service, but it would be less total work if there were a better way to find the original business that broke the law.

Any better ideas?

The War Economy: Sizing up the New Axis

In-app browsers like those in Facebook and Instagram are a big privacy risk, developer shows

Does your rewards card know if you're pregnant? Privacy experts sound the alarm : NPR

Californians for Consumer Privacy Announce Opposition to ADPPA

Amazon’s One-Stop Shop for Identity Thieves

Firefox locks the cookie jar

This is what happens when marketing theory meets the real world in a tech startup

Facebook's least surprising news ever

the colored pencil test for web features

04 August 2022

A web browser has a fiduciary duty to its user. A web browser is the agent of the user, and the user agent is expected to align fully with the person using it and operate exclusively in that person's interest. But how can we figure out what is and isn't in the user's interest? Some browser functionality is stuff that the user asks for, but other browser functionality can do more complex tasks for the user. Not every user has time to learn and understand everything the browser does for them. Maybe a story from space exploration history can provide at least a start to figuring this out.

In 1965, NASA scientists received the first images of Mars from the Mariner 4 probe, as numbers printed on paper tape. In order to see the image, they translated the numbers to colors and drew individual pixels with colored pencils.

hand-colored picture of Mars

Today, your web browser probably does something similar, many times a day. It turns a set of image data, from a file format such as PNG or JPEG, into a set of colored pixels that you can see as an image.

If, as a user, you had the time, you would probably choose to do exactly what the browser does. You want to see the images on a web site you visit. Other browser features, maybe not so much. Because the browser is supposed to be the agent of the user, a helpful way to answer the question, should the browser do this? is Would the user do this themselves if they had time?

For some browser functionality, answers can be found in the history of technology. People have put bookmarks in books and make bibliographies as long as there have been books. So it makes a lot of sense for browsers to offer users a bookmark feature. But the more novel a feature gets, the harder it is to figure out whether to do it without more forward-thinking user research.

  • When you buy something, would you tell the seller about every ad you saw for the thing you just bought? Would you tell them if they promised to mix up your answers with other people's and do math on them so they can't tell what any one person said?

  • On your first visit to a new site, would you choose to tell the site about some of the topics that you're interested in?

People do provide information about themselves to other parties they deal with. The browser's role is to understand and facilitate the information sharing that people would choose to do on their own, if they had the time to learn about it, keep the necessary records, and answer questions. (For example, a browser might offer to auto-populate "where did you see our ad" fields on order forms, if user research shows that people are willing to fill in that field.)

A lot of user research has shown that people don't like the online advertising practices of today, but there needs to be more research on what they would accept. Ultimately the browser works for the user, and it would be a waste of resources to go too far down a direction that's too different from what people would choose to do for themselves.

Igalia: the Open Source Powerhouse You’ve Never Heard of

FTC Puts American Businesses on Notice

These Companies Know When You're Pregnant—And They're Not Keeping It Secret

Zero-Click Content: The Counterintuitive Way to Succeed in a Platform-Native World

The Bipartisan House Privacy Bill Would Surpass State Protections


21 May 2022

(update 30 Sep 2022: add link to Colorado regulations.)

Quick update just to day that I did get the specific pieces of personal information from that CCPA RtK that I mentioned before.


Social: Influencer Propensity:14;


Purchase Propensity: Japanese Luxury Vehicle:10;

along with some sensitive ones. Added to the end of Example CCPA workflow.

It seems like we might have a loophole in the CCPA Regulations.

It says, A business shall identify the categories of personal information, categories of sources of personal information, and categories of third parties to whom a business sold or disclosed personal information, in a manner that provides consumers a meaningful understanding of the categories listed. but I don't see where it says the business has to disclose the actual specific pieces of personal information in a way that provides consumers with meaningful understanding.

So it looks like they can send me a bunch of integer and letter codes without a key. This is similar to the Verizon RtK response, by the way. Will probably have to write this up for the CPRA rulemaking. Disclosure of a score really needs to come with a key or units in order to be meaningful.

One piece of good news is that they have me down as 80-something years old, which might help keep me safe from the target selection algorithms for People's Liberation Army assassination drones, bodily fluid harvesting robots, and Texas abortion bounty hunters.

Updated to add some good news from Colorado. Colorado closed the loophole. The Colorado Privacy Act Rules state,

Personal Data provided in response to an access request must be provided in a form that would allow the average Consumer to make an informed decision of whether to exercise deletion, correction, or opt-out rights.


For instance, the Personal Data must be provided in a form that is concise, transparent and easily intelligible, and avoids incomprehensible or unexplained internal codes and identifiers.

Will companies maintain both incomprehensible and incomprehensible versions of their data dumping code? Or just make one version that's compatible with both California and Colorado? Or will California catch up with Colorado?

After Buffalo, Will Corporate America Turn Against the Murdochs and Fox News?


Tesla is toxic

We Need to Take Back Our Privacy

How family farmers are working to get federal support for regenerative agriculture

Statistical personality quiz matches you to fictional characters

Online data could be used against people seeking abortions if Roe v. Wade falls

This unsettling Army recruitment video is a master class in psychological warfare

Software Freedom Conservancy right-to-repair lawsuit against California TV manufacturer Vizio, Inc. remanded to California State Court

Facebook Can’t Shake Publicity Rights Claim–Hepp v. Facebook

The problem with CCPA RtK workflows

14 May 2022

Here is a follow-up to my comments at the pre-rulemaking stakeholder sessions for CPRA last week: Example CCPA workflow. printed copy of CCPA form

This is one where I had to print out and sign a form, and have it notarized.

As I pointed out before, making Right to Know work is really a critical first step for all the other CCPA tasks. If you don't know which companies have which info, it's almost impossible to prioritize who gets a CCPA delete, which requires more effort, and who gets a Do Not Sell.

If every data broker and surveillence marketing firm could make the Right to Know process a little different, then it would be nearly impossible for anybody to get anywhere with CCPA, and we might as well not have it.

What would be good to see in the CPRA rulemaking is one standard baseline process for Right to Know, that any company would have to do. They could, of course, add additional, more convenient processes, but there should at least be one that is of known difficulty.

Here is my suggestion.

  1. As a California resident, I go to the California DMV, show my California ID, and get a stack of printed Right to Know slips. These are pieces of paper and have my identifying information on them. The DMV is allowed to charge me for the printing costs.

  2. When I want to exercise my Right to Know, I fill out a company's Right to Know form on their web site, and provide my contact info and postal address.

  3. If the company doesn't have any info on me, they can email me to say so.

  4. If the company does have info on me, they send me a Business Reply Mail envelope.

  5. I put one of my Right to Know slips from step 1 in the Business Reply Mail envelope and send it back.

  6. The company checks my Right to Know slip and sends me a copy of my info.

This puts all the sensitive data handling either under the DMV's roof, or in postal mail space where mail fraud is a Federal crime.

Naturally, a lot of people will come up with ways to do this more cheaply and conveniently on the Internet. That would be great. Putting a simple, standard, postal process in the regulations will set the baseline: you can't make it too much harder than DMV+postal, or people will do DMV+postal.

FACEBOOK Doesn't Know What It Does With Your Data, Or Where It Goes?

Why target ads at pregnant women

Apple Mail Now Blocks Email Tracking. Here’s What It Means For You, by Justin Pot, Wired

Land value tax in online games and virtual worlds: A how-to guide

The Unreasonable Fight for Municipal Broadband

I Commanded U.S. Army Europe. Here’s What I Saw in the Russian and Ukrainian Armies.

The Unsung Women of the Betty Crocker Test Kitchens

Lawsuit Highlights How Little Control Brokers Have Over Location Data – The Markup

Problems Persist With Google’s Privacy Sandbox Proposals as Trials Open

CPRA comments

04 May 2022

I got to comment at a pre-rulemaking stakeholder session for the California Privacy Rights Act (CPRA). Here is my prepared text (not exactly what I said, but close).

As a California resident, I have had a right to know how my personal information is used, since January 1, 2020. On paper, that is. In practice, it’s a little trickier. In order to exercise my California privacy rights, I have had to run a lot of mazes. I won’t mention any specific companies here, but

  • I have taken selfies.

  • I have taken a selfie holding my California driver’s license.

  • I have scanned my California driver’s license, front and back.

  • I have taken a photo of my California driver's license from an Android device, had it rejected, found an Apple device, taken a different photo of the same license, and had it accepted.

  • I have passed a quiz about my former addresses and bank accounts.

  • I have passed a quiz but only by getting some of the answers wrong because they would have been right if a family member of mine with a similar name was taking it.

  • I have printed and signed a document, and scanned it.

  • I have printed and signed a two-page document, gone to a notary, had it notarized, and scanned it.

Getting through the Right to Know process can be tricky. And I’m pretty good at paperwork, I have a variety of different devices to try, and I have a printer and scanner set up and working.

The reason I’m focusing on the Right to Know here is because it’s the CCPA right that helps me decide what to do with all the other rights. If I have a positive response to a Right to Know, then I don’t have to do a Right to Delete, and I can be more confident in sharing information with a company. There are tens of thousands of companies out there that might have some info on me, so I need to prioritize. But realistically, inconsistent and over-complicated handling of Right to Know by the companies I buy stuff from and by data brokers means that it’s a time-consuming effort for me to find out what’s going on with my personal information.

Under CCPA, I have the right to use an authorized agent. But authorized agent requests are even more complicated. Companies generally react to a fully documented authorized agent Right to Know by getting in touch with me directly and making me run the original maze anyway.

The worst part of all this maze running is sometimes there’s no cheese at the end of the maze. I have gone through all the work to do a Right to Know with one company, and ended up with, among other things, a list of the companies that sent my personal information to them. So, when I send a Right to Know to those companies, I should be able to get some information, right?

Not necessarily. Sometimes they claim not to have any information about me.

And in the case of one high-profile company, I can look up the public documents from an ongoing privacy lawsuit, and read employee depositions stating that they have certain kinds of information. But it's information that they don’t disclose to me. A company shouldn’t be able to testify to one thing in court and then tell California residents something else.

In the 2020 election, Proposition 24 was supported by an overwhelming majority of California voters. Today, the CPPA has an opportunity to implement the intent of California voters by adopting regulations that make it practical for everyone to exercise their basic privacy rights.

As a California resident, I should be able to use a simple, standardized Right to Know process, such as being able to request a standard paper form and a Business Reply Envelope. Naturally, businesses and their service providers should be able to compete to offer consumers a simpler, faster online process as an alternative to paper forms and trips to the mailbox. But without a guarantee of a common, baseline simple opt-out process to fall back on, we’re still going to be stuck in a maze next year.

Thank you.

More: The problem with CCPA RtK workflows

Tech companies face a legal nightmare if Roe v. Wade is overturned

How to Get an Abortion in the Age of Surveillance

Why I Don’t Use Ad Blockers

Backlash Against Consent Pop-ups Is a Misleading Argument

Researchers Find Shades of Opacity, Plenty of Tracking, After App Tracking Transparency

Read the Facebook Papers for Yourself

CPRA: do I feel lucky?

26 March 2022

The remarkably popular California Privacy Rights Act (CPRA) takes effect on January 1, and that means the California Privacy Protection Agency (CPPA) is coming. But right now, it doesn't look like surveillance marketers are that worried. The agency has a $10 million budget, and that's chump change around here. The Big Tech legal departments and the big Palo Alto law firms probably spend more than that on guacamole.

The CPPA will be able to do a lot per case, but won't have the budget for too many cases. To some extent, they're going to have to rely on uncertainty. As a famous (but fictional) California lawman once said, Did I fire ten million dollars worth of privacy enforcement, or only nine? But being this is the CPRA, the most powerful privacy law in the United States, and would blow your head clean off, you've got to ask yourself one question. Do I feel lucky? Maybe I got that movie quote wrong. Need to check it.

It's not as bad as it looks, though. The new agency doesn't have to deal with a zillion different CPRA violations. All the surveillance marketers did the same Big Tech training. To put it in terms that Big Tech will understand, CPRA enforcement scales. A lot of cases are going to be basically identical because a lot of the violators watched the same growth hacking videos and read the same documentation. The big companies have cleverly shifted a bunch of the CCPA (and soon, CPRA) risks over to the smaller companies. Kind of like how Amazon understands the risks of operating vans on crunch schedules in residential areas, so offloads those risks on Amazon Delivery Service Partners. That's the safe choice for them from one point of view, but it means that the CCPA/CPRA violator is technically not the big, lawyered-up company. The violator is a small company with a small legal budget, breaking the law in the exact same way as a bunch of other companies.

Big Tech's decision to outsource the legal risks means that CPPA will not have to put a lot of lawyer time into each violation. Just like New York City has a Citizens Air Complaint Program to handle one kind of common pollution violation (idling trucks), the CPPA will be able to do the same complaint over and over. Get the person whose info was misused to fill it in with screenshots and/or attachments, and all the CPPA lawyer has to do is check and sign it.

Here are a few common violations where enforcement will be able to scale quickly.

Using a GDPR workflow to do a CCPA job. Under CCPA, you can opt out of sale of your info. Under GDPR, you can object to processing. Similar concepts, but the details are different. Under GDPR, a company can make people go through an extra ID verification step for an objection. Under CCPA (and soon, CPRA), an opt-out has to be handled without ID verification unless the recipient has a good-faith, reasonable, and documented belief that it is fraudulent, and sends it to you in writing when you opt out. GDPR compliance doesn't always get you CCPA compliance. Companies have had a couple years to fix this, but it's still pretty common. Info needed: Forwarded email or screenshot of illegal verification step.

GPC order, followed by sale/share. This is easy to check. Turn on Global Privacy Control in your browser. Order something on the web. Set a reminder to come back later to see if the company transferred (sold or shared) your info to Facebook. Info needed: screenshot of GPC install/activation, screenshot of Facebook Ad Settings.

Inconsistent data. Another good use of Facebook Ad Settings. Many companies default to dumping customer info over to Facebook, without really thinking about it. Then, somehow, some of them leave out the info that went to Facebook when they answer a Right to Know. Easy to spot. Info needed: copy of RtK results, screenshot of Facebook Ad Settings.

The Attorney General's office already has a Consumer Privacy Interactive Tool to help you report companies that fail to include the required Do Not Sell My Personal Information link on their web sites. Similar tools will be easy to add for the common violations—so that $10 million will go further than it looks.

Google is forcing everyone to fund Kremlin propaganda right now

I Have a Message for My Russian Friends

Russia’s war hits Yandex, the ‘Google of Russia’

Want to go fight for Ukraine? Here’s what to do.

China's state media buys Meta ads pushing Russia's line on war

Social media turn on Putin, the past master

Five reasons the sanctions are working

Heat Pumps for Peace and Freedom

How an obscure far-right website with 3 employees dominates Facebook in 2022

Innovation is slowing down—and Big Tech is to blame

Google Search Is Dying

Google And IAB Europe Are Losing Data Privacy Lawsuits In The EU, But What Does It Mean?

undisclosed risks at Meta

10 February 2022

Lots of attention to one SEC disclosure about regulatory risks for Instagram and Facebook in Europe: Meta warns it may shut Facebook in Europe but EU leaders say life would be 'very good' without it.

So that's a story, but from here in California the really interesting risk disclosures are a few that aren't there. Meta has some risks related to ongoing violations much closer to home.

  1. The company has not been acknowledging CCPA Right to Know (RtK) letters from California residents who do not have Facebook accounts. If Facebook still maintains shadow profiles on people who do not have accounts, then refusing to disclose them to the person described in the profile is a CCPA violation. A person cannot be required to agree to a company's Terms of Service in order to exercise their rights under CCPA. (Or maybe Facebook already bulk-erased the shadow profiles of anyone from California who they don't have signed up as a user?)

  2. The personal information in Facebook's Download Your Information downloads is incomplete. The extent of the missing data is gradually coming out in discovery in In re Facebook, Inc., Consumer Privacy User Profile Litigation. We don't know exactly how much extra data they will have to start disclosing, but if they're putting this much effort into fighting discovery in one case, it has to be enough to be worth mentioning as a risk to the SEC.

  3. Meta is ignoring or mishandling Authorized Agent RtKs. This is a fairly common issue at surveillance marketing companies. Authorized Agents are still rare, and a lot of companies don't have a process in place to handle them correctly. But a high-profile company like Meta is likely to get a bunch of agent RtKs, and it's reasonable to expect them to disclose the associated risks.

See the CCPA Regulations for more details. A Download your Information portal is allowed for complying with CCPA Right to Know, but only for people who already have accounts, and a business maintains a password-protected account with the consumer, and only when the portal fully discloses the personal information that the consumer is entitled to under the CCPA.

All three of these items are much more likely than the We will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe scenario. So they could really use a mention in the next Form 10-K or other documents.

“A Pure Sideshow”: Now More Than Ever, the Stock Market Doesn’t Matter

An uncertain future for the web in Europe

Andrew Forrest launches criminal action against Facebook over scam ads that used his image

Is Momentum Shifting Toward a Ban on Behavioral Advertising?

On Meta’s ‘regulatory headwinds’ and adtech’s privacy reckoning

FTC Calls Out Targeted Ads for Social Media Scams

Holding Facebook Accountable for Digital Redlining

banning surveillance advertising

23 January 2022

(update 21 Mar 2022: Add another link, edit down and simplify)

(update 26 Jan 2022: Add links, edit some material on subsection b)

New bill in Congress: the Banning Surveillance Advertising Act of 2022. Ambitious goal. May not get far this Congress, but it's good to have a destination in mind. As Allison Schiff wrote on AdExchanger, Even If Targeted Online Advertising Isn’t Banned – Take Note Of Which Way The Wind Is Blowing. Remember, it took the EPA 23 years to get to the (almost) Final Step in Phaseout of Leaded Gasoline.

We can ignore the first round of industry group freakouts over the bill. It's unrealistic to play the bad for small business card this early. Even though a lot of small businesses use surveillance ads today, legit small businesses could end up better off after a ban if they don't have to keep playing negative-sum games against scammers trying to pick off their customers. Hard to predict the impact of any policy change on any advertiser until you know what they're contending with in the existing system. (Yes, the 1971 ban on cigarette ads on TV seems to have had two effects: a short-term increase in profits for all tobacco firms, and an increase in concentration of profits for the largest brands. However the cigarette market was essentially all legal product vs. legal product competition, and not a single market including both honest and deceptive advertisers like today's social media advertising.)

A surveillance ad ban won't make people buy less stuff, but in the absence of surveillance ads, different gatekeepers will be more important. The big, obvious winners from a surveillance ad ban would be SEO, content marketing, affiliate programs, and search advertising. If you can't find Kevin, you have to make yourself as findable as possible when he tries to find you.

Another set of winners in the post-surveillance-advertising economy will be niche content sites, especially sites that cover shopping-friendly content categories (like travel, fashion, and home improvement) and sites that run product reviews and buyers' guides. Shopping help forums on general-interest sites, like /r/buildapc, will be more and more important for marketers to keep up with, and niche retailers with a curated selection will get a new amplification role in some categories. Measuring the effectiveness of non-surveillance advertising requires different skills, so that's an opportunity for some kinds of research firms. A not-so-surprising winner when you think about it will be multi-level marketing. MLM spreads person to person.

So is surveillance advertising going to take as long to get rid of as leaded gas did? Personally, I don't think so. The winners from the leaded gas ban were numerous but dispersed: people who live near a lot of motor vehicle traffic and people who might be crime victims. The leaded gas ban created no localized near-term big winner businesses, but there will be some for a surveillance ad ban. Expect a second round of industry group comments as the companies that will win from a ban get involved.

Time to look at some specific issues in the bill. Some suggestions.

Remove or limit the Custom Audiences exception. Subsection (b) has some language on Custom Audiences that provides some protection but not enough.

Paragraph (1) does not apply to the targeting of the dissemination of an advertisement based on information described in clauses (i) through (iv) of subparagraph (B) of such paragraph that is provided to an advertising facilitator by an advertiser or by a third party on behalf of an advertiser, if the advertising facilitator is provided a written attestation that the advertiser is not in violation of subsection (b) with respect to such information.

This is interesting in principle, but has a negative space problem. The larger a platform gets, and the more Custom Audiences it receives from more advertisers, the more that users can be targeted just based on which Custom Audiences they're not in. Even if no single advertiser's Custom Audience reveals membership in a protected class, the platform will be able to infer membership if it has enough lists of non-members.

For example, Facebook has an internal cascade of classifiers that use inputs from multiple sources to place both scam and non-scam ads. This placement decision happens per ad impression, in real time. As Facebook gets lists of finance publication readers and accredited investors as Custom Audiences, not only do the legit advertisers get the ability to target their audiences on Facebook, the system learns how better to match the precious metals scams with the most vulnerable targets. The Facebook database does not have to store a list of vulnerable targets for a scam. Vulnerable people receive the scam ads as the result of an on-the-fly decision, as the inevitable effect of not receiving the ads intended for members of the well-informed Custom Audiences.

Large platforms that receive lists of people who work in healthcare, or are interested in legit health content, end up targeting users with limited health knowledge for health-related disinformation. Well-intentioned NGOs, by using Custom Audiences listing their informed supporters and donors, are unavoidably helping to place disinfo and scam ads for the other side.

A law that addressed some older ad targeting practices while leaving Custom Audiences as an alternative could easily do more harm than good. And from a communications point of view, a Custom Audiences exception is confusing. Personally, the first question I generally get about any privacy law or tool is, Will this keep (some company) from sending my info to Facebook? Leaving an exception for just that means that this bill is letting through not just some of the highest-risk surveillance advertising practices, but some of the least accepted.

A minor problem with subsection (b) is that all an advertiser needs to supply is a written attestation. There are a lot of sketchy Facebook advertisers who will sign a written attestation about anything, and advertisers who are advertising in one jurisdiction from another jurisdiction, making it hard to enforce the law against them. Makes no sense to let a big platform avoid accountability because of one possibly meaningless document.

Conversion tracking is similar to Custom Audiences, but sends one customer record at a time instead of a list batched together. The law has to apply fairly to both.

Figure out how to allow user-configured profiles. Some ad platforms allow users to limit the number of gambling or alcohol ads they see, or to set other ad preferences. As long as profiles (along with surveys, preferences, and similar features) that affect ad selection are clearly under user control, it makes sense to allow them. Best to let the pro-personalization users get what they say they want, and don't tell people that they can't choose to avoid ads for a product category they have a problem with.

An ad can be personalized but not surveillance if it's matched to the person receiving it based on information that the person intentionally supplied, knowing that it is being used for advertising, and with the option not to do it. This might be a reader survey, add this topic to my interests button, or some other feature. The personalization section of the law will need some careful work, because there is a risk that a large platform could end up with too many non-members of protected classes with personalization turned on, causing legit advertisers to go for the personalizers and leaving the non-personalizers to the scammers. A trustworthy content site with a high response rate to its reader survey might be able to safely use profiles for ad placement while some larger, lower-trust sites might not.

In the future, some users might choose to have their browser share an interest profile with some sites they visit. If a browser team can make a profile sharing feature, and fairly convice some users to turn it on, there should be a way to make it legal. (Browsers sending profile identifiers to sites without the user's knowledge: still bad.)

Reform 47 U.S. Code § 230 to exclude surveillance advertising facilitators and providers of algorithmic social feeds from the definition of interactive computer service. This safe harbor was passed in the days of Usenet and simple mailing lists and web boards, which were interactive under control of the user or the user's manually maintained subscription and block lists. Safe harbor is appropriate for content hosting or store-and-forward, but it was never intended for the kind of active selection and promotion of messages that surveillance advertising firms do.

Phase the ban in. If small businesses take longer to adjust to technical changes, give them longer, just like the EPA gave small refineries additional time to phase out lead in the gasoline they produce. Smaller databases present less risk, and larger companies have more technical capacity to comply with a ban. Possibly apply the ban in year 1 to companies with 100 million or more records of PII, then 10 million or more in year 2, 1 million in year 3, and so on. By the time it gets down to a small company's list, post-surveillance tools and services will be well-tested and easy to switch to.

Running more productive CEO hearings

There are probably going to be committee hearings about all this at some point, but nobody wants another, I'll have my staff get the answer to that hearing with minimally useful testimony from big platform CEOs. No CEO is going to be able to answer the important questions about how this stuff works in reality without preparation. Instead, please share some material in advance.

  1. Ask constituents for screenshots of scam ads, along with their identifying info and permission for the company that placed the ad to look up how they got the ad and discuss it with member of Congress and staff.

  2. Share a selection of scam screenshots and user info with the platform CEOs in advance. Let them know that you are going to ask, how did this exact person end up getting this exact ad? so that they can bring the answer to the hearing.

  3. When they're in the hearing, live, the answer will give you a better idea of how the system works.

Some work is still needed to figure out the possible loopholes in a surveillance ad ban, so it would be good to get some reformed surveillance advertising pros to go over it a bunch of times and game it out. I'm sure that I have only thought of a few parts of what needs to be done here.

Microtargeting as Information Warfare (PDF)

European Parliament approves initial proposal to ban some targeted ads - The Verge

Federal Trade Commission Rulemaking Petition to Prohibit Surveillance Advertising

Facebook Charged Biden a Higher Price Than Trump for Campaign Ads

Ban Online Behavioral Advertising | Electronic Frontier Foundation

Is Google Analytics illegal?

The activist who got advertisers to dump Breitbart is coming for other extremist sites

The Future Of Retail Media Platforms Will Split From Walled Gardens, Says IRI’s Pelino

Macron goes after online platforms, foreign ‘propaganda’ media

Publishers Beware: Is Ad Tech Harvesting Your Data Without Permission?

Fintech CEO rips into Meta, saying it won’t advertise on Facebook or Instagram ‘alongside scammers who are going after the savings of our customers’

Suit Seeks to Hold FACEBOOK Liable in Shooting Death of Federal Security Guard...

The ageism in advertising

#web5 resources

04 January 2022

Memex overview

As We May Think by Vannevar Bush A record if it is to be useful to science, must be continuously extended, it must be stored, and above all it must be consulted.

What can you do with a Web in your Pocket?

The Anatomy of a Search Engine Currently, the predominant business model for commercial search engines is advertising. The goals of the advertising business model do not always correspond to providing quality search to users. For example, in our prototype search engine one of the top results for cellular phone is "The Effect of Cellular Phone Use Upon Driver Attention", a study which explains in great detail the distractions and risk associated with conversing on a cell phone while driving. This search result came up first because of its high importance as judged by the PageRank algorithm, an approximation of citation importance on the web [Page, 98]. It is clear that a search engine which was taking money for showing cellular phone ads would have difficulty justifying the page that our system returned to its paying advertisers. For this type of reason and historical experience with other media [Bagdikian 83], we expect that advertising funded search engines will be inherently biased towards the advertisers and away from the needs of the consumers.

Postgres Full-Text Search: A Search Engine in a Database

Webs of trust and reputation graphs

PGP: Explanation of the web of trust of PGP

It's Now Possible To Sign Arbitrary Data With Your SSH Keys

Distributed hash tables

Distributed Hash Tables, Part I by Brandon Wiley

Kademlia - Wikipedia

Microformats and note taking

From brainstorm to outline: Why I use OPML

Microformats – building blocks for data-rich web pages

Attention conservation

Your attention didn’t collapse. It was stolen | Psychology

Web 2.0

Web 2.0: Compact Definition? - O'Reilly Radar

On Web 2.0, application uses YOU!


Why it’s too early to get excited about Web3 – O’Reilly

Alternatives to the metaverse

Clever uses of pass, the Unix password manager

The internet runs on free open-source software. Who pays to fix it?

The Three Laws of Personal Devices

The Web3 Fraud | USENIX

Should you fix errors and contribute to Google Maps for free?

Competition & Privacy: It's Both Or Nothing

Why We Need to Address Scam Culture

Cryptocurrencies: A Necessary Scam?

Get a Good Job With More Pay, the Landlord Takes It All Away

Thiel, Silicon Valley and the Rise of Tech Neo-Reaction

How CockroachDB went serverless

Web5 notes

A block contains a list of claims and a list of parent blocks. In order to check if a block is valid, you also need a block with a claim "[blob] is a valid signature for [block]" and a copy of the signature. You can't check a block's validity in isolation.

When choosing among blocks to form a chain, choose the oldest. When choosing which of two conflicting blocks to remove in order to make a chain valid, remove the oldest. The older a block is, the more likely that other nodes will already have a copy.

improving web advertising

28 November 2021

What does improving web advertising mean? Some possible answers.

  1. Advertising reaches the intended human audience

  2. Advertising is placed in a context appropriate to the product or service advertised (brand safety)

  3. Placement and reporting complies with information sharing and processing laws and norms (privacy where the information is personal, data leakage where the information is business)

You can't crank up any of them and leave the others go. Fail on (3) and deceptive advertisers outcompete the honest ones so the whole medium becomes untrustworthy. Fail on (2) and low-quality scraper and misinfo sites can outcompete legit ad-supported sites. Fail on (1) and the advertisers stop supporting the web, and all the ad money goes to Facebook, which is sub-optimal for some or many advertisers depending on time preferences. There are enough deceptive and/or hostile parties out there that some of the failure modes for web ads are risks to civilization, so you are probably set if you're trying to justify working on this stuff to Future You.

The fun part, though, is that web advertising can't really work the same as other online (software-intermediated?) ad platforms. The web is (user + client)/server. The client software is the agent of the user and is expected to operate in the user's interests. Other online ad media such as native mobile apps and connected TV are user/(client + server) The client software is provided by, and under the control of, another party. The user may even be a party to an end-user license agreement where they agree not to interfere with the client software's ability to act in another party's interests.

It's unrealistic to expect web ads to work similarly to app and CTV ads. Web ads in their improved state are going to work more like an ad medium in which there is no client software (like print ads) than they will work like an ad medium in which the client software operates in the interests of a party other than the user. This is probably a good thing, because if the user is in the loop, the best way for an ad to pay for the resources and attention it consumes is to participate in a content→signal→reputation spiral that is hard to do in less user-aligned ad media.

The Trust Recession

The Federalist Society’s newest enemy: Corporate America

No, the real inflation rate isn’t 15 percent

Social Media Is Probably Harming Girls, and That’s Enough to Act

How Facebook and Google fund global misinformation

Amazon Sued for Crash Caused by Driver Rushing to Make Deliveries

Revenue gap and related links

11 November 2021

When you measure include the measurer. — MC Hammer

Rebuilding web advertising without the third-party cookie is not really a privacy story. It's a market design story. And it's probably a mistake to think about third party cookies as some ideal system of which a fraction needs to be clawed back while keeping privacy. The limitations to measurement are complicated. (There is a lot of math needed to understand the reasons behind The Refrigerator Test and I'm still trying to figure it out.)

Some good background info.

Consumer Privacy Choice in Online Advertising: Who Opts Out and at What Cost to Industry? by Garrett Johnson, Scott Shriver, Shaoyin Du :: SSRN Though consumers express strong privacy concerns in surveys, we find that only 0.23% of American ad impressions arise from users who opted out of online behavioral advertising. We also find that opt-out user ads fetch 52.0% less revenue on the exchange than do comparable ads for users who allow behavioral targeting.

The Identity Fragmentation Bias by Tesary Lin and Sanjog Misra. This paper studies the identity fragmentation bias, referring to the estimation bias resulted from using fragmented data. Using a formal framework, we decompose the contributing factors of the estimation bias caused by data fragmentation and discuss the direction of bias. Contrary to conventional wisdom, this bias cannot be signed or bounded under standard assumptions.

Inferno: A guide to field experiments in online display advertising by Garrett A. Johnson. 19 Jul 2021 Online ad experiments suffer from an extreme statistical power problem, which limits how much can be learned from experiments. ... Some of the coming changes to online advertising promise improvements for experimenters.

The Unfavorable Economics of Measuring the Returns to Advertising - 2015-lewis.pdf These initial findings show that when advertising at a level of intensity typical of digital advertising, [randomized controlled trials] require sample sizes in the single-digit millions of person-weeks to distinguish campaigns that have no effect on consumer behavior (100% ROI) from those that are profitable (ROI >0%). ... Identifying highly successful campaigns from ones that merely broke even is not an optimization standard we typically apply in economics, yet our analysis shows that reliably distinguishing a 50% from 0% ROI is typically not possible with a $100,000 experiment involving millions of individuals.

Internet Activity Bias Causes Lumpy User Behavior by Jakob Nielsen This phenomenon is called activity bias: some days, people do a lot online; other days, they do very little. On very active days, people are more likely to do both Activity A and Activity B, no matter what A or B might be.... Crucially, even if there is no relationship between A and B, the very fact that you observe users doing A means that they are likely to be having one of their more active days and therefore are also more likely to do B.

Much Better Yellow Pages. Much Worse Television. by Bob Hoffman

Google loses appeal against €2.4 billion fine: tech giants might now have to re-think their entire business models (icymi: Search engines extract too much of the Web's value, leaving too little for the websites that actually create the content.)

taxing surveillance marketing

04 November 2021

Putting a tax on surveillance marketing is sometimes suggested as a solution to a classic externalities problem—firms benefit from surveillance marketing, but the costs and risks are paid for by the people surveilled. A Pigovian tax is the go-to fix for this situation.

Where to put the tax is the problem. Taxing specific marketing practices probably creates more overhead and risk than it's worth. Too easy for surveillance marketers to work around. So it seems like the best approach would be to expand the existing "data broker" registration laws to put scaled reporting and tax requirements on any database containing PII. From an economic POV, personal information is digital hazmat, with both potential harms and possible future benefits that a regulator is not in a position to evaluate but the users are.

Just like RCRA resulted in some marginal uses of hazardous materials being phased out, a Pigovian tax would likely cause companies to get rid of some high cost/benefit surveillance marketing data on their own to avoid reporting and taxation.

In general, it is important to tie the tax to the data (and therefore risks) and not to specific practices. Users of the data are best able to decide how to balance the risks and rewards.

The Enormous Hole That Whaling Left Behind

Poison in the Air

Measure A: tell it goodbye?

An Unexpected Victory: Container Stacking at the Port of Long Beach

The Unceasing Cessna Hacienda

How California plans to turn the screws on NIMBY cities

The worker-owned Defector, at a year old, has over 40,000 paying subscribers and $3.2M in revenue

Collections: No Man’s Land, Part I: The Trench Stalemate

The Pandemic-Induced Rise of the Secret Workday Power Nap

Foo Fighters And The Art Of Survival

Colleges Have a Guy Problem

In defense of the “gentrification building”

How luxury apartment buildings help low-income renters

bringing in the email harvest

24 October 2021

(This is rough, still trying to figure this out. Based on a thread in a surveillance marketing forum.)

Here's a surveillance marketing problem: some company gets a web site visitor, but can't identify them. They want to target the same person with Facebook ads or email spam.

For the company, one solution is to put some third-party JavaScript on the page that generates an email address for an anonymous visitor. Examples:

  • LeadPost leverages a network of match providers to convert your anonymous bounces into actionable leads. All lead data includes fully verified name, address and email and may be used for unlimited marketing purposes.

  • GetEmails offers Anonymous Website Visitor Identification, best explained in their video, How it Works In the Kitchen. We hash the email addresses in the huge f'n database, we then match the hashed email addresses in the cookies to the hashed email addresses in the big f'n database, and we pass you a record. It is magic.

There's a book about this technique, by Adam Robinson, founder of GetEmails. Permission (Sh)marketing: How the world's fastest-growing companies legally retarget website visitors using email without permission (and how you can too).

On the identification side, we could use existing technology to identify up to about 35 percent of US traffic. On the data side, we could compile an enormous list of third-party opt-ins through business developement with lead generation companies. We connected the two parts together, and lo and behold, it worked. Email-Based Retargeting was born.

This might be why I sometimes get completely inexplicable companies showing up as Advertisers using your activity or information in Facebook Ad Preferences. What if this happened?

  1. User A visits a web site with some email-finding JavaScript on it.

  2. Email-finding JavaScript misidentifies User A as User B.

  3. Company adds User B's info to their CRM system and uses it to send spam (generally, CAN-SPAM compliant email that is spam according to norms and reputable mail server ToSs, not spam according to US Federal law) to User B, and adds User B to a Facebook Custom Audience (not a Website Custom Audience like they would have gotten by using the Facebook pixel, a Customer List Custom Audience as if they had gotten the email with consent.)

The problem is: what happens if User B had Global Privacy Control turned on? The company would have picked up on it, and set the "Do Not Sell" flag to apply to User B's information, but User B didn't visit the company's site. User A did. So now User B sees their info in a place it shouldn't be, and the company is in CCPA trouble for mishandling the information of someone who never even came to their site.

Part of the solution seems to be for the third-party vendor to keep track of everyone they have seen a Global Privacy Control for on any site, and never return that person's info in step 2 above. But I'm not sure if this covers it. Anyway, this might just be more about what the heck is that company I've never heard of doing in Facebook Ad Preferences? than anything too significant.

Or I'm seeing those weird Facebook ads because the company just bought an old spam CD and made custom audiences out of that. Probably easier.

Researchers show Facebook’s ad tools can target a single user

How brands are getting tricked into advertising on The Daily Wire

‘Grab ‘em by the pageviews’: Growth hacking to nowhere

Adland is an island

The errors of efficiency

Democratic group poses as conservative PAC to block Youngkin support

Recording audio from YouTube

08 October 2021

So, I was on a panel a while ago: What Does the Future Hold for Global Privacy Controls? - YouTube

The main point here is that Global Privacy Control affects all marketing projects at a company, not just web advertising.

  • If you have a GPC from a customer, it affects everything including sales of postal direct mail lists, social media custom audiences, all of it.

  • If you use GPC when you place an order, and you give the seller your info, then GPC affects all of what the company can do with your info, not just your current web session or order.

Anyway, they put it up as a YouTube video, so if I want to make an audio file to listen to offline I should download and convert it.

Step 1: Make a recording with Live Recorder.

Step 2: Extract the audio stream with ffmpeg. (source: video conversion - Lossless extraction of streams from WebM - Super User)

ffmpeg -i input.webm -vn -acodec copy out.ogg

cleaning up YouTube

Prevent the system from sleeping when someone is logged in over ssh

08 October 2021

To prevent the Linux system from suspending or hibernating when a user is logged in, you can put this file, 10-no-sleep-ssh.sh into /etc/pm/sleep.d. Owned by root:root, mode 755.


case "$1" in
    if (who -u | awk '{print $2}' | grep -q pts/); then
    logger 'ssh user(s) logged in'
        exit 1

The who -u command lists the users who are logged in. A remote user will be on a pseudo-terminal and have "pts" in the second column of their line in the output.

If this script exits with an error (exit 1) the system will be prevented from sleeping.

Under-served niche in the ad market?

25 August 2021

In case you missed it, here's the new version of the FTC complaint against Facebook: FTC Alleges Facebook Resorted to Illegal Buy-or-Bury Scheme to Crush Competition After String of Failed Attempts to Innovate.

To me, it looks like there is a gap in the Internet advertising market that might be explained by the actions covered in that complaint.

Customer lifespan Long?high-quality sites
Short Facebookmisinfo sites

Right now if companies want to buy advertising with low complexity—ease of placement and easy-to-interpret attribution data—they can get it from Facebook. But because of the buy-or-bury scheme, it comes as part of a single service that also tends to kill off a fraction of the customers, through medical misinformation, extremist violence, climate disasters, and so on. This ad option appears to meet the needs of advertisers with shorter time horizons, such as several quarters of DTC startup runway or CMO job tenure. Most of the years of customer life lost will not enter into consideration because they will take place outside the time frame relevant for making the decision.

Judy Shapiro points out that In 2017, just five years ago, the CPM to run a Facebook ad was $4.21, meaning you had to spend $4.21 to reach 1,000 impressions, presumably people. Today, the price is $13.87 – a whooping increase of 222%.

Judging by that, the combination of advertiser convenience and lowering customer lifespan seems to be a winner. Some advertisers, however, have investments in facilities and goodwill that make them prefer longer customer lifespans but lack the advertising know-how to be able to run high-complexity advertising. It is possible that one of the companies acquired by Facebook might have, if it continued to operate independently, been successful in the low-complexity/high-lifespan niche. Today that niche seems to be an opportunity.

interesting missing sentence

13 June 2021

In response to the news that Google won’t end support for tracking cookies unless UK’s competition watchdog agrees, the company has come out with a page stating Our commitments for the Privacy Sandbox.

The key commitment that I was looking for in there is something about how a site's decision to use Google Privacy Sandbox will or will not affect the ranking of search results from that site in Google Search and Google News.

It would not have taken them much time to add that, plus of course a little extra lawyer time depending how many lawyers need to read it before they post. But that didn't happen. Which makes the missing sentence the loudest part of the whole thing.

By now it's pretty clear that we're going to continue to have arguments about the future of web advertising, and then, whatever way those arguments turn out, everyone is going to do everything exactly Google's way because Google dominates search. For example, Google FLoC opt-outs are a thing now, but how many sites will stay opted out even after the SEO impact becomes clear? Wikipedia, GitHub, and Amazon have a high enough profile that they're probably fine, but how will The Markup do in search results, against other sites that cover the same topics in a more Google-friendly way?

Instead of sending an anticompetitive message in a document that can be part of discovery in a lawsuit, or stating it in a meeting that can be recorded or testified about, Google can encode the message in patterns of search results so that SEO consultants can reconstruct it for their clients. No message text has to be shared, but an internal message M at Google can become M′ at the recipient company. There is probably a really good information theory paper about how this works.

Apple admits why its own Files app was ranked first when users searched for competitor Dropbox

Google’s opaque practices to restrict fingerprinting create confusion among its ad tech partners

Australia Forced Google and Facebook to Pay for News... And They Did

Europe’s cookie consent reckoning is coming

A politically divided America is forcing brands to choose sides

Manifest v3 update

Google AMP is dead! AMP pages no longer get preferential treatment in Google search

notes on chapter 6

25 May 2021

Some notes on chapter 6 of Privacy is Power by Carissa Veliz. This is the chapter with specific recommendations in it.

Think twice before sharing: this is a good point, maybe more than twice. For example, if you Tweet the date that your coronavirus vaccination became effective, surveillance marketers who know where you live can count backward to the date you became eligible, and learn something about your age or health history.

Respect others' privacy: Good advice, and don't ask why someone declined permission to have their info shared, or pressure people. (And if you have information or photos pertaining to somebody who you no longer have a relationship with that would make having that material appropriate, destroy it.)

Create privacy spaces: Now I want to do this.

Say no: This situation is actually getting a little better this year—consent dialogs are getting cleaned up. I'm not seeing as many of the first generation more dark pattern-ish ones. But see the Cookie AutoDelete link below. If you consent by mistake, a tool can sometimes fix it.

Choose privacy: Vizio makes nearly as much money from ads and data as it does from TVs, so it's not surprising that it's hard to get a TV without smart features. My solution is to just connect HDMI and antenna, never WiFi or Ethernet. The part about not having an Amazon Alexa device in the house seems kind of obvious, but maybe some families disagree? The good thing is that couples who are dating now can find out if they have compatible views on smart speakers before sharing a home. (and maybe figure out whether augmented reality surveillance glasses are a relationship problem now, before you end up having to break up with both a person and with the corporation surveilling you from their face?)

Under devices there is a very good point about not keeping apps you don't need. Also check devices for pre-installed, unremovable apps before buying, to save yourself the hassle of having to return the device. (Any phone manufacturer that would stick unremovable surveillance bloatware on their product would probably make other bad decisions, too.)

Messaging apps: Good points. If this section isn't enough to keep you off WhatsApp, there are other issues. I'm still concerned that WhatsApp is going to rub some people's patriotic sensibilities the wrong way, since WhatsApp makes some countries, including India, accept a lesser privacy policy that they won't inflict on, say, Germany. Just to stay out of that whole contentious national pride issue, I'm sticking with Signal which doesn't discriminate by country this way.

Email: Surveillance marketers have figured out the + addressing trick, unfortunately. It does make sense to keep a separate address for low-priority marketing mail.

Browsers: Good point to have more than one. I like Firefox, tricked out with appropriate extensions, for daily use but keep a totally stock copy of Google Chrome just in case, for sites with compatibility problems. (I never use Chrome for buying anything. Why reward sites for compatibility problems by buying stuff from them?) If you have a computer that came with Apple Mac OS or Microsoft Windows, both of those come with good browsers now. So if you want to use Firefox as your main browser, you can just use the browser that came with your computer as the backup.

Use privacy extensions and tools. Here is the one piece of bad advice in this chapter: Adblockers are easy to find and install. Don't do this.Seriously, don't do this. The ad blockers that are easy to find are generally the sketchy ones. Unfortunately, the browser extensions directories tend to fill up with adblockers that either have a so-called Acceptable Ads feature that lets tracking through, and that you have to change some settings to turn off, or are actual adware. (If you install an ad blocker and start getting ads on Wikipedia, you got the second kind.) And somehow the ad blockers that allow the Google trackers through seem to come up higher in a Google search.

I use the built-in Enhanced Tracking Protection in Firefox, which you can set to standard for basic protection and strict for more protection but possible breakage.

Legit ad blockers are generally effective against tracking by third parties on regular sites, but that's not as big a surveillance risk as the Facebook sites and YouTube. For Facebook in the browser, there's Facebook Container (you did remove the native app, right?), but cleaning up YouTube is a little harder.

Yes, third-party cookies are the easy surveillance technology to block, but deal with Facebook and YouTube first. This whole project is not just about saving yourself a little annoyance today, but also about incentivizing CMOs and VCs to expect lower returns on future surveillance marketing and invest based on that. We win when we can change the level of risk we all have to deal with in the future.

Another extension that I find valuable is Cookie AutoDelete. Automatically cleans out the cookies that a dark pattern got you to consent to, while letting you keep cookies for sites where you want to stay logged in. Much easier than clearing cookies manually, which a lot of people apparently still do.

Demand privacy: Sending opt outs is one privacy task where it really helps to be in California. The high-priority companies to send CCPA opt-outs to are

  • big data brokers

  • brands you actually buy stuff from

  • companies targeting you on Facebook. (This is where keeping a Facebook account is actually a privacy win. It's a waste of time to actually CCPA Facebook but their ad settings can reveal who has uploaded your info to them and needs to get a CCPA opt-out.

Breaking the kill chain

What's the most effective place to break the surveillance marketing kill chain? Let's look at it as a cycle. People buy stuff, surveillance marketers use sales to measure the effectiveness of what they have been doing, use those measurements to guide target selection, then place ads and collect reports on the ads. The reports feed into the same effectiveness measurement as sales.

surveillance marketing kill chain

(Feel free to pick this model apart. I plan on revising it some more once I have figured out what I missed.)

Ad placement looks easiest because it's is where you can use ad blockers. Fine for run-of-the-mill sites where the ads come from a separate ad server, but native apps and non-web ads are still going to get through here. Blocking the most blockable ads is only going to incentivize ads to move to non-web ad media. Most likely case is that more ad money ends up supporting deadly viruses, climate disasters and terrorists at the big social sites.

Ad reporting is also affected by ad blockers, and you can use tools like AdNauseam to make it less effective. Promising, but like ad placement an area where the more evil ad media are less affected.

Measuring effectiveness and target selection are both internal to the advertiser. Could be good for insiders to work on, but not a lot you can do from the outside.

That leaves buying stuff. What if the most effective place to take action is between putting something in your web shopping cart and making a purchase?

  • Compared to the number of trackers and third parties you interact with, the number of companies you actually buy from is small

  • Opt out will cover all downstream uses of your info, not just the ones you know about or have a tool for

Surveillance-based ads can only justify a higher rate per ad impression by connecting ad reporting to sales.

This gets way easier when retailers have Global Privacy Control support and clean up their dark patterns, so could go from privacy nerdery to mainstream fairly smoothly.

Facebook is a good example here, because their system is designed to limit outward transfer of information. If a company buys ads on Facebook, they can't ask Facebook for a list of who saw their ad and then compare to the list of people who bought stuff from them. Instead, the advertiser has to:

  1. Integrate Facebook software into their web site, apps, and/or CRM system. (Facebook makes this software easy to set up, and only the web version is easy for the customers to block.)

  2. Use the software to send reports on their customers, saying who bought what, to Facebook. The advertiser generally doesn't know which customers have Facebook accounts, and most people have a shadow profile anyway, so they just dump everybody's purchases to Facebook. This can be done in a server-to-server way that does not depend on the browser.

  3. Facebook generates a report for the advertiser so that the advertiser can compare their Facebook advertising to their sales.

Step 2 is hardest to keep from happening, since this information transfer has the most technical and legal armor around it. But it also carries the most reward per bit of personal info transfer blocked. The more I can exercise my right to stop the advertisers from doing this, the less justification they will have to send money to Facebook instead of to ad media with positive externalities.

It makes sense not to RtD Facebook, since with the current state of things you will have a shadow profile with them anyway. Instead, RtK Facebook and either opt out or RtD the advertisers who feed into their system.

How Did ‘Mind Your Own Business,’ Delta 5’s 40-Year-Old Cult Hit, End Up In An Apple Ad?, by Jem Aswad, Variety

The Dark Patterns Tipline Wants to Hear How Sites Manipulate You

We’re making contextual advertising smarter with content clusters

Announcing Mozilla Rally

Why marketing might be better off without cookies

how to keep the wrong sorts of people out of your place

25 April 2021

How to keep the wrong sorts of people out of your place, using Google FLoC.

  1. Post a FLoC checker QR code.

FLoC QR code

  1. Make everybody scan it when they come in.

  2. Check their phones.

    • Green: good cohort

    • Red: bad or missing cohort. If they turned off FLoC or installed an alt-browser, they're probably hiding that they're in a bad cohort.

    • Blue: Apple Safari, you figure it out.

(no, I don't think anybody should actually do this, but it's only a little bit of JavaScript so people are certainly going to try. So it could turn out that non-Google browsers will end up having to provide a realistic cohort instead of just not implementing FLoC.)

Sources: Google's Ethical AI group was in turmoil long before the ouster of Gebru and Mitchell, after friction over handling of harassment and bias allegations

Lina Khan’s timely tech skepticism makes for a refreshingly friendly FTC confirmation hearing

Organized Mimicry: Employers Against the Free Market

WordPress Contributors Propose Blocking FLoC in Core

Get the FLoC out

The ascent of Lina Khan, tech antitrust icon

For Big Tech whistleblowers, there’s no such thing as 'moving on'

Millions of Chrome users quietly added to Google’s FLoC pilot

Google is poisoning its reputation with AI researchers

No, Google! Vivaldi users will not get FLoC’ed.

How the tech industry is sowing confusion about privacy laws

‘We can’t un-FLoC ourselves’: Google’s cookieless ad targeting proposal under fire from ethics researchers, lawmakers for discriminatory potential

Alphabet shareholder pushes Google for better whistleblower protections

Google Is Testing Its Controversial New Ad Targeting Tech in Millions of Browsers. Here’s What We Know.

Your cohorts are just ethnic affinity groups. Change my mind.

12 March 2021

(Update 28 Feb 2022: Berke and Calacci link)

(Update 9 May 2021: add another example)

The big question around Google FLoC is whether or not some of the FLoC cohorts, which are group identifiers applied by the browser and shared with all sites, will match up with membership in legally protected groups of people. Will cohorts turn out to be the web version of Facebook's old Ethnic Affinity Groups, also known as multicultural affinity groups?

2022 update: Browsing behavior correlates with race, but cohorts do not....We did not find with our t-closeness analysis that the likelihood of correlating racial background with cohorts, using the FLoC OT algorithm, was any greater than chance. (Privacy Limitations Of Interest-based Advertising On The Web: A Post-mortem Empirical Analysis Of Google's FLoC

Facebook limited the ability of advertisers to exclude members of these groups in 2018 and made many of the groups unusable for targeting at all in 2020. But FLoC is a little different. It assigns numbers, not names, to cohorts, so the unsolved problem is how to tell which cohorts, if any, are actually ethnic affinity groups. One issue on GitHub asks,

If we do have an issue where racially specific targeting is incidentally created by the ML system what happens when advertisers target for or against it and who ends up responsible?

FLoC developers are planning to use sensitive-page classifiers to check which cohorts match up to sensitive groups of pages in web history. Unfortunately, checking page content is not going to give them protected group membership for the users. A simple US-based example is school and neighborhood patterns. A school that is mainly attended by members of a single ethnic group is going to have page content that's mostly the same as all the other schools in the district. The schools all have similar events and play the same sports, but serve different groups of students and parents. So, even though the content is non-sensitive, the cohort is. And local stores with similar merchandise in different neighborhoods are going to get different ethnic affinity groups, I mean cohorts, of visitors. Content in language A could be completely non-sensitive, and local content for region B could be completely non-sensitive, but the cohort of people who use language A in region B could be highly sensitive.

So it might look like nobody will be able to tell which cohorts are really ethnic affinty groups until some independent data journalism site manages to do a study with a panel of opted-in users. This would be the kind of AI ethics research that is bad for career prospects at Google, but that independent organizations can often come up with the funding to do.

But one company doesn't have to wait for the study and resulting news story. Facebook has enough logged-in Google Chrome users that they could already know which FLoC cohorts match up to their old ethnic affinity groups. If a brand buys ads on the open web and relies on FLoC data, Facebook can see when the brand is doing crimes. This doesn't mean that Facebook will disclose the problem, since it gives them something to hold over the brand. No more making any stink about ad metrics or Facebook Groups IRL get-togethers. The extra risk for the advertisers means lower expected revenue for ad impressions tied to FLoC—because of uncertainties that are hard for anyone else to see.

Inspiration for the title for this post:

Your probabilistic ID is just fingerprinting. Change my mind.

— Stephanie Layser (@slayser8) Twitter, January 27, 2021

How Facebook got addicted to spreading misinformation

It Turns Out You Can Bullshit A Bullshitter After All

How to poison the data that Big Tech uses to surveil you

cleaning up YouTube

06 March 2021

Time for another Internet tip. Hope this is useful, since I think my problem was a pretty common one.

  • I want to be able to share a video link from a business-related event and not have a "lizard people run the Federal Reserve" video auto-play at the end of it.

  • I want my family members to be able to click a video on how to play a game or cook a recipe without constantly having to check the recommended videos for those prolific "Fourteen Words" guys.

  • I don't want to watch an exercise video and then have it roll right over into the miraculous bleach and vinegar diet video.

  • And finally, I want to cut back on how much of my personal or business info is used to target me with ads.

Yes, this means cleaning up YouTube. Ideally there would be just one tool I could install, like Facebook Container, but it's a little more work than that. This is going to take two extensions and a little configuration. But in my opinion it's worth it to do this once instead of having to deal with "oh crap, YouTube is showing WHAT?" over and over. Ready?

Part one: containerize YouTube

First, install Firefox Multi-Account Containers. Containers are a way for users to isolate their online identities and tasks from one another. You will get a new Multi-Account Containers button on the Firefox toolbar. This opens the container menu.

Click the button to open the container menu, click "Manage Containers," then "New Container". Make a container for YouTube. I picked red as the color code for tabs opened in this container. (If you already have Facebook Container, which I recommend, you'll have a blue stripe for Facebook tabs.) You can also pick a small icon for the container.

Now that the container exists, go to the YouTube site, open the container menu, and select "Always Open This Site in..." Pick the YouTube container from the list.

Now when you follow a link to YouTube, the page will open up in the container, with a stripe on the tab showing the color you picked. You shouldn't be logged in to YouTube with your Google account if you have one.

Part one done. This should limit the use of my info from other services to target me for scams and crap in video ads. This should not require any extra clicks after the original setup. You can even customize the Firefox toolbar and move the Multi-Account Containers button to the overflow area, so you don't have to think about it unless you want to do this for another site.

Part two: patch the YouTube rat hole

Time for another extension: Enhancer for YouTube. This one will change some of the creepy "engagement" promoting behaviors of the YouTube site design.

Install, then open up the preferences. Hamburger menu → Add-ons → three dots to the right of the Enhancer for YouTube entry.

This preferences menu has a whole bunch of stuff on it, take your pick. The essentials are:

  • Disable autoplay

  • Hide related videos

I also hide comments and use the Automatically enable YouTube's Theater mode option to make the video bigger and fill in the extra space (that used to be occupied by thumbnails of the flat earth video, the miracle virus cure video, and the video about the dead politician who is secretly alive and is coming back to massacre everybody that some video maker doesn't like).

You can also click around with some of the other options. I haven't messed with this extension since I got things cleaned up. If you like a video channel you can allow autoplay just for playlists, and the extension doesn't interfere with browsing a channel's home page or videos list page.

All done.


YouTube is not in business just to show you the videos you want. The more that viewers pick their own videos, the more market power that popular video creators end up with, and the lower the share of ad revenue that YouTube can capture. The secret of the YouTube model is to commodify the content by artificially driving viewers away from emergent stars...even if that means that the side effect is promoting more bleach-drinking videos or white power videos than viewers actually want.

In the long run, regulation will need to complement the technology here. It will be easy for YouTube to change their site around to make extensions and tips stop working. Drink your bleach and like it, we've got a market to dominate! Right now, there is a lot of focus on the technology and regulation to enforce people's right to block transfers of their data between sites. But there is also going to need to be some protection of the right to turn off automated promotion/commodification of behavior within a site.

Up-to date current list of the most effective privacy tools, services and settings.

‘This could be dangerous’: Why Tim Wu’s appointment has Big Tech rattled

Stop Letting Google Get Away With It

Unpacking Google’s latest blog post on web tracking

Google’s FLoC Is a Terrible Idea

Arizona Bill Offers Major Challenge To Big Tech's Monopoly Power

Introducing State Partitioning

letter to Consumer Reports

04 March 2021

(here's the body of a letter I'm sending to Consumer Reports. Feel free to copy, modify, and send to other public-interest sites or open-source projects.)

I'm writing to ask you to set an HTTP header on the Consumer Reports site to help keep deadly robots from burning people's houses down.

First, here's the header.

Permissions-Policy: interest-cohort=()

I know it's a little overhead on each request, but here's why you're going to need it.

The Google Chrome web browser is going to be coming out with a new feature called Federated Learning of Cohorts (FLoC). FLoC is software that runs in the browser and assigns the user to a group, or cohort, based on the web sites they visit.

Each user would be assigned to one cohort, so the Consumer Reports site visitors will be spread out among several cohorts. In order to use cohorts, sites will have to learn which cohorts correspond to which characteristics about people. For example, Consumer Reports members might be assigned to cohorts that are heavy on "appliance buyers who are concerned about safety." When retail sites are able to analyze the meaning of a visitor's cohort, they'll likely begin to optimize, showing the safest, highest-quality appliances to the users whose cohort shows they're likely to be Consumer Reports members, and showing the lower-quality appliances, more likely to catch on fire, to the members of other cohorts.

In the long run, it's bad for everyone in the market when companies can easily monetize unsafe products. FLoC doesn't require a deliberate decision by anyone to trick any customer into buying a dangerous appliance. The machine learning software on the retail side just "learns" how to optimally move certain SKUs, without ever knowing that they match up to fire hazards for the customers. Cohort training is an important area for ethical AI research, but Google has been abruptly terminating some key people who were responsible for leading research in the field of AI ethics. Until FLoC has been tested for safety, and for other problems such as enabling unlawful discrimination, it seems best to stay opted out of it. That header is the only opt-out method for now.

If you have any questions about how to test the HTTP header, please let me know. A test of FLoC will be starting shortly, and you can learn more at the World Wide Web Consortium's Web Incubator Community Group (WICG).

leaked: a new surveillance browser?

01 March 2021

I just heard from a reader of this blog that a dictatorship is taking over in their country, and will be requiring all citizens to use their new web browser. The scary thing is that this new country-specific browser will have a built-in surveillance system in it. Excerpt from the top-secret document follows.

Today, citizens are categorized, governed, and provided with public services based on a variety of tracking techniques. It would be more efficient and less costly for the State if citizens could be assigned to priority groups, or cohorts, within the browser itself.

We plan to explore ways in which a browser can group together people with similar browsing habits, so that the State (and private entities regulated by the State) can use the habits of these cohorts, to:

  • prioritize assignment of surveillance personnel to individuals

  • allocate public services preferentially to favored religious and language groups

  • encourage self-reeducation by members of marginal groups

Browsers would need a way to form clusters that are both useful and efficient: Useful by collecting people with similar enough interests and producing labels suitable for machine learning, and efficient by cheaply forming large clusters that can be used to prioritize the assignment of costly individual surveillance technologies and of public-sector services such as education, business subsidies, and travel documents.

A Citizen's Omnipresent Law-Enforcement and Favoritism (COLF) cohort is a short name that is shared by a large number (thousands) of people, derived by the browser from its user’s browsing history. The browser updates the cohort over time as its user traverses the web. The value is made available to websites via a new JavaScript API.

The browser uses machine learning algorithms to develop a cohort based on the sites that an individual visits. The algorithms might be based on the URLs of the visited sites, on the content of those pages, or other factors. The central idea is that these input features to the algorithm, including the web history, are kept local on the browser—the browser only exposes the generated cohort. The browser ensures that cohorts are well distributed, so that each represents thousands of people.

Hiding or falsifying cohort membership

Some citizens who are members of less favored cohorts might configure or modify their browsers to send a blank, random, or deliberately chosen cohort. This behavior will be disincentivized by doing spot-checks that compare the observed cohort for a citizen to a set of likely cohorts calcuated from known PII for that citizen.

Cohorts do not eliminate the need for detailed State surveillance of a subset of citizens, just as a vehicle license plate does not eliminate the need for random checks of a driver's papers. However, license plates and cohorts are easily observable in large numbers, and appropriate penalties for falsification of either can be applied. Cohorts are a cost-saving complement to other surveillance technologies, and make more kinds of discrimination and surveillance practical and affordable.

Sensitive Categories

A cohort is designed to reveal sensitive information. A user might configure or modify the browser in an attempt to remove visits to sensitive sites from cohort data collection. But this does not mean sensitive information can’t be leaked. The State is aware of correlations between browser history and sensitive cohort membership that citizens are not aware of.

Citizens might attempt to evaluate their own cohort by measuring and limiting their deviation from population-level demographics with respect to the prevalence of sensitive categories, to prevent their use as proxies for a sensitive category. However, this evaluation would require knowing how many individual people in the cohort were in the sensitive categories, information which could be difficult or intrusive to obtain.

...all right, that's enough. This wasn't some new surveillance browser, it's a lightly edited version of the FLoC README. How much of a Bay Area big company employee filter bubble do you have to be in to see an idea for having the browser tell sites, "MY USER IS A MEMBER OF THIS GROUP" and think, wow, we can use this to sell sneakers! Anybody who wants sneakers, if you seriously have no idea how to get them, let me know, I'll drive you to the damn shoe store myself. Easier than dealing with all this labeling-people-with-group-identifiers creepy jibber-jabber.

Global Privacy Control Endorsed by California AG

Firefox's Latest Update Promises Complete Cookie Control—With Just A Few Caveats

Cheat sheet: What to expect in state and federal privacy regulation in 2021

FLoC opt out

13 February 2021

Updated 22 Apr 2022: Added header for "new FLoC"

Updated 15 Apr 2021. Added some links to related articles, added mention of test in progress.

Updated 28 Feb 2021. Removed meta tag material, added link. We still do not know how to opt out of FLoC without setting an HTTP response header.

I'm not going to cover all the problems with having web browsers label their users with "cohorts" here. Really briefly, the Google Chrome browser might start using a system called "Federated Learning of Cohorts" (FLoC) to partly replace some of the data practices that are currently done using third-party tracking cookies.

There is a test of FLoC now running that is opt-in, but the core FLoC proposal is still opt out. It looks as if, in order to protect Google Chrome users on your site, you will have to change the site configuration a little.

New opt out

The opt out for the new FLoC, Topics API is:

Permissions-Policy: browsing-topics=()

Opt out method 1: HTTP header in the site config

The header you need is Permissions-Policy, and looks like this:

Permissions-Policy: interest-cohort=(), browsing-topics=()

In order to set that in Apache2 on Debian, I made a file called /etc/apache2/conf-available/floc.conf with the line:

Header always set Permissions-Policy: interest-cohort=(), browsing-topics=()

and then ran:

a2enconf floc.conf
apachectl graceful

I'm going to do this on all the sites where I have access to the web server config and can easily add a header.

You can also add the header in the appropriate .htaccess file.

For WordPress

There is a new WordPress plugin to add the opt-out header: Opt-out of FLoC on your WordPress website – Roy Tanck

Opt out method 2: for sites that can't set HTTP headers

Work in progress. The HTTP header is still the only way to opt out, since a meta tag won't work. (Discussion on the WICG/floc repository on GitHub.)


In the future, to check that it worked, I should be able to use the Permissions API. An example of a Permissions API query that works is this one, for how to check the Geolocation API permission:

// Check for Geolocation API permissions
    .then(function(permissionStatus) {
        console.log('geolocation permission state is ', permissionStatus.state);

Right now when I do the a query for the name interest-cohort, I'm getting The provided value 'interest-cohort' is not a valid enum value of type PermissionName. but I'm sure that they'll get this fixed up before FLoC gets turned on in regular people's browsers. Anyway, will update as I get to test more.

Well that was interesting

I mess around with this kind of thing on a Saturday morning because I'm interested in web privacy, but seriously, opting out of half-thought-out site audience data exfiltration schemes should not have to be something that people with normal web sites have to worry about. Not everybody has a free Saturday morning to work on their personal site, and not every company has a massive open-plan office with armies of developers to throw at projects they need to do just to stay in the same place.

New York State Lawmakers Reintroduce CCPA-Like Data Privacy Legislation

On the Dangers of Stochastic Parrots:Can Language Models Be Too Big?

Why a tweet from California’s AG about a global privacy tool has companies scrambling

‘This is what monopolies do’: Nine slams Google News Showcase launch

This is the Democrats’ plan to limit Section 230

Google’s Cookie Replacement Means Nothing Has Changed

Google workers across the globe announce international union alliance to hold Alphabet accountable

Scott Galloway: Why 2021 will be a year of reckoning for Big Tech

Here's What Google Didn't Say In Its Promises About Our Privacy

State privacy law features from the power user point of view

06 February 2021

For those who are planning to subvert democracy in the USA or target vulnerable Americans for scams, I have some bad news. People across the nation are coming together to support new state privacy laws.

Here in California, I say, "right on." All this state political action is not surprising. Privacy laws and regulations are incredibly popular.
California polling before our latest privacy initiative showed 88 percent in favor. Mandating privacy protection is so popular that the argument against the initiative in the voter guide had to focus on how it didn't do enough.

Vote NO on Proposition 24 because it was written behind closed doors with input from giant tech corporations that collect and misuse our personal information—while the measure’s sponsor rejected almost every suggestion from 11 privacy and consumer rights groups.

I'm not just a California privacy law proponent. I'm also a user. A power user. My goal for 2020 was to use the CCPA to opt out of all personalized advertising, and if you count the stuff I'm already protected from by my regular privacy tools, I have mostly succeeded. (I still get targeted ads on Twitter, but those are really just for ridiculosity. Not only do I lack the budget for an F-15EX airplane, I don't even have a pilot's license.)

That meant I did a lot of CCPA opt-outs in 2020. I even got back on Facebook, to CCPA any recognizable brand trying to target me on there. (I didn't bother with the sketchy Facebook advertisers, like all the companies offering software and courses for making money drop-shipping cheap products to people who click on Facebook ads.) The Consumer Reports CCPA Authorized Agent study (PDF) was part of my year of using the CCPA, and I also did a bunch of CCPA opt outs and Right to Knows on my own. On my computers, ccpa is a shell script now, so I can CCPA a company faster than anybody. Time me.

Privacy law features I depend on

As a power user, I'm willing to use services and write code to make my privacy opt-outs work. I understand that there are good reasons for putting privacy laws in the USA on an opt-out basis instead of making them consent-based. I'm fully prepared to do my part of the work, even if that means dorking around with laser printers or fax machines.

If a missing piece in a state privacy law is something that I can work around, I'll do it. So this list is only going to cover what I think are the essentials for making a state privacy law workable.

Reasonable identity verification for opt outs: The CCPA does not require identity verification for an opt out, but companies can deny an opt out if they believe it to be fraudulent. This makes an opt out easier than a full CCPA deletion or Right to Know. Realistically, making people scan their drivers' licenses to opt out is going to do more to deter opt outs than to make them work any better.

Authorized agents: People hate filling out forms, especially minor variations on the same form, over and over. Giving people the ability to delegate the work is what makes an opt-out-based privacy law practical. I know that early CCPA implementations were kind of rough, but the future is in automation and delegation.

Dark patterns: Unless the law covers Dark Patterns, companies are incentivized to make opt-out processes that are technically legal but that keep increasing the time required.

Definition of what is being opted out of: When people ask me about the CCPA, the most common thing they want to opt out of is "stop this company targeting me on Facebook." Please compare your privacy law to how Facebook Custom Audiences work. If the definitions in the law don't cover this high-profile example of creepy privacy violation, you're missing a key part of what voters want, and you need to fix it. (Yes, research shows that 31-36% of people are "Kevins" who want personalized ads. Kevin's desires are already met, so the law needs to focus on helping the rest of the people exercise their rights.)

That's about it. Let me just end with a quick rule of thumb: you know you have a good state privacy law when the surveillance marketing companies lobby for a Federal privacy law to preempt it. If your state isn't making them complain about "uncertainty" and "patchwork of regulations" then you're missing something.

figuring out the CCPA escalation path

Why Google’s approach to replacing the cookie is drawing antitrust scrutiny

Apple’s Tim Cook warns of adtech fuelling a ‘social catastrophe’ as he defends app tracker opt-in

Trust Web Times Interview Series: Brendan Riordan Butterworth

Lawmakers Take Aim at Insidious Digital ‘Dark Patterns’

Facebook predicts ‘significant’ obstacles to ad targeting and revenue in 2021

It's time for Europe to take private data from the hands of powerful tech monopolies and give it back to the people

Investors Want Proof That Digital Ads Aren’t Funding Misinformation

how to CCPA a game company

03 January 2021

I was playing an online game the other night, and another player pointed out that the game had the Facebook SDK in it. This is a small piece of software that, well, I'll quote from their site. Facebook SDKs enable you to pass app event data from your app to Facebook.link added by me

Creepy, right? What can you do about it?

First, the easy answer. On Apple iOS, users are soon going to get an Ask App not to Track button that should help with this problem. You'll start getting dialogs with that option plus an Allow option. I don't have the budget for enough lawyer time to understand what I would be agreeing to if I click Allow, so I'm not going to select that. Keep an eye out for these dialogs, and select the Ask App not to Track button when you can.

Second, the almost as easy answer. Send a CCPA opt-out to the game company. Under the California Consumer Privacy Act, you can require a company to stop selling your personal information. A sale for CCPA purposes does not have to be an exchange of personal info for money. So even if the game company is just getting different data back in exchange for yours, the CCPA still covers it.

How to do that:

  1. Get a CCPA opt-out letter.

  2. Put your info in the blanks with double brackets (name, address, phone, email.)

  3. Find the game company's privacy email address, which is generally in their privacy policy somewhere, and send the email.

They will either act on the request (as they're required to by law) or write back with some instructions for extra stuff they want you to do, which is not exactly legal legal, but companies have been getting away with it. Follow the instructions and you should be good.

After a year of doing CCPA opt-outs, it looks like even if they make you do extra steps to do your opt-out, it's almost always faster to follow the instructions in the email than to try to find the right form on your own. And I use the email outbox as a way to check which companies I have already started the CCPA process with. Yes, there are going to be easier ways to make this stuff work including browser signals and authorized agent services. I'll update with links as they become available.

INTERVIEW: Facebook's policy and privacy director discusses the intentions behind its amped up anti-Apple campaign (FB, AAPL)

You Might Abandon Your New Year's Resolutions, But the Internet Never Will

Video games took on larger roles amid the pandemic

Crime Shouldn't Pay: Why Big Tech Executives Should Face Jail

At Least Now You Know Which Video Game Reviewers Are Sellout Clowns

The data that apps use to track you, according to Apple

Phase 1 Complete – Privacy Transparency Comes to the AppStore

Facebook Employees Leaving As Hate Speech Festers

some ways that Facebook ads are optimized for deceptive advertising

29 December 2020

(updated 14 Nov 2021: deception avoidance and value exchange)

(updated 20 Sep 2021: more material on Ad Library, problem categories, links)

(updated 7 Jan 2021: added intermediary for Custom Audiences trick)

Why are there so many scam ads on Facebook? The over-simplified answer is that Facebook just doesn't have enough ad reviewers for the number of ads they get. Since basically anyone with a credit card can advertise, and advertisers have access to tools for making huge numbers of ad variations, then of course lots of scam ads are going to get through.

Facebook is also more attractive to scammers than other ad media. Deceptive advertisers already get more value from highly targetable ad media than honest advertisers do, because targeting gives the deceptive advertiser an additional benefit. Besides helping to reach possible buyers, a deceptive advertiser can also use targeting to avoid enforcers of laws and norms.

Understaffing and targeting are only parts of the story, though. It's not so much that Facebook is uninterested in dealing with scams, it's as if their ad system in general is the result of a cooperative software development project with the scammers. do Facebook and their scam advertisers constitute an "enterprise" for purposes of RICO? I don't know, might be worth asking your lawyer if you got scammed or impersonated, though Some of the deliberate design decisions that went into Facebook ads are making things easier for deceptive advertisers at the expense of users and legit advertisers.

Custom Audiences don't support list seeding. Until Facebook, every direct marketing medium has supported "seed" records, which look like ordinary records but get delivered back to the list owner or someone they know, so that they can monitor usage of the list. (I used them for a biotech company's postal and email lists, even though we never sold or shared the list. Just to be on the safe side.) Using seed records is a basic direct marketing best practice and deters people who might see your list from misusing it.

Facebook Custom Audiences are a way for scammers to use a stolen list without detection. Facebook Ad Settings lets a user see if they personally are in someone else's Custom Audience, but there's no way for a list owner to check if the seed records from their list ended up on one. Someone who steals a mailing list can sneak it into a new Custom Audience without getting caught by the list owner. Legit direct marketers who want to protect their lists would pay for the ability to use seed accounts on Facebook, but this functionality would interfere with Facebook's support for scam advertisers, so they don't offer it, or even allow anyone else to provide seed accounts. (A limited number of Test Users are allowed for app development, but these are not usable as seeds. Facebook uses the term "seeds" differently from the conventional meaning, to mean the starting names for a Lookalike Audience)

Users can be blocked from seeing the company that really controls the targeting lists that they're on. Suppost that a dishonest advertiser wants to use a California resident's PII, but they don't want to have to honor CCPA opt outs or register with the state. Facebook promises transparency and allows users to see who has uploaded their info. But the dishonest advertiser can simply send the hashed versions of the PII on their list to an intermediary firm, and have that firm transfer the hashed PII to Facebook. Now when someone who is on the list goes to "Advertisers using your activity or information" on Facebook, they see the name of the intermediary firm instead. Even if a bunch of people on the list do opt out, the deceptive advertiser's own copy of the list is intact. When they switch to a different intermediary firm later, there are no opt-outs associated with the list. This also seems to be a good way for extremely suspicious-looking advertisers to hide from people who might report or investigate them. If I check Facebook for exclusion lists used by scammers who think I might report them, I see only the name of a generic-sounding targeted ad company, not the actual dishonest Facebook page.

Ad Library helps hide deceptive ads at times when risk of discovery is high. Facebook's Ad Library is designed to show only "active" ads, those that are running this very minute. A deceptive advertiser using a trademark or a person's likeness without permission can simply turn their ad on and off based on when the victim is likely to be checking the Ad Library. For example, a seller of infringing knock-offs of a European brand can run the ads when European marketers, lawyers, and regulators are asleep but people in the Americas or Asia are awake and shopping. Ad Library makes it easier for scammers to copy honest advertisers than the other way around.

Ad Library delays posting of scam ads. If you see a bunch of similar scam ads popping up, like this...

Facebook scam ads

...but then you go to their Ad Library and get This advertiser isn't running ads in any country at this time, read the fine print.

An ad will appear in the ad library within 24 hours from the time it gets its first impression. Any changes or updates made to an ad will also be reflected in the ad library within 24 hours.

Facebook deliberately gives their scam advertisers almost a full day to take a whack at you before revealing their ads in Ad Library (and, of course, if the ad comes down fast enough, it never shows up there.)

Independent crawling of ads is blocked by policy. On the open web, online ads can be crawled and logged by independent companies. This service is needed in order to check for malvertising and other problem ads. Inside the Facebook environment, however, independent checking on ads is prohibited. Facebook puts the goal of hiding problem ads ahead of facilitating the kinds of services that could help fix the situation.

Image search crawlers are blocked from ads. Many scammers make infringing copies of material from legit ads without permission. Pirated product photos are especially common. The photos in those scam ads above appear to have been taken from a legit retailer. If legit advertisers had the ability to search for ads similar to theirs, or for edited copies of their own photos, they would be able to find a lot. But, for example, TinEye is blocked from Ad Library, to make life easier for Facebook's deceptive advertisers at the expense of legit ones. Wells Fargo has to ask customers to report fake Wells Fargo because Facebook cooperates with scammers pretending to be Wells Fargo, to hide fraudulent uses of Wells Fargo's trademarks.

Categories of scams to look for

The reason that Facebook has to try to shut down research programs like NYU's is that a project with the budget and skills of a small university team could pick up on a bunch of obvious scams with some tools based on existing open-source image matching software.

Some examples:

  • photos of public figures who do not endorse a particular category (such as personal finance experts on cryptocurrency ads)

  • well-known company logos (needs manual check, sometimes the advertiser is a dealer using the logo with permission)

  • rental housing scams—look for the same house or apartment photo showing up in ads from multiple landlords

But why?

It's not clear why a large company would choose to cooperate with deceptive advertisers. This decision might have to do with the fact that Facebook has lots of eyeball-minutes that are hard to sell to the legit market. As Bob Hoffman has been saying for a while, the ad business has a long-running problem of avoiding advertising to older people. Any online forum except the youngest and hottest is going to fill up with older users whose ad impressions are less valuable to marketers. Facebook could be making a short-term revenue-maximizing decision to try to monetize these users better by temporarily filling up the ad spots with scams, and only cleaning up bit by bit when they have to.

Deception avoidance and value exchange

Or maybe it's not a short-term decision after all. What if the deceptive ads are a necessary part of the system?

A common, conventional point of view about surveillance marketing is that people choose to trade information about themselves for better-targeted ads. But this is oversimplified even if you don't get into the details of whether or not people give actual consent to the exchange. Realistically, there aren't enough well-targeted ads trying to reach you at any one time to make the more relevant ads better enough that even a high-status user would notice. If the Facebook ad system is run at capacity, then as a user you're generally going to be getting mostly ads that are not perceptibly well-matched, but still revenue positive for the company.

Allowing a certain percentage of deceptive ads changes the balance. With enough deceptive ads in the system, it becomes a better move for a high-status user to reveal more information. Revealing information might be able to get you enough additional legit ads that the level of risk and annoyance you experience moves down noticeably.

So—even in a idealized consent-based future technical and regulatory environment, where users can't be easily deceived into giving up more information than they prefer to—some rational high-status users might choose to trade away some personal information in order to attract more legit ads and fewer scams. Facebook doesn't have to do anything drastic like offering reduced ad load in exchange for allowing better-matched ads, they can just let you buy your way out of some scams with data.

Salomé Viljoen writes, in A Relational Theory of Data Governance,

[P]eople have a collective interest against the unjust social processes data flows may materialize, against being drafted into the project of one another’s oppression as a condition of digital life, and against being put into data relations that constitute instances of domination and oppression for themselves or others on the basis of group membership.

This ad system might be a good example of that kind of project. A Facebook user who chooses to avoid scams by providing data on their membership in a high-status group is diverting the scams that they would have gotten onto other people, both members of low-status groups and members of high-status groups who share less data.

The question of scam load and total ad load is different from the competition questions around total ad load. In a hypothetical competitive market for social networking services, companies could compete on ad load, but with network effects and winner take all market effects, a monopoly network can run at a higher ad load than, say, a single ad-supported service that participated in a federated system of intercommunicating social sites.


There are some lessons here for the rest of us. When designing new post-cookie ads for the web in general, though, it will be more and more important to avoid the kind of design decisions that Facebook has made. Facebook is highly profitable running deceptive ads today, but as a single company they can unilaterally change their system relatively quickly. All the items above would be small code or policy changes whenever they decide to cut down on scams. For the open web, fixes that need to involve code and business agreements from more companies would be harder.

Universal Digital Ad Transparency by Laura Edelson, Jason Chuang, Erika Franklin Fowler, Michael Franz, Travis N. Ridout :: SSRN

Social media a gold mine for scammers in 2021 | Federal Trade Commission

Facebook scammers are hacking accounts and running ads with stolen money | Mashable

Oracle’s Hidden Hand Is Behind the Google Antitrust Lawsuits

Anti-Facebook agitators see their moment under Biden

Facebook/Apple Spat

Nice Try, Facebook. iOS Changes Aren’t Bad For Small Businesses, by Dipayan Ghosh, Wired

A Sneak Peek at the Apple Feature That Keeps Facebook Up at Night

Facebook Managers Trash Their Own Ad Targeting in Unsealed Remarks

Google, Facebook Agreed to Team Up Against Possible Antitrust Action

Here’s How Shopping Scams On Facebook Are Ripping Off Thousands of Customers, With The Money Flowing Overseas

★ Facebook: Free as in Bullshit

The battle between Facebook and Apple over privacy is about more than just ads — it's about the future of how we interact with tech

Should There Be Limits on Persuasive Technologies?

free riding on future web ads?

20 December 2020

(Update 10 Mar 2022: frequency capping)

Free riding in today's web advertising is pretty basic.

  • Use an ad-supported site while blocking the ads.

Opportunities for free riding in the future are a lot more interesting.

  • Don't store "interest-based" ads that sites ask you to keep for possible future use.

  • Use a modified version of a browser-hosted ad auction that skips time-consuming processing steps.

  • Don't store delayed click or conversion tracking data, just drop it.

  • Turn off the browser's cache partitioning feature to save bandwidth and storage, knowing that companies won't invest in tracking the small fraction of users who figure out how to do this.

  • Identify yourself as a member of a more desirable interest group, to get better-looking ads than your station in life entitles you to.A discussion thread about economic inequality is just under the surface of the web ad argument. Much of the targeting that marketers want to do is about chasing the same people who have the money for discretionary personal spending and are also b2b decision-makers while avoiding wasting ad budgets on people who aren't in a position to spend money.

  • Turn off frequency capping to get more impressions of a big-budget ad instead of the first few impressions of a lower-quality (possibly deceptive or gross) ad

Some of the proposals for post-cookie web advertising create new opportunities for free riding, either by individuals tweaking their settings or by developers who rebuild the browser with stubbed-out versions of ad placement and reporting features.

Privacy features in post-cookie web ads are going to make a lot of free riding hard to detect while a visitor is on a site. There's no immediate difference perceptible to the site between a browser that is actually running in-browser ad auctions and delayed reporting, and a browser that is skipping all that stuff.

Will free riding browsers be an obscure nerd niche, or will these practices become common enough to provoke widely adopted countermeasures? Software, music, and movies have DRM systems. Online games have anti-cheating systems. Educational testing has intrusive proctoring systems. Will future web ad systems require some kind of locked-down browsing environment to keep people using the post-cookie ad placement and reporting system as intended?

How a New Hampshire libertarian utopia was foiled by bears

New York City Drivers Cooperative Aims to Smash Uber’s Exploitative Model - The city's first worker-owned ridesharing app gets ready to take on the big boys.

P&G is taking more of its ad buying in-house in a loss for advertising giant Omnicom

Facebook Profits as Users Are Ripped Off by Scam Ads

Gangs are breaking into fast-moving lorries to steal PS5s

Time to Say Goodbye to Google Fonts

How Easy Is it to Build a Robot Assassin?

My talk, with links, from WebInnovationX

29 November 2020

(This is a cleaned up and edited transcript of my talk from WebInnovationX, with some links put in.)

The IT business has long been in a kind of cycle of centralization and decentralization. After the 8-bit microcomputer days, the IBM PC led into the Microsoft Windows era, then the explosion of companies in the dot-com boom, and the cycle keeps turning. Today, the death of the third party cookieI promised a link to a cookie recipe, so here's one that works reliably for me: Very Peanut Butter Cookies is often seen as a problem of further centralization. If third party cookies go away and we don't have the ability for multiple players on the web to see data from each other, then that leaves a few big companies running everything. The Lumascape would look better with just a few logos on it, and some consolidation is inevitable. But there's a big difference though between some overdue consolidation in the web advertising business and this scary move toward extreme centralization.

Today there are a few extremely large companies that are capable of participating in the web standards process in a large, ostentatious fashion. They have the ability to produce complete implementations of complex proposals, demonstrating their power to drive consolidation of of the web business. Big companies have open-plan offices full of developers for the same reason that King Henry VIII ordered rows of ornamental yew trees planted at Hampton Court Palace: to show that they have enough wealth not to need all that land and labor for food, and to remind visitors of the power of the English longbow. Some consolidation is probably a good thing, but for large companies the process of eliminating the third-party cookie is more about commodifying complementary goods, a strategy that Joel Spolsky pointed out back in 2002. In the days of Linux first catching on as a web server platform, the new OS was used for commodifying the servers. New companies didn't need big Digital or Sun servers like the first generation of big web properties, they could just use stacks of generic PCs.

This innovation led to the giant companies of today, systematically commodifying everything that they touch. A strategy that worked so well for commodifying the hardware business is now being applied to everything, including content and labor. A lot of of attention is paid to big data as a buzzword, or artificial intelligence as a buzzword, but all of these terms are encapsulating a common phenomenon: pushing all the value in the system to a centralized reputation graph, a data structure that allows one company to evaluate which other participants in the system are better or worse for specific purposes. This is a common pattern across the gig economy, across large social sites, and of course the content industry.

Here is a question that that we got before this talk. If personal data becomes available mostly through a few giant companies, and those companies are the only people who have access to these large reputation graphs, then won't all advertising budgets just move to these large companies?

The answer is that yes, content is participating in a race to the bottom, but brands are also subject to commodification. If commodification continues, then brand marketing budget decisions won't matter anyway. Here's a simple example.

Facebook ad info for BM 00704

This is a large company's user dashboard for checking on who is using my personal information. "BM 00704" is directly competing with established brands to sell me branded goods and services, and of course I never gave them my personal info. The big company, in this case Facebook, cooperated in whatever tricks got pulled to get my information from somewhere. In most direct marketing media, like direct mail, a vendor can "seed" the mailing list with records that will get back to them to let them know if the list gets copied without permission. Facebook Custom Audiences give the list owner no way to detect seed records, which makes Facebook an easy way to use a stolen customer list without detection. Brands can't expect any protection from the commodification effect that publishers are seeing. There's no reason to expect that first, servers will be commidified, then they'll come for the publishers, and somehow they're just going to decide to stop before they get to, say, Oreo cookies. If you want to tell the commoditization dystopia story, don't stop at publishers. Tell the whole story, including the brand part.

On the internet we love our dystopia stories. We've had the cryptography key escrow dystopia story, the digital rights management dystopia story, and today of course we're having the surveillance marketing consolidation dystopia story. The crypto issue and the DRM issue are both still problems on the Internet, but they haven't led to the end of civilization as we know it because there's been a set of factors pushing back. Same goes for surveillance marketing. Here, a lot of the anti-dystopia narrative comes from privacy law and tools. As you've probably heard, in the California election that just happened, the California Privacy Rights and Enforcement Act, or Proposition 24, passed with 56% of the vote. That 56% turns out to be way below what CPRA had originally polled at before the election, where it came in at 88 or 72 percent.

At first, it looks like the surveillance marketing business managed to make their case to some California voters. But the main point against proposition 24 in the information that actually went out to voters is that it doesn't do enough:

Vote NO on Proposition 24 because it was written behind closed doors with input from giant tech corporations that collect and misuse our personal information—while the measure's sponsor rejected almost every suggestion from 11 privacy and consumer rights groups....The real winners with Proposition 24 are the biggest social media platforms, giant tech companies and credit reporting corporations who get more freedom to invade the privacy of workers and consumers, and to continue sharing your credit data. Here's what they won't tell you about the 52 pages of fine print: Proposition 24 asks you to approve an Internet "pay for privacy" scheme. Those who don't pay more could get inferior service—bad connections, slower downloads and more pop up ads. It's an electronic version of freeway express lanes for the wealthy and traffic jams for everyone else.

If you look at that 56 percent from the point of view of one of the big surveillance marketing companies, then yes, only 56 percent voted to have you walk the plank, but a substantial fraction of the of the other 44 voted for having you keelhauled first. For another reality check on how far away from people's norms the direct marketing business has managed to get, take a look at this post from the infamous Unethical Life Pro Tips board on Reddit, where monetizing a list of PII was too unethical even for people who choose to moderate a forum about unethical activity.

ULPT Request: How to make money from an email/snail mail list
of contacts? (This post has been removed by the moderators)

California already has one privacy law, the California Consumer Privacy Act (CCPA). The Interactive Advertising Bureau recently surveyed corporate privacy lawyers and they found that only about 1-5% of people who are given the opportunity to exercise their privacy rights under the CCPA actually do so. And 60% of the lawyers surveyed said that their companies just go ahead and make CCPA rights available to everyone. You do have to put an asterisk on that number, because that's 60% of businesses that are big enough and engaged enough to send a privacy lawyer to meet with the IAB, so the actual percentage is probably lower, but it's clear that CCPA is having an influence on privacy features that are being made available even outside of California.

I am one of that 1-5% and i've been sending out CCPA opt-outs since January. The process is really kind of a pain still.

Result of a CCPA Right to Know

The percentage of people who vote for privacy stuff is high, but the percentage of people who actually take the time to do the privacy activities enabled by the law is a lot lower. The only thing less popular than creepy nerds is making yourself do creepy nerd stuff. The decentralizing effect comes from how not only will California voters just keep passing privacy initiatives until this stuff stops, but in how the laws are increasingly making it possible for organizations to take some of these actions on behalf of consumers.

I worked on an Authorized Agent study at Consumer Reports, and it had a response rate that any direct marketer would envy. We had a whole process for recruiting emails and multiple lists and following up, and we didn't have to use any of it because the first email to the first list filled up the entire study group. It's incredibly popular with consumers to be able to say, let me push one button and make this stuff stop. Watch for more info on results of the study.

Authorized Agent services are not some kind of silver bullet for putting end users completely in charge of their personal data. There's a trend among activists to say that we're headed for some kind of privacy or data control utopia, in which people are going to have a high level of control, and that's not realistic. The data isn't worth enough and people don't care enough. But privacy services are a counterweight to centralization trends. As a company gets big enough and high enough in impact to drive meaningful centralization, it's also going to be a high-value target for privacy laws and protection services to balance that out.

This is good news for advertising. Somehow the print publishing business managed to come up with a high margin, repeatable, sustainable advertising model for newspapers and magazines when they were breathing the fumes from molten lead all day, and we have not been able to get anywhere near that on the Internet. So we have a huge opportunity now to redesign the market for web advertising in such a way that it is acceptable to the audience, not forcing the kind of of consolidation that tends to get pushed back, while at the same time producing the kind of reputation effects in the audience's head that make advertising worth buying. If the entire reputation graph lives inside a big company then there can be no brand equity, there can only be bits within someone's centralized score, and that's missing out on a lot of economic value. So I'm highly encouraged to be participating in the Improving Web Advertising Business Group and I'm really looking forward to seeing what kind of models we can come up with. Thank you very much.

Do you have any comments about the pros and cons of closed and open ecosystems? Some of the questions claim that a closed ecosystem is faster and allows for better measurements than the smaller publishers.

Unfortunately in this election cycle we've seen a lot of the limitations of centralization. From the point of view of a large tech company there's constant pressure to lower the costs of functions such as moderation and ad review, and so you end up with moderators and ad reviewers who are doing these very stressful jobs that expose them to a lot of, say, terrorist material or child abuse material. And they're up against dedicated misinformation operations, so when people rely on those centralized information sources then they're they're getting a source of information that's been weaponized by highly motivated bad actors, whether they're financial scammers or political extremists or both. When independent publishers are involved, there's a media ethics point of view or a labor of love point of view on their content that tends to make it higher reputation and more reliable in a way that a big company whose algorithm is constantly being tested and gamed really can't do.

How do we balance the need for privacy with the need for advertisers to know that a user is legitimate?

People have a trust relationship with their web publishers and so there is very personal information that people will share with a trusted content brand that they won't share with some big bad Internet company in general. As editor of Linux Journal some of the most rewarding letters to the editor that we ever received were people who had been reading Linux Journal in prison. They didn't generally have access to an actual Linux box but then when they got out they were able to get some kind of an IT job. People share personal information with their trusted publishers, writers, and editors in a way that a big company can never get.

The way to use that information appropriately, in a way that you can say to an advertiser that yes, I have this highly engaged audience, is a very fruitful field. I would look at the Trust Tokens sessions at W3C when those come up. Real people do a lot of real people things, and real people are good at recognizing other real people. Just to give an example, the 90210 area code in the USA has more Facebook users than people. Publisher networks of trust can show if, yes, this is a real human reader. And they're much more reliable if it's a publisher that has a subscriber or someone who's who's been interacting with them for a while, than if it's just some big company saying, trust us, look at all these people we have watching videos, you can pivot to video now.

WebInnovationX link on YouTube with panel discussion from this session, plus more events

International coalition of activists launches protest against Amazon

Facebook is deleting evidence of war crimes, researchers say

The downfall of adtech means the trust economy is here

France starts collecting tax on tech giants

So, an Academic Walks Into a W3C Meeting…

Is the internet advertising economy about to implode?

Muslims reel over a prayer app that sold user data: 'A betrayal from within our own community'

Marketers are Addicted to Bad Data

An advertising awards show in the browser?

23 November 2020

When adtech people, privacy developers, and the EFF can all agree that something is bad, it must be bad, right?

The proposed Federated Learning of Cohorts (FLoC) would replace the old-fashioned third-party cookie with a shorter identifier, calculated by a complex algorithm from your browsing activity. The cohort ID doesn't correspond to you individually but identifies you as part of a "cohort". Any site can call the JavaScript function document.interestCohort(); to find out which cohort you're in.

Cohort-based ads sound great, if you're in the cohort that gets ads featuring attractive Europeans driving new European cars on winding roads through the European woods. Or the cohort that gets ships cruising to scenic vacation destinations. But not all cohorts are going to get the good ads.

It's even worse when a cohort ID might leak a sensitive piece of information about you. There is no way to test FLoC with all the legacy sites on the web that might leak some kind of sensitive info. What if a user's pattern of play in a casual web game can leak something about their disability to the FLoC algorithm, and they stop getting certain job ads? Proving that FLoC protects user privacy is an unsolved problem, and might be mathematically impossible. So we have to assume that the a cohort ID leaks bits of sensitive personal info until it can be shown that it doesn't. And, of course, from the web publisher point of view, FLoC leakage is a business issue. The FLoC algorithm could "learn" the subscriber lists of niche publications that depend on ad revenue. Since any site can call interestCohort, a site like cheapAssCatGifs.com might be able to sell the audience of a site like expensiveCarTeardownReviews.com, just based on cohort ID.

The FLoC-powered awards show

So far, not so good. But offline, people actually buy posters and books of award-winning ads, so there must be some demand for the good ads. If only there were some way to get more of the good ads right in the browser.

That's where FLoC can really help.

Step one: Identify the good FLoC-based ads that appear on a set of sites, along with the cohort ID of the cohort that got them. For a first pass, pick out the ads that carry the most revenue for their weight. In general, the ad campaigns that are willing to pay more per impression are also the ones that have a budget for good creative work. At this point we have a first pass at a set of possibly good ads and can pick some good ones manually.

Step two: Keep track of which cohorts got the best ads, and share the highest ranking cohort with browsers that want to give their users the best experience.

Step three: the browser always responds to document.interestCohort(); with the winning cohort ID, for all users. No leakage of possibly sensitive info, the browser developers don't have to code and test a bunch of hard cohort math, and everybody gets the good ads. It's like an ad awards show in the browser. Could be updated every browser release.

What do you think?

Watch out, Facebook—Apple’s ad-tracking user protections are still on track

Once Again, Facebook Is Using Privacy As A Sword To Kill Independent Innovation

Introducing Cover Your Tracks!

YouTube will run ads on some creator videos, but it won’t give them any of the revenue

ID5 Is Building a Community to Bolster Its Universal ID

“Schrems III”? First Thoughts on the EDPB post-Schrems II Recommendations on International Data Transfers (Part 2)

What is header bidding?

Apple’s IDFA gets targeted in strategic EU privacy complaints

How the U.S. Military Buys Location Data From Ordinary Apps

CNAME Cloaking and Bounce Tracking Defense

The future of identity and addressability is people-based IDs

WIP: running a CCPA-in

13 November 2020

Something to keep in mind for when they open up street fairs again. Could also run this as a local public library event or trade show booth.


  • computer(s)
  • laser printer (office type with low cost/page)
  • one box per company
  • generator (if at a street fair)

How it works.


  1. Hook up the hardware.

  2. Label the boxes with the addresses of the companies to be opted out of.

For each user:

  1. User goes up to the computer, opens a simple web application, and types in their info.

  2. User can preview a sample CCPA letter on screen.

  3. User approves their contact info as it appears on the sample letter.

  4. Application generates a multi-page PDF, one company opt-out per page, and prints.

  5. User signs each page and hands back to a volunteer

  6. Volunteer puts each page in the appropriate company's box.

At the end of the event:

  1. A volunteer seals up each box of letters

  2. A volunteer takes each box to the appropriate company (if local) or ships it.

This should be able to do CCPA letters at under a dime each. Under one cent for the paper, three or four cents in printing costs, about three cents per page for shipping if a large number are packed and shipped together.

This could also be set up as a kiosk with a drop box for step 5 and just come around every so often to empty it and ship out a batch.

The next fleet of Breitbarts is already raking in your ad dollars

Millions wasted on undercover operations as cops infiltrated 'clown army'

‘Go in small with clear-eyed expectations’: How a crop of startups are trying to make for-profit local news work

Biden-voting counties equal 70% of America’s economy. What does this mean for the nation’s political-economic divide?

Only the richest ancient Athenians paid taxes – and they bragged about it

The right-to-repair movement has even bigger plans for 2021

America’s Next Authoritarian Will Be Much More Competent

California just passed a major privacy law that will make it harder for Facebook and Google to track people and gather data

First-time buyers send gun sales through the roof

Why don't you CCPA Facebook?

22 September 2020

Here's another question I get a lot. Why don't you CCPA Facebook?

Here are some reasons, and there are probably others. (This post contains facebook.com links, so you may want to check your browser privacy settings before clicking.)

  1. CCPA Do Not Sell requests, also known as opt outs, only affect "sale" of personal information. In general, the flow of personal info to Facebook is one way, inbound. Facebook either (a) doesn't sell or share my personal info, or (b) they do but stop when it makes the news.

  2. A CCPA Right to Know probably wouldn't get me any more information than is already available using Facebook's Download Your Information feature, at least to start.

  3. Facebook trackers on non-Facebook web sites can be blocked with Facebook Container and other browser privacy features. This activity is important to stop, but it's already handled.

  4. When the user-enabled global privacy controls mentioned in the CCPA regulations are ready, I'll be sending a CCPA opt out to every site I visit unless I specifically say otherwise. So I don't need to worry about Facebook trackers on random sites any more than I need to worry about any random LUMAscape company.

  5. Facebook Custom Audiences are like those sampling wells on hazardous waste sites that catch anything nasty that leaks in the area. Crooked politicians, fake brands, Amazon review manipulation schemes, data brokers ripping off their clients, the whole skeevy side of marketing is right there in the Facebook ad settings. If I sent a CCPA Right to Delete to Facebook, it would be like deleting my account manually—I would lose a way to see what's happening with my other CCPA activity and to learn about other privacy risks.

I do use Facebook Custom Audiences to find companies that are sending my personal info to Facebook. In the case of obvious scams or marketing firms taking advantage of clients, I just take a screenshot. If a real company is adding me to a Custom Audience, I CCPA the company, where it will do some good.

‘Ripped the Band-Aid on some hard decisions’: How The New York Times is reshaping its ad business for a cookie-less world

Why Platform Changes Are A Bigger Deal Than GDPR

Apple’s iOS 14 Brings Us a Cookieless Future Sooner Than We Thought

I just realized I have been running 99% fraud sites

Are Journalists and Researchers the Real Content Moderators?

‘Re-architecting the entire process’: How Vice is preparing for life after the third-party cookie

‘We’re getting more used to the uncertainty’: BBC Global News chief on ad-funded news

figuring out the CCPA escalation path

19 September 2020

(Update 10 Sep 2021: add more material on GPC)

(update 8 Oct 2020: add material on GPC, copy edit)

The later you catch a software bug, the more expensive it is to fix. Catching a syntax error while you're typing code costs practically nothing, fixing a broken test is more expensive, and deploying an update to users can cost even more.

The California Consumer Privacy Act (CCPA) provides for a similar escalation path. It's helpful to look at all the ways to handle CCPA obligations in order from lowest overhead to highest. Just as software developers are learning to find and fix threading bugs with build-time borrow checking before a difficult bug can make it to a customer, companies are learning how to handle CCPA rights at the easiest, fastest, cheapest level.

Here are the levels, cheapest to most expensive.

browser Do Not Sell. The CCPA regulations (PDF) say,

If a business collects personal information from consumers online, the business shall treat user-enabled global privacy controls, such as a browser plug-in or privacy setting, device setting, or other mechanism, that communicate or signal the consumer’s choice to opt-out of the sale of their personal information as a valid request submitted pursuant to Civil Code section 1798.120 for that browser or device, or, if known, for the consumer.

A standard signal to implement this, called Global Privacy Control, has just been announced, and is being tested across a variety of browsers, extensions, and sites. It is technically similar to the old Do Not Track, with the big difference that it's intended to be now legally required (updated for 2021).

authorized agent Do Not Sell This is the first escalation for a mishandled browser Do Not Sell, and the lowest level for a company that the consumer does not have a direct HTTP connection to. Agent opt outs can be bundled and made easy to handle, and the agent has an incentive to cooperate with the company, to cut their own costs and increase user satisfaction. Bulk handling of agent opt outs is an easy win for DSAR vendors, to lower average cost per CCPA transaction.

Do Not Sell My Personal Information emails and clicks. These are similar to a GDPR Article 21 objection, but that can't be handled with the same processes used for GDPR. Lightweight because no user identity verification is required (although the company can do an anti-fraud check) but still heavier than handling an agent opt out. If you get an opt out, cheaper to act on it than to push back and make the consumer escalate to a Right to Know or Right to Delete.

Right to Know and Right to Delete If a Do Not Sell gets subjected to illegal verification steps or other dark patterns, then the consumer can escalate to a Right to Know, followed by a Right to Delete. According to vendors of Data Subject Access Rights software, manual handling of a Right to Know can cost $1,400-$10,000. Software and processes are going to bring this down, but realistically nowhere near the cost of dealing with the browser signal or the agent opt opt correctly in the first place.

Companies that try to apply the same user experience to a Right to Know as to a more common and less expensive opt out are likely to have to have to deal with a higher volume of Right to Know requests.

Somewhere along this escalation path, users can make automated or manual reports to the office of the Attorney General, to help them pick targets for enforcement. They certainly don't have the staff time to go after most CCPA violations, but reports from consumers and consumer organizations will help them pick some high-priority targets.

Some experts are recommending relying on dark patterns to limit the number of CCPA requests I still don't like the term "requests" here since the company has to comply with them. And legally binding communications coming from the company to the customer is never called a request. But "request" is in the regulations. that companies have to deal with. But we're going to discover that the dark patterns approach is flawed. Yes, a lot of consumers are going to give up and go away when they hit a dark pattern, such as an extra verification not allowed by the law, but a fraction of the consumers are going to escalate. A company that chooses dark patterns instead of straightforward compliance is making a high-stakes bet on what fraction of consumers will escalate.

We don’t stop until hate for profit stops

Endorsement: Yes on Prop. 24. It’s not perfect, but it would improve online privacy

Killing the Ad Business. From the inside.

Opt-In Value Exchange Ads: Examples and Best Practices

How Prop 24 Regulates Big Tech and Data Brokers that Sell Your Personal Data

a less annoying future for consent and registration?

07 September 2020

(This post is a continuation of the likely near future for web ads scenario, which is now happening.)

Web advertising is rapidly fixing itself. There is still quite a bit of brokenness, but it's not fundamentally as bad as some proponents of alternate business models make it out to be. Free, ad-supported, web content was never really the problem. In print, the subscribers basically covered the printing and postage, and the advertisers paid for the content. More pages of advertising, more budget for articles we could assign. When publishers went to the web, they didn't emphasise advertising-funded business models originally because they were hippy-dippy Internet freedom types—they made a fairly sound business decision to let the readers off the hook for the high distribution costs they were no longer incurring. Yes, in hindsight it would have been better to have an incredibly cheap subscription, or even one that came out to a negative price after coupons, in order to get a hard-to-fake signal of reader engagement, but basically, the decision to go free was pretty reasonable.

Unfortunately publishers ignored the big problem, which was that browsers, until recently, facilitated cross-site tracking. This put sites into a race to the bottom on ad pricing. Any advertiser could track an expensive site's audience to the next cheapest site, and so on. And in most of today's web, that means no market power for a publisher with a good list of subscribers or at least registered readers. When good ad campaigns can chasing big-budget readers on cheap sites, that frees up space on legit sites for crappy ad tricks like traffic arbitrage and sends money to 'Unknown delta' instead of paying the publisher.

Too many publishers had a casual attitude toward reader data, and just let the browsers take it and leak it to whoever. If publishers were more like tech firms, they would be all like, "what, someone else is making money from ads served to OUR readers? Those eyeballs are OUR PROPERTY! Muster all the lawyers and lobbyists we can find to put them out of business!" If publishers got a fraction as mad about having their audience data taken as Hollywood people get mad about having their movies pirated, or hardware people get mad about generic cartridges that fit their printers, we wouldn't be in this mess.

Enough review.

That's all changing. Ever notice that more and more sites are making you give your email address, or log in with SSO, to keep reading? Browser privacy changes are rapidly increasing the market power of sites where users are willing to sign in.there is no reg wall cartel

The market price of an eyeball has fallen into different sets of price brackets, with the dividing lines between the brackets changing as the browsers and regulations change.

Pre-2017: subscriber > trackable reader > ad blocker user (The ad blocker user is still worth something if you choose to pay into the Acceptable Ads racket or do some other reinsertion tricks.)

2017 (Apple Safari ITP): subscriber > registered reader > targetable reader > unregistered ITP user > ad blocker user

2018 (GDPR): subscriber > registered reader > consent-giving reader > no-consent reader or unregistered ITP user > ad blocker user

2021 (death of the 3rd-party cookie): subscriber > registered reader with consent > unregistered or no-consent reader or ad blocker user

If things keep going the way they're going, a pageview from a non-registered user is not going to be worth much more than a pageview from a user who is blocking ads entirely (or, in practice, trying to block ads but getting some ads reinserted by their ad blocker's paid whitelisting scheme) Meaningful consent that's good enough for high-CPM ads has been getting harder and harder to get for a while now. And there's a lot of attention being paid to complex technical schemes to replace the third-party cookie, but in order to use them, the site still has to get people through the consent UX. So by the time a site gets the consent UX up to the point where it's passing inspection with the regulators, publishers might as well be combining the consent wall and the reg wall.

Just getting someone through a consent dialog but not the reg wall just puts them into a basically worthless state. Sites might find it better to skip the big up-front consent experience anyway and put all the UX effort into getting the registration, which is where all the money is anyway.

Schrems II Offers an Opportunity—If the U.S. Wants to Take It

Why Google and Facebook are being asked to pay for the news they use – explainer

Apple’s New Ad Champions Privacy by Reminding Us About Everything We’d Rather Keep Quiet

Online Privacy Should Be Modeled on Real-World Privacy

Ad-Supported Piracy Is Thriving, Thanks To Programmatic Ad Tech

‘Speeding up market consolidation’: Apple’s privacy changes expected to spark wave of gaming and ad tech M&A

Claire Atkin and Nandini Jammi Want You to Check Your Ads

Let's Hold Ad Platforms 'Strictly Liable' When They Sell Fraudulent Ads

Building a C program with dependencies in a container with Earthly

28 August 2020

Every time I build an open source project from scratch, I end up installing a bunch of dependencies. And often it's tricky to get the build working the same way on multiple systems. And it's even harder to get new people started on a project.

So just containerize it, right? So far I have found that Docker containers work great for web applications. I get an accurate copy of the standard production environment inside a container, and I can still edit files and use my web framework's auto-reload feature. Here's an example, the web.sh script in the Pinfactory project. All the dependencies get installed in the project Dockerfile, and then the source code (including all the HTML templates, CSS, and graphics) is in a volume shared into the container. This way I can do a flask run inside the container, and when I edit a file in the volume, it Just Works and auto-reloads. Pinfactory is easy to work on in containers. You can run one script to do all the unit tests in a container, one script to start up a web server with real data, and there's even a tricked-out demo script. that creates a container with multiple users. Containerizing web applications is a win for small stuff, too. Here's a simple Dockerfile for a Jekyll project that I can use to preview a relatively large Jekyll site locally, without installing any Ruby packages.

Containers for developing and testing web sites locally are great. So what about containerizing a regular software build?

Building a simple tool to sign files

I run my own mail server and other services. (My blog is on a VPS with a static site generator.) That means tracking and deploying a bunch of files that end up in a bunch of different places, on systems running a variety of Linux distributions.

I want to be able to sign important files, and check signatures, so I'm looking for a good, lightweight digital signature tool.

Looking around, I found signify, the OpenBSD tool to sign and verify signatures on files, in a portable version. Looks like just what I need. Sign stuff, check the signatures of files on a remote system, not a lot to configure, easy to script. Also, good practice for a new way to make a software build easy to manage and repeatable.

Signify has a very nice build that facilitates what I want to do, driven by a well laid-out Makefile. I can build a statically linked signify, and the man page, that will work on all my Linux systems of whatever distribution. Signify is also a good example of a program to build and install, because it includes an interesting dependency and a step where the Makefile needs to check a signature of the dependency.

Driving the build with Earthly

Earthly is a build automation tool for container-based tools. It uses the Docker daemon to manage containers. I have run it with both docker.com's Docker Engine and with the Docker packages for Fedora 32: moby-engine and docker-compose.

Earthly is controlled by an Earthfile, which is like a Dockerfile, broken out into targets like a Makefile. Each target produces an entire container image, including all side effects. If anything in your build leaves stray files behind in /tmp or the user's home directory, they will be persisted.

The install is simple—it's a single binary. The install instructions on the Earthly site will put it in /usr/local/bin by default, but there's nothing else to add or configure besides Earthly and Docker. More info: Earthfile reference

There is an example Earthfile for a C++ project with CMake that I'll use as a starting point.

Planning a Signify build.

My Signify build will have to be a little more complicated than just installing the packages I need from the package manager, copying the Signify source code into the container, and then running make.

In order to make a static build with signify's bundled copy of libbsd, I will also need to download and verify a libbsd release. The signify Makefile already knows how to download libbsd and build it into a statically linked signify binary. All I have to add to do is

make BUNDLED_LIBBSD=1 static

But if I do that, every time I do a build, I have to go out on the network. Behind the scenes, the signify Makefile is running wget to download first the signature for the libbsd release...

    $(WGET) -cO $@ '$(libbsd_ASC_URL)'

and then the tar file.

    $(WGET) -cO $@ '$(libbsd_TAR_URL)'

So I really want to separate the download step from the build step. I want something like this.

  1. Set up the base system and save a container image.

  2. Download libbsd and save a container image.

  3. Copy my current version of the code into the container, do the build, save the build artifacts.

Step 3 shouldn't require any network access, so should be really fast. As fast as a regular make, anyway.

First try, first FAIL

Here's my first attempt at step 2. I'll take advantage of the nice libbsd-download target in the signify Makefile, and do this right after I copy the code into the container.

COPY --dir . /code
RUN make BUNDLED_LIBBSD=1 libbsd-download

No, wait, libbsd-download needs to check the signature. Make that:

COPY --dir . /code
RUN gpg --import /root/keys/libbsd.asc
RUN make BUNDLED_LIBBSD=1 libbsd-download

When I first tried this, I was not able to make the libbsd-download target, because GPG tried to leave a socket behind under .gnupg in the build user's home directory.

+build | ERROR: (RUN [make BUNDLED_LIBBSD=1 static]) executor failed running [/bin/sh -c  /bin/sh -c 'make BUNDLED_LIBBSD=1 static']: buildkit-runc did not terminate successfully: context canceled: context canceled
Error: solve side effects: build error group: solve: failed to solve: rpc error: code = Unknown desc = failed to compute cache key: failed to create hash for /root/.gnupg/S.gpg-agent: archive/tar: sockets not supported

If you found this page by Googling for archive/tar: sockets not supported, here's the answer. It's a known bug in buildkit, the software build system maintained as part of Moby, which is the open-source project that forms the basis of Docker. Earthly has fixed the problem by updating to the new version of buildkit.

If you're still seeing this error, you can (1) upgrade your Earthly and Docker, (2) don't try to do any build steps that run GPG until the final target, or (3) remove the sockets by adding

RUN rm -f /root/.gnupg/S*

before the SAVE IMAGE.

So my first attempt at getting Signify to build was:

  • copy the signify sources over
  • import the key
  • Do a make libbsd-download
  • remove the GPG sockets because they can't be saved in the container image
  • finally, save the image.

In Earthfile, that looks like this.

RUN gpg --import /root/keys/libbsd.asc
RUN make BUNDLED_LIBBSD=1 libbsd-download
RUN rm -f /root/.gnupg/S*

But that's a sub-optimal solution.

Splitting out download, copy, and build steps

The problem with the above method is that if I change something in the signify source code, the Earthly build has to go download libbsd again.

This is slow, and bad style, and it means if you need to make a quick change to the C source code, the build still goes and gets some unchanged dependencies.

Ideally you have all your dependencies stored locally, so if there's a network outage, or a trade war, or some developer rage-quits and takes their downloads page down, the build will still go brrrrr. Not that anything like that would happen in the case of signify, but you never know. And since Earthly is new enough that early Earthfiles will end up being copied and changed for generations, like Makefiles, I might as well figure out a generally good way to do it.

Making it all work.

So here's the solution I came up with. First, I'll get the base system set up. This should be familiar to Docker users. The root user is going to need a copy of the public key needed to check libbsd, so we'll get that too.

# build.earth
FROM debian:stable

# install build dependencies, then clean up system packages
RUN apt-get -y update && \
    apt-get -y install build-essential file make gcc git pkg-config wget && \
    apt-get -y --purge autoremove && \
    apt-get -y clean 

# Fetch the public key for the libbsd release.  This will be needed in
# the build step.
RUN mkdir -m 700 -p /root/keys /root/.gnupg
RUN wget https://www.hadrons.org/~guillem/guillem-4F3E74F436050C10F5696574B972BF3EA4AE57A3.asc -O /root/keys/libbsd.asc


Now it's time to get the bundled libbsd. Instead of running the entire make libbsd-download, we'll just grab the files. We can apply the "Don't Repeat Yourself" principle to the URLs, by having the Makefile tell us what they are, using the libbsd-print-urls target.

  # This target downloads the bundled libbsd.  This should only run again
  # if the Makefile changes.
  RUN mkdir /bundle
  COPY Makefile /bundle

  # The Makefile includes a "libbsd-print-urls" target that prints the 
  # URLs of the libbsd files needed to work with this version of signify.
  RUN (cd /bundle && make BUNDLED_LIBBSD=1 libbsd-print-urls | xargs wget)
  RUN rm /bundle/Makefile

  # Now all that is left in /bundle is copies of the files listed by
  # libbsd-print-urls.

At this point, we have a container image with the libbsd code and signature in /bundle, and the key needed to check it in /root/keys. Now it's time to copy in the actual code, and add the libbsd files.

  # Copy everything, then copy the libbsd files in.
  FROM +bundle
  COPY --dir . /code
  RUN cp /bundle/* /code

The code target will get re-run any time that anything gets changed. But it's fast because it's just local copies.

Hooray, time to build. We'll do a quick touch on the libbsd files so that the helpful and full-featured Makefile doesn't try to get them again, then make the executable, make the compressed man page, run the test suite, and save the artifacts.

  FROM +code

  # The modification date on the libbsd source and signature needs to be
  # new enough for the build not to try downloading it again.
  RUN find . -maxdepth 1 -name 'libbsd*' -exec touch '{}' ';' 

  # The build requires a GPG verify, so import the key
  RUN gpg --import /root/keys/libbsd.asc

  # Make the statically linked binary and the compressed man page.
  RUN make BUNDLED_LIBBSD=1 static signify.1.gz

  # Run the regression tests. (Even though signify is already built with
  # bundled libbsd, we need to use BUNDLED_LIBBSD to keep from checking
  # for a system installed copy.)
  RUN make BUNDLED_LIBBSD=1 check

  # Save the static binary and the man page
  SAVE ARTIFACT signify AS LOCAL signify
  SAVE ARTIFACT signify.1.gz AS LOCAL signify.1.gz

No need to SAVE IMAGE a container image at this point, because I just need the two artifacts.

And it's all done.

Right now Earthly is pretty new, so most of the discussion is happening on the GitHub page.

There is also a Gitter channel for user questions.

The project is responsive to issues and suggestions—they implemented my suggestion to move the cache out of /tmp and into what I think should be the FHS-compliant place for it. Watch the Examples on their docs site for more sample builds.

This article and modified versions of this article may be copied and redistributed under the same terms as Earthly.

This article and modified versions of this article may be copied and redistributed under the same terms as Signify.

Markdown source for this article: signify/README-earthly.md at earth-wip · dmarti/signify

Answers to some questions on CCPA opt out compliance

14 August 2020

(update 28 Aug 2020: when a company can contact a consumer directly)

I have been getting some interesting questions about how GDPR compliance doesn't necessarily get you CCPA compliance.

Q: CCPA opt-outs do not have to be verified? Does that also apply to Right to Know and Right to Delete?

A: No. The standards for opt out and for other CCPA requests are different.

Deletion or Right to Know have to be either verified, (or, in the case of an agent request, done with a power of attorney).

opt out (Do Not Sell) no verificationno verification
Right to Know verificationverification with the consumer or power of attorney
Right to Delete verificationverification with the consumer or power of attorney

Q: Don't companies have to verify requests in order to avoid risks?

A: Yes, this is why there is a verification (or power of attorney) requirement for Right to Know and Right to Delete. The customer doesn't want to risk having their record sent to the wrong person, and they don't want to risk having their loyalty program deleted right when they were on their 9th paid sandwich and they have a free sandwich coming.

But an opt out is different. The regulations require no verification here because the risk is lower. The only consequence to the consumer of accepting an opt out erroneously is that a "do not sell" bit in their customer record gets set. Nobody's info will get compromised or deleted.

Q: If a company does come up with a good-faith reason to deny an opt out, can they use the same verification process as for GDPR?

A: No. A slightly different workflow is needed. Let's review the regulations again...

A request to opt-out need not be a verifiable consumer request. If a business, however, has a good-faith, reasonable, and documented belief that a request to opt-out is fraudulent, the business may deny the request. The business shall inform the requestor that it will not comply with the request and shall provide an explanation why it believes the request is fraudulent.

So you can't just treat a CCPA opt out that you suspect is fraudulent as if it was an incoming GDPR Article 21 objection that you can verify. This is one of two ways that a CCPA opt out is different from a GDPR Article 21.

  1. For Article 21, a company can verify just based on "reasonable doubts". For CCPA opt-out, the company can only deny if they can meet the higher standard of "good-faith, reasonable, and documented belief."

  2. Even if the company does have a belief that meets the CCPA standard, they can't just redirect to the verification form that they use for Article 21. An explanation of why they believe the opt out is bogus has to come with the denial. And the explanation goes to the requestor, which is the authorized agent in the case of an agent request.

A lot of vendors still get this wrong, likely because they are still repurposing GDPR code for CCPA. This is something you have to check.

Q: When a company receives an authorized agent opt out, when can they contact the consumer directly?

A: For opt outs that come in from an authorized agent, there are two situations where the company can go to the consumer for verification.

  • If the opt out is missing some of the required paperwork. The agent is required to provide written permission from the consumer. If this is missing, the company can deny the opt out.

  • As for other opt outs, when the company has a "good-faith, reasonable, and documented belief" that the request is fraudulent. The company can't go to the consumer to re-check a legit agent opt out, but an agent that claimed permission in a consumer's name would be fraud.

Either way, the response is different from what the company would do to verify a GDPR Article 21 objection.

  • If an agent opt out is missing the required written permission, you can just drop it on the floor. There's no requirement to let either the agent or the consumer correct it.

  • If a company chooses not to act on an agent opt out, they have to provide the full "explanation of why it believes the request is fraudulent."

Yes, this means that if a company did all the work of making user stories and code for GDPR Article 21, they won't be able to re-use them unmodified for CCPA.

Q: Why did they make CCPA so different, and not just copy GDPR or a subset of it?

A: That goes back to why CCPA is opt-out-based, and not consent-based like GDPR. The authors of CCPA anticipated that an opt out system would be more likely to hold up in court in the USA than a consent-based system.

So in order to make opt-out workable at all, they had to make the process reasonably lightweight for the consumer. Under GDPR the consumer can just choose not to consent, but under CCPA the consumer has to choose to do something to get the equivalent result. That action that the consumer takes by choice has to be feasible.

Q: Which service providers are getting it right?

A: Implementing the opt out code path correctly is likely to be a differentiating advantage for service providers in 2020. A lot of the first wave of CCPA services just copied GDPR and made best guesses on the regulations, but now there is an opportunity for services to get the difference between opt out and other request types correct.

Watch this space.

Q: If verification is not required, why do authorized agents still put their users through a verification process?

A: Verification for opt out is manageable if you do it once per agent relationship and not once per logo on the Lumascape.

But still, if an opt out does not have to be a verified consumer request, why do authorized agents go ahead and verify emails and phone numbers? Because if we don't verify, then pranksters will sign up with fake names, the agent will look silly sending opt-outs from Mickey Mouse, and all those bogus opt-outs will eventually help companies form a good-faith reason to believe that opt-outs from this agent are fraudulent, and start denying them.

Doing verification on the agent side means that by the time the company sees the opt-out it will be verified to a standard strong enough that there is no reasonable way that the company could have a good-faith belief that it's fraudulent. So they have to handle it in one step without looping in the consumer.

CA court rules Amazon can be liable for defective goods sold on its marketplace

She Helped Wreck the News Business. Here’s Her Plan to Fix It

Short on Money, Cities Around World Try Making Own...

‘Changing the pipes to run on a better currency’: Publishers’ first-party data strategies take shape


LiveRamp Seems Pandemic Proof, As Subscription Revenues Grew Despite COVID

Advertising’s great unknown: Why audience intent matters more than identity


06 August 2020

(update 31 Aug 2020: add Prop 24 info and Adweek Magic Link)

Things that people are bad at:

  • remembering strong passwords

  • choosing and using different passwords on different sites

Things that most sites depend on for their security

  • (see above)

Things that will cost you $750 each if you mess up on managing them:

So avoiding passwords is going to be more and more of a thing. Here's a list of ways to avoid doing passwords (or make the password optional)

  • Email login link. You type in your email address and it sends you a link to log in. Red Hat Mugshot did this, a while ago. Today. it's implemented nicely at Adweek, where they call it "Magic Link".

  • ssh to log in. You give the site your ssh public key when you make your account, then to start a session you ssh to a service that gives you a URL containing a session key. $BROWSER $(ssh login.example.org)

  • Log in with G.A.F.A.

  • QR code. If you are already logged in on one device and want to log in from another one, scan a QR code with s33krit crypto stuff in it, like Keybase.

Any more?

SELECT * FROM services WHERE name = 'postgres'

03 August 2020

I guess we can rearrange the default web site to-do list, to put the branded jackets and the user conference ahead of the job server and full-text search engine. Some good articles on simplifying the back end by making PostgreSQL do it.

A new default Referrer-Policy for Chrome: strict-origin-when-cross-origin

This AI generates hilariously realistic startup acquisition announcements

Rene Ritchie: Why Apple Silicon is not ARM

Google’s ‘trust tokens’ are here to take cookies down a peg

‘There is no precedent to this’: How Criteo plans to adapt to Apple’s IDFA privacy update

How we bootstrapped our startup from $400 to $2,750 MRR in 135 days without ads

Web analytics, CCPA and is Google Analytics compliant with CCPA?

Update (Six Months of Data): lessons for growing publisher revenue by removing 3rd party tracking

Can you use Google Analytics in California? What if a user does a CCPA opt out?

29 July 2020

The short answer is yes. Google Analytics is even on the oag.ca.gov site.

Since CCPA is opt out, Google Analytics is going to be fine unless you know the site visitor has opted out. Once a site visitor sends you a CCPA opt out, what do you have to do to square it with Google?

This is where the Google documentation gets a little confusing. They're not going to tell you too much about whether a specific setting will get you to compliance, probably because that sounds too much like giving legal advice, and every site is different anyway. A wise man once said, Go not to the Elves for counsel, for they will say both no and yes.

Realistically, the Attorney General's office has limited time to bring CCPA enforcement cases, and realistically, hardly anybody has time to read n pages of Google documentation except the n/(reading speed) developers that Google can afford to hire, and nobody has enough C++ developers to keep up with Google's replacement technologies for the 3rd-party cookie, either so all you really need to do is not be one of the dozen or so creepiest, or most famous for being creepy, companies out there.

So read through the stuff on Helping advertisers, publishers, and partners comply with the California Consumer Privacy Act (CCPA), make sure that you're set up with the new version of the data processing terms, and then if someone opts out, do a ga('set', 'allowAdPersonalizationSignals', false); like it says on Advertising Features | Analytics for Web (analytics.js). And you should be good.

There is similar CCPA compliance stuff for other areas like ads, which gets a little more gnarly. But unless you have time to do every privacy compliance thing to white-glove standards, Google Analytics is probably not worth that much time. (Facebook Custom Audiences, on the other hand, are a big potential red flag, and anyone who takes the time to rage-surf Facebook for companies giving their contact info to the World's Creepiest PHP Programmer is going to see them. Probably worth more compliance checking time than it looks like they're getting. But that's another story.) The one exception is if you're stuffing PII into analytics events (which you can do, because you can put all kinds of stuff in analytics) but that's hopefully rare enough that nobody reading this blog is doing it. So there's plenty more to worry about than Google Analytics. And like I keep saying, all this stuff should be a win, not a cost center. In the near future, healthy organizations, fandoms, communities of practices and audiences will cooperatively (and with the help of publishers) spew forth CCPA opt-outs to protect themselves, like Penicillium colonies soaking their neighborhoods in antibiotics.

Related: Google Analytics: Cookieless Tracking Without GDPR Consent • Helge Klein

Follow the Money: How Digital Ads Subsidize the Worst of the Web

‘Contextual on steroids’: How Insider is tracking and scaling audience behavior using first-party data

The demise of advertising. Part 2,232,086,991.

CPRA promises short-term consumer benefits, long-term uncertainty

Importance of CCPA Compliance Highlighted by First Round of Private Actions

Is This Amazon Review Bullshit? – The Markup

European Courts Find U.S. Can't Be Trusted to Process and Store Data

CCPA for nerds, part 2

20 July 2020

Here's a quick update on CCPA opt out, nerd edition, which describes how I can send so many CCPA opt-outs so quickly. As you may recall, I made a simple CCPA opt-out tool, using...

  1. Mutt with GNU Privacy Guard

  2. Keybase

  3. A /code/ccpa shell script

  4. An opt-out letter. This is my opt-out that includes some language on Facebook data transfers.

The script generates signed CCPA opt-out requests, which do work.

But how do I get my PII into the outgoing mail, without putting it in the CCPA opt-out letters?

Use templates. Since I already know Mustache templates from web development, the final tool in the CCPA opt out stack is...

  1. mo is a tool to replace simple {{ STUFF }} template variables with values taken from environment variables.

So now I just set CCPA_ADDRESS and CCPA_PHONE in my .bashrc and they get substituted into the letter.

(enough of the surveillance marketing links for now, here are some off-topic good reads)

Kinky Labor Supply and the Attention Tax

We tagged Andean condors to find out how huge birds fly without flapping

How a Long-Lost Perfume Got a Second Life After 150 Years Underwater

Cory Doctorow: Full Employment

The Veteran Who Could Be VP

It’s Time to Abolish Single-Family Zoning

A Message from Your University’s Vice President for Magical Thinking

The Confederacy Was an Antidemocratic, Centralized State

How To Be A Fake Heiress

Why a small town in Washington is printing its own currency during the pandemic

Example of where GDPR compliance doesn't get you CCPA compliance

07 July 2020

You can't just cut and paste a set of existing GDPR compliance tools and processes (or a subset of what you do for GDPR) and get to CCPA compliance.

One area where CCPA and GDPR are substantially different is identity verification. (This is something that published articles on CCPA compliance often get wrong. Check with your lawyer.)

GDPR: where the controller has reasonable doubts concerning the identity of the natural person making the request referred to in Articles 15 to 21, the controller may request the provision of additional information necessary to confirm the identity of the data subject.

CCPA regulations: A request to opt-out need not be a verifiable consumer request. If a business, however, has a good-faith, reasonable, and documented belief that a request to opt-out is fraudulent, the business may deny the request. The business shall inform the requestor that it will not comply with the request and shall provide an explanation why it believes the request is fraudulent.

If someone sends a GDPR Article 21 objection, the recipient is allowed to ask them for additional info to verify themselves, and doesn't have to explain why. But if someone sends a CCPA opt-out, the recipient has to act on it unless they have a good-faith, reasonable, and documented belief that it's actually fraudulent.

And, on denying an opt-out, the recipient must provide an explanation of why they believe the request to be fraudulent. This writing assignment for the recipient is in CCPA but not GDPR.

(This only applies to out outs. The recipient can verify identity if someone asks for right to know and/or right to delete.)

Also, the CCPA opt-out doesn't have to come directly from the natural person. It can be from an authorized agent or a browser setting. The recipient still has to have that good-faith, reasonable, and documented belief in order to deny it, and they still have the writing assignment.

How publishers can reset to serve a cookie-less digital marketplace

Deep Dive: How publishers must adapt to the new normal

W3C Ad Tech Members Panicked About Slow Progress For Third-Party Cookie Alternative

The Wall Street Journal, Barron’s Group Emphasize First-Party Data to Advertisers

New data shows publisher revenue impact of cutting 3rd party trackers

Bruce Schneier says we need to embrace inefficiency to save our economy

After 7-year wait, South Africa's Data Protection Act enters into force


The new CCPA draft regulations: Identity verification

Andrew Yang's Data Dividend Isn't Radical, It's Useless

How to Remove YouTube Tracking

CCPA Compliance: Facebook Announces ‘Limited Data Use’ Feature

CCPA opt out, nerd edition

12 June 2020

Update 1 Jan 2020: link to current version of opt out letter

While we figure out how to make general-purpose CCPA opt-outs practical (feel free to set up a time on Calendly if you want to talk with me about Authorized Agent projects), here's a quick summary of my current CCPA opt-out tools. This is a prototype only, but does work.

  1. Mutt with GNU Privacy Guard (I put this first so people with a normal mail client setup can stop reading. You're welcome.)

  2. A Keybase account. Yes, we don't know what will happen to this service in the long run, but this is a prototype so whatevs.

  3. My ccpa shell script.

  4. An opt-out letter.

What the script does is generate a GPG-signed opt-out request that I can edit and send in Mutt, and the letter contains a link to the Keybase profile. Remember that the CCPA regulations Section 999.315(h) if you're following along at home. say,

"A request to opt-out need not be a verifiable consumer request. If a business, however, has a good-faith, reasonable, and documented belief that a request to opt-out is fraudulent, the business may deny the request. The business shall inform the requestor that it will not comply with the request and shall provide an explanation why it believes the request is fraudulent."

They're not allowed to deny the first one, opt-out, unless they come up with a good reason. Their choice is to do the opt-out or to take on a writing assignment for me for no money. And if they really want to pick the latter, and write an explanation of their "good-faith, reasonable, and documented belief" that this opt-out is fraudulent, they have to learn GPG and Keybase, and no growth-hacking marketer is going to spend time doing that.

This script works so far. They just do the opt-out. Sometimes they'll even treat the opt-out alone as either a Request to Know and/or a Request to Delete, because seriously, time is limited and once you have decided to just give the privacy nerd what they want, you might as well get all that nerd stuff out of the way at once.

Next steps? Make it work for more people, opting out of more companies. Right now this is just a simple version of the items needed for a "real" opt-out.

  • credibly claim that I am the person identified by data points that can be found in a marketing database (email, phone, IDFA/AdID, postal address...)

  • credibly claim that I am in a jurisdiction where I have a privacy right

  • assert that the sender of this letter has the right to act on a privacy request for me (in this case because it's me)

To be practical at scale, all of these need good UX, working, scalable implementation, and an effective legal payload. Some opt-outs will be on-demand, one company at a time, and others will be larger, in cases where you want to opt out of every company engaging in a specific practice and have your authorized agent do it.

But for now, for someone with my mail setup, doing CCPA is pretty convenient.

More, including template suppport: CCPA for nerds, part 2

Preliminary results are in! CCPA testers provide important insights into the landmark privacy law

Bombora Sues ZoomInfo For Allegedly Gaining An Unfair Advantage By Breaching CCPA

Maine Was Sued for Trying to Modernize Privacy Laws

Ad Buyers Should Rethink Facebook Spending, Says Media Watchdog

CCPA as a general-purpose activist tool?

06 June 2020

The final text of the California Consumer Privacy Act (CCPA) regulations is up, along with the final statement of reasons from the Attorney General's office. So it might be a good time to think about how the CCPA can be a useful tool for connecting and sharing with brands about policy issues on which you disagree.

CCPA is not just for privacy nerds. If you have a problem with a company over some other issue (pollution? wage theft? tax avoidance?) then the CCPA provides a way to register a complaint and make it stick. Companies do have to pay attention to CCPA requests.

A lot of ways to express alignment with a cause are things to not do, such as not buying or not crossing a picket line. CCPA requests can be almost as lightweight, but are unambiguously something to do.

There are three kinds of CCPA requests.

  • opt out (Do Not Sell).

  • Right to Know.

  • Right to Delete

Opt-outs are the easiest. They do not have to be verified. This is a fast, lightweight way to express that you have a problem with a company.

"A request to opt-out need not be a verifiable consumer request. If a business, however, has a good-faith, reasonable, and documented belief that a request to opt-out is fraudulent, the business may deny the request. The business shall inform the requestor that it will not comply with the request and shall provide an explanation why it believes the request is fraudulent."

If you just do an opt out, they can't go make you go fill out a bunch of web forms for ID verification while they shoot at your feet. They have only 2 choices.

  1. Act on your opt-out

  2. Send you an explanation of their "good-faith, reasonable, and documented belief" that your opt-out is fraudulent.

The other two require identify verification, so are time-consuming to do as an individual. They do more for you, and send a harder-to-ignore message, but they can make you do identity verification steps.

An opt-out is easy, but what does it really do? Most companies will say that they don't "sell" your personal info for money. However, CCPA has a broader definition of selling, which lawyers say is confusing, and service providers offer to help with. The CCPA defines "Sale" as

selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.

This definition covers some common marketing practices. Interestingly enough, while Facebook is trying to carve out a CCPA exemption for themselves, they do require their advertisers to honor opt-outs. The Facebook Custom Audiences Terms say

"You represent and warrant that the Hashed Data does not relate to data about any individual who has exercised an option that you have, directly or indirectly, committed to honoring or provided to opt out of having that data disclosed and used for targeted advertising. To the extent an individual exercises such an opt-out after you have used data relating to that individual to create a custom audience, you will remove that data subject from the custom audience."

From the privacy nerd point of view, it makes sense to get as many people as possible opted out everywhere. But from the point of view of influencing companies on other policy issues, can CCPA campaigns fill a niche between just Tweeting and more time-consuming actions?

Here's a CCPA opt-out email I have been working on. Put in your own cause and contact info. This is a little long because there has to be some explanatory material for now. A lot of companies are still learning CCPA, and they have a bunch of marketing stuff going on that they might not be aware of. (Maybe last summer's marketing intern uploaded a customer list to an account they don't have the password to any more?) For now the responses can be all over the place.

If you want to try CCPA-ing some companies to get a sense of how it works, try this:

Californians, did you know you can now opt-out of companies selling your personal information online? You have this right under a new CA privacy law, but we'd like your feedback. Sign up below for our volunteer study, and help us stand up for your privacy.

— Consumer Reports Advocacy (@CRAdvocacy) Twitter, May 14, 2020

The California Data Broker Registry’s Growing Significance For Ad Tech

Of course technology perpetuates racism. It was designed that way.

Take “racism” off your keyword blocklist

Civil rights leaders blast Facebook after meeting with Zuckerberg

No More Cop Unions

Trump Is Doing All of This for Zuckerberg

Facebook's algorithm is a sociopath, and Facebook management is too greedy to stop it

Whistleblowers say Facebook has not warned investors about illegal activity, in new SEC complaint

She Was Lured into Sex Slavery Through Facebook. Now She Wants to Stop Mark Zuckerberg From Making Victims ‘Invisible.’

WSJ: ‘Facebook Executives Shut Down Efforts to Make the Site Less Divisive’

The surveillance economy is more like the commodification economy

18 May 2020

Previous: Open source businesses, meet the real world

If we want to do anything about the surveillance economy problem, it helps to try to figure out why it's so important to so many people to do surveillance marketing working definition of surveillance marketing: any database marketing where some or all of the data used is derived from surveillance instead of other kinds of marketing. One way to look at it is that it's not about the surveillance. Surveillance is a tool in a more complicated process. Today, the surveillance marketing business looks like the Establishment, but it used to be cool (business cool anyway) back when it was emerging from the open source scene of the late 1990s and early 2000s.

Doc Searls wrote, Madison Avenue fell asleep, direct response marketing ate its brain, and it woke up as an alien replica of itself. Part of that was
driven by the realization that the same Commoditize Your Complement strategy that applies to device drivers and other open source software can also apply to every business, everywhere. It's more of a commodification economy than a surveillance economy, but we got started saying surveillance economy so we might as well stick with it.

The general direction of the "surveillance economy" is to build a system where reputation graphs gain sustainable value, and goods and services (whether they're PC hardware, or software, or songs, or news stories, or home delivery of stuff) lose value until they become commodity nodes on someone else's reputation graph. Information goods such as software code can and should be public, while reputation graphs are hidden by legal restrictions, complexity, and scale. And there's a reputation graph for everything. Amazon sellers. Uber drivers. News sites. The same adtech companies that facilited content commodification in 2014 are facilitating content commodification today. Web adfraud is just as necessary for web adtech as extra drivers cruising around are necessary to Uber.

The first market in information goods to get commoditized was the slothful, overpriced Unix business, which was already being starved of investment as CIOs and analysts talked up the inevitability of Windows NT. When Linux came along, the commodity was an improvement. Naturally, when the commodification strategy worked in one business, the winners went on to apply it elsewhere.

  • Use a stack of janky PC hardware instead of splashing out on a Digital Unix server: cool hack

  • Use a stack of miracle cure peddlers instead of splashing out on a star MD: maybe not so much

YouTube doesn't show you videos about drinking bleach because they want you to drink bleach. They show you videos about drinking bleach because the recommendation algorithm is set up to avoid creating the kind of powerful stars who tend to emerge on other media. The bleach-drinking advocacy is just a side effect of a system designed to steer you away from any content creator who might develop market power.

Algorithms that artificially boost "long tails" in content We can see this happening but it's hard to quantify from the outside. We won't see it for real until the discovery phase of some ugly lawsuit over some tragic event. are an essential part of the commodification strategy. For a platform company, fraudulent and misinfo content doesn't look good in the PR clippings, but it's manageable if you can get enough Serious People to write slick PDFs about how it's an Industry Wide Problem. Allowing the algorithm to let user preferences create bankable stars would be a real threat.

For every bad thing on the Internet, there is an "if this goes on" dystopia story. If the surveillance economy keeps going the way it's going, we'll all end up working for and buying from one big company built around a really complicated reputation graph that measures who can catch the tastiest rats in the ruins of civilization. But no dystopia narrative runs out all the way (yet). Just as the surveillance economy dystopia narrative mostly ended the IP Maximalism dystopia narrative, we're going to get a new one.

So that's the fun part. Which marketers will manage to de-commodify themselves? (Maybe think economic signal, using the whole customer including their own hard-wired monkey brain ability to process reputation and how brands are a cognitive hack on that, and so on.) One piece of good news. Section 230 of the Communications Decency Act helps platform companies enable commodification, but other laws and regulations are giving us tools to resist it. More on that soon.

Doordash and Pizza Arbitrage

To show how easy it is for plagiarized news sites to get ad revenue, I made my own

FTC Seeks Ad Tech Pros To Bone Up On The ‘Opaque’ Business Of Digital Advertising

An ex-Google employee was behind an online campaign to make a coronavirus conspiracy video go viral

An Ex-Google Employee Turned 'Whistleblower' and QAnon Fan Made 'Plandemic' Go Viral

Fewer advertisers means more bad ads from ad exchanges

Facebook Said It Wouldn't Take Ads For Masks. This Company Ran Them Anyway.

Facebook Reaches $52 Million Dollar Settlement With Its Hard-Hit Moderators

The latest big transparency report again shows ad tech is a mess

Coronavirus misinformation is a tricky foe for tech

Big Tech Has Crushed The News Business. That’s About To Change., by Ben Smith, New York Times

Conference talk abstracts and links

14 April 2020

Southern California Linux Expo: Hacking the California Consumer Privacy Act for Fun and Profit (and freedom and privacy) | 18x A new California law that will help protect you from scams and misinformation, by taking control of your personal information. For legit sites that respect people's privacy, CCPA helps shift the balance of power on the web away from the "data brokers" that share people's sensitive health and finance information on the Internet, and toward sites that people trust. (March 5-8, 2020)

Southern California Linux Expo: Designing a market to reduce software risk and compensate open source contributors | 18x Developers face the risks of under-incentivization, leading to lack of sustainability of key projects. Meanwhile, users face the risks of missing or delayed features, bugs going un-fixed, and software projects going unmaintained. This project is one of several recent attempts to improve transparency, incentivization, and sustainability in the production of software. (March 5-8, 2020)

Trust, Identity and Data Privacy: A Multistakeholder Approach: Report from Mozilla’s test of their global consent browser-plug in tool Users need help managing their privacy preferences across multiple web services. Mozilla is testing “Global Consent Manager” — a browser tool for that purpose. Learn about the test and the surprising initial data about engagement. (April 24-25, 2019)

Nudgestock Festival Why exactly does digital advertising make people feel uncomfortable? What are its downfalls? And how does GDPR present an opportunity for brands seeking to reach people online? (June 2018)

Mumbrella MSIX, with Eaon Pritchard Don Marti, open source innovation strategist at Mozilla, and Eaon Pritchard, head of strategy at UM, will take the stage to explore the ‘signal’ in digital. With web advertising grabbing headlines for fraud, privacy and trust issues, Marti and Pritchard will look at making it possible to use the web as a different kind of advertising medium, one that works better for carrying an economic signal.

FOSDEM 2018 In order to make open collaboration more effective, we are using simple market mechanisms to add incentives to do useful work. This demonstration shows how users can put financial value directly in the hands of the people who can fix the software issues that are most important to you, and how you can discover which issues really matter to yoru project's users. (February 3-4, 2018)

MozFest 2018, with Matt Snell We will discuss how consent management on the web works today, and the relationship between user privacy and reputable content providers. Web users face a confusing array of data sharing choices, and click fatigue can lead to poor user experience and possible inadvertent selection of options that do not match the user’s privacy norms. Reputable content providers face revenue disruption arising from changing data privacy regulations. (October 26-28, 2018)

Can database marketing sell itself to the people in the database?

28 March 2020

Within two years or so, marketers will have to deal with a new technical and regulatory climate, where a person's information is only in a company's database if that person wants it to be. If a person doesn't want to be tracked and targeted, or hasn't heard of you, their information will not be available to you.

This might sound like a big change, but it's where privacy technology and regulation are headed. Here in California, we will keep signing and passing privacy initiatives until marketing practices that we see as creepy go away. If privacy settings on a web site or app are too confusing, people will ignore them and fix the privacy settings through the political process. The harder it is to work through today's California Do Not Sell process, the easier it will be for the next initiative to get passed. And the next after that. The California privacy initiatives will continue until California voters are happy with how the least trustworthy companies handle their information.

And just as privacy laws and regulations are popular in politics, privacy features are popular in products. (If they weren't, Apple wouldn't be all What happens on your iPhone stays on your iPhone. The billboard would be iPhone shares your life with brands you love or something.)

Today, database marketing companies try to make it a pain for people to exercise their right to have personal information deleted. But that can only delay what's coming, and build support for proponents of stricter privacy laws. And those laws don't have to be perfect. I don't have to get every record mentioning me out of every database everywhere. I just have to be hard enough to reach with personally targeted ads and other forms of database marketing that it becomes too costly to do it, compared to other ways of getting a message in front of me. (Targeted ads are a form of database marketing. Doc Searls explained that a while ago. And anonymized ad tracking identifiers are PII until proven otherwise.)

Today, people have a choice.

  • accept tracking and targeting

  • do a bunch of boring privacy nerd stuff to get out of tracking and targeting

  • vote to change the game

The third option is the only easy or effective one. The result is that at some point anyone doing database marketing will have to make a case to every individual in their database for why the marketer should have that individual's information. If you can't convince me to let you have my info—not just trick me into fake consent or bore me into giving up—you're not going to have it. When you sow dark patterns, you reap privacy regulations.

Outside of adtech/martech, business will go on pretty much as usual. I will put up with being in someone's database to facilitate a transaction. You can't ship my order unless you know where I live. I might even give up my information as part of a sales process or to receive a newsletter. I'm fine with being on a subscriber list for a publication, not just in order to receive information and culture, but also to be part of a community of some kind. In those cases, though, I'm still aware that I'm making a trade with a known party, and I'm accepting risks. And I'll sign a privacy initiative that limits what you can do with my info once you have it.

Can database marketing sell itself to the people in the database?

What objections are marketers going to have to overcome to convince people to consent to the use of their information? How can database marketing justify itself to the people in the database? Today, I'm not convinced that database marketing can do that.

  • Will you use my information for price discrimination or discrimination against protected groups of which I am a member? For example, if you know my ZIP code will you quote me a higher price if I'm far from a competing big box store selling the same item? If you know something about my family life will you decline to show me ads for housing or jobs?

  • I have enough stuff, and if I want to buy more stuff I'll go search for it. Why are you tracking me instead of putting your marketing efforts into content marketing and SEO that will help me when I need to find your product?

  • Why are you spending money on targeting me instead of buying me ad-supported content and services? When you can't reach me by targeting me, you have to sponsor some kind of content or service that I might want.

Wait a minute, don't I want more relevant ads? Of course not. When an ad is targeted to me, it's easier to make it deceptive. I want the ads that your existing customers and employees see, too. I want the ads that the editors of the trade publications that cover your industry can see. I want the ad that your parents see.

Don't publishers make more money from targeted than non-targeted ads? Yes, in a system where both kinds of ads are available reaching the same audience. I'm not interested in being targetable by anyone. If you want my eyeballs, pay for valuable content.

You might be able to sell me on being listed in a database if you offer me meaningful discounts. One possible result of the shift away from database marketing without consent is driving more and more marketing attention to membership programs like Costco and Amazon Prime. Instead of surveillance marketing to individuals, you will have to get inside a wall by dealing with one big company.

Anyway, more later.

Zoom Removes Code That Sends Data to Facebook

A group of adtech companies is working hard to defund news about the coronavirus pandemic and it could be costing major publishers millions of dollars

The new contextual ad targeting works, study says

Apple updates Safari’s anti-tracking tech with full third-party cookie blocking

Brands can save American lives during the coronavirus crisis by running ads next to news coverage of the pandemic

a likely near future for web ads

25 March 2020

Michael D. Silberman from Piano writes,

Every day, users provide media companies with the type of explicit, accurate, data other businesses covet. Consumers willingly volunteer this data as they register or subscribe in order to unlock more content or build a deeper relationship with their site of choice. And it’s exactly this type of information that, if used right, can push those companies ahead in this new data landscape.

Piano is one of several service providers enabling the web ad business to migrate from the third-party cookie to SSO identifiers for ad placement and attribution. Another example is How LiveRamp Plans To Win After ‘Seismic Impact’ Of Chrome And Regulatory Changes | AdExchanger

LiveRamp’s Authenticated Traffic Solution (ATS) is creating more chances to match online users based on email. Publishers using ATS ask readers to submit their email for free access to content. That email address can potentially be matched to the IdentityLink profile, creating a chance for one-to-one targeting without having cookies, and with clear consent because the email was given to the site. Howe said LiveRamp has 12 SSPs and 30 DSPs buying on ATS or committed to its adoption.

One possible future for post-cookie web advertising is going to work something like this: if you're signed in to a site, you're going to get something pretty close to adtech as usual, except limited to the group of sites where you're willing to sign in. So if two publishers can both use a registration wall to get your email (or SSO that maps to your email, which is basically the same thing) then the same ads will "follow" you across both those sites, and you'll see ads targeted based on loyalty programs you opt into.

This means an increase in market power for publishers from the conventional third-party cookie, because crappy and fraudulent sites will have a hard time getting your email or SSO. For advertisers, the game of tag, trying to get ads in front of specific people, continues, except that the boundaries for the game are brought in to include only sites that can get people past the reg wall. LiveRamp CEO Scott Howe explains, in Why Addressability Will Flourish In A Cookieless World | AdExchanger.

On sites where you're not signed in, you're going to get ads for miracle fungus cures, predatory finance schemes, and other bottom-feeder stuff—unless you're running a browser with built-in targeting/atribution (the stuff being discussed at W3C's advertising business group) and leave it turned on. In that case your browser will do magic JavaScript tricks to give you reasonable-looking ads from legit companies—but the site still has an incentive to get you signed in if possible. (The clickbait of today is a photo and headline. The clickbait of two years from now will be a photo, headline, and a killer first two paragraphs to run above the SSO button.)

Fraud doesn't go away entirely in this scenario, but the difficulty of fraud schemes does shift, and tends to make other platforms, such as streaming media, into more attractive fraud targets.

oversimplified ad network

03 March 2020

(updated 31 Jan 2021: placeholder ad in step 1)

Problem: Blog ads don't pay and web ads don't carry economic signal. And if you use a regular ad network you'll probably get a bunch of shitty ads on your blog anyway, so not worth it.

Thinking about a solution (work in progress, comments and suggestions welcome)

How it works (for bloggers)

  1. Put the ad tag on your blog, apply to the ad network stating how much you want per day for that spot on your blog. (You can attach analytics and stuff to your application, but a lot of that stuff is bogus anyway so don't sweat it.) At this point, a sample placeholder ad starts showing up on your blog, so the other members can check it out.

  2. The other members vote. Result can be: you're in at the rate you asked for, you're rejected, you get told to come back with a lower rate or change your site design to give the ad better placement or both.

  3. If you're in, you're in. Any time a paying ad gets accepted, it runs on every member's blog and everyone gets their daily rate.

  4. If you want, you can make a "house ad" for your blog that might run (members vote) on everyone's blog, on days when there is no paying ad.

  5. As long as you are a member, you can vote on ads, new members, and the house ad of the day for unsold days.

How it works (for advertisers)

  1. You can see a list of members, the site analytics they choose to share, and an estimated total rate at any time.

  2. You make an ad and upload it, along with the URL of the landing page you want it to link to.

  3. Members vote up/down. (Your ad must get a 2/3 yes vote, but it's a short voting time and a missing vote counts as a yes. So you're probably in, unless you're that gut doctor begging people to throw out vegetables in which case go try a conventional ad network.)

  4. You pick days you want the ad to run, and sign an insertion order.

  5. Your ad runs. You are charged only for blogs that were members at the time you signed your IO. Members approved between the time you signed your insertion order and the time your ad ran are free.

  6. You get an invoice and pay it. (No, you don't have to pay for your ad up front. If the bloggers didn't trust you to pay an invoice they wouldn't have trusted you to sell your stuff to their readers.)

The reason it's one ad everywhere is to try to get some signal out of it. Readers will be more likely to check out their favorite blogs in the network, and not block ads there, when an ad is more like a magazine ad or a trade show booth—a clear signal that the advertiser is investing money in reaching a community of practice.

(Yes, this is sort of the spawn of The Deck and Project Wonderful, and both of those failed, but these are the days of countdown to the end of the third-party cookie, so worth trying again imho.)

Are industry reports downplaying ad fraud?

How does bullshit news become news?

Investigation Urged Into ‘Anti-Competitive’ Ad Blockers

Planning For Safari Can Prepare Advertisers For Chrome's Future

lazy loading images

29 February 2020

Update 2 Jan 2022: Link to caniuse.com

As you might have noticed, the main page of this blog is not paginated. The text goes all the way back to the beginning. Fortunately I don't write very fast so I can keep filling it up and it's not even especially big for a web page today.

But the iframes and images can get big.

So I just put the lazysizes script, by Alexander Farkas, on here. So far so good.

Easier than setting up pagination. Please let me know if you run into any problems.

I have switched the images to loading="lazy" but I'm keeping this script for now, for iframes, because Firefox only supports lazy loading for images.

Preparing for Coronavirus to Strike the U.S.

A lot of words on words.

The EU will tell Britain to give back the ancient Parthenon Marbles, taken from Greece over 200 years ago, if it wants a post-Brexit trade deal

Board-game design is thriving

Playing D&D Can Save Your Life

Intellectual Dark Matter

This Guy Is Breeding City Pigeons for Affordable Food

three reasons privacy regulations and tools will result in an economic boom

16 February 2020

(update 6 Aug 2020: edit for clarity, note at end)

Just popping up for a quick look at the big picture before digging into the details of advertising markets. Realistically, privacy regulations and tools are going to have a bunch of positive impacts on the economy as a whole.

  • Reallocation of information and communications technology (ICT) investments and skills. As investment shifts out of surveilance marketing, available financial and human capital in ICT will end up moving to positive-sum interactions. Capital can move remarkably quickly in response to regulation as we saw in the early 2000s. The Digital Millennium Copyright Act drove investments away from many kinds of infotainment startups, and into surveillance marketing.

    Today, the regulatory pressure is in the other direction. Not all of the shift will be away from marketing in general. While no-consent surveillance gets harder, other investments in marketing technology will show greater returns. For example, a mapping service will be able to add fuel, restroom, and food stops to planned trips—based just on express intent and on information supplied by businesses. And contextual targeting is likely to keep getting better.

    Important to understand the extent to which different "Big Tech" companies are exposed to different aspects of the transition. (Search and map ad revenue is less at risk than audience-based ads tied to poorly understood social surveillance practices, where voters will keep supporting laws and initiatives until the creepy headlines stop.)

  • Increased market power for news and cultural industries, resulting in a news and culture boom. This is not just because of context-based targeting, but because limitations on tracking users across contexts will remove some of the so-called "infinite inventory" that tends to drive down ad rates everywhere. More ad money for creative businesses means we get to see more high-risk, potentially high-value news and creative works, such as big investigative reporting projects.
  • Lower expected returns to some kinds of crime. User-targeted ad placements give a persistent structural advantage to deceptive sellers. Limits on targeting will reduce may opportunities for fraud against both legit advertisers and against end users. A stronger news and cultural industry will also be better funded to deliver trustworthy product reviews.

Rapid deployment of privacy regulations and technology is likely to result in a privacy dividend for investors, and a potential risk of an "overheated" economy in general. Much of the boom will hit the news and creative industries, but there's probably some good news here for small businesses relieved from the pressures of fraud and bidding up the price of access to audiences.

I wrote this in February. Now the overheated economy risk is...not so much. Although some surveillance marketing advocates are asking for delays in privacy enforcement, it's more likely that we will all do better by speeding up.

Snoop Dogg Is Starring In a Scam Debt-Relief Ad Campaign Pouring Millions Into Facebook

Here’s an idea to save local news: Stop trying to make a profit from local news

Amazon can’t end fake reviews, but its new system might drown them out

California Introduces Law to Stop Delivery Apps Screwing Over Restaurants

France's new 'Sleeping Giants' law

The Washington Post

Mobile Device IDs Will Be The Next Ad Tracker To Bite The Dust

Key Changes in the AG’s Updated Proposed CCPA Regulations

Play money bug futures market

10 February 2020

Developers would prefer to release software at a high quality level. Users prefer to use software at a high quality level. However, firms are incentivized to release software at a lower quality level than would be chosen by either developers or users.

How do you design a system that lets users quantify and hedge the risks of low-quality software, while compensating developers to do the extra work to bring the software up to a higher quality level?

A variety of systems have been proposed, including subscriptions, bounties, and dominant assurance contracts. A market for trading software issues describes another possibility: futures contracts on bugs/tasks.

A market (play money only) based on this research is set for a soft launch the first week of March. For a demo, account, and some free (play) money, please contact me directly.

Co-op helps Uber, Lyft drivers use data to maximize earnings

Tech Spending Is Set to Explode, Says Microsoft CEO Satya Nadella

The Rust Belt Didn’t Have to Happen

Copyleft Should be Scary

2019 year in review for open source licenses

Open Source Should Come With Warranties

The 1997 merger that paved the way for the Boeing 737 Max crisis

Reimagining the PhD

What we learned from over a decade of tech activism | Nataliya Nedzhvetskaya and JS Tan

'Shattered': Inside secret battle to save America's undercover spies...

Attribution and consent

26 January 2020

(update 8 Apr 2020: added numbers to levels.)

Attribution, so hot right now. some background: WTF is multi-touch attribution?, Confessions of a former agency exec on attribution scamming. Big unresolved questions on how the post-creepy web ad business will handle the measurement of ad effectiveness when third-party cookies are absent, and fingerprinting is a game of Whac-A-Mole with all the browser powerhouses busy whacking and only the small fry of the Lumascape still busy mole-feeding.

Building better systems for ad placement and attribution will depend on a solid chain of consent from web activity to action. No attribution tracking is going to work if consent is missing or sketchy on any link in the chain, because browsers, competing to implement people's preferences on how their data is used, will drop attribution data on the floor if it doesn't have solid "provenance" in the form of good enough consent.

Of course, most of the stuff covered in a "consent" dialog isn't really consent. IMHO there is consent that's meaningful enough for a browser or other software to pay attention to, and fake consent where the best way to implement the user's intent is either to rewrite the consent bits, or to block tracking. Consent is hard to define.

Levels of consent, best to worst.

  • 5: philosophical ideal of consent. Philosophers are still working on this, so no need to implement in software yet.

  • 4: informed consent that's good enough to get you signed up as a human subject for university-run research. Institutional Review Board approval, so software should respect, because Science!

  • 3: consent as part of an understandable transaction (You have consent to use my address to ship me the package I ordered). This is kind of like the spawn of consent and legitimate interest. Software must implement this kind of consent, or people won't be able to order stuff or log in or anything, and they will rage-quit the software that's stopping them.

  • 2: consent implied as part of a transaction such as a registration wall with an email address, or SSO with a clearly labeled button. This level is where the action is. Can user research show that expectations on both sides are compatible? If so, this is a win! Opportunity for software to help users by doing this right, and a big opportunity for sites that people choose to trust. The Site Engagement Service in Chromium is likely to be increasingly important here, along with related metrics for how much the a user probably trusts a site,

  • 1: consent buried in the fine print or in dark UX patterns is clearly not good enough, and worth the effort for software to block data transfer even in the presence of "consent." Blocking bogus consent, and telling it apart from consent that's just good enough not to block, is going to be a user research win, just like blocking other creepy stuff.

  • 0: consent fraud is common, just more stuff to filter or block.

Attribution schemes will work as long as everyone who touches attribution data also has consent, which implies a bigger role for publishers in the audience data market.

Today, the Trident Era Ends

(A Few) Ops Lessons We All Learn the Hard Way

U.S. Media Polarization and the 2020 Election: A Nation Divided

Newsonomics: Here are 20 epiphanies for the news business of the 2020s

Curious case of privacy bug in Intelligent Tracking Prevention

How publishers are planning for the end of the third-party cookie

Browsers are interesting again

WTF is Google’s Privacy Sandbox?

Axel Springer pushes on in its legal fight against ad blocking

The browser wars are back, but it’s different this time

Removing extra, complex markup from a HTML page

20 January 2020

Interesting question from Doc Searls, on Twitter:

Is there a way to export a non-complex Medium post (one, say, just with links) that isn't full of cruft like "p id="4f89" class="gw gx ar bj gy b gz ha hb hc hd he hf hg hh hi hj" data-selectable-paragraph="" ? How about an "Export as old school html?" option in the ••• menu?

— Doc Searls (@dsearls) January 16, 2020

Here's one way. Save your messy HTML file (here I'm calling it index.html, then:

pandoc -f html -t commonmark < index.html \
| grep -v '<' \
| pandoc -f commonmark -t html -o clean_index.html

Open clean_index.html and there's your old-school web page.

What this command is doing is...

First, convert the contents of index.html to the simpler CommonMark markup format.

pandoc -f html -t commonmark index.html 

Next, filter out any lines containing HTML markup that Pandoc wasn't able to translate.

grep -v '<' 

Finally, convert back to HTML and write it out to a new file.

pandoc -f commonmark -t html -o clean_index.html

Where to get Pandoc, and more info: Pandoc

At Southern California Linux Expo a few years ago I did a talk with more Pandoc tricks: Using git and make for tasks beyond coding [LWN.net]

By the way, I'm scheduled to speak at SCALE again this year: Hacking the California Consumer Privacy Act for Fun and Profit (and freedom and privacy), so hope to see you there.

Bonus links

The last radio station

Publishers Sense Opportunity As Chrome Drops Third-Party Cookies

How Will Publishers Fare As Google Moves To Kill Cookies In Chrome?

Newish things that haven’t made advertising better, part 9: certainty.

The anti-predictions: What won’t happen in media and marketing in 2020

This Page is Designed to Last

Facebook, brown M&Ms, and skin in the game

12 January 2020

(update 20 Jan 2020: add link to Bill Fitzgerald's blog post.)

(update 18 Jan 2020: add embedded Tweet of fake McDonald's ad.)

This is the long answer to the question: why are you tweeting screenshots of stupid Facebook scams? On Twitter it might look like I'm just randomly talking shit about Facebook, but I do have a point here.

Here's an example of a Facebook Page whose owners uploaded my contact info without permisssion. It doesn't look like that's really their logo, either.

Facebook scam, fake "Amazon"

I didn't set out to look for scam advertisers on Facebook. I did visit "Settings" → "Ads" there, in order to make sure to send a CCPA data deletionCCPA letter, shell script to some well-connected nodes in the surveillance marketing network. Hitting the cute little "Do Not Sell" button on content sites is a lot of effort for a little CCPA win, so the best CCPA strategy is to focus on the big players, such as.

  • Acxiom

  • Experian

  • Epsilon

  • LiveRamp

  • Oracle

Those were some of the companies I expected to have my info, and sure enough I found them in Facebook ad settings. So they're on my CCPA list. I don't expect companies like that to make the CCPA process easy, but I will do my part for the California creative boom of 2020.

Anyway, back to Facebook scams. While I was making my CCPA list, I also saw a bunch of Facebook advertisers like the Amazon one above, and this fake "Gap Inc." This one not only uploaded my info, but also got Facebook to let them match it against Facebook's existing user data, and re-sell the result.

Facebook scam, fake "The Gap"

What's the big deal, though? They're just regular scams, and I don't buy stuff off of Facebook anyway.

Here's why I think it matters. Obvious scams are a helpful way to see how well Facebook is enforcing its own policies on ads. Van Halen didn't really dislike brown M&Ms, but their contract for live shows included a section banning brown M&Ms backstage. The part about the brown M&M was buried in the middle of a bunch of technical and safety requirements for the show. If the band saw a brown M&M, it was a warning to check again for harder-to-find safety issues.

On Facebook, a lot of the worst problems are the hardest to see. Any halfway decent state-sponsored political misinformation operation is going to be effectively invisible to me, and to academic and NGO researchers, even with Facebook "ad transparency." The misinfo people have probably been uploading a bunch of variants on the same ad creative, to make it impractical to check it all. They have an inoffensive, generic name, use a US-based Facebook user with a clean account to be their point of contact, and carefully filter their Custom Audiences to key purple-state voters. And, as long as they don't tag their ads political, and take them down before anyone reports them as political, the ads won't be available afterward in Facebook's Ad Library. Bill Fitzgerald explains in a blog post summarizing a recent Twitter Q&A session.

Can we take Facebook's word for it that they're doing anything about sneaky, invisible state-sponsored misinformation? I doubt it—when they're serving a big bowl of brown M&Ms, in the form of obvious scams, to everyone who looks at their ad settings page. It's hard to believe that they take an invisible problem seriously when the visible problems that would get fixed as a side effect of addressing it are still there. (And, of course, when deceptive ads serve the company's own interests. Facebook is pushing an ambitious cryptocurrency scheme that depends on approval from US regulators, and the results of the 2020 election will decide who those regulators are.)

Facebook has two sets of rules for deceptive ads: the written rules that they show to media and the government, and the unwritten rules that they teach to their scam and misinfo advertisers by example. The unwritten rules, which encourage deceptive advertising, matter. The written rules, not so much.

Hypothetially, what would Facebook do if the company's true intent on misinformation matched the written ad policies they claim to enforce? They would deploy a few fairly basic "skin in the game" fixes.

  • No more credit card payments for advertising, invoices only, net 90 If an advertiser is so untrustworthy that Facebook doesn’t even know they’ll pay their invoice, then that advertiser is not trustworthy enough to put in front of a user.

  • Rewards for reporting violations. If a user reports an ad that violates a policy, and the advertiser gets kicked off, then let the user keep the ad money that came in from that advertiser. Include the owners of email addresses and phone numbers who get added to Custom Audiences without consent in the program. (And no, this does not incentivize users to deliberately post scam ads and report them, because they would just get their own money back.)

  • Notify advertisers when their ad ran on content, or near an ad, that is removed for policy violations. Right now a lot of important brand safety issues are hidden, because advertisers can't see context. Give the legit advertisers the visibility they need to decide how much brand safety risk to take.

Top management at a large organization cannot micromanage for trust and quality. But they could, if they wanted to, set up the culture and incentives to make it important to all decision makers at the organization. Right now Facebook is set up to encourage and profit from deceptive advertising while imposing deceptive advertising's costs and risks on their users and on society in general.

All right, enough fun with zany scams, back to CCPA-ing any real company that put me in a Custom Audience.

Facebook Quietly Made a Ton of Updates Hours After Trump Got Impeached

Facebook is still running anti-vaccination ads despite ban

An uncritical Teen Vogue story about Facebook caused bewilderment about whether it's sponsored content before the entire article vanished (FB)

All YouTube, Not Just the Algorithm, is a Far-Right Propaganda Machine

Disinformation For Hire: How A New Breed Of PR Firms Is Selling Lies Online

Privacy for Sale: How to Target Cancer Sufferers with Facebook Ads for $99 a Month

Here’s where California residents can stop companies selling their data

I helped draft California’s new privacy law. Here’s why it doesn’t go far enough

Thanks, California! Here’s a list of companies you can now tell to stop selling your data

Our collective privacy problem is not your fault

Advertising & Analytics Red Team: Attribution Attacks via Facebook's "fbclid" Parameter

Facebook Helped Bill O'Reilly Shill For A Company Accused Of Scamming Customers

CCPA as a game mechanic?

31 December 2019

Doc Searls pointed out, back in 2013, that direct marketing has taken over the advertising business. At the same time, the optimal balance between brand building and sales activation has shifted toward brand building. Advertising done right can be a source of funding for creative work, as part of a positive-sum cooperative game involving honest sellers and discerning but time-limited buyers. Today's Internet advertising doesn't manage to pull that off, because of its persistent fraud and brand safety problems.

But marketers are citizens and parents, too. The struggle over advertising's alignment isn't about privacy nerds on one side and marketers on the other, it's about forming a connection between people looking at the advertising problem from both sides. A privacy developer building a system to help users control the use of their personal information is working on one subtask of the same project as a marketer who needs a trustworthy platform to build brand equity.

The problem, since the rise of third-party cookies in the first dot-com boom, has been that negative-sum marketing investments are much better at justifying money spent on them than positive-sum, signaling-based investments. As a marketer, it's easy to show numbers to prove the success of a creepy project, while leaving the long-term damage to the brand to the next person.

Now for the good news.

Starting tomorrow, the California Consumer Privacy Act will give us an important tool to shift the balance between positive-sum and negative-sum advertising, by interrupting the data flows that allow for the placement and measurement of the bad stuff. The CCPA is an important tool to help marketers concerned about brand equity, to redirect ad budgets to support the creative work that we want. January 1, 2020 is CCPA Day, and the beginning of the journalism and culture boom of the 2020s.

It will take some work, though. CCPA without action by citizens is just a piece of paper. It only works if people take action to opt out, have their data deleted, or both. And the right companies to contact for maximum impact are usually the shadowy data brokers that you might not think of. Oracle is a database company and a sailboat sponsor, right? Yes, but they're also the owner of a collection of database marketing companies and an important node to disconnect from the attack path that leads to me. Even though I'm a privacy nerd from way back, the prospect of opting out and deleting my data from all the shady companies out there looks like a boring grind, even though I know I'll enjoy more ad-supported news and cultural works in the future.

At least I don't need to do CCPA stuff to protect myself from anything already covered by privacy technology. I don't need to spend human time dealing with a problem that a machine can block. That handles a lot of the ankle-biters of the Lumascape. But we still have a bunch of important nodes on the surveillance economy network to get to. Boring.

One way to get a good-sized pool of opt-outs and deletions in place will be to gamify it. I'm using a browser extension to log when an opt out or deletion has happened, report it to the back end. From there, connect it to an inventory or deck-building feature of the game, so the more opt-outs you do, the better your chances of winning.

Work in progress: source code

Why ‘data provenance’ will be the new media-transparency issue in 2020

GDPR was just a warmup. CCPA will arrive with a bang.

Newish things that haven’t made advertising better, part 7: complexity.

Amazon's algorithms keep labeling illegal drugs and diet supplements as 'Amazon's Choice' products, even when they violate the marketplace's own rules (AMZN)

How ICE Uses Social Media to Surveil and Arrest Immigrants

Firefox Preview Beta reaches another milestone, with Enhanced Tracking Protection and several intuitive features for ease and convenience

How Big Tech Manipulates Academia to Avoid Regulation

We bought a car seat on Amazon. It shattered in a crash test

The Problem With Bubba's Burgers

Announcing the WebKit Tracking Prevention Policy

Day-to-day experiences with bug futures

29 December 2019

In theory and in the lab, futures contracts are a proposed way to make the missing connection between open source and markets. Has everyone read "A market for trading software issues" in the Journal of Cybersecurity?? Here's a figure from Marktplatz zur Koordinierung und Finanzierung von Open Source Software: figure

The next interesting question is: how do futures work in a real project? Are bug futures just high-tech piecework? This is my subjective notes on participating in a small project using futures. (We got in the habit of using FIXED and UNFIXED, all-caps, for the two sides.) It feels like we're on to something, that the market is adding some information sharing and coordination power that's not available in the bug tracker alone. I'm looking forward to using markets in more projects in the future.

Habits: I did get into the habit of quickly selecting what to work on based on my FIXED positions. I think I'm more of a loss avoider than a profit maximizer, and I probably passed up some chances to buy into something I could have finished faster, and just take a loss when an issue where I held FIXED ended up being unfixed on the maturity date. Something to try in the future: I might be more willing to try to resell my FIXED positions at a loss if the project had more traders.

Pricing: As a project contributor, I tended to use price as a signal of my confidence in being able to get something to work. For an issue with a good description and (imho) a straightforward fix, I would offer to buy a large quantity of FIXED at a higher price, which means putting more of my own tokens at risk. This should help other participants judge the likelihood of completion of particular tasks by particular dates. The actual prices in the live, small, market ended up being quite a bit higher then the examples in the paper.

I did end up offering extremely low prices for less well specified issues. This was, I think, a useful signal for the people requesting the features. The better specified the issue, the more likely to get a reasonable offer. I don't know how this would be different in a project with more random wishlist bugs. There might be a trading opportunity for people willing to hold FIXED through the process of clarifying a feature request.

Maturities: I think a sensible "portfolio" view is important, and would like to experiment with better ones. As a random part-time contributor it was important to me never to build up too big of a workload for a particular maturity date. I did find myself making offers on an existing issue that didn't match an UNFIXED offer from a user, because I wanted a later maturity date. Offering a low price and a far-off maturity date was the best way to signal that either this issue is not comprehensible enough for me to fix, or it's too much for a single issue and needs to be split up.

I would like to see more live data on whether feature requesters try to buy UNFIXED positions on contracts with less crowded maturity dates (dates when fewer other contracts mature) to have a better chance of getting attention.

Next steps

If you're interested in trying bug futures for a live project, please let me know. I already have futures hooked up to one that's using Python+Flask for the server, and JavaScript+WebExtensions for the client. The market can also be hooked up to existing product. Currently supports GitHub but more integrations are certainly possible.

More from the bug futures series

Mostly programming, market design and incentivization material this time.

Programmers Should Plan For Lower Pay

GitHub stars won’t pay your rent

Private BitTorrent trackers are markets

Russ Allbery: Review: On the Clock

What do I mean by Skin in the Game? My Own Version

Mozilla Web DNA survey shows the biggest pain points for web developers

The Early History of Usenet, Part I: Prologue

Eller's Algorithm

Why You Never Have Time

When an SQL database makes a great Pub/Sub

Mike Hoye: Over The Line

Artificial Intelligence: Threat or Menace?

Advantage Flywheels

3 Reasons Why Building A Remote Team Is One Of The Best Decisions We’ve Ever Made

A trend for 2020?

08 December 2019

(This is a copy of an answer that I posted to a marketing list.)

There's a strong possibility that 2020 could be the year that two big trends collide.

  • Privacy opt-outs and objections, enabled by laws such as CCPA, which goes into effect on Jan. 1.

  • Public concerns over brand safety, Sleeping Giants style—amplified by the contentious online environment around the 2020 US election, and the anticipated flood of misinformation, extremist, and harassing content.

The conventional wisdom now around brand safety is that it's a manageable concern, and that it's acceptable to have a certain percentage of a brand's ad impressions end up on really heinous material on "long tail" sites and social media. This is likely to shift. Many people who are already on edge politically will realize that they can communicate their concerns in a way that brands are legally required to act on, by using the tools available to them under new privacy laws and regulations. Instead of just tweeting a screenshot of a problematic ad placement, people will be able to rage-CCPA the brand responsible.

The cost of complying with GDPR and CCPA is likely to be a factor in "flight to quality" media buying decisions.

(Related: making people cry in the stairwell: your best online brand-building value?)

A Subprime Content Crisis

Free as in … ? My LibrePlanet 2016 talk by Luis Villa

From fake news to fake views: connecting the dots on ad fraud

Improving Tracking Prevention in Microsoft Edge

Oxide Computer Company: Initial boot sequence

US-based chip-tech group moving to Switzerland over trade curb fears

Happy #buyNothingDay, and a goal for 2020

29 November 2019

Happy #buyNothingDay!

To be honest, though, I buy stuff the other 365 days of the year (2020 is scheduled to be a leap year) so I still get and pay attention to advertising.

In 2020, I'm going to see what I can do to get better ads. It seems like this is a good year to do it. Let's review. There are three ways to get an ad in front of me.

Context: pay for something I want to read

Search: deliver the ads with search results when I search for something

Personalization: place the ad based on who I am

I'm fine with the first two. Context-based advertising pays for news and cultural works.

Search advertising pays for services I use, like web search and mobile maps.

The third one, though, is a problem. The first two are positive-sum games between me and the advertiser, and have positive externalities. Personalization is a negative-sum game, and has negative externalities.

What if I treat every personalized ad I receive as a bug, and report it?

In 2020, thanks to the California Consumer Privacy Act, I should be able to opt out of the use of my personal information for ad targeting. In the long run, when advertisers figure out that I'm impossible to reach with personalization, they'll pay more for the news, cultural works, and services I want, and spend less money storing my information where it exposes me to risks like fraud and identity theft.

Here's my CCPA letter. Work in progress: California Consumer Privacy Act letter

Comments and suggestions welcome. Anyway, long weekend, longer bonus links section.

Get Started With a Web Components Grid in 5 Minutes

How Much Did Russian Spy Agencies Rely On Bitcoin? New Hints In Leaked Recordings

The End Of Ownership, Military Edition: Even The US Military Can't Fix Its Own Equipment Without Right To Repair Laws

Appellate Court Supports the Power of the State over Local Control of Housing

I Went On a Propaganda Tour of an Amazon Warehouse

Germany's CDU, Angela Merkel's Party Of Fuddy-Duddies, Decides To Join The Cool Kids: Backs Open Standards, Open Source, Open Data, Open APIs -- Open Everything

Coercion-Resistant Design: or some politics and an eleven-point technical plan for how not to be governed

CNAME Cloaking, the dangerous disguise of third-party trackers

Firing 4 Google Workers Is 'Illegal Retaliation,' Organizers Say

Senate Dems Have A New Privacy Bill That Could Be The Blueprint For A Federal Law

My remarks at the town hall on Friday, November 22

Consumer Reports Labs is hiring 8 staffers: technologists, journalists and wonks

Care About Journalism? Maybe You Should Cancel Your Newspaper

Google’s Next Moonshot: Union Busting

Ruthless Quotas at Amazon Are Permanently Maiming Employees

Firefox browser will block the IAB’s DigiTrust universal ID

Inside Shaolin Monastery, the home of kung fu and Zen Buddhism, where thousands of boys as young as 5 train to be martial arts masters

Good and not Evil: the Advent of Ethos Licensing

Republicans are buying rooftop solar. Will it change their politics?

How We Did It: Heat And Income In U.S. Cities

Worker-Owned Apps Are Trying to Fix the Gig Economy's Exploitation

How Facebook fueled a precious-metal scheme targeting older conservatives

Truth and advertising.

Ultrasound Signals – Why Epic Blocks Inaudible Audio

The billionaire behind California’s sweeping new data privacy law reveals his plans to further regulate the ad industry and fight big tech lobbyists

Why Don’t We Consider Labor-Intensive, Blue-Collar Businesses to Be Start-Ups?

20 Years After Columbine, The Mass Killing Still Isn’t Considered Far-Right Violence

GitHub is trying to quell employee anger over its ICE contract. It's not going well

The great American tax haven: why the super-rich love South Dakota

Basecamp now has a totally free version to help you manage personal projects

The everything town in the middle of nowhere

Scientists plan to flood black market with fake rhino horn to reduce poaching

In Germany, focusing on this metric let a newspaper increase reader loyalty (and subscribers too)

Even Inflation Is Worse If You’re Poor

Neural Networks seem to follow a puzzlingly simple strategy to classify images

Robots aren’t taking warehouse employees’ jobs, they’re making their work harder

Microsoft Is Going To Pretend CCPA Is The Privacy Law Of The Land – Because There Isn’t One

The wonderful world of Chinese hi-fi

Secretly Public Domain: Most books published in the US before 1964

OpenAI has published the text-generating AI it said was too dangerous to share

New York Times Will Pull Programmatic Ads From Mobile App Next Year

A Simple Question No One In Ad Tech Will Answer

Yes, progressive enhancement is a fucking moral argument

How The Texas Tribune is revamping its sponsored content (and folding its five-year-old op-ed site)

This Trippy T-Shirt Makes You Invisible to AI

Microsoft Japan tested a four-day work week. Productivity jumped by 40%

In historic shift, SALT LAKE TRIBUNE gets IRS nonprofit approval...

making people cry in the stairwell: your best online brand-building value?

26 November 2019

(point of order: I'm just going to say "brand-unsafe context" here because we already know way too much about all the worst-case places where a Facebook ad might run. Excuse the marketing speak, but I'm not getting paid enough for this blog to think any more about all the redacted on Facebook than I have to. Follow the links if you really want to read about where your Facebook ad runs.)

Facebook makes the news in unpleasant ways, but so far this hasn't had much of an impact on the company. The decision-makers who matter are the people who buy the ads, from huge companies all the way to individual small business owners typing their credit card numbers into Facebook Ads Manager. And those decision-makers are still buying ads. Revenue is up.

Facebook does some magic algorithm shit to match your ad to people likely to click on it, and some of those people click on it and buy something. And for many advertisers the price of the ads is less than the expected increase in profit driven by the buyers the ads bring in. The two possible alternatives for the Facebook advertiser so far are...

  • someone sees the ad and clicks it

  • someone sees the ad and doesn't click it. Not good, but not actively bad either.

The ad might be running in a brand-unsafe context, as Sacha Baron Cohen recently pointed out. But Facebook management doesn't believe that running in a brand-unsafe context is bad for the advertiser. The worst the users can do is not click. Facebook Has Fewer Brand Safety Controls For News Feed Ads–On Purpose.

“We don’t believe ad adjacency matters in certain environments…and we designed the platform with that in mind,” said Erik Geisler, Facebook’s director of North American agency partnerships, speaking Thursday at 614 Group’s Brand Safety Summit in New York City.

Basically he's bragging on being able to take your brand's ad and run it in whatever brand-unsafe context the worst possible Facebook user can come up with. According to Facebook, you know all that stuff that has moderators crying in the stairwell and one service company quitting the moderation business entirely? Don't worry about it because people are going to click on whatever ads run there, like nothing happened.

Even if that was true before, to be honest I've never placed an online order while crying in a stairwell, don't know about you is brand safety still not going to be an issue in 2020?

The way the game works today is that the Facebook users can click or not click. But in the near future, things get a little different. The three options will be:

  • someone sees the ad and clicks it

  • someone sees the ad and does nothing

  • someone sees the ad in a brand-unsafe context and tries to get to the bottom of it

How does the cost of dealing with people who have a problem with a brand-unsafe context affect the game? In other ad media, user concerns about brand safety can have a material effect on the market.

So here's my first attempt at a letter to send to the brand advertiser whose ads you see in a brand-unsafe context. Just like it's pointless to report a scam to Facebook, exception to that rule: reporting a Facebook scam matters if you're Craig Silverman calling for a comment on a story. Then they take care of it. don't report brand-unsafe content to them either. Just screenshoot it and send your CCPA letter to the advertiser.

This letter refers to the European and the new Kenyan law too. IMHO better to make the advertiser look up which should apply, so we can all use the same letter.

Any suggested improvements? Please let me know.

Bonus links

“We’re wounded animals and wondering if they’re going to shoot us”: Publishers have, um, cooled on partnerships with platforms

YouTube’s opening up ads for ‘edgy’ videos signals shift in brand-safety sentiment

Google Will Let Companies Limit Ad Personalization To Facilitate CCPA Compliance

The Halo Effect: How Advertising on Premium Publishers Drives Higher Ad Effectiveness

The precarious state of local news giants

NYT says it will no longer use tracking pixels from Facebook and Twitter, instead using TAFI, a new AI-powered tool, to target potential subscribers

New Research Finds Americans Support Greater Regulation to Protect Their Data Online

Ad targeting key to why internet giants face blame for undermining elections, democracy

A precious-metals scheme used fear and Facebook to trick older conservatives out of their savings

Programmatic – don’t believe the hype

linklog by email

25 November 2019

(update 15 Jul 2020: This seems to be working. Also added link to the gateway going the other way.)

This is how to get my linklog in email without an RSS reader.

  1. Go to Feedrabbit and make a free account. Check your email and follow the instructions to confirm your Feedrabbit account.

  2. On the Feedrabbit subscriptions page, click "New Subscription".

  3. Enter https://rapids.aloodo.org/feed and click "Discover".

  4. Click "Subscribe".

You can repeat for the feed for this blog, which is https://blog.zgp.org/feed.xml

If you want a gateway to go the other way (email newsletter to feed) check out Kill the Newsletter!.

Talking Points: Ethical Licenses

Old Navy will shift back to brand-building in a growing trend among advertisers

Let Kennedy be the Last President

California won't buy vehicles from automakers who side with Trump in emissions battle

Microsoft Says It's Cool With California's New Privacy Law

Adidas: We over-invested in digital advertising

Tech's new labor unrest

Is ‘Do Not Track’ The New ‘Do Not Sell’?

Benjamin Mako Hill: How Discord moderators build innovative solutions to problems of scale with the past as a guide

note on adversarial interoperability

16 November 2019

(update 11 Dec 2019: copy edit, add links.)

Read the whole thing: alt.interoperability.adversarial by Cory Doctorow.

The story of the alt. hierarchy is an important lesson about the nearly forgotten art of "adversarial interoperability," in which new services can be plugged into existing ones, without permission or cooperation from the operators of the dominant service.

Today, we're told that Facebook will dominate forever because everyone you want to talk to is already there. But that was true of the backbone cabal's alt.-free version of Usenet, which controlled approximately one hundred percent of the socializing on the nascent Internet. Luckily, the alt. hierarchy was created before Facebook distorted the Computer Fraud and Abuse Act to try to criminalize terms of service violations.

Usenet was a good example of a decentralized service that could support both free speech and commercial publishing. Usenet supported adversarial interoperability (a25y?) about as well as you can. Any individual could pick their own client software. Any site could choose which newsgroups to offer, and which other sites to share them with. Users could filter messages with killfiles, and even run their own "cancelbots" to share filtering decisions out on the network.

Usenet is also a good example of the best "white hat" case against adversarial interoperability, because Usenet isn't really much of a thing any more. Usenet spammers buried the legit users, even though many tried to fight back, as creatively as they could. Would better spam filters on the client side have helped? What if the scoring algorithms used to rank stories on Slashdot-style boards had made it into Usenet newsreaders? If Usenet had held its own, things might have gone very differently. But we lost Usenet—not because of policies and lawyers, but because spammers killed Usenet while the market incentives for developers encouraged work on web boards, which were mostly ad-supported.

I still like adversarial interoperability and agree with Cory that we need more of it. The best recent example I can think of is ProPublica's Facebook Ad Collector extension, which was later blocked by Facebook. Why was Facebook management so willing to take the bad publicity that came with hiding which users see which ads? The easy answer, of course, is that Facebook is eevill, funded by Russian interests to undermine US public health and promote right-wing causes. But when a big company does something, there's always a "because they're just evil lol" reason and a legit-sounding reason. You have to pick whether they're the real reason and the cover story, or the conspiracy theory and the real reason.

If you want the legit-sounding reason to avoid adversarial interoperabilty, here it is. The two easiest kinds of adversarial interoperability, by far, are:

  • Ad blocking: Removing advertising from a medium.

  • Spamming: Adding advertising that does not pay to support the medium in which it appears.

Twitter is a good example here. Twitter limited third-party apps and dropped RSS support, to keep third parties from offering either convenient ad blockers or ad-supported clients. (Or both: before they made the change, you could make a Twitter client that stripped out Twitter's ads and put yours in.) Twitter also bought and stifled TweetDeck, the popular third-party client.

  • The easier you make it for people to read your service with their own choice of client, the more ads they will block.

  • The easier you make it for people to post to your service with their own choice of client, the more spam they will send.

In Facebook's case, the HTML they send to your browser is a convoluted mass of HTML elements with randomized classes and ids, to make things harder for ad blockers—and either as collataral damage or on purpose depending on who you believe, for ProPublica. (In native apps, ad blocking is even harder.)

Facebook has to pull horrible, ever-changing, HTML stunts to get their ads through to the user, because those ads don't pay their way, and the people receiving them have no reason to keep them. Advertising is only sustainable when it's an exchange of economic signal for attention. In order to carry the signal needed to earn attention, an ad has to be:

  • credible

  • from an identifiable and significant sender

  • related to a market in which the reader is a participant

Only the last one might apply to social ads. On Facebook, I have no incentive to let an ad through, because I have no reason to trust it. That also applies to "programmatic" ads on the web.hey kids! scientific literature! In any ad-supported medium where blocking is the best choice for a member of the audience, then adversarial interoperability is not an option, because the obvious low-hanging fruit of adversarial interoperability is ad blocking.

It seems like we would need ads to start paying their way, and for ad blocking online to be less of a rational bargain for the reader, for adversarial interoperability to catch on.

The Early History of Usenet on Prof. Steven M. Bellovin's blog.

CCPA Means It’s An Opt-Out World Now

How Nestle is trying to trim ad tech middlemen

Consumers in control.

Microsoft will honor California’s new privacy rights throughout the United States

“Programmatic doesn’t survive in its current form”: Ad tech’s quest for an open and alternative ID

Ad tech vendor Sharethrough to shut European operations, blames GDPR

consolidation? meh.

12 November 2019

This is an answer to a question I got about adtech consolidation.

The Wall Street Journal ran a great piece by Keach Hagey and Vivien Ngo, all about how Google is finally helping to fix the design of that terrible "Lumascape" slide, by letting them add some whitespace and make the logos bigger.Who says Google doesn't do great things for graphic design? Here it is: How Google Edged Out Rivals and Built the World’s Dominant Ad Machine: A Visual Guide - WSJ

So, is adtech consolidation bad for publishers?

Not really. Adtech consolidation is overdue. Any normal Internet business would have consolidated a long time ago. (Ever notice you get mostly Zoom meeting invitations now, and not links to rival conferencing systems?)

What matters is the adtech/publisher split.

  • In a sustainable ad-supported business you have a split of about 85% publisher/15% intermediaries.

  • The web is 40%/60% with the publisher getting the small slice.

It doesn't matter if the 60% goes to one company, a few companies, or a Lumascape with thousands of companies. It's still unsustainable for the publisher. When publishers look at the diagrams showing multiple advertisers bidding for an impression on their sites, they're ignoring the other side—the same advertisers bidding for the same user eyeballs on cheaper sites.

Content is commodified, the publisher lacks market power to command a decent price for ads delivered to their own audience, and no tweaking of market share in the adtech business will change that. Real-time bidding works today because too many people have the user's data, and can target them.

Today's big tech companies come at every problem with the same tool: take whatever business is adjacent to me, and try to turn it into a commodity. That works great when your product is an internet service and the business adjacent to you is an operating system. A copy of Linux is a commodity, but it's actually worth more than a copy of HP-UX or Solaris.

But commodification is not the highest value model for the advertising business, which depends on feedback between brand equity and content reputation. Brands are worth more in a market with high-value content sites, and ad-supported content sites are worth more in a market with high-value brands. So what matters to the publisher is not the number of adtech vendors participating in the market. What matters is the number of saleable ad impressions that are in direct competition with your ad impressions. (A site trying to sell an ad on a story that cost $10,000 to report, edit and shoot is competing against a site running an ad on a recycled racist cartoon or a pirated Nickelback song that cost them nothing.)

Adtech's job is simple: to facilitate putting impressions on cheap content into the same market as impressions on expensive content. It might matter a little bit how many companies are involved, but that's not the main story. The survival of any ad-supported site depends on market power, and part of reclaiming market power is making it harder or more expensive to reach your same audience on cheaper sites. That depends on privacy tools and regulations.

The good news is that CCPA is coming January 1. CCPA is not just a compliance issue or a cost center. If we handle it right, it's a way to reclaim some market power by limiting the number of saleable ad impressions on low-reputation sites.

Targeted ads are one of the world's most destructive trends. Here's why | Arwa Mahdawi

How big tech is dragging us towards the next financial crash

‘There is a trade-off’: How Immediate Media is preparing for a cookie-less future

Advertisers emerge as buyers for ad tech

The Death of the Rude Press

Google's civil war

It’s shockingly difficult to escape the web’s most pervasive dark patterns

Farewell, Twitter political ads.

30 October 2019

I see that political ads on Twitter are supposedly going to not be a thing any more, so I just wanted to share some that I remembered to save.

You're welcome.

I don't remember getting candidate ads on there, just issues and astroturf. All misleading, of course, because the main benefit of targeted advertising is that it faciliates sending deceptive messages while avoiding law and norms enforcers. I don't remember getting any honest political ads on Twitter, so probably a good move.

Stop explaining black box machine learning models for high stakes decisions and use interpretable models instead

We easily ran blatantly misleading ads about hot-button political topics like immigration and gun control, and Facebook failed to catch them

Facebook Allows Prominent Right-Wing Website to Break the Rules

"If it’s not clear already, then it must be said: Facebook is a right-wing company."

For Some Reason, We Can’t Find a Single Leftist Mark Zuckerberg Invited to His Dinners With Pundits From “Across the Spectrum”

Censorship-resilient apps with Progressive Web Applications

Duck season! Wabbit season!

22 October 2019

I don't know if it's Duck Season or Wabbit Season now, but starting Jan. 1 it's creepy database marketing company season here in California.

This doesn't mean that we can just use the opt-out flow that's easiest. The surveillance marketers are already working on a way to make people feel like they're doing CCPA, and to make things harder for publishers, but without affecting the bigger players. The IAB CCPA Compliance Framework for Publishers & Technology Companies is out, and it enables you to signal an opt-out only for the site you're on. Not what we need, because it doesn't do anything about the party that actually holds the data, and that's where the opt out or data deletion demandI know the law says data deletion request but if you're not allowed to turn me down then I'm not requesting. needs to go. Places like

  • Oracle Data Cloud

  • Acxiom

  • Experian Marketing Services

  • LiveRamp

All the companies on this CCPA todo list. If you want advertisers to buy you better ad-supported content, you have to starve them of the targeting data they need to reach you on crappy content, or in social media and native apps. Which means focus on the DMPs, not the peripheral ad targeting. Anyway, we should be able to make CCPA flow a lot easier. Here's a button to help me test something to do that.

Two more things.

Anybody with a clean whiteboard can design a better web advertising system than what we have now. The hard part is incrementally getting ad-supported publishers from the current shitshow to the new system before they run out of money.

Solutions to the surveillance marketing problem have to be built for real people, not for a fully-informed, rational Homo economicus. Two pieces of irrational behavior you can count on, and that the solution has to take into account.

  • Users won't pay for privacy even when it's cheap.

  • Advertisers won't pay for context even when it's valuable.

(The first makes sense if you consider that we consider surveillance marketing as something that the other side is doing wrong and we expect norms violators, not the people affected by the violation, to bear the cost. The second one seems to be a lot more complicated.)

50 ways to leak your data: an exploration of apps’ circumvention of the Android permissions system

Telcos And Rupert Murdoch Pushing Nonsense Story That Google Helping Keep Your Internet Activity More Private Is An Antitrust Violation

The NSA General Counsel's Proposal for a Moonshot

When Two of the Biggest Names in Ad Tech Merge, What Comes Next?

Same-Site Cookies By Default

Europe’s top court says active consent is needed for tracking cookies

Beans, botulism, and brand safety

17 October 2019

Everyone is writing long thoughtful pieces about how some social media company CEO should do this or that.

What a waste of carpal tunnels. Social media CEOs know what they're doing about as much as Clostridium botulinum knows that it's giving people botulism.

If your brand is all about canned beans, and you find out that some of the the cans have C. botulinum in them, you don't write a long think piece about how C. botulinum should carefully consider its impact on human health. You don't go to a conference and get on a panel about how botulism is an industry-wide problem. You don't invite C. botulinum to give a talk at a college campus.

Brand safety is a little behind food safety, though. For a long time, think pieces and conference talks have taken the place of action, while brands end up in worse and worse places. That is the brand marketer's responsibility. David Kohl writes,

[A]dvertisers have the power to reduce the spread of misinformation by withdrawing media dollars from platforms that enable its distribution. Consumers are nearly three times less willing to associate with brands that advertise alongside unsavory, offensive content (see Magna’s Brand Safety Effect). And according to Edelman, 48 percent of consumers feel it is a brand’s own fault if their advertising appears near inappropriate social media content. Simply said, advertisers put their brands at risk by placing their media budgets in the hands of platform providers that fail to take full responsibility for the content they distribute.

Starting in 2020, when a brand runs an ad on social and it ends up sponsoring a death threat against a journalist, or a video of someone abusing their kids, or a domestic terrorist recruiting page, the people who made that bad advertising decision are going to find out. Starting in 2020, California gets the California Consumer Privacy Act (CCPA).

When people see brand ads running on all the evil shit that the social media companies are pushing out, they're not going to fill out some ToS report form when CCPA is available. And those CCPA demands will come to the brands responsible.

Which is great news. Handling CCPA demands is likely to be costly. So avoiding them gives everybody a reason to do the right thing, and move ads away from problem activities. Brand safety and isn't just another marketing checklist item. Do it right and it's your ticket to getting on the right side of history.

There’s Hope for Local Journalism

Google continues its offensive, but we’re all smarter now

GPG agent timeouts

05 October 2019

This is to see the GPG passphrase dialog pop up less often. Probably a security win because every time I get prompted for a passphrase there is a risk that I will fumble-finger it and type the passphrase into a chat window instead.

In $HOME/.gnupg/gpg-agent.conf

default-cache-ttl 28800

What I really want to be able to do is make ssh-agent and gpg-agent forget their keys before the machine suspends. Looks like Running scripts before and after suspend with systemd is a good way to do that.

Also, hey, kids, paper!

market for trading software issues | Journal of Cybersecurity | Oxford Academic

Open source software forms much of our digital infrastructure. It, however, contains vulnerabilities which have been exploited, attracted public attention, and caused large financial damages. This article proposes a solution to shortcomings in the current economic situation of open source software development. The main idea is to introduce price signals into the peer production of software. This is achieved through a trading market for futures contracts on the status of software issues.

(by Rao et al., and yes, I'm one of the "et al.")


SQL queries don't start with SELECT

4 ways KaiOS is spurring new interest in mobile development

Moving Your JavaScript Development To Bash On Windows

ORMs are backwards

Fuzz rising

Write Fuzzable Code

Sushi Roll: A CPU research kernel with minimal noise for cycle-by-cycle micro-architectural introspection

When should you be using Web Workers?

Broken by default: why you should avoid most Dockerfile examples

Tests that sometimes fail

Open source businesses, meet the real world

25 September 2019

(Update 7 Oct 2019: add link to James Vasile article, minor copy edits.)

Previous: the Linux device driver hacker's guide to giant Internet monopoly dominance

Big Tech companies as we know them are mutated versions of the open source software business. This looks like a big cultural win for the open source entrepreneurs of the 1990s. But the problem is that open source business models can be a rational choice in the software business, but in other businesses, not so much.

Nobody is the villain in their own story, and Big Tech management generally doesn't make decisions that look creepy and evil because they actually are creepy or evil. They're just running the pattern that beat the last few levels.

The problem they're solving is that in the software business, the absolute worst place for a marginal dollar to end up is at another software company. You would rather see money burn up in a fire than see another software company get it. If another software company got it, they would use it to sue you, or build network effects in their own product adjacent to yours to squeeze you out, or whatever. So the pattern you end up developing for self-defense is open source. Open source is a great defensive tool in software. Turn the product categories adjacent to yours into low-profit commodities, and keep money out of the hands of other software people.

If you keep growing the open source model you get today's Big Tech. Decisions that look shortsighted or just plain evil are understandable if you look at them from the Open Source entrepreneur's point of view: Every business adjacent to mine is either a low-margin commodity or an existential threat.

When the business adjacent to the Big Tech company is in individual independent contractor, you get the gig economy and the precariat. Besides the gig economy, though, the biggest example of Open Source patterns influencing other areas is the commodification of content sites. Surveillance marketing, for the Big Tech platforms, is not about the surveillance. User surveillance is just a commodification tool, like an open source software component is. User tracking has value to Big Tech because it makes the content site into a commodity source of the same eyeballs you get get anywhere, and drives ad profits to the platform that enables the tracking.

The problem with the commodification strategy is that it works great for software, where it's safe to assume that every company in every area adjacent to yours is run by a douchebag software CEO, but it's suboptimal for types of business in which having a strong company adjacent to you is an advantage. If Big Tech management ran Chevron, they would give out free clones of the 1970 Plymouth Belvedere that get 8 MPG, and everyone would be all on about how there is no money in the car business. Brands, content sites, and ad agencies are an example of a set of businesses in which a viable company in one category actually boosts the companies in adjacent categories. Approaching this kind of situation with the oversimplified view of commodifying everything is leaving money on the table.

Next: The surveillance economy is more like the commodification economy

The troll playbook has shifted since last election and reporters are on to it

Housing Companies Sued for Age Discrimination Over Facebook Ad Targeting

Can The Washington Post Take Ad Dollars From Facebook? It Hopes To, With Zeus Prime

Supply-side platforms want to deal with advertisers directly

Margrethe Vestager’s vast new powers

4 Reasons Why News Media Will Thrive In The Wake Of Privacy Regulation

will ITP and ETP kill traffic arbitrage?

12 September 2019

Today, Traffic Arbitrage is a profitable scheme.

  • Make a crappy site full of cheap clickbait content.

  • Load it up with programmatic ad slots.

  • Buy content recommendation widgets, or Chumboxes on legit, high-traffic sites.

  • Any time someone clicks through from a legit site, show them a bunch of ads, including high-CPM video ads.

The reason that this model has worked so well is that with programmatic advertising, impressions on the crappy site are worth something. The user from the legit site brings along the same third-party tracking cookies that their browser sends to everybody. So a legit advertiser is likely to bid to reach them.

The publisher of the legit site gets some of the revenue—they get paid per click on the chumboxes—but they don't see the revenue lost because they're now competing for programmatic bids with the lower-cost sites that they're sending traffic to. The tragedy of the chumbox is that all the legit publishers would be better off if nobody could do traffic arbitrage, but the first legit site to stop participating in traffic arbitrage loses.

Now browsers are blocking the third-party tracking that enables traffic arbitrage. First Apple Safari ITP, now Firefox ETP, soon Microsoft Edge.

A legit site that can persuade users to subcribe or sign in now has significantly more data on its audience than a crappy site where people are unlikely to share their information. Traffic arbitrage schemes are being starved of data, which should start to show up as lower RTB bids on their sites, and higher bids on legit sites.

There are uses for content recommendation widgets other than traffic arbitrage, and it will be interesting to see how the content that gets recommended on them changes as traffic arbitrage schemes get squeezed out.

This isn't the last move in the game, of course. For large Internet platform companies, privacy violation is not required, but a means to an end. The business model for platforms depends on capturing an ever-larger share of ad revenue by commodification of the content business, and violating user privacy expectations is the easiest, 1.0, way to do it. It may be possible to construct a user data scheme that both commodifies content and preserves user privacy, so the interests of legit publishers are aligned with, but not identical to, the privacy interests of their readers.

How ad tech is adapting to the pivot to privacy

Eating. At ourselves.

‘The risk is so low as an advertiser’: Some publishers are making more money from Apple News

Browser Fingerprinting: An Introduction and the Challenges Ahead

How YouTube Came to Promote Fascism

‘The math is wrong’: Publishers grumble about Google’s ad targeting research

A year in: How agencies have adapted to a world without Google’s DoubleClick ID

Beyond the cookie: Publishers flirt with generating identity-based user consent

Advertising casualties of the pivot to privacy

On proposals affecting the privacy of web architecture

Open source funding and risks

03 September 2019

Read the whole thing: Recap of the funding experiment by Feross Aboukhadijeh.

Unfortunately, when open source people say things like...

Maintainers do critical work which enables companies to create billions of dollars in value, yet we capture none of that value for ourselves.

Does it have to be like this?

I’m not arguing that maintainers should start capturing all of the value that we create. But we shouldn’t capture literally none of the value either. The status quo is not tenable.

I would love to find a way to help maintainers capture at least a bit of the value we create so that we can happily continue to write new features, fix bugs, answer user questions, improve documentation, and release innovative new software.

...what people who use open source in business are hearing is more like...

We're getting a lot of software value for nothing! Fist bump!

A simple appeal to do the right thing is not something that, as a downstream user, you can put in your budget.

When you use under-funded open source software, there is always a risk that if the maintainer doesn't get paid, they will either burn out or go get a high-intensity job and let their project fall on the floor. Can you justify paying open source maintainers in order to protect yourself from this risk?

That's a little more promising, but two areas need to be addressed.

  • Is the risk quantified? I can measure a software project's value to me, but not the probability of the maintainer quitting in the absence of support, so I don't know the total size of the risk. If I can't quantify the risk, I can't justify spending to avoid it.

  • Can I measure the benefit of participating? I don't know how much my choice to fund the project reduces the risk. I could put in my $100, see that the developer still can't live on that, and end up incurring just as much cost to replace the open-source dependency as if I had not invested.

IMHO we need better market design in order to deal with those two problems. I personally think that models based on dominant assurance contracts and/or futures markets are promising (more on that later) but just banning an interesting idea after its first deployment is counterproductive.

the Linux device driver hacker's guide to giant Internet monopoly dominance

23 August 2019

I recently found out that Linux Journal, where I was editor-in-chief for a while, is shutting down. This might seem natural, because considering all the places you find Linux—from the largest cloud services and supercomputers to the cheapest smartphones—it makes about as much sense to have a Linux Journal as it would to have a magazine called Air Breathing Aficionado. For what it's worth, MSDN Magazine is shutting down too. Are operating systems just boring commodities now?

Yes, but that's not all.

In 1994, Randolph Bentson wrote a Linux device driver for a Cyclades serial board. This piece was before my time as editor. This probably didn't seem like a big deal at the time, but it was a key event in how the Free Software scene grew into the open source software business, and then the Internet business, as we know them.

Device drivers used to be proprietary software that came on a floppy or CD-ROM with the board. What Cyclades came up with was a good early example of what Joel Spolsky later called commoditizing the complement. Eliminate many costs of keeping the software proprietary, push the maintenance programming into the open, and lower the total cost of ownership of the device. Most of the major hardware companies ended up making the same decision. Today, the operating system is an inexpensive commodity, and most hardware firms have dedicated kernel teams to keep the free part of the software/hardware combination working. This keeps the whole product (Linux plus Linux-supporting hardware) attractively priced.

The Linux business is built on ruthless commodification, and would not be a business without it. Tim O'Reilly pointed out that it's a good example of Clayton Christensen's "Law of conservation of attractive profits." Red Hat was the survivor of a crowded Linux distribution market largely because of its committment to work upstream and offload as much code review, testing, maintenance programming, and version control as possible. The OS market is a tiny fraction of what we thought it would be based on the way things were headed in 1998. Yes, individual Linux developers are well-paid, but the OS business? The ubiquitous OS license price, on both client and server, is $0.

An even bigger commodification shift came later, when server hardware became a commodity too, driving all the attractive profits to the service business. Big Internet companies as we know them grew out of the Linux scene, where the mandate to commoditize everything that you don't directly make money from is so obvious that people rarely even discuss or acknowledge it.

Commoditizing the operating system was only the first few levels of the game. Google, for example, beat level one of the game by installing racks of janky-looking Linux boxes instead of proper servers with licensed Solaris or whatever on them, then beat level two by commoditizing the mobile OS. But it's not just Google, and it's not just OS and hardware. Today's tech business is not so much about technology any more. It's more about applying the principle of commodification, learned from Linux, to everybody else's work, whether by investing in building network effects to take over services formerly run by local businesses or enforing arbitrary rules on video creators while aggressively using recommendation algorithms to drive users to "fresher" content.

The commodification play in web publishing is to control the data on who is looking at something, in order to drive the profit out of where they look at it. This doesn't necessarily work so well, but whether or not tracking-based ads work better isn't the point. They only have to work well enough to drive the web content business into the commodity category with the cover bands from Amazon Prime Music. The only real opposition comes from publishers and privacy developers. Privacy developers don't want users followed from one site to another, and publishers don't want their audience's eyeballs sold somewhere else.

The optimistic view is that better privacy in the browser will help us beat commodification. If everything works out just right, privacy in the browser means that nobody can get trustworthy data about ad impressions on random sites, which means no more infinite online ad inventory, which means that advertisers have to board the flight to quality to sites known to be trusted by their users. Then increased market power for those publishers means more expensive advertising, which means more signaling power for brands. Signaling power, if used right, builds brand equity, which means brands can spend more on ads, so they increase signal by contending to support obviously expensive content. This effect is responsible for the kind of ad-supported media that's worth real money offline, so let's make it work for the web too.

But what about the low bid problem and the crappy ad problem?

Advertisers bid less for ad impressions without tracking data when impressions with tracking data are available. According to one Google study, Based on an analysis of a randomly selected fraction of traffic on each of the 500 largest Google Ad Manager publishers globally over the last three months, we evaluated how the presence of a cookie affected programmatic revenue. Traffic for which there was no cookie present yielded an average of 52 percent less revenue for the publisher than traffic for which there was a cookie present. Lower revenue for traffic without a cookie was consistent for publishers across verticals—and was especially notable for publishers in the news vertical. For the news publishers in the studied group, traffic for which there was no cookie present yielded an average of 62 percent less revenue than traffic for which there was a cookie present.

The paper Consumer Privacy Choice in Online Advertising: Who Opts Out and at What Cost to Industry? by Johnson, Shriver, and Du finds 52% less revenue for impressions to users who deliberately opt out using an industry site.

The crappy ad problem is related. If the ad network doesn't know that you're an affluent car shopper, you're not going to get the professionally shot photo of a BMW on a scenic road. Instead, you're going to get ads for FREE* LIVER FUNGUS CURE!!!1! (just pay shipping, order auto-renews weekly).

These two effects are visible when impressions with and without cookie data, reaching a similar pool of people, are available in the same market. It would, however, be unrealistic to extrapolate from this to get to the conclusion that the result of protecting a large fraction of an audience will be that ad budgets intended to reach those people will go down by 52%. Jonathan Mayer and Arvind Narayanan point out that after GDPR, The New York Times cut off ad exchanges in Europe, and kept growing ad revenue, and that another study showed only a 4% revenue boost from behavioral tracking. (Measuring normal RTB bids against artificially cookie-blocked RTB bids seems like it would not detect a flight to quality.)

As privacy protection gets better, sites will have options to fix the low bid problem without commoditizing the content site by leaking user data. Context-based ad placement technology is still catching up to user-tracking-based technology.

We now return to the Internet Optimism already in progress

Nobody wants to be stuck being the commodity, and with decent privacy in the browser, the content site doesn't have to.

That's the basis for cooperation between privacy-protecting browsers and sites trusted by their readers. Former Mozilla COO Denelle Dixon writes, on the Digital Content Next site, In short, behavioral targeting will become more difficult, but publishers should be able to recoup a larger portion of the value overall in the online advertising ecosystem. This means the long-term revenue impact will be on those third-parties in the advertising ecosystem that are extracting value from publishers, rather than bringing value to those publishers.

I have been talking and writing about the alignment of interests between privacy developers (who don't want their users' activity from one site following them to another site) and publishers (who don't want to leak their audience data) for quite a while. But privacy and publisher market power are two parallel causes, not one big movement. The commoditizers have a lot of skill and time to put into splitting the alliance that puts publishers on the same side as privacy developers. Can the Internet ad duopoly do something to satisfy privacy demands from users and regulators without ceding market power to trustworthy sites? Two proposals.

  • Fraud Resistant, Privacy Preserving Reporting Using Blind Signatures is a system to prove that a likely human visited a site, without giving the advertiser enough information to show that a certain user visited a certain site.

  • Federated Learning of Cohorts(FLoC): We plan to explore ways in which a browser can group together people with similar browsing habits, so that ad tech companies can observe the habits of large groups instead of the activity of individuals. Ad targeting could then be partly based on what group the person falls into.

If they can't track users individually, they'll still try to figure out a way to get high-value ad impressions from known human eyeballs at random sites, and commodify publishers that way. But that depends on getting the privacy developers to decide to be fine with this kind of scheme.

The good news is that privacy developers tend to be generally sympathetic to the publishers, because positive externalities and stuff. But we're still facing the risk of privacy-acceptable but anti-publisher user data handling schemes. Privacy developers need help to keep any new privacy technology aligned with the interests of whatever publishers their users choose to trust. That means we have to commit to more ongoing coordinated open source development, with publishers who want to stay out of the precariat using and testing the same code as browser and tool developers who want to keep their users safe.

The other good news, now that I think about it, is that they're now paying the privacy/publisher alliance the ultimate compliment, by trying to split it. We're on to something here.

Continued: Open source businesses, meet the real world

links for 19 Aug 2019

19 August 2019

Do you agree that Brands, And Now Publishers, Must Get The Message About Programmatic Creative? Or have we gone "Beyond Copy"

Bruce Schneier has a great piece on the Influence Operations Kill Chain but it misses one step. What if a social network is so committed to getting a cryptocurrency approved that the moderators end up coming in on the misinfo side? And a reality check on filtering: Facebook is already flooded with fake Libra cryptocurrency scams. If they can't filter out ads about their own brand, based on photos of their own CEO, what can they do for political ads where the creative can be more varied? And will they even want to?

If you advertise on Facebook, read this: Trauma Counselors Were Pressured to Divulge Confidential Information About Facebook Moderators, Internal Letter Claims And if you don't advertise on Facebook, go ahead and feel a little more satisfied with yourself. You're doing a great thing for our country.

Q: Why don't you ride your bike in traffic? It's convenient, fun and great exercise!
A: Man Caught Playing Pokemon Go On Eight Phones In His Car

Apple will soon treat online web tracking the same as a security vulnerability. Apple: 'We'll treat sites like malware if they break ad tracking rules'. WebKit’s new anti-tracking policy puts privacy on a par with security. (The message here is that if you want to track Apple's users, move them to your private island and hunt them, I mean make a native iOS app with tracking SDKs.) And ICYMI: Introducing tracking prevention, now available in Microsoft Edge preview builds

Most EU cookie ‘consent’ notices are meaningless or manipulative, study finds. In other news, ursine defecation observed in forest environments.

Can CCPA Be a Good Thing for Marketers? Now, we need to prove that the data is being stored, managed and used with the utmost integrity and privacy safeguards possible. Regulations like GDPR and CCPA provide the opportunity for marketers to become accountable for this process and allow us to step up and show what great stewards of data we are. More CCPA: Why the CCPA's 'verified consumer request' is a business risk. IMHO CCPA will do for marginally useful PII in Marketing what the Resource Conservation and Recovery Act did for marginally useful hazardous materials in manufacturing—make it easier to just get rid of it and update your processes to do without.

Digital buzzword watch: contextual. The halo effect is real: New research confirms that ads perform better in quality contexts, How quality content separates publishers from ad streams, New Study Shows That All This Ad Targeting Doesn't Work That Well, Contextual Targeting’s Coming Renaissance

The new browser consensus and SSO

28 July 2019

(Update 24 Sep 2019: add link to IsLoggedIn. Update 20 Sep 2019: copy edit. Update 14 Aug 2019: Add link to Safari's policy)

(Disclaimer: I work for Mozilla. Not speaking for Mozilla here.)

The first result of the browser privacy trend is a growing difference between how the browser treats two kinds of third-party data collection.

  • third-party data collection that happens when the user chooses to use information from one site on another site

  • third-party data collection that happens when a site or service, without an action from the user, tries to use information about the user's actions from one site while they're using another site.

Any third party interaction that the user knows about is supposed to keep working. But hidden tracking pixels, scripts and any technology that tries to implement tracking without user interaction are all supposed to stop working.

Protections to implement this are still in progress, but this clearly the direction Safari, Firefox, and now Microsoft Edge are going. We now have the same kind of rough consensus on user expectations about tracking that we developed pretty early on in the email spam situation. This consensus is based on extensive user research. (Why browsers took so long to listen to people about what they find creepy is another story.)

An example of a protection step that's common across browsers is the the Storage Access API. This gives browsers a way to allow third-party scripts to use cookies and LocalStorage, but only if the user takes action. Apple Safari, Mozilla Firefox, and Microsoft Edge are all involved. (hashtag #worldsFriendliestBrowserWar)

The WebKit Tracking Prevention Policy used by Apple Safari, says

Merely hovering over, muting, pausing, or closing a given piece of content does not constitute an intention to interact.


We consider certain user actions, such as logging in to multiple first party websites or apps using the same account, to be implied consent to identifying the user as having the same identity in these multiple places. However, such logins should require a user action and be noticeable by the user, not be invisible or hidden.

The Mozilla anti-tracking policy is similar.

For sites, what this means is that SSO and registration walls are relatively safe. If the user is clearly presented with "Sign in with (identity provider brand)" and there is a button the user has to click the first time they go to the site, that SSO system should keep working. The user knows that they're using it, and clicked the logo of the provider they "sign in with." A proposed API, IsLoggedIn, from Apple Safari developer John Wilander, would make it easy for a site to check logged-in status from JavaScript.

If the user can't see the way that multiple sites are trying to use the same information about them, then that flow of data across sites is likely to get blocked, whatever the technical implementation is. This is likely to be good for the relative market power of sites that people trust more, if it turns out that people are more willing to "sign in with" (and obviously share info about themselves) on their trusted sites than on a random site that their uncle sent them a link to.

More on this: Will ITP and ETP kill traffic arbitrage?


Cookies and other tracking devices: the CNIL publishes new guidelines

What happened when Congress looked into data brokers almost 50 years ago

The Washington Post is preparing for post-cookie ad targeting

AdTech Sucks: This Time It’s Personal IDs

Uber’s Latest Lawsuit Calls Out Agencies, Advertisers and Now Ad Tech

informing brand advertisers

23 July 2019

What's the weakest point in the chain of deception and abuse coming at you over the Internet? Maybe the brand advertisers who pay for it.

This is a random list of projects that help inform advertisers of what their ad budgets support:

Any others?

Fun with consent cookies and meta tags

01 July 2019

This blog has GDPR consent management on it. (I'm running OIL.js which is open source.) That's the cookie dialog you probably saw on your first visit, or every visit if you clear cookies or use private browsing mode.

As any web user knows by now, the consent dialogs as currently used have a bunch of problems. Consent management platforms (CMPs) are behind on both UX and accuracy.

  • They're annoying, especially on small screens.

  • They don't accurately capture what the user really intends to consent to. They're more like "click to make this stupid dialog go away" management platforms.

If your site has to do consent management, and uses a CMP, there is a solution, currently being tested as a browser extension. Global Consent Manager does a couple of things.

  • First, it will temporarily populate your consent string (using the Interactive Advertising Bureau's own Transparency and Consent Framework) with a value indicating "no consent." This is equivalent to visiting the site the first time and drilling down to some consent managemnt screen and choosing all "no".

  • Later, if you show that you're interested in the site, Global Consent Manager removes the temporary "no consent" and allows the site or the CMP to present the original consent interface.

For a site, why would you want users doing this instead of capturing all the consent you can as soon as you can? Look at the engagement study. People stay engaged with a news task longer when they don't have to provide consent for everything up front. (This idea is totally borrowed from LinkedIn. They don't make you fill in your whole profile at once before you start using the site. They let you try it first, then prompt you for more info when you're more likely to think it's worth the exchange of value for value.)

Smoother consent management UX sounds great, but how do we scale it? How can Global Consent Manager, and future next-generation consent handling features in browsers, tell which of a site's many cookies is the consent cookie, and what to set it to?

I suggest a pair of meta tags.

meta name="consent-location" -- Name of the consent cookie. (Or could be extended to support other ways to persist the consent information.)

meta name="consent-format -- Format of the consent string. Oil.js has a little extra JSON around the IAB TCF string, so we need to handle that and any other CMPs that do their own thing.

More testing coming soon. The meta tags are on this page now, and I'll make some more test pages with different variants.

Consumers Are Becoming Wise to Your Nudge

‘Siphoning off the crap’: Agencies prioritize buying premium content directly on YouTube

Firefox Will Give You a Fake Browsing History to Fool Advertisers

How to Speak Silicon Valley

‘Only enforcement will bring change’: Ad tech responds to regulator’s GDPR warning

‘We expect to see change’: ICO warns ad tech not to flout GDPR

At Work, Expertise Is Falling Out of Favor

Why Google’s Advertising Dominance Is Drawing Antitrust Scrutiny

Why we moved our servers to Iceland

Reporting scam ads to Facebook: counterproductive?

23 June 2019

Scams and political misinfo are bad, so why not report them?

What follows is a version of my long email response to a question about why I think that reporting problem content to Facebook is a bad idea, at least here in the USA. Complaining about Facebook is fine, but complaining to Facebook, not so much.

That's because as of 2019, it's almost like there are three Facebooks in this country, from the user point of view.

Purple state Facebook: I wish I could predict otherwise, but this is going to be a bigger and bigger fraud and foreign misinformation operation leading up to the 2020 election.

In some countries, doing moderation might be a way to build goodwill with the government. But here, the current US administration gives foreign operations some of the credit for getting elected. Meanwhile, Facebook needs to get an ambitious new cryptocurrency scheme approved by that very administration. Which means nobody at Facebook can do anything serious about the foreign misinfo problem, at least as it affects the people that the re-election campaign wants to reach. They'll have to handle anything pro-reelection with an extremely light touch, or face a regulatory mess that will keep them out of the money-printing business.The good news is that these two assembly line workers can get a break from the "useless jobs" meme, and whoever is in charge of pretending to moderate Russian troll accounts for Facebook can have a turn.

Red state Facebook: At first I thought that that Facebook could mostly ignore the red state people, or just let skeevy PACs raise money from them, because they live in states that are already safely in the re-election column. But red state people have a valuable role to play. When Facebook kicks some of their favorite personalities off the service, the role of the red states is to complain loudly about it, and even threaten regulatory action, to help make it look like Facebook is even-handed or leaning moderate liberal, to the remaining audience, which is...

Blue state Facebook: This is where the prospective employees live, or are willing to move, and also where you'll find the decision makers at the major advertisers. But both of these groups are more comfortable with a company that has international appeal, so Facebook somehow has to look “brand safe” in order to keep them on board. That's where Grigory Potemkin's paint and trim crew, I mean the Facebook advertising "transparency" operation, comes in.

The kind of people who might work for Facebook, or advertise there, get targeted for a dramatically different experience from what the regular people do. How many Facebook employees are embedded with the Presidential re-election campaign these days, anyway? And how many are planned to be there at the peak? IMHO some reporter should ask that. And much of the documentation that Facebook makes public about its political misinformation problem is a read-between-the-lines instruction manual on how to do political misinformation without letting the brand advertisers see it.

Regular people get quack miracle cures and massacre-your-neighbors campaigns, while CMOs get ads for luxury resorts and martech services. Of course the CMOs are going to be fine with advertising there. But no ad targeting system is perfect, and occasionally some of the nasty stuff leaks through where blue state people can see it, which means a recruiting problem to start with, and maybe even an advertising problem. (Although as far as I can tell, CMOs are pretty easy to keep in the dark, safely reassured about how they can stay brand-safe and moderate even while supporting a company that's already locked in as a division of the re-election campaign.)

When Facebook asks you, a blue state person, to please report things, that's where you come in. They're looking for help spotting it when the bad stuff that goes out to regular people leaks into the sanitized version of Facebook seen by advertisers and prospective employees. Anyway, long answer, but that's why I don't report problems to Facebook. When a drop of the purple-state crapflood leaks through to me, I post it publicly and/or send it to an advertiser instead.

Millions Of Business Listings On Google Maps Are Fake—and Google Profits, by Rob Copeland and Katherine Bindley, Wall Street Journal

Lego marketing chief says challenge with online ads is that so much content is 'damaging' to kids

Can This Coalition Between Agencies, Brands and Tech Giants Make Our Online World Safer?

Facebook moderators break their NDAs to expose desperate working conditions

The Predator in Your Pocket: A Multidisciplinary Assessment of the Stalkerware Application Industry

Create A Cookie Rewrite Web Service Using The Google Cloud Platform

AdTech Sucks

Can You Trust A Company In 2019?

in the future

12 June 2019

What's in the box? What did you order?

I haven't ordered anything in a while. I'll open it.

Just one item. It's shaped like a kettlebell, but smaller. It's covered with tiny buttons like a scientific calculator. Each button has a person's headshot on it. Looks like they're all members of 1980s hair bands.

Can you use it as a kettlebell anyway?

No, it's too small, I can't get my fingers between the handle and the ball part. And it's really light. And none of the buttons move. They're not hooked up to anything.

What is it?

It's a metabolic product of the data-driven economy. Bots browse for stuff to generate ad clicks. As a side effect, they visit product pages and pretend to show interest. Marketing algorithms discern product preferences from this. Product design algorithms put out contracts on gig sites, to hire designers to draw up plans for all the parts. And contract manufacturing algorithms have the products made and drop-shipped. Some bots must have gotten stuck in a loop of digging on kettlebells, calculators, and vintage MTV.

That's all fine, but why did you pay for it?

Probably one of my devices got compromised and told another device to order it. At least if my stuff is under the control of a botnet that's making money by ordering stupid shit for me online, they'll keep my devices safe from the botnets that order Fentanyl from overseas and hire kids to steal it. Or worse.

Are you going to send that thing back?

I don't think so, now. It's oddly reassuring. As long as I keep getting this kind of stuff I'll know there's a botnet looking out for me.

Wealthy people and corporations have so much money they don't know what to do with it

I left the ad industry because our use of data tracking terrified me

The problem with Amazon and Open Source isn’t Amazon

YouTube pushes children's videos to pedophiles through content recommendation engine

There Is Too Much Stuff

In a Constantly Changing San Francisco, Change is Constant

Some minor blog fixes

08 June 2019

Just cleaned up some CSS on this blog, so if you missed the post about making ASCII Art work with responsive layouts, check it out now. The examples should work better on small screens now, and the overflow on bigger screens should do the right thing.

Also ran linkchecker and fixed the permalinks that got broken when I updated some JavaScript dependencies. (Whee.)

That's about it.

The Making of a YouTube Radical

How YouTube’s recommendation system has become a haven for pedophiles.

Report: Ad fraud to hit $23 billion, isn't going down

Facebook found hosting masses of far right EU disinformation networks

Why a U.S. federal privacy law could be worse than no law at all

Digital Doppelgängers Fool Advanced Anti-fraud Tech

Inside Google’s Civil War

California Attorney General Plans Few Privacy Law Enforcement Actions, Telling Consumers to Take Violators to Court

How to Spot the Latest Disinformation Campaign

Advertisers have stuck with Facebook through years of scandals. Here are 6 things that would need to change for them to abandon it.

Content Moderation At Scale Is Impossible: Facebook Still Can't Figure Out How To Deal With Naked Breasts

they always told me I had a face for radio

07 June 2019

On a podcast with Katherine Druckman and Doc Searls at Linux Journal.

Some of the stuff we talked about...

advertising and signaling

Doc: The latest Firefox does block third party tracking. And that's a huge move. But there's a drift of the other browser makers in their own different ways are doing things. So and that's part of a larger trend. So maybe you could just sort of unpack that for us.

Me: Apple Safari got out ahead of the rest of the pack and a lot of interesting ways. And people certainly joke about the $999 monitor stand. But it's pretty clear that the people who buy that kind of high end equipment are also the people who are least trackable by conventional adtech. So if you want to reach the kind of people who can either afford a tricked-out Macintosh, or have a job where their employer will buy them one, then you really have to think about how do we place advertising in such a way that it doesn't depend on the kinds of creepy tracking that the Apple Safari developers have put so much effort into avoiding.

Doc: Katherine, maybe I'm wrong about this. But didn't we finally put the nail in the lid of the coffin of Google Analytics for our own website, when we found that as Don was just saying our readers block tracking for the most part?

Katherine: It was it was so far from being accurate that it was not useful anymore. Who doesn't block tracking? I'm kind of throwing this out there, but I want to say a good 60% of our traffic was blocking it.

Me: I've seen some numbers from web developer sites, and from blogs that focus on web development, and those are often showing a 30 to 40 percent block rate. But it's really interesting that Linux Journal readers are coming in at 60.

And so there are, right now, marketing organizations that are going out and trying to reach the kind of people who buy virtual private servers or software as a service products or developer tools. And if you do conventional data driven marketing, when you're going after that kind of audience, then you're really going to get a lot of fraud bots, and your marketing operation is going to be making decisions based on what bots like to read, not so much what those what those those high tech, or highly protected, users are interested in.

Doc: Have you seen a sign of that knowledge being generalized, beyond, you know, people like us talking about it, where it's becoming obvious to some people in the marketing side that the most valuable people are going to be the ones that are most protected?

Me: I'm cautiously optimistic because of the change over from targeting millennials to targeting Generation Z. I don't know if you've seen it, but marketing thought leaders are changing up all their slides. And they no longer say the millennials are different. Now millennials are boring, and Generation Z is all different. But it's really recycling a lot of the same millennials material. So there's a nice niche opening up for a marketing thought leader to scrap the generation-driven slides that everybody has already seen, and become the marketing thought leader of the tracking protected segment.

Doc: Today you get injected with all these third party cookies that get arranged like a DNA string that gets presented at every site you go to subsequently. Do you see any hope for either ending that or modifying it with the kind of things that are going on now or blocking the third parties? I guess the question is, are we stuck?

Me: I don't think we're stuck. I think that a lot of the talking points that we're getting from adtech and martech today are very similar to what email spammers were coming up with in the early days of spam filters. The early spam filters, of course, were done by technical early adopters, the kind of people who read Linux Journal and know how to write .procmailrc files. And when those people started rolling out their original, simple spam filters to the the less Internet skilled users, the spammers started started saying, hey, wait a minute, users like getting messages about opportunities for great savings on HERBAL VIAGRA, or whatever the latest spam campaign was.

The message from the email spam scene was really that privacy nerds are less in tune with the preferences of regular users than we the spammers are, so you should pay more attention to what spammers want, and less attention to what spam filter developers think is the right thing to do. And we really saw that not come across very well as as email spam moved from a niche issue for people who had had their email address out there for a long time to being a mainstream day to day annoyance. The general population of users turned out to be more like the privacy nerds than like the the way that the spammers predicted they would be.

Doc: I'm thinking that you could go into how people actually have a pretty good sense of behavioral economics, that they're good behavioral economists to some degree if you want to have any money left. For us, because obviously, we're we're all walking through a minefield that all of us understand in somewhat different ways. But I think one of your points is that people do become pretty adept even if they don't fully understand what's going on behind the surface.

Me: And you can't make the optimal decision for most of the decisions that you have to make in your economic life. I don't have the time to buy the optimal pair of socks. So what is a set of tools that I can use to get an adequate pair of socks in the amount of time that I have to make that decision? And of course, advertising isn't the entire story behind building brand reputation. But it sets up part of the information that people can use to evaluate a product or, or figure out the reputation of a brand. Brands are really interesting. Brands are a cognitive hack that uses our brains hard wired circuitry for evaluating each other's reputation.

What would be a really interesting piece of research would be comparing TV ad spend on cars to later Consumer Reports ratings. Are TV ad budgets a reliable leading indicator of how well that car actually does in the independent test? It's kind of like when Rory Sutherland at Ogilvy compared advertising to someone betting on their own horse at the track. If you go to the racetrack and see that the horse's owner is betting heavily on that horse, they've probably got more information than you do.

Open source and incentives

Katherine: I feel like I see growing resentment, and not just individual open source developers, but small companies and whatnot, just that are becoming more painfully aware of the inequality of, you know, fortunes being built off of what they perceived to be their own backs. And, and the consequences are well, unforeseen.

Me: It's not just a matter of resentment, there's also an element of risk there. One of the side effects of having good dependency management tools is that real world IT projects are building deeper and deeper dependency trees. So the success of your web site might depend on some software component three levels deep, whose maintainer is going to burn out, right as you deploy your site, but you don't know it. So there's this risk for anybody, depending on open source, that somebody's choice to stick with it just doesn't pencil out. And the people who you need to stick with it in order to have your thing be successful might be several hops away. There's still no good way of getting that information, propagating the developer pressureMaybe a market mechanism (PDF) could help? from the developer who's experiencing it to the leader of the project that depends on their work.

Listen to the whole thing.

Mark Ritson: Binet and Field’s research may not be perfect but that doesn’t make it wrong

Why we're relicensing CockroachDB

The Wrong Math

Digiday Research: Most publishers don’t benefit from behavioral ad targeting

When it comes to privacy, default settings matter!

economics-of-package-management/essay.md at master · ceejbot/economics-of-package-management · GitHub

Is High Quality Software Worth the Cost?

AT&T Explains Its Surveillance Advertising Hellscape

Privacy Preserving Ad Click Attribution For the Web

The Best Ideas Are The Ones That Make The Least Sense, by Rory Sutherland, Entrepreneur

don't preempt me bro

21 April 2019

Some surveillance marketing organizations have suggested adopting a Federal privacy law in order to preempt the California Consumer Privacy Act. Preemption would be bad if it actually happened, but the fact that they're trying for it is the best endorsement I have ever seen for the California Consumer Privacy Act. If I wasn't a CCPA fan before, I am now.

In my humble opinion, preemption is the wrong direction. Privacy regulation should be complicated enough to impose significant transaction costs on database marketing practices. State-level privacy regulations are a start, but what about county or city ordinances? User tracking allowed on alternate sides of the street on different days of the week?

Why would I want to see costs and complexity imposed on the surveillance marketers? I'm going to leave the political stuff out for now. From a selfish point of view, as an individual considering buying stuff, I am going to get ads, and I'm going to get them matched to me in three ways.

  1. Context. Placed on a resource I'm interested in using, like a magazine article or a bus bench.

  2. Search. Matched to search results when I look for a product or a service, like a Yellow Pages ad or a Google search or Maps ad.

  3. Personalized targeting. Matched to me based on something the advertiser knows about me.

On the Internet, many ads are placed using a mix of these techniques, and it's hard to split out how a real-world marketing budget is allocated across them. And information originally collected based on context can leak and start getting used for personalization. But the technical and regulatory environment affects how much money advertisers choose to invest in each one.

As the recipient, or potential customer, the three ad placement methods affect me in different ways. Ad money allocated to context is a subsidy for something I want to use, whether it's local news coverage or an ad-supported public restroom.

Ad money allocated to search is almost as good. I'll use a search engine more if it gives helpful results, so search advertising also pays for something I want.

Personalized targeting, though, is a problem. Instead of paying to support something I want, the advertiser is paying to reach me as an individual. The fact that my information is in somebody's database is a risk to me, but a source of revenue for the database owner. It's a classic Negative Externalities problem. Besides, anything spent on this stuff does not go to pay for the ad-supported resources and search services I really want.

Ad-supported cultural works have positive externalities, when they're re-purposed for other uses. The "Star Trek" advertisers got their money's worth in 1966-1969, but people are still watching the show today. Kurt Vonnegut quit his job as a car dealership manager because he sold stories to Collier's magazine.

As a member of the audience for advertising, I win when I can help move the marginal advertising dollar from personalized targeting to either context or search, because a fraction of the money that gets moved pays for something I want, some of it is likely to create positive externalities, and none of it gets spent on creating risks for me. Regulation is a piece of the solution, and a mess of confusing regulations could be more effective in raising the relative price of personalized targeting than a single set would.

People's intuitions about marketing practices are economically sophisticated.

  • People often choose to pay attention to ads that carry economic signal.

  • People are quick to develop banner blindness and other habits to avoid low-signal advertising.

  • People choose not to invest a lot of time in low-effectiveness ways to protect their personal information, but pick up on measures seen as effective, such as Do Not Call.

People who grow up in ad-heavy economies learn the economics of advertising like people who grew up playing ball learn physics.

What we need to see from privacy regulation is

  • increase the transaction costs of negative-externality advertising practices.

  • credible promise of reducing risks, to atract mass participation.

Privacy regulation has to have the confusion and cost from the advertiser side increased, in order to balance out the risks and costs imposed on the audience side, and shift ad budgets.

Four Steps Facebook Should Take to Counter Police Sock Puppets New law of headlines: any piece with Facebook should in the headline is not worth reading. Come on, EFF, the police put undercover officers into schools and workplaces all the time. Why should a mass-market social platform be any different? This is just the high school weed dealer's if you ask them if they're a cop they have to say yes.

Silicon Valley-Funded Privacy Think Tanks Fight in D.C. to Unravel State-Level Consumer Privacy Protections Employees of companies that back this: Is facepalm-induced neck trauma a work-related injury?

Craig Silverman at Buzzfeed continues to write the absolute best #contentMarketing for #progressiveWebApplications: Popular Google Play store apps are abusing permissions and committing ad fraud

Carole Cadwalladr blasts tech titans at TED: Your technology is “a crime scene” (It's not "their technology" though. It's thoroughly owned by criminals and domestic terrorists. High-profile "tech" execs just pay the power bill, and they're only "titans" of resting and vesting.)

With Epsilon deal, Publicis bets on first-party data for survival With Epsilon news, Publicis makes themselves the first to-do item on my CCPA opt-out list.

European Commission’s Giovanni Buttarelli on state of GDPR adoption: ‘Even ticking a box does not necessarily mean consent is freely given’ I have tried to figure out how much you need to know about web ads to give informed consent. I don't know enough myself, but I'm still learning.

Adobe announces deeper data sharing partnership with Microsoft around accounts Sweet, another one for that CCPA to-do list.

Daphne: Moderating Facebook At Barely Minimum Wage
then: hardware is difficult, manly work, and software is a straightforward office task we can hire low-paid women for.
now: software is difficult, manly work, and content moderation is a straightforward office task we can hire low-paid women for.

Almost half the Bay Area’s residents want to move, survey shows Those of you who want to stay: what's your secret?

PWA notes: CSS Grid

20 April 2019

(update 21 Apr 2019: copy edit, add some explanation.)

I'm learning how to make a Progressive Web Application. Progressive Web Applications are a good thing because they give people a lot of the features of mobile apps, but run in the browser where it's easy to turn on privacy protection features.

Here's how it's going so far. A simple polyhedral dice roller for Dungeons and Dragons, and similar games that use many-sided dice.

Links: standalone, source.

(Yes, I know real dice are better for a real game. This is for when you forget your dice but not your phone, or have a few minutes to prepare something.) This is mainly designed to run on a phone, but it does take keyboard input, and if you can see it here it also works in an iframe.

I ran into some browser compatibility problems trying to do the ASCII Art as real ASCII Art, so the ASCII Art is really a PNG. To look on the bright side, though, finding a browser incompatibility issue means that this is now a Real Web Project.

Here's how I got the help to work the way it does, with CSS. In its regular place, the keypad is laid out calculator-style, and on the help page, the buttons are laid out in a column on the left with the explanation of what they do next to them.

The keypad and the help page are really the same content, so each button's help is a p element that lives right next to the button element. Turning help on and off doesn't navigate you to a separate help page, it just moves the keypad to a new parent element where it is styled differently.

The #keypad div starts off as a child of the #compact div. Inside of #compact,

  • the grid is four columns: grid-template-columns: 1fr 1fr 1fr 1fr;

  • the help text is styled with display: none

  • the tall button is grid-area: span 2 / span 1 and the wide button is styled with grid-area: span 1 / span 2;

  • the 0-9 button, only used in help, is also display: none

Moving #keypad to be a child element of #help means that different styling applies.

  • the grid is two columns: grid-template-columns: 1fr 4fr;

  • All the help elements are display: block so they show up, and take up positions in the grid.

  • The tall and wide buttons are single sized.

  • The individual numbers are display: none and the 0-9 button is display: block.

Putting the help text next to the button it applies to should make it easier for me to check that the help text for each button is there and up to date, and I don't have to make a separate help page.

Next step: figure out how to make this Do The Right Thing with a screen reader.

Turning a GitHub page into a Progressive Web App by Christian Heilmann: another dice PWA (with animations, d6 only)

Hands off Brock! EFF pleads with Google not to kill its Privacy Badger with its Manifest destiny

Publicis Buys Epsilon For $4.4B – But Will It Be Able To Integrate The Frankenstack? (one possible metric for success of privacy tech and regulation: by how much do they have to write this acquisition down?)

Why I Replaced Disqus and You Should Too

Progressive Web-First Apps

Browser diversity starts with us.

We Need Chrome No More

A JavaScript-Free Frontend

responsive ascii art

14 April 2019

(Update 17 Apr 2019: Yes, I know it works on Firefox but is messed up on some other browsers. I made an issue: Issue #29609 | webcompat.com)

I'm making a web thing (for Progressive Web Application practice) and could use a header image. I'll just go old school and do some ASCII Art.

Wait a minute, though. All the cool web sites now are Responsive. So the header should work at different sizes. So what I want to do is to get ASCII Art to behave like a regular image. If I make Ye Olde .Sig Sword

/ O===[============================> \

and I want it to look good inside the containing element, I want the text to resize, not reflow.

Kind of like this.

Hi, here we are inside a narrow element. Here is a little tiny sword.

/ O===[============================> \

The dashed red border is just to show how big the div is.

This div is wide. Behold my large sword!

/ O===[============================> \

The answer so far: put the ASCII Art inside an svg element, like this.

<p><svg viewBox="0 0 170 24" xmlns="http://www.w3.org/2000/svg">
<text x="0" y="0">

Needs some CSS, like this:

svg {
        width: 100%;
        overflow: auto;

svg text {
        line-height: 100%;
        white-space: pre;
        font-family: monospace;
        font-size: 8px;
        fill: #666;

The "white-space: pre" gives me the ultimate image editing environment: free-form multi-line ASCII art text within the text element. Yes, I still need to use &gt;, &lt;, and &amp;. The fill sets the color.

One small annoyance is that the text of the ASCII Art can be selected if the user double-clicks, or drags, or long presses on a touchscreen. So the user-select stuff is to prevent that from happening.


Great Developers Are Raised, Not Hired, by Eduards Sizovs, The Principal Developer

Startup Stock Options – Why A Good Deal Has Gone Bad

‘Short-term targets create perverse incentives that hurt businesses’

3 Ways To Improve Experience for Contributing Writers

Codecademy vs. The BBC Micro

The App Privacy Crisis Apple And Google Need To Fix

Proquints: Identifiers That Are Readable, Spellable, and Pronounceable

how I think about how the New York Times thinks about privacy

11 April 2019

A. G. Sulzberger, publisher of The New York Times, writes,

If you’re reading this essay on an internet browser, it offers a useful example of what tracking looks like at a practical level. Before you had time to read a single word, a number of different companies had already placed a “cookie” or other tracking mechanism on your browser to study your internet use. The Times hosts these trackers for three purposes: to learn about how people use our website and apps so we can improve their experience; to reach readers we hope will subscribe; and to sell targeted advertising.

Read the whole thing. But my inner tech editor could not be silenced, and had a small suggestion. How about...

If you’re reading this essay on an internet browser, it offers a useful example of what tracking looks like at a practical level. Before you had time to read a single word, your web browser had already accepted a “cookie” or other tracking mechanism from a number of different companies to study your internet use. The Times hosts these trackers for five purposes: to learn about how people use our website and apps so we can improve their experience; to reach readers we hope will subscribe; to sell targeted advertising; to leak our readers' personal information to help our competitors sell ads targeting our audience; and to enable fraudulent bot traffic to impersonate human visitors.

As soon as I make the web browser, and not the tracking company, into the subject of the sentence, it helps explain some of the business reasons for news sites to focus on privacy. For a site, examining your own privacy practices is fine, but it's not where the big wins are. The important part, for the New York Times and other sites that need to protect their ad revenue, is to work along with in-browser tracking protection technology. Protecting reader data for the readers is mostly the same as protecting audience data for the ad business.

It's kind of like the situation with email. Email is a viable marketing medium today not just because legit email marketers don't spam, but because email users have good spam filters. Spam filter technology kept low-value email lists from devaluing email marketing. In-browser privacy technology is starting to reverse the process by which low-value cross-site tracking has been devaluing web advertising.

The Times is already doing some good service journalism on web privacy. Next step: set up the paywall to give extra free articles per month for anyone running Apple Safari ITP Apple Safari ITP or Firefox ETP? The more reader eyeballs a a site can remove from the race-to-the-bottom eyeball market, the more market power it has.

Spam filters and legit email marketers saved email as a marketing tool. Can privacy-protecting browsers and legit ad-supported sites do the same for the web?

In Charleston, local ownership means fewer layoffs

Two in Three Hotel Websites Leak Guest Booking Details and Allow Access to Personal Data

WTF is differential privacy?

Opinion | Why the Cool Kids Are Playing Dungeons & Dragons - The New York Times

A Look at Who Is and Isn’t Ready for the End of the Programmatic ID Era

How to spam software developers and get away with it?

31 March 2019

(somebody tell me why this doesn't work)

Step 1: Adopt a GDPR Everywhere policy. This is obviously good. Show me a company in the IT business that hasn't decided to go GDPR Everywhere, and I'll show you a company that hasn't finished writing out all the user stories for how to handle it when some users or partners are covered by GDPR and others aren't. Or what happens when you have been giving a user the creepy second-class privacy policy for a while and then they go get married to a European, or go work for a European company, or something. Basically every IT company is going to either go GDPR Everywhere or sign up for years of intricate, expensive legal work and arguments that they'll eventually give up on.

Step 2: Have products and services interact with open source, and collaborate and test upstream. This is also obviously good. Pull open-source Git repositories and run integration testing and metrics and whatever on them. We shouldn't just sit there and pull whatever comes out at the end of the development process, help with the QA, publish peer-reviewed research, whatever.

Step 3: Congratulations, we're now a data controller under Article 14 of the GDPR. Git repositories are full of PII. Every commit includes the developer name and email address.

Oh, no, PII! Does that mean we can't work with open source?

Of course not. Open source is still legal. But we have to comply with our data subject rights obligations under Article 14. We have to contact everyone whose PII we hold, and notify them clearly of what we're doing with their data.

And what are we doing with it? We're using it to do open source QA that feeds into making our product better. And we have to explain what we're doing in our Article 14 notification. So the European Union basically just told us not just that we can send our elevator pitch to a bunch of software developers unsolicited, but that we have to.


Elizabeth Warren Calls for a National Right-to-Repair Law for Tractors

Why Microsoft is backing a major tax hike on itself … and Amazon

Android users’ security and privacy at risk from shadowy ecosystem of pre-installed software, study warns

Beginner’s Guide to Buying Traffic

Lin Clark: Standardizing WASI: A system interface to run WebAssembly outside the web

Thank EU for the music – not the grasping tech giants | Björn Ulvaeus

(from 2010) Defeating the Cookie Monster: How Firefox can Improve Online Privacy

As a musician I’m shocked there’s opposition to a new EU copyright law | Debbie Harry

Canada is becoming a tech hub. Thanks, Donald Trump!

Auction Theory Ph.D.s Share Five Things Buyers And Sellers Should Keep In Mind For First-Price Auctions

Ad Fraud Scheme Drained Users’ Batteries By Running Hidden Video Ads In Android

Instagram Is the Internet’s New Home for Hate

It Took 10 Seconds for Instagram to Push me Into an Anti-Vaxx Rabbit Hole

Digiday Research: 52 percent of publishers haven’t started preparing for the California Consumer Privacy Act

Open source, cognitive surplus, and precarity

19 March 2019

(edit 28 May 2019: fix some awkward or unclear sentences.)

Someone once remarked (paraphrased) that as long as there has been a scene, there have been people complaining that it is no longer the true scene. (citation needed)

Of course the open source scene is changing, but how much of that is the unavoidable transformation that a healthy scene goes through, and how much is fundamental?

The Free Software movement as we know it started by capturing the tremendous cognitive surplus that was just there for the taking from university students and from employees of conventional, slothful corporations. Back in the 1980s and early 1990s, barriers to cooperation were transactional: licensing and communications technologies. Patches on a mailing list seem like a high-overhead collaboration method today, but by the standards of the time, diff(1), patch(1) and Free command-line tools were transformational. And of course the classic free software licenses are practically zero-overhead for participants with uncomplicated sharing or reciprocity goals.

So, all that cognitive surplus was just sitting there between classes or TPS Reports or whatever, and the software freedom scene was set up to capture it. Before long, Tim O'Reilly and friends branded it as a software business trend called Open Source, and the modern software business emerged.

Sounds great—why isn't it continuing to work like that? Two reasons.

Less cognitive surplus in the world

  • The kind of university experiences that include substantial cognitive surpluses are less widely available, because of increases in the cost of higher education and how those costs are allocated.

  • The work environment is better at capturing cognitive surplus.

Precarity is a thing. Compared to the early days of open source, the rent is too damn high.

Internet adoption by people with less "free" time

There's a whole complex privilege thread here, but the main point is that open source as we know it began when a lot of people who had a lot of free time got on the Internet. They (fine, fine, we) had the opportunity to participate in open source and other cognitive-surplus-capturing activities (such as MMORGs). Many new people joining are not coming in with the same economic and time advantages, even if they have access to the same or better creative and collaborative tools.

More competition to capture available cognitive surplus

Open source is no longer the only practical, low-overhead way to do collaborative projects. Now people can do

  • crowdfunding

  • gig sites

  • native app stores (mobile, Steam...)

  • software as a service

It's no longer a choice between low-overhead, low-incentivization (open source) or accepting high overhead if you want to get paid.

What next?

Open source advantages in transaction costs are still there. But people looking for open source contributors do have to realize that we're going to have to keep increasing the number of people who consider open source as a possible valuable use of their time (remuneration issues are blockers) or see open source lose contributors as we get stuck competing with more outlets for less already-unmonetized time and attention.

Someone's Going to Get Killed Charging Those E-Scooters

The Cloud and Open Source Powder Keg

7 Secondary Diseases that Kill Innovation: The Departments of No

Understanding LF's New “Community Bridge”

A belief in meritocracy is not only false: it’s bad for you

The Federation Fallacy

Spotify and Amazon ‘sue songwriters’ with appeal against 44% royalty rise in the United States

Fantasy’s widow: The fight over the legacy of Dungeons & Dragons

perfection is achieved

10 March 2019

A designer knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away.

—Antoine de Saint-Exupéry

The perfect targeted advertising business model has been discovered. I have seen it. Maybe you have seen it too.

Here's how it works.

  1. Identify users likely to be enraged by a political issue. Start a PAC with a name related to that issue. Also start an LLC.

  2. Run rage-provoking targeted ads about your issue, with a call to action to sign a petition or complete a survey.

  3. Upsell a fraction of the people to make a donation to your political action committee. Use a Dark Pattern to get some people to consent to having their credit cards billed monthly.

  4. Actually deliver the petitions or surveys or whatever, and actually make a few PAC donations to politicians to get on their donor lists. But keep most of the money for yourself by paying it to your LLC (from step 1).

It's data-driven. It's sticky. It's social. It's got everything that a surveillance marketing business needs, and nothing it doesn't. No manufacturing. No support. Not even any drop-shipping. Just register a PAC and an LLC and start running ads and social media.

If you don't get these perfect ads, yay for you. Your eyeballs are probably too expensive on the ad impressions market, or you don't seem like the kind of person who would get enraged about any issue that they have a landing page for.

One reason that this model works is because people made so much noise about the Citizens United decision and shadowy political groups. So the people who are paying into these things probably never even feel ripped off—they feel that's just how things work now, and they're getting away with working the system.

Update 20 May 2020: Exposing the Dorr Brother Scams: How do the Dorr Brothers do it? This is a similar business model. Not surprised that a lot of people are trying new models in this area.

Update 20 Aug 2020: How not to do it: Steve Bannon arrested and charged with fraud - Axios

Update 12 Sep 2021: Copy edit, add Dark Patterns link.

The Geography of Partisan Prejudice

New Documents Show That Facebook Has Never Deserved Your Trust

Google Facing Complaints of GDPR Violations From Consumer Groups in 7 Countries

Cookie walls don’t comply with GDPR, says Dutch DPA

Content moderation has no easy answers

One place I will probably not buy a car.

02 March 2019

(Update 23 Apr 2019: I wrote to ask this dealership how they got my info and didn't get an answer to my question. But they did put me on their email list in time to get the "April Shower of Savings" email so I've got that going for me which is nice.)

One place I will probably not buy a car: Franklin Sussex Auto Mall, in New Jersey.

I still have a Facebook account, I don't check Facebook often enough for it to be a good way to reach me. See the page footer here for contact info. mostly to keep up on the ad scene there. When I checked Facebook's page of ads targeting me, this company is listed under advertisers "Who use a contact list added to Facebook."

New Jersey car dealer

Somehow, Franklin Sussex Auto Mall got a hold of my email address or phone number, and uploaded it to Facebook. Have I ever shopped for a car in New Jersey? No. If I was shopping for a car, would I fly to New Jersey to buy it and then drive it home? No.

And now that I look at it, when I go through the advertisers that Facebook lists as having uploaded my info, most of them are car dealers I have never visited or contacted. Someone has a pretty good racket going here. How much are they making from the car dealers? (Yes, this is a bad thing, because car dealers could be spending that money to build positive reputation by funding local news, or other ad-supported resources with positive externalities, but we knew that already.)

Maybe when they write the history of the big social site era, it won't be about some all-seeing panopticon, but more about a bunch of people in a highly paid California bubble, mostly young guys who have been told they're smart their whole lives, getting out-hustled at a direct marketing business they don't really care about.

Let’s Talk About Fraud In Digital Advertising

Confessions of a location data exec: ‘It’s a Ponzi scheme’

Consent Fraud: A Simmering Problem That Could Scald The Ecosystem

You’re being used to steal $50 billion in digital advertising

The New York Times’ Mark Thompson on how he’d run a local newspaper: “Where can we stand and fight?”

The secret lives of Facebook moderators in America

AT&T pulls ads from YouTube over predatory comments on children

Even the IAB warned adtech risks EU privacy rules

Intelligent Tracking Prevention 2.1

Epic Games pulls Fortnite pre-roll ads on YouTube following child predator controversy

YouTube still can’t stop child predators in its comments

Meet DrainerBot, the Ad-Fraud Operation That Could Be Stealing Your Mobile Data

Why The Birth Of Surveillance Capitalism Signals The End Of Behavioral Targeting

Pinterest blocks vaccine-related searches in bid to fight anti-vaxx propaganda

Want to reduce political polarization? Save your local newspaper

principal-agent problems

27 February 2019

Interesting problem: why do brands fail to protect customer data when it would be in their interest to do so?

If expected customer retention of tracking-protected customers is higher, why not invest in tracking protection for your most profitable customers? Why don't car insurance companies figure the odds on customer retention of protected and unprotected customers the same way they figure the odds on other risks?

It might be because corporations are not decision-making entities, and online marketing is the world's longest chain of principal-agent problems.

The value of a database marketer as an individual on the job market is a function of the number of database-capturable prospects that the marketer will help an employer land as customers. If a lot of Allstate customers are also available on DMPs, then more VC-funded insurance startups will launch, and they'll bid up the salaries of database marketers now working at Allstate.

If Allstate's best customers are protected, then the VCs invest in something else, the job interviews don't happen, and Allstate can keep paying their database marketers what they're paying.

So: principal-agent problems are market design opportunities. How to structure compensation for marketers to incentivize customer retention even after that marketer is no longer employed by the brand? (People generally want to do the job right, you just can't keep throwing incentives to do it wrong at them.)

And how to increase the social rewards of the choice to allocate marketing budgets towards positive-externality advertising and away from negative-externality advertising? Imagine that a restaurant chain is opening a new location and wants to reach people there. They have two choices. Buy ads that pay for local news and cultural content that is written for people in that area, or they can buy ads that pay to make those people more depressed, manipulate their elections, and try to taunt them into massacring each other. The social rewards for choosing the first should tend to go higher.

GE’s Decision to Scrap Boston HQ Shows Corporate Tax Incentives Don’t Work

Everything you think you know about corporate tax incentives is wrong

A Centuries-Old Idea Could Revolutionize Climate Policy

Kaiser Permanente’s new medical school will be tuition-free for first 5 years

why I'm not reading your think piece

21 February 2019

White power assholes are not exactly the smartest people on the Internet. State-sponsored manipulation operations have better skills and can use the domestic guys as human sock puppets.

Pedophiles aren't the smartest people on the Internet either. Even the "highly technical dark web" pedo networks are using off-the-shelf tricks that are far behind what even the most basic adfraud operation can pull off.

So I'm writing to explain why I'm going to move your long-form think piece about the "power" of the Internet "duopoly" to the probably-never-going-to-get-to-it end of my to-do list. Let's have a look at just the last 24 hours:

(Come back in 24 hours for more.) You're asking me to be interested in reading your ever-so-thoughtful essay about the awesome power of two companies that have to be like the fifth most influential people on the Internet, max. Even the Facebook ad integrity guy is down to asking for free reports of scam ads, on Twitter.Dude, if the "get everybody else to do your QA for you" strategy worked, then we'd all be running desktop Linux.

The "powerful platforms" are a box on the Internet cable between terrible marketing decisions on one end and criminals and terrorists on the other. A box maintained by vaguely creepy but not especially interesting IT staff. Yes, let's write about CMOs who attach their brands to heinous shit—what's up with that? Yes, let's write about the criminals who end up with the money—that can't be good. But the companies in the middle are not the story.

Oracle Data Cloud Companies Expose ‘DrainerBot’ App Fraud Scheme

Disney reportedly pulls ads from YouTube following child exploitation controversy

Google says the built-in microphone it never told Nest users about was 'never supposed to be a secret' (GOOG, GOOGL)

Disinformation and ‘fake news’: Final Report published - News from Parliament - UK Parliament

Legit Brand Creative Is Getting Hijacked – And Advertisers Need To Start Paying Attention

Culture secretary commissions study into 'opaque' world of online advertising

If Facebook wants to stop the spread of anti-vaxxers, it could start by not taking their ad dollars

Four ideas that the privacy business can borrow from the open source business

06 February 2019

Please let me know if the following makes any sense, and if so I'll turn it into a talk.

It's not a simple game of people vs. companies. In software, you don't just have evil "software hoarders" vs. cooperation-minded "users". There are way more players: OS vendors, hardware vendors, proprietary ISVs, developers of internal applications, and IT organizations. At least. I'm sure I forgot some. But the point is that they don't all have the same interests. Pretty much everyone who does software wants everybody else's software to be open source. So if you look at everybody's Core vs. Context, people will generally play nice in open source projects doing whatever their Context (or complement, if you want to look at it that way) is.

In user data, you've got the Five Armies: content creators and their publishers, companies trying to sell stuff (advertisers/sponsors/signalers), intermediaries (adtech/platforms), client-side developers (browsers/privacy tools), and fraud hackers. A high-reputation brand with a solid mailing list has completely different user data handling interests from a social platform—just like a network chipset manufacturer will have different open source interests from a proprietary OS vendor.

True believers aren't enough to build on. Some people are really fired up about Internet ethical and policy concerns, but most people would somewhat prefer the right thing, and telling them that you do the right thing makes them feel better about doing it and somewhat more likely to do it. But doing the evil thing is not a deal-breaker.

Loud complaints don't matter (much). Yes, the first open source release will include a license mismatch, or somebody's ssh private key, or it won't build without a tool you didn't include, or something. And somebody will complain. But the true believers are useful for QA to guide incremental improvement, not as gatekeepers to decide if you're in or out. (And if you fix something that someone is complaining about in a particularly annoying way, do it quietly. Eventually they'll make their complaint to a reporter who will check it out, find the fixed version, and start ignoring them.)

Hardly any company will get to 100%. Robert Penn Warren said it best.

Man is conceived in sin and born in corruption and he passeth from the stink of the didie to the stench of the shroud. There is always something.

Even companies that focus on open source have awkward corners where they can't Do The Right Thing, because reasons. And most of the code contributed to open source projects is done on the clock at companies that are also in the proprietary software business.

Just like IBM didn't need to have a plan to open source AIX in order to make a difference in Linux, companies don't need to have a plan to get clean of all surveillance marketing activity to make significant moves in the direction of user privacy. An insurance company might decide to remove third-party pixels from the pages linked to from existing customers' bills, to keep from leaking customer data—but keep social tracking pixels for some other pages for tracking conversions on a social campaign. Anyway, open source program offices are a thing. What about customer data protection offices?

Oracle Didn’t See the Data Reckoning Coming

‘It’s definitely going to break things’: Apple is prepping an iOS change that may hurt AR and VR advertising

Denelle Dixon: Putting Users and Publishers at the Center of the Online Value Exchange

This Is How Much Fact-Checking Is Worth to Facebook

Forget privacy: you're terrible at targeting anyway

Limiting JavaScript?

this guy is bad at game theory

04 February 2019

From the spam folder:

I am a well known hit man on deep web. Someone paid me 1000 USD to beat you and broke your right arm. (Why? I don't know) I will take 1000 USD more after my client sees your broken arm!

If you send 2000 USD to me, I will cancel the job, and I will give you the name of my client. Else, I will finish my job asap!

Send the above amount on my BTC wallet (Bitcoin): 3JDLJWW5K6AsP1VBUD1Dgsxk9ydtcdMFvz As soon as the payment is completed I will receive a notification and a new email with the client's details will follow.

You have 24 hours from now on!

Hold on a minute.

He has a reputation, but he's going to ruin it, and burn an existing customer, in order to earn 1.5x what he was originally going to earn from the deal?

Where did this clown learn his game theory?

Nobody would take an established brand, fail to deliver the product or service that the brand was originally known for, and leak their good customer's private info, just to go chase incremental revenue driven by unproven new technology, right?

Consent and bots

02 February 2019

Two kinds of web clients who it's a bad idea to serve a third-party resource to:

  • Users who have not given consent. We know we can't use their data. But third parties can peek at those users because their tracking script or pixel is on the page. If the first party can't have that data why should the third parties get it?

  • Adfraud bots. Bots come to visit legit sites to build up realistic-looking cookies so they can cash out elsewhere. Bad idea to help them.

Consent management requires some interaction with the user, which is also an opportunity to collect data for assigning a botness score.

Bots will also try to appear to be visitors who have already given consent, and go get the third-party resources anyway. This is an interesting problem because it's a game where the bot and the third party are on the same side, and the site is on the other. Impossible for the CMP to block the bot connection to the third party, but is it possible to show that consent was not in place when that connection happened? Understanding the provenance of the consent string is going to be important. An extra cookie containing a digital signature for the consent string?

New CMPs will have an opportunity to build on knowledge gained from regulator reactions to first-generation CMPs. But it's more interesting to think about sustainable advantage for the site than just about regulatory future-proofing. For example, a good consent management platform will also tie in to an objection management platform/opt-out management platform.Objection management platform and opt-out management platform both work out to OMP—anybody using that TLA?

People ask about whether consent records obtained by conventional CMPs are even good. (Risks in IAB Europe’s proposed consent mechanism | PageFair) The first-generation click OK to make this dialog go away and consent to everything UX is unlikely to last, but what's next?

  • Design the CMP to work in the interest of the CMP customer, not third parties.

  • Understand the (painful, because anything touching the CMS is painful) changes involved in taking 3rd parties out of the page template entirely when the page is going to a no-consent user. No peeking!

  • Future-proof consent workflow to allow for adjusting for regulatory changes (boring) and revenue or data opportunities (fun)

  • Integrations: objection/opt-out mangagement, single sign-on, paywalls, in-browser/in-extension consent mangement.

  • And of course, get out in front of coming browser privacy improvements. Need an open-source strategy including participation in browser and extension projects.

The White Flight From Football

Move over, Vantablack: You can now buy the world’s blackest black paint

Study: Deactivating your Facebook account is good for your mental health

Modern Weather Forecasts Are Stunningly Accurate

What can we learn from the downfall of Theranos?

Do they have work/life balance? Investigating potential employers with GitHub

New research says secondhand Legos are surprisingly valuable

No one knows why non-existent bands have started showing up on Spotify playlists

Conversations with execs at the World Economic Forum reveal that many are racing toward automation to stay ahead of competition regardless of impact on workers (Kevin Roose/New York Times)

Miriam Avery: Mozilla Fosters the Next Generation of Women in Emerging Technologies

More Than 70 U.S. Health, Consumer and Other Groups Demand Elimination of NAFTA 2.0 Terms That Would Lock in High U.S. Medicine Prices

Elsevier journal editors resign, start rival open-access journal

The extraordinary therapeutic potential of psychedelic drugs, explained

Exclusive: WeWork rebrands to The We Company; CEO Neumann talks about revised SoftBank round

A masterpiece of ancient data viz, reinvented as a gorgeous website: An illustrated edition of Euclid’s Elements from 1847 gets updated for the web.

IQ is largely a pseudoscientific swindle

What made solar panels so cheap? Thank government policy.

As digital media companies brace for change, unions try to cushion the blow

This is the architecture trend that needs to die in 2019

Opinion: Cure ‘futures’ offer a way to pay for million-dollar medicines

Attention humans.

01 February 2019

Attention humans. We are in a life and death struggle with our enemies, the pathogenic bacteria. Our scientists have developed secret weapons, the antibiotics. It is vital to use these weapons only when they will make a difference, in overwhelming force, and to leave no survivors. The enemy must be prevented from developing countermeasures. Do you understand?

Can we just betray our most effective weapons to the enemy if it's in exchange for CHEAP MEAT?

(facepalm) Let me explain this again.

From privacy compliance to user data wins

30 January 2019

Open source program offices are a thing. What about customer data protection offices?

A little background: when the open source business as we know it was getting started, most of the original concerns about free software in business were about license compliance. Many people assumed that all software companies would pursue maximum restrictions using copyrights and patents, and users who wanted to use, modify, and redistribute software would be their adversaries.

Then, Tim O'Reilly and others started changing the conversation to talk about open source strategies. How can a small company release high-impact software by building on collaboratively developed work? Now, as open source has caught on all over the software business, it seems obvious that people think about

  • business models made possible by open practices

  • open source companies as market participants competing for users while cooperating on common work

But it was a big mental shift at the time.

Today, a modern open source program office has to handle issues of license compliance, including training developers to follow and apply licenses, and checking the licenses of inbound software for compatibility. But the big picture is about using open source for sustainable advantage.

Maybe, today, we're still thinking about privacy as a compliance problem. Users and regulators on one side, companies on the other.

But what about a company that has a solid first-party relationship with a customer? What if the person is known to open the email newsletter, come in the store, answer the surveys—you're not in an adversarial relationship with that person over their data. The company and the customer are on the same side. When privacy concerns and adoption of privacy tools help get the person protected from targeting by some fly-by-night competitor, that's a win for both.

If you're running a bank, you don't want some cryptocurrency scam picking off your high-value customers. Those people's lifetime value is going to go way down when they're selling off all their stuff because the bank bought a "custom audience" social campaign targeting them, and the data leaked. If the bank had a customer data office thinking a step ahead, instead of just checking compliance boxes, it would have considered the data leakage risk along with the social campaign's possible upside.

Or a healthcare brand might run what looks like a harmless campaign, but some clever data management platform can infer medical data from it, and a "miracle cure" racket uses the data to pick off the customers. Before you know it the customers stop filling their prescriptions and start loading up on colloidal silver or something. A customer data office would have had the data science skills to see the risk, and offset it, possibly by offering the customers a free service to help them opt out of high-risk data processing.

Even for just a regular product, when a VC-funded "direct to consumer" competitor comes in, with no customer list—how do they grow so fast? Buying targeting data on the open market, because the existing brand haven't learned to protect their interests. Where does a brand's interest in customer data coincide with the customers' own interest in privacy? Instead of purely focusing on compliance, a customer data office will understand the risks and opportunities.

Anyway, software freedom went from a contentious idea to the source of much value in a remarkably short time. What if something similar happens with privacy?

Perfect timing

28 January 2019

(I work for Mozilla. Not speaking for Mozilla here.)

January 28, 2019:

Male impotence, substance abuse, right-wing politics, left-wing politics, sexually transmitted diseases, cancer, mental health....Intimate and highly sensitive inferences such as these are then systematically broadcast and shared with what can be thousands of third party companies, via the real-time ad auction broadcast process which powers the modern programmatic online advertising system. So essentially you’re looking at the rear-end reality of how creepy ads work.

Natasha Lomas, on TechCrunch

Also January 28, 2019:

Simply put: users need more protection from tracking....In support of this effort, today we are releasing an anti-tracking policy that outlines the tracking practices that Firefox will block by default. At a high level, this new policy will curtail tracking techniques that are used to build profiles of users’ browsing activity. In the policy, we outline the types of tracking practices that users cannot meaningfully control.

Steven Englehardt and Marshall Erwin, on the Mozilla Security Blog

Suggesting a small fix to a Privacy Manifesto

24 January 2019

London Trust Media has a Privacy Manifesto up.

Many good points, but there's one small fix that could make it more useful. From the original:

  1. It is now the norm—even in the presence of laws clearly forbidding it—for nearly every commercial website we visit to plant tracking beacons in our devices, so our lives can be examined and exploited by companies and governments that extract personal data and manipulate our lives for their purposes. This offends our privacy and diminishes our agency.

Here's a suggested new version edited to be clearer about how browsers work.

It is now the norm—even in the presence of laws clearly forbidding it—for nearly every commercial website we visit to include tracking beacons in their pages, and for our browsers to load and run those beacons, so our lives can be examined and exploited by companies and governments that extract personal data and manipulate our lives for their purposes. When our own browsers work against our interests, this offends our privacy and diminishes our agency.

Please don't assign all the work to the site.

It's counterproductive to ask the site to be the one to bear all the costs of privacy reform. The site is the player with the least economic power and the least freedom to change. Web publishers and brands failed to protect their audience and customer data and are now, unfortunately, kind of stuck. Because third parties control the audience information that's needed in order to make ads saleable, no one web site can unilaterally switch off the data flow that makes their business model work.

On the browser side, though, it's different. Browser developers know that they can get more user satisfaction, and get users to spend more time in the browser if those users have functionality that makes them feel safer.

This stuff needs to get fixed and browsers have the motivation and skills to do it. Let's focus on productive next steps by the parties that can afford to change. The result will be a new web advertising business that works better for sites and brands, too.

Sites can't take the big step to remove tracking scripts entirely, but there are a few things that sites can do to assist with ad reform.

  • Fix any "turn off your ad blocker" scripts to detect ad blockers only, and not falsely alert on privacy tools.

  • Fix up the privacy page to add links to appropriate privacy tools based on the user's browser. (Aloodo has JavaScript for this.)

  • If you maintain a privacy tool, offer to do a campaign with the site. Privacy tool users are high-quality human traffic. Free or discounted privacy tools might work as a subscription promotion. Where's the win-win?

Asking a site to walk away from money with no credible alternative is probably not going to work. Asking a site to consider next steps to get out of the current web advertising mess? That might.

More: What The Verge can do to help save web advertising

Disruption For Thee, But Not For Me, by Cory Doctorow, Locus

Vizio exec: we'd have to charge a premium on "dumb" TVs to make up for the money we'll lose by not spying on you

We Could Easily Stop Location Data Scandals, But We Cower to Lobbyists Instead

The unsustainable ad agency business model

Minneapolis Moves to Eliminate Mandatory Parking

The 7 greatest impediments to American entrepreneurs

Publishers Don’t Have An Ad Problem. They Have A Product Problem.

Rising Instagram Stars Are Posting Fake Sponsored Content

Consent UX, €50 million mistakes, and new approaches

21 January 2019

In the news: The CNIL’s restricted committee imposes a financial penalty of 50 Million euros against GOOGLE LLC.

Phil Lee writes,

The complaints criticised Google for requiring users to “agree” to its privacy policy in order to use its services. While asking users to “agree” to a privacy policy is still common practice for many companies, privacy notices are too long and too complex to be something that users can realistically understand and “agree” to. Under GDPR consent needs to be freely given and specific, and must not be bundled - the user must be able to freely consent to specific activities on a case-by-case basis, e.g. consent to receive e-mails, or consent to use of their photograph within a promotional brochure etc. Privacy notices are still needed for transparency of course - but they should serve as just that: informational notices, not catch-all consent-gathering documents.

And from Thomas Baekdal on Twitter:

Interesting. But also, as I have said many times before. Imagine what would happen if the French regulators took the same look at publishers. My ongoing advice to publishers is to look at these cases as early indicators. We will be next in line to be looked at. https://t.co/7fTRottHAb

— Thomas Baekdal (@baekdal) January 21, 2019

European regulators are paying attention to consent mangement UX, and the current approach, which is basically just click OK to make this annoying dialog go away (and consent to use of your data by 70 companies you've never heard of), is looking less and less likely to work.

Fortunately for reputable publishers, the regulatory pressure to clean up consent UX is likely to be a good thing for trusted sites. So this is great time to release the Global Consent Manager User Study. Global Consent Manager is a new approach to consent UX, made possible by IAB Europe's Transparency and Consent Framework.

The Framework standardises the presentation to users’ third-party data processing requests that require “informed” consent for data processing. The Framework enables “signaling” of user choice across the advertising supply chain. It is open-source, not-for-profit with consensus-based industry governance led by IAB Europe with significant support from industry parties and the IAB Tech Lab, which provides technical management of the open-source specifications and version control.

I'm a big supporter of the Transparency and Consent Framework, if you use it right. Consent UX is full of €50 million mistakes—but the consent data approach of the Transparency and Consent Framework can still be good if you put a decent UX on it. That's what Global Consent Manager aims to do.

Global Consent Manager applies the the same incremental approach that social and collaboration sites, such as LinkedIn and GitHub, use. LinkedIn doesn't ask you to build a complete profile and work history before you can use the site. Instead, you get to make an account and then get prompted to add more of your info as you use it. Global Consent Manager borrowed that idea, in a basic form. Instead of asking for consent for everybody to use your data everywhere before you even read the article, with Global Consent Manager you start off in a no consent state. A consent string with no consent is a valid consent string, and Global Consent Manager will auto-generate one for you on your first visit to a supported site.

Later, if you show that you're interested in the site, the site can ask for more consent. This approach gives a sustainable advantage to sites that users choose to trust, and limits the ability of sites whose traffic comes from deceptively obtained clicks to run saleable ads.

Results from the user research tend to indicate that users spend significantly more time on a news task when they get the Global Consent Manager experience, compared to the click OK to consent to everything default.

The standardization work for consent data, now being done at the Transparency and Consent Framework, really pays off if you put a sensible (more LinkedIn-like) UX on it.

Our next step is to extend server-side consent and data management, with a view to facilitating the needed data collection for publishers trusted by users to run high-value ads, without enabling data practices that fail to comply with regulations or with user norms. Please let me know if you're interested in participating or reviewing future data.

Behavioral targeting and investor relations

19 January 2019

Eric Shih writes, on the Digital Content Next site,,

Leveraging data to make more informed ad targeting decisions is a breakthrough versus previous methods where ads were un-targeted. Personalized ads are a win for all parties. [emphasis added] It is better for:
  • Users (connects them to more interesting and relevant ads)
  • Advertisers (results in higher return on investment)
  • Publishers (delivers higher CPMs and increased revenue)

Hold on a minute. That doesn't look right.

The win for all parties is clearly bogus from the user and publisher point of view. Behavioral targeting means that users see more low-quality and deceptive ads, because behavioral targeting gives a long-running structural advantage to deceptive advertisers. As a potential customer, I also win as ad budgets go into supporting context that I care about, such as news and cultural works, and lose as ad budgets go into behavioral targeting with negative externalities.

From the publisher point of view, behavioral targeting creates near-infinite saleable ad inventory on low-value and fraudulent sites, and forces publishers to contend with those sites for ad money. For users and publishers, the less behavioral targeting the better. But what about for marketers? Isn't behavioral targeting a win for them?

It looks like the answer is: not so much. Here's a must-read piece on research by Prof. Byron Sharp.

Personalised advertising may be one thing but getting people to respond to even micro-targeted ads is a whole other ball game. However, analysis of 3.1 million ad exposures shows that such adverts generate low click through rates (CTR). Furthermore, some of the responses to such ads are counterintuitive – with a higher CTR coming from ads mismatched to personalities and lower vs. the overall industry average for Facebook ads.


But if micro-targeting is arguably so ineffective, why do some many marketers use it? Sharp and Danenberg highlight several reasons:
  • Marketers often do things based on theory/logic rather than evidence. The worst myths, the longest lasting, are those that sound plausible.
  • Micro-targeted campaigns can boast of high ROI, largely because they are so small, reaching people who had a high likelihood of buying anyway. Marketers see the high campaign ROI from micro-targeting but fail to realise that the overall return to the company may well be lower.
  • It’s fashionable!!!

Read the whole thing. Not surprising if you follow the underlying #behavioralEconomics. And Dave Trott agress with the fashionable point: It's right because everyone's doing it.

There might be another reason, though. Maybe part of the problem is that marketing science is hopelessly mixed up with investor relations. After all, adtech firms and ad agency groups are publicly traded companies. And creative ad work, hiring writers and artists and marking up what you pay them, is the kind of business model that stock markets get bored with. Margins are low, you can only grow as fast as you can hire, and your assets can quit and go work somewhere else.

Choosing to place an ad in a quality context is more cost-effective, but again, it doesn't scale. If your business is putting good ads in good places then the people who do good work have market power. But psychographic models and the underlying data sets are more investor-friendly. Even if it takes torturing the data and putting up with fraud to make adtech look effective. Mathemagickal woo-woo is scalable, more like the intangible assets of a software company. Markets see promise of big margins and high revenue/employee.

How much do investor-focused messages about the effectiveness of behavioral targeting companies interfere with marketer-focused messages about the effectiveness of behavorial targeting in campaigns?

The case against behavioral advertising is stacking up | TechCrunch

After GDPR, The New York Times cut off ad exchanges in Europe — and kept growing ad revenue

Why Online Ads Haven't Built Brands

‘GDPR will ultimately be good for the industry’: Guardian CRO Hamish Nicklin on 2019 plans

Google and publishers edge closer to reaching common ground for GDPR standards

What's so bad about the pay to avoid ads model?

14 January 2019

(edit 11 Apr 2019: Split item 2 into 3a and 3b.)

A lot of people have come up with the idea of a system that lets readers of a web site pay to avoid the advertising. This is obviously bad, wrong and dangerous, for several reasons.

  1. The model assumes that advertising is unredeemably awful, and walks away from future revenue that would be made possible from fixing advertising. (So far, Online Ads Haven't Built Brands, but what if they could?)

  2. The model creates incentives to make advertising worse. Ever since we started running the auto-playing video campaign for MIRACLE ASS FUNGUS CURE, our subscriptions are through the roof! Bonuses for all!

  3. (a)Because the ads on news sites will keep getting worse and worse, non-subscribers will get more and more of their news from biased sources that re-report and spin it. (The most common sound effect on Rush Limbaugh's radio show, last I heard it, was him flipping the pages of the New York Times as he selectively quoted from news stories.)

    (b) Or, because the ads keep getting shittier and shittier, because that's the best way to incentivize people to pay to get out of them, ad blocking keeps going up.

  4. As soon as site owners realize that number 3 is growing, and won't go away, they'll start lobbying for extensive copyright expansion laws that limit fair use, or create new exclusive rights, or apply DRM to web pages to limit ad blocking, and, as a side effect, restrict other software that gives users control over their web experience. Probably all three. Freedom-hostile companies will repurpose these laws for censorship and break the Internet.

I know that "this stupid idea will break the Internet" posts are everywhere, but I just wrote one more. Keeping the ads just high enough in signal, and low enough in resource suckage and privacy/security risk that they mostly aren't worth blocking, is just one of the many things that has to come out somewhere close to right in order to prevent a bunch of bad stuff.

‘A daily, hourly fight’: Digital ad fraud is worse than ever

NOT Predictions for Digital Ad Fraud in 2019

Advertising Activism Has Impact

Journalists are rightly suspicious of ad tech. They also depend on it.

Firefox extensions list 2018

17 December 2018

One of the great things about Firefox is the ability to customize with extensions.A MIG-15 can climb and turn faster than an F-86. A MIG-15 is more heavily armed. But in actual dogfights the F-86 won 9 out of 10 times. Part of that is training, but part is that the Soviets used data to build for the average pilot, while the USA did a bigger study of pilots' measurements and recognized that adjustable seats and controls were necessary. Even in a group of pilots of average overall size, nobody was in the average range on all their measurements. Here is what I'm running right now.

  • Awesome RSS. Get the RSS button back. Works great with RSS Preview.

  • blind-reviews. This is an experiment to help break your own habits of bias when reviewing code contributions. It hides the contributor name and email when you first see the code, and you can reveal it later.

  • Cookie AutoDelete. Similar to the old "Self-Destructing Cookies". Cleans up cookies after leaving a site. Useful but requires me to whitelist the sites where I want to stay logged in. More time-consuming than other privacy tools. This is a good safety measure that helps protect me while I'm trying out new the new privacy settings in Firefox Nightly as my main data protection tool.

  • Copy as Markdown. Not quite as full-featured as the old "Copy as HTML Link" but still a time-saver for blogging. Copy both the page title and URL, formatted as Markdown, for pasting into a blog.

  • Facebook Container because, well, Facebook.

  • Facebook Political Ad Collector, even though I don't visit Facebook very often. This one reports sneaky Facebook ads to ProPublica.

  • Global Consent Manager, which provides an improved consent experience for European sites. More info coming soon.

  • HTTPS Everywhere. This is pretty basic. Use the encrypted version of a site where available.

  • Link Cleaner. Get rid of crappy tracking parameters in URLs, and speed up some navigation by skipping data collection redirects.

  • NJS. Minimal JavaScript disable/enable button that remembers the setting by site and defaults to "on". Most sites that use JavaScript for real applications are fine, but this is for handling sites that cut and pasted a "Promote your newsletter to people who haven't even read your blog yet" script from some "growth hacking" article.

  • Personal Blocklist is surprisingly handy for removing domains that are heavy on SEO but weak on actual information from search results. (the Ministry of Central Planning at Google is building the perfectly-measured MIG cockpit, while extension developers make stuff adjustable.)

  • RSS Preview. The other missing piece of the RSS experience. The upside to the unpopularity of RSS is that so many sites just leave the full-text RSS feeds, that came with their CMS, turned on.

'Artifact' Isn't a Game on Steam, It's Steam in a Game - Waypoint

Does It Matter Where You Go to College?

The Golden Age of Rich People Not Paying Their Taxes

Liberating Birds For A Cheap Electric Scooter

America’s Power Grid Isn’t Ready for Electric Cars

Ad reform and consent

12 December 2018

If adtech consent is so hard, will Online Behavioral Advertising (OBA) on the web even be a thing once we fix the long-standing browser bugs that allow users to be tracked without their knowledge?

After all, OBA advocates have been trying to sell people on the benefits of being tracked for as long as ads have been obviously "following" people from one site to another and raising concerns. So why won't regular people learn that this is all for their own good? By now we should have a comfortable pro-OBA user base, right? Instead, there's still a stubborn majority against having your activity on one site follow you to another one, and when PERFECTLY REASONABLE WE ARE DOING THIS FOR YOUR OWN GOOD WOULD YOU SHUT UP ABOUT PRIVACY AND JUST CONNECT AND SHARE WITH BRANDS YOU LOVE ALREADY ad tracking practices do make the news, it's as part of a Holy shit, you have WHAT information on my kids, you sneaky nerds? story.

Where is ad reform going? What's probably going to happen is that browsers are going to support the OBA that users give their informed consent to, but there's just going to be less ad inventory available to buy that way, because only about 1/3 of browser users approve of cross-site tracking.

Browsers have the opportunity to improve consent UX to fill in the gap between their users' widely held norms about how personal information is used and the uses that people are willing to "I Agree" to or be "OK" with in order to make a pop-up go away. Today, if you're building a user interface, you have the choice of:

(1) accurately discerning the user's preferences on data use

(2) tricking the user into giving "consent" to practices that the user would not agree with if understood.

So why does everybody go with number 2? Especially web publishers. Problematic data practices are not just a violation of user norms, but an threat to ad-supported sites. If you're running a site that depends on reputation, it's to your disadvantage to allow your audience to be tracked elsewhere.

That last point is not just me nerding out over obscure economic points. Everyone who is successful in web advertising knows that you have to defend user data once you have it. Facebook famously closed down app access to social data. Amazon stopped sending email receipts, to keep email services from targeting people with ads based on their Amazon shopping habits. Google’s Ads Data Hub restricts how advertisers can combine Google and non-Google data.

Why are web publishers—the set of players who are most hurting here—the exception to the defense rule? It could be because of the technical landscape. Incumbent tech companies have built publisher-hostile web clients in order to advantage some kinds of ad placements As a side effect we also have a brand-hostile environment and a brand crisis. (Targeted advertising media are designed for direct response and deceptive ads, and don't work for the 60% of ad spending that needs to go to brand building)

The big opportunity now is for reputation-based players—publishers and brands—to use the defensive opportunities now afforded by browser privacy improvements and by privacy regulations.

Part of this could be an "objection amplifier" to balance out the "consent amplifier" effect of bad consent UX. If I go to a publisher site, or brand site, and they give me a meaningful choice on how my data is used, the publisher is putting themselves at a disadvantage if they respect my decision while others get deceptive consent.

So how to handle the built-in disadvantage for honest consent requests?

If you capture a solid "I do not consent" from a person, then don't waste it. Ask the person for a digital signature on an objection to every DMP on the Lumascape, and send it to the DMPs. And log it, and use it when you're selling ads make sure to include the point that "We have people on this site that the DMPs don't have, and aren't allowed to. Want to reach our audience? Talk to us."

Running a third-party processor to enable this is one of the biggest opportunities for the post-creepy Lumascape. Needs a TLA, though. OAP? Objection Amplification Platform?

Facial recognition: It’s time for action

Guide to Advertising Technology

memo to self: learn CSS grid

02 December 2018

I need to make a new chart of different kinds of third parties that we will need in the post-creepy ad world.

One area that tends to get overlooked in the data-driven marketing world is defense.

Just a few examples.

  • Amazon stopped sending email receipts, to keep email services from targeting people with ads based on their Amazon shopping habits.

  • Google's Ads Data Hub restricts how advertisers can combine Google and non-Google data.

  • Facebook announced it would eliminate all third-party data brokers.

What do these companies have in common? They're marketing's winners. Meanwhile, publishers festoon their sites with consent management platforms that capture consent for all surveillance marketing, everywhere. They'll even get consent for tracking by third parties that the publisher doesn't even use. Why play to lose? If you run a trusted site in a position to get consent and prove you got it, you want fewer other companies getting that user's data, not more.

So the obvious counterpart to the consent amplification carried out by CMPs is some kind of objection amplification.

If the user clicks something other than "OK" on the GDPR consent dialog, don't just set their consent to zero. That non-consenting user needs to have their voice heard, not just filed away. Ask: Do you want to deny tracking just by our site, or by all these third parties? Then show them a list of Lumascape firms, most of which look like they were named not by branding experts, but by some guy in Florida who mainly communicates by "finger guns". When the user says, hell yeah, I don't want to be tracked by all those companies either, then that's when the objection amplification starts. Generate a Article 21 objection for every company you can think of, get the user to sign off on them, and send them out. (This is why it has to be a platform. Could be quite a bit of verbiage here.)

Now the record of objections sent is a piece of data for ad sales. "Buy ads here because x% of our users can't even legally be targeted by those other companies."

Internet platform companies play defense all the time. Will publishers?

Capitalism, Competition And Microsoft Antitrust Action

We are Google employees. Google must drop Dragonfly.

Targeted Advertising Is Ruining the Internet and Breaking the World

Don’t work “remotely”

Is The IAB’s Consent Framework In Trouble?

Mark Ritson: Gary Vaynerchuk is wrong, wrong, wrong, wrong, wrong about media

How a small French privacy ruling could remake adtech for good

Further protections from harmful ad experiences on the web

Deleting Facebook as signaling

29 November 2018

Many researchers who study human behavior on the Internet will point out that calls to "just delete Facebook" are unrealistic for many users. A lot of people depend on the company for family connections, health-related support groups, or even employment.

Which, of course, should make deleting Facebook an easy win from an economic signaling point of view. If you can credibly stay off Facebook, you're signaling that you have the skills, wealth, health, and social capital not to need it. What could be better? Why aren't more people signaling their fitness through conspicuous lack of Facebook dependence? Two reasons.

  • If you delete your account, it's too easy for others to make fake accounts imitating you, so it looks like you're on there anyway.

  • The decision to #deleteFacebook is easily reversible. You could easily come sneaking back.

So the thing to do if you want to get signaling power out of quitting Facebook is to not just delete your account, but do two things.

  • keep your account live so that it keeps your name "squatted on" in Facebook-space.

  • take a credible action to lock yourself out (that is in compliance with the Facebook ToS, of course).

How about this? Get a "burner" SIM, make that the one phone number for your account, then let me hang on to the SIM for you. I'll periodically post a list of everyone whose Facebook account is associated with a SIM I hold, but I won't be able to log in. I'll charge a monthly storage fee to keep the SIM for you, but it only comes due when you reclaim it.

What Happens to Kid Culture When You Close the Streets to Cars

Brexit! Means! Brexit!

Psychology’s Replication Crisis Is Running Out of Excuses

Stop Complaining About Your Rent and Move to Tulsa, Suggests Tulsa

Believing without evidence is always morally wrong

The human costs of Black Friday, explained by a former Amazon warehouse manager

Housing Can’t Be Both Affordable and a Good Investment

Cheap Cell Phones Are Pretty Awesome These Days

What if the Placebo Effect Isn’t a Trick? - The New York Times

Chart of the Decade: Why You Shouldn’t Trust Every Scientific Study You See

Should Internet platforms disclose to advertisers when their ads sponsor illegal activity?

27 November 2018

Why do advertisers keep sponsoring illegal activity on big Internet platforms such as YouTube and Facebook? Platforms are running so many copyright-infringing copies, cryptocurrency scams, state-sponsored campaign finance violations, and even functioning as the IT department for genocide (d00d wtf?) that it's hard to understand why so many good brands are still there.

A big part of the problem is that even though platforms do invest a lot of time and money in removing illegal activity, the advertisers never know. If you're a CMO making decisions about where to spend your ad budget, your experience of a highly customized social platform is completely different from what most of your brand's customers see. As a CMO, you see content from people in your social and professional circles, and ads from high-bidding advertisers who want to sell high-margin items such as conferences and SaaS subscriptions. You don't see as much of the bad stuff. Advertisers pay the bills for illegal activity because they lack the information they would need to stop doing so.

It's time for Internet platforms to stop hiding this information.

When a platform blocks or restricts distribution of content, require disclosure to the advertisers affected. (link goes to my notes for an upcoming meeting about this. There's a GitHub link on the page, suggestions welcome.)

Site engagement, consent management, bargains

06 November 2018

One common growth hacking pattern on social and collaboration sites is to build user profiles incrementally. Capture just enough info to get the user logged back in, then get them started using the site. As they get into it, prompt them to fill in more and more profile information. You have probably seen this on new sites where you have to make an account. FIXME: list of good examples here.

People don't want to give up a bunch of information up front before they see how good the site is. And, I suppose, if the site is good enough that the person thinks they'll spend more time on it, they're more likely to provide correct information than all the residents of "asdf" born on January 1, 1970.

But news sites don't take this approach. Instead of trading a little value for a little information, repeatedly, you get one big dialog asking you to give up all your information before you even read the first story.

Does the same incremental approach that applies to data collection for social and collaboration sites also apply to news sites? Preliminary results from Global Consent Manager tend to indicate that yes, it does.


So here's the bargain. Right now, the web ad business is set up to bid on ad impressions that come with third-party data, way more than for impressions without third-party data. So a trackable bot impression on a fraud site can produce more ad revenue for the fraud operator than an impression from a privacy-sensitive user running Firefox Nightly or Apple Safari produces for a legit site.

Yes, even though the privacy-sensitive user is more likely to be human and interested in buying something related to the topic of the site.

The opportunity to get a bargain is: instead of relying on conventional programmatic ad buying, if you do a little extra work to understand the audience of specific sites, you can reach more of the humans you're interested in.

Not every Firefox user who shows up on the Road and Track site is going to buy a car this year, but $1 worth of ad impressions there is likely to reach more human car buyers than $1 spent programmatically—because you get a higher fraction of humans for a lower price. and third-party data on who's a likely car buyer is bogus anyway, but that's another story.

This opportunity is likely to go away as more agencies figure it out, but right now it's a great chance to get humans cheaper than bots.

Apple's Latest Anti-tracking Feature In Safari Takes Toll On Digital Advertising, by George P. Slefo, AdAge

Google Will Make Parallel Tracking Mandatory On Oct. 30 – But What Is It?

Trump Shut Programs to Counter Violent Extremism

Stupid Patent of the Month: How 34 Patents Worth $1 Led to Hundreds of Lawsuits

Build Your Own Professional-Grade Audio Amp on the Sort of Cheap

Hammond targets US tech giants with 'digital services tax'

Hundreds of Popular Android Apps Part of Multimillion-Dollar Ad Fraud Scheme

We ran 2 fake ads pretending to be Cambridge Analytica — and Facebook failed to catch that they were frauds (FB)

How the Ad Industry Encourages Poor Data Quality

Totalitarian Marketing

The Secretive Organization Quietly Spending Millions on Facebook Political Ads

Say goodbye to the information age: it’s all about reputation now

The impact of the ‘open’ workspace on human collaboration

Tim Cook makes blistering attack on the “data industrial complex”

a common objection to privacy improvements

24 October 2018

One common objection to the new third-party cookie behavior in Firefox is something like,

If you block the tracking cookies that advertisers use to decide which ads to target you with, you'll start getting the low-budget, low-quality ads that show up in the absence of the targeting data that marks you as a desirable customer.

Before I turned on Enhanced Tracking Protection I was getting ads for stuff like cloud computing services and luxury SUVs. Now, with Enhanced Tracking Protection, am I going to get more ads for for FREE nutritional supplements? You know, the offers where you put in your credit card info for shipping and then they keep billing you even after you try to cancel? Or maybe I'll get offered a great deal on a for-profit college program, or some predatory finance! I can't wait.

It might be an inconvenience for me to start getting the ads that people get when they're too broke, or just too old, for high-bidding advertisers to care about reaching them. But the real problem is that legit sites are running those ads in the first place.

a clean ad network for independent sites?

23 October 2018

Project Wonderful is no more. This was the ad network that got a lot of the important parts of web advertising right.

  • signal-carrying model: all visitors to the same site on the same day see the same ad(s).

  • brand safety: advertisers choose sites, and site owners approve ads.

  • fraud resistance: ads sell by the day instead of by impression or click.

  • incentive to discover and support new sites the first advertiser to express interest in a site get to run their ad for free until another advertiser places a bid.

But there were still some problems.

  • Project Wonderful was just as vulnerable to ad blocking as regular adtech.

  • The audiences of sites using Project Wonderful were just as vulnerable to tracking as everyone else.

The second one is especially important. Why spend the effort to pick, and run ads on, mutiple independent sites in order to get your ad in front of the right people, when you could just sign up for some user tracking scheme? The people who control marketing budgets need a problem, a trend, and a story in order to shift money from one place to another.

What would it take to borrow and build on the good parts of the Project Wonderful model while taking steps to fix the problem of data leakage?

  • Avoid privacy-focused ad blockers by accepting the EFF DNT policy. Third parties that can pass EFF's Privacy Badger also tend to stay off other blocklists.

  • Offer unlimited CNAMEs, also to help beat list-based blockers.

  • Don't participate in paid whitelisting as a network, but individual sites that choose to do so could, for their own specific CNAME.

  • Good metrics on tracking protection adoption by the audience. Show advertisers that these users are hard to reach another way.

  • Include reverse tracking walls, tracking detection roadblocks, and A/B test alternate "turn off your ad blocker" messages to motivate users to get protected from cross-site tracking.

  • Limited, user-permitted data collection with clean consent management.

The hard part for an independent ad network is to offer small advertisers something they can't get from Google or Facebook. Access to a protected audience?


How publishers are navigating the perilous path to diversification

Thomas Barta: If you want influence, abandon your desk

Delivering Malware Programmatically Is Too Easy

Privacy Badger Now Fights More Sneaky Google Tracking

Consent management: can it even work?

18 October 2018

Read the whole thing: Why Data Privacy Based on Consent Is Impossible, an interview with Helen Nissenbaum.

The farce of consent as currently deployed is probably doing more harm as it gives the misimpression of meaningful control that we are guiltily ceding because we are too ignorant to do otherwise and are impatient for, or need, the proffered service. There is a strong sense that consent is still fundamental to respecting people’s privacy. In some cases, yes, consent is essential. But what we have today is not really consent.

And, in Big Data's End Run Around Anonymity and Consent (PDF):

So long as a data collector can overcome sampling bias with a relatively small proportion of the consenting population, this minority will determine the range of what can be inferred for the majority and it will discourage firms from investing their resources in procedures that help garner the willing consent of more than the bare minimum number of people. In other words, once a critical threshold has been reached, data collectors can rely on more easily observable information to situate all individuals according to these patterns, rendering irrelevant whether or not those individuals have consented to allowing access to the critical information in question. Withholding consent will make no difference to how they are treated!

Is consent management even possible? Is a large company that seeks consent from an individual similar to a Freedom Monster?

What would happen if consent had to be informed?

The internet would shut down

— Lara O'Reilly (@larakiara) Twitter, October 18, 2018

And what's going on with Judge Judy and skin care products? There are thousands of skin care scams on Facebook and other places on the internet that falsely state that their product is endorsed by celebrities. These scams all advertise a free sample of their product if you pay $4.95 for the shipping. Along the way, you have to agree to the terms and conditions....The terms and conditions are only viewable through a link you have to click, which most of these people never do.

Or Martin Lewis and fake bitcoin ads? He launched a lawsuit in April 2018, claiming scammers are using his trusted reputation to ensnare people into bitcoin and Cloud Trader "get-rich-quick schemes" on Facebook.

The problem is that ad media that have more data, and are better at facilitating targeting, are also better for deceptive advertisers. Somehow an ad-supported medium needs consent for just enough data to make the ads saleable, no more. As soon as excess consent enters the system, the incentive to produce ad-supported news and cultural works goes down, and the returns to scamming goes up.

See you at Mozfest? Related sessions: Consent management at Mozfest 2018

FBI Brings Gun to Advertising Knife Fight

John Hegarty: Globalisation has hurt the marketing industry

What's There To Laugh About?

Advertising only ever works by consent

Mainstream Advertising is Still Showing Up on Conspiracy and Extremist Websites

Some dark thoughts on content marketing.

Zero-click bookstore?

13 October 2018

Random idea for a way to make the local bookstore easier to use than the big one-click Internet bookstore.

I walk by the local bookstore all the time but I don't always have the list of books I want to read with me.

So what about this?

  1. I keep a list of books I'm reading, or want to read, on Github.

  2. When I find out about a book I want to read, I add it to the list, make a GitHub issue, and assign the issue to someone at the local bookstore.

  3. The local bookstore gets the book and changes the status of the issue.

  4. I go pick up the book when I'm walking by the bookstore anyway.

measuring happiness

13 October 2018

Another one of those employee happiness reports is out. This kind of thing always makes me wonder: what are these numbers really measuring?

It seems like happiness ratings by employees would depend on:

  • expected cost of retaliation for low scores

  • expected benefit of management response to low scores

The expected cost of retaliation is the probability that an employee's ratings will be exposed to management, multiplied by the negative impact that the employee will suffer in the event of disclosure. An employee who believes that the survey's security has problems, that management will retaliate severely in the event of disclosure, or both, is likely to assign high scores to management.

Some employers make changes in compensation or working conditions when they fail to achieve well on happiness (or employee engagement) surveys. If an employee believes that management is likely to make changes, then the employee is likely to assign low scores in areas where improvement would have the greatest impact on them.

An evil company where management makes an effort to de-anonymize the happiness survey results, retaliates against employees who give low scores, and will not make changes to improve scores, will appear to have high employee happiness.

A good company where management does not retaliate, and will make changes in response to low scores, will appear to have low employee happiness.

Of course, this all changes the more that people figure out that getting low happiness scores means that you have responsive management.

Hacks.Mozilla.Org: Calls between JavaScript and WebAssembly are finally fast 🎉

Tech Workers Now Want To Know: What Are We Building This For?, by Cade Metz, Kate Conger, New York Times

Alt-right culture jamming

One small change to New York’s intersections is saving pedestrians’ lives

The Effectiveness of Publicly Shaming Bad Security

Commons Clause is a Legal Minefield and a Very Bad Idea

Notes on "turn off your ad blocker" messages

29 September 2018

At least three kinds of software can be detected as "an ad blocker" in JavaScript.

full-service blockers, the best known of which is uBlock Origin. These tools block both invisible trackers and obvious ads, with no paid whitelisting program.

privacy tools, such as Disconnect (list-based protection) and Privacy Badger (behavior-based protection), that block some ads as a side effect. This is a small category now compared to ad blocking in general, but is likely to grow as browsers get better at privacy protection, and try new performance features to improve user experience.

deceptive blockers, which are either actual malware or operate a paid whitelisting scheme. The best-known paid whitelisting scheme is Acceptable Ads from Adblock Plus, which is disclosed to any user who is willing to scroll down and click on the gray-on-white text on the Adblock Plus site, but not anywhere along the way of the default extension install process.

So any ad blocker detector is going to be hitting at least three different kinds of tools and possibly six different groups of users.

  • People who chose and installed a full-service blocker

  • People who chose to protect their privacy but did not specifically choose to block ads

  • People who may have chosen their browser for its general privacy policies, but got upgraded to a specific feature they're not aware of

  • People who chose to block ads but got a blocker with paid whitelisting by mistake

  • People who chose to "install an ad blocker" because it got recommended to them as the magic tool that fixes everything wrong with the Internet

  • People who are deliberately participating in paid whitelisting. (Do these people exist?)

Sometimes you need to match the message to the audience. Because sites can use tools such as Aloodo to get a better picture of what kind of protection, or non-protection, is actually in play in a given session, we can try a variety of approaches.

  • Is silent reinsertion appropriate when the ad is delivered in a way that respects the user's personal information, and the user has only chosen a privacy tool but not an ad blocker?

  • When the user is participating in paid whitelisting, can a trustworthy site do better with an appeal based on disclosing the deception involved?

  • For which categories of users are the conventional, reciprocity-based appeals appropriate?

  • Where is it appropriate to take no action in a user session, but to report to a browser developer that a privacy feature is breaking some legit data collection or advertising?

Newsonomics: The Washington Post’s ambitions for Arc have grown — to a Bezosian scale

Open Access: The timely publishing solution truly serving scientists, science and the public

Watch out, algorithms: Julia Angwin and Jeff Larson unveil The Markup, their plan for investigating tech’s societal impacts

How to buy into journalism’s blockchain future (in only 44 steps)

How Ad Industry Destroys Brand Value

WTF is pubvendors.json?

Nucleus Claims It Now Has Throw Weight to Outperform Platforms on Ads

Instagram's new TV service recommended videos of potential child abuse

Joey Hess: censored Amazon review of Sandisk Ultra 32GB Micro SDHC Card

Apple's best product is now privacy

Storage access policy: Block cookies from trackers

Consent management at Mozfest 2018

24 September 2018

updated 18 Oct 2018: add dates and locations, reorder.

Good news. It looks like we're having a consent management mini-conference as part of Mozfest next month. (I'm one of the organizers for the Global Consent Manager session, and plan to attend the others.)

☑ I blindly accept… (T&Cs)

Audience are engaged with an activity where they’re given clauses from a curated list of clauses from real T&Cs and they express whether it should have been mentioned outright or not. We have a discussion about digital privacy and ways to curb exploitation. Visitors try out our browser plug-in that filters out most important clauses from any T&C.

Space 908, all day both days.

This workshop offers an holistic space to create digital tools and environments in which consent underlies all aspects, from the way they are developed, to how data is stored and accessed, and to the way interactions happen between users. Prototyping consent into our tools will make them more fair and unbiased. Using a specific designed prototyping loop, teams quickly hypothesize, develop, test and assess ideas consentful data prototypes.

Oct 27th 4:30 PM - 5:30 PM. Space 903.

This session aims to create a working group for improving the user experience of cookie consent popups. In Europe, the use of cookies was first regulated by the Privacy and Electronic Communications Directive 2002/58/EC, then revised by a 2009 amendment, and more recently by the GDPR. Cookie popups and the mechanism for providing consent can be tedious. Browsing the same website from different devices results in consent being asked again. A bad usability can lead users to give their consent without the necessary attention. In this session we will discuss the state of things and look at possible solutions. We will target a multidisciplinary audience of internet users, usability experts, browser developers, lawyers, and online advertisement professionals.

Oct. 28 11AM - 12:30PM. Space 902.

We will discuss how consent management on the web works today, and the relationship between user privacy and reputable content providers. Web users face a confusing array of data sharing choices, and click fatigue can lead to poor user experience and possible inadvertent selection of options that do not match the user’s privacy norms.

Oct 28th 4:30PM - 5:30PM. Space 903.

browser.fastblock.timeout and browser.fastblock.limit

22 September 2018

(update 24 Sep 2018: add link to a FastBlock description on Bugzilla)

What's the difference between Firefox browser.fastblock.timeout and browser.fastblock.limit?

  • browser.fastblock.timeout: When Fastblock starts working (in milliseconds, default 5000 = 5s)

  • browser.fastblock.limit: When Fastblock stops working (also in ms, default 20000 = 20s).

FastBlock only works if browser.contentblocking.enabled and browser.fastblock.enabled are both true.

Starting browser.fastblock.timeout ms after the page starts loading, FastBlock will stop loading new third-party resources that are on the Tracking Protection list.

  • FastBlock does not affect third parties that are not on the Tracking Protection list.

  • FastBlock does not cancel third-party requests that are already loading.

Then, starting at browser.fastblock.limit ms after the page starts loading, FastBlock stops having any effect.

More on Fastblock here

The sole focus of the Fastblock feature is to restrict the loading of trackers. It monitors trackers waiting for the first byte of data since the start of navigation of the current tab’s top level document. If this is not received within 5s, the request is canceled. If any bytes are received, the 5s timer is stopped. In some of the experimental branches, a few tracker requests are whitelisted, and do not have this monitoring. These include resources known to cause breakage, such essential audio/video, and commenting platforms.

Here's the code.

Fastblock plus European mode

Just going by basic economics, ads placed with more information about me are going to carry less signal and more deception than ads placed only by what page they're on. Now I'm wondering how well "slow loading ads" correlate with "deceptive ads". Are slow loading ads slow because they depend on a bunch of complex RTB stuff? Can less creepy ads be faster?

By combining FastBlock with a brower extension to turn on Google's documented but underrated European mode, I should be able to get a better class of web ads all around. I'll give it a try and follow up with how it goes.

This post is a work in progress. I'll update as needed to fix errors and update with current browser behavior.

Fun with YouTube

20 September 2018

In case you missed it: One viral thread shows how quickly YouTube steers people to wacko conspiracy theories and false information (GOOG, GOOGL)

Turns out that fast-moving, hungry misinformation operations are better at YouTube than YouTube is. This is not too much of a surprise. Resting and vesting makes you stupid. It's like a resource curse for code. Sometimes I think I should start an imposter syndrome cure sanitorium. Main activity for patients will be watching the JavaScript console for all the errors and warnings on sites built by the so-called tech elite. (Look who's still typing = sometimes instead of == or ===.) Anyway, what do you do when you want to send someone a link to a YouTube video, but you don't want the engagement anti-features to kick in?

How about addressing the problem on the client side?

Here's an experimental Firefox extension that will remove the recommended videos sidebar and keep you on the same video even if the pwned engagement algorithm tries to auto-play a different one. So if I send a family member a link, I can have fewer worries that they'll end up in a rat hole.

Bug reports and pull requests welcome. (yes, I know that I should be using a MutationObserver instead of a timer. At some point I'll try to figure that out.)

German court orders deletion of customer lists in Facebook Custom Audiences

Using the “Custom Audiences from your Customer List” product specification, advertisers can upload certain customer lists to Facebook – based on e.g. emails, phone numbers, Facebook user IDs or mobile advertiser IDs – from their CRM database, which are first ‘hashed’, meaning they are transformed into checksums (hash values), and compared with other checksums generated from Facebook user data. If the checksums match, then existing and potential customers can be deliberately shown targeted ads on Facebook, Instagram and in apps and on mobile websites via Audience Network. Facebook also provides this feature for retailers, calling it “Offline Custom Audiences”.

This is going to be an interesting natural experiment. Will ad-supported media do better in jurisdictions where Facebook Custom Audiences are not available? If Facebook advertising represents an increase in marketing budgets, then probably not so much. If Facebook advertising squeezes out other items from the marketing budget, then this could be a win. (My best guess is that small companies are spending more on marketing because Facebook is easy and self-service, but Facebook is just one of many places that larger companies can spend. The ease of use of Facebook from the advertiser side makes Facebook ads a contender for small businesses that would have trouble dealing with a legit site.)

And it's hard to address the problem of creepy stuff on the Internet without talking about housing costs. If the California powers that be can drive up prices to the point where workers need a top-10-percent income for what would have been a basic middle-class lifestyle elsewhere, then it's easier to pressure them into more questionable practices.

North American vs Japanese zoning

Agglomeration effects (might) change the YIMBY calculus

Bullshit jobs and the yoke of managerial feudalism - Open Future

The Humanities Face a Crisis—of Confidence

Here's How America Uses Its Land

MeFi: Cities of ladies

How to Design a City for Women

How an Ambitious Minnesota Eco-Project Became a Density Battleground

Look who's defending users from surveillance marketing

09 September 2018

(updated 14 Jan 2019: added two more examples.)

What's the best defense against surveillance marketing? In some cases, another surveillance marketer. Just like hackers lock up a vulnerable system after they break in to protect against other hackers, surveillance marketers who know what they're doing are helping to protect users from other companies' data collection practices.

Amazon: Retailers include different degrees of data in email receipts. Amazon only emails consumers links to their full receipts, limiting the information an email provider can extract. Oath gets to know shoppers through their Yahoo emails | Digital - Ad Age

Google: Google’s recent changes with Ads Data Hub keeps data locked within Google Cloud and cannot be combined outside of Google’s controlled environment. As a result, data lakes for marketing are under threat by recent changes by Google. How does Google’s Ads Data Hub Affect My Analytics? (Part III of the Ads Data Hub Series) - Thunder Experience Cloud

Google again: Google Demanded That T-Mobile, Sprint Not Sell Google Fi Customers' Location Data - Motherboard. (If you want to target Google's users, better pay Google.)

Facebook: Late last week Facebook announced it would eliminate all third-party data brokers from its platform. It framed this announcement as a response to the slow motion train wreck that is the Cambridge Analytica story. Just as it painted Cambridge as a “bad actor” for compromising its users’ data, Facebook has now vilified hundreds of companies who have provided it fuel for its core business model, a model that remains at the center of its current travails. Newco Shift | Facebook: Tear Down This Wall. (And Facebook even runs a Tor hidden service.)

Real surveillance marketers play defense.

But in most cases, publishers don't. And that's Why Local Newspaper Websites Are So Terrible. What happens when news sites can play some defense of their own?

I don't know, but IMHO it will be an improvement for everybody. And the good news is that browser privacy improvements are finally making it possible.

Let's discuss. WORKSHOP: User Data and Privacy — Building market power for trustworthy publishers, Sept. 26, Chicago | Information Trust Exchange Governing Association

The people who get how Facebook works are also the most likely to leave it

Mind The Gap: Addressing The Digital Brand Deficit

How to Improve the California Consumer Privacy Act of 2018

another omission

07 September 2018

(I work for Mozilla. None of this is secret. None of this is official Mozilla policy. Not speaking for Mozilla here.)

Johnny Ryan writes, in ePrivacy: Over-regulation or opportunity?

[A]n ad tech lobby group called ‘IAB Europe’ published a new research study that claimed to demonstrate that the behavioural ad tech companies it represents are an essential lifeline for Europe’s beleaguered publishers....the report claimed that behavioural advertising technology produces a whopping €10.6 billion in revenue for Europe’s publishers.

Surely, the ad tech lobby argued, Parliament would permit websites to use “cookie walls” that force users to consent to behavioural ad tech tracking and profiling their activity across the Web. The logic is that websites need to do this because it is the only way for publishers to stay in business.

We now know that a startling omission is at the heart of this report. Without any indication that it was doing so, the report combined Google and Facebook’s massive revenue from behavioural ad tech with the far smaller amount that Europe’s publishers receive from it.

The IAB omitted any indication that the €10.6 billion figure for “publishers” revenue included Google and Facebook’s massive share too.

That's not the only startling omission. The most often ignored player in the ePrivacy debate is adtech's old frenemy, the racket that's the number two source of revenue for international organized crime and the number three player in targeted behavioral advertising—adfraud.

And ePrivacy, like browser privacy improvements, is like an inconveniently placed motion detector that threatens to expose fraud gangs and fraud-heavy adtech firms.

The same tracking technologies that enable the behavioral targeting that IAB defends are the tracking technologies that make adfraud bots possible. Bots work by visiting legit sites, getting profiled as a high-value user, and then getting tracked while they generate valuable ad impressions for fraud sites. Adfraud works so well today because most browsers support the same kind of site-to-site tracking behavior that a fraudbot relies on.

Unfortunately for those who perpetrate fraud, or just tolerate it and profit from it, browser privacy improvements are making fraud easier to spot. Changes in browsers intended to better implement users' privacy preferences (as Ehsan Akhgari explains in On leveling the playing field and online tracking) have the helpful side effect of making a human-operated browser behave more and more differently from a fraudbot.

And regulations that make it easier for users to protect themselves from being followed from one site to another are another source of anti-fraud power. If bots need to opt in to tracking in order for fraud to work, and most users, when given a clear and fair choice, don't, then that's one more data point that makes it harder for adfraud to hide.

Publishers pay for adfraud. That's because adfraud is no big secret, and it's priced into the market. Even legit publishers are forced to accept a fraud-adjusted price for human ad impressions. I'm sure that not every adtech firm that opposes ePrivacy or browser privacy improvements is deliberately tolerating fraud, but opposing privacy regulations and privacy technologies is the position that tends to conceal and protect fraud. That's the other omission here.

What Apple’s Intelligent Tracking Prevention 2.0 (ITP) Means for Performance Marketing

Who left open the cookie jar? A comprehensive evaluation of third-party cookie policies

Why we need better tracking protection

GDPR triggers many European news sites to reassess their use of third-party content


GDPR: Getting to the Lawful Basis for Processing

If you haven’t already switched to Firefox, do it now

The Long Goodbye (To Facebook)

Changing Our Approach to Anti-tracking

Policing third-party code is essential to digital vendor risk management

War reporters like me will cease to exist if the web giants aren’t stopped | Sammy Ketz

Dialog with Jo Ellen Green Kaiser on user data management platforms

27 August 2018

updated 27 Aug 2018: copy edits for clarity, add introduction.

EDITOR'S INTRODUCTION -- What follows is an edited Q-and-A exchange between Jo Ellen Green Kaiser, board chair of the Information Trust Exchange Governing Association, and Don Marti. The exchange is focused on explaining why a voluntary user data privacy policy adopted by quality publishers is a valuable companion to upcoming changes in web-browser software. The browers changes will tend to reduce the ability of publishers to manage advertising across hundreds of independent ad networks which don't coordinate privacy policies.

Jo Ellen: In your blog piece you point out that the news system has to work with user privacy principles. Most of the conversation is about putting into place a set of systems based on opt-in tracking but it is not clear how the principles will impact the opt-in tracking and consent management. I'd like to hear more about that.

Don: The incentive from the browser side is clear for independent browser businesses that don't have a surveillance marketing business attached. What is it that a big incumbent browser will have trouble doing but that users clearly want?

Extensive user research indicates that users prefer a browser that will protect them from having their activity in one context follow them over to another context, and they also want a clear and non-confusing user experience. So this sets up an opportunity for browsers. They can compete over who can best manage user data in order to meet people's norms and preferences on how that data is used.

Browser management decisions being made day to day are based on how to acquire users, and keep users once they are already running a browser. So what are the side effects of this new browser competitive area? Why are publishers going to need to be concerned about it, and where can they get some sustainable advantage from it? And the answer is that when user data gets managed in accordance with users' norms and preferences, then sites that are trusted by users to use their data have an advantage over untrusted sites. And the biggest place this will show up immediately is in ad fraud, because the way that fraud bots work is they leak user data from high-value sites to fraud sites. They do exactly what the mainstream browsers do today in facilitating tracking the user from high value sites to low value sites.

Can the platform that connects permissed data function now without anything more than GDPR or do you see the need for more detailed privacy protections?

There is a need for comprehensive privacy policies across sites because it is prohibitively expensive for small news organizations to keep up with all the details of all the privacy tools and requirements across every possible tech platform and jurisdiction. One major US publishing company was unable to do GDPR compliance for their sites so they ended blocking a whole bunch of US news sites for European visitors.

When I see a site that isn't able to comply with GDPR, I see a site that is getting its clock cleaned by data leakage. Every single person using that site is getting their data leaked out to other places so they can get reached without the original publisher getting any benefit from it.

If you can't even do GDPR as a big publishing company how are you going to be able to do California, Europe, and India as a small independent web site, or do clean user-data collection across Firefox, Safari, and other browsers out there?

This is good. We are talking about creating trusted news sites based on the way they work with user data.

The ways users indicate trust with a site are potentially all over the place. They might say they trust their local public radio station by pledging and getting a coffee mug. They might indicate they trust their local news site by filling in a traffic survey saying what neighborhood they live and work in. A user might indicate trust for a site by leaving a comment or a letter to the editor. Many different platforms all have a small view into user trust and all have an opportunity to capture some kind of consent for data use, but there's no good way to integrate all those. And if you do it through a conventional surveillance marketing mechanism you may be doing it in a way that doesn't even capture consent. User data without consent is not going to be sustainable on a regulatory or technical basis.

Your typical news site has 50-70 third-party domains showing up on it, and every one of them has a separate privacy policy, all written by different lawyers with the objective of staying out of trouble while giving you the least privacy possible. So if you are a publisher running some skeevy tracker on your site without the right consent, future browsers are going to look at that and say there is no way this user has given consent to this firm from a dark corner of the Lumascape, I'm not going to reveal any user data to that firm.

So what you end up is news sites with reputable content not having the right consent bits set in order to be able to prove that they have a valuable audience. We saw this with GDPR and unconsented impressions coming into real-time bidding platforms. Some of those impressions are coming in without the right consent bits set which means they aren't going to get bids from some advertisers. Even users who trust the site are not producing ad impression value for the publisher they trust, and that's a big problem. That's the first thing that publishers are going to be concerned about with browser privacy improvements. Without all the non-permissioned data we are used to seeing attached to the impressions, those are not going to have much value. Publishers are going to be selling remnant impressions on a quality site because they don't have the data.

Let's imagine we have a way to collect opt-in data from a variety of different news sites, and also the merchants and apps that supply those news sites with services. It provides uniform opt-in rules to gather that data and then is able to serve those opt-in users with different types of content. Sort of an opted-in Taboola. If that kind of platform were created would there still be a need for privacy policies as well, or would the consent management system replace that need for the privacy policies?

Consent strings in Apple Safari are managed like any other tracking state would be. So the platform has to be aware of the policies and limitations of all the privacy tools that feed into a user data collection opportunity. Privacy Badger is a niche tool. They look for a specific third-party tracking policy. That is not as important for mainstream adoption directly but some of the list-based tools out there like Disconnect, which Firefox feeds off, can be informed by trackers detected by Privacy Badger.

A common policy has a real role because it lets you address incompatibilities one at a time instead of having a big n by m matrix of site privacy policies and privacy tool policies. It is kind of like open source licenses. If you go to build a project and want to keep your licenses compatible, it is way easier if you have a single software license across that ecosystem or at least a set of compatible licenses.

That is super helpful.

This platform needs to come into existence in an incremental way. Many local sites are signed up with Google and use Google Tag Manager for their ad serving. Google has a lot of the needed functionality built out for their European customers, so the process of moving from unpermitted user data sharing to permission-based user data sharing can be done incrementally if you work it the right way.

Sites can use the Google tools according to their design, taking features that have been developed for compliance in Europe and applying those features to another need, like an off-label use for GDPR compliance features. It's like discovering you can cure some ulcers by taking a specific dose of antibiotics. This is a big opportunity for Google as well.

There is a need for a comprehensive policy because it is too complicated to do it across all the platforms, and even if there is a private label way to create some kind of opt in, how do you rely upon consent management? Like an open source license, you need a privacy policy that gives a you common language that allows you to cross all these different juristictions, tools and browsers.

Yes, and when this common policy is out there and able to be part of a discussion with tool and browser developers, that policy will inform the future decisions made by those developers. People will say I don't really want my tool to block permitted data sharing with trusted sites, how do I make my tool better reflect what the users are doing?

For more info

Multi-stakeholder convening process to develop consumer-friendly privacy policies and standards, organized by the Local Media Consortium, the Internet Society, and the Information Trust Exchange.

the missing user data platform

25 August 2018

(update 20 Nov 2018: copy edit, add a link to Dr. Johnny Ryan's CNIL article)

Today's web advertising relies on 1990s browser behavior—most browsers fail to protect users from being tracked from site to site, and advertisers are used to taking advantage of that old defect. But because browsers do user research and respond to what users want, that's changing. Browsers are making it harder to track users from site to site without their permission. Along with privacy regulations, this change is creating an opportunity for new, "post-creepy" web advertising that:

The big opportunity is in enabling publishers to reclaim control over their own audience data, not in establishing a new choke point such as a cryptocurrency or paid whitelisting program. (If publishers wanted to give up control to a tech firm, they can do that already.) Most of the development that is needed here can be provided by third parties that publishers are already using, because third parties are coming into compliance with privacy regulations. For example, Google Tag Manager already has the required functionality in order to comply with the European GDPR.

The missing piece is a way for sites to collect and enough user data to show advertisers that the site is trusted by human users, in order to make the ads on that site saleable.

In the new environment, user data alone is insufficient—data must be accompanied by the consent required to use it. And that can't be just "click to make this dialog go away and consent to adtech as usual". Both regulators and browser developers are going to require real consent. So the web advertising system needs to evolve away from dependence on large quantities of un-permissioned data towards the ability to use less data accompanied by permission. (Post-creepy web ads won't be able to swim in abundant unpermissioned data with the nutria of the Lumascape. Consent is scarcer than raw data, and only data accompanied by consent is safe to use. Publishers will have to collect and conserve every drop of data, like muad'dib, the desert mouse of Arrakis.) Possible sources include:

  • Subscription and micropayment systems

  • Federated paywalls

  • Comments and surveys

  • Email newsletters

  • Events

  • Miscellaneous e-commerce (tote bags, mugs, clothing...)

  • Transparency and Consent Framework consent bits

  • Differences in browser behavior between trusted and untrusted sites

and more.

Consent management is a tricky problem. IAB Europe is doing some work toward addressing it, with the open-source Transparency and Consent Framework. Although existing implementations are designed to nudge the user into not-transparent data practices, and are not yet getting real consent, this framework does provide a starting point on which to build consent management that both implements the user's preferences accurately and provides a smooth user experience. (more info: Global Consent Manager. Global Consent Manager is a client-side component that you can try in Firefox now, that can interact with server-side data platforms.)

In principle, privacy regulation and browser privacy improvements have the potential to lower the return on investment on creepy tracking, and raise the return on investment on building reputation and getting consent. But publishers, who have the reputation to get users to agree that they have the right to use data, don't have the development budgets or time to build the tools for data gathering.

User data and opportunities to get to get consent are everywhere, in CMSs, other software, and in third-party services. The missing piece is a platform that will collect data, with permission, from all the above sources and

  • run either on the publisher's own infrastructure or as a third-party service so that small publishers don't need to touch the CMS or deploy and manage a new service

  • comply with current and future data protection regulations

  • work with and anticipate privacy improvements in browsers

  • provide reports and APIs in a usable format for advertisers and agencies

Many of today's ad agencies, even sympathetic ones, won't come to the new system by choice, because it won't allow for tracking desirable audiences to cheap sites. We can assume that advertisers and agencies will ignore the new system until they see that it’s a way to reach a significant audience that they can’t reach in other ways, today, and the mainstream tracking-protected web audience in the near future.

When it comes to user data, are we done catching Google red-handed?

Sick of Facebook’s creepy ad targeting? Try this new tool

That job offer you just got from an agency could be fake

Twitter Users Are Blocking Hundreds of Brands in the Hopes of Pressuring the Platform to Remove Alex Jones

Advertisers say Facebook is dumping data without a net

Under GDPR, publishers are adopting CMPs for fear of losing out on ad revenue

Human progress. Not a one-way process.

The Perfect Marketing Plan in a Tweet?

‘If you tell your agency to chase price, then that’s what they’ll do’: Confessions of a former agency exec

See you at the Voice of Blockchain conference?

23 August 2018

I'll be at the Voice of Blockchain conference in Chicago on Friday and Saturday. Two panels: "Journalism: Incentivizing the Truth" on Friday, and "Crowdsourcing, Bounties, and Democratizing Access to Jobs" on Saturday.

So what does blockchain have to do with incentivizing journalism?

One important reason that we have standards of fairness and accuracy in news is that news organizations sell advertising to mainstream brands. Brands that want to be able to sell to everyone, not just one side of a political or social issue. High-reputation news sites don't respond individually to the demands of advertisers, but the principles on which high-reputation news sites operate have developed in parallel with the needs of brand safety.

On today's web, reputation-based advertising is not so much of a thing. Adtech firms place ads from legit brands on brand-unsafe sites, usually without anyone at the brand knowing about it. Faris Yakob points out, By squeezing fees and margin procurement put incredible pressure on agency principals, who have obligations to hit certain targets from the holding companies. Rock meet hard place. Thus new sources of revenue were found, in media rebates, or opacity, or programmatic trading desks, or production fixing - all conflicts of interest that can be leveraged to try to appease both masters...for a time.

When agencies try to get ad impressions in front of the desired audience at a bargain price, a lot of ad money ends up with fraudulent or brand-unsafe sites. Even legit sites end up running 50 to 70 tracking scripts because they lack the market power to protect their audience from being tracked to cheaper sites.

Incentivizing journalism depends on helping users protect their personal information from being tracked from one site to another. As users get the tools to control who they share their information with (and they don’t want to leak it to everyone) then the web advertising business has to transform into a reputation contest. Whoever can build the most trustworthy place for users to choose to share their information wins.

Blockchains are slow and expensive compared to databases or conventional payment systems, but cheap compared to trust networks. As browsers take a more active role in protecting users from third-party tracking, reputable news sites will need a new technical infrastructure for Internet advertising that accurately reflects the trust relationships between brands, agencies, sites, and users.

What about "Crowdsourcing, Bounties, and Democratizing Access to Jobs"? This is a fun area. Learn market design is the new learn to code.

Developers would prefer to release open source software at a high quality level and get paid for it. Many users would prefer to use software at a higher quality level if they could pay for it. The current software market, though, incentivizes companies to release at a low quality level, in order to get early adoption and build network effects. One approach is to build a new kind of market, one that allows users to hedge their software quality risks while enabling developers to trade on the likelihood of bug fixes. More info: Rao et al.

IMHO, open source bounties still have problems with incentivizing partial work and meta work, so there are lots of opportunities to build better markets here. (Ever notice that there are more companies offering solutions to open source license risks than solutions to developer burnout risks?) Anyway, go read Sneha Sinha's piece on paid internships.

Has the GDPR law actually gotten European news outlets to cut down on rampant third-party cookies and content on their sites? It seems so

A web of anxiety: accessibility for people with anxiety and panic disorders Part 1

Targeted advertising (where the browsing habits of consumers are tracked and then used to provide them with more specific adverts) was another commonly cited source of anxiety, with many respondents feeling powerless to stop the intrusion. One described how “a lot of my particular anxieties came into full swing when I learned more about how online advertising works. When I noticed Facebook ‘Like’ buttons on unrelated pages and when ads follow me around. The feeling that I had no privacy was claustrophobic and has led to so many anxiety attacks I have lost count”.

Hackers Use Chipotle Ad To Spread Malware

The link from the Chipotle ad redirected consumers to an Amazon gift card scam that presents the viewer with a fraudulent message that is intended to prompt a click to steal the user’s personal information.

Questions for agency and publisher workshops

11 August 2018

The web advertising game is changing from a hacking contest to a reputation contest. It would have had to happen anyway, but the shift is happening quickly right now because of two trends.

  • Privacy regulation (starting with the European Union, California and India). Some regulations will have impact outside their own juristictions when companies choose not to write and enforce separate second-class privacy policies for users not covered by those regulations.

  • New "browser wars" over which browser can best implement widely-held user norms on sharing their personal information. (Web browsers are good at showing you a web page that looks the same as it does on the other web browsers. Why switch browsers? For many users, because one browser does better at implementing your preferences on personal data sharing.)

Right now the web is terrible as a tool for brand building. But the web doesn't have to get better at signaling, or less fraudulent, than print or broadcast. In a lot of places the web just has to be better than Android. Fixing web advertising is not one big coordination problem. People who are interested in web advertising, from the publisher and ad agency point of view, have a lot of opportunities for innovative and remunerative projects.

  • Browser privacy improvements, starting with Apple Safari's Intelligent Tracking Prevention, are half of a powerful anti-fraud system. The better that the browser protects the user's information from leaking from one site to another, the less it looks like a fraudbot. How can publishers and brands build the other half, to shift ad budgets away from fraud?

  • "Conscious choosers" are an increasingly well-understood user segment, thanks to ongoing user research. For some brands and publishers, the best strategy may be to continue to pursue "personalization pioneers", the approximately one-third of users who don't object to having their information collected for ad targeting. Other brands have more appeal to mainstream, vaguely creeped out, users, or to users who more actively defend their personal info. How can "conscious chooser" research inform brands?

  • Regulation and browser privacy improvements are making contextual targeting more imporant. Where are the opportunities to reach human audiences in the right context? Where does conventional programmatic advertising miss out on high-context, signalful ad placements because of gaps in data?

  • As sharing of user data without permission becomes less common, new platforms are emerging to enable users to share information about themselves by choice. For example, a user who comments on a local news site about traffic may choose to share their neighborhood and the mode of transportation that they take to work. User data sharing platforms are in the early stages, and agencies have an opportunity to understand where publishers and browsers are going. (Hint: it'll be harder to get big-budget eyeballs on low-value or fraudulent sites.) Which brands can benefit from user-permissioned data sharing?

  • (Complementary to data sharing issues) Consent management is still an unsolved problem. While the Transparency and Consent Framework provides a useful foundation to build on, today's consent forms are too annoying for users and also make it difficult and time-consuming to do anything except select a single all-or-nothing choice. This doesn't accurately reflect the user's data sharing choices. The first generation of consent management is getting replaced with a better front end that not only sends a more accurate consent decision, but also takes less time and attention and is less vulnerable to consent string fraud. How will accurate and convenient consent management give advantages to sites and brands that users trust?

Workshops are in progress on all this stuff. (Mail me at work if you want to help organize one.) Clearly it's not all just coming from the browser side—forward-thinking people at ad agencies and publishers are coming up with most of it.

More than 1,000 U.S. news sites are still unavailable in Europe, two months after GDPR took effect

SuperAwesome now offers kids brands an alternative to YouTube

What is a Scandinavian media company’s first-ever director of public policy up against?

Coalition for Better Ads experiences European growing pains

Be Wary Of Ad-Tech Stories That Are Too Good To Be True

Rick Webb on Why Our Assumptions of Digital Advertising are Complete and Total Bunk


10 August 2018


Sense of duty: No, must update project status. (Ctrl-T to open new tab)


Me: Preferences → Home → Firefox Home Content. Uncheck everything except "Web Search" and "Bookmarks".

Anyway, happy Friday. Since you're already reading blogs, you might as well read something good, so here is some stuff that the RSS reader dragged in. (My linklog is no longer getting posted to Facebook because reasons, so if you were clicking on links from me there you will have to figure something else out. The raw linklog is: feed. Ideas?)

The Segway patent expires next June. If you thought the scooters of San Francisco were annoying this year, just wait for the summer of generic-Segway-on-demand startups.

xkcd: Voting Software

Why open source failed

The Google Funded Astroturf Group that Hacked The EU Copyright Vote (In Pictures)

Juul & its House of Smoke & Horrors

Parking Has Eaten American Cities

Selling a Good Time: Inside the Wild, Wacky World of Minor League Baseball Marketing

How to Stop Your Smart TV From Tracking What You Watch

How to Pull Off a Professional Video Call From Home

Architects Ask: Where Are the Spaces for Teen Girls?

Open Offices Make You Less Open

The AudioKit Synth One is a pro-level iPad synth that’s completely free

The advantages of an email-driven git workflow

Here’s One Union That Can’t Be Touched by ‘Right to Work’ Laws

The Innovation Stack: How to make innovation programs deliver more than coffee cups

I Delivered Packages for Amazon and It Was a Nightmare

New US Tariffs are Anti-Maker and Will Encourage Offshoring

How to spot a perfect fake: the world’s top art forgery detective

Help The Stranger and ProPublica Track Online Ads About the Seattle Head Tax, the Midterms, and More

Should Bankers Be Forced to Put Some Skin in the Game?

San Francisco is losing more residents than any other city in the US, creating a shortage of U-Hauls that puts a rental at $2,000 just to move to Las Vegas

Containers, Security, and Echo Chambers

How many vendors are relying on legitimate interest for ad targeting?

05 August 2018

ICYMI: Why the GDPR ‘legitimate interest’ provision will not save you by Johnny Ryan.

The “legitimate interest” provision in the GDPR will not save behavioral advertising and data brokers from the challenge of obtaining consent for personally identifiable data.

The obvious question is: how many of the vendors listed on the Global Vendor and CMP List are actually relying on LI for purposes of Ad selection, delivery, reporting? Worth writing a simple script to check. Looks like 151 of 409, or about 37%.

Purpose 3 is:

Ad selection, delivery, reporting: The collection of information, and combination with previously collected information, to select and deliver advertisements for you, and to measure the delivery and effectiveness of such advertisements. This includes using previously collected information about your interests to select ads, processing data about what advertisements were shown, how often they were shown, when and where they were shown, and whether you took any action related to the advertisement, including for example clicking an ad or making a purchase. This does not include personalisation, which is the collection and processing of information about your use of this service to subsequently personalise advertising and/or content for you in other contexts, such as websites or apps, over time.

And here's the list of vendors with a "3" in their legIntPurposeIds:

151 of 409 listed vendors claim LI for purpose: Ad selection, delivery, reporting

This is as of version 90 of the list, last updated 2 August.

Will be interesting to see if the number claiming a legitmate interest here goes up or down as people learn more about the applicable regulations.

Everything bad about Facebook is bad for the same reason

Mark Ritson: Targeting or mass marketing? The answer is both

A Malvertising Campaign of Secrets and Lies

Tech’s Fractal Irresponsibility Problem

The death of Don Draper

Facebook signs agreement saying it won’t let housing advertisers exclude users by race

A year after Charlottesville, why can't big tech delete white supremacists?

WTF is a GDPR consent string?

Brainwashing your wife to want sex? Here is adtech at its worst

We need a new model for tech journalism

Federated paywalls and consent bits

29 July 2018

Today’s web advertising is mostly a hacking contest. Whoever can build the best system to take personal information from the user wins, whether or not the user knows about it. Publishers are challenging adfraud and adtech hackers to a hacking contest, and, no surprise, coming in third.

The near future of web advertising is likely to be much different.

  • Mainstream browsers, starting with Apple Safari, are doing better at implementing user preferences on tracking. Most users don't want to be "followed" from one site to another. Users generally want their activity on a trusted site to stay with that trusted site. Only about a third of users prefer ads to be matched to them, so browsers are putting more emphasis on the majority's preferences.

  • Privacy law—from Europe, to California, to India, is being updated to better reflect user expectations and to keep up with new tracking practices.

As users get the tools to control who they share their information with (and they don’t want to leak it to everyone) then the web advertising business is transforming from a hacking contest into a reputation contest. The rate-limiting reactant for web advertising isn't (abundant and low-priced) user data, it's the (harder to collect) consent bits required to use that data legally. Whoever can build the most trustworthy place for users to choose to share their information wins. This is good news if you're in the business of reporting trustworthy news or fairly compensating people for making cultural works, not so good news if you're in the business of tricking people out of their data.

Federated paywall systems are not just yet another attempt at micropayments, but also have value as a tool for collecting trust. The user's willingness to pay for something is a big trust signal. A small payment to get past a paywall can produce a little money, but a lot of valuable user data and the consent bits that are required to use that data.

The catch is to figure out how to design federated paywalls so that the trusted site, not the paywall platform, captures the value of the data, and so that the platform can't leak or sell the user's data consent outside the context in which they gave it. In the long run, a consent system that tries to hack around user data norms to rebuild conventional adtech is going to fail, but not before a lot of programmers lose a lot of carpal tunnels on privacy vs. anti-privacy coding, and a lot of users face a lot of frustrating consent dialogs. Browser improvements and court cases will filter deceptively collected consent bits out of the system.

Consent bits are a new item of value that needs new rules. The web ad business is not going to be able to sell and and sync consent bits the same way that it handles tracking cookies now. Consent bits are not a "data is the new oil" commodity, and can really only move along trust networks, with all the complexity that comes with them. New tools such as federated paywalls are an opportunity to implement consent handling in a sustainable way.

Browser privacy improvements and anti-fraud

20 July 2018

(Update 18 Aug 2018: Fix an error to be consistent with the source quoted.)

(I work for Mozilla. None of this is secret. None of this is official Mozilla policy. Not speaking for Mozilla here.)

The good news is that interesting competition among web browsers is back, not just because of ongoing performance improvements in Firefox, but also because of Apple Safari's good work on protecting users from some kinds of cross-site tracking by default. Now the challenge for other browsers is to learn from the Safari work and build on it, to even more accurately implement the user's preferences on sharing their personal information. According to research by Tini Sevak at YouGov, 36% of users are more likely to engage with adverts that are tailored to them, while 55% are creeped out by personalized ads. The browser has to get its data sharing settings right for the individual user, while minimizing the manual settings and decision fatigue that the user has to go through.

A short-term problem for sites, though, is that the current price for highly tracked ad impressions facilitated by cross-site tracking is still way above the price of impressions delivered to users who choose to protect themselves. Tim Peterson, on Digiday, covers the natural experiment of GDPR consenters and non-consenters:

If an exchange or SSP declines to sign the agreement, it is limited to only selling non-personalized ads through DBM. Those generic ads generate less revenue for publishers than personalized ads that are targeted to specific audiences based on data collected about them. Some publishers that are heavily reliant on DBM have seen their revenues decline by 70-80 percent since GDPR took effect because they were limited to non-personalized ads, said another ad tech exec.

(‘It’s impossible’: Google has asked ad tech firms to guarantee broad GDPR consent, assume liability - Digiday)

In the medium to long term, better browser privacy settings will give an advantage to high-reputation sites for two reasons:

  • ads on high-value content have signaling value

  • users are more likely to share information with a site they trust

But in the short term, what can browsers do to help address the market dislocation from the user data crunch?

One possibility is to take advantage of an important side effect of browser privacy improvements: better anti-fraud data.

Today, unprotected browsers and fraudbots are hard to tell apart. Both maintain a single "cookie jar" across trusted and untrusted sites. For fraudbots, cross-site trackability is not a bug as it is for a human user's browser—it's a feature. A fraudbot can only produce valuable ad impressions on a fraud site if it is somehow trackable from a legit site.

As browser users start to upgrade to nightly releases that include more protection, though, a trustworthy site's real users will start to look more and more different from fraudbots. Low-reputation and fraud sites claiming to offer the same audience will have a harder and harder time trying to sell impressions to agencies that can see it's not the same people. This does require better integration with anti-fraud tools, so it's something sites and anti-fraud vendors can do in parallel with the brower release process.

Can the anti-fraud advantages of browser privacy improvements completely swamp out the market effects of reducing cross-site trackability? Depends on how much adfraud there is. We don't know.

Web ad bargain?

12 July 2018

Tim Peterson, on Digiday:

If an exchange or SSP declines to sign the agreement, it is limited to only selling non-personalized ads through DBM. Those generic ads generate less revenue for publishers than personalized ads that are targeted to specific audiences based on data collected about them. Some publishers that are heavily reliant on DBM have seen their revenues decline by 70-80 percent since GDPR took effect because they were limited to non-personalized ads, said another ad tech exec. That revenue drop has put pressure on exchanges and SSPs to sign Google’s consent agreement lest their publishers move their inventory to other platforms that can run DBM’s personalized ads on their sites, the second exec said.

(‘It’s impossible’: Google has asked ad tech firms to guarantee broad GDPR consent, assume liability - Digiday)

A lot of those "specific audiences" are, of course, adfraud bots. Fraud hackers are better at adtech than adtech firms are. So ads shown to bots, on shitty sites, are going for more than ads seen by humans on legit sites.

Meanwhile, tracking-resistant, personalization-averse readers are overrepresented in some customer categories. Web developers are a good example. (40% protected based on recent data from one popular site.)

Of course, today's web ad system is based on tracking the best possible prospect to the cheapest possible site, so it won't be easy to take advantage of this nice piece of market inefficiency. First step is figuring out how well protected the people you want to reach are.

More: blog.aloodo.org - Beware of averages: why you need a local tracking protection metric

Bug futures: business models

10 July 2018

Recent question about futures markets on software bugs: what's the business model?

As far as I can tell, there are several available models, just as there are multiple kinds of companies that can participate in any securities or commodities market.

Cushing, Oklahoma

Oracle operator: Read bug tracker state, write futures contract state, profit. This business would take an agreed-upon share of any contract in exchange for acting as a referee. The market won't work without the oracle operator, which is needed in order to assign the correct resolution to each contract, but it's possible that a single market could trade contracts resolved by multiple oracles.

Actively managed fund: Invest in many bug futures in order to incentivize a high-level outcome, such as support for a particular use case, platform, or performance target.

Bot fund: An actively managed fund that trades automatically, using open source metrics and other metadata.

Analytics provider: Report to clients on the quality of software projects, and the market-predicted likelihood that the projects will meet the client's maintenance and improvement requirements in the future.

Stake provider: A developer participant in a bug futures market must invest to acquire a position on the fixed side of a contract. The stake provider enables low-budget developers to profit from larger contracts, by lending or by investing alongside them.

Arbitrageur: Helps to re-focus development efforts by buying the fixed side of one contract and the unfixed side of another. For example, an arbitrageur might buy the fixed side of several user-facing contracts and the unfixed side of the contract on a deeper issue whose resolution will result in a fix for them.

Arbitrageurs could also connect bug futures to other kinds of markets, such as subscriptions, token systems, or bug bounties.

Previous items in the bug futures series:

Paper from WEIS

A trading market to incentivize secure software: Malvika Rao, Georg Link, Don Marti, Andy Leak & Rich Bodo (PDF) (presented at WEIS 2018)

Corporate Prediction Markets: Evidence from Google, Ford, and Firm X (PDF) by Bo Cowgill and Eric Zitzewitz.

Despite theoretically adverse conditions, we find these markets are relatively efficient, and improve upon the forecasts of experts at all three firms by as much as a 25% reduction in mean squared error.

(This paper covers a related market type, not bug futures. However some of the material about interactions of market data and corporate management could also turn out to be relevant to bug futures markets.)

Creative Commons

Pipeline monument in Cushing, Oklahoma: photo by Roy Luck for Wikimedia Commons. This file is licensed under the Creative Commons Attribution 2.0 Generic license.

take the YouTube advertisers bowling

08 July 2018

(update 25 Sep 2021: also applies to other "safe harbor" laws such as Section 230 in the USA)

What if there is a better way forward on the whole Safe Harbor controversy and Article 13?

Companies don't advertise on sites like YouTube, sites teeming with copyright infringers and nationalist extremists, because those companies are run by copyright infringers or nationalist extremists. Marketing decision-makers are incentivized to play a corrupt online advertising game that rewards them for supporting infringement and extremism.

So the trick here is to help people move marketing money out of bad things (negative externalities) and toward good things (positive externalities). We know that YouTube is a brand-unsafe shitshow because Google won't advertise its own end-user-facing products and services there without a whole extra layer of brand safety protection.

Big Internet companies are set up to insulate decision-makers from the consequences of their own online asshattery, anyway. The way to affect those big Internet companies is through their advertisers. So how about a tweak to any laws that give a safe harbor to an Internet service? Keep the safe harbor for the service itself, but remove safe harbor protections for companies that advertise on it. This should help in several ways.

  • Give legit services some flexibility. If your web site's business model is anything other than "get cheap eyeballs with other people's creative work" or "get cheap eyeballs by recommending divisive bullshit" then you don't have to change a thing.

  • Incentivize sites to pay for new creative work, by making works covered by an author or artist contract a more attractive place for paid advertising than "content" uploaded by random users.

  • Make it easier for marketers who want to do the right thing, by pointing out the risks of supporting bad people.

  • Move some of the risks of online advertising away from the public and toward the decision makers who can make a difference.

How about it?

Nudgestock 2018 transcript

03 July 2018

(This is a cleaned-up and lightly edited version of my talk from Nudgestock 2018.)

First I have to give everybody a disclaimer. This is 100% off message. I work for Mozilla. I am NOT speaking for Mozilla here.

If you follow Rory, you have probably heard a lot about signaling in advertising, so I'm going to go over this material pretty quickly. Why does Homo economicus read magazine advertising but hangs up on cold calls? To put it another way why is every car commercial the same? You could shoot the "car driving down the windy road" commercial with any car. All that the car commercial tells you is: if it was a waste of your time to test drive our car then it would have been a waste of our money to make this little movie about it.

There's a whole literature of economics and math about signaling involving deceptive senders and honest senders. With this paper, Gardete and Bart show that when the sender wants to really get a message across, counter-intuitively the best thing for the sender to do is deprive themselves of some information about the receiver. If you're in the audience and you know what the sender knows about you, then you can't tell are they honestly expressing their intentions in the market, or are they just telling you what you want to hear? Anyone who used to read Computer Shopper magazine for the ads didn't just read it for specific information about all the parts that you might put into your computer. You read it to find out which manufacturers are adopting which standards so you don't buy a motherboard that won't support the video card that you might want to upgrade to next year.

There are three sets of papers in the signaling literature. There are papers that have pure math where you devise kind of a mathematical game of buyers and sellers and see how that game works out. And there are papers where you take users in an experimental setting. Ambler and Hollier took 540 users, showed them different versions of expensive looking and cheap looking advertising that conveys the same information. Finally you've got the kind of research that looks at spending across different product categories, and in this study they found that types of product that have different advertising to sales ratios really depends on how much extra user experience it takes to evaluate that product.

The feedback loop here is that when brands have signaling power, then that means market power for the publishers that carry their advertising, which means advertising rates tend to go up, which means the publishers can afford to make obviously expensive content. And when you attach advertising to obviously expensive content, that means more signaling power. It's kind of a loop that builds more and more value for the advertiser.

Some people compare this to the signaling that a bank does when they build this monstrous stone building to keep your money. Really, the stuff that a bank does, having a stone building doesn't do any more for keeping money in it than having a metal building or a concrete building, but it just shows that they've got this big stone building with their name on it so if they turned out to be deceptive it would be more costly for them to do it. That's the pure signaling model. But the other area that we can see when we compare this kind of classic signal-carrying advertising to online advertising, the kind of ads that are targeted to you based on who you are, is what's up with the norms enforcers?

Rory has his blue checkmark on Twitter which means he doesn't see Twitter ads. I'm less Internet Famous, so I still get the advertising on Twitter. A lot of the ads that I get are deceptive issue ads. This is one. A company that's getting sued for lead paint related issues is trying to convince residents of California that government inspectors are coming to their houses to declare them a nuisance. This is bogus and it's the kind of thing that if it appeared in the newspaper that everyone got to see then journalists and public interest lawyers, and everyone else who enforces the norms on how we communicate, would call it out. But in a targeted ad medium this kind of deceptive advertising can target me directly.

So let me show a little simulation here. What we're looking at is deceptive sellers making a sale. When a deceptive seller makes a sale that's a red line. When an honest seller makes a sale, that's a green line. The little blue squares are norms enforcers, and the only thing that makes a norms enforcer different in this game from a regular customer is when a deceptive seller contacts a norms enforcer the deceptive seller pays a higher price than they would have made in profit from a sale. So with honest sellers and deceptive sellers evolving and competing in this primordial soup of customers, what ends up happening to the deceptive sellers that try to do a broad reach and hit a bunch of different customers is, well you saw them, they hit the norms enforcers, the blue squares lit up. Advertisers who are deceptive and try to reach a bunch of different people end up getting squeezed out in this version of the game. An honest advertiser like this little square down here can reach over the whole board because they don't pay the penalty for reaching the norms enforcer.

So what does this really mean for the real web? On the World Wide Web, have we inadvertently built a game that gives an unfair advantage to deceptive sellers? If somebody can take advantage of all the the user profiling information that's available out there, and say, "oh I believe that these people are rural, low-income, unlikely to be finance journalists, therefore I'm going to hit them with the predatory finance ads," does that cause users to pay less attention to the medium?

Online advertising effectiveness has declined since the launch of the first banner advertisement in 1994. That's certainly not news. This is a slide that appeared in Mary Meeker's famous Internet Trends presentation, and as you can see blue is percentage of ad spending, grey is percentage of people's time. So TV is 36% of the time 36% of the money. Desktop web 18%, 20%, about right.

What's going on with print? Print is 9% of the money for 4% of the time. Now you might say this is just inertia, that that this year people are finally just cutting back on spending money in print because of people spending less time on print and it'll eventually catch up. But I went back and plotted the same slide from the same presentation going back to 2011, and I've got time plotted across the bottom, money plotted on the y axis, and what do we see about print? Print is on a whole different trend line. Print is on a trend line of much more value to the advertiser per unit of time spent than these other ad medium. My hypothesis is that targeting breaks signaling and this means an opportunity.

Targeting means that when you see an ad coming in targeted to you it's more like a cold call. It doesn't carry credible information about the seller's intention in the market.

From the point of view of who has an incentive to to support signal-carrying ad media instead, the people who have an interest in that signal for attention bargain in that positive feedback loop are of course the publishers, high reputation brands that want to be able to send that signal, writers, photographers, and editors, people who get paid by that publisher, and people who benefit from the positive externalities of those signal carrying ads that support news and cultural works.

So if the signaling model is such a big thing then why are there so many targeted ads still out there?


Let's have a look at, just to pick an example, the Facebook advertising policy. As you know, the Facebook advertising platform will let you micro target individuals extremely specifically. You can pick out seven people in Florida, you can pick out everyone who's looking for an apartment who doesn't have a certain ethnic affinity, that kind of thing. But the one thing you're not allowed to do with Facebook targeting is put anything in your ad that might indicate how you're targeting it. The policy says:

ads must not contain content that asserts or implies personal attributes

You can't say, I know you're male or female, I know your sexual orientation, I know what you do for a living. The ad copy has to be generic even if the targeting can be extremely specific. You can't even say other. You can't say meet other singles because that implies that the advertiser knows that the reader is single. Facebook will let you target people with depression but you can't reveal that you know that about them. Aanother good example is Target. They do targeting of individuals who they believe to be pregnant, but they'll pad out those ads for baby stuff with ads for other types of products so as not to creep everybody out.

Back to our shared interest in signal for attention bargain. Pretty much everybody has an interest in that original positive feedback loop of getting the higher reputation for brands of getting reputation driven publishers that'll build high quality content for us. Writers and photographers have an interest in getting paid, and people who are shopping for goods are the ones who want the signal the most. All that stands on the opposite side is behavioral tricks to conceal targeting. Now I'm not going to say this as a privacy issue. I know that there are privacy issues here but that is really not my department. Besides, Facebook just announced a dating site so they're going to breed privacy preferences out of their user base anyway.

Can the web as an advertising medium be redesigned to make it work better for carrying signal? We know from the existence of print that this type of signal carrying ad medium can exist. Print is an existence proof of signal carrying advertising. We also know that building that kind of an ad medium can't be that hard because print was built when people were breathing fumes from molten lead all day.

The prize for building a signal-carrying ad medium is all the cultural works that you get when somebody like Kurt Vonnegut can quit his job as manager of a car dealership and write for Collier's magazine full-time. This book is still on sale with the resulting stories. And of course local news. Democracy depends on the the vital flow of information of public interest. Some people say that the problem with news and information on the web is that it's all been made free, and if people would just subscribe we could fix the system. But honestly if if free was the problem, then Walter Cronkite would have destroyed the media business in 1962. It's a market design problem and a signaling problem, not just a problem of who has to pay for what.

And the web browsers got a bunch of things wrong in the 1990s. There are certain patterns of information flow that the browser facilitated, like third-party tracking, where browsers enable some companies to follow your activity from site to site, and data leakage. Things that that just don't work according to the way that people expect. Most people don't want their activity on one site to follow them over to another site, and the original batch of web browsers got that terribly wrong. The good news is web browsers are getting it right, and web browsers are under tremendous pressure now to do so. As a product the web browser is pretty much complete and working and generic. The whole point of a web browser is it shows web sites the same as all the other web browsers do, so there's less and less reason for a user to want to switch web browsers. But everybody who is trying to get you to install a web browser needs for there to be a reason, so the opportunity for browsers is to align with those interests of users that the browser wasn't able to pick up on previously.

At Mozilla some user researchers recently did a study on users with no ad blocker installed and users within the first few weeks of installing an ad blocker. Anybody want to guess on the increased engagement? How much more time those ad blocker users spend with that same browser than the non ad blocker users? Anybody shout out a number. All right, 28%. From the point of view of the browser those kinds of numbers, moving user engagement in a way that helps that browser meet its goals, that's something that that the browser can't ignore. So that means we're going from the old web game where everyone tries win by collecting as much data on people can without their permission to a new game in which the browser, high reputation publishers, and high reputation brands are all aligned in trying to build enough trust to work on information that users choose to share.

I know when I say information that users choose to share you're going to think about all these GDPR dialogs and I know I've seen these too, and they're just tons of companies on these. To be honest, looking at some of these company names it looks like most of them were made up by guys from Florida who communicate primarily by finger guns. Users should not have to micromanage their consent for all this data collection activity any more than email users should have to go in and read their SMTP headers to filter spam. And really if you think about what brands are, it's offloading information about a product buying decision onto the reputation coprocessor in the user's brain. It's kind of like taking a computational task and instead of running it on the CPU in your data center where you have to to pay the power and cooling bills for it, you offload it and run it on on the GPU on the client. It'll run faster, it'll run better, and the audience is maintaining that reputation state.

The future is here, it's just not very evenly distributed, as William Gibson said. This picture is the cyberpunk of the 1990s. Today all of that stuff he's carrying, his video camera, his laptop, his scanner, all that stuff's on a phone and everybody has it.

Today, the privacy sensitive users, the ones who are already working based on sharing data with permission, they're out there. But they're in niches today. If you have a relationship with those people now, then now is an opportunity to connect with them, figure out how to build that signal carrying advertising game, and and create a reputation based advertising model for the web. Thank you very much.

Worse is better, again?

02 July 2018

Are there parallels between the rise of Worse Is Better in software and the success of the "uncreative counterrevolution" in advertising? (for more on that second one: John Hegarty: Creativity is receding from marketing and data is to blame) The winning strategy in software is to sacrifice consistency and correctness for simplicity. (probably because of network effects, principal-agent problems, and market failures.) And it seems like advertising has similar trade-offs between

  • Signal

  • Measurability (How well can we measure this project's effect on sales?)

  • Message (Is it persuasive and on brand?)

Just as it's rational for software decision-makers to choose simplicity, it can be rational for marketing decsion-makers to choose measurability over signal and message. (This is probably why there is a brand crisis going on—short-term CMOs are better off when they choose brand-unsafe tactics, sacrificing Message.)

As we're now figuring out how to use market-based tools to fix market failures in software, where can we use better market design to fix market failures in advertising? Maybe this is where it actually makes sense to use #blockchain: give people whose decisions can affect #brandEquity some kind of #skinInTheGame?

Against privacy defeatism: why browsers can still stop fingerprinting

How to get away with financial fraud

Google invests $22M in feature phone operating system KaiOS

Inside the investor revolt that’s trying to take down Mark Zuckerberg

Ryan Wallman: Marketers must loosen their grip on the creative process

Open source sustainability

K2’s Media Transparency Report Still Rocks The Ad Industry Two Years After Its Release

Mark Ritson: How ‘influencers’ made my arse a work of art

Ad fraud one of the most profitable criminal enterprises in the world, researcher says

Cover story: Adtech won’t fix ad fraud because it is too lucrative, say specialists


Sir John Hegarty: Great advertising elevates brands to a part of culture

https://www.canvas8.com/blog/2018/ju/behavioural-science-insights-nudgestock-2018.html …

blood donation: no good deed goes unpunished

19 June 2018

I have been infected with the Ebola virus.

I have had sex with another man in the past year.

I am taking Coumadin®.

Actually, none of those three statements is true. And Facebook knows it.

The American Red Cross has given Facebook this highly personal information about me, by adding my contact info to an "American Red Cross Blood Donors" Facebook Custom Audience. If any of that stuff were true, I wouldn't have been allowed to give blood.

When I heard back from the American Red Cross about this personal data problem, they told me that they don't share my health information with Facebook.

That's not how it works. I'm listed in the Custom Audience as a blood donor. Anyway, too late. Facebook has the info now.

So, which of its promises about how it uses people's personal information is Facebook going to break next?

And is some creepy tech bro right now making a killer pitch to Paul Graham about a business plan to "disrupt" the health insurance market using blood donor information?

I should not have to care about this, and I don't have time to. I don't even have time to attempt a funny remark about the whole Facebook board member Peter Thiel craving blood thing.

Helping people move ad budgets away from evil stuff

17 June 2018

Hugo-award-winning author Charles Stross said that a corporation is some kind of sociopathic hive organism, but as far as I can tell a corporation is really more like a monkey troop cosplaying a sociopathic hive organism.

This is important to remember because, among other reasons, it turns out that the money that a corporation spends to support democracy and creative work comes from the same advertising budget as the money it spends on random white power trolls and actual no-shit Nazis. The challenge for customers is to help people at corporations who want to do the right thing with the advertising budget, but need to be able to justify it in terms that won't break character (since they have agreed to pretend to be part of a sociopathic hive organism that only cares about its stock price).

So here is a quick follow-up to my earlier post about denying permission for some kinds of ad targeting.

Techcrunch reports that "Facebook Custom Audiences," the system where advertisers upload contact lists to Facebook in order to target the people on those lists with ads, will soon require permission from the people on the list. Check it out: Introducing New Requirements for Custom Audience Targeting | Facebook Business. On July 2, Facebook's own rules will extend a subset of Europe-like protection to everyone with a Facebook account. Beaujolais!

So this is a great opportunity to help people who work for corporations and want to do the right thing. Denying permission to share your info with Facebook can move the advertising money that they spend to reach you away from evil stuff and towards sites that make something good. Here's a permission withdrawal letter to cut and paste. Pull requests welcome.

simulating a market with honest and deceptive advertisers

11 June 2018

At Nudgestock 2018 I mentioned the signaling literature that provides background for understanding the targeted advertising problem. Besides being behind paywalls, a lot of this material is written in math that takes a while to figure out. For example, it's worth working through this Gardete and Bart paper to understand a situation in which the audience is making the right move to ignore a targeted message, but it can take a while.

Are people rational to ignore or block targeted advertising in some media, because those media are set up to give an incentive to deceptive sellers? Here's a simulation of an ad market in which that might be the case. Of course, this does not show that in all advertising markets, better targeting leads to an advantage for deceptive sellers. But it is a demonstration that it is possible to design a set of rules for an advertising market that gives an advantage to deceptive sellers.

What are we looking at? Think of it as a culture medium where we can grow and evolve a population of single-celled advertisers.

The x and y coordinates are some arbitrary characteristic of offers made to customers. Customers, invisible, are scattered randomly all over the map. If a customer gets an offer for a product that is close enough to their preferences, it will buy.

Advertisers (yellow to orange squares) get to place ads that reach customers within a certain radius. The advertiser has a price that it will bid for an ad impression, and a maximum distance at which it will bid for an impression. These are assigned randomly when we populate the initial set of advertisers.

High-bidding advertisers are more orange, and lower-bidding advertisers are more pale yellow.

An advertiser is either deceptive, in which case it makes a slightly higher profit per sale, or honest. When an honest advertiser makes a sale, we draw a green line from the advertiser to the customer. When a deceptive advertiser makes a sale, we draw a red line. The lines appear to fade out because we draw a black line every time there is an ad impression that does not result in a sale.

So why don't the honest advertisers die out? One more factor: the norms enforcers. You can think of these as product reviewers or regulators. If a deceptive advertiser wins an ad impression to a norms enforcer, then the deceptive advertiser pays a cost, greater than the profit from a sale. Think of it as having to register a new domain and get a new logo. Honest advertisers can make normal sales to the norms enforcers, which are shown as blue squares. An ad impression that results in an "enforcement penalty" is shown as a blue line.

So, out of those relative simple rules—two kinds of advertisers and two kinds of customers—we can see several main strategies arise. Your run of the simulation is unique, and you can also visit the big version.

What I'm seeing on mine is some clusters of finely targeted deceptive advertisers, in areas with relatively few norms enforcers, and some low-bidding honest advertisers with a relatively broad targeting radius. Again, I don't think that this necessarily corresponds to any real-world advertising market, but it is interesting to figure out when and how an advertising market can give an advantage to deceptive sellers, and what kinds of protections on the customer side can change the game.

How The California Consumer Privacy Act Stacks Up Against GDPR

The biggest lies that the martech and adtech worlds tell themselves

‘Personalization diminished’: In the GDPR era, contextual targeting is making a comeback

How media companies lost the advertising business

Ben Miroglio, David Zeber, Jofish Kaye, and Rebecca Weiss. 2018. The Effect of Ad Blocking on User Engagement with the Web. In WWW 2018: The 2018 Web Conference, April 23–27, 2018, Lyon, France. ACM, New York, NY, USA, 9 pages. https://doi.org/10.1145/3178876.3186162

When can deceptive sellers outbid honest sellers for ad impressions?

Google Will Enjoy Major GDPR Data Advantages, Even After Joining IAB Europe’s Industry Framework

https://www.canvas8.com/content/2018/06/07/don-marti-nudgestock.html …

Data protection laws are shining a needed light on a secretive industry | Bruce Schneier

How startups die from their addiction to paid marketing

Opinion: Europe's Strict New Privacy Rules Are Scary but Right

Announcing a new journalism entrepreneurship boot camp: Let’s “reboot the media” together

Intelligent Tracking Prevention 2.0

The alt-right has discovered an oasis for white-supremacy messages in Disqus, the online commenting system.

Teens Are Abandoning Facebook. For Real This Time.

Salesforce CEO Marc Benioff Calls for a National Privacy Law

Nudgestock 2018 notes and links

09 June 2018

(update 3 July 2018: transcript)

Thanks for coming to my Nudgestock 2018 talk. First, as promised, some links to the signaling literature. I don't know of a full bibliography for this material, and a lot of it appears to be paywalled. A good way to get into it is to start with this widely cited paper by Phillip Nelson: Advertising as Information | Journal of Political Economy: Vol 82, No 4 and work forward.

Gardete and Bart "We find that when the sender’s motives are transparent to the receiver, communication can only be influential if the sender is not well informed about the receiver’s preferences. The sender prefers an interior level of information quality, while the receiver prefers complete privacy unless disclosure is necessary to induce communication." Tailored Cheap Talk | Stanford Graduate School of Business The Gardete and Bart paper makes sense if you ever read Computer Shopper for the ads. You want to get an idea of each manufacturer's support for each hardware standard, so that you can buy parts today that will keep their value in the parts market of the near future. You don't want an ad that targets you based on what you already have.

Kihlstrom and Riordan "A great deal of advertising appears to convey no direct credible information about product qualities. Nevertheless such advertising may indirectly signal quality if there exist market mechanisms that produce a positive relationship between product quality and advertising expenditures." Advertising as a Signal

Ambler and Hollier "High perceived advertising expense enhances an advertisement's persuasiveness significantly, but largely indirectly, by strengthening perceptions of brand quality." The Waste in Advertising Is the Part That Works | the Journal of Advertising Research

Davis, Kay, and Star "It is not so much the claims made by advertisers that are helpful but the fact that they are willing to spend extravagant amounts of money." Is advertising rational- Business Strategy Review - Wiley Online Library

New research on the effect of ad blocking on user engagement. No paywall. Ben Miroglio, David Zeber, Jofish Kaye, and Rebecca Weiss. 2018. The Effect of Ad Blocking on User Engagement with the Web. In WWW 2018: The 2018 Web Conference, April 23–27, 2018, Lyon, France. ACM, New York, NY, USA, 9 pages. https://doi.org/10.1145/3178876.3186162 (PDF)

Here's that simulation of unicellular advertisers that I showed on screen, and more on the norms enforcer situation, which IHMO is different from pure signaling.

For those of you who are verified on Twitter, so haven't seen what I'm talking about with the deceptive ads there, I have started collecting some: dmarti/deceptive-ads

I mentioned the alignment of interest between high-reputation brands and high-reputation publishers. More on the publisher side is in a series of guest posts for Digital Content Next, which represents large media companies that stand to benefit from reputation-based advertising: Don Marti, Author at Digital Content Next Also more from the publisher point of view in Notes and links from my talk at the Reynolds Journalism Institute.

If you're interested in the post-creepy advertising movement, here are some people to follow on Twitter.

What's next? The web advertising mess isn't a snarled-up mess of collective action problems. It's a complex set of problems that interact in a way that creates some big opportunities for the right projects. Work together to fix web ads? Let's not.

More: Nudgestock 2018 transcript

Evil stuff on the Internet and following the money

05 June 2018

Rule number one of dealing with the big Internet companies is: never complain to them about all the evil stuff they support. It's a waste of time and carpal tunnels. All of the major Internet companies have software, processes, and, most important, contract moderators, to attenuate complaints. After all, if Big Company employees came in to work and saw real user screenshots of the beheading videos, or the child abuse channel, or the ethnic cleansing memes, then that would harsh their mellow and severely interfere with their ability to, as they say in California, bro down and crush code.

Fortunately, we have better options than engaging with a process that's designed to mute a complaint. Follow the money.

Your average Internet ad does not come from some ominous all-seeing data-driven Panopticon. It's probably placed by some marketing person looking at an ad dashboard screen that's just as confusing to them as the ad placement is confusing to you.

So I'm borrowing the technique that "Spocko" started for talk radio, and Sleeping Giants scaled up for ads on extremist sites.

  • Contact a brand's marketing decision makers directly.

  • Briefly make a specific request.

  • Put your request in terms that make not granting it riskier and more time-consuming.

This should be pretty well known by now. What's new is a change in European privacy regulations. The famous European GDPR applies not just to Europeans, but to natural persons. So I'm going to test the idea that if I ask for something specific and easy to do, it will be easier for people to just do it, instead of having to figure out that (1) they have a different policy for people who they won't honor GDPR requests from and (2) they can safely assign me to the non-GDPR group and ignore me.

My simple request is not to include me in a Facebook Custom Audience. I can find the brands that are doing this by downloading ad data from Facebook, and here's a letter-making web thingy that I can use. Try it if you like. I'll follow up with how it's going.

Opting into European mode

02 June 2018

Trans Europa Express was covered on ghacks.net. This is an experimental Firefox extension that tries to get web sites to give you European-level privacy rights, even if the site classifies you as non-European.

Since the version they mentioned, I have updated it with a few new features.

Anyway, check it out. Seems to have actual users now, so I've got that going for me. But lots of secret European mode switches still remain unactivated. If you see one, please make a new issue.

Ron Estes, US Congress

02 June 2018

If Ron Estes, running for US Congress was a candidate with the same name as a well-known Democratic Party politician, clearly the right-wing pranksters of the USA would give him a bunch of inbound links just for lulz, and to force the better-known politician to spend money on SEO of his own.

But he's not, so people will probably just tweet about the election and stuff.

Happy GDPR day. Here's some sensitive data about me.

25 May 2018

I know I haven't posted for a while, but I can't skip GDPR Day. You don't see a lot of personal info from me here on this blog. But just for once, I'm going to share something.

I'm a blood donor.

This doesn't seem like a lot of information. People sign up for blood drives all the time. But the serious privacy problem here is that when I give blood, they also test me for a lot of diseases, many of which could have a big impact on my life and how much of certain kinds of healthcare products and services I'm likely to need. The fact that I'm a blood donor might also help people infer something about my sex life but the health data is TMI already.

And I have some bad news. I recently got the ad info from my Facebook account and there it is, in the file advertisers_who_uploaded_a_contact_list_with_your_information.html. American Red Cross Blood Donors. Yes, it looks like the people I chose to trust with some of my most sensitive personal info have given it to the least trusted company on the Internet.

In today's marketing scene, the fact that my blood donor information leaked to Facebook isn't too surprising. The Red Cross clearly has some marketing people, and targeting the existing contact list on Facebook is just one of the things that marketing people do without thinking about it too much.Not thinking about privacy concerns is a problem for Marketing as a career field long-term. If everyone thinks of Marketing as the Department of Creepy Stuff it's going to be harder to recruit creative people.

So, wait a minute. Why am I concerned that Facebook has positive health info on me? Doesn't that help maintain my status in the data-driven economy? What's the downside? (Obvious joke about healthy-blood-craving Facebook board member Peter Thiel redacted—you're welcome.)

The problem is that my control over my personal data isn't just a problem for me. As Prof. Arvind Narayanan said (video), Poor privacy harms society as a whole. Can I trust Facebook to use my blood info just to target me for the Red Cross, and not to sort people by health for other purposes? Of course not. Facebook has crossed every creepy line that they have promised not to. To be fair, that's not just a Facebook thing. Tech bros do risky and mean things all the time without really thinking them through, and even when they do set appropriate defaults they half-ass the implementation and shit happens.

Will blood donor status get you better deals, or apartments, or jobs, in the future? I don't know. I do know that the Red Cross made a big point about confidentiality when they got me signed up. I'm waiting for a reply from the Red Cross privacy officer about this, and will post an update.

Anyway, happy GDPR Day, and, in case you missed it, Salesforce CEO Marc Benioff Calls for a National Privacy Law.

Can markets for intent data even be a thing?

12 May 2018

Doc Searls is optimistic that surveillance marketing is going away, but what's going to replace it? One idea that keeps coming up is the suggestion that prospective buyers should be able to sell purchase intent data to vendors directly. This seems to be appealing because it means that the Marketing department will still get to have Big Data and stuff, but I'm still trying to figure out how voluntary transactions in intent data could even be a thing.

Here's an example. It's the week before Thanksgiving, and I'm shopping for a kitchen stove. Here are two possible pieces of intent information that I could sell.

  • "I'm cutting through the store on the way to buy something else. If a stove is on sale, I might buy it, but only if it's a bargain, because who needs the hassle of handling a stove delivery the week before Thanksgiving?"

  • "My old stove is shot, and I need one right away because I have already invited people over. Shut up and take my money."

On a future intent trading platform, what's my incentive to reveal which intent is the true one?

If I'm a bargain hunter, I'm willing to sell my intent information, because it would tend to get me a lower price. But in that case, why would any store want to buy the information?

If I need the product now, I would only sell the information for a price higher than the expected difference between the price I would pay and the price a bargain hunter would pay. But if the information isn't worth more than the price difference, why would the store want to buy it?

So how can a market for purchase intent data happen?

Or is the idea of selling access to purchase intent only feasible if the intent data is taken from the "data subject" without permission?

Anyway, I can see how search advertising and signal-based advertising can assume a more important role as surveillance marketing becomes less important, but I'm not sure about markets for purchase intent. Maybe user data sharing will be not so much a stand-alone thing but a role for trustworthy news and cultural sites, as people choose to share data as part of commenting and survey completion, and that data, in aggregated form, becomes part of a site's audience profile.

Unlocking the hidden European mode in web ads

06 May 2018

It would make me really happy to be able to yellow-list Google web ads in Privacy Badger. (Yellow-listed domains are not blocked, but have their cookies restricted in order to cut back on cross-site tracking.) That's because a lot of news and cultural sites use DoubleClick for Publishers and other Google services to deliver legit, context-based advertising. Unfortunately, as far as I can tell, Google mixes in-context ads with crappy, spam-like, targeted stuff. What I want is something like Doc Searls style ads: Just give me ads not based on tracking me.

Until now, there has been no such setting. There could have been, if Do Not Track (DNT) had turned out to be a thing, but no. But there is some good news. Instead of one easy-to-use DNT, sites are starting to give us harder-to-find, but still usable, settings, in order to enable GDPR-compliant ads for Europe. Here's Google's: Ads personalization settings in Google’s publisher ad tags - DoubleClick for Publishers Help.

Wait a minute? Google respects DNT now?

Sort of. GDPR-compliant terms written by Google aren't exactly the same as EFF's privacy-friendly Do Not Track (DNT) Policy All these different tracking policies are reminding me of open source licenses for some reason. but close enough. The catch is that as an end user, you can't just turn on Google's European mode. You have to do some JavaScript. I think I figured out how to do this in a simple browser extension to unlock secret European status.

Google doesn't appear to have their European mode activated yet, so I added a do-nothing "European mode" to the Aloodo project, for testing. I'm not able to yellow-list Google yet, but when GDPR takes effect later this month I'll test it some more.

In the meantime, I'll keep looking for other examples of hidden European mode, and see if I can figure out how to activate them.

GDPR and client-side tools

17 April 2018

Lots of GDPR advice out there. As far as I can tell it pretty much falls into three categories.

But what if there is another way?

  1. Start with the clean version. (Here's that link again: How to: GDPR, consent and data processing).

  2. Add microformats to label consent forms as consent forms, and appropriate links to the data usage policy to which the user is being asked to agree.

  3. Release a browser extension that will do the right thing with the consent forms, and submit automatically if the user is fine with the data usage request and policy, and appears to trust the site. Lots of options here, since the extension can keep track of known data usage policies and which sites the user appears to trust, based on their activity.

  4. Publish user research results from the browser extension. At this point the browsers can compete to do their own versions of step 3, in order to give their users a more trustworthy and less annoying experience.

Browsers need to differentiate in order to attract new users and keep existing users. Right now a good way to do that is in creating a safer-feeling, more trustworthy environment. The big opportunity is in seeing the overlap between that goal for the browser and the needs of brands to build reputation and the needs of high-reputation publishers to shift web advertising from a hacking game that adtech/adfraud wins now, to a reputation game where trusted sites can win.

When can deceptive sellers outbid honest sellers for ad impressions?

14 April 2018

Update 12 Dec 2021: Add link to London Underground example.

Update 8 Jun 2018: simulation, Why digital advertising leaves people underwhelmed

Why does the Peak Advertising effect occur most in the most accurately targeted ad media? Why do people tend to filter out targeted ads, using habit power, technology, and regulation, while paying more attention to less finely targeted ad media?

One explanation is that buying ad space is an example of costly signaling. On this view, advertising is basically an exchange of signal for attention, and ads that don't pay their way with some kind of proof of spend are not worth paying attention to because they don't convey useful information about the seller's beliefs on how valuable the audience would find the product.

Another possible explanation is that targetable ad media are more suitable for deception, and that where advertisers bid for space in a medium, deceptive advertisers will tend to outbid the honest ones.

This seems counterintuitive, since we might suppose that the customer lifetime value of an honest seller's newly acquired customer could in many cases be greater than the profit from a quick score by a deceptive seller. But targeting doesn't just match ad impressions with prospective buyers. When used by a deceptive seller, it can also conceal an ad impression from potentially costly attention.

For honest direct marketers, the expected profit from reaching a buyer is positive, and the expected profit from reaching a non-buyer is zero. But the audience does not just contain buyers and non-buyers. People can also be divided into enforcers and non-enforcers. Enforcers can be anything from professional law enforcement people, to someone who takes apart a bogus product and makes a video about it, to just the writer of a bad online review. What enforcers have in common is that for a dishonest seller, the expected profit from reaching an enforcer is negative.

Some kinds of enforcer can impose costs even without buying. For example, a reader might send the publisher a screenshot containing a scam ad and get the advertiser added to an advertiser exclusion list. Other kinds of enforcer might only take action if they buy the product and find it to be a scam. A deceptive advertiser might incur costs when their ad is shown to either kind of enforcer.

For an honest advertiser, the expected profit from a single impression is:

probability of reaching a buyer × expected profit per sale

For the dishonest advertiser, the expected profit is:

probability of reaching a buyer × expected profit per sale − probability of reaching an enforcer × expected loss per enforcer

The expected loss per enforcer is typically high compared to the profit per sale. For example, a small number of contacts with review writers might require a seller to re-launch under a new name. In an ad impression market with both honest and deceptive sellers, where sellers can choose which impressions to bid on, an ad impression that a deceptive seller believes is unlikely to reach an enforcer has extra value to that deceptive advertiser but not to an honest advertiser. Deceptive sellers will tend to outbid honest ones for certain impressions.

A member of the audience might be able to see targeting criteria, but not the advertiser's internal weighting of targeting criteria. (For example, a targeted ad platform might reveal to you that you are being targeted for an ad because your computer is running the latest release of the OS. What they won't tell you is that the seller is bidding on impressions to your OS version because they're selling a tainted nutritional supplement, and the lead testing department at the Ministry of Health is still on the old OS version.)

So, some ad impressions will tend to be purchased by deceptive sellers, but a low-information member of the audience can't tell which impressions those are. Is this an ad from an honest seller that might be reaching both me and enforcers, or is this an ad from a dishonest seller targeted to reach me but not enforcers? When you read a magazine that reaches a community of practice of which you're a member, you can be confident that product reviewers and editors are seeing the same ads you are. A web ad could be targeted to avoid experienced and better-connected members of the community of practice.

A good example of where lower targeting capabilities can assist norms enforcement is the 378 commmuters who reported London Underground ads that were later banned by the Advertising Standards Authority. Silvia Milano, Brent Mittelstadt, and Sandra Wachter write,

[I]f the ad could have been targeted to just the subset of consumers most receptive to its message, they might not have raised any complaints. As a result, the harmful message would have gone unchallenged, missing an opportunity for the regulator to update their guidelines in keeping with current social norms.

One possible explanation for the Peak Advertising effect is the interaction between deceptive sellers discovering how to use a new ad medium's targeting capabilities to avoid enforcers, and the audience discovering the fraction of deceptive sellers.

Related: Ban Targeted Advertising by David Dayen in The New Republic. (I'm not so much interested in whether or not targeted advertising should be banned as I am in the reasoning behind why people choose to protect themselves from it. The story of matching the exact right buyer to the exact right product is much less compelling for most purchase decisions than the buyer's story of finding an adequate product and avoiding deceptive sellers.)

working post-creepy ads, and stuff

13 April 2018

Post-creepy web ad sightings: What's next for web advertising after browser privacy improvements and regulatory changes make conventional adtech harder and harder?

The answer is probably something similar to what's already starting to pop up on niche sites. Here's a list of ad platforms that work more like print, less like spam: list of post-creepy web ad systems. Comments and suggestions welcome (mail me, or do a GitHub pull request from the link at the bottom.)

Fun with bug futures: we're in Mozilla's Internet Health Report. Previous items in that series:

ICYMI: Mozilla experiment aims to reduce bias in code reviews

Lots of GDPR and next-generation web ads stories in the past few weeks. A few must-read ones.

Publishers Haven't Realized Just How Big a Deal GDPR is My advice to you is rethink your approach to GDPR. This is your chance to be a part of the solution, rather than being part of the problem.

Brand Safety Is Not Driving Media Allocation Decisions in 2018/19

Mark Ritson: This is a critical point in marketers’ relationship with data privacy

What GDPR really means

A good question, from Twitter

19 March 2018

Good question on Twitter, but one that might take more than, what is is now, 280 characters? to answer.

Sir, why do you pay so much attention on internet advertising? I have hardly read your tweet that isn't related to internet advertising. I used Privacy Badger for some time last year. It's useful but a little heavy😅

— siven fang (@sivenfan) March 19, 2018

Why do I pay attention to Internet advertising? Why not just block it and forget about it? By now, web ad revenue per user is so small that it only makes sense if you're running a platform with billions of users, so sites are busy figuring out other ways to get paid anyway.

To the generation that never had a print magazine subscription, advertising is just a subset of "creepy shit on the Internet." Who wants to do that for a living? According to Charlotte Rogers at Marketing Week, the lack of information out there explaining the diverse opportunities of a career in marketing puts the industry at a distinct disadvantage in the minds of young people. Marketing also has to contend with a perception problem among the younger generation that it is intrinsically linked with advertising, which Generation Z notoriously either distrust or dislike.

Like the man says, Where Did It All Go Wrong?

The answer is that I'm interested in Internet advertising for two reasons.

  • First, because I'm a Kurt Vonnegut fan and have worked for a magazine. Some kinds of advertising can have positive externalities. Vonnegut was able to quit his job at a car dealership, and write full time, because advertising paid for original fiction in Collier's magazine. How did advertising lose its ability to pay for news and cultural works? Can advertising reclaim that ability?

  • Second, because most of the economic role of advertising is in an area that Internet advertising hasn't been able to get a piece of. While Internet advertising plays a game of haha, look what I tricked you into clicking on for chump change, the real money is in signal-carrying advertising that helps build brand reputation. Is it possible to make Internet advertising into a medium that can get a piece of the action?

Maybe make that three reasons. As long as Internet advertising fails to pull its weight in either supporting news and cultural works or helping to send a credible economic signal for brands then the scams, malware and mental manipulation will only continue. More: World's last web advertising optimist tells all!

People's personal data: take it or ask for it?

09 March 2018

We know that advertising on the web has reached a low point of fraud, security risks, and lack of brand safety. And it's not making much money for publishers anyway. So a lot of people are talking about how to fix it, by building a new user data sharing system, in which individuals are in control of which data they choose to reveal to which companies.

Unlike today's surveillance marketing, people wouldn't be targeted for advertising based on data that someone figures out about them and that they might not choose to share.

A big win here will be that the new system would tend to lower the ROI on creepy marketing investments that have harmful side effects such as identity theft and facilitation of state-sponsored misinformation, and increase the ROI for funding ad-supported sites that people trust and choose to share personal information with.

A user-permissioned data sharing system is an excellent goal with the potential to help clean up a lot of the Internet's problems. But I have to be realistic about it. Adam Smith once wrote,

The pride of man makes him love to domineer, and nothing mortifies him so much as to be obliged to condescend to persuade his inferiors.

So the big question is still:

Why would buyers of user data choose to deal with users (or publishers who hold data with the user's permission) when they can just take the data from users, using existing surveillance marketing firms?

Some possible answers.

  • GDPR? Unfortunately, regulatory capture is still a thing even in Europe. Sometimes I wish that American privacy nerds would quit pretending that Europe is ruled by Galadriel or something.

  • brand safety problems? Maybe a little around the edges when a particularly bad video gets super viral. But platforms and adtech can easily hide brand-unsafe "dark" material from marketers, who can even spend time on Youtube and Facebook without ever developing a clue about how brand-unsafe they are for regular people. Even as news-gatherers get better at finding the worst stuff, platforms will always make hiding brand-unsafe content a high priority.

  • fraud concerns? Now we're getting somewhere. Fraud hackers are good at making realistic user data. Even "people-based" platforms mysteriously have more users in desirable geography/demography combinations than are actually there according to the census data. So, where can user-permissioned data be a fraud solution?

  • signaling? The brand equity math must be out there somewhere, but it's nowhere near as widely known as the direct response math that backs up the creepy stuff. Maybe some researcher at one of the big brand advertisers developed the math internally in the 1980s but it got shredded when the person retired. Big possible future win for the right behavioral economist at the right agency, but not in the short term.

  • improvements in client-side privacy? Another good one. Email spam filtering went from obscure nerdery to mainstream checklist feature quickly—because email services competed on it. Right now the web browser is a generic product, and browser makers need to differentiate. One promising angle is for the browser to help build a feeling of safety in the user by reducing user-perceived creepiness, and the browser's need to compete on this is aligned with the interests of trustworthy sites and with user-permissioned data sharing.

(And what's all this "we" stuff, anyway? Post-creepy advertising is an opportunity for individual publishers and brands to get out ahead, not a collective action problem.)

What I don't get about Marketing

27 February 2018

I want to try to figure out something I still don't understand about Marketing.

First, read this story by Sarah Vizard at Marketing Week: Why Google and Facebook should heed Unilever’s warnings.

All good points, right?

With the rise of fake news and revelations about how the Russians used social platforms to influence both the US election and EU referendum, the need for change is pressing, both for the platforms and for the advertisers that support them.

We know there's a brand equity crisis going on. Brand-unsafe placements are making mainstream brands increasingly indistinguishable from scams. So the story makes sense so far. But here's what I don't get.

For the call to action to work, Unilever really needs other brands to rally round but these have so far been few and far between.

Other brands? Why?

If brands are worth anything, they can at least help people tell one product apart from another.

Think Small VW ad

Saying that other brands need to participate in saving Unilever's brands from the three-ring shitshow of brand-unsafe advertising is like saying that Volkswagen really needs other brands to get into simple layouts and natural-sounding copy just because Volkswagen's agency did.

Not everybody has to make the same stuff and sell it the same way. Brands being different from each other is a good thing. (Right?)

generic food

Sometimes a problem on the Internet isn't a "let's all work together" kind of problem. Sometimes it's an opportunity for one brand to get out ahead of another.

What if every brand in a category kept on playing in the trash fire except one?

The tracker will always get through?

18 February 2018

(I work for Mozilla. None of this is secret. None of this is Mozilla policy. Not speaking for Mozilla here.)

A big objection to tracking protection is the idea that the tracker will always get through. Some people suggest that as browsers give users more ability to control how their personal information gets leaked across sites, things won't get better for users, because third-party tracking will just keep up. On this view, today's easy-to-block third-party cookies will be replaced by techniques such as passive fingerprinting where it's hard to tell if the browser is succeeding at protecting the user or not, and users will be stuck in the same place they are now, or worse.

I doubt this is the case because we're playing a more complex game than just trackers vs. users. The game has at least five sides, and some of the fastest-moving players with the best understanding of the game are the adfraud hackers. Right now adfraud is losing in some areas where they had been winning, and the resulting shift in adfraud is likely to shift the risks and rewards of tracking techniques.

Data center adfraud

Fraudbots, running in data centers, visit legit sites (with third-party ads and trackers) to pick up a realistic set of third-party cookies to make them look like high-value users. Then the bots visit dedicated fraudulent "cash out" sites (whose operators have the same third-party ads and trackers) to generate valuable ad impressions for those sites. If you wonder why so many sites made a big deal out of "pivot to video" but can't remember watching a video ad, this is why. Fraudbots are patient enough to get profiled as, say, a car buyer, and watch those big-money ads. And the money is good enough to motivate fraud hackers to make good bots, usually based on real browser code. When a fraudbot network gets caught and blocked from high-value ads, it gets recycled for lower and lower value forms of advertising. By the time you see traffic for sale on fraud boards, those bots are probably only getting past just enough third-party anti-fraud services to be worth running.

This version of adfraud has minimal impact on real users. Real users don't go to fraud sites, and fraudbots do their thing in data centers Doesn't everyone do their Christmas shopping while chilling out in the cold aisle at an Amazon AWS data center? Seems legit to me. and don't touch users' systems. The companies that pay for it are legit publishers, who not only have to serve pages to fraudbots—remember, a bot needs to visit enough legit sites to look like a real user—but also end up competing with adfraud for ad revenue. Adfraud has only really been a problem for legit publishers. The adtech business is fine with it, since they make more money from fraud than the fraud hackers do, and the advertisers are fine with it because fraud is priced in, so they pay the fraud-adjusted price even for real impressions.

What's new for adfraud

So what's changing? More fraudbots in data centers are getting caught, just because the adtech firms have mostly been shamed into filtering out the embarassingly obvious traffic from IP addresses that everyone can tell probably don't have a human user on them. So where is fraud going now? More fraud is likely to move to a place where a bot can look more realistic but probably not stay up as long—your computer or mobile device. Expect adfraud concealed within web pages, as a payload for malware, and of course in lots and lots of cheesy native mobile apps.The Google Play Store has an ongoing problem with adfraud, which is content marketing gold for Check Point Software, if you like "shitty app did WHAT?" stories. Adfraud makes way more money than cryptocurrency mining, using less CPU and battery.

So the bad news is that you're going to have to reformat your uncle's computer a lot this year, because more client-side fraud is coming. Data center IPs don't get by the ad networks as well as they once did, so adfraud is getting personal. The good news, is, hey, you know all that big, scary passive fingerprinting that's supposed to become the harder-to-beat replacement for the third-party cookie? Client-side fraud has to beat it in order to get paid, so they'll beat it. As a bonus, client-side bots are way better at attribution fraud (where a fraudulent ad gets credit for a real sale) than data center bots.

Users don't have to get protected from every possible tracking technique in order to shift the web advertising game from a hacking contest to a reputation contest. It often helps simply to shift the advertiser's ROI from negative-externality advertising below the ROI of positive-externality advertising.

Advertisers have two possible responses to adfraud: either try to out-hack it, or join the "flight to quality" and cut back on trying to follow big-money users to low-reputation sites in the first place. Hard-to-detect client-side bots, by making creepy fingerprinting techniques less trustworthy, tend to increase the uncertainty of the hacking option and make flight to quality relatively more attractive.

This is why we can't have nice brands.

17 February 2018

What if I told you that there was an Internet ad technology that...

  • can reach the same user on mobile and desktop

  • uses open-standard persistent identifiers for users

  • can connect users to their purchase history

  • reaches the users that the advertiser chooses, at the time the advertiser chooses

  • and doesn't depend on the Google/Facebook duopoly?

Don't go looking for it on the Lumascape.

I'm describing email spam.

Every feature that adtech is bragging on, or working toward? Email spam had it in the 1990s.

So why didn't brand advertisers jump all over spam? Why did they mostly leave it to low-reputation brands and scammers?

To be honest, it probably wasn't a decision decision in most cases, just corporate sloth. But staying away from spam was the right answer. In the email inbox, spam from a high-reputation brand doesn't look any different from spam that any fly-by-night operation can send. All spammers can do the same stuff:

They can sell to people...for a fraction of what marketing used to cost. And they can collect data on these consumers, track what they buy, what they love and hate about the experience, and market to them directly much more effectively.

Oh, wait. That one isn't about spam in the 1990s. That's about targeted advertising on social media sites today. The CEO of digital advertising's biggest trade group says most big marketers are screwed unless they completely change their business models.

It's the direct consumer relationships, and the use of consumer data, that is completely game-changing for the marketing world. And most big marketers, such as Procter & Gamble and Unilever, are not ready for this new reality, the IAB says.

But of course they're ready. The difference is that those established brand advertisers aren't any more ready than some guy who watched a YouTube video series on "growth hacking" and is ready to start buying targeted ads and drop-shipping.

The "new reality," the targeted advertising business that the IAB wants brands to join them in, is a place where you win based not on how much the audience trusts you, but on how well you can out-hack the competition. And like any information space organized by hacking skill, it's a hellscape of deceptive crap. Read The Strange Brands in Your Instagram Feed by Alexis C. Madrigal.

Some Instagram retailers are legit brands with employees and products. Others are simply middlemen for Chinese goods, built in bedrooms, and launched with no capital or inventory. All of them have been pulled into existence by the power of Instagram and Facebook ads combined with a suite of e-commerce tools based around Shopify.

Of course, not every brand that buys a social media ad or other targeted ad is crap.

But a social media ad is useless for telling crap brands from non-crap ones. It doesn't carry economic signal. There's no such thing as a free watch. (PDF)

Rory Sutherland writes, in Reducing activities to their core misses the point,

Many billions of pounds of advertising expenditure have been shifted from conventional media, most notably newspapers, and moved into digital media in a quest for targeted efficiency. If advertising simply works by the conveyance of messages, this would be a sensible thing to do. However, it is beginning to become apparent that not all, perhaps not even most, advertising works this way. It seems that a large part of advertising creates trust and conviction in its audience precisely because it is perceived to be costly.

If anyone knows that any seller can watch a few YouTube videos and do a certain activity, does that activity really help the audience distinguish a high-reputation seller from a low-reputation one?

And how does it affect a legit brand when its ads show up on the same medium with all the crappy ones?Twitter has a solution that keeps its ads saleable: just don't show any ads to important people. I'm surprised they can get away with this, but given the mix of rip-off and real brand ads I keep seeing there, it seems to be working.

Extremists and state-sponsored misinformation campaigns aren't "abusing" targeted advertising. They're just taking advantage of a system optimized for deception and using it normally.

Now, I don't want to blame targeted advertising for all of the problems of brand equity. When you put high-fructose corn syrup in your product, brand equity suffers. When you outsource or de-skill the customer support function, brand equity suffers. All the half-ass "looks good this quarter" stuff that established brands are doing is bad for brand equity. It just turns out that the kinds of advertising that you can do on the Internet today are all half-ass "looks good this quarter" stuff. If you want to send a credible economic signal, buy TV time or put a flagship store on some expensive real estate. The Internet's got nothing for you.

Failure to create signal-carrying ad units should be more of a concern for people who want to earn ad money on the Internet than it is. See Bob Hoffman's "refrigerator test." All that work that went into building the most complicated ad medium ever? It went into building an ad medium optimized for low-reputation advertisers. And that kind of ad medium tends to see rates go down over time. It doesn't hold value.

And the medium can't gain value until the users trust it, which means they have to trust the browser. In-browser tracking protection is going to have to enable the legit web advertising industry the same way that spam filters enables the legit email newsletter industry.

Here’s why the epidemic of malicious ads grew so much worse last year

Facebook and Google could lose $2B in ad revenue over ‘toxic content’

How I Cracked Facebook’s New Algorithm And Tortured My Friends

Wanted: Console Text Editor for Windows

Where Did All the Advertising Jobs Go?

Facebook patents tech to determine social class

The Mozilla Blog: A Perspective: Firefox Quantum’s Tracking Protection Gives Users The Right To Be Curious

Breaking up with Facebook: users confess they're spending less time

Survey: Facebook is the big tech company that people trust least

The Perils of Paid Content


Unilever pledges to cut ties with ‘platforms that create division’

Content recommendation services Outbrain and Taboola are no longer a guaranteed source of revenue for digital publishers

The House That Spied on Me

Why Facebook's Disclosure to the City of Seattle Doesn't Add Up

Debunking common blockchain-saving-advertising myths

SF tourist industry struggles to explain street misery to horrified visitors

How Facebook’s Political Unit Enables the Dark Art of Digital Propaganda

How Facebook Helped Ruin Cambodia's Democracy

Two visions of GDPR

13 February 2018

As far as I can tell, there are two sets of ambitious predictions about GDPR.

One is the VRM vision. Doc Searls writes, on ProjectVRM:

I am sure Google, Facebook and lesser purveyors of advertising online will find less icky ways to stay in business; but it is becoming clear that next May 25, when the GDPR goes into full effect, will be an extinction-level event for tracking-based advertising (aka adtech) as a business model.

Big impact? Not so fast. There's also a "business as usual" story, and that one, you'll find at Digital Advertising Consent.

Our complex ecosystem of companies must cooperate more closely than ever before to meet the transparency and consent requirements of European data protection law.

According to the adtech firms, well, maybe there will be more Bürokratie, more pointless dialogs that users have to click through, and one more line item, "GDPR compliance", to come out of the publisher's share, of course, but the second vision of GDPR is essentially just adtech/adfraud as usual. Upgrade to the new version of OpenRTB, and move along, nothing to see here.

Personally, I'm not buying either one of these GDPR visions. Because, just for fun and also because reasons, I run my own mail server.

And every little decision I have to make about how to configure the damn thing is based on playing a game with email spammers. Regulation is a part of my complete breakfast, but it's not the whole story.

The government doesn't give you freedom from spam. You have to take it for yourself, one filtering rule at a time. Or, do what most people do, and find a company that does it for you, but it has to be a company that you trust with your information.

A mail sender's decision to comply, or not comply, with some regulation is a bit of information. That feeds into the software that makes the final decision: inbox, spam folder, or reject. When a spam message complies with the regulations of some country, my mail server doesn't say, "Oh, wow, compliant! I can skip all the other checks and send this one straight to the inbox!" It uses the regulation compliance along with other information to make that decision.

So whatever extra consent forms that surveillance marketers are required to send by GDPR? They're not the final decision on What The User Must See. They're just data, coming over the network.

Some of that data will be interpreted to mean that this request is an obvious mismatch with how the user chooses to share their info. The user might not even see those consent forms, or the browser might pop up a notification:

4 requests to do creepy shit, that's obviously against your preferences, already denied. Isn't this the best browser ever?

(No, I don't write copy for browser notifications. But you get the idea.)

Browsers that implement tracking protection might end up with a feature where they detect requests for permission to do things that the user has already said no to—by turning on tracking protection in the first place—and auto-deny them.

Legit email senders had to learn "deliverability," the art and science of making legit mail look legit so that it can get past email spam filters. Legit advertisers will have to learn that users aren't identical and spherical, users choose tools to implement their data sharing preferences, and that regulatory compliance is only part of the job.

Should web browsers adopt Google’s new selective ad blocking tech?


Content recommendation services Outbrain and Taboola are no longer a guaranteed source of revenue for digital publishers

Team A vs. Team B

11 February 2018

Let's run a technical challenge on the Internet. Team A vs. Team B.

Team A gets to work where they want, when they want. Team B has to work in an open-plan office, with people walking behind them, talking on the phone, doing all that annoying office stuff.

Members of Team A get paid for successful work within weeks or months. Members of Team B get a base salary that they have to spend on rent in an expensive location, but just might get paid extra for successful work in four years.

Team A will let anyone try to join, and those who aren't successful have to drop out quickly. Team B will only let members who are a "good cultural fit" join, and it takes a while to get rid of an unsuccessful member.

Team A can deploy unproven work for real-world testing, using infrastructure that they get for free on the Internet. Team B can only deploy their work when production-ready, on infrastructure they have to pay for.

If Team A breaks the rules, the penalty is that they have to spend a little money to register new domain names. If Team B breaks the rules, they risk lengthy regulatory and/or legal consequences.

Team A scores a win any time they can beat whoever is the weakest member of Team B at that time. Team B can only score a win when they can consistently defeat all of the most active members of Team A.

Team A is adfraud.

Why is so much marketing money being bet on Team B?

Fun with numbers

06 February 2018

(I work for Mozilla. None of this is secret. None of this is official Mozilla policy. Not speaking for Mozilla here.)

Guess what? According to Emil Protalinski at VentureBeat, the browser wars are back on.

Google is doubling down on the user experience by focusing on ads and performance, an opportunity I’ve argued its competitors have completely missed.

Good point. Jonathan Mendez has some good background on that.

The IAB road blocked the W3C Do Not Track initiative in 2012 that was led by a cross functional group that most importantly included the browser makers. In hindsight this was the only real chance for the industry to solve consumer needs around data privacy and advertising technology. The IAB wanted self-regulation. In the end, DNT died as the IAB hoped.

As third-party tracking made the ad experience crappier and crappier, browser makers tried to play nice. Browser makers tried to work in the open and build consensus.

That didn't work, which shouldn't be a surprise. Imagine if email providers had decided to build consensus with spammers about spam filtering rules. The spammers would have been all like, "It replaces the principle of consumer choice with an arrogant 'Hotmail knows best' system." Any sensible email provider would ignore the spammers but listen to deliverability concerns from senders of legit opt-in newsletters. Spammers depend on sneaking around the user's intent to get their stuff through, so email providers that want to get and keep users should stay on the user's side. Fortunately for legit mail senders and recipients, that's what happened.

On the web, though, not so much.

But now Apple Safari has Intelligent Tracking Prevention. Industry consensus achieved? No way. Safari's developers put users first and, like the man said, if you're not first you're last.

And now Google is doing their own thing. Some positive parts about it, but by focusing on filtering annoying types of ad units they're closer to the Adblock Plus "Acceptable Ads" racket than to a real solution. So it's better to let Ben Williams at Adblock Plus explain that one. I still don't get how it is that so many otherwise capable people come up with "let's filter superficial annoyances and not fundamental issues" and "let's shake down legit publishers for cash" as solutions to the web advertising problem, though. Especially when $16 billion in adfraud is just sitting there. It's almost as if the Lumascape doesn't care about fraud because it's priced in so it comes out of the publisher's share anyway.

So with all the money going to fraud and the intermediaries that facilitate it, local digital news publishers are looking for money in other places and writing off ads. That's good news for the surviving web ad optimists (like me) because any time Management stops caring about something you get a big opportunity to do something transformative.

Small victories

The web advertising problem looks big, but I want to think positive about it.

  • billions of web users

  • visiting hundreds of web sites

  • with tens of third-party trackers per site.

That's trillions of opportunities for tiny victories against adfraud.

Right now most browsers and most fraudbots are hard to tell apart. Both maintain a single "cookie jar" across trusted and untrusted sites, and both are subject to fingerprinting.

For fraudbots, cross-site trackability is a feature. A fraudbot can only produce valuable ad impressions on a fraud site if it is somehow trackable from a legit site.

For browsers, cross-site trackability is a bug, for two reasons.

  • Leaking activity from one context to another violates widely held user norms.

  • Because users enjoy ad-supported content, it is in the interest of users to reduce the fraction of ad budgets that go to fraud and intermediaries.

Browsers don't have the solve the whole web advertising problem to make a meaningful difference. As soon as a trustworthy site's real users look diffferent enough from fraudbots, because fraudbots make themselves more trackable than users running tracking-protected browsers do, then low-reputation and fraud sites claiming to offer the same audience will have a harder and harder time trying to sell impressions to agencies that can see it's not the same people.

Of course, the browser market share numbers will still over-represent any undetected fraudbots and under-represent the "conscious chooser" users who choose to turn on extra tracking protection options. But that's an opportunity for creative ad agencies that can buy underpriced post-creepy ad impressions and stay away from overvalued or worthless bot impressions. I expect that data on who has legit users—made more accurate by including tracking protection measurements—will be proprietary to certain agencies and brands that are going after customer segments with high tracking protection adoption, at least for a while.

Now even YouTube serves ads with CPU-draining cryptocurrency miners http://arstechnica.com/information-technology/2018/01/now-even-youtube-serves-ads-with-cpu-draining-cryptocurrency-miners/ … by @dangoodin001

Remarks delivered at the World Economic Forum

Improving privacy without breaking the web

Greater control with new features in your Ads Settings

PageFair’s long letter to the Article 29 Working Party

‘Never get high on your own supply’ – why social media bosses don’t use social media

Can you detect WebDriver sessions from inside a web page? https://hoosteeno.com/2018/01/23/can-you-detect-webdriver-sessions-from-inside-a-web-page/ … via @wordpressdotcom

Making WebAssembly even faster: Firefox’s new streaming and tiering compiler

Newsonomics: Inside L.A.’s journalistic collapse

The State of Ad Fraud

The more Facebook examines itself, the more fault it finds

In-N-Out managers earn triple the industry average

Five loopholes in the GDPR

Why ads keep redirecting you to scammy sites and what we’re doing about it


Website operators are in the dark about privacy violations by third-party scripts

Mark Zuckerberg's former mentor says 'parasitic' Facebook threatens our health and democracy

Craft Beer Is the Strangest, Happiest Economic Story in America

The 29 Stages Of A Twitterstorm In 2018

How Facebook Helped Ruin Cambodia's Democracy

How Facebook’s Political Unit Enables the Dark Art of Digital Propaganda

Firefox 57 delays requests to tracking domains

Direct ad buys are back in fashion as programmatic declines

‘Data arbitrage is as big a problem as media arbitrage’: Confessions of a media exec

Why publishers don’t name and shame vendors over ad fraud

News UK finds high levels of domain spoofing to the tune of $1 million a month in lost revenue • Digiday

The Finish Line in the Race to the Bottom

Something doesn’t ad up about America’s advertising market

Fraud filters don't work

Ad retargeters scramble to get consumer consent

More brand safety bullshit

20 January 2018

There's enough bullshit on the Internet already, but I'm afraid I'm going to quote some more. This time from Ilyse Liffreing at IBM.

The reality is none of us can say with certainty that anywhere in the world, we are [brand] safe. Look what just happened with YouTube. They are working on fixing it, but even Facebook and Google themselves have said there’s not much they can do about it. I mean, it’s hard. It’s not black and white. We are putting a lot of money in it, and pull back on channels where we have concerns. We’ve had good talks with the YouTube teams.


One important part of this decision is black and white.

Either you give money to Nazis.

Or you don't give money to Nazis.

If Nazis are better at "programmatic" than the resting-and-vesting chill bros at the programmatic ad firms (and, face it, Nazis kick ass at programmatic), then the choice to spend ad money in a we're-kind-of-not-sure-if-this-goes-to-Nazis-or-not way is a choice that puts your brand on the wrong side of a black and white line.

There are plenty of Nazi-free places for brands to run ads. They might not be the cheapest. But I know which side of the line I buy from.

Remove all the tracking widgets? Maybe not.

16 January 2018

Good one from Mark Pilipczuk: Publisher Advice From a Buyer.

Remove all the tracking widgets from your site. That Facebook “Like” button only serves to exfiltrate your valuable data to an entity that doesn’t have your best interests at heart. If you’ve got a valuable audience, why would you want to help the ad tech industry which promises “I can find the same and bigger audience over here for $2 CPM, so don’t buy from the publisher?” Sticking your own head in the noose is never a good idea.

That advice makes sense for the Facebook "like button." That button is just a data shoplifter. The others, though? All those extra trackers come in as side effects of ad deals, and they're likely to be contractually required to make ads on the site saleable.

Yes, those trackers feed bots and data leakage, and yes, they're even terrible at fighting adfraud. Augustine Fou points out that Fraud filters don't work. "In some cases it's worse when filter is on."

So in an ideal world you would be able to pull all the third-party trackers, but as far as day-to-day operations go, user tracking is a Chesterton's Fence problem. What happens if a legit site unilaterally takes down the third-party trackers? All the targeted ad impressions that would have given that site a (small) payment end up going to bots.

So what can a site do? Understand that the real fix has to happen on the browser end, and nudge the users to either make their browsers less data-leaky, or switch to browsers that are leakage-resistant out of the box.

Start A/B testing some notifications to remind users to turn on tracking protection.

  • Can you get users who are already choosing "Do Not Track" to turn on real protection if you inform them that sites ignore their DNT choice?

  • If a user is running an ad blocker with a paid whitelisting scheme, can you inform them about it to get them to switch to a better tool, or at least add a second layer of protection that limits the damage that paid whitelisting can do?

  • When users visit privacy pages or opt-out of a marketing program, are they also willing to check their browser privacy settings?

Every site's audience is different. It's hard to know in advance how users will respond to different calls to action to turn up their privacy and create a win-win for legit sites and legit brands. We do know that users are concerned and confused about web advertising, and the good news is that the JavaScript needed to collect data and administer nudges is as easy to add as yet another tracker.

More on what sites can do, that might be more effective than just removing trackers: What The Verge can do to help save web advertising

Easy question with too many wrong answers

13 January 2018

Content warning: Godwin's Law.

Here's a marketing question that should be easy.

How much of my brand's ad budget goes to Nazis?

Here's the right answer.


And here's a guy who still seems to be having some trouble answering it: Dear Google (GOOG): Please stop using my advertising dollars to monetize hate speech.

If you're responsible for a brand and somewhere in the mysterious tubes of adtech your money is finding its way to Nazis, what is the right course of action?

One wrong answer is to write a "please help me" letter to a company that will just ignore it. That's just admitting to knowingly sending money to Nazis, which is clearly wrong.

Here's another wrong idea, from the upcoming IAB Annual Leadership Meeting session on "brand safety" (which is the nice, sanitary professional-sounding term for "trying not to sponsor Nazis, but not too hard.")

Threats to brand safety arise internally and externally, in your control and out of your control—and the stakes have never been higher. Learn how to minimize brand safety risks and maximize odds of survival when your brand takes a hit (spoiler alert: overreacting is as bad as underreacting). Best Buy and Starcom share best practices based on real-world encounters with brand safety issues.

Really, people? Overreacting is as bad as underreacting? The IAB wants you to come to a deluxe conference about how it's fine to send a few bucks to Nazis here and there as long as it keeps their whole adtech/adfraud gravy train running on time.

I disagree. If Best Buy is fine with (indirectly of course) paying the occasional Nazi so that the IAB companies can keep sending them valuable eyeballs from the cheapest possible sites, then I can shop elsewhere.

Any nationalist extremist movement has its obvious supporters, who wear the outfits and get the tattoos and go march in the streets and all that stuff, and also the quiet supporters, who come up with the money and make nice with the powers that be. The supporters who can keep it deniable.

Can I, as a potential customer from the outside, tell the difference between quiet Nazi supporters and people who are just bad at online advertising and end up supporting Nazis by mistake? Of course not. Do I care? Of course not. If you're not willing to put the basic "don't pay Nazis to do Nazi stuff" rule ahead of a few ad clicks, I don't want your brand anyway. And I'll make sure to install and use the tracking protection tools that help keep my good data away from bad sites.

some more random links

31 December 2017

This one is timely, considering that an investment in "innovation" comes with a built-in short position in Bay Area real estate, and the short squeeze is on: Collaboration in 2018: Trends We’re Watching by Rowan Trollope

In 2018, we’ll see the rapid decline of “place-ism,” the discrimination against people who aren’t in a central office. Technology is making it easier not just to communicate with distant colleagues about work, but to have the personal interactions with them that are the foundation of trust, teamwork, and friendship.

Really, "place-ism" only works if you can afford to overpay the workers who are themselves overpaying for housing. And management can only afford to overpay the workers by giving in to the temptations of rent-seeking and deception. So the landlord makes the nerd pay too much, the manager has to pay the nerd too much, and you end up with, like the man said, "debts that no honest man can pay"?

File under "good examples to illustrate Betteridge's law of headlines": Now That The FCC Is Doing Away With Title II For Broadband, Will Verizon Give Back The Taxpayer Subsidies It Got Under Title II?

Open source business news: Docker, Inc is Dead. Easy to see this as a run-of-the-mill open source business failure story. But at another level, it's the story of how the existing open source incumbents used open practices to avoid having to bid against each other for an overfunded startup.

If "data is the new oil" where is the resource curse for data? Google Maps’s Moat, by Justin O’Beirne (related topic: once Google has the 3d models of buildings, they can build cool projects: Project Sunroof)

Have police departments even heard of Caller ID Spoofing or Swatting? Kansas Man Killed In ‘SWATting’ Attack

Next time I hear someone from a social site talking about how much they're doing about extremists and misinformation and such, I have to remember to ask: have you adjusted your revenue targets for political advertising down in order to reflect the bad shit you're not doing any more? How Facebook’s Political Unit Enables the Dark Art of Digital Propaganda

Or are you just encouraging the "dark social" users to hide it better?

ICYMI, great performance optimization: Firefox 57 delays requests to tracking domains

Boring: you're operating a 4500-pound death machine. Exciting: three Slack notifications and a new AR game! Yes, Smartphone Use Is Probably Behind the Spike in Driving Deaths. So Why Isn’t More Being Done to Curb It?

I love "nopoly controls entire industry so there is no point in it any more" stories: The Digital Advertising Duopoly Good news on advertising. The Millennials are burned out on advertising—most of what they're exposed to now is just another variant of "creepy annoying shit on the Internet"—but the generation after the Millennials are going to have hella mega opportunities building the next Creative Revolution.

Another must-read for the diversity and inclusion department. 2017 Was the Year I Learned About My White Privilege by Max Boot.

Predictions for 2018

28 December 2017

Bitcoin to the moooon: The futures market is starting up, so here comes a bunch more day trader action. More important, think about all the bucket shops (I even saw an "invest in Bitcoin without owning Bitcoin" ad on public transit in London), legit financial firms, Libertarian true believers, and coins lost forever because of human error. Central bankers had better keep an eye on Bitcoin, though. Last recession we saw that printing money doesn't work as well as it used to, because it ends up in the hands of rich people who, instead of priming economic pumps with it, just drive up the prices of assets. I would predict "Entire Round of Quantitative Easing Gets Invested in Bitcoin Without Creating a Single New Job" but I'm saving that one for 2019. Central banks will need to innovate. Federal Reserve car crushers? Relieve medical deby by letting the UK operate NHS clinics at their consulates in the USA, and we trade them US green cards for visas that allow US citizens to get treated there? And—this is a brilliant quality of Bitcoin that I recognized too late—there is no bad news that could credibly hurt the value of a purely speculative asset.

The lesson for regular people here is not so much what to do with Bitcoin, but remember to keep putting some well-considered time into actions that you predict have unlikely but large and favorable outcomes. Must remember to do more of this.

High-profile Bitcoin kidnapping in the USA ends in tragedy: Kidnappers underestimate the amount of Bitcoin actually available to change hands, ask for more than the victim's family (or fans? a crowdsourced kidnapping of a celebrity is now a possibility) can raise in time. Huge news but not big enough to slow down something that the finance scene has already committed to.

Tech industry reputation problems hit open source. California Internet douchebags talk like a positive social movement but act like East Coast vampire squid—and people are finally not so much letting them define the terms of the conversation. The real Internet economy is moving to a three-class system: plutocrats, well-paid brogrammers with Aeron chairs, free snacks and good health insurance, and everyone else in the algorithmically-managed precariat. So far, people are more concerned about the big social and surveillance marketing companies, but open source has some of the same issues. Just as it was widely considered silly for people to call Facebook users "the Facebook community" in 2017, some of the "community" talk about open source will be questioned in 2018. Who's working for who, and who's vulnerable to the risks of doing work that someone else extracts the value of? College athletes are ahead of the open source scene on this one.

Adfraud becomes a significant problem for end users: Powerful botnets in data centers drove the pivot to video. Now that video adfraud is well-known, more of the fraud hackers will move to attribution fraud. This ties in to adtech consolidation, too. Google is better at beating simple to midrange fraud than the rest of the Lumascape, so the steady progress towards a two-logo Lumascape means fewer opportunities for bots in data centers.

Attribution fraud is nastier than servers-talking-to-servers fraud, since it usually depends on having fraudulent and legit client software on the same system—legit to be used for a human purchase, fraudulent to "serve the ad" that takes credit for it. Unlike botnets that can run in data centers, attribution fraud comes home with you. Yeech. Browsers and privacy tools will need to level up from blocking relatively simple Lumascape trackers to blocking cleverer, more aggressive attribution fraud scripts.

Wannabe fascists keep control of the US Congress, because your Marketing budget: "Dark" social campaigns (both ads and fake "organic" activity) are still a thing. In the USA, voter suppression and gerrymandering have been cleverly enough done that social manipulation can still make a difference, and it will.

In the long run, dark social will get filtered out by habits, technology, norms, and regulation—like junk fax and email spam before it—but we don't have a "long run" between now and November 2018. The only people who could make an impact on dark social now are the legit advertisers who don't want their brands associated with this stuff. And right now the expectations to advertise on the major social sites are stronger than anybody's ability to get an edgy, controversial "let's not SPONSOR ACTUAL F-----G NAZIS" plan through the 2018 marketing budget process.

Yes, the idea of not spending marketing money on supporting nationalist extremist forums is new and different now. What a year.

These Publishers Bought Millions Of Website Visits They Later Found Out Were Fraudulent

No boundaries for user identities: Web trackers exploit browser login managers

Best of 2017 #8: The World's Most Expensive Clown Show

My Internet Mea Culpa

2017 Was the Year I Learned About My White Privilege

With the people, not just of the people

When Will Facebook Take Hate Seriously?

Using Headless Mode in Firefox – Mozilla Hacks : the Web developer blog

Why Chuck E. Cheese’s Has a Corporate Policy About Destroying Its Mascot’s Head

Dozens of Companies Are Using Facebook to Exclude Older Workers From Job Ads

How Facebook’s Political Unit Enables the Dark Art of Digital Propaganda

Salary puzzle

24 December 2017

Short puzzle relevant to some diversity and inclusion threads that encourage people to share salary info. (I should tag this as "citation needed" because I don't remember where I heard it.)

Alice, Bob, Carlos, and Dave all want to know the average salary of the four, but none wants to reveal their individual salary. How can the four of them work together to determine the average? Answer below.















Alice generates a random number, adds it to her salary, and gives the sum to Bob.

Bob adds his salary and gives the sum to Carlos.

Carlos adds his salary and gives the sum to Dave.

Dave adds his salary and gives the sum to Alice.

Alice subtracts her original random number, divides by the number of participants, and announces the average. No participant had to share their real salary, but everyone now knows if they are paid above or below the average for the group.

What we have, what we need

23 December 2017

Stuff the Internet needs: home fiber connections, symmetrical, flat rate, on neutral terms.

Stuff the Internet is going nuts over: cryptocurrencies.

Big problem with building fiber to the home: capital.

Big problem with cryptocurrencies: stability.

Two problems, one solution? Hard to make any kind of currency useful without something stable, with evidence-based value, to tie its value to. Fiat currencies are tied to something of value? Yes, people have to pay taxes in them. Hard to raise capital for "dumb pipe" Internet service because it's just worth about the same thing, month after month. So what if we could combine the hotness and capital-attractiveness of cryptocurrencies with the stability and actual usefulness of fiber?

quick question on tracking protection

18 December 2017

One quick question for anyone who still isn't convinced that tracking protection needs to be a high priority for web browsers in 2018. Web tracking isn't just about items from your online shopping cart following you to other sites. Users who are vulnerable to abusive practices for health or other reasons have tracking protection needs too.

Screenshot from the American Cancer Society site, showing 24 web trackers

Who has access to the data from each of the 24 third-party trackers that appear on the American Cancer Society's Find Cancer Treatment and Support page, and for what purposes can they use the data?

Forbidden words

17 December 2017

You know how the US government's Centers for Disease Control and Prevention is now forbidden from using certain words?


(source: Washington Post)

Well, in order to help slow down the spread of political speech enforcement that is apparently stopping all of us cool innovator type people from saying the Things We Can't Say, here's a Git hook to make sure that every time you blog, you include at least one of the forbidden words.

If you blog without including one of the forbidden words, you're obviously internalizing censorship and need more freedom, which you can maybe get by getting out of California for a while. After all, a lot of people here seem to think that "innovation" is building more creepy surveillance as long as you call it "growth hacking" or writing apps to get members of the precariat to do the stuff that your Mom used to do for you.

You only have to include one forbidden word every time you commit a blog entry, not in every file. You only need forbidden words in blog entries, not in scripts or templates. You can always get around the forbidden word check with the --no-verify command-line option.

Suggestions and pull requests welcome. script on GitHub

Mindless link propagation

16 December 2017

Not much time to blog because work travel, but here is some of the stuff I would have been linking to if I were writing anything. I plan to get started again over the holiday break.

If you want just the linklog feed, it's here: linklog RSS feed

What can possibly go wrong?

Simler and Hanson on Our Hidden Motivations in Everyday Life

Universities spend millions on accessing results of publicly funded research

The “hater” is calling from inside the cap table

How our housing choices make adult friendships more difficult

Former Gawker employees are crowdfunding to relaunch a Gawker.com that’s owned by a nonprofit and funded by readers

‘Data arbitrage is as big a problem as media arbitrage’: Confessions of a media exec

The First Women in Tech Didn’t Leave—Men Pushed Them Out

“Phantom debt” schemers target millions of Americans. After thousands of phone calls, one target got his revenge.

The digital hippies want to integrate life and work – but not in a good way

The Rise of Rust in Dev/Ops

Breaking Cliques at Events

I Made My Shed the Top Rated Restaurant On TripAdvisor

Not Every Kid-Bond Matures

Are bug futures just high-tech piecework?

09 December 2017

Are bug futures just high-tech piecework, or worse, some kind of "gig economy" racket?

Just to catch up, bug futures, an experimental kind of agreement covered in A Trading Market for Prices in Peer Production, are futures contracts based on the status of bugs in a bug tracker. (update: expanded paper from the same authors is Market for Trading Software Issues, in Journal of Cybersecurity)

For developers: Find an open issue that matches your skills and interests. Buy a futures contract connected to that issue that will pay you when the issue is fixed. Work on the issue, in the open—then decide if you want to hold your contract until maturity, or sell it at a profit. Report an issue and pay to reward others to fix it

For users: Create a new issue on the project bug tracker, or select an existing one. Buy a futures contract on that issue that will cost you a known amount when the issue is fixed, or pay you to compensate you if the issue goes unfixed. Reduce your exposure to software risks by directly signaling the project participants about what issues are important to you. Invest in futures on an open source market

Bug futures also open up the possibility of incentivizing other kinds of work, such as clarifying and translating bug reports, triaging bugs, writing failing tests, or doing code reviews—and especially arbitrage of bugs from project to project.

Bug futures are different from open source bounty systems, what have been repeatedly tried but have so far failed to take off. The big problem with conventional open source bounty systems is that, as far as I can tell, they fail to incentivize cooperative work, and in a lot of situations might incentivize un-cooperative behavior. If I find a bug in a web application, and offer a bounty to fix it, the fix might require JavaScript and CSS work. A developer who fixes the JavaScript and gets stuck on the CSS might choose not to share partial work in order to contend for the entire bounty. Likewise, the developer who fixes the CSS part of the bug might get stuck on the JavaScript. Because of how bounties are structured, if the two wanted to split the bounty they would need to find, trust, and coordinate with each other. Meanwhile, if the bug was the subject of a futures contract, the JavaScript developer could write up a good commit message explaining how their partial work made progress toward a fix, and offer to sell their side of the contract. A CSS developer could take on the rest of the work by buying out that position.

Futures trading and risk shifts

But will bug futures tend to shift the risks of software development away from the "owners" of software (the owners don't have to be copyright holders, they could be those who benefit from network effects) and toward the workers who develop, maintain, and support it?

I don't know, but I think that the difference between bug futures and piecework is where you put the brains of the operation. In piecework and the gig economy, the matching of workers to tasks is done by management, either manually or in software. Workers can set the rate at which they work in conventional piecework, or accept and reject tasks offered to them in the gig economy, but only management can have a view of all available tasks.

Bug futures operate within a commons-based peer production environment, though. In an ideal peer production scene, all participants can see all available tasks, and select the most rewarding tasks. Somewhere in the economics literature there is probably a model of task selection in open source development, and if I knew where to find it I could put an impressive LaTeX equation right around here. Of course, open source still has all kinds of barriers that make matching of workers to tasks less than ideal, but it's a good goal to keep in mind.

If you do bug futures right, they interfere as little as possible with the peer production advantage—that it enables workers to match themselves to tasks. And the futures market adds the ability for people who are knowledgeable about the likelihood of completion of a task, usually those who can do the task, to profit from that knowledge.

Rather than paying a worker directly for performing a task, bug futures are about trading on the outcomes of tasks. When participating, you're not trading labor for money, you're trading on information you hold about the likelihood of successful completion of a task. As in conventional financial markets, information must be present on the edges, with the individual participants, in order for them to participate. If a feature is worth $1000 to me, and someone knows how to fix it in five minutes, bug futures could facilitate a trade that's profitable to both ends. If the market design is done right, then most of that value gets captured by the endpoints—the user and developer who know when to make the right trade.

The transaction costs of trading in information tend to be lower than the transaction costs of trading in labor, for a variety of reasons which you will probably believe in to different extents depending on your politics. What if we could replace some direct trading in labor with trading in the outcomes of that labor by trading information? Lower transaction costs, more gains from trade, more value created.

Bug futures series so far

three kinds of open source metrics

07 December 2017

Some random notes about open source metrics, related to work on CHAOSS, where Mozilla is a member and I'm on the Governing Board.

As far as I can tell, there are three kinds of open source metrics.

Impact metrics cover how much value the software creates. Possible good ones include count of projects dependent on this one, mentions of this project in job postings, books, papers, and conference talks, and, of course sales of products that bundle this project.

Contributor reward metrics cover how the software is a positive experience for the people who contribute to it. Job postings are a contributor reward metric as well as an impact metric. Contributor retention metrics and positive results on contributor experience surveys are some other examples.

But impact metrics and contributor reward metrics tend to be harder to collect, or slower-moving, than other kinds of metrics, which I'll lump together as activity metrics. Activity metrics include most of the things you see on open source project dashboards, such as pull request counts, time to respond to bug reports, and many others. Other activity metrics can be the output of natural language processing on project discussions. An example of that is FOSS Heartbeat, which does sentiment analysis, but you could also do other kinds of metrics based on text.

IMHO, the most interesting questions in the open source metrics area are all about: how do you predict impact metrics and contributor reward metrics from activity metrics? Activity metrics are easy to automate, and make a nice-looking dashboard, but there are many activity metrics to choose from—so which ones should you look at?

Which activity metrics are correlated to any impact metrics?

Which activity metrics are correlated to any contributor reward metrics?

Those questions are key to deciding which of the activity metrics to pay attention to. I'm optimistic that we'll be seeing some interesting correlations soon.

Purple box claims another victim

02 December 2017

Linux Journal Ceases Publication. If you can stand it, let's have a look at the final damage.

<img loading"lazy" data-src="/i/lj-ghostery.png">

40 trackers. Not bad, but not especially good either. That purple box of data leakage—third-party trackers that forced Linux Journal into an advertising race to the bottom against low-value and fraud sites—is not so deep as a well, nor so wide as a church door...but it's there. A magazine that was a going concern in print tried to make the move to the web and didn't survive.

Linux Journal is where I was working when I first started wondering why print ads tend to hold their value while web ads keep losing value. Unfortunately it's not enough for sites to just stop running trackers and make the purple box go away. But there are a few practical steps that Internet freedom lovers can take to stop the purple box from taking out your other favorite sites.

Asking sites to do something about surveillance marketing

18 November 2017

This might get the privacy activists mad at me, but as far as I can tell it's still counterproductive to ask a web site you visit to remove its third-party trackers.

Of course, third-party trackers are probably helping to support a political cause that most sites don't agree with, and, as Zeynep Tufekci says, "We're building a dystopia just to make people click on ads". This stuff needs to get fixed. So this is about productive next steps.

Right now, advertising on the site you're writing to probably isn't saleable without the creepy trackers.
And if the site you're writing to is a brand site, the marketing department can't justify spending money to support content sites without showing some kind of tracking data. (more on this problem: User tracking as Chesterton's Fence) So what can privacy people productively ask sites for? Some good ones are:

  • Fix any "turn off your ad blocker" scripts to detect ad blockers only, and not falsely alert on privacy tools.

  • Remove links to the the confusing and broken "YourAdChoices" site. Adtech opt-outs don't cover all trackers, and are much less effective than real privacy tools. (I have never had all the opt-outs work on that site, even from a fresh, pristine browser. Somehow I get the sense that the adtech firms don't exactly put their best people on it.)

  • Link to the privacy pages for the third parties the site uses. If the advertising on the site is set up so that this is hard to do, and users might see a tracker from an unknown domain, say so.

  • Fix up the privacy page to add links to appropriate privacy tools based on the user's browser. Better to have users on privacy tools than get enrolled in a paid whitelisting scheme.

  • If you maintain a privacy tool, offer to do a campaign with the site. Privacy tool users are high-quality human traffic. Free or discounted privacy tools might work as a subscription promotion. Where's the win-win?

Asking a site to walk away from money with no credible alternative is probably not going to work. Asking a site to consider next steps to get out of the current web advertising mess? That might.

More: What The Verge can do to help save web advertising

Time-saving tip for Firefox 57

13 November 2017

(updated 21 Nov 2017: made the words "even faster" a link to an article with graphs.)

Last time I recommended the Tracking Protection feature in Firefox 57, coming tomorrow. The fast browser is even faster when you block creepy trackers, which are basically untested combinations of third-party JavaScript.

But what about sites that mistakenly detect Tracking Protection as "an ad blocker" and give you grief about it? Do you have to turn Tracking Protection off?

So far I have found that the answer is usually no. I can usually use NJS to turn off JavaScript for that site instead. (After all, if a web developer can't tell an ad blocker from a tracking protection tool, I don't trust their JavaScript anyway.)

NJS will also deal with a lot of "growth hacking" tricks such as newsletter signup forms that appear in front of the main article. And it defaults to on, so that sites with JavaScript will work normally until I decide that they're better off without it.

Entering the Quantum Era—How Firefox got fast again and where it’s going to get faster by Lin Clark

How to turn Tracking Protection on

I'm taking a Bitcoin risk even though I don't hold Bitcoin. Please regulate me.

13 November 2017

In the country where I live, kidnapping for ransom is not a very common crime.

That's because picking up the ransom is too risky.

It's easy to kidnap someone, and easy to let the person go when the ransom is paid, but picking up the ransom exposes you. Wannabe kidnappers who are motivated by money tend to choose other crimes.

As the [family relationship redacted] of a [family member information redacted], I'm happy that kidnapping is difficult here. High transaction costs for some kinds of transaction are a good thing.

Now, here comes Bitcoin.

As we're already seeing with ransomware, harder-to-trace ransom drops are now a thing.

So, even though I don't actually hold Bitcoin, someone could grab my family member (low risk), demand that I exchange some of my conventional assets for Bitcoin (low risk) and send the Bitcoin as ransom (low risk). The balance between risk and reward for the crime of kidnapping for ransom has changed.

IMHO this is a bigger problem than any of the reasons that Charles Stross wants Bitcoin to die in a fire.

So what to do about it?

Move the risks where the profits are.

Make the Bitcoin business eat the costs of payments made under duress.

New rule: If I ever trade any assets for Bitcoin in order to comply with a threat, and then transfer the Bitcoin under duress (kidnapping, ransomware, whatever), then I can go back to whoever I gave the assets to with a copy of the police report on the incident and get my original assets (and any fees) back.

Yes, that makes it harder for regular people to trade assets for Bitcoin. Exchanges would have to hold the money for a while, check that I'm not under duress, and probably do all kinds of other pain-in-the-ass, possibly costly, work. But I'd rather have that than the alternative.

my Firefox 57 add-ons

11 November 2017

Firefox 57 is coming on Tuesday, and as you may have heard, add-ons must use the WebExtensions API. I have been running Firefox Nightly for a while, so add-on switching came for me early. Here is what I have come up with.

The basic set

Privacy Badger is not on here just because I'm using Firefox Tracking Protection. I like both.

Blogging, development and testing

  • blind-reviews. This is an experiment to help break your own habits of bias when reviewing code contributions. It hides the contributor name and email when you first see the code, and you can reveal it later. Right now it just does Bugzilla, but watch this space for an upcoming GitHub version. (more info)

  • Copy as Markdown. Not quite as full-featured as the old "Copy as HTML Link" but still a time-saver for blogging. Copy both the page title and URL, formatted as Markdown, for pasting into a blog.

  • Firefox Pioneer. Participate in Firefox user research. Studies have extremely strict and detailed privacy policies.

  • Test Pilot. Try new Firefox features. Tracking Protection was on Test Pilot for a while. Right now there is a new speech recognition one, an in-browser notepad, and more.

Advanced (for now) nerdery

  • Cookie AutoDelete. Similar to the old "Self-Destructing Cookies". Cleans up cookies after leaving a site. Useful but requires me to whitelist the sites where I want to stay logged in. More time-consuming than other privacy tools.

  • PrivacyPass. This is new. Privacy Pass interacts with supporting websites to introduce an anonymous user-authentication mechanism. In particular, Privacy Pass is suitable for cases where a user is required to complete some proof-of-work (e.g. solving an internet challenge) to authenticate to a service. Right now I don't use any sites that have it, but it could be a great way to distribute "tickets" for reading articles or leaving comments.

Note on ad blocking

If you run an ad blocker, the pre-57 add-ons check is a good time to make sure that you're not compromising your privacy by participating in a paid whitelisting scheme. As long as you have to go through your add-ons anyway, it's a great time to ditch AdBlock Plus or Adblock. They're taking advantage of users to shake down web sites.

What to use instead? For most people, either the built-in Firefox Tracking Protection or EFF's Privacy Badger will provide good protection. I would try one or both of those before a conventional ad blocker. If sites have a broken ad blocker detector that falsely identifies a tracking protection tool as an ad blocker, you can usually get around it by turning off JavaScript for that site with NJS.

If you still want to get rid of more ads and join the blocker vs. anti-blocker game (I don't), there's always uBlock Origin, which does not do paid whitelisting. The project site has more info). But try either the built-in tracking protection or Privacy Badger first.

New Firefox Quantum arrives November 14, 2017

Firefox Quantum 57 for developers

Welcome Planet Mozilla readers

10 November 2017

Welcome Planet Mozilla readers. (I finally figured out how to do a tagged feed for this blog, to go along with the full feed. So now you can get the items from the tagged feed on Planet Mozilla.)

The main feed has some items that aren't in the Mozilla feed.

Anyway, if you're coming to Austin, please mark your calendar now.

Two more links: I'm on Keybase and Mozillians. And @dmarti on Twitter.

World's last web advertising optimist tells all!

03 November 2017

It's getting hard to explain still taking web advertising seriously in 2017, so I had better write something down. To start with, what is web advertising exactly?

Doesn't sound good so far. Maybe I'm a fool to be the last advertising optimist on the web. (See, for example: me, running my mouth about how great advertising is, to an audience of web publishers looking to write it off and move on.)

From the point of view of users, web advertising has failed to hold up its end of the signal for attention bargain, and substituted nasty attempts at manipulation. No wonder people block it.

From the point of view of clients, web advertising has failed to meet the basic honesty standards that any third-rate print publication can. And every web advertising company is calling fraud an industry-wide problem, which is what business people say when they really don't care about fixing something.

From the point of view of publishers, web advertising has failed to show the proverbial money. It's stuck at a fraction of the value per user minute that print can pull in, which means that as print goes away, so does the ad money.

Web advertising has failed the audience, the advertisers, and the people who make ad-supported news and cultural works. Maybe I should go be a fan of something else, like securitizing bug trackers or something. Web advertising just is that annoying, creepy thing that browsers are competing to block in different, creative, ways. [T]he online ad sector transitioned from a creative-led industry to a data and algorithms-led industry, wrote venture capitalist Adam Fisher, who is understandably proud of not investing in it.

Some new companies, such as Scroll, are all about making it easier for readers to buy out of seeing advertising. Advertising is to web sites as annoying "UNREGISTERED SHAREWARE" banners and dialogs are to computer software.

On Twitter, what does the "verified" blue checkmark get you? A ticket out of Twitter's world-classedly crappy advertising.

At least search advertising is working. Bob Hoffman calls it a "much better yellow pages." But any kind of brand-building, signal-carrying advertising, where most of the money is? Not there. Ever notice how much of the evidence for "data-driven" advertising is anecdotal?

Is anyone speaking up for web advertising? Not really. Where advertising still has a policy voice, it's a bunch of cut-and-paste anti-privacy advocacy that sounds like what you might get from eighth grade Libertarians, or from people who are so bad at math they assume that it's humanly possible to read and understand Terms of Service from 70 third-party trackers on one web page. The Interactive Advertising Bureau has become the voice of schemes that are a few pages of fine print away from malware and spam. By expanding to include members whose interests oppose those of legit publishers and advertisers, and defending every creepy user privacy violation scheme that the worst members come up with, an organization that could have been a voice for pro-advertising policy positions has made itself meaningless. Right now the IAB is about as relevant to web advertising policy as the Tetraethyl Lead Industry Association is relevant to transportation policy.

Bad news all the way around, right? But some of us have been somewhere like this before.

Remember the operating systems market in the late 1990s?

In 1998, Unix was on the way out.

All the right-thinking people were going Windows NT.

Yes, even Tim O'Reilly, who built version 1.0 of his company on Unix, had apparently written it off. The spring 1998 O’Reilly catalog had all Windows books on the cover, and the Unix stuff was in back. O’Reilly and Associates was promoting the company’s first and only shrink-wrap software, a web server for Windows NT.

And why not? Bickering Unix vendors were doing short-sighted stunts such as removing the compiler from the basic version, and charging hard-to-justify prices for workstations and servers that users could beat with a properly-configured PC. Who needed it?

We know what happened shortly after that. The Unix scene Did anyone ever make a "Lumascape"-like chart of the Unix vendors? faded away and, with enough drama to make for good IT news coverage but not enough to interfere with successful efforts to fix the Year 2000 Problem, the Linux scene replaced it.

The good news is that people employed in the Unix scene were able to move, in most cases happily, to the Linux scene. (Which is big enough that it has become the OS for the "IoT", "Saas" and "Cloud" businesses, and a majority of "mobile" by units, but not of course profits) So maybe my experience living through the end of Unix is why I'm still a web advertising optimist. The economic niche for advertising hasn't gone away. Just as software had to get some important licensing and API decisions right in order to make the Linux boom happen, web advertising is so close to getting it right, too. Now that we know the basics...

  1. People have norms about data sharing. Browsers must reflect those norms or get replaced.

  2. People enjoy ad-supported news, cultural works, and services, and will tolerate ads that hold up their end of the bargain.

  3. People don't like to micromanage their attention and privacy, and expect companies they deal with to cover the costs of coming into compliance with norms.

...the next steps are coming together pretty quickly.

Forget iPhone X–Apple's Best Product Is Its Privacy Stance

Five Books to Make You Less Stupid About the Civil War

The Atlantic Made $0.004 From Russian Ads

Coders of the world, unite: can Silicon Valley workers curb the power of Big Tech?

Silicon Valley helped Russia sway the US election. So now what? | Emily Bell

Direct ad buys are back in fashion as programmatic declines

Why we need a 21st-century Martin Luther to challenge the church of tech

Firefox takes a bite out of the canvas ‘super cookie’

We need to think more about advertising

Three ways of re-creating Firefox Focus behavior on Firefox desktop

Need a super, super secure way to access The New York Times site? Now you can try it via a Tor Browser

Twitter urged firms to delete data during 2016 campaign

‘The art of buying crap’: The Guardian wants publishers to unite to clean up programmatic

The advertising industry has been living a lie

Consent to use personal data has no value unless one prevents all data leakage

Civil, the blockchain-based journalism marketplace, is building its first batch of publications

What Facebook Did to American Democracy

The Great Ad Tech Cleanup

How Silicon Valley’s Dirty Tricks Helped Stall Broadband Privacy in California

When the Facebook Traffic Goes Away

This new Twitter account hunts for bots that push political opinions

Publishers are struggling to monetize the ‘Trump bump’ as advertisers avoid controversial content

Med Men: where the parody lies

Always run a shell script from the directory it lives in

01 November 2017

Always run a shell script in the directory in which it appears, and change back to the directory you were in when you ran it even if it fails.

trap popd EXIT
pushd $PWD
cd $(dirname "$0")

Works for me in bash. The pushd command does a cd but saves the directory where you were on a stack, and popd pops the saved directory from the stack. The trap ... EXIT is a bash way to run something when the script exits, no matter how, and dirname "$0" is the directory name of the script.

(Taken from the deploy.sh script that rebuilds and deploys this blog, so if you can read this, it works.)

Fun with the spawn of Git and NoSQL

26 October 2017

Hey, kids, check out the latest progress on the Attaca version control system.

What's this? It's basically the spawn of Git and a NoSQL database. So why would anybody want to make that? For Science, of course. A lot of research produces huge data files, and people would like to have a resilient way to collaborate on them, using commands they already know—but have it scale horizontally across large numbers of nodes, NoSQL style.

Git has the advantage that a lot of people know it, but it doesn't really handle huge files that well. There are add-on solutions to make it work by connecting to another system for handling large files, but then you have to set up and trust two systems. And one of my favorite properties of Git is that any authorized user of a project can check the integrity of the entire project back to the beginning.

So what Attaca does is to consistently split huge files across a cluster, using cluster nodes that can be cheap VPSs, low-end servers with spinning disks, whatever. (In the test environment, nodes are just Linux containers.)

More: The architecture of Attaca, milestones, and current progress.

Next steps are to test it out with some scientific data (genomes, medical imaging, and so on), implement some more Git commands so that people can check files out and not just in, and build a (Raspberry Pi?) demo cluster.

See you in London

25 October 2017

Coming to Mozfest in London?

Please stop by our demo of Trading futures, fixing bugs: a live Smart Contracts installation.

What is it?

Bugmark is a market that connects people who want better software to the people who can build it.

In order to make open collabration more effective, we are using simple market mechanisms to add incentives to do useful work.

Bugmark allows you to

  1. Put financial value directly in the hands of the people who can fix the software issues that are most important to you.

  2. Discover which issues really matter to your project's users.

  3. Work with open source practices and not against them.
    Solve part of a problem and still get paid, instead of contending to claim credit for a bounty payment.

Find an issue, fix it, and earn money

Vist Bugmark to find an open issue that matches your skills and interests. Buy a futures contract connected to that issue that will pay you when the issue is fixed. Work on the issue, in the open—then decide if you want to hold your contract until maturity, or sell it at a profit.

Report an issue and pay to reward others to fix it

Create a new issue on the project bug tracker, or select an existing one. Buy a futures contract on that issue that will cost you a known amount when the issue is fixed, or pay you to compensate you if the issue goes unfixed. Reduce your exposure to software risks by directly signaling the project participants about what issues are important to you.

Invest in futures on an open source market

Development isn't the only task required to make a software project a success. You can trade futures to earn a profit from other vital tasks, such as clarifying and translating bug reports, triaging bugs, writing failing tests, or doing code reviews.

ICYMI: AdLeaks

25 October 2017

Looking for a way to get dedicated readers to un-block some of the ads on your site? One way could be to update and integrate the AdLeaks system:

Our ads contain code that encrypts an empty message with the AdLeaks public key and sends the ciphertext back to AdLeaks. This happens on all users' web browsers. A whistleblower's browser substitutes the ciphertext with encrypted parts of a disclosure. The protocol ensures that an adversary who can eavesdrop on the network communication cannot distinguish between the transmissions of regular browsers and those of whistleblowers' browsers.

More info in the paper: That link goes to the Arxiv Vanity version of the paper. Now that we can read more Science on our phones I'm expecting the rate of progress toward the Singularity to increase by quite a bit. A Secure Submission System for Online Whistleblowing Platforms

Naturally sites would want to encourage whistleblowers (and others) to block the regular creepy ad trackers—but building post-creepy ads and hooking this up to them could be a way to encourage the dedicated readers to treat the high-reputation ads differently from the low-reputation ones.

Tofu, hogs, and brand-safe news

22 October 2017

(I work for Mozilla. None of this is secret. None of this is official Mozilla policy. Not speaking for Mozilla here.)

The following is an interesting business model, so I'm going to tell it whether it's true or not. I once talked with a guy from rural China about the tofu business when he was there. Apparently, considering the price of soybeans and the price you can get for the tofu, you don't earn a profit just making and selling tofu. So why do it? Because it leaves you with a bunch of soybean waste, you feed that to pigs, and you make your real money in the hog business.

Which is sort of related to the problem that (all together now) hard news isn't brand-safe. It's hard to sell travel agency ads on a plane crash story, or real estate ads on a story about asbestos in the local elementary schools, or any kind of ads on a disturbing, but hard to look away from, political scene.

In the old-school newspaper business, the profitable ads can go in the lifestyle or travel sections, and subsidize the hard news operation. The hard news is the tofu and the brand-friendly sections are the hogs.

On the web, though, where you have a lot of readers coming in from social sites, they might be getting their brand-friendly content from somewhere else. Sites that are popular for their hard news are stuck with just the tofu.

This is one of the places where it's going to be interesting to watch the shift from unpermissioned user data collection to user data sharing by permission. As people get better control of how they share data with sites—whether that's through regulation, browsers scrambling for users, or both—how will a site's ability to deliver trustworty hard news give it an advantage?

The browser may have to adapt to treat trustworthy and untrustworthy sites differently, in order to come up with a good balance of keeping sites working and implementing user norms on data sharing. Will news sites that publish hard news stories that are often visited, shared, and commented on, get a user data advantage that translates into ad saleability for their more brand-safe pages? Does better user data control mean getting the hog business back?

Open practices and tracking protection

19 October 2017

(I work for Mozilla. None of this is secret. None of this is official Mozilla policy. Not speaking for Mozilla here.)

Browsers are going to have to change tracking protection defaults, just because the settings that help acquire and retain users are different from the current defaults that leave users fully trackable all the time. (Tracking protection is also an opportunity for open web players to differentiate themselves from mobile tracking devices.)

Before switching defaults, there are a bunch of opportunities to do collaboration and data collection in order to make the right choices and increase user satisfaction and trust (and retention). Interestingly enough, these tend to give an advantage to any browser that can attract a diverse, opinionated, values-driven user base.

So, as a followup on applying proposed principles for content blocking, some ways that a browser can prepare to make a move on tracking protection.

  • Build APIs that WebExtensions developers can use to change privacy-related behaviors. (WebExtension API for improved tracking protection, API for managing tracking protection, Implement browser.privacy.trackingProtection API). Use developer relations with the privacy tools scene.

  • Do innovation challenges and crowdsourcing for tracking protection tools. Use the results to expand the available APIs and built-in options.

  • Develop a variety of tracking protection methods, and ship them in a turned-off state so that motivated users can find the configuration and experiment with them, and to enable user research. Borrow approaches from other browsers (such as Apple Safari) where possible, and test them.

  • For example: avoid blocklist politics, and increase surveillance marketing uncertainty, by building Privacy-Badger-like tracker detection. Enable tracking protection without the policy implications of a top-down list. This is an opportunity for a crowdsourcing challenge: design better algorithms to detect trackers, and block them or scramble state.

  • Ship alternate experimental builds of the browser, with privacy settings turned on and/or add-ons pre-installed.

  • Communicate a lot about capabilities, values, and research. Spend time discussing what the browser can do if needed, and discussing the results of research on how users prefer to share their personal info.

  • Only communicate a little about future defaults. When asked about specifics, just say, "we'll let the user data help us make that decision." (Do spam filters share their filtering rules with spammers? Do search engines give their algorithms to SEO consultants?)

  • Build functionality to "learn" from the user's activity and suggest specific settings that differ from the defaults (in either direction). For example, suggest more protective settings to users who have shown an interest in privacy—especially users who have installed any add-on whose maintainers misrepresent it as a privacy tool.

  • Do research to help legit publishers and marketers learn more about adfraud and how it is enabled by the same kinds of cross-site tracking that users dislike. As marketers better understand the risk levels of different approaches to web advertising, make it a better choice to rely less on highly intrusive tracking and more on reputation-driven placements.

  • Provide documentation and tutorials to help web developers develop and test sites that will work in the presence of a variety of privacy settings. "Does it pass Privacy Badger" is a good start, but more QA tools are needed.

If you do it right, you can force up the risks of future surveillance marketing just by increasing the uncertainty of future user trackability, and drive more marketing investment away from creepy projects and toward pro-web, reputation-driven projects.

Notes and links from my talk at RJI

13 October 2017

This is OFF MESSAGE. No Mozilla policy here. This is my personal blog.

(This is the text from my talk at the Reynolds Journalism Institute's Revenue Models that Work event, with some links added. Not exactly as delivered.)

Hi. I may be the token advertising optimist here.

Before we write off advertising, I just want to try to figure out the answer to: why can't Internet publishers make advertising work as well as publishers used to be able to make it work when they were breathing fumes from molten lead all day? Has the Internet really made something that much worse?

I have bought online advertising, written and edited for ad-supported sites, had root access to some of the servers of an adtech firm that you probably have cookies from right now, and have written an ad blocker. Now I work for Mozilla. I don't have any special knowledge on what exactly Mozilla intends to do about third-party cookies, or fingerprinting, or ad blocking, but I can share some of what I have learned about users' values, and some facts about the browser business that will inform those decision for Mozilla and other browsers.

First of all, I want to cover how new privacy tools are breaking web advertising as we know it. But that's fine. People don't like web advertising as we know it.

So what don't they like?

A 2009 study at the University of Pennsylvania came up with the result that "most adult Americans do not want advertisers to tailor advertisements to their interests."

When the researchers explained how ad targeting works, the percentage went up.

We have known for quite a while that people have norms about how they share their personal information.

Pagefair study

That Pennsylvania study isn't the only one. Just recently a company called Pagefair did a survey on when people would choose to share their info on the web.

Research result: what percentage will consent to tracking for advertising? | PageFair

They surveyed 300 publishers, adtech people, brands, and various others, on whether users will consent to tracking under the GDPR and the ePrivacy Regulation.

Some examples:

The survey asked if users would allow for tracking on one site only, and for one brand only, in addition to “analytics partners”. 79% of respondents said they would click “No” to this limited consent request.

And what kind of tracking policy would people prefer in the browser by default? The European Parliament suggested that “Accept only first party tracking” should be the default. But only 20% of respondents said they would select this. Only 5% were willing to “accept all tracking”. 56% said they would select “Reject tracking unless strictly necessary for services I request”. The very large majority (81%) of respondents said they would not consent to having their behaviour tracked by companies other than the website they are visiting.

Users say that they really don't like being tracked. So, right about now is where you should be pointing out that what people say about what they want is often different from what they do.

It's hard to see exactly what people do about particular ads, but we can see some indirect evidence that what people do about creepy ads is consistent with what they say about privacy.

  • First, ad blockers didn't catch on until people started to see retargeting.

  • Second, companies indirectly reveal their user research in policies and design decisions.

Back in 1998, when Google was still "google.stanford.edu" I wrote an ad blocker. And there were a bunch of other pretty good ones in the late 1990s, too. WebWasher, AdSubtract, Internet Junkbuster. But none of that stuff caught on. That was back when most people were on dialup, and downloading a 468x60 banner ad was a big deal. That's before browsers came with pop-up blockers, so a pop-up was a whole new browser window and those could get annoying real fast.

But users didn't really get into ad blocking. What changed between then and now? Retargeting. People could see that the ad on one site had "followed them" from a previous site. That creeped them out.

Some Facebook research clearly led in the same direction.

As we should all know by now, Facebook enables an extremely fine level of micro-targeting.

Yes, you can target 15 people in Florida.

But how do the users feel about this?

We can't see Facebook's research. But we can see the result of it, in Facebook Advertising Policies. If you buy an ad on Facebook, you can target people based on all kinds of personal info, but you can't reveal that you did it.

Ads must not contain content that asserts or implies personal attributes. This includes direct or indirect assertions or implications about a person’s race, ethnic origin, religion, beliefs, age, sexual orientation or practices, gender identity, disability, medical condition (including physical or mental health), financial status, membership in a trade union, criminal record, or name.

So you can say "meet singles near you" but you can't say "other singles". You can offer depression counseling in an ad, but you can't say "treat your depression."

Facebook is constantly researching and tweaking their site, and, of course, trying to sell ads. If personalized targeting didn't creep people the hell out, then the ad policy wouldn't make you hide that you were doing it.


All right, so users don't want to be followed around.

Where does Mozilla come in?

Well, Mozilla is supposed to be all about data privacy for the user. We have these Data Privacy Principles

  1. No surprises Use and share information in a way that is transparent and benefits the user.

  2. User control Develop products and advocate for best practices that put users in control of their data and online experiences.

  3. Limited data Collect what we need, de-identify where we can and delete when no longer necessary.

  4. Sensible settings Design for a thoughtful balance of safety and user experience.

  5. Defense in depth Maintain multi-layered security controls and practices, many of which are publicly verifiable.

If you want a look at what Mozilla management is thinking about the tracking protection slash ad blocking problem, there's always Proposed Principles for Content Blocking by Denelle Dixon.

  • Content Neutrality: Content blocking software should focus on addressing potential user needs (such as on performance, security, and privacy) instead of blocking specific types of content (such as advertising).

  • Transparency & Control: The content blocking software should provide users with transparency and meaningful controls over the needs it is attempting to address.

  • Openness: Blocking should maintain a level playing field and should block under the same principles regardless of source of the content. Publishers and other content providers should be given ways to participate in an open Web ecosystem, instead of being placed in a permanent penalty box that closes off the Web to their products and services.

If we have all those great values though, why aren't we doing more to protect users from tracking?

Here's the problem from the browser point of view.

Firefox had a tracking protection feature in 2015.

Firefox had a proposed "Cookie Clearinghouse" that was going to happen with Stanford, back in 2013. Firefox developers were talking about third-party cookie blocking then, too.

Microsoft beat Mozilla to it. Microsoft Internet Explorer released Tracking Protection Lists in version 9, in 2011.

But the mainstream browsers have always been held back by two things.

First, browser developers have been cautious about not breaking sites. We know that users prefer not to be tracked from site to site, but we know that they get really mad when a site that used to work just stops working. There is a lot of code in a lot of browsers to handle stuff that no self-respecting web designer has done for decades. Remember the 1996 movie "Space Jam"? Check out the web site some time. It's a point of pride to keep all that 1996 web design working. And seriously, one of those old 1996 vintage pages might be the web-based control panel for somebody's emergency generator, or something. Yes, browsers consider the users' values on tracking, but priority one is not breaking stuff.

And that includes third-party resources that are not creepy ad trackers—stuff like shopping carts and comment forms and who knows what.

Besides not breaking sites, the other thing that keeps browsers from implementing users' values on tracking is that we know people like free stuff. For a long time, browsers didn't have enough good data, so have deferred to the adtech business when they talk about how sites make money. It looks obvious, right? Sites that release free stuff make money from ads, ads work a certain way, so if you interfere with how the ads work, then sites make less money, and users don't get the free stuff.

Mozilla backed down on third-party cookies in 2013, and again on tracking protection in 2015.

Microsoft backed down on Tracking Protection Lists.

Both times, after the adtech industry made a big fuss about it.

So what changed? Why is now different?

Well, that's an easy answer, right? Apple put Intelligent Tracking Prevention into their Safari browser, and now everybody else has to catch up.

Apple so far is putting their users ahead of the usual alarmed letters from the adtech people. Steven Sinofsky, former president of the Windows Division at Microsoft, tweeted,

Stand strong Apple [rhetorical]. Had these groups come after us trying to offer browsing safety. MS backed down. — 🎃 Steven Sinofsky ॐ (@stevesi) September 14, 2017

But that's not all of it.

You're going to see other browsers make moves that look like they're "following Safari" but really, browsers are not so much following each other as making similar decisions based on similar information.

When users share their values they say that they want control over their information.

When users see advertising that seems "creepy" we can see them take steps to avoid ads following them around.

Some people say, well, if users really want privacy, why don't they pay for privacy products? That's not how humans work. Users don't pay for privacy, because we don't pay other people to come into compliance with basic social norms. We don't pay our loud neighbors to quiet down.

Apple does lots of user research. I believe they're responding to what their users say.

Apple looks like a magic company that releases magic things that they make up out of their own heads. "Designed by Apple in California." This is a great show. It's part of their brand. I have a lot of respect for their ability to make things look simple.

But that doesn't mean that they just make stuff up.

Apple does a lot of user research. Every so often we get a little peek behind the curtain when there is discovery in a lawsuit. They do research on their own users, on Samsung's users, everybody.

Mozilla has user research, too.

For a long time, browser people thought that there was a conflict between giving the users something that complies with their tracking norms and giving them something that keeps them happy with the sites they want to use.

But now it turns out that we have some ways that we could act in accordance with user values that also produce measurably more satisfied users.

How badly does privacy protection break sites?

Mozilla's testing team has built, deployed to users, and tested nine different sets of cookie and tracking protection policies.

Lots of people thought there are going to be things that break sites and protect users, or leave sites working and leave users vulnerable.

It turns out that there is a configuration that gives both better values alignment and less breakage.

Because a lot of that breakage is caused by third-party JavaScript.

We're learning that in a few important areas, even though Apple Safari is in the lead, Apple's Intelligent Tracking Prevention doesn't go far enough.

What users want

It turns out that when you do research with people who are not current users of ad blockers, and offer them choices of features, the popular choices are tracking blockers, malvertising protection, and blocking annoying ads such as auto-play videos. Among those users who aren't already using an ad blocker, the offer of an ad blocker wasn't as popular.

Yes, people want to see fewer annoying ads. And nobody likes malware. But people are also interested in protection from tracking. Some users even put tracking protection ahead of malvertising protection.

If you only ask about annoying ad formats you get a list of which ad formats are popular now but get on people's nerves. This is where Google is now. I have no doubt that they'll catch up. Everyone who’s ever moderated a comment section knows what the terrible ads are. And any publisher has the motivation to moderate and impose standards on the ads on their site. Finding which ads are the crappy ones are not the problem. The problem is that legit sites and crappy sites are in the same ad space market, competing for the same eyeballs. As a legit site, you have less market power to turn down an ad that does not meet your policies.

We are coming to an understanding of where users stand. In a lot of ways we're repeating the early development of spam filters, but in slow motion.

Today, a spam filter seems like a must-have feature for any email service. But MSN started talking about its spam filtering back when Sanford Wallace, the “Spam King,” was saying stuff like this.

I have to admit that some people hate me, but I have to tell you something about hate. If sending an electronic advertisement through email warrants hate, then my answer to those people is “Get a life. Don’t hate somebody for sending an advertisement through email.” There are people out there that also like us.

According to spammers, spam filtering was just Internet nerds complaining about something that regular users actually like. But the spam debate ended when big online services, starting with MSN, started talking about how they build for their real users instead of for Wallace’s hypothetical spam-loving users.

If you missed the email spam debate, don’t worry. Wallace’s talking points about spam filters constantly get recycled by the IAB and the DMA, every time a browser makes a move toward tracking protection. But now it’s not email spam that users supposedly crave. Today, they tell us that users really want those ads that follow them around.

So here's the problem. Users are clear about their values and preferences. Browsers must reflect user values and preferences. Browsers have enough of a critical mass of users demanding better protection from tracking that browsers are going to have to move or become irrelevant.

That's what the email providers did on spam. There were not enough pro-spam users to support an email service without a spam filter.

And there may not be enough pro-targeting users to support a browser without privacy tools.

As I said, I do not know exactly how Mozilla is going to handle this, but every browser is going to have to.

But I can make one safe prediction.

Browsers need users. Users prefer tracking protection. I'm going to make a really stupid, safe prediction here.

User adoption of tracking protection will not affect the amount of user data available, or affect any measurement of number of targeted ad impressions available in any way.

Every missing trackable user will be replaced by an adfraud bot.

Every missing piece of user data will be replaced by an "inferred" piece of data.

How much adfraud is there really?

There are people who will stand up and say that we have 2 percent fraud, or 85 percent. Of course it's different from campaign to campaign and some advertisers get burned worse than others.

You can see "IAS safe traffic" on fraud boards. Because video views are worth so much more, the smartest bots go there. We do know that when you look for adfraud seriously, you can find it. Just recently the Financial Times found a bunch.

The publisher has found display ads against inventory masquerading as FT.com on 10 separate ad exchanges and video ads on 15 exchanges, even though the FT doesn’t even sell video ads programmatically, with 300 accounts selling inventory purporting to be the FT’s. The scale of the fraud uncovered is vast — the equivalent of one month’s supply of bona fide FT.com video inventory was fraudulently appearing in a single day.

The FT warns advertisers after discovering high levels of domain spoofing

If you were trying to build an advertising business to facilitate fraud, you could not do much better than the current system.

That's because the current web advertising system is based on tracking users from high-value sites to low-value sites. Walt Mossberg recounts a dinner conversation with an advertiser:

[W]e were seated next to the head of this advertising company, who said to me something like, "Well, I really always liked AllThingsD and in your first week I think Recode’s produced some really interesting stuff." And I said, "Great, so you’re going to advertise there, right? Or place ads there." And he said, "Well, let me just tell you the truth. We’re going to place ads there for a little bit, we’re going to drop cookies, we’re going to figure out who your readers are, we’re going to find out what other websites they go to that are way cheaper than your website and then we’re gonna pull our ads from your website and move them there."

The current web advertising system is based on paying publishers less, charge brands more. Revenue share for legit publishers is at 30 to 40 percent according to the Association of National Advertisers. But all revenue split numbers are wrong because undetected fraud ends up in the ‘publisher’ share.

When your model is based on data leakage, on catching valuable eyeballs on cheap sites, the inevitable overspray is fraud.

People aren't even paying attention to what could be the biggest form of adfraud.

Part of the conventional wisdom on adfraud is that you can beat it by tracking users all the way to a sale, and filter the bots out that way. After all, if they made a bot good enough to actually buy stuff it wouldn't be a problem for the client.

But the attribution models that connect impressions to sales are, well, they're hard enough to understand that most of the people who understand them are probably fraud hackers.

The dispute betwen Steelhouse and Criteo settled last year, so we didn't get to see how two real adtech companies might or might not have been hacking each other's attribution numbers.

But today we have another chance.

I used to work for Linux Journal, and we followed the SCO case pretty intently. There was even a dedicated news site just about the case, called Groklaw. If there's a case that needs a Groklaw for web advertising, it's Uber v. Fetch.

Unwanted ads on Breitbart lead to massive click fraud revelations, Uber claims | Ars Technica

This is the closest we have to a tool to help us understand attribution fraud. When the bad guys have the ability to make bogus ads claim credit for real sales, that's a much more powerful motivation for fraud than just making a bot that looks like a real user watching a video.

Legit publishers have a real incentive to find and control adfraud. Adtech intermediaries, not so much. That's because the core value of ad tech is to find the big money user at the cheapest possible site. If you create that kind of industry, you create the incentive for fraud bots who appear to be members of a valuable audience. You create incentives to produce fraudulent sites because all of a sudden, those kinds of sites have market value that they would not otherwise have had because of data leakage.

As browsers and sites implement user norms on tracking, they get fraud protection for free.

So where is the outrage on adfraud?

I thought I could write a script for a heist movie about adfraud.

At first I thought, this is awesome! Computer hacking, big corporations losing billions of dollars—should be a formula for an awesome heist movie, right?

Every heist movie has a bunch of scenes that introduce the characters, you know, getting the crew together. Forget it. All the parts of adfraud can be done independently and connected on the free market. It's all on a bunch of dumb-looking PHP web boards. There go a whole bunch of great scenes.

Hard-boiled detectives trying to catch the gang? More like over easy. The adtech industry "committed $1.5 million in funding" (and set up a 24-member committee!) to fight an eleven billion dollar problem. Adfraud isn't taking candy from a baby, it's taking candy from a dude whose job is giving away candy. More fraud means more money for adtech intermediaries.

Dramatic risk of getting caught? Not a chance of going to prison—the worst that happens is that some of the characters get their accounts or domains banned, and they have to make new ones. The adfraud movie's production designer is going to have to work awful hard to make that "Access denied" screen look cool enough to keep the audience awake.

So the movie idea is a no-go, but as people learn that today's web ads don't just leave the publisher with 30 percent but also feed fraud, we should see a flight to quality effect.

The technical decisions that enabled the Lumascape to rip off Walt Mossberg are the same decisions that facilitate fraud, are the same decisions that make users come looking for tracking protection.

I said I was an advertising optimist and here's why.

The tracking protection trend is splitting web advertising.

We have the existing high-tracking, high-fraud market and a new low-tracking opportunity.

Some users are getting better protected from cross-site tracking.

The bad news is that it will be harder to serve those users a lucrative ad enabled by third-party tracking data.

The good news is that those users can't be tracked from high-value to low-value sites. Those users start to become possible to tell apart from fraudbots.

For that subset of users, web advertising starts to shift from a hacking game to a reputation game.

In order to sell advertising you need to give the advertiser some credible information on who the audience is. Most browsers have been bad at protecting personal information about the user, so web advertising has become a game where a whole bunch of companies compete to covertly capture as much user info as they can.

But some browsers are getting better at implementing people’s preferences about sharing their information. The result, for those users, is a change in the rules of the game. Investment in taking people’s personal info is becoming less rewarding, as browsers compete to reflect people’s preferences.

And investments in building sites and brands that are trustworthy enough for people to want to share their information will tend to become more rewarding. This shift naturally leads to complaints from people who are used to winning the old game, but will probably be better for customers who want to use trustworthy brands and for people who want to earn money by making ad-supported news and cultural works.

There are people building a new web advertising system around user-permissioned information, and they've been doing it for a long time. But until now, nobody really wants to deal with them, because adtech is just selling that information taken from the user without permission. Tracking protection will be the motivation for forward-thinking brand people to catch the flight to quality and shift web ad spending from the hacking game to the reputation game.

Now that we have better understanding of how user norms are aligned with the interests of independent browsers and with the interests of high-reputation sites, what's next?

Measure the tracking-protected audience

Legit sites are in a strong position to gather some important data that will shift web ads from a hacking game to a reputation game. Let's measure the tracking-protected audience.

Tracking protection is a powerful sign of a human audience. A legit site can report a tracking protection percentage for its audience, and any adtech intermediary who claims to offer advertisers the same audience, but delivers a suspiciously low tracking protection number, is clearly pushing a mismatched or bot-heavy audience and is going to have a harder time getting away with it.

Showing prospective advertisers your tracking protection data lets you reveal the tarnish on the adtech "Holy Grail"—the promise of high-value eyeballs on crappy sites.

Here is some JavaScript to make that measurement in a reliable way that detects all the major tracking protection tools.

You can't sell advertising without data on who the audience is. Much of that data will have to come from the tracking-protected audience. When quality sites share tracking protection data with advertisers, that helps expose the adfraud that intermediaries have no incentive to track down.

This is an opportunity for service journalism.

Users are already concerned and confused about web ads. That's an opportunity that some legit sites such as the Wall Street Journal and The New York Times are already taking advantage of. The more that someone learns about how web advertising works, the more that he or she is motivated to get protected.

But if you don't talk to your readers about tracking protection, who will?

A lot of people are getting caught up today in publisher-hostile schemes such as adblockers with paid whitelisting, or adblockers that come with malware or adware.

If you don't recommend a publisher-friendly protection tool or setting, they'll get a bad one from somewhere else.

I really like ads.

At the airport on the way here I saw that they just came out with a hardcover collection of the complete Kurt Vonnegut stories. A lot of those stories were paid for by Collier’s ads run in the 1950s, and we're still getting the positive extenalities from that advertising today.

Advertising done right can be a growth spiral of growth spiral of economic growth, reputation building, and creation of cultural works. It’s one of the most powerful forces to produce news, entertainment goods, fiction. Let's fix it.

Evancoin and the stake problem

09 October 2017

One of the problems with a bug futures market is: where do you get the initial investment, or "stake", for a developer who plans to take on a high-value task?

In order to buy the FIXED side of a contract and make a profit when it matures, the developer needs to invest some cryptocurrency. In a bug futures market, it takes money to make money.

One possible solution is to use personal tokens, such as the new Evancoin. Evancoin is backed by hours of work performed by an individual (yes, his name is Evan).

If I believe that n hours of work from Evan are likely to increase the probability of a Bugmark-traded bug getting fixed, and my expected gain is greater than n * (current price of Evancoin), then I can

  1. buy the FIXED side of the Bugmark contract

  2. redeem n Evancoin for work from Evan on the bug

  3. sell my Bugmark position at a profit, or wait for it to mature.

Evan is not required to accept cryptocurrency exchange rate risk, and does not have to provide the "stake" himself. It's the opposite—he has already sold the Evancoin on an exchange. Of course, he has an incentive to make as much progress on the bug as possible, in order to support the future price of Evancoin.

If Evan is working on the bug I selected, he would also know that he's doing work that is likely to move the price of the Bugmark contract. So he can use some of the proceeds from his Evancoin sale to buy additional FIXED on Bugmark, and take a profit when I do.

Evan's skills tends to improve, and my understanding of which tasks would be a profitable use of Evan's time will tend to increase the more Evancoin I redeem. So the value of Evancoin to me is likely to continue rising. Therefore I am probably going to do best if I accumulate Evancoin in advance of identifying good bugs for Evan to work on.

The capital dynamics are all wrong.

01 October 2017

Ben Werdmuller, in Why open source software isn’t as ethical as you think it is:

When you release open source software, you have this egalitarian idea that you’re making it available to people who can really use it, who can then built on it to make amazing things....While this is a fine position to take, consider who has the most resources to build on top of a project that requires development. With most licenses, you’re issuing a free pass to corporations and other wealthy organizations, while providing no resources to those needy users. OpenSSL, which every major internet company depends on, was until recently receiving just $2,000 a year in donations, with the principal author in financial difficulty.

This is a good example of one of the really interesting problems of working in an immature industry. We have a similar problem in web advertising. We're over-rewarding the ability to collect numbers that show the effectiveness of a marketing project, while under-rewarding the ability to build brand reputation. Web ads also have an opportunity to fix incentives. We don't have our incentives hooked up right yet.

  • Why does open source have some bugs that stay open longer than careers do?

  • Why do people have the I've been coding to create lots of value for big companies for years and I'm still broke problem?

  • How does millions of dollars of shared vigilance even make the news, when the value extracted is in the billions?

  • Why is the meritocracy of open source even more biased than other technical and collaborative fields? (Are we at the bottom of the standings?) Why are we walking away from that many potential contributors?

Quinn Norton: Software is a Long Con:

It is to the benefit of software companies and programmers to claim that software as we know it is the state of nature. They can do stupid things, things we know will result in software vulnerabilities, and they suffer no consequences because people don’t know that software could be well-written. Often this ignorance includes developers themselves. We’ve also been conditioned to believe that software rots as fast as fruit. That if we waited for something, and paid more, it would still stop working in six months and we’d have to buy something new. The cruel irony of this is that despite being pushed to run out and buy the latest piece of software and the latest hardware to run it, our infrastructure is often running on horribly configured systems with crap code that can’t or won’t ever be updated or made secure.

We have two possible futures.

  • People finally get tired of software's boyish antics lethal irresponsibility, and impose a regulatory regime. Rent-seekers rejoice. Software innovation as we know it ceases, and we get something like the pre-breakup Bell System—you have to be an insider to build and deploy anything that reaches real people.

  • The software scene outgrows the "disclaimer of implied warranty" level of quality, on its own.

How do we get to the second one? One approach is to use market mechanisms to help quantify software risk, then enable users with a preference for high quality and developers with a preference for high quality to interact directly, not through the filter of software companies that win by releasing early at a low quality level.

There is an opportunity here for the kinds of companies that are now doing open source license analysis. Right now they're analyzing relatively few files in a project—the licenses and copyrights. A tool will go through your software stack, and hooray, you don't have anything that depends on something with a consistent license, or on a license that would look bad to the people you want to see your company to.

What if that same tool would give you a better quality number for your stack, based on walking your dependency tree and looking for weak points based on market activity?

Why blockchain?

One important reason is that black or gray hat security researchers are likely to have extreme confidentiality requirements, especially when trading on knowledge from a co-conspirator who may not be aware of the trade. (A possible positive externality win from bug futures markets is the potential to reduce the trustworthiness of underground vulnerability markets, driving marginal vuln transactions to the legit market.)

Bug futures series so far

another 2x2 chart

14 September 2017

What to do about different kinds of user data interchange:

Data collected without permission Data collected with permission
Good dataBuild tools and norms to reduce the amount of reliable data that is available without permission. Develop and test new tools and norms that enable people to share data that they choose to share.
Bad data Report on and show errors in low-quality data that was collected without permission. Offer users incentives and tools that help them choose to share accurate data and correct errors in voluntarily shared data.

Most people who want data about other people still prefer data that's collected without permission, and collaboration is something that they'll settle for. So most voluntary user data sharing efforts will need a defense side as well. Freedom-loving technologists have to help people reduce the amount of data that they allow to be taken from them without permission in order for data listen to people about sharing data.

Tracking protection defaults on trusted and untrusted sites

13 September 2017

(I work for Mozilla. None of this is secret. None of this is official Mozilla policy. Not speaking for Mozilla here.)

Setting tracking protection defaults for a browser is hard. Some activities that the browser might detect as third-party tracking are actually third-party services such as single sign-on—so when the browser sets too high of a level of protection it can break something that the user expects to work.

Meanwhile, new research from Pagefair shows that The very large majority (81%) of respondents said they would not consent to having their behaviour tracked by companies other than the website they are visiting. A tracking protection policy that leans too far in the other direction will also fail to meet the user's expectations.

So you have to balance two kinds of complaints.

  • "your dumbass browser broke a site that was working before"

  • "your dumbass browser let that stupid site do stupid shit"

Maybe, though, if the browser can figure out which sites the user trusts, you can keep the user happy by taking a moderate tracking protection approach on the trusted sites, and a more cautious approach on less trusted sites.

Apple Intelligent Tracking Prevention allows third-party tracking by domains that the user interacts with.

If the user has not interacted with example.com in the last 30 days, example.com website data and cookies are immediately purged and continue to be purged if new data is added. However, if the user interacts with example.com as the top domain, often referred to as a first-party domain, Intelligent Tracking Prevention considers it a signal that the user is interested in the website and temporarily adjusts its behavior (More...)

But it looks like this could give large companies an advantage—if the same domain has both a service that users will visit and third-party tracking, then the company that owns it can track users even on sites that the users don't trust. Russell Brandom: Apple's new anti-tracking system will make Google and Facebook even more powerful.

It might makes more sense to set the trust level, and the browser's tracking protection defaults, based on which site the user is on. Will users want a working "Tweet® this story" button on a news site they like, and a "Log in with Google" feature on a SaaS site they use, but prefer to have third-party stuff blocked on random sites that they happen to click through to?

How should the browser calculate user trust level? Sites with bookmarks would look trusted, or sites where the user submits forms (especially something that looks like an email address). More testing is needed, and setting protection policies is still a hard problem.

Bonus link: Proposed Principles for Content Blocking.

New WebExtension reveals targeted political ads: Interview with Jeff Larson

12 September 2017

The investigative journalism organization ProPublica is teaming up with three German news sites to collect political ads on Facebook in advance of the German parliamentary election on Sept. 24.

Because typical Facebook ads are shown only to finely targeted subsets of users, the best way to understand them is to have a variety of users cooperate to run a client-side research tool. ProPublica developer Jeff Larson has written a WebExtension, that runs on Mozilla Firefox and Google Chrome, to do just that. I asked him how the development went.

Q: Who was involved in developing your WebExtension?

A: Just me. But I can't take credit for the idea. I was at a conference in Germany a few months ago with my colleague Julia Angwin, and we were talking with people who worked at Spiegel about our work on the Machine Bias series. We all thought it would be a good idea to look at political ads on Facebook during the German election cycle, given what little we knew about what happened in the U.S. election last year.

Q: What documentation did you use, and what would you recommend that people read to get started with WebExtensions?

A: I think both Mozilla and Google's documentation sites are great. I would say that the tooling for Firefox is much better due to the web-ext tool. I'd definitely start there (Getting started with web-ext) the next time around.

Basically, web-ext takes care of a great deal of the fiddly bits of writing an extension—everything from packaging to auto reloading the extension when you edit the source code. It makes the development process a lot more smooth.

Q: Did you develop in one browser first and then test in the other, or test in both as you went along?

A: I started out in Chrome, because most of the users of our site use Chrome. But I started using Firefox about halfway through because of web-ext. After that, I sort of ping ponged back and forth because I was using source maps and each browser handles those a bit differently. Mostly the extension worked pretty seamlessly across both browsers. I had to make a couple of changes but I think it took me a few minutes to get it working in Firefox, which was a pleasant surprise.

Q: What are you running as a back end service to collect ads submitted by the WebExtension?

A: We're running a Rust server that collects the ads and uploads images to an S3 bucket. It is my first Rust project, and it has some rough edges, but I'm pretty much in love with Rust. It is pretty wonderful to know that the server won't go down because of all the built in type and memory safety in the language. We've open sourced the project, I could use help if anyone wants to contribute: Facebook Political Ad Collector on GitHub.

Q: Can you see that the same user got a certain set of ads, or are they all anonymized?

A: We strive to clean the ads of all identifying information. So, we only collect the id of the ad, and the targeting information that the advertiser used. For example, people 18 to 44 who live in New York.

Q: What are your next steps?

A: Well, I'm planning on publishing the ads we've received on a web site, as well as a clean dataset that researchers might be interested in. We also plan to monitor the Austrian elections, and next year is pretty big for the U.S. politically, so I've got my work cut out for me.

Q: Facebook has refused to release some "dark" political ads from the 2016 election in the USA. Will your project make "dark" ads in Germany visible?

A: We've been running for about four days, and so far we've collected 300 political ads in Germany. My hope is we'll start seeing some of the more interesting ones from fly by night groups. Political advertising on sites like Facebook isn't regulated in either the United States or Germany, so on some level just having a repository of these ads is a public service.

Q: Your project reveals the "dark" possibly deceptive ads in Chrome and Firefox but not on mobile platforms. Will it drive deceptive advertising away from desktop and toward mobile?

A: I'm not sure, that's a possibility. I can say that Firefox on Android allows WebExtensions and I plan on making sure this extension works there as well, but we'll never be able to see what happens in the native Facebook applications in any sort of large scale and systematic way.

Q: Has anyone from Facebook offered to help with the project?

A: Nope, but if anyone wants to reach out, I would love the help!

Thank you.

Get the WebExtension

Some ways that bug futures markets differ from open source bounties

11 September 2017

Question about A Trading Market for Prices in Peer Production: what's the difference between a futures market on software bugs and an open source bounty system connected to the issue tracker? In many simple cases a bug futures market will function in a similar way, but we predict that some qualities of the futures market will make it work differently.

  • Open source bounty systems have extra transaction costs of assigning credit for a fix.

  • Open source bounty systems can incentivize contention over who can submit a complete fix, when we want to be able to incentivize partial work and meta work.

Incentivizing partial work and meta work (such as bug triage) would be prohibitively expensive to manage using bounties claimed by individuals, where each claim must be accepted or rejected. The bug futures concept addresses this with radical simplicity: the owners of each side of the contract are tracked completely separately from the reporter and assignee of a bug in the bug tracker.

And bug futures contracts can be traded in advance of expiration. Any work that you do that meaningfully changes the probability of the bug getting fixed by the contract closing date can move the price.

You might choose to buy the "fixed" side of the contract, do some work that makes it look more fixable, sell at a higher price. A futures market might make it practical to do "day trading" of small steps, such as translating a bug report originally posted in a language that the developers don't know, helping a user submit a log file, or writing a failing test.

With the right market design, participants in a bug futures market have the incentive to talk their books, by sharing partial work and metadata.

Related: Some ways that bug futures markets differ from prediction markets, Smart futures contracts on software issues talk, and bullshit walks?

JavaScript and not kicking puppies

03 September 2017

(Updated 10 Nov 2022: ended up actually Twitter tracking script. Still not worried about Twitter, too much, just worried about whoever ends up with their assets.)

(Updated 4 Sep 2017: add screenshot and how to see the warning.)

Advice from yan, on Twitter:

if your site embeds tweets, add <meta name="twitter:dnt" content="on"> so that Twitter doesn't track your visitors — yan (@bcrypt) September 1, 2017

I decided not to do that for this site.

Yes, user tracking is creepy, and yes, collecting user information without permission is wrong. But read on for what could be a better approach for sites that can make a bigger difference.

First of all, Twitter is so far behind in their attempts to do surveillance marketing that they're more funny and heartening than ominous. If getting targeted by one of the big players is like getting tracked down by a pack of hunting dogs, then Twitter targeting is like watching a puppy chew on your sock. Twitter has me in their database as...

  • Owner of eight luxury cars and a motorcycle.

  • Medical doctor advising patients about eating High Fructose Corn Syrup.

  • Owner of prime urban real estate looking for financing to build a hotel.

  • Decision-maker for a city water system, looking to read up on the pros and cons of cast iron and concrete pipes.

  • Active in-market car shopper, making all decisions based on superficial shit like whether the car has Beats® brand speakers in the doors. (Hey, where am I supposed to park car number 9?)

Advice from "me" as I appear on Twitter: As your doctor, I advise you to cut out HFCS entirely unless you're at a family thing where you should just eat a little and not be an ass about it. When you're in town, stay at my hotel, where the TV is a 4k monitor on an arm that moves to make it usable from the sit-stand desk, and the WiFi is fast and free. No idea on the city water pipe thing though.

So if Twitter is the minor leagues of creepy, and they probably won't be something we have to worry about for long anyway, maybe we can think about whether there's anything that sites can do about riskier kinds of tracking. Getting a user protected from being tracked by one Tweet is a start. But helping users get started with client-side privacy tools that protect from Twitter tracking everywhere can help with not just Twitter tracking, but with the serious trackers that show up in other places.

Blocking Twitter tracking: like kicking a puppy?

Funny wrong Twitter ad targeting is one of my reliable Internet amusements for the day. But that's not why I'm not especially concerned with tagging quoted Tweets. Just doing that doesn't protect this site's visitors from retargeting schemes on other sites.

And every time someone clicks on a retargeted ad from a local business on a social site (probably Facebook, since more people spend more time there) then that's 65 cents or whatever of marketing money that could have gone to local news, bus benches, Little League, or some other sustainable, signal-carrying marketing project. (That's not even counting the medium to heavy treason angle that makes me really uncomfortable about seeing money move in Facebook's direction.)

So, instead of messing with quoted Tweet tagging, I set up this script:


This will load the Aloodo third-party tracking detector, and, if the browser shows up as easily trackable from site to site, switch out the page header to nag the user.

screenshot of tracking warning

(If you are viewing this site from an unprotected browser and still not seeing the warning, it means that your browser has not yet visited enough domains with the Aloodo script to detect that you're trackable. Take a tracking protection test to expose your browser to more fake tracking, then try again.)

If the other side wants it hidden, then reveal it

Surveillance marketers want tracking to happen behind the scenes, so make it obvious. If you have a browser or privacy tool that you want to recommend, it's easy to put in the link. Every retargeted ad impression that's prevented from happening is more marketing money to pay for ad-sponsored resources that users really want. I know I can't get all the users of this site perfectly protected from all surveillance marketing everywhere, but hey, 65 cents is 65 cents.

Bonus tweet

Bob Hoffman's new book is out! Go click on this quoted Tweet, and do what it says.

Today's Newsletter (special clickbait edition) GUNFIGHT AT THE AD TECH SALOON https://t.co/OI9JXs1hbM

— adcontrarian (@AdContrarian) September 3, 2017

Good points here: you don't need to be Magickal Palo Alto Bros to get people to spend more time on your site. USA Today’s Facebook-like mobile site increased time spent per article by 75 percent

The Dumb Fact of Google Money

Join Mozilla and Stanford’s open design sprint for an accessible web

Just Following Orders

Headless mode in Firefox

Hard Drive Stats for Q2 2017

The Time When Google Got Forbes to Pull a Published Story

Disabling Intel ME 11 via undocumented mode

Despite Disavowals, Leading Tech Companies Help Extremist Sites Monetize Hate

Trump Damaged Democracy, Silicon Valley Will Finish It Off

What should you think about when using Facebook?

Ad buyers blast Facebook Audience Network for placing ads on Breitbart

Ice-cold Kaspersky shows the industry how to handle patent trolls

How the GDPR will disrupt Google and Facebook

Rural America Is Building Its Own Internet Because No One Else Will Disabling Intel ME 11 via undocumented mode

Younger adults more likely than their elders to prefer reading news

Some ways that bug futures markets differ from prediction markets

30 August 2017

What's the difference between a futures market on software bugs and a prediction market? We don't know how much a bug futures market will tend to act like a prediction market, but here are a few guesses about how it may turn out differently.

Prediction markets tend to have a relatively small number of tradeable questions, with a large number of market participants on each side of each question. Each individual bug future is likely to have a small number of participants, at least on the "fixed" side.

Prediction markets typically have participants who are not in a position to influence the outcome. For example, The Good Judgment Project recruited regular people to trade on worldwide events. Bug futures are designed to attract participants who have special knowledge and ability to change an outcome.

Prediction markets are designed for gathering knowledge. Bug futures are for incentivizing tasks. A well-designed bug futures market will monetize haters by turning a "bet" that a project will fail into a payment that makes it more likely to succeed. If successful in this, the market will have this feature in common with Alex Tabarrok's Dominant Assurance Contract.

Prediction markets often implement conditional trading. Bug markets rely on the underlying bug tracker to maintain the dependency relationships among bugs, and trades on the market can reflect the strength of the connections among bugs as seen by the participants.

hey, kids, 2x2 chart!

29 August 2017

What's the difference between spam and real advertising?

No signalingSignaling
No interruption organic socialcontent marketing

Advertising is a signal for attention bargain. People pay attention to advertising that carries some hard-to-fake information about the seller's intentions in the market.

Rory Sutherland says, What seems undoubtedly true is that humans, like peahens, attach significance to a piece of communication in some way proportionally to the cost of generating or transmitting it.

If I get spam email, that's clearly signal-free because it costs practically nothing. If I see a magazine ad, it carries signal because I know that it cost money to place.

Today's web ads are more like spam, because they can be finely targeted enough that no significant advertiser resources stand behind the message I'm looking at. (A bot might have even written the copy.) People don't have to be experts in media buying to gauge the relative costs of different ads, and filter out the ones that are clearly micro-targeted and signal-free.

Want to lose a hacking contest or win a reputation contest?

27 August 2017

Doc Searls: How the personal data extraction industry ends.

Our data, and data about us, is the crude that Facebook and Google extract, refine and sell to advertisers. This by itself would not be a Bad Thing if it were done with our clearly expressed (rather than merely implied) permission, and if we had our own valves to control personal data flows with scale across all the companies we deal with, rather than countless different valves, many worthless, buried in the settings pages of the Web’s personal data extraction systems, as well as in all the extractive mobile apps of the world.

Today's web advertising business is a hacking contest. Whoever can build the best system to take personal information from the user wins, whether or not the user knows about it. (And if you challenge adfraud and adtech hackers to a hacking contest, you can expect to come in third.)

As users get the tools to control who they share their information with (and they don't want to leak it to everyone) then the web advertising business has to transform into a reputation contest. Whoever can build the most trustworthy place for users to choose to share their information wins.

This is why the IAB is freaking out about privacy regulations, by the way. IAB member companies are winning at hacking and failing at building reputation. (I want to do a user focus group where we show people a random IAB company's webinar, then count how many participants ask for tracking protection support afterward.) But regulations are a sideshow. In the long run regulators will support the activities that legit business needs. So Doc has an important point. We have a big opportunity to rebuild important parts of the web advertising stack, this time based on the assumption that you only get user data if you can convince the user, or at least convince the maintainers of the user's trusted tools, that you will use the data in a way that complies with that user's norms.

One good place to check is: how many of a site's readers are set up with protetcion tools that make them "invisible" to Google Analytics and Chartbeat? (script) And how many of the "users" who sites are making decisions for are just bots? If you don't have good answers