Google wants your Google Account to be the only Identity Signal available on the web.
This feature is available right now in Analytics and Ads. It's called "Google Signals." The documentation is publicly available, although it's a little scattered between different product page. I'll summarize:
If the user is using Chrome, and is logged into their Google Account, then you can use that instead of cookies. This is used for pulling in demographic information, cross-domain tracking, and cross-device tracking (something even 3rd-party cookies can't do without fingerprinting!).
The Privacy Sandbox kills other channels that might be an identity signal. Meaning ones available to parties other than Google.
Even as an anti-Google zealot who disapproves of this, I'll admit there are some ancillary benefits. For one, I honestly do believe that Google intends to kill fingerprinting, because it's in their interest to do so. For another, Google does offer a setting "disable personalized advertising" which will centrally let you opt-out of this tracking.
But most people are surprised when they find out that things already work this way, which to me already puts it on ethically dubious foundations from a privacy perspective. And, of course, the monopoly issue.
You are plainly ignoring the actual privacy sandbox in favor of the clickbait. Google is killing 3p cookies which kills google competitor products. But the sandbox is purpose built to create new infrastructure for the competitors (and google) to rebuild in a privacy focused way. The privacy sandbox is a way to create an alternative to IDs (like google’s sign in option) and 3rd party cookies. You can go through proposals and see how these can work here: https://github.com/w3c/web-advertising
Look, I’m not a google fan but you can’t just ignore half of what google is doing. Even then, you’re missing that they are other ID projects that are closing ground on googles ID.
If the user is using Chrome, and is logged into their Google Account...
What does it do if the user isn't signed in to Google?
Google's engineers would have to have an unbelievable level of contempt for users to propose a feature that claims to improve privacy by signing in to Google.
> Google's engineers would have to have an unbelievable level of contempt for users to propose a feature that claims to improve privacy by signing in to Google.
I, for one, find that level of contempt totally believable.
I'm leery of any all encompassing systems that you can supposedly turn off with a single toggle. For example, you would think that not having a FB profile is the ultimate opt out but they have all your data as a shadow profile.
The REAL danger of fingerprinting is not on "some company making money of me through ads", it's that basically one or more entities, i.e. companies and/or governments, can identify you, your habits, political affiliation, localization etc, completely. And then they can modify the internet you see, censor what you can say etc. I couldn't care less about the ads part.
this post doesn't deserve downvotes. Googles size also makes them accountable. Decentralisation is useless if you end up in the wild west with 100 companies, none of which can secure your data.
I'd rather be on a well-regulated network that has the resources to have proper security in place rather than on fifty tiny ones who scrape very detail of my life and serve me crappy ads, this is basically how porn-sites work.
> Decentralisation is useless if you end up in the wild west with 100 companies, none of which can secure your data.
It's not useless, nor is it realistic to imply they are all unable to secure "your data" through their narrow lens. Treating "your data" as monolithic, necessarily implies attribution through centralization - all exchanges between multiple parties are at least a 2 way transaction of identity. It's the consequence of decentralization that there are gaps, not a fatal weakness.
The regulation is so far, USA or EU, not very promising. A slap on the wrists and no transparent investigation or explanation how data is handled, will not convince me.
This is an egregious violation of privacy of the unsuspecting Chrome user who conducts their business while signed in to Chrome.
To make things worse, couple of years ago, Chrome started mingling Chrome Sync and cookies for accounts.google.com which meant that signing into Chrome Sync also automatically signed you into all of Google services. The cookies reappear even if you delete them, just because you are signed into Chrome Sync. Now, that same identity (<you>@gmail.com) is not just used for Google's own websites, but also made available to anyone who uses Google Analytics - which is 90% of the web - including your cross-domain and cross-device history. Of course, none of this is new, but I shudder every time at the thought of how much information the user is giving away about themselves.
In GA4, with Google Signals enabled, the "identity signal" is a psuedonymous identifier unique to your Google Account. I don't know exactly if it's a hash or a join key or what, but the point is it's stable across devices and domains.
It does not directly contain PII. Google can join it to PII, website owners cannot.
It is not aggregate. You can pull the hit-level data from GA, including the identifiers being used.
"...conflating the aggregate anonymized data in GA with the user level visibility Google has into the raw data?"
Isn't that kind of the point? I see no difference. Who cares what individual site owners happen to be able to see if Google is going to monitor, track, send back (telemeter?) way more data and be able to analyze and store it forever?
It's all about who might possibly get the data at a later date than who happens to house it presently.
EDIT: In fact, come to think of it, why are there two things being 'conflated' here? Why is Google collecting more information about Google Analytics-using sites than it's exposing to site owners?
On this bit, tracking concerns are not just for advertising though. Extending your reading on how they replace cookies with the Google id, I’d see them replacing ad targeting with other uses of the data anything that wouldn’t straight be labelled as “ad” (scoring, black listing, indirect target matching, etc.)
The "Ad personalization" bit is probably what the parent comment is referring to. But it sounds like you're interested in the "Web & App Activity" bit, which will turn off the non-ads usage of your data. To a certain extent at least, since there are some grey areas.
For example, I'm on the team that sends Google Shopping emails. If you click a button to track the price of a specific TV, we'll still send you an email if that price drops even if you've opted out of "Web & App Activity". But if you've just been browsing shopping pages for TVs, we won't send you a general email about TV deals if you've opted out. Both of those cases are in some literal sense "web activity" but it's still pretty clear what the user expects.
But you might imagine- if you're tracking the price of a specific TV and opted-out of Web & App Activity, should we send you an email if a near-identical TV drops in price? We probably wouldn't, and we don't have anything like this today, but it's not quite as clear. And Google has so many features across different teams, I can imagine there's probably at least one where some privacy reviewer made a different call than what you would have made.
Forgive the grumpy old man approach here, but can't this all just stop.
The price of a TV (or almost any common product) is driven more by large scale factors (cost, competition, features and brand) than the latest 4 dollar shift because of some promotion in some channel somewhere.
We are optimising for the wrong things. Computers are supposed to be our agent in the digital realm, reaching out for us, in our best interests.
If we turn off all storage of personalised information completely and utterly, 95% of everything I ask can be answered from context (please show me cheap TVs).
Look, i don't object to the idea behind the sandbox (it's always been weird that browsers tell the server what fonts and other settings exist. I mean who ever optimised for that)
What bothers me is that it's a google id. Just let me have a few U2F ids - this is my shopping id, track it if you may. when I take it out of the slot stop tracking me.
I am sure I am feeling extra grumpy today, but when we stop tracking and trying to find ways to make me buy, and start finding ways to make my life better, that's when we have a digital revolution.
Yes we need (again) an inversion of control. At first advertising links only tracked origin (website), so announcers could target right website to put links on it. But soon advertisers realized you could gain more granular information in using more active technology like cookies, gifs, flash, etc. So they began tracking users and their journey through all websites with all privacy problems it entails.
I think in terms of privacy the only level acceptable is the one you have to deliberately have to engage with to start "tracking" (that means advertising content must be displayed alongside publisher content and not personalized nor tracked through advertising company if the user hasn't engaged with).
I also think that marketing/advertising is bad since it distorts value perception but i remain pragmatic and we can't ban all advertising that easily.
If we are ever going to manage the flood of data out there we need digital agents acting on our behalf. The AI behind the facebook feed or the google ad tech is a very early beta of those agents - and "on our behalf" may seem a stretch. But that's not just a cheap snide remark - I think on our behalf is a fundamental issue of how they will be built and designed and regulated.
Richard Thaler has promoted Paternalistic Libertarianism - which seems to me a very good default setting for digital agents working on out behalf. It's not however that simple.
I hope we shall see a Medical approach to managing data - where everything is shaped by the best interests of the data subject. But there are three major world views - let's call them European, US and Chinese for over simplified ease.
The Us view is caveat emptor - one should be rugged individualist enough to be able to calculate the best co-pay arrangement and by extension work out ones preferred facebook privacy settings. If you get it wrong you will be prey for the payday loan industry.
The European view that by default it should be good for the individual (although as a Brit I should sneak in that the state gets to define good. And I suspect the Chinese view is it should be good for the confucian society - and the state may have some say in who is in and out of that.
As we are entering the new era of regulation of tech, these conflicting world views are becoming entangled - and we coders will be on that front line.
Choose a side - and be prepared for some very weird outcomes.
This is replacing one way of tracking with another. Can we stop it with the tracking entirely instead?
I would be happy to voluntarily provide a list of topics I would like to get ads for if I knew that this helps get rid of the cookie and tracking mess we have right now.
Think of a questionnaire a la Netflix that you spend 3 minutes answering to so that it gets your preferences.
The current system we have in place is not just creepy, but also crappy. I see it on YouTube, both the ads and the video suggestions are very poor.
And yet there is no way to turn off tracking, because the data will be collected anyways, and will be used one way or the other eventually.
As long as this is connected to a Google account, well, then that's one thing. One doesn't need to agree to those terms.
Google is continuously trying to transcend this. Look at AMP, which is an attempt to run the entire internet through Google for tracking purposes. The strategy is always the same: Promise some sort of consumer benefit under the condition that everything will be tracked. Yes, one can opt out of targeted advertising, but Google still owns the data and uses it internally.
This new play is the exact same thing. As is all other efforts to track people, logged in or not.
Your choice is this:
Have an account and have everything you do tracked by Google (or the next company), give them all your data to use in their algos, and agree to terms that state that they can do whatever they want with the data. Perhaps then you can disable targeted advertising, although that also doesn't really work, does it?
Or, second choice, do not have a Google account. However, then you are subject to subversive attempts to track everything you do and use the data whether you want it or not, illegal or not.
This goes against some basic tenets of law in many countries. My data is my property, not yours. Google is powerful enough to not care, but make no mistake: People working for Google and making these decisions should be in jail. Any malice and hate targeted toward them is 100% justified.
I'll hedge this by saying I can only speak for the teams I've worked on, plus my somewhat limited understanding of company-wide policies.
The answer to both questions is no. If you opt out, your data is not used for modeling or targeting or anything. Perhaps some internal reporting that isn't used for anything other than like PMs wanting to understand user behavior? Even that I'm not sure about.
If you are identified as being in market for something based on activity and then opt out, you will no longer be classified as being in market. That classification will be deleted- though perhaps not immediately but within some reasonable time frame, say 24 hours or so.
An interesting thing I've noted on disabling personalized advertisements: My SO, who has personalized ads on and lives in the same household, sees ads based on my behaviour. So the ads aren't personalized to me, but they certainly are to my SO.
In other words, they're personalised to your IP address, but since only your SO has personalised ads turned on, they see what's personalised to both of you.
Depending on the type of ads being served that cross-profile-pollination could lead to info leakage and problematic and/or weird situations. It makes me want to be able to build a fake persona rather than a ghost/anonymous profile
You're assuming competence that isn't there. It's a shared ip address, there is still plenty of tracking that is dumb enough to assume that it means that you're the same person and that gets thrown into her 'unique fingerprint'.
I'm not sure who gets the worst deal from tracking, the companies buying ads or us having to see them.
I can’t seem to find the name, but someone built exactly this: an agent that sits on your computer and generates noise. Visiting random web pages, performing random searches, etc. You’d then get random, non-personalized ads.
That said, I have heard a few times comments mentioning that it's easy to filter out (from the ad provider side.) I hope not, but if it is, I would only hope someone smarter than I would send a PR. :)
Interesting way of looking at this: monopolies stifle markets and hurt consumers. But consumers of the ad market are not the end-users, they're the companies buying ads. Therefore, by strangling the market, it is actually possible for Google to be helping people for whom that market is a bad thing (which is most of us).
That sure doesn't sound insidious...kind of like a large Internet ad company trying to make sure that they're the only one who can track your activity online.
Don't worry, though. If you were using any of the now-dead competing advertiser networks, you can target using this information for a small fee! They sure know how to benevolently push forward the wheel of progress to fight to ensure your absolute privacy from everyone but them.
Not that I'm a fan of these 'Signals'--or even cookies for that matter.
"Oh _these_ aren't cookies! It's just that Chrome sets and sends custom http headers to all Google owned websites. _Totally_ not cookies! _Totally_ GDPR compliant!"
Set-X-Totally-Not-An-HTTP-Cookie: sessionToken=bigiain; Expires=Wed, 17 Jan 2091 10:18:14 GMT
Many ways! You reduce the nearly unlimited responses for various aspects of a defined few - such as a basic list of fonts or the nearest screen resolution. You only provide random data unless the user specifically grants fine tuned info. You stop providing long lists of capabilities and instead leave it to the implementation to assume.
Providing a “baseline” user agent instead of a detailed specific version could help for example.
I wonder if they are also doing this to get around the GDPR related cookies stuff. Don't need to have a banner if you don't use cookies. I assume this would also apply to sites using Google Analytics as well
GDPR is actually technology agnostic, it doesn't mention cookies or any other technology. If you store extra PII in any way, cookies, fingerprinting, localstorage or whatever you need to ask for consent with opt-in.
Ok, so basically Chrome will keep a profile on you and send that Google, so as long as the ads on the webpage are Google ads they will be targeted, but any third party provider will not be able to do the same?
Sounds like they are finally realizing their vision for making Chrome in the first place -- to sell more ads.
I'll stick with Firefox with temporary tabs -- I already an protected from third party cookies because Firefox already isolates every tab, but importantly doesn't send my browsing data anywhere.
Can you provide some references to where you're seeing this. If anything they are killing off third party cookies just like Apple and Firefox. Also they are making it so even third party Javascript is less likely able to track you - meaning everything has to be first party. IMO this just means there will be a shift in how tracking works. Moving from third party tracking scripts you install on your website to using CDN's to pull code through or host on your own domain. IMO this means you'll be less able to identify when you're being tracked much more like how it works today on native apps, e.g. you can't tell whether that native app is tracking you.
I'm making some logical leaps. They appear to be killing off 3rd party cookies just like Apple and Firefox. The difference is that Apple and Firefox do not sell an ad product and don't have a reputation for tracking your every move on the internet. Google on the other hand does have a reputation for tracking you through Chrome.
Everyone in adtech, except perhaps Google, is worried. One non-Google player I know is seriously concerned about what the cookie-less web means or online ads. Essentially the entire online advertising industry, both publishers and advertisers, is built on 3rd-party cookies.
The goal: to show you only ads for things you care about and are likely to buy and be influenced by advertising for, is good. But the reality is a mess.
Some of the downsides of Google's proposal are obvious, given its position, but there's at least one downside that users might notice: lots more ads targeted only by the demographic of the publication, making the web look more like print media or TV and presenting you and me with a lot more space on our screens wasted showing ads for things you don't care about.
As for the "fingerprinting" proposals? Bad. Very Bad. Think digital "facial" recognition bad.
As opposed to the current advertisements, which are for... A mobile game? Another mobile game. A behavioral science app. A hyperspecific ad for a watch based on a video game I played, which would be cool but is useless because I have already bought that exact watch. An ad for an armored personnel carrier.
Please. Individual targeted ads are worse than content-based ads.
Wait a second. An armored personnel carrier? What's the conversion funnel here? Do they send it to you? Do you get a discount if you equip your own personal motorized infantry battalion? Is there an update channel for anti-air?
I fell left out because I want an ad for an armored personnel carrier - I won't need it, but at least that ad would be for something cool.
Honestly it feels like there haven't been any decent innovations in a long time. Aside from Apple producing an ARM laptop that doesn't suck I can't really think about what the last product I was excited for was.
I like to click on the weirdest ads I see, either because I'm curious or because I'm a sucker.
It does ... weird things to the ad targeting; I'm currently seeing ads for crystal figures that cost six figures. They're pretty, but not that pretty.
It's fascinating to me that people buy ads pointing to things that essentially no one can afford. I guess the idea is that they'll attract attention and people will click around the site to find cheaper things?
High value item economics is different though. You need many fewer people to buy one for the same profit margin, so casting a very wide net just to catch those 5 people a year that would actually want it might be worth it.
I never said that the targeting was any good. I said it was a mess, just that it was supposed to be good. Believe me, advertisers are very aware of the problem of showing you ads for things you just bought and would love to stop doing it.
Advertising was around for thousands of years before tracking. The fear is that they won't make as much money and will have to go back to how they did it before all the privacy invasion. Very sad indeed.
It's easy really, you just put ads on sites visited by your target market. That's how advertising was always done before Gattica style snooping was involved.
Individually targeted advertising needs to be illegal. It's bad for society.
It's not unreasonable to think that a lot of current digital ad spend is 1) an arms race for slices of a pre-existing attention pie that also resembles a protection racket, 2) a huge waste of money.
There have been a couple of natural experiments showing #2 where entire digital ad spends were slashed at once with little to no impact.
As for #1, look at where a massive chunk of Google's revenue comes from: companies trying to squat their own name and similar keywords to prevent some competitor's product from showing up next to their own.
Targeted advertising through tracking is only good for “aggregators” that want infinite eye balls.
Any platforms that create content already have well targeted ads without tracking. e.g. HBO
Even on content aggregators, that target niche audiences like HN have well targeted ads without tracking. Jobs and of course Ycombinator listed everywhere.
Killing tracking kills the mega content aggregator industry (front page of Reddit, maybe Facebook feed, etc) but this is likely a good thing.
Exactly! Even for free market believers, ads are just a way of manipulating consumers so that they are less rational, and so they are a distortion of the market (in favor of the biggest players, of course, as they can spend the most on advertising).
> I'd rather be influenced by relevant ads that could possibly be useful than ones that will just annoy me.
It's easier to ignore ads that are totally irrelevant.
The ads that are targeted are the most distracting.
I'd rather see ads about some detergent than about a new SSD drive that will catch my attention and makes me forget what I was looking for in the first place. When I need a new SSD, I will just visit a shop. I don't need ads for that.
This is a silly argument. Don't you think you'll have a much better chance of finding a better mouse trap by actively searching Google for it than by waiting for some targeted ads to come by?
Let's say that your search for mouse traps comes back with the classic type that kills.
Wouldn't it be better that you see an ad for a no kill mouse trap that you didn't even know was a thing?
Ads can sometimes inform people about products that they didn't even think existed.
But a Google search is specifically designed to solve this problem. Targeted ads, however, also could mislead, distract, cause overconsumption, and invade your privacy.
And if there was a better mouse trap, then any salesman would quickly learn about it (e.g. at business conferences etc), so you could just go to a shop and ask.
Finally, if you really insist that targeted ads are superior to anything else, then you could just opt-in to a service that provides ads. And you could tell the service all your private details so it knows how to better serve you (without the service having to guess at it).
Just don't assume that someone else needs targeted ads to have a fulfilling life.
I almost always hold off on purchases for a few days to compare what I eventually put in my cart (if anything) to ad-served competitors. There's usually very little overlap with them and the products I was already looking through, so it's a nice additional avenue of shopping around. Sometimes the ads include discounts/promotions as well, which is an added bonus.
Not if you don't know that the better mouse trap was even possible. You are not going to search for "breathable, waterproof shoes" if you don't know GoreTex is a thing.
Granted somewhere in the last 20 years we have mostly stopped innovating and started optimizing and so now you get ads for branded Skinner boxes (sorry, free to play mobile games) rather than, say, cancer cures but if there were innovating products worth buying, you wouldn't search for them because you wouldn't even be able to imagine them.
> Not if you don't know that the better mouse trap was even possible. You are not going to search for "breathable, waterproof shoes" if you don't know GoreTex is a thing.
Sure I am, if I care about shoes being breathable and waterproof. Why would I not do that, and instead hope a magic box will read my mind and guess what I need?
Most people who get wet shoes just accept it as part of life. They don't get on Google and ask how to prevent wet shoes because they don't want to go around wearing kayaking shoes all the time.
The fact that there exists normal-looking waterproof shoes isn't something that they know about or would search about
Growing up in the pacific northwest, I don't think this is a most people thing. :) everyone I know walking around there cares about wet feet, since it's likely to happen 270 days out of the year.
If you need it you'll search for it. Then an ad is relevant.
Otherwise it's probably trying to manipulate you to buy something you don't need or in very rare cases inform you of something you needed but didn't know existed. I have a feeling the latter is fiction.
The Ad matching service gets paid when you buy something, regardless of whether it is relevant, useful or needed by you. What is effective for you, and effective for the ad network are two separate things. Also, ads by their very nature are designed to manipulate you into buying a product. The more personal information they have, the easier it is to manipulate you. Maybe you're still OK with that, but many people think that this is the wrong direction for the web.
Oh no, nobody depends on linking up an ad impression with an actual purchase. Not only is that incredibly hard to do, with few exceptions, the conversion rate is abysmal.
Money changes hands at the time the advertiser agrees to buy the space on the publisher, based on the CPM of the offer. A publisher that can more reliably link ad impression with sales can charge a higher CPM, but nobody in their right mind would buy and sell ads based only on conversion.
Time for everyone in adtech to start advertising Firefox then. Google has made it clear they want to be the only platform where users can watch ads. OSes, Browser, websites.
> ...there's at least one downside that users might notice: lots more ads targeted only by the demographic of the publication, making the web look more like print media or TV...
...this is bad? Sounds great to me.
> ...showing ads for things you don't care about.
This is what targeted advertising already accomplishes: showing me ads for things (or equivalents of things) I already own. Either that or things so wildly off base I have to wonder if the targeting works at all.
Yes, advertisers would love to stop showing you ads for things you just bought. If you see a wildly off base ad, it's likely not targeted, it's just part of an ad buy.
Targeting only by the demographic of the publication is not so great because publishers usually only have a vague idea who their actual demographic is. Take for example the TV show Golden Girls. It was supposedly all about the 50+ demographic, but it was a huge with with queer people of all ages right from the start.
> If you see a wildly off base ad, it's likely not targeted, it's just part of an ad buy.
I usually see such ads them immediately after purchasing the item in question. It's almost as if the targeting models are, in an abstract sense, extremely over-fitted.
> Targeting only by the demographic of the publication is not so great because publishers usually only have a vague idea who their actual demographic is.
As far as I'm concerned, coarse granularity targeting is a feature, not a bug. I often discover legitimately interesting things I didn't know existed but are adjacent to my interests in venue-scoped advertisements.
Even if I didn't find targeted advertising morally objectionable (I do) I would still consider it functionally inferior to more coarse-grained venue/demographic/etc-based placement.
Targeted advertising doesn't help me discover new things, it tries to preempt purchases I'm already likely to make, and put them in front of me. I don't think that's actually very useful.
If you see an ad for an item you just purchased, that's definitely targeted. By "wildly off base" I mean for something unrelated to any of your interests or site where it runs.
>presenting you and me with a lot more space on our screens wasted showing ads for things you don't care about.
As opposed to the ads for toilet seats from that one time I bought a toilet seat online 6 months ago.
If anything forcing adds to be dumb will mean that we get high quality publications in niches again. If you sell model ships advertising on model-ships-magazine.com actually incentivizes a quality site that is interested in furthering the hobby and keeps your dumb smart ads from clogging up the rest of my life.
Targeting is a piece of the puzzle. As an advertiser I need frequency capping, brand safety, page quality, geo, etc. Ignoring all that.. I still need to measure results.
Yet somehow advertising existed for decades without being able to completely track the full path from viewed ad to purchase.
Seriously, the completely f'd up view of advertisers ("Ads won't work unless I can basically track everything about you!!") shows how bonkers the world has become. If your job can't exist without in-depth tracking of how a shown ad influences purchasing behavior, maybe your job shouldn't exist.
Seriously, ads would work plenty well enough by just showing the same ads to all users based on the contents of the page (or search query). Honestly, I'd be all for a legal framework that completely outlaws any "personalization" on the internet unless a user clearly and optionally opts in.
I mean.. so did medicine, buying stuff from the store, and social interaction. That doesn’t mean we stopped innovation when it went slightly awry.
Medicine works well enough with leeches, why would improve that.
There is a path to achieving similar adtech outcomes that are privacy focused, and that is what google is trying to accomplish. Why hate something that is trying to achieve what you want?
How about this: Every user, when setting up a new device, gets a clearly displayed option as to whether or not they want to be shown personalized ads based on the tracking of their browser history. Basically, a clearly displayed "Yes, I want to be tracked for the purposes of showing me ads" option. How many people do you think with want to opt in if they really had the choice? Heck, why do you think Facebook is going so bananas over Apple just asking people to opt-in to tracking?
The only 'innovation' going on is making the tracking difficult for your average, non-technical person to (a) know what is going on and (b) how to opt-out.
There is nothing your client can do (other than blocking ads entirely) that would stop a company from serving you car ads on a car site - that's contextual ads.
Personalized ads are the opposite - you're browsing a fashion site, but you'll get car commercials because you've been visiting car commercials lately.
Randomise HTML elements (div names, classes, a random amount of empty divs in between).
That can be countered by adaptive element-matching algorithms.
Just like with cracking software, it's a cat-and-mouse game, and there are far more mice out there... mice who are willing to work completely for free just to fight back against you.
If I'm reading an article about the pandemic, I probably don't want to see ads selling me face masks. If I'm reading an article about the inauguration, I probably don't want ads selling me inauguration t-shirts.
I am however more likely to click on ads selling me home renovation stuff because they know I've recently bought something in Home Depot. Even though I'm not currently on a home renovation website.
The most effective ads on me, in terms of intentional click through rate (not going to count predatory clicks) are contextual ads on specialized sites. This doesn't work well for general stuff like news sites, but webcomics that do their own ads, or a super focused forum like candlepower or head-fi? Contextual ads are ideal there.
Second most effective are platform-specicic hypertargeted ads, such as Facebook ads. Lot of misses there too, but their first party targeting is good to the point of actually giving me some interesting content.
In practice the third party "contextual" ads mostly are misses for me. Wow, another ad for the home improvement thing I either researched and bought last month, or that I was looking up on a whim and don't have any intention of actually purchasing.
Ok you are extrapolating your experience to millions of others in the world. Nothing wrong with that but it isn’t going to give you universal insights since you’re a special case.
Maybe some articles just shouldn't have ads at all. That would be refreshing. Sites publishing ad-supported content obviously need to put the ads somewhere, but that doesn't mean every single article needs its own revenue stream to justify its existence.
You've just given two bad examples, contrasted with one good example, to prove your point. Pick a good example of a contextual ad and a bad example of a personalised ad (there are many) and the proof is reversed.
Except that my example is more the more popular scenario. Pageviews of general news site surpass pageviews of niche websites about a specific topic. Just go look at the top visited websites.
Right but your example is still intentionally bad, no one is going to put an inaugration t-shirt ad as the contextual ad for a news article. An ad on a general news site can be related to the preferences of the readership of that paper, like how it always worked in print. Or it can even be targeted based on information about you that is gathered first-party, from the patterns in your use of the news website.
I totally agree. But that probably won’t involve programmatic/traditional advertising. It will probably involve first party ads. Which I am definitely in favor of!
That is the scariest thing about this. Google already has an effective monopoly on information discovery via its search engine, and is rapidly approaching one with what software people use to view information on the Internet. It controls the "web standards" and can change them rapidly with little opposition. Websites that have no business being anything but browser-agnostic, yet are usable only in the latest version of its ever-churning browser (or its not-too-different clones), are already uncomfortably common. For a lot of people, Google is "the Internet".
I don't know what the solution is. But there's definitely a problem.
>“We’re in this in-between situation where it’s really not satisfactory because you’ve got consumers not accepting cookies and no solution in place.”
Oh my. That sounds awful.
You know, I think I actually do want Google to build this into Chrome, wire it up to your Google account for nefarious purposes and/or have the whole thing turn into an example that K-anonymity doesn't work well in practice, and try to ram it down everyone's throats. Perhaps that will finally drive people away, and start up some monopoly investigations with teeth.
In the meantime, I'll keep blocking 3rd party cookies, and rejecting on-site ones when undesired.
FWIW these proposals change every month and there are weekly calls with some of the W3C group about this. Nobody in adtech actually believes 3p cookies will be gone by the claimed date.. you can’t rebuild the entire ecosystem in (now) less than a year.
The main reason is speed. It ads extra latency that kills ad response rates.
Secondly is trust. The third party has no way to verify the first party isn't sending bogus requests to increase their payments from the third party and/or hurt their competitors.
Ad fraud is real. It goes the other way too, the "proxy" site could serve up a different ad from the one it's supposed to be sending, and it would be hard to know.
It only works if you have identified (logged-in) traffic and pass the identifier (ie, email hash) along to the side-channel.
Otherwise there's no way to target the ads, it's a first-party cookie but scoped to a single domain so there's no useful targeting data.
(and yes, this is the industry plan, but it's TBD whether publishers like media websites can get a workable fraction of their users to log themselves in)
The company has monopolies within a monopoly at this point. The DOJ is an embarrassment with no power. Theres never been such a concentration of economic activity in corporate America in general. Even the phone companies are about one merger away from being back to their former structure.
Correct. That’s why google is working with Facebook/other major players (or at least acting like it) to create solutions to the problems they’re creating.
Not working, because all the other members of the w3c group wrote an open letter saying google is abusing their power/etc.
I think one thing overlooked is that Google's supposed rationale for providing this service is effectively because they suppose that their plans to "more aggressively block fingerprinting" will leave advertisers with no other choice.
Personally I find this highly unlikely. The very nature of fingerprinting makes it difficult to prevent without some pretty severe compromises, and it wouldn't surprise me if advertisers enter an arms race with Google instead of caving in.
Of course the economic strategy for Google to avoid that is to reduce the price/limits of this service to so low that this isn't worth doing, but if the effort Google puts into preventing fingerprinting is insufficent then this would lead to a "worst of both worlds" situation - Google gets to pseudonymously track the internet with their "privacy sandbox", and nefarious trackers/advertisers can combine that with fingerprinting to create an even more reliable picture of who's who on the Internet.
FYI, this[0] appears to be the explainer of what Privacy Sandbox actually is, and it's quite vague, presumably because the actual implementation details of this would be difficult to determine.
What's to stop a website gradually querying different API data on each page load to build up a profile with the same amount of information as before? Will browsers only allow the first N API accesses forever more? Oh, interesting... lots of nasty mistakes can be made by websites picking a bad set of APIs early on.
However it works, I don't trust it if it's coming from Google. I'll keep my multiple layers of ad blockers enabled.
The only use for cookies I can see is authentication. There are other ways to authenticate that I have used that have been way less burdened by security issues. Store an auth token in local storage and transmit it as the Authentication header for example: CSRF problems, works with whatever framework you want. Why do we still need cookies at all?
Cookies are used for all kinds of session state management besides auth. Your shopping cart, for example, depends on them. Without cookies, the server would have to send the entire state of the session in each response, and the client would have to send that entire state back on every request. Cookies allow the client and server to exchange only a small token that the server can use as a key to state storage.
Even if you could shrink that state down to something reasonably small, it still introduces the problem of the client and server getting the state out of sync.
I mean that's not really true - TCP allows a persistent connection so you could totally just keep the shopping cart for the duration of the time that the user is on the website and /not/ use a cookie.
Even if you were using a desktop computer, it seems unreasonable for both the website and most users to lose the cart information every time you put your computer to sleep.
But it becomes much worse with mobile devices, such as a phone. I don't want to lose the state of my browser tabs every time I get into an elevator.
I'm not certain whether it's unreasonable or it's become an expected norm; you don't expect to be able to leaving a shopping cart full if you're leaving a physical shop, for example.
I guess it very much depends on your usage - I wonder the proportion of users who add to a shopping cart and go back to it without creating an account.
Of course, we're also ignoring session local storage, in memory storage etc... for alternate solutions.
Ah, yes, I was commenting on the TCP connection, which doesn't strike me as a solution.
Local storage is another story and probably a good alternative to storing something server-side, at the cost of more back-and-forths to validate data isn't outdated.
> I'm not certain whether it's unreasonable or it's become an expected norm; you don't expect to be able to leaving a shopping cart full if you're leaving a physical shop, for example.
It has become the norm, which is why it's (IMO) unreasonable to change that. Realistically, for a solution to be doable it needs to allow for saving the cart state, as otherwise websites will simply resist the change.
Cross site scripting can exfiltrate an auth token stored in local storage. An HttpOnly cookie cannot be stolen this way, and with SameSite=strict, CSRF is not an issue.
If I am running code on your site as another user, I don’t really need to steal you auth token. But that is true. Which is why browsers should expand support for authentication to provide things like public key authentication, credentials/personas storage, etc. At the very least, an API to store auth tokens (and just auth tokens). Better yet, a standard login UI for logging into any given website. Even better, public key auth so that instead of logging in by typing in a username and password, you would select which persona you use from a drop down and passwords aren’t a thing. Of course that would require a robust and secure mechanism for syncing the personas/keychains across different devices and browsers.
My argument is that if you need authentication, the browser should have that built in as a first class citizen. And if you don’t want it, then why set cookies?
Firefox has been blocking third-party cookies by default since 2019. I've had them off myself for about two decades now. Google's "solution" is inferior to what Firefox has now. Google could just follow Firefox in this and turn off third-party cookies.
I actually really like this idea. I trust Google the most out of all the other players, since they have the most to lose...
If Apple can have everything built around a single ID and be praised for it's ecosystem, I don't see a reason why Google shouldn't try, especially since there are people who like Google more than Apple.
Unfortunately, their own single-sign on services require us to have cookies enabled for client implementations (firebase auth), that remains the only reason to keep using cookies on the webapps I build.
Always have, always will... but I wonder when someday some important site refuses to service me because I'm not using an "officially supported" (i.e. approved by Big Goog) browser which may no longer run on the hardware I use. It's already started happening. How can the masses fight back against the monopoly?
1. Google doesn't own or control "the internet". They can change Google Chrome however they want; so long as they are plenty of us who don't want whatever crap they are peddling we can and will continue to use the internet as it has existed for a long time.
2. Web browsing is not "the internet". I get that headlines are all about grabbing attention by basically stating overblown lies and then backtracking in the details, but come on now.
3. Cookies aren't going away. They are necessary for how a majority of websites with login/sessions work.
4. 3rd party cookies are crap, and they may well be limited by most popular browsers. That is fine and doesn't affect normal web users. It affects advertisers to some degree, but no more than adblockers do.
5. So long as Google is involved in it, they are going to try to keep advertising profitable for themselves. So whatever "it's good for everyone" nonsense they are peddling its just them trying to prevent the public from shutting down the crappy internet advertising that most of us internet users have hated since it began.
6. It doesn't sound like they are working to prevent fingerprinting. That is the direction things should go imo; we need to get rid of all ability to identify visitors period. There is no reason why anyone needs to know what websites I visit or why, and I think there are plenty of people who agree with my desire in that regard.
7. I'm on the side of those calling to abandon Google and their nonsense. They can't be trusted any more.
> so long as they are plenty of us who don't want whatever crap they are peddling we can and will continue to use the internet as it has existed for a long time.
This is why it worries me so much that so many people use Chrome (and the number seems to keep rising).
I often find that the HN comments are more helpful than the article itself. If I read a bit of an article and it doesn't get to the point quickly, I just close it and start reading the HN comments.
Advertising company takes steps to strengthen its advertising monopoly and shoulder out the competition. News at 11.
Before you say "use firefox", ask yourself why Google donates money to Mozilla.
The other aspect of advertising company is spy company. This will give Google better ways to track users across the web. I'm sure there will be no side effects and the information will be used only for good.
There is a potential counter here by everybody not google. Run a browser string check, and redirect people to Firefox.
Google is being blatantly anticompetitive, and significantly abusing monopoly status to further monopolies elsewhere. And the govt won't come to help in any near future, so it's up to the rest of us to back them off.
(Now, why firefox? Well, its not because FF allows better tracking, but instead that nobody gets the tracking benefit. It's not a 'screw users with FF', but 'screw Goog with no metrics'.)
Google is building an internet without WWW, that is for sure:
"Because data are ultimately transferred to the same businesses, it can be used to create detailed profiles, said academics. If information from a dating app, for example, were shared with the same parent company as data from a banking app, it could be possible to deduce the sexuality of a bank’s customers."
https://ig.ft.com/mobile-app-data-trackers/
World Wide Google. If a modern person goes with the flow, they wind up using Google for every facet of their online life: OS, web browser, search, email, youtube watching, personal photos, cloud storage, DNS, address book, chat, office suite, wallet... I wouldn't entrust my best friend with all that data, let alone people over whom I have zero power and have never met.
This feature is available right now in Analytics and Ads. It's called "Google Signals." The documentation is publicly available, although it's a little scattered between different product page. I'll summarize:
If the user is using Chrome, and is logged into their Google Account, then you can use that instead of cookies. This is used for pulling in demographic information, cross-domain tracking, and cross-device tracking (something even 3rd-party cookies can't do without fingerprinting!).
The Privacy Sandbox kills other channels that might be an identity signal. Meaning ones available to parties other than Google.
Even as an anti-Google zealot who disapproves of this, I'll admit there are some ancillary benefits. For one, I honestly do believe that Google intends to kill fingerprinting, because it's in their interest to do so. For another, Google does offer a setting "disable personalized advertising" which will centrally let you opt-out of this tracking.
But most people are surprised when they find out that things already work this way, which to me already puts it on ethically dubious foundations from a privacy perspective. And, of course, the monopoly issue.