>This isn’t the first time that Google has used disingenuous arguments to suggest that a privacy protection will backfire. We’re calling this move privacy gaslighting, because it’s an attempt to persuade users and policymakers that an obvious privacy protection—already adopted by Google’s competitors—isn’t actually a privacy protection.
Exactly. Firefox and Safari have both implemented and keep improving the type of fingerprint protection that Google is throwing their hands in the air about.
This summary is a thorough response, pointing out just how ridiculous and meritless the original post[1] from Google was.
That original post was written by the same Justin Schuh who went on this ridiculous tirade on twitter claiming he headed the manifest v3 adblocker neutering changes for privacy reasons: https://twitter.com/justinschuh/status/1134092257190064128
Of course it's not possible that this is true since the observational capabilities of the API are explicitly not being deprecated, only the content blocking capabilities. In other official posts they have claimed that the real "justification" is for performance reasons, which I think is equally nonsense.
> the same Justin Schuh who went on this ridiculous tirade on twitter
can you link to the ridiculous tirade? Cause here's the text I see in full
> The sole motivation here is correcting major privacy and security deficiencies in the current system. I know, because I set that focus, and the team reports up through me. And here's a bit more context on the uBlock assertions. [link to other tweet]
> Honestly, all of the negative coverage here is because the team is doing all of this development in the open and engaging with the community. They're taking feedback and making significant changes in response. So the framing here is just not accurate.
Depends on your point of view. Chrome is going to use the same architecture that Safari has had for a few years (on iOS and Mac): data-driven content blocking, where rules are declared by the extensions, and then read and implemented by the browser core with no JavaScript involved on each request.
Javascript-based content blocking is technically slower because you need to invoke V8 on all requests, and then it’s up to the extension to make sure that the JavaScript code is fast enough. It surely is more flexible (as you can do whatever you want in that javascript code) but it’s hard to beat a simpler, data-driven content blocking engine written in native code and integrated in the core.
Whether this difference in resources does have a concrete impact or not, remains to be seen. The fact that Apple Safari did it first makes me believe that there is some truth in the technical merit argument; surely Apple didn’t want to make sure their content blockers were ineffective, but was actually using the same approach as always: providing a possibly “weaker” but far more efficient implementation (compared to “de facto standards” on other platforms) to protect iOS resources usage.
Here are some measurements from the Ghostery team which show that the impact of the non-declarative API can be extremely minimal, and maybe even negative if you consider the increased performance from the reduced ad load.
At the risk of being that guy who mistakes his anecdote for a datum, I've found the bigger ad-blocking extensions to have a larger performance impact - simply because they're evaluating large regex based block lists on each request.
That said - that's my choice, I don't have to use those extensions, but the gain is, to my mind, worth the pain. I really don't like the patronising "we know what's best for you" attitude of the Chrome developers - especially because what they came up with as being "best for us" is also best for Google.
What? It's an appeal to authority to justify his assertion about the motivation of team that he manages. And you don't think his role is relevant? What are you smoking?
> The sole motivation here is [...] I know, because I set that focus, and the team reports up through me
Over a decade of military and then offensive CNE work, a quick tour around the private sector and then a decade of leading Chrome. I guess Chrome had a ton of security issues early on? I can't really think why they'd pick someone like this for directing Chrome and not Chrome security specifically. Even picking him for his contacts doesn't make sense - it's a free product, not much in the way of government contracts to land. And from a "mole" perspective, it'd make more sense to go to Project Zero anyway.
Also, genuine question: isn't it hard to go private sector if most of your resume is redacted? How do you convince employers that you're talented?
A lot of the time (most of the time), you end up in a particular specialty by career accident, not because you're genuinely excellent at that and only that, and not good at related adjacent things.
There are some who work for those organizations that care passionately about civil liberties and work hard to preserve them while still carrying out necessary functions of government.
"Necessary functions" like causing the Vietnam War, the Iraq War, installing dictatorships, training people behind such lovely ideas as "rape dogs", leading to Osama Bin Laden, snooping on everyone while failing to stop attacks they were outright told about.
You have 2 types of people in the any DoD.
0) the peons who do what they are told.
1) the ones who are bright, know the deal, speak when spoken too, and generally play their role.
2) the ones who are protecting their patch with a bunch of bureaucracy.
Those people who care about civil liberties belong in to (1). They unfortunately, have no real say. And when push comes to shove, (2) owns (1, 0) in every shape and form. At best, (1) goes and takes job with a contractor.
Either way, just because you leave your job, doesnt mean you have left your job. If your a (2), u have a network of resources at your disposal. And sometimes, its calculated.
A (2) will always be a (2). Even in retirement. Even if they take a new job. Their network will remain.
We probably shouldn't refer to someone as "trustworthy" who is repeatedly demonstrated to be blatantly lying and spreading clear falsehoods.
As the parent stated, manifest v3 changes didn't hide any information from extensions (hence, by definition, not improving privacy), and independent studies completely discredit Justin's claims about the effectiveness of ad targeting.
There were two parts to the changes. One that stops the current system of ad-blockers requiring them to use a different url-filtering api (specifically one which denies them the ability to read the urls), and one that puts really tiny limits on that api.
I think the first change was in good faith and reasonable. Provided the filtering abilities are reasonable, it is good for privacy and performance (and it would make sense for eg Firefox to support this api too). (I think I would be happiest with an api that lets you write a pure (somehow enforced) js function from url to an action (eg block/allow/upgrade to https) and 4 bits of data).
Although obviously it is unfortunate if it stops various good extensions from working well.
For the second change, I can’t decide. It could be that they were made deliberately small, or it could be that they didn’t really know what appropriate size limits would be and picked limits which were way too small.
No, they did not deny ad blockers the ability to read the URLs. They removed the ability to modify requests via the webRequest API, but left in the functionality for observing all requests made.
The limits aren't the only problem -- forcing everyone to use only the declarative API restricts the ability of adblocker vendors to develop new techniques for blocking different kinds of ads or privacy threats.
I agree that there are good reasons to want something less declarative but I claim that only allowing declarative rules is a reasonable bona fide choice from a security or privacy perspective. In particular if there were no question of motives, I think there would be far fewer complaints about this system being implemented. Indeed Apple’s system for mobile url filtering works like this and though some people complained about the lack of expressivity I didn’t see any complaints that it was some kind of conspiracy to sell ads.
You keep missing the fact that there is no security/privacy advantage to what Google did, since the API for an extension to see every URL being accessed and use it in arbitrary ways still exists. They only removed the part where the extension could block that request from happening.
Selective request blocking has huge security implications. In many ways it's a similar attack surface to arbitrarily rewriting the content. (Imagine making some charges to your credit card, then blocking the request that lists card charges on your bank's website.)
It took me less than 2mins of thinking (and I am hardly the smartest guy ever) about it to figure out that you can solve the potential privacy hazard that webRequest poses (extensions siphoning off request data) by introducing a special kind of content script, let's call it a request-script, that is input-only/one-way-communication except for a limited set of request manipulation and only when asked by the browser. Such as blocking requests. Of course, the devil is in the details here of what to allow and not allow.
The input-only nature still allows for it to be feed new/updates instructions, and it being a script it can still implement rules that cannot be implemented with a fixed rule list like google proposes. But it cannot make web requests and exfiltrate data like that, it cannot communicate back to the host extension and exfiltrate that like that, it cannot exfiltrate data, period. It only ever is allowed to perform certain (not all) request modifications and only when asked by the browser itself.
That leaves the "performance issues" google claims are a major problem. And indeed, there is a chance a misbehaving extension might obliterate performance. But you can do a lot of things in this space, too. "You" are the browser after all and any extension or any request script is at the mercy of what you're allowing it to do anyway. A low hanging fruit here would be to enforce that a request-script has to give an answer in a sane amount of time. Or warn users when an extension slows down requests too much.
And ultimately users will decide if a e.g. 100ms delay for each request is preferable over downloading a few megabytes of video ads for them or not. That is if google was really interested in protecting their users and improving their experience and did not have other motives...
That requires some different permissions to the webRequest permission in question.
But yeah, a bad actor would probably just switch away from webRequest to <all_urls> + webNavigation permissions and siphon off data with content scripts. So google's argument that is is a privacy issue and thus they just HAVE TO cripple their webRequest APIs doesn't get any better.
Blocking is itself a communications channel. You have some data to exfiltrate from extension to server. The page embeds a bunch of URLs to your ad server, you selectively block based on the data to exfiltrate, the server gets 1 bit per URL.
Any additional blocking capabilities (reordering, delaying, selective header stripping) increase the number of bits.
Trustworthy to who? Definitely not for the 99.9% of the population. Helping to build the biggest spying machine gestapo would be jealous of can be only done by men with very low morals.
Isn't that Google blog article completely ignoring the fact that Google implementing tracking protection would hurt their ability to maintain marketplace dominance in one domain (66%+ of web browsers) in order to further maintain and entrench Google's dominance and profitability in yet another (web advertising), and therefore anti-competitive [0][1]?
I can completely understand that the software engineers working on Chrome are separate from the ones working on Ads, but ignoring that conflict interest that is extremely obvious to some outsiders reduces how seriously these arguments can be taken by this group of people. I think Google needs to do more to highlight that their technical choices in Chrome and other Google products and services does not advantage their Ad business if that is truly the case.
"Don't be evil" they said, until it became inconvenient.
You can't take Google at their word because their word doesn't mean much. Especially when those vows directly contradict their main source of revenue, targeted ads.
You mean Infinity War? I'd never heard it referred to as Avengers 3, although I guess it's the third Avengers-branded one. And I edited the actual quote to include "vow"; the original is, "And I swore off dairy, but then Ben and Jerry’s named a flavor after me, so…".
That is a delight. For those who haven't seen it, its title is "MCU Bible Verse", and it's a fast searchable list of quotes from the Marvel movies with references done in Bible style.
The article you linked has Google stating they're planning, over the next few years, to add restrictions to the way fingerprinting is executed. Nothing mentions Google vowing to fight any sort of fingerprinting.
Yes, we're aware. The entire article linked in the OP is a direct response to Google's claims about fighting fingerprinting. The argument made by the Princeton researchers here is that Google's claims are not likely to result in good user privacy.
> You are aware that Google has vowed to actively fight any sort of fingerprinting right?
> CTO @ AdRoll
I think it would be useful to build a tool that monitors HN users which have a conflict of interest and attempt to discredit valid arguments, or try to derail conversations.
it's useful to know alliances that can cause insider bias, but the parent comment was adding relevant, mostly unbiased, and industry-knowledgeable information that should be encouraged rather than discouraged here.
and such a tool would ironically be a tracker (as others have noted).
I know let’s build a tracking network (or join one, let’s say google as they are pretty large) and use that info to work out of their is a conflict of interest or not.
If said comment came from anyone else would it of been dismissed as quickly? Ok it’s Google so prob yes :-p
Great catch + novel idea. But how would the tool distinguish between those sharing their legitimate controversial opinions (everyone has a right to free speech, no matter how 'brainwashed') vs. malicious active derailing?
Just knowing that the person is the CTO of adroll is enough. Let them speak their piece but it's basically a "this comment was paid for by" disclaimer.
There is nothing 'evidence based' here. There is nothing wrong with the comment, no evidence it is an attempt to 'discredit valid arguments or derail conversation'. That's just a completely baseless accusation and, again, the site guidelines ask people not to do that. The user's affiliation is listed right in their profile, to boot.
[Edit: mistook you for the original commenter and fixed that up]
Google's original post is super gross. It dismisses the idea that there could be alternate ways to fund content (i.e. micropayments). I get why they promote "free content" but it is not free at all when you are trading your attention and privacy.
Further, their privacy sandbox sounds like it would just monopolize the advertising space to them. If they don't allow advertisers to collect data, that takes control away from advertisers and centralizes it to their ad market platform.
The post also creates some weird false dichotomy between cookies and fingerprinting. Let's just block both, yea? That's what is best for the user, and probably best for the web in the long term.
We absolutely need a new funding model for the web (to kill ads). The biggest barrier I see are the high transaction fees of digital transactions (30 cents + 2.9%). I don't know if the solution will be Brave, Libra, or something else entirely. Whatever it is, it can't come soon enough.
> It dismisses the idea that there could be alternate ways to fund content (i.e. micropayments). I get why they promote "free content" but it is not free at all when you are trading your attention and privacy.
Google have been very concerned about lack of diversity on their profitable business portfolio and this was a seemingly promising idea at the moment, so they actually tried that idea and miserably failed. People don't want to pay a single cent to publishers unless there's a significant value delivered (like music, movie subscriptions) while the majority is okay with using their privacy as currency. If you have a viable proposal on a "micropayment" business, go try and become the next tech giant.
Individual decisions might make sense for individuals, although it's obvious that the level of tracking is now so deep that most people do not understand what is going on and they would be shocked if they knew how they could be taken advantage of.
Collectively it's untenable for a single for-profit entity to hold highly personal information on billions of people from all over the world and have a direct, immediate communication channel open to them. These companies have immense power and they need to be brought under control.
>For instance, a site like Oxford Reference can charge between 25 to 99 cents for access to a single page of content
I want something entirely different. I want to pay what google makes on me watching ads (or 2x that, I don't care), and distribute that to people creating content I watch without me interfering on that process. Essentially, what happens when I listen to music on Spotify.
You need to not only pay Google’s cut, you need to pay what the publisher makes. Then it has to be multiplied to make up for the people who do not opt in to the system. Just a rough guess, you might be looking at several thousand dollars per year per participant depending on what the ad value of the content was.
To make it a mandatory system is a whole other issue.
Other funding sources fail on the current market because they're competing with content users think is free. But if browser developers remove the option to pay with privacy, that competitor is removed. Google is one of the companies positioned to make that happen.
It's true that people will probably still only pay for things that provide them significant value, but a) low-value content is one of the biggest problems on the internet, so putting those companies out of business is a great result as far as I am concerned, and b) search is obviously high value content, so Google has nothing to worry about.
> Google's original post is super gross. It dismisses the idea that there could be alternate ways to fund content (i.e. micropayments). I get why they promote "free content" but it is not free at all when you are trading your attention and privacy.
It may seem frustrating for some of us living in nice places, having our own money and access to easily accessible electronic payment systems but for a lot of the world (geographical, age and economic status) that's not available. So while I support being able to have the option to pay to not see ads I also support being able to just see pages (with ads) without having to configure billing, etc. Otherwise a lot of the high value Internet would be only accessible to the group of people I mentioned above and that would be sad (and going against why Internet has penetrated so much of the world).
PS: If you think it's hard to stay anonymous in an Internet of ads, I cannot see how you'd be anonymous in one where you have to configure billing which is traceable (by design) to your physical person.
The CPM on ads is a good way to look at this. On YouTube you get anywhere from 25 cents CPM to 4 dollars, usually dependent on where your customers are from. Let's put that on the high side since I'm in the US. Would I rather pay 0.4 cents per video view or see ads? You bet I'll choose to pay that instead. Now that covers the creator costs, Google needs to take a portion of that to run their platform, so let's round it up to 1 whole cent per video. I'm still game.
Now, you have to imagine the CPM is directly related to the value of the goods being sold. That scales per country. It's probably not the perfect proxy, but in the same sense that your viewers from other countries pay out different CPMs, they can probably afford different amounts per video.
It isn't about anonymity. It's about abuse of data. I'm not mad that I can't make anonymous phone calls, I'm mad that my phone provider sells my real time location data. I am happy to pay a company that preserves privacy and trust them with my information. This is a bit aside though, because I more or less trust Google with my information, I just don't like ads. It's not about anonymity.
You don't pay 0.4 cents to watch a video though, some advertiser pays that to get you to watch the ad. The true value of the video is likely much lower.
I don't think patreon is a good metric since there a low number of people pay for content early or exlusives, meaning the cost is distributed among less people. A video on youtube will cost less and has less value since it's available to more people.
If I could load, say, $10 into some Google account and in return that buys me complete exemption from tracking + ads on 10k site visits, I would absolutely do that in a heart beat. I wonder if they have thought about doing that yet
I’m guessing that is not even close to revenue generated. I was told by a pandora engineer a few years ago if all users paid for premium to drop ads they couldn’t stay afloat. It seems the ad industry is milking businesses and users have no choice in the matter.
If this is true why did they constantly inundate you with ads to upgrade to premium? They should have been trying to actively hide the fact they have premium.
> I also support being able to just see pages (with ads) without having to configure billing, etc. Otherwise a lot of the high value Internet would be only accessible to the group of people I mentioned above and that would be sad
Except that the vast majority of the advertising on the internet supports mainly low-quality junk ... The more ads, the scummier and more worthless the site gets, usually.
There are exceptions, few and far between, like news websites I guess. But most of the ads on the Internet are used to support content that you never asked for, never wanted, never would visit, and still get shoved in your face occasionally.
Afaik nobody really tried true micropayments yet. Micro actually means 10^-6, so as TACIXAT mentioned below/above it comes down to 0.025-0.4 cent per one piece of something. Meanwhile what we have seen from the industry is $.99 macro payments.
Did Google Contributor really charge people ~0.025-0.4 cent per impression?
The Google Contributor that launched was very neutered from what was originally proposed internally. It wasn't a real effort to solve the problem; it was effectively a deliberate failure they could present to justify the status quo.
> I support being able to have the option to pay to not see ads
I don't care about seeing ads, but I am willing to pay money (and I do, when such an option exists) in exchange for stopping the spying that ads bring.
The biggest barrier is that people don't want to pay for content. This has been the subject of endless discussions over decades and just yesterday there was a large HN conversation over too many video subscriptions causing people to turn to piracy again. Not to mention it negatively affects the vast majority of people who can't afford to pay for everything they consume.
It's possible to enable advertising while maintaining privacy and security. What was missing was legal and regulatory forces to push advertisers and adtech into it. Now it's here.
The biggest barrier is that there is no money in honest business. In other words, people want to pay for useful content (e.g. wikipedia is still up and running), it's just what they want to pay is nowhere near multi-billion-dollar valuation that VCs are used to. Can Google Search, Maps, YouTube, Chrome, Android and so on exist without ads and tracking? Absolutely. It's just this business would become non-profit.
I'm not sure what you mean by "honest business" or what any of this has to do with non-profits.
Nothing is free. You either pay with cash that you earn, or you pay with your attention with ads. Option 2 is faster, easier, more passive, more affordable and more equal. That's why billions of people prefer to monetize attention on-demand for their content instead of paying cash upfront.
He is arguing that Google could make money with cash, only less than what they currently make with ads, because people spend cash cautiously, whereas they spend data wildly.
None of that has to do with being non-profit. Google is a trillion dollar company. Yes it can make less profits and still survive.
Whether people would pay enough to get anywhere near the costs however, is probably unlikely given how little they pay for far cheaper content on the internet today. Wikipedia is not comparable since the vast majority is unpaid volunteer work and user-provided content.
There is nothing more equal in it. It's outright criminal. The today's adtech is when you walk into a grocery store, get stuff for free, while in the meantime the store takes notes what car you drive, who you likely are, packages all this info and sells to whoever pays, including criminals.
- convenience: do not underestimate it, lots of supporting evidence that people want maximum convenience. Notice how a small UI change as "one click purchase" increased Amazon sales significantly or why they even make/sell those buttons to put around the house to press and refill periodic stuff
- access: like I was saying in another reply, it's simply the case that in a lot of situations, users (because of age, location and economic status) simply have no good means to pay electronically
- affordability: 10 cent/view pay seem like nothing to us but in many places that can add up to a few USD per month that may be the cost of food of a family for a week. So now you'd have to do geographical location based pricing, dealing with all the crap that comes with it (people using proxies to avoid it, etc)
Convenience and access have been tried by several startups (including a project that we did a few years back). It's being attempted yet again by the Brave browser with blockchain tech. With micropayments, there's a big problem with decision fatigue.
Affordability is the largest factor by far though because most people just cant pay for everything they consume for free today. When you look at video content especially, it can easily add up to several dollars per day in spend.
Just run something like a Radius server, which any website could query, and which could log usage.
> access: ...
Provide a wide variety of payment options. As many VPN services and VPS hosts do.
> - affordability: ...
I don't know specifics, but I can't imagine how users in places so poor generate the same ad income as users in wealthier places. So just adjust cost/view to generate the same income that the current system does.
> The biggest barrier is that people don't want to pay for content.
Tons of people paid for content before the Web. Newspapers, magazines, books, CDs, DVDs, cable TV, premium channels.
With the Web, dotcoms were focused on IPOs (and so the appearance of possibly being a player in the future), everyone was focused on adoption, there was also a lot of finance opportunism. Then most all of the the business models switched to spying/control, or just more finance scams. For which free content still makes sense.
If you end the spying/control business model, and the current growth-oriented investment schemes, and maybe breakup a few megacorps that never should've been allowed to happen... then maybe we'll get better options for low-friction content payment, and presumably some people will resume paying for content with value.
Also, the US piracy culture needs to stop. One of the reasons that's been hard to argue, starting in the MP3 days, is that some of the most directly affected content organizations (e.g., MPAA, RIAA) had awful reputations. But to the extent that piracy culture affects legitimate economic sustainability for other content (e.g., subreddits that institutionalized pasting news article full text, or rehosting webcomics on imgur), we need to fix the culture, and make it not socially-acceptable.
> Tons of people paid for content before the Web. Newspapers, magazines, books, CDs, DVDs, cable TV, premium channels.
Sure, but newspapers, magazines, cable TV and premium channels have never really lived off of customer payments, they were always ad-based businesses first (there are exceptions, such as small newspapers and HBO).
Digital technology changes some of the economics, and perhaps some of the need for advertising revenue. For example, you could sell mostly journalism "content", without the expense of printing and distribution operation.
Yet services like Netflix and Spotify thrive. Why? Because they are 1) easier to use than piracy "competitors" 2) they offer a fair deal without seemingly fleecing you, like paying for individual articles.
In my comment, I described how piracy is coming back because of too many subscription services. It certainly isn't as simple as just being easier to use, and there are issues with what people will pay for regardless of billing model.
Spotify is barely thriving and took 13 years to make its first profit. It's precariously balanced with constant problems in artist payouts and catalogs. Netflix managed to grow by getting into the content production business but is seeing challenges there as costs rise.
And both Netflix and Spotify distribute content that can be consumed multiple times. How many times are you going to read the same article? If the answer was as simple as an HN comment, the industry would've figured it out by now.
Users don't want to pay a 5$ / month subscription for content. I know I don't. Would they be willing to pay cents or even fractions of a cent for content? I'd like to see a study on that. We need the infrastructure to support that model though, which I think doesn't fully exist yet.
Most content is either just plain bad or manipulative. We should welcome the death of most content. Content makers that do it for the love of it rather than the monetary reward typically make much better content.
Most “content” isn’t worth paying for. Google’s phrasing about publishers not being able to pay to generate content made me think, “Yay, no content mills!”
Separately, people with something to say like to reach audiences. In the distant past, it was called “pamphleteering”.
There was advertising before banner ads too, so is your issue about ads on the internet?
That was a tiny web that barely anyone used and even less created for. It's really not the same. Also you don't have the same needs and wants as the billions of other people who spend time online to make a judgement that most content isn't worth paying for.
> There was advertising before banner ads too, so is your issue about ads on the internet?
This thread is about your grandparent comment, ”The biggest barrier is that people don’t want to pay for content.”
Billions of people are the market, your remark opens with the judgment that people don’t want to pay for content. In other words, the market has judged most content isn’t worth paying for.
> That was a tiny web that barely anyone used and even less created for. It's really not the same.
On the contrary, today, certainly a higher number have their words preserved online, as persistent conversations such as this one or perhaps Likes on Instagram. But a far lower percentage of those who are online today “have a home page” for example.
In the mid to late 90s a higher proportion of “web pages” were meaningful, and a much higher percentage of users were also publishers of their own web sites.
Amateur web sites unofficially organized around topics of interest were a thing:
Note the author invites patronage but says don’t worry about it: ”I have a day job and SSC gets free hosting, so don't feel pressured to contribute. But extra cash helps pay for contest prizes, meetup expenses, and me spending extra time blogging instead of working.” People with things to say will say them.
While it’s still being experimented with, it seems that quality content is worth paying for, even worth patronage:
Not worth paying for directly does not mean worthless. Nothing is free. Let me summarize is this way.
- Option 1 is to work, turn effort into cash, then spend that cash on the internet.
- Option 2 is to just go to the internet and view ads which turn your attention into cash behind the scenes in real-time.
You're still paying but advertising is a much more seamless, passive, and equally available system, and can quickly scale on-demand. So to rephrase the argument, people want the content, and they pay for it, but they mostly don't choose option 1.
How much for Arxiv with ”open access to 1,580,815 e-prints in the fields of physics, mathematics, computer science, quantitative biology, quantitative finance, statistics, electrical engineering and systems science, and economics”?
For huge amounts of valuable content — ideas and knowledge some people want to share and some people want to absorb — self-publishing, patronage, and private or public funding work, at scale. The “amateur web” is still here, it only seems “miniscule” thanks to being buried under the content mills trying to generate placeholder pages for ads.
The web wasn’t born as either subscriptions (pay with cash) or ads (pay with attention), it was a knowledge linking and sharing platform.
> ”Since its creation in 2001, Wikipedia has grown rapidly into one of the largest reference websites, attracting 374 million unique visitors monthly as of September 2015. There are about 72,000 active contributors working on more than 48,000,000 articles in 302 languages. As of today, there are 5,913,176 articles in English. Every day, hundreds of thousands of visitors from around the world collectively make tens of thousands of edits and create thousands of new articles.” — https://en.m.wikipedia.org/wiki/Wikipedia:About
There's content and distribution. Sometimes content is freely generated by users (wikipedia, stackoverflow, quora, HN, social media) but distribution costs money. These costs (content + distribution) are paid for by cash (including patronage/donations) or ads. That's it. There's no magical 3rd option.
The amount of content that's both created and distributed for free is miniscule and you haven't quoted a single example yet. Billions of consumers are not going to be satisfied with a bunch of people hosting their own blogs from their home.
On the contrary, you’re now trying to ‘conflate’ the pay-to-publish model into the two you argued meant that model didn't exist.
You weren’t talking about paying cash for publishing/distribution, because both your two options, paid subscription and free ad-supported, you were talking how the consumer pays and also cost money to publish, cancelling that dimension out.
In the pay-to-publish model, someone is deciding it’s worth their own pocket money (or patronage or sponsorship by powers that be) to publish. That makes it free to consume.
We were talking about the perspective of the content consumer, and for them, the pay-to-publish model is free. They are neither paying for the content, nor are they paying with their attention. Some entirely different actor not discussed in your models, is covering it.
That content, content creators support publishing, tends to be different in nature — someone is willing to spend “their own” money to share the ideas in it freely.
Pamphleteers paid the printing presses by cash too, that’s how they didn’t have to sell ads and how they didn’t have to charge a ha’penny a sheet.
> “Content both created and distributed for free is miniscule and you haven’t quoted a single example yet”
You’re both non-responsive to examples with factual data to back them up, and moving the goalposts. To be clear, I’m agreeing there is too much no-value content getting churned out as filler to advertise against. So much volume, so much noise, the valuable content is buried.
Perhaps we agree there’s too much ad-hosting filler content, and not enough inherent value content.
To keep saying “minuscule” perhaps you use a very different internet. Where are the ads on this site? Are you paying for it? No, someone has an interest in this site and its content being available to a special interest audience. It costs almost nothing to host contentful content of mostly plain text conveying information rather than eye candy to drive clicks. With light design but info rich text content, it’s easy for the ROI to work. Companies know this and publish for free without ads.
If you add “corporate” publishing into the mix, all the company product sites and blogs, combining company sites, academic sites, non-profit/public-good sites, government sites, WordPress home pages of everyone homesteading on the web, etc., it’s not minuscule.
Ad-supported is less than half of media time and trending down.
In the beginning, profiting off web content was illegal. Is it impossible to imagine course-correcting this race to the bottom?
- - - - - -
PS. I can’t help but notice the incredibly high not at all minuscule percentage of content linked to from HN that is neither subscription based nor ad-supported, but paid for by its author, some even calling out that they’re free, such as this one from the thread on standing out as a speaker:
What does this cost?
Make your checks payable to a shell corporation I have in the Caymans. Just kidding; it's all free. I hope you enjoy it. Also, if I ever see one of your talks, it better be damn good.
I'll add to this site over time. You might be interested in watching the newest posts page.
Content production and distribution are the 2 main costs, paid by cash (subs/donations) or ads (which is just a secondary market for attention-to-cash conversion). That's all there is.
I'm not sure what you're even arguing now. You seem to be saying that some sites exist where the creator pays both costs instead of the consumer but I don't see what point that makes. Like I said, that particular scenario is an absolutely tiny portion of the content available.
Is your argument that only content that's completely paid for by the creator is good? That makes no sense.
Another barrier to models where users pay directly is taxes.
If you come to my site, and I take money from an advertiser to show you an ad, I simply add that money into the income for my business on my Federal and state tax filings.
If you come to my site, and pay me to view my content, then in addition to dealing with that money as income, I also have to worry about whether I owe sales tax to your state or VAT to your country.
Worse, in many states that tax rate depends on your address, so I'll need to get that from you.
To make micropayments work for web content, someone is going to have to offer a service that integrates the micropayment system with a sales tax/VAT collecting and reporting system. You probably have to set it up so it is actually that service that is selling the content to the end users, so that the sites themselves do not have to deal with the states at all. That may require the service to act as some sort of portal that the users go through to reach the sites.
The NY Times solution, for example, is to target ads based on relevance to content on the page being delivered. No tracking required, but its relevance to the page can sometimes be more effective than tracking ads.
Conversely tracking ads are not necessarily smart.
Go shopping for a fridge, then buy one. You'll have fridge ads following you around even though you're not in the market for a fridge any more.
> Go shopping for a fridge, then buy one. You'll have fridge ads following you around even though you're not in the market for a fridge any more.
This persistent meme commits the fallacy of believing that every person follows the precise same fact pattern as yourself: Buying a fridge on some predictable, perfectly recurring and invariant schedule.
In fact, it is probably far more likely that a person who just bought a fridge will be favorably economically incentivized by an ad for a fridge than a randomly selected person.
For one thing, we know that this is a person who will ever influence a decision to buy a fridge (because they in fact did buy a fridge). Many people will never select a fridge in their life (for reasons that include renting a home, moving into a home which already has a fridge, replacing a non-working fridge with whatever a repairperson selects and is thus not influenced by an ad, is not the person in their family who selects a fridge, etc.)
A person who just bought a fridge is more likely to return that fridge and buy another than a randomly selected person is likely to buy a fridge in the same time period.
A person who just bought a fridge is more likely to be a decision-maker in selecting another fridge in the near-term than a randomly selected person (for reasons that include: buying another fridge for their garage, buying one for their business, recommending one to their contacts).
Buying a fridge is a rare event that probably absolutely correlates positively to buying another fridge.
I don't know anyone who has ever returned a fridge. I know plenty of people who have bought one though. Can't say I find your argument all that convincing as a result.
A more effective ad targeting model would advertise fridges to the friends of someone who recently bought a fridge though, due to a) keeping up with the Jones' effect, and b) friends are likely at similar life stages, ie. getting married, buying a home, etc.
While this is true, it's more likely that the fridge buyer is also interested in an oven and some other kitchen appliances, or even a complete kitchen.
The fridge ads are mostly interesting for someone who has searched for a fridge (either on Google or on the fridge seller's website) but hasn't bought one yet.
Google’s publisher network used to be, as best as I could tell, entirely contextual to page content. I used to see CPMs anywhere from $5 - $1000 depending on the content.
This happens to me all the time. A few weeks ago I registered for a half marathon and I’m still seeing targeted ads for it. As if I would somehow be able to run it twice lol..
I don't see ads being replaced or killed anytime soon. I think regulation and laws are needed where if I'm not using a Google or Facebook product they aren't building and tracking my profile everywhere I go both online and offline.
I mean these are massive spyware businesses and they should be called out as such.
Unfortunately, historical data suggests that ads are the only viable way to run a highly-profitable content delivery business. Look at newspapers and television - major, profitable ones have always been ad-driven,and that is despite the fact that they also had a physical cost.
Newspapers especially fit your model of micro-payments: each newspaper is usually a minuscule amount of money, but that is never enough to sustain it.
There is also the problem of incentives - even if your customers are paying to access the content, if you can then ALSO mix ads with the content, you are guaranteed more money, so businesses will usually be inclined to do so.
Newspapers were not journalists who wanted to place ads to pay for their salaries, they were admen who hired writers journalists to get people to pick up their advertisements.
Similarly, the free web is mostly content produced by people with little interest in getting paid (see livejournal, tumblr, blogger, pre-monetized everything: youtube, tiktok) and the providers are not simply trying to cover costs, they are trying to become billion dollar platforms.
All I'm trying to say is there's a vibrant internet to be had without prioritizing profitability and allowing ourselves to be subject to surveillance.
> It dismisses the idea that there could be alternate ways to fund content (i.e. micropayments)
Because it's not valid alternative. It may work some edge-cases, but there's 0 evidence that it could support economy at the same scale as ads.
> We absolutely need a new funding model for the web (to kill ads).
We need to rework how ads work, but killing ads is very naive approach. Ads are core part to how world economy operates (and always have been). Calling for killing advertising is only hurting the case - it makes it easy to dismiss, as some crazy hippie talk.
I don't want to see ads. Given the alternative between having ads everywhere and paying a fraction of a cent to see content, I would choose the latter. Ads are annoying enough to me that I would absolutely pay a fraction of a cent to not view the ad.
I know there are probably a lot of people who would rather be advertised to than pay any non-zero amount to view content. Those people should be able to pay with their attention.
Maybe we don't need to kill ads, but having the choice to pay with money would definitely be welcome to people like me.
> Ads are core part to how world economy operates (and always have been).
I don't think it's at all reasonable to compare the way ads used to be (inert) to the tracking/privacy/malware nightmare that online advertising has become.
Just because we've always had some (comparatively mild) forms of advertisement doesn't mean we should put up with this blight.
We don't need to ban ads. Doing so would be unrealistic. What we need is to ban tracking (through cookies and fingerprinting), and return to content-based advertising. This not only gets rid of privacy invasion and surveillance, but also of monopolization of the web, as ad money goes to many sites and their content creators.
The first ad company that brings ads in house to the website they are serving will be the Google killer. It is an ad company that has no people behind it, paying content creator's pennies on the dollar, with no customer support on any end. Google should be employing big blue numbers in just customer support. But they don't have to since we have all been hoodwinked into it's monopoly.
You mentioning micropayments made me think, I would probably pay more than 100 EUR/year for using a Google without ads and tracking (except what I opt-in to).
I mean seriously I would probably pay more.
I hope regulations from governments help bring google down in size instead of breaking it up for a monopoly. IT has been extremely lucrative.
Yea, I would probably pay on that order of magnitude (hundreds) to get all my internet content per year from trustworthy sources. News articles, videos, community sites (HN, reddit), email (with strong blocking to not waste money), chat apps. I wish I could pay them all some fraction of a cent per page load. I'm sure it would add up to be viable.
Somewhere along the way, ad networks got incredibly greedy (I know, gasp).
I remember when I was much younger, there were banner ads on a bunch of pages (and pop-ups/pop-unders of varying levels of frustration). The banner ads were fine even when we were rocking 56k internet: not beloved by any stretch, but typically reasonably okay.
I have previously toyed with ad blockers, but at a certain point stopped, figured I'd play nice or whatever. Then there were sites that over time legitimately ate into computer resources to the point they were eating way more energy than reasonable (I can't remember which one, but there was one that if I left the site open long enough, it'd crash all open tabs). At that stage, I went back to ad blockers. I really wish it didn't come to it, but man, that whole "give somebody an inch and they'll take a mile" is in full display online now.
The energy usage and slow down of your computer are relatively minor concerns when it comes to ads. The real problem is that ads use every dark pattern in the book to influence your beliefs and decisions, effectively taking over your very valuable brain cycles.
I think as this conversation evolves, we will find that there is an additional human right, the right for others to not use undue force to influence your mind. This whole battle is ultimately one to secure this right.
Energy usage may be not that high, but data usage, especially on mobile devices, is very high.
Even on my home network something insane like 30% of packets sent and received are ad or tracking related, which I know because they all get blocked by the PiHole sitting next to the router.
Choosing to block ads literally makes my browsing go faster, and keeps my data limits from being blown out. AND it prevents fingerprinting of my habits? It's a complete no-brainer.
Huh? Why would I give an hour of battery life away for no benefit?
Battery life is a huge concern. Also page load speed. I am having a hard time processing your comment: I should slow down my computer and decrease the battery life because why? Other people can’t be arsed to care if their ads screw up my experience?
This new initiative seems to be about some changes to Chrome that were overlooked due to hazy justifications that seem to have distracted everyone. I'm guessing the justifications are especially unclear because Google doesn't want to upset advertisers. But how about we look at the technical changes they're announcing, rather than how they justify them?
- Forcing websites to explicitly mark cross-site cookies, or they get blocked for cross-site usage. They also seem to be hinting at adding better ways to clear cookies in Chrome. [1] [2]
- Further attempts to block fingerprinting. (Vague, seems hard?)
These seem like... good things? The SameSite initiative makes CSRF attacks harder. Maybe not big news or as strong as you'd like, but in the right direction?
>Forcing websites to explicitly mark cross-site cookies, or they get blocked for cross-site usage.
Why does anyone even allow third-party cookies anymore? I've had them disabled for years at this point, and I can count on one hand the number of times it's been noticeable, and I think there was only a single time I actually found it worthwhile to enable third party cookies to access the site.
Just a piece of anecdata: a (large) bank we work for struggles with this all the time. Because of historical/branding reasons, they use several different domains. The services used to be quite independent, so everything used to work fine. Because of PSD2 APIs and other developments, they moved on to a central (SSO) authentication page, used from all services on various domains (needing the common authentication cookie). Since then, we fight with the various privacy protections, people blocking third-party cookies, etc. (I'm not saying it's technically impossible to solve, or even saying it's wrong to block third-party cookies. Just... we'll have a lot of work to do, as everyone moves in that direction.)
Funny how Google paints itself as the somewhat Justice Scalia of web privacy using originalist arguments to make its point. Personally I never been impressed by these constructions and in this case to the extent that it would be rightly interpreted I would be more a living web privacy kind of person anyway. I ultimately think in the web as in the constitution it is disingenuous to think framers would have envisioned at its conception all use cases and especially all potential abuses.
I felt a dejavú while reading Google statements. It remind me a time when Microsoft published statements about how harmful was OSS for software innovation.
Until all your data ends up being re-associated with you in some way across multiple websites. Nothing stopping these sites from sharing data if it ends up mutually beneficial.
Yep, but it's completely invisible to users so that could be tough to prove without a data breach. And there's massive profit motive to get away with this. Right now Google still keeps these websites in check with regards to Analytics/Ads data usage, remove the middleman and things are going to get much worse.
GDPR only safeguards your data from the honest. What we need is a technological solution.
Anyone using NoScript or similar is, in a fashion, doing that. I can confirm that it's generally more pleasant dealing with the web when a lot of third-party script is being blocked.
Iframes already provide that capability for web authors. Their sandbox and csp attributes allow you to enforce quite a lot of things.
Users or extension authors can't do much other than blocking those scripts or restricting what the whole page can do because it's difficult to attribute actions to a specific script.
The trend of shipping apps that run their own localhost server, coupled with javascript, is particularly worrisome for privacy. E.g. https://ddiss.github.io/is-netflix-running/ .
That would be nice. In my opinion (since I already don't allow JS to run in my browser), it would be even nicer if browsers stopped giving webservers any information about my machine, operating system, or the browser.
If you have something like CloudFront in front of your site you can actually make a subdirectory be served from a different origin. To the browser they actually come from the same "place", its just AWS is sitting in the middle. I'm sure its the same with Fastly (Don't use that feature as their shared ssl offering is like and extra $100 p/m) and with cloudflare.
EDIT: What I mean is example.com/api/hello could hit your back end, but example.com/js/script.js hits S3 (or another static hosting service) instead of hitting your real origin.
So even though to the browser it would appear that /js/script.js is coming from example.com it could actually be coming from anywhere else.
BUT the cookie origin would take over. So if script.js was a tracker. the cookie it set on the browser would be example.com and not "AnotherSite.com" which had the same tracking script. But if the script can make the same fingerprint from both domains then that's not so much of and issue. But thats going back to other methods of fingerprinting.
Don't get me wrong, but this way of serving content has been common since, well, apache 1.2 days and mod_proxy ReverseProxy: CDNs did not bring anything new in that respect.
Basically, you are confusing some terminology and not really making any point: in your example, there is only one origin, that of example.com. Yes, servers can forward any data they wish to other web sites (like AnotherSite.com).
Sure, and a service that is able to scale much better, has a fatter pipe, allows configuration through a web UI...
But in this context, how does this matter? "Origin" is a client/browser side concept, and however you serve your website internally, it appears as one web site. Basically, I replied to a comment bringing CDNs into discussion where they are totally irrelevant.
Origin checks can't protect you against servers forwarding your data to a privacy-invading site (eg Google), and a server can do that simply by being a reverse proxy to another site.
How do we reconcile wanting to block fingerprinting so we can't be tracked, with the fact that almost every modern front end uses fingerprinting for things like figuring out the canvas size for responsive designs? I definitely don't want to be tracked, but I'd like responsive designs to keep working.
Fingerprinting requires sending information back to the mothership. If we got javascript that was sandboxed from making web requests, then it could have access to whatever private data it wanted without entailing a privacy risk.
The web has so many vectors for exfiltrating data that it seems hard to come up with a js sandbox that is both useful and cannot leak data. Any DOM write access whatsoever allows you to do things like update link targets to include the private data or manipulate the DOM in ways that can be read by unsandboxed script. Even wothout considering timing attacks I'm unconvinced that there's a way forward that involves trying to separate js with permission to read system state from the network.
It's unlikely that anyone would try to prevent leaking something like browser window sizing, as there are so many ways to infer it. You can likely figure out window size even with static content by embedding some image pixels and examining the timing of get requests for them.
If you read the Google thing, there’s a proposal for doing exactly that with a privacy budget. The browser would allow access to information until it becomes too specific to a user and then cut it off.
It’s not a perfect solution, but a less granular (avoiding the pun) return value could make the API less useful for fingerprinting but still useful for responsive design layout.
That's great for the 1% of people who know how to use that, but what about for the general public. When I make a website I'd like the responsive parts to keep working.
Why? Because I have reader mode turned on by default and haven’t looked back since over a year ago, and I can’t imagine the web without it any more. It’s the only thing that makes the web tolerable, no matter how many ad blockers I install.
If everyone else used it too, websites would become wise and start blocking it somehow.
Oh, wait, I mean, reader mode is terrible and nobody should use it!
Safari on Mac (and iOS), In the Safari settings under Websites, Reader, you can set "Other Websites" to "On", and it's on by default except websites you turn off (which you can do from the reader button on the left part of the address bar.)
You really only need some small JS fragments. Whitelist the hashes (heck bundle them with the browser), run nothing else. The JS does not need to know the canvis size, the browser (the user) can decide. Executing arb programs is poor design.
On top of the generally absurd claims made in the official Google post, that writing was just terrible. Comma splices all over the place, sentences starting with So and But, very strange tone and wording in some things. Did anyone edit this?
Oh and I love the “thank you in advance for your help” lol what?
I mean, you just used both of the ones that you mentioned in this comment alone, unless that was intentional. I think it sounds fine, so long as the writing is not intended to be super formal.
>> "There is little trustworthy evidence on the comparative value of tracking-based advertising."
This is flat out wrong. Google and Facebook have proven that there are BILLIONS of dollars on the table for the value of "tracking-based advertising"
As an engineer who used to work in ad-tech, making appeals to reason to these companies won't help. There's a lot of money flowing in this sector, and unless large internet companies see the value in changing their ad-based business models, the only thing that will dissuade them are shifts in public opinion, laws, and policy.
Or a rearchitecture of the web, which I'm all for :)
Only if you assume value == money. The question is not whether advertisers will pay extra for tracking-based advertising (your definition of "value"), the question is whether they are getting what they're paying extra for (what others are considering "value"). That someone pays for extra for something doesn't not necessarily mean it's worth it.
While I agree with you philosophically, you are using a different definition of “value” than the parent, i.e. you are talking past the point of the parent comment.
You missed the argument: are there billions of dollars more over non-privacy-invading advertising?
That's what we need data for before trusting any hand-waving argument.
Google are in an ideal position to test this and publish results on (eg. A/B testing on ad selection method). Not that we'd really trust them completely, but at least we'd have something to go off. :)
I feel so bad for the author of this post. I would love to bump into and chat with the author 10 years from now at some conference and learn about the arguments that went into why this was written.
I wonder if the director of chrome engineering has drunk the koolaid enough to believe this? Or whether they feel really bad about carrying water to pay the bills.
What if Google is so entrenched in this position because they see a ton of evidence? What if Google is “right”?
I tried out Google’s non-personalized ads for a while, and wow the ads were bad, especially on YouTube. Not like irrelevant but downright obnoxious. But wait, we’ve seen this before!
Why Google oh why are ads so bad? Because advertisers got more evil? Yes and no. Google got more evil advertisers as all the good ad money went to Facebook’s properties.
Google’s recent blogpost is frustratingly “right”: given the opportunity cost of bad ads, an average user is better off opting in to higher-quality tracking-targeted ads. BUT! That is only because Google the ad company lost the good content. And sadly, Google the software company owns the browser, so they have to make do in a Google world.
This isn’t even an issue about privacy. It’s about a company overtly misrepresenting the interests of its users in bad faith. No different than Uber tacking on the $1 “safe rides” fee as a pure margin generator rather than as protection for riders.
You need to consider some users A) don't want to see ads at all (exhibit A: lot of posters in this thread) B) rather see "dumb" ads than personalized one if it comes through individual level tracking and profiling (that's me). From this perspective no amount of evidence can convince me they are "right" and I have no wish to contribute in any way to "betterment of ad quality" for the price it is proposed. This is comment is no reflection on the rest of your argument btw, just addressing the premise.
> You need to consider some users A) don't want to see ads at all
Exactly. I'm really stupefied with arguments that I'm "better off" by opting for tracking ads. Why am I better off? What good does it do to me? It almost seems like these arguments are coming from some other world which I am not living in.
I think some ads are good. Specifically the kind that informs you of something new. Sometimes when I see an ad with a trailer for a new movie in theaters, I'm appreciative that I learned a movie that I wouldn't have otherwise known about.
> We find this passage from Shoshana Zuboff’s The Age of Surveillance Capitalism to be apt:
“Demanding privacy from surveillance capitalists or lobbying for an end to commercial surveillance on the internet is like asking old Henry Ford to make each Model T by hand. It’s like asking a giraffe to shorten its neck, or a cow to give up chewing. These demands are existential threats that violate the basic mechanisms of the entity’s survival.”
This quote is hilarious, but if, as the article suggests, privacy-invading, tracking-based ads aren't much better than content and region-based ads, presumably advertising companies like Google could abandon it and still provide similar value to their customers.
It might even save time, resources, and money since they wouldn't need to put as much effort into tracking.
> the pickpocketers will just switch to muggings. That would be even worse. Surely you don’t want that, do you?
A contrast with law enforcement, is that the abusers are not punished and deterred, but instead encouraged to escalate the potency of their behaviour. Anti-tracking technology is preventing pick-pocketing by expecting people to ride in armoured cars. This should be part of the solution, but we also need deterrence.
Laws like the GDPR should in theory help, but sadly enforcement with regard to tracking consent has been lacklustre, and consequently and predictably the law is widely flaunted. This makes the mitigating technical measures all the more necessary, yet they are not a panacea.
I think the today's adtech is more like video cams installed in everyone's house and squads of criminals that do targeted raids based on information obtained from those video cams. First people figured that such cameras exist. Then they started installing steel doors. Now they're removing those cameras.
Can someone explain me if this isn't (technically speaking) and uphill battle? Let's say all browsers implement first-party isolation and anti-fingerprinting, won't tracking simply move server-side?
"Hey AdTech Network. Here is the server from Free Newspaper. Can you send me an add for Free Newspaper user X at IP Y?"
"Hey Free Newspaper. Oh, that guy? I just saw him buying a flight ticket at Flight Aggregator. He is definitely Flight Aggregator user Z. Here is a targeted ad."
It's totally possible and why IP addresses are PII. If you've got enough websites working together it's probably possible to reconstruct their browsing history, and I would guess even more accurately than with client-side tracking (where blocking cookies and adblockers at least give you some control).
So then why are people so annoyed about Google not implementing anti-tracking technology, instead of being annoyed at legislators not regulating tracking à la GDPR?
I don't know. But it seems to me there's a lot of misdirected anger in the air. Trump is investigating FAANG yet nobody is willing to give him the benefit of the doubt there. If everyone was screaming at government then maybe something would change.
Is there someway it'd be possible to develop a browser that fingerprinted as identically as possible for everybody? Surely we have different IP Addresses, but we can make things like querying for viewport dimensions the same.
I find it amusing how commenters on HN are so privacy-sensitive while good share of software industry today supports, depends on or directly is involved in people tracking, this way or another.
Eh... some of the industry, sure. I work in a B2B company, others work in hardware devices, etc. I'm not sure what the relative proportion might be, but it's certainly not the whole industry.
Go talk to your marketing team and you would be amazed by level of tracking those guys doing or should be doing in order to win the market.
I work in a very boring niche for a small company and you'll receive email from us and we'll know what ads you clicked to find us 1 year ago and that we'll keep your entire browsing history and utilize it to tailor our messaging and that's just a begining of it. And our budgets are fraction of what huge online advertisers spend.
Modern digital marketing wouldn't be possible without tracking and that's just how it is.
If we make it harder via regulations, we'll just make it more expensive and that's all. Kind of similar as drugs - demand is so strong that supply is going to be there no matter what you do.
It's almost like Google wants to track and deliver advertising.
Almost like they have some financial interest in determining user behavior so they can deliver more targeted ads. Almost like they are an adware company.
Nah, can't be that. That would be like a conspiracy or something......
That surveillance economy strongly reminds me Tobacco industry. It was cool and trendy until everyone woke up and regulated it to death, as it should be. GDPR is just the beginning.
I believe that this is a part of a well funded campaign against Google by some of its rivals or enemies. Oracle? Regardless, whoever is implementing this attack, they're doing a fantastic job. Google's business is basically connecting Advertisers (wolves) with Users (sheep) and the most important part of this business is to keep this ecosystem stable. Someone's apparently found a way to destabilize this system: wolves are getting bigger and greedier, while sheep is dying out. The only solution here is to cut the population of wolves, but Google is still in denial and lies to itself that maybe the extinction can be stopped by formalizing the process of chasing sheep.
There are people with strong beliefs and opinions they are ready to fight for - within the frame of their daily job, using their free time, their own money etc. All this without being enthralled to a "bigger entity", as a part of a conspiracy, serving a special interest playing power games, or simply someone paying them. I am one of those people, in agreement with this post, I can see the OP being in this category as well. If this is all too surprising for you that is a reflection on you.
I'm not 100% its being done for tracking, the canvas usage is being used to insert emoji into the page from WordPress Servers. It being a WordPress based blog kinda explains that.
Now are WordPress using that ability to track users which the owner of this site isn't aware of? That's another question.
Edit: This page doesn't contain any emoji, But it prob just a WP Plugin that replaces any into broswer/os emoji.
Get rid of cookies, get rid of fingerprints by sharing them between all browsers using a p2p network so everyone has the same fingerprints. Now get rid of Google. Thanks for all the fish, Google.
And disable JS. The idea that clients need to execute arb code to see a page broke the information / presentation separation, on purpose. I leave it off (surf lets you easily toggle it per process), and it's pretty rare that I actually want to use it, and in those cases, the page could easily have been designed to work fine without it. It's a deliberate problem.
Afaik, TeX is a Turing-complete language that can even read files from disk. Yet, it's only purpose is to render static text documents and nobody blames Knuth for inability to separate the presentation layer. The web is no longer a bunch of text documents. It's the first and only successful cross-platform solution. Moreover, it's still in the very infancy and in 10-20 years it will be the full-blown operation system layer on top of every platform. The problem of the web is that its sandbox has become leaky.
> To appreciate the absurdity of this argument [about encouraging fingerprinting], imagine the local police saying, “We see that our town has a pickpocketing problem. But if we crack down on pickpocketing, the pickpocketers will just switch to muggings. That would be even worse. Surely you don’t want that, do you?”
Calling arguments "absurd" or "disingenuous" is itself arguing in bad faith, and respectable publications can do better.
This sort of thing happens in real life all the time. In the debate over drug policy, one of the major arguments for legalization is that drug prohibition leads to different types of crime. On the one hand, this is a "defeatist" attitude to have about drug policy. On the other hand, the world is complicated, and sometimes we have to make compromises.
The author continues:
> Based on peer-reviewed research, including our own, we’re confident that fingerprinting continues to represent a small proportion of overall web tracking. And there’s no evidence of an increase in the use of fingerprinting in response to other browsers deploying cookie blocking.
That's an excellent, concrete point to make about the question. But it's not "absurd" for others to have less confidence in that conclusion. It sounds like a tricky open question.
> Calling arguments "absurd" or "disingenuous" is itself arguing in bad faith, and respectable publications can do better.
Calling an argument 'absurd' or 'disingenuous' is not an argument, it's a conclusion. Its value lies entirely in how well the point is proven.
Here, the article does a fair job of that task. It supports the idea that the argument is absurd because mitigations against browser fingerprinting are already in development, and it supports the idea that the argument is disingenuous because in a comparable situation Google itself did not deploy a privacy workaround, so it should know that fingerprinting is not a universal response.
People are allowed to have editorial discretion and form opinions.
It may be harsh to be dismissive of Google's claims, but Google chose to put itself in a position where they have deep, systemic conflicts of interest.
When you have a company with strongest possible interest in profitable advertising, who also makes browsers, operating systems, and controls key services that are effectively chokepoints of the internet, it's not unreasonable to assume that SMEs would question your commitment to finding a solution that would hurt you. When you write an article that demonstrates that others have been able solve impossible technical problems that an engineering organization at Google cannot, it's difficult to call that "bad fath" reporting. In fact, anyone who assumes that a company will inflict harm upon its own short/mid term financial interests is clueless, because that is what management demands at any public company.
If Google did something like implement strong organizational walls that isolated advertising from other lines of business, like a newspaper, perhaps I would agree with you. If Google was showing market dominance in other areas, like cloud computing, perhaps I would agree. But they do not, and in fact they are integrating components of their business more and more, and are compelled to do so by their duty to shareholders. (See Google One as an example)
> Calling arguments "absurd" or "disingenuous" is itself arguing in bad faith, and respectable publications can do better.
If they are not real arguments, but false dilemma kind of arguments presented specifically to push an agenda, how do you call them? You definitely can't take them at face value and provide counter arguments, you can only call them out.
> large scale blocking of cookies undermine people’s privacy by encouraging opaque techniques such as fingerprinting. With fingerprinting, developers have found ways to use tiny bits of information that vary between users, such as what device they have or what fonts they have installed to generate a unique identifier which can then be used to match a user across websites. Unlike cookies, users cannot clear their fingerprint, and therefore cannot control how their information is collected. We think this subverts user choice and is wrong.
the argument claims:
- people block cookies so fingerprinting methods had to be implemented
- cookies, unlike fingerprinting, can be deleted
- because cookies can be cleared people should just embrace them and keep their ability to choose
> To appreciate the absurdity of this argument [about encouraging fingerprinting], imagine the local police saying, “We see that our town has a pickpocketing problem. But if we crack down on pickpocketing, the pickpocketers will just switch to muggings. That would be even worse. Surely you don’t want that, do you?”
Actually, fingerprinting is not JUST used to track users for ads. Describing the characteristics of a device is used for lots of other purposes as well. For example canvas size etc etc useful for other reasons. Many / most web dev folks rely on fingerprints (user agent / screen size) when targeting layouts, adding / removing features etc.
The whole analogy where police are cracking down on criminals is the same as cracking down on fingerprinting is what is "absurd" and "disingenuous". A better analogy is wanting to have a 10mph speed limit to reduce pedestrian deaths. It would (and I like car free planning so would support it). But it would ALSO make commutes etc slower.
Semantically speaking, the elements that could be used to compose a fingerprint is not the same as fingerprinting.
If I write a page that uses user agent / resolution to serve up a layout -- that's not fingerprinting. Fingerprinting would be if I tried to identify a particular user with those elements.
I think the problem you're trying to illustrate is that it is difficult for a browser to determine what the requesting site intends to do with those parameters. The browser doesn't know if you want canvas access to draw a pretty picture, or if you want canvas access to perform identification of the user.
Many / most web dev folks rely on fingerprints (user agent / screen size) when targeting layouts, adding / removing features etc.
I've been building web sites commercially since 1997. I have never done any of those things.
Unless the company you work for has the marketing or advertising department in charge of the IT department, this shouldn't happen. I'm sure that Facebook and a bunch of other terrible companies do it, but they shouldn't. The closest I ever came was during the era when you had to detect IE6 and work around that.
But, no, "most" web devs don't do that. Maybe you do. Maybe the people in your company do. But that is not "most," or even "many." I'd say it's probably not even a plurality.
To put it bluntly: If you think that's web development, you're doing it wrong.
I'd be curious if you were commercially successful.
The shift from IE to chrome was told by user agent strings. Almost EVERY web developer was tracking this and figuring out what features would work reasonably and what would not during this shift for the websites they maintained. In other words, what parts of the standard HTML were widely supported among users visiting their sites.
If you worked internationally you'll know that this was very different on a country by country basis.
Surprised to hear the claims that only a few do this. It is CRITICAL to developing useful websites -> you need to know what version of HTML to target at a minimum. Screen size, mobile vs desktop all also matter.
I'm now realizing why some web devs can charge so much - they might use these tools -> while others don't?
User agent sniffing is a bad idea and fragile. Feature detection and shims work much better. CSS media queries are quite sufficient for screen size and resizing issues.
Most importantly, none of this ican be fingerprinting unless you are sending these metrics back to your servers which is IMHO unethical.
All these are fingerprinting. Almost all these are routinely logged by almost every web analytic product out there.
The posters above, sorry for my tone, are lying when they claim that most websites don't do this and most developers don't. It's actually easy to expose their lies. Just visit some websites and check their tracking approach / tools. Literally, browse some of the top 100 websites, magazines, consumer directed product sites etc. In fact, the items may be logged by literally multiple systems on ONE site - the big players can't seem to pick one set of analytics.
For example, a site I run turns out to be much more desktop heavy (84%) and have almost no firefox usage (3.XX). That's much different than the web as a whole (half mobile). It's a boring site - no entertainment, mostly folks slowly learning things. Mobile side is heavy iphone / samsung -> so we make sure we get site testing coverage through those. Knowing this and acting on it does not make me an idiot.
"But, no, "most" web devs don't do that. Maybe you do. Maybe the people in your company do. But that is not "most," or even "many." I'd say it's probably not even a plurality."
Please folks - form your own opinion - chrome dev tools let's you check out whats going on (or just get an extension) and at the end of the day browsing you can choose to believe me (you are heavily fingerprinted on almost all the sites you use) or these folks upset that I'm calling them out.
Here are default mixpanel properties by the way - I picked one product at random.
I think the problem can be solved using taint analysis in JavaScript. Variables that can be used to fingerprint are allowed to be used locally but not are not allowed to be sent back over the internet. Any variables that are derived from these fingerprintable variables should be considered tainted and be treated the same way.
I was providing a very basic example -> and yes, useragent can still be useful. But agreed, further feature detection, which the article calls "fingerprinting" is needed if you implement anything beyond the most basic patterns. But even basic patterns are helped by some minimal detection. Text only / braille readers etc can be targeted nicely as an example.
Maybe a compromise would be to just build metrics reporting directly into browsers? I'm sure Apple/Mozilla/Google collect this data already, what's stopping them from just forwarding anonymised usage statistics to an HTTP endpoint for each website?
There is more to it than user-agent and screen size. There are tools out there like fraudfox that are intended to provide a way of masking the information. Last I was involved/interested it could reveal quite a bit of specific information. Typically, advanced fraudsters are capable of beating the systems. There are just too many tools available. Even blocking the trackers with noscript/privacy plug-ins can result in a block. Whatever comes out on the anti-fraud side is commonly just a temporary roadblock. The balance between convenience and security for most companies leans towards convenience.
Exactly. Firefox and Safari have both implemented and keep improving the type of fingerprint protection that Google is throwing their hands in the air about.
This summary is a thorough response, pointing out just how ridiculous and meritless the original post[1] from Google was.
[1] https://www.blog.google/products/chrome/building-a-more-priv...
Of course it's not possible that this is true since the observational capabilities of the API are explicitly not being deprecated, only the content blocking capabilities. In other official posts they have claimed that the real "justification" is for performance reasons, which I think is equally nonsense.
can you link to the ridiculous tirade? Cause here's the text I see in full
> The sole motivation here is correcting major privacy and security deficiencies in the current system. I know, because I set that focus, and the team reports up through me. And here's a bit more context on the uBlock assertions. [link to other tweet]
> Honestly, all of the negative coverage here is because the team is doing all of this development in the open and engaging with the community. They're taking feedback and making significant changes in response. So the framing here is just not accurate.
Javascript-based content blocking is technically slower because you need to invoke V8 on all requests, and then it’s up to the extension to make sure that the JavaScript code is fast enough. It surely is more flexible (as you can do whatever you want in that javascript code) but it’s hard to beat a simpler, data-driven content blocking engine written in native code and integrated in the core.
Whether this difference in resources does have a concrete impact or not, remains to be seen. The fact that Apple Safari did it first makes me believe that there is some truth in the technical merit argument; surely Apple didn’t want to make sure their content blockers were ineffective, but was actually using the same approach as always: providing a possibly “weaker” but far more efficient implementation (compared to “de facto standards” on other platforms) to protect iOS resources usage.
https://whotracks.me/blog/adblockers_performance_study.html
That said - that's my choice, I don't have to use those extensions, but the gain is, to my mind, worth the pain. I really don't like the patronising "we know what's best for you" attitude of the Chrome developers - especially because what they came up with as being "best for us" is also best for Google.
That's a dead give away to me that this person is not effective as it's a naked appeal to his own authority.
> The sole motivation here is [...] I know, because I set that focus, and the team reports up through me
As for me, I'll use Firefox.
Also, genuine question: isn't it hard to go private sector if most of your resume is redacted? How do you convince employers that you're talented?
One that tests integrity along with diligence and capability.
You have 2 types of people in the any DoD. 0) the peons who do what they are told. 1) the ones who are bright, know the deal, speak when spoken too, and generally play their role. 2) the ones who are protecting their patch with a bunch of bureaucracy.
Those people who care about civil liberties belong in to (1). They unfortunately, have no real say. And when push comes to shove, (2) owns (1, 0) in every shape and form. At best, (1) goes and takes job with a contractor.
Either way, just because you leave your job, doesnt mean you have left your job. If your a (2), u have a network of resources at your disposal. And sometimes, its calculated.
A (2) will always be a (2). Even in retirement. Even if they take a new job. Their network will remain.
As the parent stated, manifest v3 changes didn't hide any information from extensions (hence, by definition, not improving privacy), and independent studies completely discredit Justin's claims about the effectiveness of ad targeting.
I think the first change was in good faith and reasonable. Provided the filtering abilities are reasonable, it is good for privacy and performance (and it would make sense for eg Firefox to support this api too). (I think I would be happiest with an api that lets you write a pure (somehow enforced) js function from url to an action (eg block/allow/upgrade to https) and 4 bits of data).
Although obviously it is unfortunate if it stops various good extensions from working well.
For the second change, I can’t decide. It could be that they were made deliberately small, or it could be that they didn’t really know what appropriate size limits would be and picked limits which were way too small.
Who really thinks a whole professional team of developers goes and neuters adblockers for nothing?
Let us not be naive.
It took me less than 2mins of thinking (and I am hardly the smartest guy ever) about it to figure out that you can solve the potential privacy hazard that webRequest poses (extensions siphoning off request data) by introducing a special kind of content script, let's call it a request-script, that is input-only/one-way-communication except for a limited set of request manipulation and only when asked by the browser. Such as blocking requests. Of course, the devil is in the details here of what to allow and not allow.
The input-only nature still allows for it to be feed new/updates instructions, and it being a script it can still implement rules that cannot be implemented with a fixed rule list like google proposes. But it cannot make web requests and exfiltrate data like that, it cannot communicate back to the host extension and exfiltrate that like that, it cannot exfiltrate data, period. It only ever is allowed to perform certain (not all) request modifications and only when asked by the browser itself.
That leaves the "performance issues" google claims are a major problem. And indeed, there is a chance a misbehaving extension might obliterate performance. But you can do a lot of things in this space, too. "You" are the browser after all and any extension or any request script is at the mercy of what you're allowing it to do anyway. A low hanging fruit here would be to enforce that a request-script has to give an answer in a sane amount of time. Or warn users when an extension slows down requests too much.
And ultimately users will decide if a e.g. 100ms delay for each request is preferable over downloading a few megabytes of video ads for them or not. That is if google was really interested in protecting their users and improving their experience and did not have other motives...
But yeah, a bad actor would probably just switch away from webRequest to <all_urls> + webNavigation permissions and siphon off data with content scripts. So google's argument that is is a privacy issue and thus they just HAVE TO cripple their webRequest APIs doesn't get any better.
Any additional blocking capabilities (reordering, delaying, selective header stripping) increase the number of bits.
NOPE
I can completely understand that the software engineers working on Chrome are separate from the ones working on Ads, but ignoring that conflict interest that is extremely obvious to some outsiders reduces how seriously these arguments can be taken by this group of people. I think Google needs to do more to highlight that their technical choices in Chrome and other Google products and services does not advantage their Ad business if that is truly the case.
[0] https://www.netmarketshare.com/browser-market-share.aspx
[1] https://www.statista.com/statistics/193530/market-share-of-n...
Update: reworded and added a bit more.
You can't take Google at their word because their word doesn't mean much. Especially when those vows directly contradict their main source of revenue, targeted ads.
http://blogoscoped.com/google-chrome/1
Or Google's equivalent would be, "Then we realized there was money in it, so ..."
> CTO @ AdRoll
I think it would be useful to build a tool that monitors HN users which have a conflict of interest and attempt to discredit valid arguments, or try to derail conversations.
and such a tool would ironically be a tracker (as others have noted).
I know let’s build a tracking network (or join one, let’s say google as they are pretty large) and use that info to work out of their is a conflict of interest or not.
If said comment came from anyone else would it of been dismissed as quickly? Ok it’s Google so prob yes :-p
How HN decides to address that is a separate matter.
[Edit: mistook you for the original commenter and fixed that up]
Further, their privacy sandbox sounds like it would just monopolize the advertising space to them. If they don't allow advertisers to collect data, that takes control away from advertisers and centralizes it to their ad market platform.
The post also creates some weird false dichotomy between cookies and fingerprinting. Let's just block both, yea? That's what is best for the user, and probably best for the web in the long term.
We absolutely need a new funding model for the web (to kill ads). The biggest barrier I see are the high transaction fees of digital transactions (30 cents + 2.9%). I don't know if the solution will be Brave, Libra, or something else entirely. Whatever it is, it can't come soon enough.
Google have been very concerned about lack of diversity on their profitable business portfolio and this was a seemingly promising idea at the moment, so they actually tried that idea and miserably failed. People don't want to pay a single cent to publishers unless there's a significant value delivered (like music, movie subscriptions) while the majority is okay with using their privacy as currency. If you have a viable proposal on a "micropayment" business, go try and become the next tech giant.
Collectively it's untenable for a single for-profit entity to hold highly personal information on billions of people from all over the world and have a direct, immediate communication channel open to them. These companies have immense power and they need to be brought under control.
>For instance, a site like Oxford Reference can charge between 25 to 99 cents for access to a single page of content
I want something entirely different. I want to pay what google makes on me watching ads (or 2x that, I don't care), and distribute that to people creating content I watch without me interfering on that process. Essentially, what happens when I listen to music on Spotify.
To make it a mandatory system is a whole other issue.
It's true that people will probably still only pay for things that provide them significant value, but a) low-value content is one of the biggest problems on the internet, so putting those companies out of business is a great result as far as I am concerned, and b) search is obviously high value content, so Google has nothing to worry about.
That's probably because they actually have tried it: https://contributor.google.com/v/beta
It may seem frustrating for some of us living in nice places, having our own money and access to easily accessible electronic payment systems but for a lot of the world (geographical, age and economic status) that's not available. So while I support being able to have the option to pay to not see ads I also support being able to just see pages (with ads) without having to configure billing, etc. Otherwise a lot of the high value Internet would be only accessible to the group of people I mentioned above and that would be sad (and going against why Internet has penetrated so much of the world).
PS: If you think it's hard to stay anonymous in an Internet of ads, I cannot see how you'd be anonymous in one where you have to configure billing which is traceable (by design) to your physical person.
Now, you have to imagine the CPM is directly related to the value of the goods being sold. That scales per country. It's probably not the perfect proxy, but in the same sense that your viewers from other countries pay out different CPMs, they can probably afford different amounts per video.
It isn't about anonymity. It's about abuse of data. I'm not mad that I can't make anonymous phone calls, I'm mad that my phone provider sells my real time location data. I am happy to pay a company that preserves privacy and trust them with my information. This is a bit aside though, because I more or less trust Google with my information, I just don't like ads. It's not about anonymity.
Sometimes we pay a lot more: https://graphtreon.com/patreon-stats
> The true value of the video is likely much lower.
The true value of the video varies a lot. Some are demonstrably very highly valued: https://graphtreon.com/top-patreon-creators
A premium account is $10/mo.. or $30/quarter. Pandora is part of sirius now.. but spotify has revenue of about 5.50/user/quarter.
Either Pandora is 6x more effective at monetization than Spotify (very unlikely), or that engineer was wrong.
It's sort of related.
Except that the vast majority of the advertising on the internet supports mainly low-quality junk ... The more ads, the scummier and more worthless the site gets, usually.
There are exceptions, few and far between, like news websites I guess. But most of the ads on the Internet are used to support content that you never asked for, never wanted, never would visit, and still get shoved in your face occasionally.
Afaik nobody really tried true micropayments yet. Micro actually means 10^-6, so as TACIXAT mentioned below/above it comes down to 0.025-0.4 cent per one piece of something. Meanwhile what we have seen from the industry is $.99 macro payments. Did Google Contributor really charge people ~0.025-0.4 cent per impression?
People want to be able to opt out of Google entirely, and that product didn’t do it.
I don't care about seeing ads, but I am willing to pay money (and I do, when such an option exists) in exchange for stopping the spying that ads bring.
It's possible to enable advertising while maintaining privacy and security. What was missing was legal and regulatory forces to push advertisers and adtech into it. Now it's here.
Nothing is free. You either pay with cash that you earn, or you pay with your attention with ads. Option 2 is faster, easier, more passive, more affordable and more equal. That's why billions of people prefer to monetize attention on-demand for their content instead of paying cash upfront.
Whether people would pay enough to get anywhere near the costs however, is probably unlikely given how little they pay for far cheaper content on the internet today. Wikipedia is not comparable since the vast majority is unpaid volunteer work and user-provided content.
- convenience: do not underestimate it, lots of supporting evidence that people want maximum convenience. Notice how a small UI change as "one click purchase" increased Amazon sales significantly or why they even make/sell those buttons to put around the house to press and refill periodic stuff
- access: like I was saying in another reply, it's simply the case that in a lot of situations, users (because of age, location and economic status) simply have no good means to pay electronically
- affordability: 10 cent/view pay seem like nothing to us but in many places that can add up to a few USD per month that may be the cost of food of a family for a week. So now you'd have to do geographical location based pricing, dealing with all the crap that comes with it (people using proxies to avoid it, etc)
Affordability is the largest factor by far though because most people just cant pay for everything they consume for free today. When you look at video content especially, it can easily add up to several dollars per day in spend.
Just run something like a Radius server, which any website could query, and which could log usage.
> access: ...
Provide a wide variety of payment options. As many VPN services and VPS hosts do.
> - affordability: ...
I don't know specifics, but I can't imagine how users in places so poor generate the same ad income as users in wealthier places. So just adjust cost/view to generate the same income that the current system does.
Tons of people paid for content before the Web. Newspapers, magazines, books, CDs, DVDs, cable TV, premium channels.
With the Web, dotcoms were focused on IPOs (and so the appearance of possibly being a player in the future), everyone was focused on adoption, there was also a lot of finance opportunism. Then most all of the the business models switched to spying/control, or just more finance scams. For which free content still makes sense.
If you end the spying/control business model, and the current growth-oriented investment schemes, and maybe breakup a few megacorps that never should've been allowed to happen... then maybe we'll get better options for low-friction content payment, and presumably some people will resume paying for content with value.
Also, the US piracy culture needs to stop. One of the reasons that's been hard to argue, starting in the MP3 days, is that some of the most directly affected content organizations (e.g., MPAA, RIAA) had awful reputations. But to the extent that piracy culture affects legitimate economic sustainability for other content (e.g., subreddits that institutionalized pasting news article full text, or rehosting webcomics on imgur), we need to fix the culture, and make it not socially-acceptable.
Sure, but newspapers, magazines, cable TV and premium channels have never really lived off of customer payments, they were always ad-based businesses first (there are exceptions, such as small newspapers and HBO).
Spotify is barely thriving and took 13 years to make its first profit. It's precariously balanced with constant problems in artist payouts and catalogs. Netflix managed to grow by getting into the content production business but is seeing challenges there as costs rise.
And both Netflix and Spotify distribute content that can be consumed multiple times. How many times are you going to read the same article? If the answer was as simple as an HN comment, the industry would've figured it out by now.
Most “content” isn’t worth paying for. Google’s phrasing about publishers not being able to pay to generate content made me think, “Yay, no content mills!”
Separately, people with something to say like to reach audiences. In the distant past, it was called “pamphleteering”.
https://en.m.wikipedia.org/wiki/Pamphleteer
There was a web before banner ads. The content came from somewhere...
That was a tiny web that barely anyone used and even less created for. It's really not the same. Also you don't have the same needs and wants as the billions of other people who spend time online to make a judgement that most content isn't worth paying for.
This thread is about your grandparent comment, ”The biggest barrier is that people don’t want to pay for content.”
Billions of people are the market, your remark opens with the judgment that people don’t want to pay for content. In other words, the market has judged most content isn’t worth paying for.
> That was a tiny web that barely anyone used and even less created for. It's really not the same.
On the contrary, today, certainly a higher number have their words preserved online, as persistent conversations such as this one or perhaps Likes on Instagram. But a far lower percentage of those who are online today “have a home page” for example.
In the mid to late 90s a higher proportion of “web pages” were meaningful, and a much higher percentage of users were also publishers of their own web sites.
Amateur web sites unofficially organized around topics of interest were a thing:
https://en.m.wikipedia.org/wiki/Webring
That content is still getting created, and still getting self-published, it’s just much harder to find.
Self-published home pages like this are still cool:
https://www.gwern.net/
This one uses a kind of ethical advertising:
https://slatestarcodex.com/about/
Note the author invites patronage but says don’t worry about it: ”I have a day job and SSC gets free hosting, so don't feel pressured to contribute. But extra cash helps pay for contest prizes, meetup expenses, and me spending extra time blogging instead of working.” People with things to say will say them.
While it’s still being experimented with, it seems that quality content is worth paying for, even worth patronage:
https://patrons.theguardian.com/
This goes into more detail about content mill versus patronage model for higher value content:
https://www.huffpost.com/entry/its-time-to-democratize-p_b_4...
// Irony of HuffPo well noted.
- Option 1 is to work, turn effort into cash, then spend that cash on the internet.
- Option 2 is to just go to the internet and view ads which turn your attention into cash behind the scenes in real-time.
You're still paying but advertising is a much more seamless, passive, and equally available system, and can quickly scale on-demand. So to rephrase the argument, people want the content, and they pay for it, but they mostly don't choose option 1.
Yes there's a tiny bit that's provided for free by creators who pay for it themselves, but it's so miniscule that it doesn't matter.
How much for Arxiv with ”open access to 1,580,815 e-prints in the fields of physics, mathematics, computer science, quantitative biology, quantitative finance, statistics, electrical engineering and systems science, and economics”?
For huge amounts of valuable content — ideas and knowledge some people want to share and some people want to absorb — self-publishing, patronage, and private or public funding work, at scale. The “amateur web” is still here, it only seems “miniscule” thanks to being buried under the content mills trying to generate placeholder pages for ads.
The web wasn’t born as either subscriptions (pay with cash) or ads (pay with attention), it was a knowledge linking and sharing platform.
Huge amounts of content continue to be produced other ways. There are more options (https://en.m.wikipedia.org/wiki/False_dilemma).
> ”Since its creation in 2001, Wikipedia has grown rapidly into one of the largest reference websites, attracting 374 million unique visitors monthly as of September 2015. There are about 72,000 active contributors working on more than 48,000,000 articles in 302 languages. As of today, there are 5,913,176 articles in English. Every day, hundreds of thousands of visitors from around the world collectively make tens of thousands of edits and create thousands of new articles.” — https://en.m.wikipedia.org/wiki/Wikipedia:About
That’s not so minuscule it doesn’t matter.
There's content and distribution. Sometimes content is freely generated by users (wikipedia, stackoverflow, quora, HN, social media) but distribution costs money. These costs (content + distribution) are paid for by cash (including patronage/donations) or ads. That's it. There's no magical 3rd option.
The amount of content that's both created and distributed for free is miniscule and you haven't quoted a single example yet. Billions of consumers are not going to be satisfied with a bunch of people hosting their own blogs from their home.
You weren’t talking about paying cash for publishing/distribution, because both your two options, paid subscription and free ad-supported, you were talking how the consumer pays and also cost money to publish, cancelling that dimension out.
In the pay-to-publish model, someone is deciding it’s worth their own pocket money (or patronage or sponsorship by powers that be) to publish. That makes it free to consume.
We were talking about the perspective of the content consumer, and for them, the pay-to-publish model is free. They are neither paying for the content, nor are they paying with their attention. Some entirely different actor not discussed in your models, is covering it.
That content, content creators support publishing, tends to be different in nature — someone is willing to spend “their own” money to share the ideas in it freely.
Pamphleteers paid the printing presses by cash too, that’s how they didn’t have to sell ads and how they didn’t have to charge a ha’penny a sheet.
> “Content both created and distributed for free is miniscule and you haven’t quoted a single example yet”
You’re both non-responsive to examples with factual data to back them up, and moving the goalposts. To be clear, I’m agreeing there is too much no-value content getting churned out as filler to advertise against. So much volume, so much noise, the valuable content is buried.
Perhaps we agree there’s too much ad-hosting filler content, and not enough inherent value content.
To keep saying “minuscule” perhaps you use a very different internet. Where are the ads on this site? Are you paying for it? No, someone has an interest in this site and its content being available to a special interest audience. It costs almost nothing to host contentful content of mostly plain text conveying information rather than eye candy to drive clicks. With light design but info rich text content, it’s easy for the ROI to work. Companies know this and publish for free without ads.
If you add “corporate” publishing into the mix, all the company product sites and blogs, combining company sites, academic sites, non-profit/public-good sites, government sites, WordPress home pages of everyone homesteading on the web, etc., it’s not minuscule.
But here’s some hard data from 2018:
“Ad-supported media’s share of consumer time will drop to 42.5 percent by 2021. This past year [2017], the number fell to 44.4 percent, its lowest point ever, per the research.” — https://www.pqmedia.com/product/global-consumer-media-usage-...
Ad-supported is less than half of media time and trending down.
In the beginning, profiting off web content was illegal. Is it impossible to imagine course-correcting this race to the bottom?
- - - - - -
PS. I can’t help but notice the incredibly high not at all minuscule percentage of content linked to from HN that is neither subscription based nor ad-supported, but paid for by its author, some even calling out that they’re free, such as this one from the thread on standing out as a speaker:
What does this cost?
Make your checks payable to a shell corporation I have in the Caymans. Just kidding; it's all free. I hope you enjoy it. Also, if I ever see one of your talks, it better be damn good.
I'll add to this site over time. You might be interested in watching the newest posts page.
https://speaking.io/
Once again, content published to us for free is ironically the very content worth paying for.
I'm not sure what you're even arguing now. You seem to be saying that some sites exist where the creator pays both costs instead of the consumer but I don't see what point that makes. Like I said, that particular scenario is an absolutely tiny portion of the content available.
Is your argument that only content that's completely paid for by the creator is good? That makes no sense.
If you come to my site, and I take money from an advertiser to show you an ad, I simply add that money into the income for my business on my Federal and state tax filings.
If you come to my site, and pay me to view my content, then in addition to dealing with that money as income, I also have to worry about whether I owe sales tax to your state or VAT to your country.
Worse, in many states that tax rate depends on your address, so I'll need to get that from you.
To make micropayments work for web content, someone is going to have to offer a service that integrates the micropayment system with a sales tax/VAT collecting and reporting system. You probably have to set it up so it is actually that service that is selling the content to the end users, so that the sites themselves do not have to deal with the states at all. That may require the service to act as some sort of portal that the users go through to reach the sites.
If it becomes harder and harder to push invasive ad me then more money will end up in dumb ads instead.
The NY Times solution, for example, is to target ads based on relevance to content on the page being delivered. No tracking required, but its relevance to the page can sometimes be more effective than tracking ads.
Conversely tracking ads are not necessarily smart.
Go shopping for a fridge, then buy one. You'll have fridge ads following you around even though you're not in the market for a fridge any more.
This persistent meme commits the fallacy of believing that every person follows the precise same fact pattern as yourself: Buying a fridge on some predictable, perfectly recurring and invariant schedule.
In fact, it is probably far more likely that a person who just bought a fridge will be favorably economically incentivized by an ad for a fridge than a randomly selected person.
For one thing, we know that this is a person who will ever influence a decision to buy a fridge (because they in fact did buy a fridge). Many people will never select a fridge in their life (for reasons that include renting a home, moving into a home which already has a fridge, replacing a non-working fridge with whatever a repairperson selects and is thus not influenced by an ad, is not the person in their family who selects a fridge, etc.)
A person who just bought a fridge is more likely to return that fridge and buy another than a randomly selected person is likely to buy a fridge in the same time period.
A person who just bought a fridge is more likely to be a decision-maker in selecting another fridge in the near-term than a randomly selected person (for reasons that include: buying another fridge for their garage, buying one for their business, recommending one to their contacts).
Buying a fridge is a rare event that probably absolutely correlates positively to buying another fridge.
A more effective ad targeting model would advertise fridges to the friends of someone who recently bought a fridge though, due to a) keeping up with the Jones' effect, and b) friends are likely at similar life stages, ie. getting married, buying a home, etc.
The fridge ads are mostly interesting for someone who has searched for a fridge (either on Google or on the fridge seller's website) but hasn't bought one yet.
I mean these are massive spyware businesses and they should be called out as such.
Newspapers especially fit your model of micro-payments: each newspaper is usually a minuscule amount of money, but that is never enough to sustain it.
There is also the problem of incentives - even if your customers are paying to access the content, if you can then ALSO mix ads with the content, you are guaranteed more money, so businesses will usually be inclined to do so.
Similarly, the free web is mostly content produced by people with little interest in getting paid (see livejournal, tumblr, blogger, pre-monetized everything: youtube, tiktok) and the providers are not simply trying to cover costs, they are trying to become billion dollar platforms.
All I'm trying to say is there's a vibrant internet to be had without prioritizing profitability and allowing ourselves to be subject to surveillance.
Perhaps though there is an ad-free future at could strive towards. I doubt it will happen within the current capitalist framework.
Because it's not valid alternative. It may work some edge-cases, but there's 0 evidence that it could support economy at the same scale as ads.
> We absolutely need a new funding model for the web (to kill ads).
We need to rework how ads work, but killing ads is very naive approach. Ads are core part to how world economy operates (and always have been). Calling for killing advertising is only hurting the case - it makes it easy to dismiss, as some crazy hippie talk.
I know there are probably a lot of people who would rather be advertised to than pay any non-zero amount to view content. Those people should be able to pay with their attention.
Maybe we don't need to kill ads, but having the choice to pay with money would definitely be welcome to people like me.
I don't think it's at all reasonable to compare the way ads used to be (inert) to the tracking/privacy/malware nightmare that online advertising has become.
Just because we've always had some (comparatively mild) forms of advertisement doesn't mean we should put up with this blight.
And I'm a fan.
I mean seriously I would probably pay more.
I hope regulations from governments help bring google down in size instead of breaking it up for a monopoly. IT has been extremely lucrative.
I remember when I was much younger, there were banner ads on a bunch of pages (and pop-ups/pop-unders of varying levels of frustration). The banner ads were fine even when we were rocking 56k internet: not beloved by any stretch, but typically reasonably okay.
I have previously toyed with ad blockers, but at a certain point stopped, figured I'd play nice or whatever. Then there were sites that over time legitimately ate into computer resources to the point they were eating way more energy than reasonable (I can't remember which one, but there was one that if I left the site open long enough, it'd crash all open tabs). At that stage, I went back to ad blockers. I really wish it didn't come to it, but man, that whole "give somebody an inch and they'll take a mile" is in full display online now.
I think as this conversation evolves, we will find that there is an additional human right, the right for others to not use undue force to influence your mind. This whole battle is ultimately one to secure this right.
Even on my home network something insane like 30% of packets sent and received are ad or tracking related, which I know because they all get blocked by the PiHole sitting next to the router.
Choosing to block ads literally makes my browsing go faster, and keeps my data limits from being blown out. AND it prevents fingerprinting of my habits? It's a complete no-brainer.
Battery life is a huge concern. Also page load speed. I am having a hard time processing your comment: I should slow down my computer and decrease the battery life because why? Other people can’t be arsed to care if their ads screw up my experience?
Personalised ads, tracking, etc: Criminalise it. By which I mean, after a cooling-off period, jail people still pushing it.
http://www.mikeonads.com/2007/03/01/punch-the-monkey/
- Forcing websites to explicitly mark cross-site cookies, or they get blocked for cross-site usage. They also seem to be hinting at adding better ways to clear cookies in Chrome. [1] [2]
- Further attempts to block fingerprinting. (Vague, seems hard?)
These seem like... good things? The SameSite initiative makes CSRF attacks harder. Maybe not big news or as strong as you'd like, but in the right direction?
[1] https://web.dev/samesite-cookies-explained/ [2] https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-s...
Why does anyone even allow third-party cookies anymore? I've had them disabled for years at this point, and I can count on one hand the number of times it's been noticeable, and I think there was only a single time I actually found it worthwhile to enable third party cookies to access the site.
I do have some appreciation for how badly it would break a lot of the web applications though, but it seems like it might work.
GDPR only safeguards your data from the honest. What we need is a technological solution.
Users or extension authors can't do much other than blocking those scripts or restricting what the whole page can do because it's difficult to attribute actions to a specific script.
When things don’t work I either disable it for the site or click away. Sometimes I fiddle with it out of curiosity to see what the site relies on.
As a side effect it gives me a sense of what sites are professionally built and which are not.
EDIT: What I mean is example.com/api/hello could hit your back end, but example.com/js/script.js hits S3 (or another static hosting service) instead of hitting your real origin.
So even though to the browser it would appear that /js/script.js is coming from example.com it could actually be coming from anywhere else.
BUT the cookie origin would take over. So if script.js was a tracker. the cookie it set on the browser would be example.com and not "AnotherSite.com" which had the same tracking script. But if the script can make the same fingerprint from both domains then that's not so much of and issue. But thats going back to other methods of fingerprinting.
Basically, you are confusing some terminology and not really making any point: in your example, there is only one origin, that of example.com. Yes, servers can forward any data they wish to other web sites (like AnotherSite.com).
What is the point?
But in this context, how does this matter? "Origin" is a client/browser side concept, and however you serve your website internally, it appears as one web site. Basically, I replied to a comment bringing CDNs into discussion where they are totally irrelevant.
Origin checks can't protect you against servers forwarding your data to a privacy-invading site (eg Google), and a server can do that simply by being a reverse proxy to another site.
JS has got too much access to too much information.
All styling declared and don't let JS interrogate style info from the DOM
Since sites that use responsive designs are a constant pain in my side, if they stopped working then I'd personally be a little happier with the web.
Why? Because I have reader mode turned on by default and haven’t looked back since over a year ago, and I can’t imagine the web without it any more. It’s the only thing that makes the web tolerable, no matter how many ad blockers I install.
If everyone else used it too, websites would become wise and start blocking it somehow.
Oh, wait, I mean, reader mode is terrible and nobody should use it!
Oh and I love the “thank you in advance for your help” lol what?
>> "There is little trustworthy evidence on the comparative value of tracking-based advertising."
This is flat out wrong. Google and Facebook have proven that there are BILLIONS of dollars on the table for the value of "tracking-based advertising"
As an engineer who used to work in ad-tech, making appeals to reason to these companies won't help. There's a lot of money flowing in this sector, and unless large internet companies see the value in changing their ad-based business models, the only thing that will dissuade them are shifts in public opinion, laws, and policy.
Or a rearchitecture of the web, which I'm all for :)
Only if you assume value == money. The question is not whether advertisers will pay extra for tracking-based advertising (your definition of "value"), the question is whether they are getting what they're paying extra for (what others are considering "value"). That someone pays for extra for something doesn't not necessarily mean it's worth it.
That's what we need data for before trusting any hand-waving argument.
Google are in an ideal position to test this and publish results on (eg. A/B testing on ad selection method). Not that we'd really trust them completely, but at least we'd have something to go off. :)
[1] https://techcrunch.com/2019/05/31/targeted-ads-offer-little-...
I don’t get value out of tracking-based advertising. The best ads are still search-term based where ads help me find.
There’s no to little evidence that tracking based ads benefit the user. (although it’s clear that it makes tons for advertisers)
Is it? Please link! Thanks.
I wonder if the director of chrome engineering has drunk the koolaid enough to believe this? Or whether they feel really bad about carrying water to pay the bills.
I tried out Google’s non-personalized ads for a while, and wow the ads were bad, especially on YouTube. Not like irrelevant but downright obnoxious. But wait, we’ve seen this before!
A couple years ago, Google noticed that ads were starting to get downright atrocious and started fighting them. One relevant blog post: https://blog.google/technology/ads/building-better-web-every...
Why Google oh why are ads so bad? Because advertisers got more evil? Yes and no. Google got more evil advertisers as all the good ad money went to Facebook’s properties.
2012 https://www.emarketer.com/newsroom/index.php/google-edges-cl...
2019 https://www.emarketer.com/chart/217028/facebook-vs-google-sh...
Google’s recent blogpost is frustratingly “right”: given the opportunity cost of bad ads, an average user is better off opting in to higher-quality tracking-targeted ads. BUT! That is only because Google the ad company lost the good content. And sadly, Google the software company owns the browser, so they have to make do in a Google world.
This isn’t even an issue about privacy. It’s about a company overtly misrepresenting the interests of its users in bad faith. No different than Uber tacking on the $1 “safe rides” fee as a pure margin generator rather than as protection for riders.
Exactly. I'm really stupefied with arguments that I'm "better off" by opting for tracking ads. Why am I better off? What good does it do to me? It almost seems like these arguments are coming from some other world which I am not living in.
This quote is hilarious, but if, as the article suggests, privacy-invading, tracking-based ads aren't much better than content and region-based ads, presumably advertising companies like Google could abandon it and still provide similar value to their customers.
It might even save time, resources, and money since they wouldn't need to put as much effort into tracking.
A contrast with law enforcement, is that the abusers are not punished and deterred, but instead encouraged to escalate the potency of their behaviour. Anti-tracking technology is preventing pick-pocketing by expecting people to ride in armoured cars. This should be part of the solution, but we also need deterrence.
Laws like the GDPR should in theory help, but sadly enforcement with regard to tracking consent has been lacklustre, and consequently and predictably the law is widely flaunted. This makes the mitigating technical measures all the more necessary, yet they are not a panacea.
"Hey AdTech Network. Here is the server from Free Newspaper. Can you send me an add for Free Newspaper user X at IP Y?" "Hey Free Newspaper. Oh, that guy? I just saw him buying a flight ticket at Flight Aggregator. He is definitely Flight Aggregator user Z. Here is a targeted ad."
I work in a very boring niche for a small company and you'll receive email from us and we'll know what ads you clicked to find us 1 year ago and that we'll keep your entire browsing history and utilize it to tailor our messaging and that's just a begining of it. And our budgets are fraction of what huge online advertisers spend.
Modern digital marketing wouldn't be possible without tracking and that's just how it is.
If we make it harder via regulations, we'll just make it more expensive and that's all. Kind of similar as drugs - demand is so strong that supply is going to be there no matter what you do.
Almost like they have some financial interest in determining user behavior so they can deliver more targeted ads. Almost like they are an adware company.
Nah, can't be that. That would be like a conspiracy or something......
Umm.. no thanks!
Now are WordPress using that ability to track users which the owner of this site isn't aware of? That's another question.
Edit: This page doesn't contain any emoji, But it prob just a WP Plugin that replaces any into broswer/os emoji.
You: TeX is turing complete too!
Great. Thanks.
> Some ideas include new approaches to ensure that ads continue to be relevant for users
'nuff said
Calling arguments "absurd" or "disingenuous" is itself arguing in bad faith, and respectable publications can do better.
This sort of thing happens in real life all the time. In the debate over drug policy, one of the major arguments for legalization is that drug prohibition leads to different types of crime. On the one hand, this is a "defeatist" attitude to have about drug policy. On the other hand, the world is complicated, and sometimes we have to make compromises.
The author continues:
> Based on peer-reviewed research, including our own, we’re confident that fingerprinting continues to represent a small proportion of overall web tracking. And there’s no evidence of an increase in the use of fingerprinting in response to other browsers deploying cookie blocking.
That's an excellent, concrete point to make about the question. But it's not "absurd" for others to have less confidence in that conclusion. It sounds like a tricky open question.
Calling an argument 'absurd' or 'disingenuous' is not an argument, it's a conclusion. Its value lies entirely in how well the point is proven.
Here, the article does a fair job of that task. It supports the idea that the argument is absurd because mitigations against browser fingerprinting are already in development, and it supports the idea that the argument is disingenuous because in a comparable situation Google itself did not deploy a privacy workaround, so it should know that fingerprinting is not a universal response.
I take your point, but calling people out for being disingenuous when they are, in fact, being disingenuous is not bad faith at all.
It may be harsh to be dismissive of Google's claims, but Google chose to put itself in a position where they have deep, systemic conflicts of interest.
When you have a company with strongest possible interest in profitable advertising, who also makes browsers, operating systems, and controls key services that are effectively chokepoints of the internet, it's not unreasonable to assume that SMEs would question your commitment to finding a solution that would hurt you. When you write an article that demonstrates that others have been able solve impossible technical problems that an engineering organization at Google cannot, it's difficult to call that "bad fath" reporting. In fact, anyone who assumes that a company will inflict harm upon its own short/mid term financial interests is clueless, because that is what management demands at any public company.
If Google did something like implement strong organizational walls that isolated advertising from other lines of business, like a newspaper, perhaps I would agree with you. If Google was showing market dominance in other areas, like cloud computing, perhaps I would agree. But they do not, and in fact they are integrating components of their business more and more, and are compelled to do so by their duty to shareholders. (See Google One as an example)
If they are not real arguments, but false dilemma kind of arguments presented specifically to push an agenda, how do you call them? You definitely can't take them at face value and provide counter arguments, you can only call them out.
> large scale blocking of cookies undermine people’s privacy by encouraging opaque techniques such as fingerprinting. With fingerprinting, developers have found ways to use tiny bits of information that vary between users, such as what device they have or what fonts they have installed to generate a unique identifier which can then be used to match a user across websites. Unlike cookies, users cannot clear their fingerprint, and therefore cannot control how their information is collected. We think this subverts user choice and is wrong.
the argument claims:
- people block cookies so fingerprinting methods had to be implemented
- cookies, unlike fingerprinting, can be deleted
- because cookies can be cleared people should just embrace them and keep their ability to choose
Actually, fingerprinting is not JUST used to track users for ads. Describing the characteristics of a device is used for lots of other purposes as well. For example canvas size etc etc useful for other reasons. Many / most web dev folks rely on fingerprints (user agent / screen size) when targeting layouts, adding / removing features etc.
The whole analogy where police are cracking down on criminals is the same as cracking down on fingerprinting is what is "absurd" and "disingenuous". A better analogy is wanting to have a 10mph speed limit to reduce pedestrian deaths. It would (and I like car free planning so would support it). But it would ALSO make commutes etc slower.
If I write a page that uses user agent / resolution to serve up a layout -- that's not fingerprinting. Fingerprinting would be if I tried to identify a particular user with those elements.
I think the problem you're trying to illustrate is that it is difficult for a browser to determine what the requesting site intends to do with those parameters. The browser doesn't know if you want canvas access to draw a pretty picture, or if you want canvas access to perform identification of the user.
I've been building web sites commercially since 1997. I have never done any of those things.
Unless the company you work for has the marketing or advertising department in charge of the IT department, this shouldn't happen. I'm sure that Facebook and a bunch of other terrible companies do it, but they shouldn't. The closest I ever came was during the era when you had to detect IE6 and work around that.
But, no, "most" web devs don't do that. Maybe you do. Maybe the people in your company do. But that is not "most," or even "many." I'd say it's probably not even a plurality.
To put it bluntly: If you think that's web development, you're doing it wrong.
The shift from IE to chrome was told by user agent strings. Almost EVERY web developer was tracking this and figuring out what features would work reasonably and what would not during this shift for the websites they maintained. In other words, what parts of the standard HTML were widely supported among users visiting their sites.
If you worked internationally you'll know that this was very different on a country by country basis.
Surprised to hear the claims that only a few do this. It is CRITICAL to developing useful websites -> you need to know what version of HTML to target at a minimum. Screen size, mobile vs desktop all also matter.
I'm now realizing why some web devs can charge so much - they might use these tools -> while others don't?
User agent sniffing is a bad idea and fragile. Feature detection and shims work much better. CSS media queries are quite sufficient for screen size and resizing issues.
Most importantly, none of this ican be fingerprinting unless you are sending these metrics back to your servers which is IMHO unethical.
The posters above, sorry for my tone, are lying when they claim that most websites don't do this and most developers don't. It's actually easy to expose their lies. Just visit some websites and check their tracking approach / tools. Literally, browse some of the top 100 websites, magazines, consumer directed product sites etc. In fact, the items may be logged by literally multiple systems on ONE site - the big players can't seem to pick one set of analytics.
For example, a site I run turns out to be much more desktop heavy (84%) and have almost no firefox usage (3.XX). That's much different than the web as a whole (half mobile). It's a boring site - no entertainment, mostly folks slowly learning things. Mobile side is heavy iphone / samsung -> so we make sure we get site testing coverage through those. Knowing this and acting on it does not make me an idiot.
"But, no, "most" web devs don't do that. Maybe you do. Maybe the people in your company do. But that is not "most," or even "many." I'd say it's probably not even a plurality."
Please folks - form your own opinion - chrome dev tools let's you check out whats going on (or just get an extension) and at the end of the day browsing you can choose to believe me (you are heavily fingerprinted on almost all the sites you use) or these folks upset that I'm calling them out.
Here are default mixpanel properties by the way - I picked one product at random.
https://help.mixpanel.com/hc/en-us/articles/115004613766-Def...
People are spending literally billions on analytics using this (and much more) in terms of trying to figure out how to make a bit more money.
Do you consider being able to support my family for a couple of decades successful?
You can imagine a case where not tainting a variable implies something about the user.