Goodbye FLoC, hello Topics
Back in May, we looked at a Google proposal to replace third-party cookies with something called the "Federated Learning of Cohorts" (FLoC). Third-party cookies were once used to track users all over the web so that advertisers could, supposedly, target their ads better, but, of the major browsers, only Google's Chrome browser fails to block them today. Google took a fair amount of flak for FLoC, since it was not perceived to be much of a win for users' privacy—and was mostly a sop to the (Google-dominated) web-advertising industry. Now the company is back with a different proposal that could, eventually, replace third-party cookies in Chrome: Topics.
FLoC would effectively pigeonhole users into "opaque" categories (cohorts), so that a given cohort ID would reflect a common set of interests those users have based on their recent browsing history. But exactly what information was being communicated is unclear, and was only opaque to browser users. Advertisers would presumably have been given some information about what a given cohort ID represented (so that they can target their ads) and web-site owners could potentially correlate additional information (e.g. account information) as well as track cohort ID changes over time.
No one, other than Google and web advertisers apparently, was lamenting the loss of third-party cookies, nor really looking for another "more limited" mechanism to track users' browsing habits. But Google sits in the catbird seat with respect to the web; the company is the dominant web-advertising player while also developing and distributing the most popular browser. That has allowed it to dictate, at least to a certain extent, how user tracking will (or will not) be done.
Apparently, the uproar over FLoC succeeded in diverting that particular plan, so Topics was born. Overall, Topics is more privacy-friendly than FLoC, though it still "leaks" more information than many will be comfortable with—that is the point, after all. But it is less opaque than its predecessor, with more controls for the user, though it is still an opt-out feature, so it will be on by default unless users take action.
The GitHub Topics API repository has more technical details than the introductory blog post linked above. The basic idea is that the browser tracks the user's top interests (based on a set of categories) over the past three weeks, then shares them with participating sites. The blog post describes it this way:
With Topics, your browser determines a handful of topics, like "Fitness" or "Travel & Transportation," that represent your top interests for that week based on your browsing history. Topics are kept for only three weeks and old topics are deleted. Topics are selected entirely on your device without involving any external servers, including Google servers. When you visit a participating site, Topics picks just three topics, one topic from each of the past three weeks, to share with the site and its advertising partners. Topics enables browsers to give you meaningful transparency and control over this data, and in Chrome, we're building user controls that let you see the topics, remove any you don't like or disable the feature completely.
The Topics "are thoughtfully curated to exclude sensitive
categories, such as gender or race
". Meanwhile, the mapping of
sites to Topics will be done in the browser as the GitHub site describes:
The topics will be inferred by the browser. The browser will leverage a classifier model to map site hostnames to topics. The classifier weights will be public, perhaps built by an external partner, and will improve over time. It may make sense for sites to provide their own topics (e.g., via meta tags, headers, or JavaScript) but that remains an open question discussed later.
Advertisers (and others) can request information via a JavaScript call to
document.browsingTopics(), which will return zero to three Topic IDs,
one for each of the previous three weeks, in a random order. The top five
Topics for a given week are collected and one random Topic chosen from the
full list is added in; one of those six Topics will be chosen for the week.
In addition, Topics are tracked in a somewhat
complicated scheme to try to "prevent the direct
dissemination of user information to more parties than the technology that
the API is replacing (third-party cookies)
". Said scheme restricts
sending Topics to callers that have already called the Topics API for the user on another site
that shares a Topic ID with the site in question. So browsers can only
send a Topic ID if the advertiser has asked for Topics from a
related site (i.e. one that shares the Topic). The GitHub site has a
lengthy example to show how it all works.
The blog post shows a mockup of the interface for the browser that will allow users to view the Topics associated with them and to delete any that they do not wish to share. Users would need to do so regularly, though. The strategic use of Incognito Mode would also prevent those Topics from being added into the tracking, since browsing in that mode is not visible to the Chrome Topic-handling code.
Sites can opt-out of the Topic gathering by way of a HTTP header returned with their pages. Sites that do not want to participate can add the following header:
Permissions-Policy: browsing-topics=()
To its credit, Google will also be honoring the opt-out header value
(interest-cohort=()) that was available for FLoC, so sites that
have already made that change (e.g. LWN.net) do not need to do anything
further. The same complaints raised about this header for FLoC, with
regard to web frameworks and content-management
systems that do not provide ways to add this header, are still relevant, however.
Both FLoC and Topics are part of Google's Privacy Sandbox project. The FLoC experiment came to an end back in July; Topics is in the public discussion phase and has not been implemented in any browser at this point. While Google clearly hopes that other browser makers follow along, it is not clear that they will. Users do not seem to be clamoring for "relevant ads" (somehow defined); that feature is seen as somewhere between "creepy" and "annoying" (or both at once) by many. The Privacy Sandbox Topics site—another detailed, but less technical, description than the GitHub site—has a somewhat different take, naturally:
Interest-based advertising (IBA) is a form of personalized advertising in which an ad is selected for a user based on their interests, inferred from the sites they've recently visited. This is different from contextual advertising, which aims to match content on the page the user is visiting.IBA can help advertisers to reach potential customers and help fund websites that cannot otherwise easily monetize visits to their site purely via contextual advertising. IBA can also supplement contextual information for the current page to help find an appropriate advertisement for the visitor.
But one of the more annoying aspects of targeted ads, those based on Google searches, are not really impacted by this change, it would seem. There is no easy way for fleeting searches, or those that resulted in a purchase that is not likely to be repeated anytime soon—or ever—to be removed from the information that Google provides its advertisers. Incognito Mode can help there, too, but the user has to remember to switch. While it is sometimes comical to see Google ads recommending the book you just purchased, or the hotel/flight/rental car you already reserved, it hardly seems like it leads to increased sales for the advertisers.
Overall, Topics is thought-out quite a bit better than its predecessor, but it still suffers from privacy concerns. Part of the problem is that some users do not want to see ads for unrelated interests when they visit a site—or they don't really want to see ads at all. There is a balance to be struck, since running web sites that provide useful content is not free; it is not clear that Topics truly finds that (unattainable?) sweet spot, however. Meanwhile, privacy advocates and users who care about such things are unlikely to be mollified, even if the grounding of FLoC is welcome.
| Index entries for this article | |
|---|---|
| Security | Privacy |
| Security | Web browsers |
Posted Jan 26, 2022 21:40 UTC (Wed)
by flussence (guest, #85566)
[Link] (16 responses)
How do we opt them *in*? Maybe if the browser is creepy and annoying enough, they'll stop using it.
Posted Jan 27, 2022 16:23 UTC (Thu)
by khim (subscriber, #9252)
[Link] (15 responses)
The only is via legislation and it's not clear whether this would be better solution than disease. Lots of small US sites still refuse to show anything to people from EU just to make sure GDPR doesn't affect them.
Posted Jan 28, 2022 7:49 UTC (Fri)
by JanC_ (guest, #34940)
[Link] (14 responses)
(Also, it’s not just small sites doing that, but some large networks of sites too…)
Posted Jan 28, 2022 10:52 UTC (Fri)
by khim (subscriber, #9252)
[Link] (13 responses)
I don't see how. Web site is outside of EU. Website makes it absolutely clear than EU citizens are not welcome. How can it fall under EU jurisdiction? Sure, GDPR may include words which may talk about that situation, but it's not clear what court would be able to enforce these.
Posted Jan 28, 2022 14:10 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (11 responses)
As far as the EU is concerned, GDPR applies if you process data of an EU resident, regardless of where you are based. You simply must not process an EU resident's data at all (even if you tried to stop them giving you access to that data) or be in breach of the GPDR.
In practice, this comes down to how easy it is to punish you - a web site hosted in Russia by a lone hacker living in Moscow almost certainly has nothing that the EU can legally take as a penalty. The Wall Street Journal, on the other hand, is owned by a company with business interests (Sky Italia, for a start) in the EU; if the WSJ refuses to submit to GDPR, the EU courts could well take the penalty out of the business group as a whole, and make it the business group's problem to make that work out in their accounts.
Posted Jan 29, 2022 2:22 UTC (Sat)
by pabs (subscriber, #43278)
[Link] (10 responses)
Posted Jan 29, 2022 10:13 UTC (Sat)
by farnz (subscriber, #17727)
[Link] (9 responses)
Yes, it does. It's the fact that the data subject is EU-resident that counts from the law's point of view. Which is a separate matter to enforcing it, as it's very hard to enforce against an entity with no EU links at all.
Effectively, though, the EU is saying that if you're big enough to have EU links, GDPR applies to you whether you take efforts to avoid coming under its banner or not.
Posted Jan 29, 2022 16:46 UTC (Sat)
by khim (subscriber, #9252)
[Link] (8 responses)
Have this been actually tested in court? EU may say anything it wants, but the idea that someone who lives in the other country and does reasonable effort to never fall under jurisdiction of some foreign law yet, somehow, becomes bound by it, sounds very suspicious. Not even Russia (who tries to make sure large internet companies have physical presence in the country) have ever tried to say that someone, who is not, legally, works in Russia should follow Russian laws. Heck, even China doesn't try to force Google to censor content on Google.com (and yes, Google have pretty significant presence in China because otherwise it's very hard to produce electronic devices in modern world).
Posted Jan 29, 2022 21:06 UTC (Sat)
by farnz (subscriber, #17727)
[Link] (7 responses)
Not yet, but there's no reason to think that the EU won't apply GDPR the way it says it would. The rationale is that reasonable effort to not process the data of EU residents and citizens outside the terms of the GDPR is to always comply with the spirit of GDPR restrictions, not to try to ban EU residents and citizens from accessing your data.
More generally, the EU is quite keen on the idea that there should be no route that allows an EU entity to do an end run around the GDPR by somehow importing EU residents data from outside the EU; that means that if you don't comply with the GDPR requirements, then you need your data pile to be poisonous to EU entities, including others in the same group as you.
This is directly targeted at big tech like Google and Facebook - those companies can't be allowed to play tricks that allow them to say "welp, our bad, EU and US data got intermingled, so we breached GDPR. But don't worry, we made reasonable efforts not to fall under EU jurisdiction, so it's OK".
Posted Jan 30, 2022 15:34 UTC (Sun)
by khim (subscriber, #9252)
[Link] (6 responses)
No, it's not reasonable. If some group of people forget about what country borders are and how law works then it's not a good idea to try to placate them, usually it's cheaper to ensure you don't need to deal with them. Only if you are already deeply involved with them it may be too costly to block them and pretend they don't exist. Note: I'm not talking about specifics of GDPR here. The mere fact that it, supposedly, applies to entities beyond the EU border when they are dealing with people who are outside of EU border is deeply troubling and worthy of fighting against. Then why do they write a law in a way that mom-n-pop shop somewhere in Bangladesh have to, formally, deal with law of foreign country which they may not even know exist? I have come to be accustomed to Russian lawmakers to be crazy but their latest invention sounds much more logical and clearly says: if you large enough and have enough customers in Russia mainland you have to deal with our rules (and if you have 500000 visitors daily in Russia then you are definitely large enough to afford office there), if you are someone small or foreign (and don't deal with lots of Russian citizens already) — we don't care. There's centuries-old saying: however strict Russia's laws may be, their full power is reduced because they rarely are fully enforced. While European countries always tried to think about how laws can be executed once written. And it just starts looking to me that Europe and Russia have swapped approaches to laws! This is madness!
Posted Jan 31, 2022 9:45 UTC (Mon)
by taladar (subscriber, #68407)
[Link] (5 responses)
If anything the US approach of applying their laws abroad in all kinds of cases that do not even remotely relate to protecting their citizens is an issue, not the EU one.
Posted Jan 31, 2022 12:47 UTC (Mon)
by khim (subscriber, #9252)
[Link] (4 responses)
Sure, countries have spent resources to protect their citizens when possible. But that's significantly different from saying that laws of your country, somehow, should affect people in the other countries without these countries signing any agreements with you. Even embassies or military bases impose foreign rules on their own soil, not around the whole country where they reside. What's the difference? In both cases one country claim it's laws are extraterritorial and trump the laws of the other countries without there being an additional agreements to provide that extraterritoriality. The only difference I see if that US is willing to use force to support that interpretation and EU only tries to impose it when it have the opportunity to do so on their own territory, but the idea is the same.
Posted Jan 31, 2022 16:58 UTC (Mon)
by kleptog (subscriber, #1183)
[Link] (3 responses)
This happens all the time though. You don't need to interact with a country to be affected by their laws, you just need to interact with a person from that country. That's one of the things of the internet, it makes cross-border issues very common.
(BTW, "affect" is a very board term that can mean almost any kind of interaction)
The issue here revolves around the concept of "ownership". If I, by the laws of my country, legally own a widget X, then if I go to another country then they will generally accept that I own that widget, even if that country has never has any relations with my country. There are formal legal frameworks to give this effect, but even without these the concept of ownership is fairly universal.
When we created copyrights and patent we decided that people could own them. And in countries that didn't recognise said copyrights/patents they weren't bound per se, but there were plenty of tactics deployed, like import blockades, fining local subsidiaries, tariffs, seizing assets, etc to encourage said countries to recognise the existence of copyrights/patents and their ownerships and associated rights.
Now we're on to the next stage where some places in the world (the EU particularly) have decided that people own their personal data and have rights regarding them. The US in particular doesn't believe this and think people and especially large tech businesses have the right to do whatever they like with other people's personal data. As such we will see such tactics as import blockades, fining local subsidiaries, tariffs, seizing assets, etc to encourage said countries to respect the rights of the owners of their personal data.
The interesting thing is that people in the US are waking up to the idea that companies in China can also collect data on US citizens and process that however they like. Now the shoe is on the other foot they worry whether maybe they should prevent that, but unless you actually start with the idea that people have rights over their personal data, it's hard to argue China is doing anything wrong.
So back to the mom and pop shop in Bangladesh, if they do a transaction with an EU citizen that involves the transfer of personal data then they can choose (knowingly or otherwise) to not respect that user's rights and there may be consequences of that.
Posted Jan 31, 2022 17:54 UTC (Mon)
by khim (subscriber, #9252)
[Link] (2 responses)
Nope. Here's Russian version. Foreign citizens enjoy rights in the Russian Federation and bear obligations on an equal footing with citizens of the Russian Federation, with the exception of cases provided for by federal law. You may talk about GDPR or US law or anything like that as much as you want, court would just declare all these papers irrelevant and would ask you when and how agreement between Russia and your country was made and when federal law was changed to accommodate it. Yes, Internet made is possible to interact with someone who haven't left their own country. This creates collisions. What consequences? Bangladesh would ask EU citizens not to visit them? This is already happening, albeit under different pretext. Yes. And they, unilaterally, decided that the other countries wouldn't do anything about their wishes and desires but would just blindly accept them. They would, but blind acceptance is not in the cards. Nope. Not even close. Yes, EU may have started all that with the good intent. But… the road to hell is paved with good intentions. Other countries took note… and started preparing counter-measures. In particular Russia demands that information about Russian citizens is processed in Russia — and wouldn't care one jot if it would contradicts the GDPR. No. You may declare it illegal to collect personal data of US citizens abroad. Not say that citizens have certain rights over their data but that US have jurisdictions over them. China may agree to that. Move physical borders between countries into the virtual space, Internet. Rights of certain individual citizens? Nope. Never seen such an inclination in China authorities before, don't think they would start doing that now. And even if some agreements would be reached and GDPR would become law in Russia — this would happen not because EU said so, but because Russia would adopt it into “federal law”. Which, frankly, sounds less and less likely with each passing year.
Posted Feb 1, 2022 14:00 UTC (Tue)
by kleptog (subscriber, #1183)
[Link] (1 responses)
Clearly there's some miscommunication going on here, because I don't see the relation. The GDPR doesn't apply to the data of Russian citizens, so what's the relevance?
How can it contradict the GDPR since it doesn't apply to the data of Russian citizens in Russia?
Then you need to get up to speed (this entered into force 3 months ago):
The PIPL establishes the mechanism of personal information protection in China and it is modelled, in part, on the GDPR. It introduces several important concepts, such as personal information, sensitive personal information, and processing. It explicitly stipulates its exterritorial jurisdiction, and provides the traditional elements for data protection, such as principles of personal information processing, consent and non-consent grounds for processing, cross-border transfer mechanisms and rights of data subjects. At the time of writing this note, some provisions are still waiting for implementing rules to provide clarification.
The right of privacy and personal information would be categorised as a personality right, which provides a legal remedy from the perspective of Torts in cases of infringement of privacy and/or personal information. Furthermore, privacy is defined by law for the first time, which refers to the private peaceful life of a natural person and the private space, private activities, and private information that a natural person does not wish to be known by others.
Of course, being China it's surrounded by certifications and a lot of other top-down bureaucracy that the GDPR doesn't have, but many of the basics are similar.
Posted Feb 1, 2022 14:22 UTC (Tue)
by khim (subscriber, #9252)
[Link]
Huh? We are discussing that one:
You don't need to interact with a country to be affected by their laws, you just need to interact with a person from that country. We are not talking about Russian citizens, but about foreigners who are, miraculously, according to you, entitled for what GDPR promises even if they are in Russia. But Russian law is extremely clear: when you are on Russia soil you may forget about your country laws which say something. Either there are Russian which gives you some rights or you have no rights at all. Which means that if you ban the EU citizens on your website you can safely ignore GDPR: EU citizens which interact with you legally can not bring it in the court and the ones who used VPN to pretend they are on Russian soil are very unlikely to be taken seriously by the court. Yes, GDPR have opened the Pandorra box. Now every country claims that their own law are exterritorial and apply to the whole world… but can they actually enforce that? When other countries (like Russia and China itself) explicitly refuse to accept that exterritoriality? I think that it would take 5-10 years before we would reach the final outcome, but I don't think it would be the ability of EU to enforce GDPR in all countries around the world and the ability of China to enforce PIPL around the world. More likely outcome is separation of the world into regions with clearly outlined borders and where mon-n-pop shop in Bangladesh would continue to blissfully ignore GDPR (but may be tied by PIPL depending on where the line between regions fall). IOW: I don't see the trend moving into the direction of more respect for people privacy. I would expect more and more geographic bans instead.
Posted Jan 28, 2022 23:22 UTC (Fri)
by Wol (subscriber, #4433)
[Link]
There's a lot of FUD flying about the GDPR, and it's a good thing that it gives people control over data about them, but the central tenet is that the data subject is in control.
If the data subject CHOOSES to hand their data over to a data controller outside the jurisdiction of the GDPR, pretty much any court will be behaving lawfully when they say "more fool you" to an aggrieved plaintiff.
The point of the GDPR is to protect me if I hand over my information as, say, a condition of employment. If my employer then sells (or fails to look after properly) that data, they WILL get slammed under the regs. But if I just hand over my data to any Tom Dick or Harry, then that's *my* problem. That's why websites ask permission - if they collect it without my knowledge then they're supposed to destroy it sight unseen.
Cheers,
Posted Jan 26, 2022 22:05 UTC (Wed)
by james (subscriber, #1325)
[Link] (11 responses)
This was always a problem for FLoC, since membership of a cohort can easily reveal political opinions (for example, which news sources a user accesses). If membership of a cohort could be combined with other data to identify an individual, it is illegal to process that data (i.e. that the user is a member of that cohort) until the user gives explicit consent to it, which is a bit of a problem when this is all supposed to be automatic.
One might conclude that if it took this long for Google to identify this problem, they are not seriously looking for a replacement: they just feel it necessary to be Doing Something before someone decides to actually enforce GDPR on the advertising industry.
Posted Jan 26, 2022 22:29 UTC (Wed)
by dskoll (subscriber, #1630)
[Link] (9 responses)
So what do you think the probability that someone interested in "Face & Body Care/Make-Up & Cosmetics" is a woman? I'd say at least 80%. And how about the probability that someone interested in "Off-Road Vehicles" is a man? I'd say at least 55-60%.
Add in enough categories and I bet Google could figure out gender, at any rate, with a confidence of 95%.
Posted Jan 27, 2022 0:51 UTC (Thu)
by developer122 (guest, #152928)
[Link]
The timing on that sort of thing with real-world events could be quite telling as to where a person lives or on what side of an issue they fall.
Posted Jan 27, 2022 12:57 UTC (Thu)
by kleptog (subscriber, #1183)
[Link] (7 responses)
Which is probably why they only send 3. And there's a pretty good chance one of those three is a randomly chosen topic.
If Google wants to know your gender they can just examine your Facebook page. If you don't have a Facebook page you're not an interesting part of the market anyway.
Seriously though, if you told people that there was a panel where you could choose to see more ads for expensive electronics and fast cars instead of for diapers, I'm sure there's a significant group that would consider that a good thing.
Posted Jan 27, 2022 14:30 UTC (Thu)
by excors (subscriber, #95769)
[Link] (2 responses)
I think the basic tradeoff is more like: you regularly visit a web site that needs to make $0.10 in revenue from you (to pay for operating costs plus profit), so they will choose to show however many ads for expensive electronics and fast cars are necessary before you'll spend an average of $1 on those products, or they'll show however many ads for diapers so you spend $1.
If you never buy diapers (but they don't know that), they'll have to show you an infinite number of diaper ads, probably with lots of provocative images and auto-playing videos to try really really hard to convince you to buy diapers which you don't need, and that still won't be enough. Whereas if they know your interests enough to show a single ad for something that is genuinely relevant and useful for you, you're reasonably likely to give them the revenue they need, and their site can be financially viable without an obnoxious quantity of ads. It doesn't seem surprising that many people would prefer the latter.
Posted Jan 27, 2022 16:33 UTC (Thu)
by LtWorf (subscriber, #124958)
[Link]
Posted Jan 31, 2022 17:24 UTC (Mon)
by moltonel (guest, #45207)
[Link]
Also, there are people (me included) who actually prefer to see irrelevant ads, because they are easier to mentally ignore and less able to manipulate you.
Posted Jan 27, 2022 18:37 UTC (Thu)
by tialaramex (subscriber, #21167)
[Link] (3 responses)
Right now though my Facebook adverts are 100% wall-to-wall adverts for an "innovation centre" which I think was built in my city in late 2019 and presumably is now realising that nobody wants to rent their office space and they never will again, oops. Facebook doesn't necessarily know I live here, but it does know I studied here, since that's why I have a Facebook account.
I didn't explicitly tell Facebook my gender, but interestingly Google correctly guessed my gender and *despite that* it spent months advertising women's shoes to me after I bought one pair because they are pretty (they're seriously very pretty, they're on a shelf in my living room). Not just women's shoes, but specifically exactly that same pair of shoes. Again, they're very pretty but nobody is going to buy two pairs. Advertising is algorithm driven and algorithms are dumb.
I think the evidence suggests that actually all the fuss over tracking based Internet advertising was a waste of time and money. $1000 spent on tracked Internet advertising won't actually be more effective than $1000 spent on, say, a billboard or a magazine advert, but tracking means you will get more advertising executives trying to *persuade* you that it worked because they have more tools to lie with. In particular, while the sales guy telling you that definitely somebody saw the billboard and then bought a brand new car is easy to dismiss, the guy saying the same thing about your Facebook advert has a chart that says so, how can it be wrong? Well, the same as the first guy, it's lying. That guy was on his way to buy the car when he passed the billboard, and he was reading Facebook right before buying a car too, it's not causality it's coincidence, and they've got more powerful tools to harvest coincidence online.
Why did I see all those shoe adverts? Because it's correlated. This guy saw your shoe advert AND he bought shoes. What do you mean which happened first?
Posted Jan 27, 2022 22:55 UTC (Thu)
by rgmoore (✭ supporter ✭, #75)
[Link] (2 responses)
The problem with ads continuing to chase you after you've already bought the product is notorious. My suspicion is that this is an especially bad problem when your decision to buy the product isn't affected by the ad at all; you just decided to buy it by browsing on their web site. The ad broker is tracking your surfing habits and knows you've been looking at a product. If you had decided to look at the product based on an ad, they'd know because they track clicks. They would probably know when you bought it, because they really want to be able to prove that their ads lead to sales.
But if you don't follow the ad to the product, the broker will only know that you've looked at the product; they won't know that you've bought it. Worse, the brokers keep exactly who they show which ad secret from the advertisers because knowing who to target is the core of their business. The last thing they want to do is to tell advertisers who is being shown which ads. So they keep showing you the ad in hopes you'll buy, all the while keeping it secret from the advertiser, who could tell them it's pointless because they've already made the sale.
Posted Jan 28, 2022 9:29 UTC (Fri)
by nilsmeyer (guest, #122604)
[Link] (1 responses)
Perhaps that piece of information is missing? Instead the algorithm assumed you didn't buy but were strongly interested in buying since the sale hasn't been reported back to the advertiser.
Posted Jan 31, 2022 6:36 UTC (Mon)
by rgmoore (✭ supporter ✭, #75)
[Link]
Yes, that's the idea. The point I was trying to convey is that the information isn't missing randomly. It's missing because of the way online ads work, which means it can't easily be fixed without deep changes to the system.
Posted Jan 27, 2022 8:33 UTC (Thu)
by nim-nim (subscriber, #34454)
[Link]
> It may make sense for sites to provide their own topics (e.g., via meta tags, headers, or JavaScript)
Ah ah ah. We’re not evil web sites are. We don’t abuse privacy and cookie laws web sites choose to implement them in the most uneffective way they can think of.
Are those people real?
Posted Jan 26, 2022 22:07 UTC (Wed)
by josh (subscriber, #17465)
[Link] (7 responses)
Excellent. Now let's kill Topics, and ideally leave enough of a smoking crater to discourage trying again.
Posted Jan 27, 2022 1:01 UTC (Thu)
by developer122 (guest, #152928)
[Link] (6 responses)
This is what happens when google owns not only the market but the actual *browser* through which the whole web is viewed. They have what every advertizer wishes for: a hold on the actual physical device.
We need a real and concerted effort to get people off of chrome onto literally anything else. Sympathetic websites running ads for other browsers to chrome users. Other software asking if you'd like to install chromium/firefox/whatever along with the product, like google toolbar in the good old days. People getting loves ones off of chrome and onto another browser. This needs to be war.
Posted Jan 27, 2022 1:04 UTC (Thu)
by josh (subscriber, #17465)
[Link] (5 responses)
Posted Jan 27, 2022 22:16 UTC (Thu)
by developer122 (guest, #152928)
[Link] (4 responses)
The only reason you're saying that is because it runs on a similar codebase which is nothing more than a technical detail. All the other browsers have defied google in not supporting third party cookies regardless of what engine they use to render HTML.
Posted Jan 29, 2022 18:15 UTC (Sat)
by josh (subscriber, #17465)
[Link] (3 responses)
Also, Chromium still uses the same browser engine, and as a result, further encourages websites to only care about that same browser engine, which makes life harder for other browsers.
Chromium does not meaningfully diverge from browser design decisions made in Chrome; it may disable individual features (or support others compiling binaries with those features disabled), but won't make substantial direction changes that diverge from Chrome's.
If you very much like Chrome and just want it to be fully Open Source, then by all means run Chromium.
If you don't like Chrome's direction or choices, Chromium generally won't help you avoid them.
And if you want a multiple browsers to continue existing and thriving, try something not based on the same engine, like Firefox.
Posted Jan 29, 2022 18:19 UTC (Sat)
by amacater (subscriber, #790)
[Link] (2 responses)
Posted Feb 7, 2022 0:47 UTC (Mon)
by flussence (guest, #85566)
[Link] (1 responses)
Posted Feb 7, 2022 4:38 UTC (Mon)
by pabs (subscriber, #43278)
[Link]
Posted Jan 26, 2022 22:26 UTC (Wed)
by IanKelling (subscriber, #89418)
[Link] (3 responses)
> we're building user controls that let you see the topics, remove any you don't like or disable the feature completely
But "disabled" sounds like it isn't really disabled in practice. It sounds like it means sending 0 topics, which will categorize you as a special minority, one that websites will discriminate against, like the popups "You aren't helping us show ads! Stop or go away!". For this opt-out feature, disabled should be to send some of the most popular topics are so you appear normal.
Posted Jan 27, 2022 5:03 UTC (Thu)
by devkev (subscriber, #74096)
[Link] (2 responses)
My initial reaction was "Ugh, more JavaScript". But then I realised this makes it very easy to have a browser extension which monkey-patches the method to return 3 random topics instead.
Posted Jan 27, 2022 11:13 UTC (Thu)
by k8to (guest, #15413)
[Link] (1 responses)
Posted Jan 27, 2022 12:06 UTC (Thu)
by devkev (subscriber, #74096)
[Link]
Posted Jan 26, 2022 22:38 UTC (Wed)
by jmaa (guest, #128856)
[Link] (14 responses)
Posted Jan 27, 2022 3:41 UTC (Thu)
by droundy (subscriber, #4559)
[Link]
Posted Jan 27, 2022 5:38 UTC (Thu)
by felixfix (subscriber, #242)
[Link] (10 responses)
I also wish they'd get back to simple text ads. My brain ignores flashing ads, columns of pictures, all that ad stuff. When there were text ads, I used to actually skim them.
It was the same back in the days when I read print newspapers and magazines. I ignored the mass production ads. If I was looking for snowshoes, I looked for snowshoe ads.
Context is everything. Why feed me ads for real estate agencies when I am reading a page with a pot roast recipe?
Posted Jan 27, 2022 16:13 UTC (Thu)
by khim (subscriber, #9252)
[Link] (7 responses)
Why? Sure. They are most appropriate, but are they most lucrative? Obviously no. And guess what advertisers prefer. Sure. But if you are avid fun of hiking you wouldn't spend all your money on these. And if they can, somehow, guess about what you want to buy (as opposed to what you want to read about) the chances of selling you something increases. Yes, but is it more lucrative to try to sell something to you and not to someone who can barely read two sentences? Because this brings more money? What often baffles me on LWN is simultaneous combo of people who are bright and, see many different things — yet, simultaneously, couldn't understand that they are rare minority and something designed to cater to majority, may, in fact, look stupid and crazy to them because majority is different and because if you look on who actually spends money on things situation is even more different.
Posted Jan 28, 2022 3:33 UTC (Fri)
by felixfix (subscriber, #242)
[Link] (6 responses)
Marketing departments also have the wrong incentives. Like all bureaucrats in unmeasurable fields, they operate on hunches backed by selective data. I imagine the old saying "you can't go wrong with IBM" has a Google counterpart today.
Don't get so excited by your own superior imagination. Your idea of majority and minority is just as wonky as what you claim as everyone else's delusions. Follow the money, follow the incentives, and remember that everyone is biased and usually doesn't know what invisible incentives they are following.
Posted Jan 28, 2022 8:12 UTC (Fri)
by JanC_ (guest, #34940)
[Link] (4 responses)
Posted Jan 28, 2022 11:08 UTC (Fri)
by khim (subscriber, #9252)
[Link] (3 responses)
But that's only natural: if ads have become less effective them advertisers would need more of them to get the same sales. It's precisely the same story as with TV ads: TV networks were getting lots of money from ads because they were less effective than ads in the Internet! Of course after advertisers realized what's happening they moved ads from TV to the Internet. Which made ads in the Internet less lucrative thus some ads remained on TV. GDPR reversed that trend and turned NYT into TV-of-sorts… of course this should introduce jump in revenues… till advertisers would realize what's happening and move ads elsewhere. NYT is probably big and important enough to retain some advertisers, but small web sites may end up with no ads (and no income) at all if they would do something like that.
Posted Jan 28, 2022 12:17 UTC (Fri)
by laarmen (subscriber, #63948)
[Link] (2 responses)
Posted Jan 28, 2022 16:15 UTC (Fri)
by JanC_ (guest, #34940)
[Link]
Posted Jan 28, 2022 17:00 UTC (Fri)
by khim (subscriber, #9252)
[Link]
Not anymore. They stopped serving targeted ads because they don't want to deal with GDPR requirements. I don't think they would want to bring these [potential] liabilities back just to get these numbers.
Posted Jan 28, 2022 11:01 UTC (Fri)
by khim (subscriber, #9252)
[Link]
That's where third-party cookies become important. If they are used then you may count all the times ad was shown and even track user from the ads to purchase of goods. Of course this only shows how lucrative ad is for the advertiser, it's hard to measure how effective is it for the Website. Google actually shows irrelevant ads to small percentage of users on purpose to see if they would click on them! And yes, of course it's not a precise science: if people who are visiting the web site were rational then ads would have been completely useless. It's true, to some degree, but it's not as if Google used guns to make people switch from TV ads and newspaper ads to their platform. That part happened before it become an established truth that it's better to go with Google or YouTube ads than spending money on TV ads.
Posted Jan 28, 2022 2:50 UTC (Fri)
by developer122 (guest, #152928)
[Link] (1 responses)
The theory goes that google can overall produce an accurate profile of "you" and what you're most interested in buying, or what you're susceptible to that's most willing to pay for ad space. Then they plaster that *everywhere.* The mechanics forum, the baking site, your search results, every website you visit.
Posted Jan 28, 2022 3:18 UTC (Fri)
by felixfix (subscriber, #242)
[Link]
Auto mechanics use a lot of specialty tools that very few other people will ever know about, let alone use. They are also more likely to already have sources for new tools and not likely to respond to ads for new sources. They are also not likely to google for how to repair pages in the ordinary course of business.
Or to put it another way: the people most likely to google for how to repair pages are the amateurs who don't already have a vast collection of repair tools, not the professionals who do have that vast collection. Similarly, the people most likely to google for recipes are the amateur cooks who might be interested in new pots and pans and implements of cooking, not the professional chefs who already have almost everything they need, and if they do buy something new, it will be from a friend's and/or colleague's recommendation.
Posted Jan 27, 2022 15:27 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (1 responses)
The timing correlates with when Google bought DoubleClick; from the outside, it looks like DoubleClick's values w.r.t. users and advertisers won out over the native Google attitudes.
Posted Jan 27, 2022 23:39 UTC (Thu)
by rgmoore (✭ supporter ✭, #75)
[Link]
That may be right, but it may also be that Google had already started to adopt, or was being pushed in the direction of, DoubleClick's attitudes, and that's what made the purchase seem reasonable. You only buy a company like DoubleClick if you're intending to move into their business.
Posted Jan 26, 2022 22:39 UTC (Wed)
by Rigrig (subscriber, #105346)
[Link] (5 responses)
It is my understanding this happens because ad-networks are simply interested in showing a high conversion rate, measured as "products bought after seeing them advertised". It turns out that predicting purchases is much easier than actually convincing people to buy something, and they don't have (real-time) access to sales data, so it pays off to show a few too-late ads if it increases the chance of having shown the ad just before a purchase.
Posted Jan 27, 2022 2:37 UTC (Thu)
by pabs (subscriber, #43278)
[Link] (4 responses)
Posted Jan 27, 2022 9:01 UTC (Thu)
by nim-nim (subscriber, #34454)
[Link]
Cookies and topics exist, to reassure the people that bid for micro ads their money may produce some effect. It’s a belief system.
Posted Jan 27, 2022 16:17 UTC (Thu)
by khim (subscriber, #9252)
[Link] (1 responses)
Who told you that? It's really hard to convince someone to buy something new. It's much easier to convince someone who is already planning a purchase to choose your shop rather than someone's else shop. Of course Google ads were targeted on the latter auditory rather then former one. From the day one when ads were served only near search results.
Posted Jan 27, 2022 23:57 UTC (Thu)
by pabs (subscriber, #43278)
[Link]
Posted Jan 28, 2022 0:47 UTC (Fri)
by Rigrig (subscriber, #105346)
[Link]
And if you pay per view-conversion, obviously the algorithm will optimize for that, resulting in this effect.
Posted Jan 27, 2022 2:31 UTC (Thu)
by pabs (subscriber, #43278)
[Link] (5 responses)
Posted Jan 27, 2022 4:55 UTC (Thu)
by dmarti (subscriber, #11625)
[Link]
The answer to that one is in the company's origin story: because stacks of generic PC hardware worked better for them than a big Digital or Sun server. Using the cheap generic option for a task means you get to keep the money that the competition is spending on the more expensive solution. What worked for server hardware is also working for Google in the web ad market: Google can make more money by introducing ads on cheap, low-engagement sites into the same market with ads on higher-cost sites. And since no advertiser would believe audience info from a cheap, low-engagement site, the only way to make it work is with some kind of third-party tracking. It's all about commodity inputs, in this case commoditizing web content.
Posted Jan 27, 2022 8:25 UTC (Thu)
by ballombe (subscriber, #9523)
[Link]
Posted Jan 27, 2022 12:57 UTC (Thu)
by nim-nim (subscriber, #34454)
[Link] (2 responses)
The web sites that do have an obvious marketable context don’t run Google ads, they are either merchant web sites (displaying ads for their own product, like Amazon), or run adverts by price comparators for the products most obviously associated with their context.
Google specializes on low-effect advertisement carpet bombing, with creepy tracking to reassure buyers it has some effect.
Posted Jan 27, 2022 13:00 UTC (Thu)
by nim-nim (subscriber, #34454)
[Link]
Posted Jan 27, 2022 23:54 UTC (Thu)
by rgmoore (✭ supporter ✭, #75)
[Link]
That doesn't necessarily follow. I think the idea is to base the ads on what's on the web page, not necessarily try to sell what's on the web page. So, for example, if somebody has a web page describing their hikes, you figure out what hikers are interested in and try selling that. Maybe that's hiking equipment, but maybe people who like hiking are interested in their health, so it's a good place for ads for wellness products.
This was the traditional model of advertising. Advertisers tried to figure out what kind of people would be interested in their product and put their ads in the kinds of publications that would appeal to those people. If you bought a car magazine, it would be full of ads for cars and car accessories, but it would also include lifestyle products calculated to appeal to people who liked fancy cars. If you bought a fashion magazine, it would be full of ads for clothes, but also for perfume and cosmetics.
I think that's intended to be the goal of something like topics. The idea is that it lets ad companies figure out that people who are interested in topic foo are also interested in topics bar and baz. That way even if there aren't any obvious marketing angles related to foo, or if there are more web sites devoted to foo than there are advertisers interested in selling it, they can try selling bar and baz on foo websites.
Posted Jan 27, 2022 9:27 UTC (Thu)
by developer122 (guest, #152928)
[Link]
This sounds horrifyingly convoluted. I'm sure a smarter person than me can find lots of counter-intuitive ways to leak information from that mess by making repeated calls, for example from lots of throwaway sites with different topics.
Posted Jan 27, 2022 9:51 UTC (Thu)
by camhusmj38 (subscriber, #99234)
[Link] (1 responses)
Posted Jan 27, 2022 12:28 UTC (Thu)
by mathstuf (subscriber, #69389)
[Link]
Posted Jan 27, 2022 13:55 UTC (Thu)
by jezuch (subscriber, #52988)
[Link] (2 responses)
The tragedy continues.
Posted Jan 27, 2022 17:10 UTC (Thu)
by benj (guest, #156429)
[Link] (1 responses)
Posted Jan 29, 2022 14:31 UTC (Sat)
by james (subscriber, #1325)
[Link]
Posted Jan 27, 2022 17:45 UTC (Thu)
by IanKelling (subscriber, #89418)
[Link]
Posted Jan 29, 2022 8:12 UTC (Sat)
by milesrout (subscriber, #126894)
[Link]
Why is this a good thing? I don't want ads for feminine hygiene products, or make-up. What are 'sensitive categories' anyway? Gender and race, apparently. I don't think they're particularly sensitive, personally. What else? Is it basically the same as the list of factors you aren't typically allowed to factor in when hiring people? Does it include things like having children? Or that you are planning to have children? Does it include highly gendered topics like 'make up' or 'skirts' or 'business suits'? Does it include things that correlate with 'sensitive topics'? Is political affiliation a sensitive topic?
I now see the categories are public. And indeed it does include '/Arts & Entertainment/Music & Audio/Soul & R&B', '/Arts & Entertainment/Music & Audio/Rap & Hip-Hop' and '/Arts & Entertainment/Music & Audio/World Music/Reggae & Caribbean Music'. I wonder how much those correlate with race.
It includes '/Arts & Entertainment/TV Shows & Programs/TV Family-Oriented Shows'. It includes '/Beauty & Fitness/Face & Body Care/Make-Up & Cosmetics'. It includes '/Hobbies & Leisure/Outdoors/Hunting & Shooting'. It includes '/Jobs & Education/Education/Early Childhood Education'. It is not hard to imagine some of these being *highly* correlated with certain protected 'sensitive' categories.
Facebook got a lot of flack for allowing people to target ads at certain political groupings around the 2016 American elections. I don't see how Google will prevent people from targeting 'Rap & Hip-Hop' + 'Basketball' if they wanted to target African-Americans, or 'Hunting & Shooting' + 'Country Music' + 'Pickup Trucks' if they wanted to target "redneck" Americans, etc. etc. If this is meant to produce something that can't be used to target so-called "sensitive categories" then it's a blatant failure.
Posted Feb 3, 2022 7:03 UTC (Thu)
by oldtomas (guest, #72579)
[Link]
Oh, yeah. This is an ad company. They'll sell you a cilice [1] as a "comfort device".
Keeping a safe distance between myself and Chrome (and Android) for now.
Goodbye FLoC, hello Topics
> How do we opt them *in*?
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
> Which doesn’t work, because EU users can visit their site through a proxy or VPN and (parts of) the GDPR would still apply.
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
> Effectively, though, the EU is saying that if you're big enough to have EU links, GDPR applies to you whether you take efforts to avoid coming under its banner or not.
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
> The rationale is that reasonable effort to not process the data of EU residents and citizens outside the terms of the GDPR is to always comply with the spirit of GDPR restrictions, not to try to ban EU residents and citizens from accessing your data.
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
> You don't need to interact with a country to be affected by their laws, you just need to interact with a person from that country.
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
You don't need to interact with a country to be affected by their laws, you just need to interact with a person from that country.
Nope. Here's Russian version.
Foreign citizens enjoy rights in the Russian Federation and bear obligations on an equal footing with citizens of the Russian Federation, with the exception of cases provided for by federal law.
In particular Russia demands that information about Russian citizens is processed in Russia — and wouldn't care one jot if it would contradicts the GDPR.
Rights of certain individual citizens? Nope. Never seen such an inclination in China authorities before, don't think they would start doing that now.
> The GDPR doesn't apply to the data of Russian citizens, so what's the relevance?
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Wol
Goodbye FLoC, hello Topics
The Topics "are thoughtfully curated to exclude sensitive categories, such as gender or race".
And with an eye to the GDPRs' "special categories" of sensitive data, which require "explicit consent to the processing of those personal data".
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Correlation
Correlation
Correlation
Correlation
Perhaps that piece of information is missing?
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
> That has always confused me.
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
> as those *can* be measured and billed, contrary to TV-ads which are solely based on views.
Goodbye FLoC, hello Topics
> Like all bureaucrats in unmeasurable fields, they operate on hunches backed by selective data.
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
> Google ads are supposed to be helping create new purchases, not helping predict purchases that would have happened anyway.
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Even if ad networks wanted to, I doubt the AI could be trained to "maximize conversion rate, but by creating new purchases, not predicting them". (They would if they could, because customers will notice a 30% conversion rate with ad broker A resulting in higher sales than 30% with broker B.)
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Google can’t do that because it advertises on web sites with no obvious marketable context.
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
Until the EU decides they will just do what they want anyway.
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics
https://eshoo.house.gov/media/press-releases/eshoo-schako...
Goodbye FLoC, hello Topics
Goodbye FLoC, hello Topics