LWN: Comments on "Goodbye FLoC, hello Topics"

Goodbye FLoC, hello Topics

pabs — Mon, 07 Feb 2022 04:38:30 +0000

I haven't used it, but the GNOME Web browser is based on WebKit.

Goodbye FLoC, hello Topics

flussence — Mon, 07 Feb 2022 00:47:30 +0000

Things could be worse, we still have WebKit and I don't think that's going away any time soon. The only thing holding it back on Linux is that it's treated like a throwaway thing and nobody tries to build a serious browser on it.

Goodbye FLoC, hello Topics

oldtomas — Thu, 03 Feb 2022 07:03:56 +0000

Privacy Sandbox

Oh, yeah. This is an ad company. They'll sell you a cilice [1] as a "comfort device".

Keeping a safe distance between myself and Chrome (and Android) for now.

[1] https://en.wikipedia.org/wiki/Cilice

Goodbye FLoC, hello Topics

khim — Tue, 01 Feb 2022 14:22:19 +0000

> The GDPR doesn't apply to the data of Russian citizens, so what's the relevance?

Huh? We are discussing that one:

You don't need to interact with a country to be affected by their laws, you just need to interact with a person from that country.

We are not talking about Russian citizens, but about foreigners who are, miraculously, according to you, entitled for what GDPR promises even if they are in Russia. But Russian law is extremely clear: when you are on Russia soil you may forget about your country laws which say something. Either there are Russian which gives you some rights or you have no rights at all.

Which means that if you ban the EU citizens on your website you can safely ignore GDPR: EU citizens which interact with you legally can not bring it in the court and the ones who used VPN to pretend they are on Russian soil are very unlikely to be taken seriously by the court.

> Of course, being China it's surrounded by certifications and a lot of other top-down bureaucracy that the GDPR doesn't have, but many of the basics are similar.

Yes, GDPR have opened the Pandorra box. Now every country claims that their own law are exterritorial and apply to the whole world… but can they actually enforce that? When other countries (like Russia and China itself) explicitly refuse to accept that exterritoriality?

I think that it would take 5-10 years before we would reach the final outcome, but I don't think it would be the ability of EU to enforce GDPR in all countries around the world and the ability of China to enforce PIPL around the world.

More likely outcome is separation of the world into regions with clearly outlined borders and where mon-n-pop shop in Bangladesh would continue to blissfully ignore GDPR (but may be tied by PIPL depending on where the line between regions fall).

IOW: I don't see the trend moving into the direction of more respect for people privacy. I would expect more and more geographic bans instead.

Goodbye FLoC, hello Topics

kleptog — Tue, 01 Feb 2022 14:00:05 +0000

You don't need to interact with a country to be affected by their laws, you just need to interact with a person from that country.
Nope. Here's Russian version.
Foreign citizens enjoy rights in the Russian Federation and bear obligations on an equal footing with citizens of the Russian Federation, with the exception of cases provided for by federal law.

Clearly there's some miscommunication going on here, because I don't see the relation. The GDPR doesn't apply to the data of Russian citizens, so what's the relevance?

In particular Russia demands that information about Russian citizens is processed in Russia — and wouldn't care one jot if it would contradicts the GDPR.

How can it contradict the GDPR since it doesn't apply to the data of Russian citizens in Russia?

Rights of certain individual citizens? Nope. Never seen such an inclination in China authorities before, don't think they would start doing that now.

Then you need to get up to speed (this entered into force 3 months ago):

The PIPL establishes the mechanism of personal information protection in China and it is modelled, in part, on the GDPR. It introduces several important concepts, such as personal information, sensitive personal information, and processing. It explicitly stipulates its exterritorial jurisdiction, and provides the traditional elements for data protection, such as principles of personal information processing, consent and non-consent grounds for processing, cross-border transfer mechanisms and rights of data subjects. At the time of writing this note, some provisions are still waiting for implementing rules to provide clarification.

The right of privacy and personal information would be categorised as a personality right, which provides a legal remedy from the perspective of Torts in cases of infringement of privacy and/or personal information. Furthermore, privacy is defined by law for the first time, which refers to the private peaceful life of a natural person and the private space, private activities, and private information that a natural person does not wish to be known by others.

Of course, being China it's surrounded by certifications and a lot of other top-down bureaucracy that the GDPR doesn't have, but many of the basics are similar.

Goodbye FLoC, hello Topics

khim — Mon, 31 Jan 2022 17:54:22 +0000

> You don't need to interact with a country to be affected by their laws, you just need to interact with a person from that country.

Nope. Here's Russian version.

Foreign citizens enjoy rights in the Russian Federation and bear obligations on an equal footing with citizens of the Russian Federation, with the exception of cases provided for by federal law.

You may talk about GDPR or US law or anything like that as much as you want, court would just declare all these papers irrelevant and would ask you when and how agreement between Russia and your country was made and when federal law was changed to accommodate it.

> That's one of the things of the internet, it makes cross-border issues very common.

Yes, Internet made is possible to interact with someone who haven't left their own country. This creates collisions.

> So back to the mom and pop shop in Bangladesh, if they do a transaction with an EU citizen that involves the transfer of personal data then they can choose (knowingly or otherwise) to not respect that user's rights and there may be consequences of that.

What consequences? Bangladesh would ask EU citizens not to visit them? This is already happening, albeit under different pretext.

> Now we're on to the next stage where some places in the world (the EU particularly) have decided that people own their personal data and have rights regarding them.

Yes. And they, unilaterally, decided that the other countries wouldn't do anything about their wishes and desires but would just blindly accept them. They would, but blind acceptance is not in the cards.

> As such we will see such tactics as import blockades, fining local subsidiaries, tariffs, seizing assets, etc to encourage said countries to respect the rights of the owners of their personal data.

Nope. Not even close. Yes, EU may have started all that with the good intent. But… the road to hell is paved with good intentions. Other countries took note… and started preparing counter-measures.

In particular Russia demands that information about Russian citizens is processed in Russia — and wouldn't care one jot if it would contradicts the GDPR.

> Now the shoe is on the other foot they worry whether maybe they should prevent that, but unless you actually start with the idea that people have rights over their personal data, it's hard to argue China is doing anything wrong.

No. You may declare it illegal to collect personal data of US citizens abroad. Not say that citizens have certain rights over their data but that US have jurisdictions over them. China may agree to that. Move physical borders between countries into the virtual space, Internet. Rights of certain individual citizens? Nope. Never seen such an inclination in China authorities before, don't think they would start doing that now.

And even if some agreements would be reached and GDPR would become law in Russia — this would happen not because EU said so, but because Russia would adopt it into “federal law”. Which, frankly, sounds less and less likely with each passing year.

Goodbye FLoC, hello Topics

moltonel — Mon, 31 Jan 2022 17:24:53 +0000

The problem with this reasoning is that the number of ads shown is not determined by a target amount of money made. Instead, the number of ads is increased until they become obnoxious enough that users stop visiting the site and ad income begins to drop. Whether the obnoxiousness comes from the number of ads or their irrelevancy does not matter.

Also, there are people (me included) who actually prefer to see irrelevant ads, because they are easier to mentally ignore and less able to manipulate you.

Goodbye FLoC, hello Topics

kleptog — Mon, 31 Jan 2022 16:58:35 +0000

> But that's significantly different from saying that laws of your country, somehow, should affect people in the other countries without these countries signing any agreements with you.

This happens all the time though. You don't need to interact with a country to be affected by their laws, you just need to interact with a person from that country. That's one of the things of the internet, it makes cross-border issues very common.

(BTW, "affect" is a very board term that can mean almost any kind of interaction)

The issue here revolves around the concept of "ownership". If I, by the laws of my country, legally own a widget X, then if I go to another country then they will generally accept that I own that widget, even if that country has never has any relations with my country. There are formal legal frameworks to give this effect, but even without these the concept of ownership is fairly universal.

When we created copyrights and patent we decided that people could own them. And in countries that didn't recognise said copyrights/patents they weren't bound per se, but there were plenty of tactics deployed, like import blockades, fining local subsidiaries, tariffs, seizing assets, etc to encourage said countries to recognise the existence of copyrights/patents and their ownerships and associated rights.

Now we're on to the next stage where some places in the world (the EU particularly) have decided that people own their personal data and have rights regarding them. The US in particular doesn't believe this and think people and especially large tech businesses have the right to do whatever they like with other people's personal data. As such we will see such tactics as import blockades, fining local subsidiaries, tariffs, seizing assets, etc to encourage said countries to respect the rights of the owners of their personal data.

The interesting thing is that people in the US are waking up to the idea that companies in China can also collect data on US citizens and process that however they like. Now the shoe is on the other foot they worry whether maybe they should prevent that, but unless you actually start with the idea that people have rights over their personal data, it's hard to argue China is doing anything wrong.

So back to the mom and pop shop in Bangladesh, if they do a transaction with an EU citizen that involves the transfer of personal data then they can choose (knowingly or otherwise) to not respect that user's rights and there may be consequences of that.

Goodbye FLoC, hello Topics

khim — Mon, 31 Jan 2022 12:47:35 +0000

Sure, countries have spent resources to protect their citizens when possible.

But that's significantly different from saying that laws of your country, somehow, should affect people in the other countries without these countries signing any agreements with you.

Even embassies or military bases impose foreign rules on their own soil, not around the whole country where they reside.

> If anything the US approach of applying their laws abroad in all kinds of cases that do not even remotely relate to protecting their citizens is an issue, not the EU one.

What's the difference? In both cases one country claim it's laws are extraterritorial and trump the laws of the other countries without there being an additional agreements to provide that extraterritoriality.

The only difference I see if that US is willing to use force to support that interpretation and EU only tries to impose it when it have the opportunity to do so on their own territory, but the idea is the same.

Goodbye FLoC, hello Topics

taladar — Mon, 31 Jan 2022 09:45:52 +0000

Countries have been using their influence to protect their own citizens abroad for centuries. That is hardly a new thing.

If anything the US approach of applying their laws abroad in all kinds of cases that do not even remotely relate to protecting their citizens is an issue, not the EU one.

Correlation

rgmoore — Mon, 31 Jan 2022 06:36:36 +0000

Perhaps that piece of information is missing?

Yes, that's the idea. The point I was trying to convey is that the information isn't missing randomly. It's missing because of the way online ads work, which means it can't easily be fixed without deep changes to the system.

Goodbye FLoC, hello Topics

khim — Sun, 30 Jan 2022 15:34:28 +0000

> The rationale is that reasonable effort to not process the data of EU residents and citizens outside the terms of the GDPR is to always comply with the spirit of GDPR restrictions, not to try to ban EU residents and citizens from accessing your data.

No, it's not reasonable. If some group of people forget about what country borders are and how law works then it's not a good idea to try to placate them, usually it's cheaper to ensure you don't need to deal with them.

Only if you are already deeply involved with them it may be too costly to block them and pretend they don't exist.

Note: I'm not talking about specifics of GDPR here. The mere fact that it, supposedly, applies to entities beyond the EU border when they are dealing with people who are outside of EU border is deeply troubling and worthy of fighting against.

> This is directly targeted at big tech like Google and Facebook - those companies can't be allowed to play tricks that allow them to say "welp, our bad, EU and US data got intermingled, so we breached GDPR. But don't worry, we made reasonable efforts not to fall under EU jurisdiction, so it's OK".

Then why do they write a law in a way that mom-n-pop shop somewhere in Bangladesh have to, formally, deal with law of foreign country which they may not even know exist?

I have come to be accustomed to Russian lawmakers to be crazy but their latest invention sounds much more logical and clearly says: if you large enough and have enough customers in Russia mainland you have to deal with our rules (and if you have 500000 visitors daily in Russia then you are definitely large enough to afford office there), if you are someone small or foreign (and don't deal with lots of Russian citizens already) — we don't care.

There's centuries-old saying: however strict Russia's laws may be, their full power is reduced because they rarely are fully enforced. While European countries always tried to think about how laws can be executed once written.

And it just starts looking to me that Europe and Russia have swapped approaches to laws! This is madness!

Goodbye FLoC, hello Topics

farnz — Sat, 29 Jan 2022 21:06:55 +0000

Not yet, but there's no reason to think that the EU won't apply GDPR the way it says it would. The rationale is that reasonable effort to not process the data of EU residents and citizens outside the terms of the GDPR is to always comply with the spirit of GDPR restrictions, not to try to ban EU residents and citizens from accessing your data.

More generally, the EU is quite keen on the idea that there should be no route that allows an EU entity to do an end run around the GDPR by somehow importing EU residents data from outside the EU; that means that if you don't comply with the GDPR requirements, then you need your data pile to be poisonous to EU entities, including others in the same group as you.

This is directly targeted at big tech like Google and Facebook - those companies can't be allowed to play tricks that allow them to say "welp, our bad, EU and US data got intermingled, so we breached GDPR. But don't worry, we made reasonable efforts not to fall under EU jurisdiction, so it's OK".

Goodbye FLoC, hello Topics

amacater — Sat, 29 Jan 2022 18:19:37 +0000

Couldn't agree more. Also - both Chromium and Firefox are beasts to build. Various Linux distros are struggling to keep pace, especially where you have to build Rust toolchains or whatever in addition. The two browsers have enough code to be a mini OS in themselves and, sadly, upstream aren't always interested in building on architectures other than Intel/AMD/Android. Not a great situation to be in.

Goodbye FLoC, hello Topics

josh — Sat, 29 Jan 2022 18:15:22 +0000

Chromium is absolutely shipped by Google, from the same codebase with configuration options changed; it's just *compiled* by others, sometimes with a few additional configuration changes. Yes, it's Open Source and not hiding anything, but that doesn't mean it won't *openly* do things you'd rather it didn't, and those things aren't likely to change.

Also, Chromium still uses the same browser engine, and as a result, further encourages websites to only care about that same browser engine, which makes life harder for other browsers.

Chromium does not meaningfully diverge from browser design decisions made in Chrome; it may disable individual features (or support others compiling binaries with those features disabled), but won't make substantial direction changes that diverge from Chrome's.

If you very much like Chrome and just want it to be fully Open Source, then by all means run Chromium.

If you don't like Chrome's direction or choices, Chromium generally won't help you avoid them.

And if you want a multiple browsers to continue existing and thriving, try something not based on the same engine, like Firefox.

Goodbye FLoC, hello Topics

khim — Sat, 29 Jan 2022 16:46:23 +0000

> Effectively, though, the EU is saying that if you're big enough to have EU links, GDPR applies to you whether you take efforts to avoid coming under its banner or not.

Have this been actually tested in court? EU may say anything it wants, but the idea that someone who lives in the other country and does reasonable effort to never fall under jurisdiction of some foreign law yet, somehow, becomes bound by it, sounds very suspicious.

Not even Russia (who tries to make sure large internet companies have physical presence in the country) have ever tried to say that someone, who is not, legally, works in Russia should follow Russian laws.

Heck, even China doesn't try to force Google to censor content on Google.com (and yes, Google have pretty significant presence in China because otherwise it's very hard to produce electronic devices in modern world).

Goodbye FLoC, hello Topics

james — Sat, 29 Jan 2022 14:31:55 +0000

Until the EU decides they will just do what they want anyway.

Goodbye FLoC, hello Topics

farnz — Sat, 29 Jan 2022 10:13:26 +0000

Yes, it does. It's the fact that the data subject is EU-resident that counts from the law's point of view. Which is a separate matter to enforcing it, as it's very hard to enforce against an entity with no EU links at all.

Effectively, though, the EU is saying that if you're big enough to have EU links, GDPR applies to you whether you take efforts to avoid coming under its banner or not.

Goodbye FLoC, hello Topics

milesrout — Sat, 29 Jan 2022 08:12:19 +0000

> The Topics "are thoughtfully curated to exclude sensitive categories, such as gender or race".

Why is this a good thing? I don't want ads for feminine hygiene products, or make-up. What are 'sensitive categories' anyway? Gender and race, apparently. I don't think they're particularly sensitive, personally. What else? Is it basically the same as the list of factors you aren't typically allowed to factor in when hiring people? Does it include things like having children? Or that you are planning to have children? Does it include highly gendered topics like 'make up' or 'skirts' or 'business suits'? Does it include things that correlate with 'sensitive topics'? Is political affiliation a sensitive topic?

I now see the categories are public. And indeed it does include '/Arts & Entertainment/Music & Audio/Soul & R&B', '/Arts & Entertainment/Music & Audio/Rap & Hip-Hop' and '/Arts & Entertainment/Music & Audio/World Music/Reggae & Caribbean Music'. I wonder how much those correlate with race.

It includes '/Arts & Entertainment/TV Shows & Programs/TV Family-Oriented Shows'. It includes '/Beauty & Fitness/Face & Body Care/Make-Up & Cosmetics'. It includes '/Hobbies & Leisure/Outdoors/Hunting & Shooting'. It includes '/Jobs & Education/Education/Early Childhood Education'. It is not hard to imagine some of these being *highly* correlated with certain protected 'sensitive' categories.

Facebook got a lot of flack for allowing people to target ads at certain political groupings around the 2016 American elections. I don't see how Google will prevent people from targeting 'Rap & Hip-Hop' + 'Basketball' if they wanted to target African-Americans, or 'Hunting & Shooting' + 'Country Music' + 'Pickup Trucks' if they wanted to target "redneck" Americans, etc. etc. If this is meant to produce something that can't be used to target so-called "sensitive categories" then it's a blatant failure.

Goodbye FLoC, hello Topics

pabs — Sat, 29 Jan 2022 02:22:35 +0000

Presumably the GDPR also applies to EU residents who are visiting the USA and thus have a USA IP address of their hotel/friend etc?

Goodbye FLoC, hello Topics

Wol — Fri, 28 Jan 2022 23:22:01 +0000

Under those circumstances, I think it's pretty clear that the data subjects have given their permission.

There's a lot of FUD flying about the GDPR, and it's a good thing that it gives people control over data about them, but the central tenet is that the data subject is in control.

If the data subject CHOOSES to hand their data over to a data controller outside the jurisdiction of the GDPR, pretty much any court will be behaving lawfully when they say "more fool you" to an aggrieved plaintiff.

The point of the GDPR is to protect me if I hand over my information as, say, a condition of employment. If my employer then sells (or fails to look after properly) that data, they WILL get slammed under the regs. But if I just hand over my data to any Tom Dick or Harry, then that's *my* problem. That's why websites ask permission - if they collect it without my knowledge then they're supposed to destroy it sight unseen.

Cheers,
Wol

Goodbye FLoC, hello Topics

khim — Fri, 28 Jan 2022 17:00:07 +0000

> as those *can* be measured and billed, contrary to TV-ads which are solely based on views.

Not anymore. They stopped serving targeted ads because they don't want to deal with GDPR requirements. I don't think they would want to bring these [potential] liabilities back just to get these numbers.

Goodbye FLoC, hello Topics

JanC_ — Fri, 28 Jan 2022 16:15:18 +0000

Also, NYT was then selling those ads directly, instead of through a broker, so they cut out a middle man, I suppose…

Goodbye FLoC, hello Topics

farnz — Fri, 28 Jan 2022 14:10:07 +0000

As far as the EU is concerned, GDPR applies if you process data of an EU resident, regardless of where you are based. You simply must not process an EU resident's data at all (even if you tried to stop them giving you access to that data) or be in breach of the GPDR.

In practice, this comes down to how easy it is to punish you - a web site hosted in Russia by a lone hacker living in Moscow almost certainly has nothing that the EU can legally take as a penalty. The Wall Street Journal, on the other hand, is owned by a company with business interests (Sky Italia, for a start) in the EU; if the WSJ refuses to submit to GDPR, the EU courts could well take the penalty out of the business group as a whole, and make it the business group's problem to make that work out in their accounts.

Goodbye FLoC, hello Topics

laarmen — Fri, 28 Jan 2022 12:17:52 +0000

Can we really draw any conclusion from the available data? An increase in revenue might mean an increase in views, but could also mean an increase in click conversion, as those *can* be measured and billed, contrary to TV-ads which are solely based on views.

Goodbye FLoC, hello Topics

khim — Fri, 28 Jan 2022 11:08:59 +0000

But that's only natural: if ads have become less effective them advertisers would need more of them to get the same sales.

It's precisely the same story as with TV ads: TV networks were getting lots of money from ads because they were less effective than ads in the Internet!

Of course after advertisers realized what's happening they moved ads from TV to the Internet. Which made ads in the Internet less lucrative thus some ads remained on TV.

GDPR reversed that trend and turned NYT into TV-of-sorts… of course this should introduce jump in revenues… till advertisers would realize what's happening and move ads elsewhere.

NYT is probably big and important enough to retain some advertisers, but small web sites may end up with no ads (and no income) at all if they would do something like that.

Goodbye FLoC, hello Topics

khim — Fri, 28 Jan 2022 11:01:56 +0000

> Like all bureaucrats in unmeasurable fields, they operate on hunches backed by selective data.

That's where third-party cookies become important. If they are used then you may count all the times ad was shown and even track user from the ads to purchase of goods.

Of course this only shows how lucrative ad is for the advertiser, it's hard to measure how effective is it for the Website.

Google actually shows irrelevant ads to small percentage of users on purpose to see if they would click on them!

And yes, of course it's not a precise science: if people who are visiting the web site were rational then ads would have been completely useless.

> Follow the money, follow the incentives, and remember that everyone is biased and usually doesn't know what invisible incentives they are following.

It's true, to some degree, but it's not as if Google used guns to make people switch from TV ads and newspaper ads to their platform. That part happened before it become an established truth that it's better to go with Google or YouTube ads than spending money on TV ads.

Goodbye FLoC, hello Topics

khim — Fri, 28 Jan 2022 10:52:04 +0000

> Which doesn’t work, because EU users can visit their site through a proxy or VPN and (parts of) the GDPR would still apply.

I don't see how. Web site is outside of EU. Website makes it absolutely clear than EU citizens are not welcome. How can it fall under EU jurisdiction?

Sure, GDPR may include words which may talk about that situation, but it's not clear what court would be able to enforce these.

Correlation

nilsmeyer — Fri, 28 Jan 2022 09:29:50 +0000

> They would probably know when you bought it, because they really want to be able to prove that their ads lead to sales.

Perhaps that piece of information is missing? Instead the algorithm assumed you didn't buy but were strongly interested in buying since the sale hasn't been reported back to the advertiser.

Goodbye FLoC, hello Topics

JanC_ — Fri, 28 Jan 2022 08:12:28 +0000

Interesting data-point: when the GDPR was introduced, the NYT switched from tracking-based ads to context-based & geographical-based advertising for EU visitors… and saw its ad revenue from those visitors increase.

Goodbye FLoC, hello Topics

JanC_ — Fri, 28 Jan 2022 07:49:12 +0000

Which doesn’t work, because EU users can visit their site through a proxy or VPN and (parts of) the GDPR would still apply.

(Also, it’s not just small sites doing that, but some large networks of sites too…)

Goodbye FLoC, hello Topics

felixfix — Fri, 28 Jan 2022 03:33:35 +0000

Advertisers certainly want the most bang for the buck, but how do they know what that is? Google's incentive is to get advertisers to spend as much as possible, and their reporting on how well their own advertising works is suspect. All advertisers really have to go on is Google's reports vs other ad agencies. I don't have any reason to think Google is outright lying to their clients, but incentives work behind the scenes to distort things invisibly. I have no doubt Google analysts routinely come up with many marvelous ways to emphasize their most expensive advertising's benefits without any explicit bias.

Marketing departments also have the wrong incentives. Like all bureaucrats in unmeasurable fields, they operate on hunches backed by selective data. I imagine the old saying "you can't go wrong with IBM" has a Google counterpart today.

Don't get so excited by your own superior imagination. Your idea of majority and minority is just as wonky as what you claim as everyone else's delusions. Follow the money, follow the incentives, and remember that everyone is biased and usually doesn't know what invisible incentives they are following.

Goodbye FLoC, hello Topics

felixfix — Fri, 28 Jan 2022 03:18:05 +0000

On the contrary: an auto mechanic on a recipes page is more likely to already have all the job tools he needs and more unlikely to have the cooking tools.

Auto mechanics use a lot of specialty tools that very few other people will ever know about, let alone use. They are also more likely to already have sources for new tools and not likely to respond to ads for new sources. They are also not likely to google for how to repair pages in the ordinary course of business.

Or to put it another way: the people most likely to google for how to repair pages are the amateurs who don't already have a vast collection of repair tools, not the professionals who do have that vast collection. Similarly, the people most likely to google for recipes are the amateur cooks who might be interested in new pots and pans and implements of cooking, not the professional chefs who already have almost everything they need, and if they do buy something new, it will be from a friend's and/or colleague's recommendation.

Goodbye FLoC, hello Topics

developer122 — Fri, 28 Jan 2022 02:50:37 +0000

"Most appropriate for the page" means nothing. If I'm an auto mechanic I'm most likely to buy tools so you shouldn't show me baking supplies the one time I visit a recipe site. I won't buy them.

The theory goes that google can overall produce an accurate profile of "you" and what you're most interested in buying, or what you're susceptible to that's most willing to pay for ad space. Then they plaster that *everywhere.* The mechanics forum, the baking site, your search results, every website you visit.

Goodbye FLoC, hello Topics

Rigrig — Fri, 28 Jan 2022 00:47:58 +0000

What would they sue over? You order ads to be shown to interested people, they show ads to interested people. And then you work out how you are going to pay for those ads: per click, per view, per click-conversion, or per view-conversion.

And if you pay per view-conversion, obviously the algorithm will optimize for that, resulting in this effect.
Even if ad networks wanted to, I doubt the AI could be trained to "maximize conversion rate, but by creating new purchases, not predicting them". (They would if they could, because customers will notice a 30% conversion rate with ad broker A resulting in higher sales than 30% with broker B.)

Goodbye FLoC, hello Topics

pabs — Thu, 27 Jan 2022 23:57:04 +0000

Predicting purchases is a different to redirecting purchases from one vendor to another vendor.

Goodbye FLoC, hello Topics

rgmoore — Thu, 27 Jan 2022 23:54:49 +0000

Google can’t do that because it advertises on web sites with no obvious marketable context.

That doesn't necessarily follow. I think the idea is to base the ads on what's on the web page, not necessarily try to sell what's on the web page. So, for example, if somebody has a web page describing their hikes, you figure out what hikers are interested in and try selling that. Maybe that's hiking equipment, but maybe people who like hiking are interested in their health, so it's a good place for ads for wellness products.

This was the traditional model of advertising. Advertisers tried to figure out what kind of people would be interested in their product and put their ads in the kinds of publications that would appeal to those people. If you bought a car magazine, it would be full of ads for cars and car accessories, but it would also include lifestyle products calculated to appeal to people who liked fancy cars. If you bought a fashion magazine, it would be full of ads for clothes, but also for perfume and cosmetics.

I think that's intended to be the goal of something like topics. The idea is that it lets ad companies figure out that people who are interested in topic foo are also interested in topics bar and baz. That way even if there aren't any obvious marketing angles related to foo, or if there are more web sites devoted to foo than there are advertisers interested in selling it, they can try selling bar and baz on foo websites.

Goodbye FLoC, hello Topics

rgmoore — Thu, 27 Jan 2022 23:39:15 +0000

That may be right, but it may also be that Google had already started to adopt, or was being pushed in the direction of, DoubleClick's attitudes, and that's what made the purchase seem reasonable. You only buy a company like DoubleClick if you're intending to move into their business.

Correlation

rgmoore — Thu, 27 Jan 2022 22:55:52 +0000

The problem with ads continuing to chase you after you've already bought the product is notorious. My suspicion is that this is an especially bad problem when your decision to buy the product isn't affected by the ad at all; you just decided to buy it by browsing on their web site. The ad broker is tracking your surfing habits and knows you've been looking at a product. If you had decided to look at the product based on an ad, they'd know because they track clicks. They would probably know when you bought it, because they really want to be able to prove that their ads lead to sales.

But if you don't follow the ad to the product, the broker will only know that you've looked at the product; they won't know that you've bought it. Worse, the brokers keep exactly who they show which ad secret from the advertisers because knowing who to target is the core of their business. The last thing they want to do is to tell advertisers who is being shown which ads. So they keep showing you the ad in hopes you'll buy, all the while keeping it secret from the advertiser, who could tell them it's pointless because they've already made the sale.

Goodbye FLoC, hello Topics

developer122 — Thu, 27 Jan 2022 22:16:27 +0000

It is meaningfully different. It's not shipped by google. The have no control over what ends up in the final product and cannot include anything in secret that the browser vendor cannot remove.

The only reason you're saying that is because it runs on a similar codebase which is nothing more than a technical detail. All the other browsers have defied google in not supporting third party cookies regardless of what engine they use to render HTML.