A small French privacy ruling could remake adtech(techcrunch.com)
techcrunch.com
A small French privacy ruling could remake adtech
https://techcrunch.com/2018/11/20/how-a-small-french-privacy-ruling-could-remake-adtech-for-good/
165 comments
I hate the "cookie law" for this very reason. It just resulted in more popups which became at best white noise, at worst a genuine annoyance for users. Cookie-consent popups are a part of most ad-blockers, which should make you think.
Instead, the end result should be less abuse and hoarding of data. In other words, ad services should be held accountable for what they collect, not just inform users that they collect your data. Cookies are actually the one thing you can control, it's in your browser, it's not the problem, you can block or delete the data. What should be regulated are what companies store server-side and how they connect that data and that should be done between the government and the companies, not between the company and its users who might not have the expertise and, in many cases, are stuck with some quasi-monopoly like Google or Facebook.
Instead, the end result should be less abuse and hoarding of data. In other words, ad services should be held accountable for what they collect, not just inform users that they collect your data. Cookies are actually the one thing you can control, it's in your browser, it's not the problem, you can block or delete the data. What should be regulated are what companies store server-side and how they connect that data and that should be done between the government and the companies, not between the company and its users who might not have the expertise and, in many cases, are stuck with some quasi-monopoly like Google or Facebook.
People confuse GDPR with ePrivacy.
GDPR is not about cookies and it’s not about mere informing of users, but about getting consent for data processing. Publishers and service providers are required to ask for consent, with clear language and the default is opt-out.
Also from what I understand you can’t block users from using your service when they opt out of any data purpose that isn’t legitimate and the definition of legitimate data purposes is very narrow. For example it doesn’t really matter that ads profiling is how the company makes revenue, making more money is not a legitimate interest.
Some companies, like Facebook, are of course trying to resist this. But I’m pretty sure they’ll end up with big fines.
On popups, IAB’s specification uses the consensu.org domain for the cookie, so that consent can be shared between multiple domains. A publisher cannot share that consent with other publishers in case the list of partners used is custom of course, but you can still share it between your own domains. The purpose being to minimize the popups.
Given that publishers have a legal obligation to get the user’s consent, I strongly believe that ad-blockers blocking GDPR popups is legal trouble for both publishers and ad-blockers.
Blocking ads wasn’t deemed illegal thus far and it wasn’t for a lack of trying. Blocking GDPR pop-ups on the other hand will imo not have that same fate.
Also some users will legitimately want to have their data used for personalization and you can’t regulate against that.
This might be an unpopular opinion however given the choice between personalized ads and a paywall, I predict that most people will choose personalized ads.
GDPR is not about cookies and it’s not about mere informing of users, but about getting consent for data processing. Publishers and service providers are required to ask for consent, with clear language and the default is opt-out.
Also from what I understand you can’t block users from using your service when they opt out of any data purpose that isn’t legitimate and the definition of legitimate data purposes is very narrow. For example it doesn’t really matter that ads profiling is how the company makes revenue, making more money is not a legitimate interest.
Some companies, like Facebook, are of course trying to resist this. But I’m pretty sure they’ll end up with big fines.
On popups, IAB’s specification uses the consensu.org domain for the cookie, so that consent can be shared between multiple domains. A publisher cannot share that consent with other publishers in case the list of partners used is custom of course, but you can still share it between your own domains. The purpose being to minimize the popups.
Given that publishers have a legal obligation to get the user’s consent, I strongly believe that ad-blockers blocking GDPR popups is legal trouble for both publishers and ad-blockers.
Blocking ads wasn’t deemed illegal thus far and it wasn’t for a lack of trying. Blocking GDPR pop-ups on the other hand will imo not have that same fate.
Also some users will legitimately want to have their data used for personalization and you can’t regulate against that.
This might be an unpopular opinion however given the choice between personalized ads and a paywall, I predict that most people will choose personalized ads.
Of course. But if you recall when you first learned about information security, it would likely involve cookies. Probably the general population is going through that kind of adolescent awakening that we did when we were 10 or so, they just took longer because they sit on the shortbus in comparison.
> Yes it may cause some business models to disappear, but I feel it's worth it to take back control of our privacy.
Good, hopefully we'll see some real innovation, with wide spread micropayments, rather than brainwashing which costs the viewer of the site far more than the recipient of the site gets.
Good, hopefully we'll see some real innovation, with wide spread micropayments, rather than brainwashing which costs the viewer of the site far more than the recipient of the site gets.
I think micropayments are a classic example of a solution that seems sensible to engineering under the assumption that humans are rational beings, but in the real world it falls apart because they aren't.
The hardest part of making a sale isn't the price--it's getting the customer to say yes. With micropayments you ask the customer to say yes every time they click a link. This imposes a cognitive/mood/whatever penalty every time they consider viewing your content. No wonder it hasn't taken off.
A better solution from a market psychology standpoint would be to sell an all access pass to the content on 10, 100, or 1000 websites. Monthly auto rebill. Just one purchase decision for life and with enough sites the perceived value is high. Not sure why we aren't seeing more of this -- if anyone works at a media conglomerate feel free to reply :)
The hardest part of making a sale isn't the price--it's getting the customer to say yes. With micropayments you ask the customer to say yes every time they click a link. This imposes a cognitive/mood/whatever penalty every time they consider viewing your content. No wonder it hasn't taken off.
A better solution from a market psychology standpoint would be to sell an all access pass to the content on 10, 100, or 1000 websites. Monthly auto rebill. Just one purchase decision for life and with enough sites the perceived value is high. Not sure why we aren't seeing more of this -- if anyone works at a media conglomerate feel free to reply :)
Just make it an all you can eat plafond.
I know I am worth ~50$ a year to the Ad business. I'll gladly pay $60 a year for access to content. That $60 gets redistributed to content providers based on the share of my viewership they get.
Basically, cut the middle man (ad companies in this case).
I know I am worth ~50$ a year to the Ad business. I'll gladly pay $60 a year for access to content. That $60 gets redistributed to content providers based on the share of my viewership they get.
Basically, cut the middle man (ad companies in this case).
How can you know that? I remember back in high school I made a few flash games, that was the only time I ever got a few ECPM mesure of every countries, and I could get up to 10$ per 1000 views from the US. It did include video ads though.
Let stay conservative and say 3$ per 1000 views. I heard of plenty of people that make more and that's including what Google take out of it. There's no way you only see 20 000 pages a year. It's at least 5-6 times that amount of page.
Ads are also amazing by the fact that they still pay even though you are underage and can't get a credit card. My passion of software engineering wouldn't have been fulfilled if it wasn't from all the free resource. I learned from Site du Zéro, I was there pretty early when they started, I've seen the website owner going from nothing to building an amazing company. Now they no longer depends on ads, so that's good, but that's only because me seeing their ads at the being was enough for them to work full time on it.
Let stay conservative and say 3$ per 1000 views. I heard of plenty of people that make more and that's including what Google take out of it. There's no way you only see 20 000 pages a year. It's at least 5-6 times that amount of page.
Ads are also amazing by the fact that they still pay even though you are underage and can't get a credit card. My passion of software engineering wouldn't have been fulfilled if it wasn't from all the free resource. I learned from Site du Zéro, I was there pretty early when they started, I've seen the website owner going from nothing to building an amazing company. Now they no longer depends on ads, so that's good, but that's only because me seeing their ads at the being was enough for them to work full time on it.
20000 pages a year comes to 54 a day every single day. 5-6 times that amount would be 250-300 pages a day. I don’t think many people read that much.
Also note that this is in the context of the typically more valuable video ads. On eg YouTube if you say 1 ad per 10 minutes it would take 9 hours of video watching per day to rack up 54 ads.
I don’t know what rate of ads one can expect from a mobile game but maybe it would be more. I think you would still likely need several hours to get so many. And presumably you want to play less if there are more frequent ads.
Also note that this is in the context of the typically more valuable video ads. On eg YouTube if you say 1 ad per 10 minutes it would take 9 hours of video watching per day to rack up 54 ads.
I don’t know what rate of ads one can expect from a mobile game but maybe it would be more. I think you would still likely need several hours to get so many. And presumably you want to play less if there are more frequent ads.
>I don’t think many people read that much.
Anyone on Hacker News read much more than 250-300 pages a day. Just casually browsing on Hacker News would give a few dozens (multiple pages, looking at comments, going to the actual page). Any software engineer will look at reference on the web. I regularly reach 1000 pages a day myself at works (verified using a Chrome extension) and it doesn't take into account my usage over my phone.
> On eg YouTube if you say 1 ad per 10 minutes it would take 9 hours of video watching per day to rack up 54 ads.
Video ads pay much more, as I said, they can go up to 10$ for 1000 views and that's not included the ad provider part.
Anyone on Hacker News read much more than 250-300 pages a day. Just casually browsing on Hacker News would give a few dozens (multiple pages, looking at comments, going to the actual page). Any software engineer will look at reference on the web. I regularly reach 1000 pages a day myself at works (verified using a Chrome extension) and it doesn't take into account my usage over my phone.
> On eg YouTube if you say 1 ad per 10 minutes it would take 9 hours of video watching per day to rack up 54 ads.
Video ads pay much more, as I said, they can go up to 10$ for 1000 views and that's not included the ad provider part.
And you only need to get everyone on the planet who wants to sell content to participate in the network and agree to standardized compensation. It's the same type of issue as with blockchain for supply chains, etc. Everyone needs to participate or it doesn't really work. It can work--it's been reasonably well worked out in music--but that's arguably a more standardized product.
The thing is someone in our community is probably worth $500 a year to the ad business whereas 90% of people are worth nothing. Would you be willing to pay $600 a year to access content, what happens to the other 90% who couldn't afford that. What media would they be condemned to consume.
$2 a day?
If you really want to be socially inclusive, raise taxes on those that can afford to pay (wealthy pensioners are massively undertaxed in the UK for instance), and distribute it as "consumer tokens", or cash, that people can spend on consuming crap.
If you really want to be socially inclusive, raise taxes on those that can afford to pay (wealthy pensioners are massively undertaxed in the UK for instance), and distribute it as "consumer tokens", or cash, that people can spend on consuming crap.
I actually doubt someone in our community is worth that much. If anything, we're worth less than non-tech-savvy people because we see through the bullshit (when we don't outright block it) where as they don't.
A friend of mine recently fell prey to a scam ad on Facebook and they got some money off her. I have yet to buy anything from an online ad in my entire life; so she is actually a much better investment than I am in terms of ad spend.
A friend of mine recently fell prey to a scam ad on Facebook and they got some money off her. I have yet to buy anything from an online ad in my entire life; so she is actually a much better investment than I am in terms of ad spend.
> because we see through the bullshit (when we don't outright block it) where as they don't.
Sounds like the "marketing doesn't work on me cuz I'm so smart" fallacy, which usually means you're getting hacked by a different type of marketing.
Getting the eyes of wealthy target demographic -- and IT/CS/Dev/STEM folks qualifies -- is definitely worth $$$, the only question is if it's $500 or lower (or higher?). I used to have clients who existed to target the hyper-wealthy, and they made cash hand over fist schlepping details about those folks.
$500 bucks for semi-personalized deets about FAANG devs making $300k+ makes sense, and you can find those people on HN for sure.
Sounds like the "marketing doesn't work on me cuz I'm so smart" fallacy, which usually means you're getting hacked by a different type of marketing.
Getting the eyes of wealthy target demographic -- and IT/CS/Dev/STEM folks qualifies -- is definitely worth $$$, the only question is if it's $500 or lower (or higher?). I used to have clients who existed to target the hyper-wealthy, and they made cash hand over fist schlepping details about those folks.
$500 bucks for semi-personalized deets about FAANG devs making $300k+ makes sense, and you can find those people on HN for sure.
My preferred marketing vulnerability is Consumer Reports- or Wirecutter-style. They're making money off marketing things to me, but they're not dependent on any particular brand, so I can feel reasonably confident that I'll be happy with the results.
See https://contributor.google.com/ which offers almost exactly this.
It's $5/mo even for the limited list of sites participating (already $60/mo). I suppose removing ads everywhere by paying web sites the amount advertisers from all networks pay them would cost several times as much.
It's $5/mo even for the limited list of sites participating (already $60/mo). I suppose removing ads everywhere by paying web sites the amount advertisers from all networks pay them would cost several times as much.
It's a sensible way of having content creators get paid, but I'm not particularly comfortable with Google watching what websites I visit, which is necessary so they can dole out the cash.
What's worked for me is a combination of aggressive ad-and-tracker-blocking and subscribing to the print versions of content I enjoy.
What's worked for me is a combination of aggressive ad-and-tracker-blocking and subscribing to the print versions of content I enjoy.
That seems worse than just a pay-per-page model, because it's pay-per-page AND you have to put money up front.
> sell an all access pass to the content on 10, 100, or 1000 websites
This is a federated subscription. It tends to be a precursor to media mergers, though. (For example, Bloomberg buying BusinessWeek.)
This is a federated subscription. It tends to be a precursor to media mergers, though. (For example, Bloomberg buying BusinessWeek.)
https://contributor.google.com/v/beta is almost exactly what you describe.
It doesn't seem to be growing much though, only having roughly 20 sites it looks like.
https://support.google.com/contributor/answer/7324995
It doesn't seem to be growing much though, only having roughly 20 sites it looks like.
https://support.google.com/contributor/answer/7324995
It would be naive to think Google isn't still tracking you despite you're paying.
I haven't read into Contributor to see if they are even claiming that in the first place (the homepage doesn't mention anything about it, and I don't feel "tracking" and "ads" are the same thing at all, even if many conflate them to be).
But assuming they are promising that paying for Contributor would remove you from all tracking (whatever that means), wouldn't it be a pretty big deal (both legally and ethically) if it was found that they are still tracking you while saying they explicitly won't?
Obviously tracking required to run the service would be excluded (they need to know who you are to take money from you in the US, and they need to "track" your identity to tell that you are the person paying for that service), but don't they already have plenty of controls over how they use your personal information, regardless of whether you are paying for Contributor or not?
Sure, they could stand to make them more obvious, but I get asked all the time to double-check my privacy settings with google, I get asked if I want to enable personalized ads when I'm setting up a new Android phone, and the page where you go to turn it off is a single toggle switch.
But assuming they are promising that paying for Contributor would remove you from all tracking (whatever that means), wouldn't it be a pretty big deal (both legally and ethically) if it was found that they are still tracking you while saying they explicitly won't?
Obviously tracking required to run the service would be excluded (they need to know who you are to take money from you in the US, and they need to "track" your identity to tell that you are the person paying for that service), but don't they already have plenty of controls over how they use your personal information, regardless of whether you are paying for Contributor or not?
Sure, they could stand to make them more obvious, but I get asked all the time to double-check my privacy settings with google, I get asked if I want to enable personalized ads when I'm setting up a new Android phone, and the page where you go to turn it off is a single toggle switch.
Yeah, by paying all you're doing is showing you're prepared to pay for stuff; making you a better mark and so worth more for referrals.
Which sites go into that list? Who gets the margin on it? Who decides how much the sites get and how much is "spent" on infrastructure?
Can't wait to buy my "Internet Pass"!
Can't wait to buy my "Internet Pass"!
Now ad networks and sites bid for the amount to charge for ads shown in an ad slot on a web site.
They can equally bid for the amount to charge from a customer directly. If your payment for not seeing an ad outbids ad networks, you don't see the ad.
E.g. imagine that you agree to pay up to 5¢ automatically for visiting a page is the site asks for it, up to 15¢ per session. If the required sum is above it, you get notified (pay or not). You can configure your browser according to your tastes: accept larger charges from particular sites, always decline any paid pages from some other sites, bid for removal of video ads more aggressively than for static text ads, etc.
A clearinghouse company should handle this the same way an ad network would. Viewers would put some money to their account, and that would be written off in larger transactions e.g. weekly (dollars, not cents).
I believe such solutions were tried in the past, but did not work too well. I suppose most people value their attention much lower than hard cash.
They can equally bid for the amount to charge from a customer directly. If your payment for not seeing an ad outbids ad networks, you don't see the ad.
E.g. imagine that you agree to pay up to 5¢ automatically for visiting a page is the site asks for it, up to 15¢ per session. If the required sum is above it, you get notified (pay or not). You can configure your browser according to your tastes: accept larger charges from particular sites, always decline any paid pages from some other sites, bid for removal of video ads more aggressively than for static text ads, etc.
A clearinghouse company should handle this the same way an ad network would. Viewers would put some money to their account, and that would be written off in larger transactions e.g. weekly (dollars, not cents).
I believe such solutions were tried in the past, but did not work too well. I suppose most people value their attention much lower than hard cash.
Someone should figure out a way to:
- Track how many sites a user visits, without knowing which sites the user visits. Call this number N.
- Charge the user for N visits.
- Distribute the money to the original websites, without anyone knowing (not even their banks?)
Sounds like a nice task for a cryptography researcher.
- Track how many sites a user visits, without knowing which sites the user visits. Call this number N.
- Charge the user for N visits.
- Distribute the money to the original websites, without anyone knowing (not even their banks?)
Sounds like a nice task for a cryptography researcher.
way too easy to game.
just spread a virus... or chrome extension which keep querying your websites
there is no way to implement this with technology in a reasonable manner unless you monitor every action every user does at any time. which would be (at least in my opinion) worse.
just spread a virus... or chrome extension which keep querying your websites
there is no way to implement this with technology in a reasonable manner unless you monitor every action every user does at any time. which would be (at least in my opinion) worse.
> just spread a virus
Yes, but by that logic a banking website could also be compromised.
Yes, but by that logic a banking website could also be compromised.
And they often are (in the sense that people have malware on their computers that try to siphon data and passwords when they go to a banking site)
And banks spend a lot of money to minimize that; less affluent business won’t be able to properly deal with that.
And banks spend a lot of money to minimize that; less affluent business won’t be able to properly deal with that.
> And banks spend a lot of money to minimize that
Any examples of that, relevant to a desktop bank website user?
Do they sell antivirus solutions, or work with browser vendors to improve security?
I suspect banks have some kind of money-back obligation when hacked, but curious how far that goes when a sizeable part of their customers is hacked.
Any examples of that, relevant to a desktop bank website user?
Do they sell antivirus solutions, or work with browser vendors to improve security?
I suspect banks have some kind of money-back obligation when hacked, but curious how far that goes when a sizeable part of their customers is hacked.
Some banks force you to use a token to log in.
Korean banks required an activex that scanned your computer.
These measures surely raise the bar though I don’t know how effective they actually are.
Korean banks required an activex that scanned your computer.
These measures surely raise the bar though I don’t know how effective they actually are.
Also it would start to feel like paying for cable. 1000 channels, and I only watch maybe 5.
I believe it is about price. Even relatively well off demographic here seems to think 20 bucks a month enough to get top 10 newspapers and magazines. This number is simply unworkable for high quality newspapers. Just like some people are dreaming about an aggregate streaming service which would be 20-30 dollars a month and can cover Netflix, Disney and myriad others.
Internet has given power to people to issue veiled threats that one has to give content to users at price they deem sufficient else users would simply pirate and pay nothing.
Internet has given power to people to issue veiled threats that one has to give content to users at price they deem sufficient else users would simply pirate and pay nothing.
One way to do it would be that the first time I visit a proper article on guardian.com (not something 5 lines long which would acts as a loss leader), I get told "indepth articles cost 20p. Click to authorise upto £2 (dropdown for ". Then I don't get asked until after I've read 10 in depth articles. The payment site would have to track if I've read that article before to avoid recharging me, but that's fine, I'd agree to that (if I don't agree then I have to pay each time). I could get a monthly statement, and clear my past logs from a trivial interface (wipe this artcile, wipe this site, wipe all older than x days, etc)
I hit "yes" or "no", and don't hear about it until I've read those 20 articles. Something built into my browser could act as the middle man, taking 10% of that fee and sending the rest to the article's creator. Firefox could put in an infrastructure to plug in easilly enough. You could even allow payment via bitcoin to get VCs happy.
I hit "yes" or "no", and don't hear about it until I've read those 20 articles. Something built into my browser could act as the middle man, taking 10% of that fee and sending the rest to the article's creator. Firefox could put in an infrastructure to plug in easilly enough. You could even allow payment via bitcoin to get VCs happy.
I'm going to be honest with you: I would never use a website that used this service. I would just close the tab. I suspect most people would too.
I don't have the patience to be thinking about authorizing spend every time I click a link.
I don't have the patience to be thinking about authorizing spend every time I click a link.
That was Clay Shirky’s argument years ago during the first round of micropayments startups. While we do deal with micropayments in one sense every time we flip on a light switch and used to do so for phone calls, it feels different somehow for reading articles. We don’t want to have to ask ourselves if something is worth 10 cents every time we click a link.
I think it fails fundamentally from a market perspective - you don't know what is truly in it until you agree. Browsing while met with grumbles by merchants is essential.
Toll gating inherently adds friction to a process whose whole damn point is being low friction - marginal costs per person and free to reference around.
A rational solution would be to pay for what you like but people really aren't trained that way or lack the resources relatively. I suspect "microwork" could work better for viewers with little money and even then it is still a friction akin to annoying ads that drives people away.
Toll gating inherently adds friction to a process whose whole damn point is being low friction - marginal costs per person and free to reference around.
A rational solution would be to pay for what you like but people really aren't trained that way or lack the resources relatively. I suspect "microwork" could work better for viewers with little money and even then it is still a friction akin to annoying ads that drives people away.
So, basically the cable tv industry for websites. One more thing for Comcast to buy and I don’t really think they deserve more money.
> it's getting the customer to say yes
Yes. That's how capitalism works. You have to compete in the market.
> With micropayments you ask the customer to say yes every time they click a link.
Yes - do you think you should be able to sell them additional products without getting the buy's permission? That "conative penalty" is the difference between an ethical transaction approved by both sides, and a scam, fraud, or strong-arm tactic such as bundling or abusive contracts of adhesion.
> This imposes a cognitive/mood/whatever penalty every time they consider viewing your content
Yes, consumers are empowered to more buy specifically what they want, and nothing more.
Or, you could try a new business model that avoids some of this penalty in new, innovative ways.
> sell an all access pass to the content on 10, 100, or 1000 websites
That bundles together products that someone does not want into the same payment for the products they do want. This is the same market distortion that the cable companies use, which people have been walking away from over the last ~decade.
When buyers are empowered to bypass market distortions like bundling, product prices are able to move closer to their actual value. For some products that value is zero. That's a signal that it's time to find a better product to sell, not a reason to undermine the core mechanism of capitalism by removing consumer choice.
Yes. That's how capitalism works. You have to compete in the market.
> With micropayments you ask the customer to say yes every time they click a link.
Yes - do you think you should be able to sell them additional products without getting the buy's permission? That "conative penalty" is the difference between an ethical transaction approved by both sides, and a scam, fraud, or strong-arm tactic such as bundling or abusive contracts of adhesion.
> This imposes a cognitive/mood/whatever penalty every time they consider viewing your content
Yes, consumers are empowered to more buy specifically what they want, and nothing more.
Or, you could try a new business model that avoids some of this penalty in new, innovative ways.
> sell an all access pass to the content on 10, 100, or 1000 websites
That bundles together products that someone does not want into the same payment for the products they do want. This is the same market distortion that the cable companies use, which people have been walking away from over the last ~decade.
When buyers are empowered to bypass market distortions like bundling, product prices are able to move closer to their actual value. For some products that value is zero. That's a signal that it's time to find a better product to sell, not a reason to undermine the core mechanism of capitalism by removing consumer choice.
Do you pay for news? I do and I can tell you there is literally no way I'm going to do a per-article payment test.
In fact, what I want I already have. The WSJ will bundle (yes, bundle) all its articles into a single monthly fee. The Economist happily does the same.
If, for some reason, these guys decided to switch me to pay-per-article I just wouldn't read them. That's too much of a cost. I can't afford it. Time is too precious for this nonsense.
In fact, what I want I already have. The WSJ will bundle (yes, bundle) all its articles into a single monthly fee. The Economist happily does the same.
If, for some reason, these guys decided to switch me to pay-per-article I just wouldn't read them. That's too much of a cost. I can't afford it. Time is too precious for this nonsense.
Hidden in the comments, here is the wisdom worth incorporating.
> wide spread micropayments
I see this on HN a LOT, but I am really not sure it's a great model. The thing about ad-supported revenue is that you can still consume the content if you can't afford it.
I'm simplifying a little, but the people who convert on ads are basically subsidizing the content for the rest of us. In our society the people that fall into the conversion group are generally wealthy and the people who fall into the latter group may or not be.
But the point is that with micropayments only the rich have access, and with ad-supported revenue everyone has access. I think most people prefer the latter.
I see this on HN a LOT, but I am really not sure it's a great model. The thing about ad-supported revenue is that you can still consume the content if you can't afford it.
I'm simplifying a little, but the people who convert on ads are basically subsidizing the content for the rest of us. In our society the people that fall into the conversion group are generally wealthy and the people who fall into the latter group may or not be.
But the point is that with micropayments only the rich have access, and with ad-supported revenue everyone has access. I think most people prefer the latter.
> In our society the people that fall into the conversion group are generally wealthy and the people who fall into the latter group may or not be.
[citation needed]. Telemarketing used to target people who could only barely afford it, and well educated, well earning folks from the younger generation tend to be tech savvy. The ones who don't know what's up are either old or uneducated (poor.)
That's at least a counter hypothesis if not outright refutation of your claim, since I don't actually know any of the numbers here myself.
[citation needed]. Telemarketing used to target people who could only barely afford it, and well educated, well earning folks from the younger generation tend to be tech savvy. The ones who don't know what's up are either old or uneducated (poor.)
That's at least a counter hypothesis if not outright refutation of your claim, since I don't actually know any of the numbers here myself.
[deleted]
Yea but they could afford it, ethically that sucks but they still had the money to spend.
Have you ever wanted to buy something small and literally didn't have the money in your account? This is how a huge number of people live, every day, day to day. Those people will never have access to micropayment content, because they can't afford it.
Have you ever wanted to buy something small and literally didn't have the money in your account? This is how a huge number of people live, every day, day to day. Those people will never have access to micropayment content, because they can't afford it.
> they still had the money to spend.
you did claim
> the people that fall into the conversion group are generally wealthy
now you say "yeah okay it sucks ethically", and shift the goal posts to something else entirely, from "wealth" to "they could buy it"? You're playing fast and loose with the exploitation, both financially and mentally, of others.
You can't just ignore the costs of exploitation of people who buy shit they can't afford because their life sucks, and the sheer pollution of minds by advertisement, all the needlessly created "needs", too, because they can't be easily quantified.
> Those people will never have access to micropayment content, because they can't afford it.
So, social services in a country could confirm that a person is actually on welfare. If they are, sites can make certain things free for them, and/or others can donate a small share (10%?) of their micropayments to those who have nothing. That's not a fleshed out suggestion, just the first thing from the top off my head. Allow people to sign up to get a few free articles per month. Before you say it can't be done, show us you thought about it at all. You're also implying that the best or all the essential content would be micropayment content, which is a huge assumption.
you did claim
> the people that fall into the conversion group are generally wealthy
now you say "yeah okay it sucks ethically", and shift the goal posts to something else entirely, from "wealth" to "they could buy it"? You're playing fast and loose with the exploitation, both financially and mentally, of others.
You can't just ignore the costs of exploitation of people who buy shit they can't afford because their life sucks, and the sheer pollution of minds by advertisement, all the needlessly created "needs", too, because they can't be easily quantified.
> Those people will never have access to micropayment content, because they can't afford it.
So, social services in a country could confirm that a person is actually on welfare. If they are, sites can make certain things free for them, and/or others can donate a small share (10%?) of their micropayments to those who have nothing. That's not a fleshed out suggestion, just the first thing from the top off my head. Allow people to sign up to get a few free articles per month. Before you say it can't be done, show us you thought about it at all. You're also implying that the best or all the essential content would be micropayment content, which is a huge assumption.
>But the point is that with micropayments only the rich have access, and with ad-supported revenue everyone has access. I think most people prefer the latter.
As a a counter to that, I've been watching 3blue1brown's maths videos on Patreon. Payments get you early access to content, but everything gets posted up eventually and it seems preferable to having ads.
As a a counter to that, I've been watching 3blue1brown's maths videos on Patreon. Payments get you early access to content, but everything gets posted up eventually and it seems preferable to having ads.
I think the "tip model" could be greatly expanded. The reason it doesn't work as well now is because for one the ad revenue model exists, and when a system already dominates, people tend to stop looking for alternatives or embrace new ones.
Why bother to educate people to donate money when you can just put ads on your content? Also, when 99.9% of content-makers use ads, it means you have a much smaller pool of potential donors, too. When most users on the internet can donate and are used to donating, it becomes much easier to receive donations for any random piece of content.
And second, there's great friction in the existing micro-tip model, because the payment companies take big portions out of the small tips. Plus, there's quite a bit of fragmentation as not everyone has a PayPal account, or Apple account, or Google Contributor account, or Amazon account, etc.
I think cryptocurrencies will eventually solve this issue, if what we've seen so far with Steemit.com, d.tube, and others like them is any indication of that. Once people get into any cryptocurrency at all, the liquidity of tips greatly increases, and it becomes much easier to tip someone with a cryptocurrency. It's still in the super-early stages, though. It could take another 10 years before this becomes more mainstream.
I don't really see any other way for this to work. The Google Contributor or even Flattr models will not work because they are not decentralized and interoperable enough with others like them. You'll never see the majority of people on the web use Google Contributor or Flattr. It needs to be an ecosystem of such services that all integrate and interoperate with no friction and content creators can be paid with any of them. The tipping model needs to be more like email than Apple iMessage, so that everyone can have one and use it with any other similar system.
Why bother to educate people to donate money when you can just put ads on your content? Also, when 99.9% of content-makers use ads, it means you have a much smaller pool of potential donors, too. When most users on the internet can donate and are used to donating, it becomes much easier to receive donations for any random piece of content.
And second, there's great friction in the existing micro-tip model, because the payment companies take big portions out of the small tips. Plus, there's quite a bit of fragmentation as not everyone has a PayPal account, or Apple account, or Google Contributor account, or Amazon account, etc.
I think cryptocurrencies will eventually solve this issue, if what we've seen so far with Steemit.com, d.tube, and others like them is any indication of that. Once people get into any cryptocurrency at all, the liquidity of tips greatly increases, and it becomes much easier to tip someone with a cryptocurrency. It's still in the super-early stages, though. It could take another 10 years before this becomes more mainstream.
I don't really see any other way for this to work. The Google Contributor or even Flattr models will not work because they are not decentralized and interoperable enough with others like them. You'll never see the majority of people on the web use Google Contributor or Flattr. It needs to be an ecosystem of such services that all integrate and interoperate with no friction and content creators can be paid with any of them. The tipping model needs to be more like email than Apple iMessage, so that everyone can have one and use it with any other similar system.
Can you substantiate your claim that "the people that fall in the conversion group are generally wealthy"?
My feeling is that the opposite is true, so I'd be happy to see more evidence for one or the other.
My feeling is that the opposite is true, so I'd be happy to see more evidence for one or the other.
He is absolutely correct. Wealthy in that you have access to ten dollars discretionary to spend per month. A friend of mine is from India and got into programming through free content with ads on the page.
Imagine people for whom a dollar is a lot, who have no credit card to link into your system, who have no money to buy your stuff and no way to buy it even if they had the money. Even a $0.01 charge would be impossible because they simply don't have the tool necessary to buy your stuff over the Internet.
I mourn the Internet that included people like them.
Imagine people for whom a dollar is a lot, who have no credit card to link into your system, who have no money to buy your stuff and no way to buy it even if they had the money. Even a $0.01 charge would be impossible because they simply don't have the tool necessary to buy your stuff over the Internet.
I mourn the Internet that included people like them.
When I saw wealthy, I mean they have money to spend on the product they're buying. Money or access to credit or whatever. This is absolutely true as someone is buying stuff driven through marketing.
A huge percentage of the people who don't buy are doing so not because the ads aren't effective, but because they don't have money to purchase. With a micropayment model those people just won't look at the content, because they don't have money in their account to do so.
A huge percentage of the people who don't buy are doing so not because the ads aren't effective, but because they don't have money to purchase. With a micropayment model those people just won't look at the content, because they don't have money in their account to do so.
Money or access to credit
These are definitely not the same thing.
These are definitely not the same thing.
With proper browser design, you could support both models.
load_ads_unless(payment >= $0.0001)
Whether or not sites would suffer the added complexity probably depends on how much money is on the table.
load_ads_unless(payment >= $0.0001)
Whether or not sites would suffer the added complexity probably depends on how much money is on the table.
> the people who convert on ads are basically subsidizing the content for the rest of us.
Do they?
Or is it the people who buy the products, regardless of ad conversion?
Do they?
Or is it the people who buy the products, regardless of ad conversion?
Ha yeah we all pay for the marketing campaigns regardless. Its factored into the price of every product you buy. The money for internet ads doesn't just spawn out of the ether.
> content
I don't think there is a "physical" product here. Mostly Articles and Videos
I don't think there is a "physical" product here. Mostly Articles and Videos
Depends on how savvy or data driven is the marketing team of the advertiser(?).
I think something like the concept of reddit gold can work on the content/news sites as well. At its core, its about the ones who liked/found the content useful can reward it with some payment.
Usually, in most of the business models, your most heavy users tend to subsidize/bear the cost of not so heavy but casual users. At the very core that is. For adverts it fails, since the heavy users are of less value than the casual ones. (how many times you can show the same ad to a user? Also, they are well trained on how to look past the ads).
With gold-like concept, great content is rewarded, and incentivized as well. Also, given the scale of reddit, it works really well (along with ads) but not too sure how well it will work with ad dependent publications.
Usually, in most of the business models, your most heavy users tend to subsidize/bear the cost of not so heavy but casual users. At the very core that is. For adverts it fails, since the heavy users are of less value than the casual ones. (how many times you can show the same ad to a user? Also, they are well trained on how to look past the ads).
With gold-like concept, great content is rewarded, and incentivized as well. Also, given the scale of reddit, it works really well (along with ads) but not too sure how well it will work with ad dependent publications.
Micropayments aren't a problem on the user end, they're a problem almost entirely on the distribution end. We have existing successful models of the user side, chief of which is taxes. The problem is that an ideal solution would feature one or a couple of players that would cover the distribution to all creators on the entire Internet. I.e. as a user, I want to set this system up once, and forget about it. But as long as people will keep competing to be a main payment gateway, each starting with their own slice of the Internet, users won't come.
Micropayment does not work on user end because the number of times it prompts the users. Example[1]. For me, it hinders the experience of reading. This would be even more problematic on the sites I have been on for the first time.
The problem with one player covering costs for all publishers is the monopoly it brings. Also, sounds more like cable, where there is a cost to access 100s of sites on the internet. Moreover, the users are not convinced to pay for one site they use, do you think they will be convinced to pay/donate for 100s of sites they have not even heard of? If it is forced as a package, then it is exactly like cable.
I am not saying it cant work, but would require a lot of work to convince the users to pay. Also you are covering for not just the server costs, but publication's staff costs, business costs, which vary over time. With just one time lifetime payment, they are in a bound themselves.
[1] https://www.theguardian.com/cities/2018/nov/21/is-indias-big...
The problem with one player covering costs for all publishers is the monopoly it brings. Also, sounds more like cable, where there is a cost to access 100s of sites on the internet. Moreover, the users are not convinced to pay for one site they use, do you think they will be convinced to pay/donate for 100s of sites they have not even heard of? If it is forced as a package, then it is exactly like cable.
I am not saying it cant work, but would require a lot of work to convince the users to pay. Also you are covering for not just the server costs, but publication's staff costs, business costs, which vary over time. With just one time lifetime payment, they are in a bound themselves.
[1] https://www.theguardian.com/cities/2018/nov/21/is-indias-big...
> Good, hopefully we'll see some real innovation, with wide spread micropayments
Micropayments raise difficult tax issues, especially for small sites.
In the United States, for example, if I've counted correctly 34 states require or will require by early 2019 out of state sellers of goods or services into the state to collect, report, and remit that state's sales tax. Another 13 states could do so, but have not yet amended their laws to require it [1]. 4 have no sales tax at all. (I'm counting DC as a state here).
Whether or not a state actually can force this on a given seller depends on whether or not the seller has a "nexus" with the state. 24 states' laws say you have a nexus if you have 200 sales a year in the state or sales in a year totaling $100k.
With micropayments, a site could hit 200 sales in a state easily and have to deal with sales tax, while only earning a small amount of revenue. For example, suppose your site accepted micropayments for reading articles. Say you did $0.05 per article. If 200 people in a "200 or $100k state" bought articles, that would $10 revenue.
Congratulations...you have to collect tax on that! Worse, tax depends on exactly where the person lives in the state. You have to get their address, and lookup the tax based on that. Going just by state, or even just by zip code within the state, is not sufficient as you might collect too little [2]. You also have to file quarterly tax reports, which have a filing fee in most states, which will almost certainly swamp your $10 revenue.
There are services you can use to do this for you. 24 states have banded together and formed a Streamlines Sales Tax group (SST), letting you register and file and remit taxes for all 24 through a single entity, and they have agreed to provide tax data (rates and tax district boundaries) in a common file format. Even better, if you agree to collect tax for all 24 of those states, then the states will pay the costs of you using any of several third party tax services companies (Avalara, TaxCloud, TaxJar, and a few others), including the costs of using those company's APIs to handle all the lookups up and calculation, and the costs of preparing and filing the reports.
Unfortunately, there are some big states that are not part of SST. California, Texas, Pennsylvania, Illinois, Colorado, New York for example. CA, TX, and NY don't collect on out of state sellers (yet), but those others do.
Avalara, TaxCloud, TaxJar, etc., can handle those states for you too, but that won't be free. TaxCloud, for example, if you use their "automatic compliance" plan, which requires collecting tax in all the SST states (so that the SST states pay TaxCloud), you can add non-SST states for 0.5% (less for large volume sellers) of your revenue in each such state, and that will cover address verification, tax lookups, reports, and filing. (No affiliation with TaxCloud. I just happen to be using them for my first attempt to get our site at work to handle out of state US sales taxes--before we had just been collecting for sales in our own state and collecting VAT for EU sales. VAT is vastly simpler since it is per country, and the EU has something equivalent to the US Streamlined Sales Tax called VAT MOSS, so VAT was pretty trivial to deal with without needing an outside service).
Anyway, all of the above probably will dampen interest at a lot of sites. Especially having to collect address information to calculate the tax. That raises privacy issues that I think many will find more troubling than the current ad site privacy issues.
[1] It was only in the middle of this year that it became legal for states to require out of state sellers to collect. In 1992, the Supreme Court had ruled that it was unconstitutional for states to do so, unless Congress specifically authorized them to do so. Congress never did so. But this year, the Supreme Court revisited that issue and decided that it is OK, after all.
[2] Realistically, the state probably won't come after you for the difference or penalties, but it is a risk you need to evaluate.
Micropayments raise difficult tax issues, especially for small sites.
In the United States, for example, if I've counted correctly 34 states require or will require by early 2019 out of state sellers of goods or services into the state to collect, report, and remit that state's sales tax. Another 13 states could do so, but have not yet amended their laws to require it [1]. 4 have no sales tax at all. (I'm counting DC as a state here).
Whether or not a state actually can force this on a given seller depends on whether or not the seller has a "nexus" with the state. 24 states' laws say you have a nexus if you have 200 sales a year in the state or sales in a year totaling $100k.
With micropayments, a site could hit 200 sales in a state easily and have to deal with sales tax, while only earning a small amount of revenue. For example, suppose your site accepted micropayments for reading articles. Say you did $0.05 per article. If 200 people in a "200 or $100k state" bought articles, that would $10 revenue.
Congratulations...you have to collect tax on that! Worse, tax depends on exactly where the person lives in the state. You have to get their address, and lookup the tax based on that. Going just by state, or even just by zip code within the state, is not sufficient as you might collect too little [2]. You also have to file quarterly tax reports, which have a filing fee in most states, which will almost certainly swamp your $10 revenue.
There are services you can use to do this for you. 24 states have banded together and formed a Streamlines Sales Tax group (SST), letting you register and file and remit taxes for all 24 through a single entity, and they have agreed to provide tax data (rates and tax district boundaries) in a common file format. Even better, if you agree to collect tax for all 24 of those states, then the states will pay the costs of you using any of several third party tax services companies (Avalara, TaxCloud, TaxJar, and a few others), including the costs of using those company's APIs to handle all the lookups up and calculation, and the costs of preparing and filing the reports.
Unfortunately, there are some big states that are not part of SST. California, Texas, Pennsylvania, Illinois, Colorado, New York for example. CA, TX, and NY don't collect on out of state sellers (yet), but those others do.
Avalara, TaxCloud, TaxJar, etc., can handle those states for you too, but that won't be free. TaxCloud, for example, if you use their "automatic compliance" plan, which requires collecting tax in all the SST states (so that the SST states pay TaxCloud), you can add non-SST states for 0.5% (less for large volume sellers) of your revenue in each such state, and that will cover address verification, tax lookups, reports, and filing. (No affiliation with TaxCloud. I just happen to be using them for my first attempt to get our site at work to handle out of state US sales taxes--before we had just been collecting for sales in our own state and collecting VAT for EU sales. VAT is vastly simpler since it is per country, and the EU has something equivalent to the US Streamlined Sales Tax called VAT MOSS, so VAT was pretty trivial to deal with without needing an outside service).
Anyway, all of the above probably will dampen interest at a lot of sites. Especially having to collect address information to calculate the tax. That raises privacy issues that I think many will find more troubling than the current ad site privacy issues.
[1] It was only in the middle of this year that it became legal for states to require out of state sellers to collect. In 1992, the Supreme Court had ruled that it was unconstitutional for states to do so, unless Congress specifically authorized them to do so. Congress never did so. But this year, the Supreme Court revisited that issue and decided that it is OK, after all.
[2] Realistically, the state probably won't come after you for the difference or penalties, but it is a risk you need to evaluate.
I have a feeling the reason why most companies just went with the clickwrap consent is because there isn't really an alternative right now. And it was the path of least resistance ('just add this popup and you're good') to 'conform' with GDPR.
I'm about to have skin in the game as I'm working on an alternative (https://www.adsfromsource.com). Goal is to make advertising more respectful, both in regards to data privacy and in disallowing abusive/misdirecting/etc. ads.
I'm about to have skin in the game as I'm working on an alternative (https://www.adsfromsource.com). Goal is to make advertising more respectful, both in regards to data privacy and in disallowing abusive/misdirecting/etc. ads.
> Instead most companies have just opted for clickwrap consent, and continued as they always have.
But isn't that what people want to do?
Why can't I sell my personal data in exchange for services? It's mine isn't it?
But isn't that what people want to do?
Why can't I sell my personal data in exchange for services? It's mine isn't it?
Yes it may cause some business models to disappear
You’re talking about ~95% of Internet publishers and platform providers. Fortunately GDPR doesn’t apply to US sites that don’t “envisage” serving EU customers (see Recital 23). So those of us in the US will have the resources to keep publishing and innovating. But most companies/entrepreneurs that have to actually comply and aren’t big enough to essentially force users to do our bidding (Google, Facebook, etc) are going to have to close up shop.
You’re talking about ~95% of Internet publishers and platform providers. Fortunately GDPR doesn’t apply to US sites that don’t “envisage” serving EU customers (see Recital 23). So those of us in the US will have the resources to keep publishing and innovating. But most companies/entrepreneurs that have to actually comply and aren’t big enough to essentially force users to do our bidding (Google, Facebook, etc) are going to have to close up shop.
> I always saw the intention of the GDPR as legislation [...] Instead [...] The more rulings we have like this, the better.
How many examples do we need to recognize that legislation like this on the internet, well intended it may be, doesn't solve the problem? Why do we watch an approach continually fail and tell ourselves that we must continue that approach? Insanity and foolishness. One day I hope people can separate what they want and what they can get, but in the meantime, I guess smaller businesses will just continually fret over regional compliance with unnecessary and unbeneficial societal costs. This ruling isn't going to change much except increase internet balkanization against EU. You shouldn't decry the workarounds, you should accept responsibility for them.
(I've talked about it on this board ad nauseam so I won't make a long rant here, but in general there are other approaches or even more practical ones with legislation you can take if government interference in this medium is absolutely required which is debatable. You can't just look at other regulated sectors and magically apply that logic everywhere.)
How many examples do we need to recognize that legislation like this on the internet, well intended it may be, doesn't solve the problem? Why do we watch an approach continually fail and tell ourselves that we must continue that approach? Insanity and foolishness. One day I hope people can separate what they want and what they can get, but in the meantime, I guess smaller businesses will just continually fret over regional compliance with unnecessary and unbeneficial societal costs. This ruling isn't going to change much except increase internet balkanization against EU. You shouldn't decry the workarounds, you should accept responsibility for them.
(I've talked about it on this board ad nauseam so I won't make a long rant here, but in general there are other approaches or even more practical ones with legislation you can take if government interference in this medium is absolutely required which is debatable. You can't just look at other regulated sectors and magically apply that logic everywhere.)
Well, GDPR is a massive win and has helped tremendously.
That many sites isn't yet compliant is expected but I actually notice that sites do improve the UX (as in, won't try to force you to consent as strongly).
Though I didn't opt to read this article because it is behind oath.
That many sites isn't yet compliant is expected but I actually notice that sites do improve the UX (as in, won't try to force you to consent as strongly).
Though I didn't opt to read this article because it is behind oath.
> Well, GDPR is a massive win and has helped tremendously.
Disagree, has done little and costed lots. It is a massive loss and has hurt tremendously, especially with the mandate/precedent it gives for passing other ridiculously large scoped internet regulation henceforth.
Disagree, has done little and costed lots. It is a massive loss and has hurt tremendously, especially with the mandate/precedent it gives for passing other ridiculously large scoped internet regulation henceforth.
Has done little?
It has forced countless companies to review what they collect and how the process user data. The effects are seen everywhere even in the offline world.
The changes are absolutely monumental and it has successfully planted the notion that handling user data comes with a risk. The benefits can not possibly be overstated. We still have long ways to go but with GDPR there is hope.
It has forced countless companies to review what they collect and how the process user data. The effects are seen everywhere even in the offline world.
The changes are absolutely monumental and it has successfully planted the notion that handling user data comes with a risk. The benefits can not possibly be overstated. We still have long ways to go but with GDPR there is hope.
GDPR has definitely caused companies to reconsider privacy and how they handle user data - which is a very good thing. The problems will arise when a giant bureaucratic organization begins passing very explicit laws and legal judgements on something as fast moving and dynamic as the internet. The unintended consequences will be massive and will almost certainly harm the entities GDPR is trying to protect in the first place.
Good thing GDPR is more general than that. It applies to the offline world just as much as the internet.
It's also mainly common sense. Take care of your customers and don't abuse them and you are 90% done.
It's also mainly common sense. Take care of your customers and don't abuse them and you are 90% done.
We're going to have to disagree that forcing countless companies to review things, many of which were unnecessary, and planting notions is really doing much. It actually seems very easy to overstate those benefits. It also seems equally easy to ignore the costs.
Considering the blatant abuse it was very much necessary.
Planting notions is[n't] really doing much?!
The idea that more tracking and more data collection has no downsides is how we got here in the first place.
Planting notions is[n't] really doing much?!
The idea that more tracking and more data collection has no downsides is how we got here in the first place.
> Considering the blatant abuse it was very much necessary.
Disagree
> Planting notions is[n't] really doing much?!
No, especially considering the scope, cost of compliance, and downsides of government interference.
> The idea that more tracking and more data collection has no downsides is how we got here in the first place.
This is why I originally wrote "One day I hope people can separate what they want and what they can get". We have to separate intent/reason from reality, and we have to stop assuming all attempts to curb a problem are righteous and justified. There are downsides to collection as FB and others are seeing in countries without these laws. The downsides grow with education. How is that even possible if there are no downsides? And, pretending that false statement was true, I'll take the company tracking and data collection over government interference any day. The former has very minimal, often only theoretical harms, whereas the latter has very known and already realized consequences to business compliance costs, freedom of information costs, and difficulty to roll back when misused.
Disagree
> Planting notions is[n't] really doing much?!
No, especially considering the scope, cost of compliance, and downsides of government interference.
> The idea that more tracking and more data collection has no downsides is how we got here in the first place.
This is why I originally wrote "One day I hope people can separate what they want and what they can get". We have to separate intent/reason from reality, and we have to stop assuming all attempts to curb a problem are righteous and justified. There are downsides to collection as FB and others are seeing in countries without these laws. The downsides grow with education. How is that even possible if there are no downsides? And, pretending that false statement was true, I'll take the company tracking and data collection over government interference any day. The former has very minimal, often only theoretical harms, whereas the latter has very known and already realized consequences to business compliance costs, freedom of information costs, and difficulty to roll back when misused.
> and we have to stop assuming all attempts to curb a problem are righteous and justified
Agree, thing is, GDPR isn't something unreasonable. You should already be doing something similar. You should already care about your users.
If you have trouble implementing GDPR chances are pretty good that your company are a net loss to society.
> The former has very minimal, often only theoretical harms
Wow... Yeah, I'm just gonna stop now. Continuing this isn't worth the bandwidth.
Agree, thing is, GDPR isn't something unreasonable. You should already be doing something similar. You should already care about your users.
If you have trouble implementing GDPR chances are pretty good that your company are a net loss to society.
> The former has very minimal, often only theoretical harms
Wow... Yeah, I'm just gonna stop now. Continuing this isn't worth the bandwidth.
Plus the vast majority of websites don't need to even adhere to it. They could literally have a pop up that says "we don't care about GDPR".
> In plainer English, this is being
interpreted by data experts as the
regulator stating that consent to
processing personal data cannot be
gained through a framework arrangement
which bundles a number of uses behind a
single “I agree” button that, when
clicked, passes consent to partners
via a contractual relationship.
Now, I guess it's obvious to complain about the idiotic, user-hostile and down-right evil Oath consent pop-over that I got when I visited TC. I'm gonna do it anyway.
Here's hoping this ruling stands.
Now, I guess it's obvious to complain about the idiotic, user-hostile and down-right evil Oath consent pop-over that I got when I visited TC. I'm gonna do it anyway.
Here's hoping this ruling stands.
I haven't read techcrunch or any site with that oauth pop-over since GDPR came in. It's super obnoxious.
Pretty sure it's not OAuth, but Oath.
Also pretty sure they named the company Oath so that people would think "oh this is another OAuth permission box, OK".
Also pretty sure they named the company Oath so that people would think "oh this is another OAuth permission box, OK".
> Also pretty sure they named the company Oath so that people would think "oh this is another OAuth permission box, OK".
I think that's just developer bias. "OAuth" is not a thing non-developers know, even by name.
I think that's just developer bias. "OAuth" is not a thing non-developers know, even by name.
It looks like the "Oath" brand is going away, and they're going to use "Verizon Media Group": https://www.theverge.com/2018/11/5/18064172/verizon-oath-med...
Good. It was a truly horrible name.
You are so right, it is Oath
When GDPR popups started appearing, I modified my Kill Sticky bookmark-script to also re-enable scrolling. Works most of the time for any kind of popup.
Here's the script: https://pastebin.com/NfCyDLw8
Here's the script: https://pastebin.com/NfCyDLw8
Thanks for this script, by the way -- it's come in handy many times.
It's even more ironic in French [0], here we have a single click "I agree" button, in French, covering up a reading about a French ruling that suggests it's worthless.
[0] https://shakna.keybase.pub/oath_techcrunch.png
[0] https://shakna.keybase.pub/oath_techcrunch.png
That is really horrible.
It says "Select 'OK' to authorise 'Oath' and our partners to use your data."
Is there a more general, less specific, way to phrase this? It's basically "please let anyone use your data for anything".
It says "Select 'OK' to authorise 'Oath' and our partners to use your data."
Is there a more general, less specific, way to phrase this? It's basically "please let anyone use your data for anything".
Of the dark patterns I've found in this space, theirs is the worst so far. They hide away what they plan to do, and if you start digging in to try to find controls... well good luck, I haven't found any. You can get to all sorts of policies, various login pages and lots of spurious info, but as yet no controls.
Other dark patterns I've seen are -
A page attempts to put you off by making you manually deactivate hundreds of different services if you object to them (though they of course have a handy 'enable all' button).
A page gives you a big green "Accept All" button, and a 'reject all' option which looks greyed out and is smaller. When pressed it takes you to another dialog with a big green "Go Back" button and another, smaller, dimmer link for "Leave". The "Leave" link is the one that gets you back to the page, rejection preference intact.
These seem contrary to the spirit of the GDPR, I guess we'll see in time if they are deemed to contravene the law. The TC/Oath one definitely seems to be over the line.
--edit-- Missed one - A page allows you to set various controls and sliders to reject its data sharing, but then sits for several minutes "processing" your lack of consent. When it eventually completes you get a message saying that they don't have a version of the page they can show you without the data sharing cookies, so sorry, please check again in a few months.
Other dark patterns I've seen are -
A page attempts to put you off by making you manually deactivate hundreds of different services if you object to them (though they of course have a handy 'enable all' button).
A page gives you a big green "Accept All" button, and a 'reject all' option which looks greyed out and is smaller. When pressed it takes you to another dialog with a big green "Go Back" button and another, smaller, dimmer link for "Leave". The "Leave" link is the one that gets you back to the page, rejection preference intact.
These seem contrary to the spirit of the GDPR, I guess we'll see in time if they are deemed to contravene the law. The TC/Oath one definitely seems to be over the line.
--edit-- Missed one - A page allows you to set various controls and sliders to reject its data sharing, but then sits for several minutes "processing" your lack of consent. When it eventually completes you get a message saying that they don't have a version of the page they can show you without the data sharing cookies, so sorry, please check again in a few months.
> A page attempts to put you off by making you manually deactivate hundreds of different services if you object to them
Some of which are marked as "opt-out through partner", with no link or other details about how one would do that.
While the trackers are making it a faf to opt out (rather than as the legislation actually required: making it an opt-in situation) I'll just keep on with my side of the arms war that is ad-blocking. Their loss, not mine. I can't say I feel I've missed out on anything by sites failing/refusing to display with ads blocked, links that redirect through trackers not working at all, or just plain backing out of sites that are obnoxious (and in breach) with "by continuing or closing this banner..." and other such.
Some of which are marked as "opt-out through partner", with no link or other details about how one would do that.
While the trackers are making it a faf to opt out (rather than as the legislation actually required: making it an opt-in situation) I'll just keep on with my side of the arms war that is ad-blocking. Their loss, not mine. I can't say I feel I've missed out on anything by sites failing/refusing to display with ads blocked, links that redirect through trackers not working at all, or just plain backing out of sites that are obnoxious (and in breach) with "by continuing or closing this banner..." and other such.
>A page attempts to put you off by making you manually deactivate hundreds of different services if you object to them (though they of course have a handy 'enable all' button).
I see this often too. Doesn't this directly contravene the text of the GDPR, much less the spirit of it?
I see this often too. Doesn't this directly contravene the text of the GDPR, much less the spirit of it?
Yes. Opt in is a requirement, not opt out.
Yup. No more contracts to provide services. France is idiotic.
Contracts are fine. You just can't pay with your first-born, your freedom or your private data.
I like the way they are punished:
For now, the maximum fines seem to be just that, at least in France: Maxima, only for those who really do not want to mend their ways
no fine, but CNIL ordered the firm to delete all data it had
not already deleted (having judged collection illegal given
consent was not valid); and to stop processing data without
consent.
So this is a warning shot to them and the ad industry: If they change the way they do business, they were almost not hurt (There is probably the court costs to pay, plus their defence, plus opportunity costs).For now, the maximum fines seem to be just that, at least in France: Maxima, only for those who really do not want to mend their ways
The interminable pile of pop-ups on the EU web has become extremely annoying, and I don't blame ad firms and publishers for seeking to minimise the disruption to the user experience.
At the same time, the protections that the GDPR seeks to provide are very important and it's absolutely right to protect them in law.
But what value is there in constant boxes that users become accustomed to clicking through like trained monkeys? It devalues the whole point of the GDPR because no sane person would actually read the policies for every single website to see if their data is being used reasonably or not.
I personally think that there should be a limited, well-defined set of data that can be transmitted to ad exchanges under an assumed consent. Fully anonymised and broad demographic data (eg: age range, sex, city, etc) for example. Anything beyond that should require an explicit consent.
This should encourage most publishers to do the right thing, because if you're doing something that requires a consent pop-up, it probably means you're up to no good.
At the same time, the protections that the GDPR seeks to provide are very important and it's absolutely right to protect them in law.
But what value is there in constant boxes that users become accustomed to clicking through like trained monkeys? It devalues the whole point of the GDPR because no sane person would actually read the policies for every single website to see if their data is being used reasonably or not.
I personally think that there should be a limited, well-defined set of data that can be transmitted to ad exchanges under an assumed consent. Fully anonymised and broad demographic data (eg: age range, sex, city, etc) for example. Anything beyond that should require an explicit consent.
This should encourage most publishers to do the right thing, because if you're doing something that requires a consent pop-up, it probably means you're up to no good.
You only have to read the policies if you are interested in sharing the data and this can be linked properly. I don't see a problem there (besides the fact that many pages are not even able to link to the proper pages of course).
The design of the wall of buttons is another topic. There is a design opportunity for a good solution there. Unfortunately what I see is the opposite. Pages that try to trick you into consent, pages who seem to link to other pages "checking something", "loading", "I'm sorry, try later", plainly not working buttons or no way to check all to "do not allow" but one button to "allow all". I really hope people who install those will pay and disappear when someone has finally enough of this crap.
The design of the wall of buttons is another topic. There is a design opportunity for a good solution there. Unfortunately what I see is the opposite. Pages that try to trick you into consent, pages who seem to link to other pages "checking something", "loading", "I'm sorry, try later", plainly not working buttons or no way to check all to "do not allow" but one button to "allow all". I really hope people who install those will pay and disappear when someone has finally enough of this crap.
One could also argue that by avoiding the symmetric controls in these the websites are already aware of their malicious practices of the data they collect. This is cleverness, not stupidity.
> But what value is there in constant boxes that users become accustomed to clicking through like trained monkeys?
There is none, however it seems to me that a lot of these are going to be considered illegal after a while, particularly the ones that default-enable a ton of stuff under the cover of a single OK button.
What would be really, really nice to see would be the web industry engaging with this properly, and changing their attitudes to private data, instead of effectively trying to hide behind multiple levels of disclaimer and implementing dark patterns to try to work around it.
> This should encourage most publishers to do the right thing, because if you're doing something that requires a consent pop-up, it probably means you're up to no good.
This is already the case, as far as a lot of privacy campaigners are concerned. If you're not planning on using my data in nefarious ways (sharing it with commercial interests for money), but only use it in ways that support providing me the service (technically, not financially) we're golden, and you don't need any consent.
There is none, however it seems to me that a lot of these are going to be considered illegal after a while, particularly the ones that default-enable a ton of stuff under the cover of a single OK button.
What would be really, really nice to see would be the web industry engaging with this properly, and changing their attitudes to private data, instead of effectively trying to hide behind multiple levels of disclaimer and implementing dark patterns to try to work around it.
> This should encourage most publishers to do the right thing, because if you're doing something that requires a consent pop-up, it probably means you're up to no good.
This is already the case, as far as a lot of privacy campaigners are concerned. If you're not planning on using my data in nefarious ways (sharing it with commercial interests for money), but only use it in ways that support providing me the service (technically, not financially) we're golden, and you don't need any consent.
The constant boxes are actually against the spirit of the GDPR and it's only a matter of time until they are banned as well.
The GDPR requires all tracking to be opt-in and to be completely optional. Blocking access to a page by requiring the users to tick one or more permission boxes is not opt-in. The same is true for many other GDPR permission forms (like Tumblr's) where all uses and parties were/are enabled by default and one needs to disable each one individually.
It's a matter of time before one of these big firms gets investigated for these practices and a fine is dropped. Publishers will learn to stick to the rules soon enough.
The GDPR requires all tracking to be opt-in and to be completely optional. Blocking access to a page by requiring the users to tick one or more permission boxes is not opt-in. The same is true for many other GDPR permission forms (like Tumblr's) where all uses and parties were/are enabled by default and one needs to disable each one individually.
It's a matter of time before one of these big firms gets investigated for these practices and a fine is dropped. Publishers will learn to stick to the rules soon enough.
> "The constant boxes are actually against the spirit of the GDPR and it's only a matter of time until they are banned as well."
I note that some of the EU's own websites have them.
I note that some of the EU's own websites have them.
How can you be opt-in and be optional at the same time?
Consent-based personal data processing must be optional. That's pretty explicit in the GDPR. You cannot predicate service on a user opting-in (consenting). That's not consent. That's coercion, and the GDPR pretty explicitly bans it.
"But how can we monetise our service if we can't get paid via exploitation of personal data of our users?"
Don't know, don't care, not my problem. The ad industry has proven itself incapable of self-regulation, so the GDPR explicitly destroys this entire business model. Figuring out a new that works is the industry's problem.
"But how can we monetise our service if we can't get paid via exploitation of personal data of our users?"
Don't know, don't care, not my problem. The ad industry has proven itself incapable of self-regulation, so the GDPR explicitly destroys this entire business model. Figuring out a new that works is the industry's problem.
Precisely.
What everyone forgets is that one of the biggest debacles with adtech was their inability to even guarantee that no malware was being fed with the ads. That's how bad it had gotten. It will take a long, long time before I have any sympathy for digital advertising.
What everyone forgets is that one of the biggest debacles with adtech was their inability to even guarantee that no malware was being fed with the ads. That's how bad it had gotten. It will take a long, long time before I have any sympathy for digital advertising.
I'm not the parent poster, but I suspect here 'optional tracking' is taken to imply that they should not serve a 'Sorry we have no content to serve you, because you have not opted-in to our tracking' page, but should instead serve the content minus the tracking when one doesn't opt-in.
Your proposal is exactly what the GDPR pushes for in Recital 26 - it exempts from the regulation "personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable".
So the onus is completely on ad firms and publishers to stop trying to find tricks and loopholes, and actually follow the regulation as it's intended.
So the onus is completely on ad firms and publishers to stop trying to find tricks and loopholes, and actually follow the regulation as it's intended.
> But what value is there in constant boxes that users become accustomed to clicking through like trained monkeys?
Ideally, it adds a cost to including third-party cookies and tracking users. Editors of websites could choose to be more respectful of their visitors's data, and then they would be able to provide a more seamless experience without annoying popups.
In practice, apparently they are not willing to do that, either because money brought in by privacy-violating ads offsets the cost of losing users, or because they have not given much thought to it and are already used to showing lots of popups anyway, and think that one more will not change much.
> I personally think that there should be a limited, well-defined set of data that can be transmitted to ad exchanges under an assumed consent. Fully anonymised and broad demographic data (eg: age range, sex, city, etc) for example. Anything beyond that should require an explicit consent.
Fully anonymised and broad demographic data does not require consent, since it does not allow identifying users. As far as I know you could store the age range of users in a cookie and give just that to your ad exchange, although you should tell them at the time you ask for their age.
Ideally, it adds a cost to including third-party cookies and tracking users. Editors of websites could choose to be more respectful of their visitors's data, and then they would be able to provide a more seamless experience without annoying popups.
In practice, apparently they are not willing to do that, either because money brought in by privacy-violating ads offsets the cost of losing users, or because they have not given much thought to it and are already used to showing lots of popups anyway, and think that one more will not change much.
> I personally think that there should be a limited, well-defined set of data that can be transmitted to ad exchanges under an assumed consent. Fully anonymised and broad demographic data (eg: age range, sex, city, etc) for example. Anything beyond that should require an explicit consent.
Fully anonymised and broad demographic data does not require consent, since it does not allow identifying users. As far as I know you could store the age range of users in a cookie and give just that to your ad exchange, although you should tell them at the time you ask for their age.
>But what value is there in constant boxes that users become accustomed to clicking through like trained monkeys?
If the consent boxes all have sharing options disabled by default, which they should, and only appear once for each site then I don't really mind all that much. click
If the consent boxes all have sharing options disabled by default, which they should, and only appear once for each site then I don't really mind all that much. click
> But what value is there in constant boxes that users become accustomed to clicking through like trained monkeys?
Setting aside if it's in line with GDPR, the interesting effect for me is that it adds a whole lot more friction to sites like TechCrunch for instance.
Up until now the cookies banner was annoying, but at this point I'll never go to a site with heavy GDPR screens except if I really really want to read an article that is heavily discussed. Put it another way, I'm not sure we get trained to click these disclaimer, just opting out of the site becomes a simple option.
In comparison arstechnica for instance is frictionless, and I hope it brings them a boost in visits comparatively.
Setting aside if it's in line with GDPR, the interesting effect for me is that it adds a whole lot more friction to sites like TechCrunch for instance.
Up until now the cookies banner was annoying, but at this point I'll never go to a site with heavy GDPR screens except if I really really want to read an article that is heavily discussed. Put it another way, I'm not sure we get trained to click these disclaimer, just opting out of the site becomes a simple option.
In comparison arstechnica for instance is frictionless, and I hope it brings them a boost in visits comparatively.
> But what value is there in constant boxes that users become accustomed to clicking through like trained monkeys?
The truth is that on the privacy advocacy side of this issue there is an understanding that those boxes are not meaningful, informed consent. On the programmatic advertising, suck up all the data side of the issue there is an understanding that an intrusive pop up with psychological nudges towards acceptance is meaningful, informed consent.
The GDPR was drafted in the way it was because of the industry's poor reaction to the tracking cookie law. They added hefty fines and a necessity of informed, meaningful consent because the industry reacted with a wink and a nudge by implementing loop holes. This ruling seems to confirm that the commission was not joking, that it wasn't just political posturing, that they want the industry to cease and desist.
Given that I have edited the html of any form ever given to me to change "I agree" to some form of "I don't agree and waive no rights", in what way have they diligently acquired meaningful, informed consent from me and therefore from anyone?
The truth is that on the privacy advocacy side of this issue there is an understanding that those boxes are not meaningful, informed consent. On the programmatic advertising, suck up all the data side of the issue there is an understanding that an intrusive pop up with psychological nudges towards acceptance is meaningful, informed consent.
The GDPR was drafted in the way it was because of the industry's poor reaction to the tracking cookie law. They added hefty fines and a necessity of informed, meaningful consent because the industry reacted with a wink and a nudge by implementing loop holes. This ruling seems to confirm that the commission was not joking, that it wasn't just political posturing, that they want the industry to cease and desist.
Given that I have edited the html of any form ever given to me to change "I agree" to some form of "I don't agree and waive no rights", in what way have they diligently acquired meaningful, informed consent from me and therefore from anyone?
The stronger GDPR is interpreted by the courts, the stronger Google & Facebook's oligopoly is. To compete as an ad network you will first need to have consented first-party data at scale - in other words, a (or network of) website/application that a majority of European's visit daily.
Google and Facebook relies on other collecting consent on their behalf, lots of Google business takes place on other sites than their own, this is trouble for them too.
That doesn't seem to be the case here. In fact, Google asking other's to collect consent, and then performing auditing, may well not be considered compliant after this ruling.'
> The requirement based on the article 7 above-mentioned isn’t fulfilled with a contractual clause that guarantees validly collected initial consent. The company VECTAURY should be able to show, for all data that it is processing, the validity of the expressed consent.
Google hasn't first-party consented through each of the publishing contracts. They may be able to turn it around.
However, the industry would now favour someone who had no need to collect consent, if we're just talking about the base ability. The ad-world's dependency on personalised data is a problem, and may continue having issues with the GDPR.
> The requirement based on the article 7 above-mentioned isn’t fulfilled with a contractual clause that guarantees validly collected initial consent. The company VECTAURY should be able to show, for all data that it is processing, the validity of the expressed consent.
Google hasn't first-party consented through each of the publishing contracts. They may be able to turn it around.
However, the industry would now favour someone who had no need to collect consent, if we're just talking about the base ability. The ad-world's dependency on personalised data is a problem, and may continue having issues with the GDPR.
I think you're confusing Google's ad-tech platform (DFP and such) with Google's actual primary business as a publisher. Google's ad-tech business competes with other ad-tech platforms and provides services for other publishers to monetize their inventory. This is a relatively small part of their overall business that they could live without and Google the publisher doesn't need any of that to stay massively profitable. Google's own inventory would certainly be more valuable in a world where Google's ad-tech platform could not effectively help monetize other publishers' inventory.
That's the drawback indeed. That being said overall I'm not sure I'm willing to lament the loss of potential innovation in the profiling industry. Have people compete by offering different monetization schemes.
Furthermore I personally don't use Facebook and only rarely Google so I don't really care about that, everybody is free to decide the first parties they use or don't use. If people find value in these services and use them over the competition is it really unfair that they benefit from it?
Meanwhile third party trackers are on most websites these days so I actually benefit from regulation in that sector because otherwise I simply cannot opt-out of that tracking (unless I manage to block them all with extensions but it's virtually impossible to catch them all).
So IMO this regulation puts the power back into the hands of the users, they decide who gets access to their personal data. That's valuable.
Furthermore I personally don't use Facebook and only rarely Google so I don't really care about that, everybody is free to decide the first parties they use or don't use. If people find value in these services and use them over the competition is it really unfair that they benefit from it?
Meanwhile third party trackers are on most websites these days so I actually benefit from regulation in that sector because otherwise I simply cannot opt-out of that tracking (unless I manage to block them all with extensions but it's virtually impossible to catch them all).
So IMO this regulation puts the power back into the hands of the users, they decide who gets access to their personal data. That's valuable.
Then maybe stop using our personal data for advertising? DuckDuckGo can do it, so why can’t you?
> the stronger Google & Facebook's oligopoly is
Blocking a few big players is easier than blocking many small ones, so from the point of view of blocking ads until the advertisers stop being shady this might no tbe a bad thing.
If the ad/tracking industry wants me to play the game their way instead of not at all, they need to start playing by decent rules which includes following GDPR's various stipulations.
Blocking a few big players is easier than blocking many small ones, so from the point of view of blocking ads until the advertisers stop being shady this might no tbe a bad thing.
If the ad/tracking industry wants me to play the game their way instead of not at all, they need to start playing by decent rules which includes following GDPR's various stipulations.
The solution is to replace the cookie consents with an explicit form where users select their interests, so that the publisher can request ads tailored to the user. It's a lot more transparent and it can save a lot of publishers in the EU which are now at a dead end. (People who think that donations/subscriptions will save websites are deluded. Tracking is bad , but targeted advertising is not. Advertising is a perfectly valid model but context-based advertising is horrible - i know because i ve been seeing and serving those "russian bride" and "click here to get iphone" ads since May).
> context-based advertising is horrible - i know because i ve been seeing and serving those "russian bride" and "click here to get iphone" ads since May).
Doesn't exactly seem like you got context-based ads but rather completely pointless ads?
Doesn't exactly seem like you got context-based ads but rather completely pointless ads?
thats what you will get if you have anything other than a blog, though. I bet news websites have the same problem. Reporting about a death doesnt mean you want to advertise coffins.
And there is the problem:
It seems Russian bride distributors and few others pay best.
And media houses seems to don't care that this is intellectually and emotionally insulting to their readers.
Had they put slightly more effort into this they might have had a nice income from non-spammy ads like they have in print.
It seems Russian bride distributors and few others pay best.
And media houses seems to don't care that this is intellectually and emotionally insulting to their readers.
Had they put slightly more effort into this they might have had a nice income from non-spammy ads like they have in print.
Anything that makes it more difficult for the advertising industry is good in my book. Reminds me of how our ancestors built cathedrals instead of hospitals.
I've always felt that one way to change the way internet companies do business with a loose-style relationship with our data is to pass laws in small towns or even just one large city. Imagine if Portland OR made severe legal consequences for specific kinds of privacy breeches for people in its own town. The giants would have to decide to block people in that city or change general data processing rules internally. But I think it acts more of a starting point of an avalanche as more and more places see the good that comes from that.
It's also NOT just the big corps. Companies that use public records (and public records in and of themselves needs a LOT of additional laws in the digital age) so you can find your ex-girlfriends, etc... Can you imagine these ASSHAT websites being sued for 100k by people in Portland? Then New York, etc.. I would love to see that happen.
It's also NOT just the big corps. Companies that use public records (and public records in and of themselves needs a LOT of additional laws in the digital age) so you can find your ex-girlfriends, etc... Can you imagine these ASSHAT websites being sued for 100k by people in Portland? Then New York, etc.. I would love to see that happen.
Maybe, at some point, ad companies would prefer asking a visitor which topic he is interested in, instead of trying to collect some giant amount of shitty data to feed their profiling engine and then being GDPRed for failure to register consent. Sometimes the best solution is also the simplest.
[deleted]
I'm wondering if we can't start micropayments today: Create an ad provider which bids together with all the others, but in your name (and you give them some money).
If you pay enough via that ad provider, it will claim the ad space on that page for you and leave it empty or puts some todolist or whatever you want there. Ask a monthly fee of a euro for computer costs.
As this is the raison d'aitre of this pseudo ad company, all its GDPR troubles are resolved at once. If it gains traction, publishers can use it as a preferred ad provider and resolve their GDPR troubles too.
Only question: Who would want to pay for this. It might prove people prefer ads to micropayments.
If you pay enough via that ad provider, it will claim the ad space on that page for you and leave it empty or puts some todolist or whatever you want there. Ask a monthly fee of a euro for computer costs.
As this is the raison d'aitre of this pseudo ad company, all its GDPR troubles are resolved at once. If it gains traction, publishers can use it as a preferred ad provider and resolve their GDPR troubles too.
Only question: Who would want to pay for this. It might prove people prefer ads to micropayments.
Or use an Adblock.
Unless we want the internet to continue centralizing into the websites that don't need a business model (like VC funding), or to the few that people are willing to take out their wallet for (like Netflix), we need a new solution if we're going to unanimously block ads.
To my knowledge that's basically what Google Contributor does: https://contributor.google.com/v/beta
I don't think it ever caught on.
I don't think it ever caught on.
[deleted]
Privacy protections undermine that, since it would required individual targeting of ads (unless you could afford to pay for any ads shown to everyone in your demographics).
You could try to form a coalition to do group purchases, but it's a hard thing to start, since the individual benefits would be small until you got a large number of members, whereas an adblocker is free and more effective.
Plus, the ad network could still track you, which is one of the problems people have with ads.
You could try to form a coalition to do group purchases, but it's a hard thing to start, since the individual benefits would be small until you got a large number of members, whereas an adblocker is free and more effective.
Plus, the ad network could still track you, which is one of the problems people have with ads.
This is not only about advertising, it's about any service that trasfers consent to another one. There is a full thread about micro payments here, but they could solve only some cases. There are plenty of legitimate third-party services added to web sites (example: customer service) that according to this ruling (if I understood it well) should verify consent on their own. This could be possible or not, it depends on the nature of the service.
There seems to be a significant ethical problem of dehumanization and predation in the tech community that must be analyzed and understood.
Here are people living in a civilized world with rules and regulations and posture as civilized human beings who function in an ethical society.
But at work they seem to be operating in neolitic wild lands engaging in increasingly invasive predatory behavior that systematically reduces the entirety of the human population going about their daily lives into objects of profit lacking agency, merely tools to be stalked and analyzed for revenue, to be prodded for value in any way possible. There is a dehumanization here with no respect of personal space, privacy and basic human dignity.
This would not be as bad if there was explicit consent and self declared transparency of the all processes in play, and commitments to ethical frameworks of operation. It's the surreptitious, misleading and often deceptive communication and behavior that betrays their willful complicity that is troubling.
Here are people living in a civilized world with rules and regulations and posture as civilized human beings who function in an ethical society.
But at work they seem to be operating in neolitic wild lands engaging in increasingly invasive predatory behavior that systematically reduces the entirety of the human population going about their daily lives into objects of profit lacking agency, merely tools to be stalked and analyzed for revenue, to be prodded for value in any way possible. There is a dehumanization here with no respect of personal space, privacy and basic human dignity.
This would not be as bad if there was explicit consent and self declared transparency of the all processes in play, and commitments to ethical frameworks of operation. It's the surreptitious, misleading and often deceptive communication and behavior that betrays their willful complicity that is troubling.
> consent [...] cannot be gained through a framework arrangement which bundles a number of uses behind a single “I agree” button [...]
I'm a bit worried that the interface of old Windows installers might make a comeback in the internet, but with "I agree" instead of "Next" written on that button that you have to click a dozen times.
I'm a bit worried that the interface of old Windows installers might make a comeback in the internet, but with "I agree" instead of "Next" written on that button that you have to click a dozen times.
This decision would be super good for Facebook and Google by the way. If you can't share/pool cookie data, then the smaller ad players will die out even faster than they are now.
[deleted]
Perhaps ironically, I can't access this article because I'm unwilling to just click "OK" and allow TechCrunch to pass my data to all and sundry, and their 'controls' links lead to a warren of pages at their parent company's site, and eventually to some sort of login page, with no controls in sight.
In apparent contravention of the GDPR, various parts of the page say that I must agree to their use of my data for third party advertising or I cannot access the site.
In apparent contravention of the GDPR, various parts of the page say that I must agree to their use of my data for third party advertising or I cannot access the site.
FWIW, TC works perfectly well with the default uMatrix config (as in block everything third party) and only sets a single, empty session cookie.
uMatrix is a life changer. No one can understand the sheer scope of how much one gets tracked until you log into a random article on the internet where bloody Pinterest or LinkedIn scripts and cookies are present. It's maddening, and uMatrix is amazing.
I'm wondering actually, is there any browser extension that would get rid of these popups (as well as all these "we use cookies" useless banners)?
Switch off JS or use uBlock - it can block arbitrary elements in any page, and works in two clicks.
The Oath consent is not just an overlay, it's a separate page that TC redirects to. Not as easy to block as on-page elements.
TC, to their credit, works really well without JS, so it's just a matter of disabling it.
In apparent contravention of the GDPR, various parts of the page say that I must agree to their use of my data for third party advertising or I cannot access the site.
They can say that they have a legitimate interest exemption - and they do. Sites must be able to earn money from their content, or they cannot operate. Therefore, they have a "legitimate interest" exemption for this practice (allowed under GDPR) - they cannot provide you with the service you requested because you are unwilling to help pay for it by allowing third party ads.
Edit: By the way, none of this addresses the other elephant in the room. TechCrunch is US based, and to my knowledge they do not offer foreign language translations of their site, at least on the .com version of the site. This meets the test under Recital 23, which says that if it doesn’t “envisage” serving EU users, it isn’t even subject to the GDPR. Any privacy notices on TechCrunch.com are essentially a courtesy.
They can say that they have a legitimate interest exemption - and they do. Sites must be able to earn money from their content, or they cannot operate. Therefore, they have a "legitimate interest" exemption for this practice (allowed under GDPR) - they cannot provide you with the service you requested because you are unwilling to help pay for it by allowing third party ads.
Edit: By the way, none of this addresses the other elephant in the room. TechCrunch is US based, and to my knowledge they do not offer foreign language translations of their site, at least on the .com version of the site. This meets the test under Recital 23, which says that if it doesn’t “envisage” serving EU users, it isn’t even subject to the GDPR. Any privacy notices on TechCrunch.com are essentially a courtesy.
It has nothing to do with showing ads or not, it's about the use of your data to show "relevant" ads. Publishers can still show ads.
> They can say that they have a legitimate interest exemption - and they do
They don't. That's not a legitimate interest. Making money from the data is not covered and if it was then the entire law would be moot.
> they cannot provide you with the service you requested because you are unwilling to help pay for it by allowing ads.
You missed the word targeted there. And the massive background dissemination of data that accompanies them. That's the issue.
They don't. That's not a legitimate interest. Making money from the data is not covered and if it was then the entire law would be moot.
> they cannot provide you with the service you requested because you are unwilling to help pay for it by allowing ads.
You missed the word targeted there. And the massive background dissemination of data that accompanies them. That's the issue.
They don't. That's not a legitimate interest.
While I live in the US, I used an EU VPN for a few weeks just to see what would actually happen under GDPR as an EU user. I couldn't stand the popups after a while - GDPR has ruined the user experience of the web for 500 million people. But through that experience I saw that most sites based in the EU are either a) ignoring GDPR entirely, or b) taking the position that showing ads from third party ad networks without specific consent is a "legitimate interest" - whether you agree with that position or not. I also witnessed countless sites that required user consent in order to view content.
While I live in the US, I used an EU VPN for a few weeks just to see what would actually happen under GDPR as an EU user. I couldn't stand the popups after a while - GDPR has ruined the user experience of the web for 500 million people. But through that experience I saw that most sites based in the EU are either a) ignoring GDPR entirely, or b) taking the position that showing ads from third party ad networks without specific consent is a "legitimate interest" - whether you agree with that position or not. I also witnessed countless sites that required user consent in order to view content.
It doesn't really matter whether you or I agree with that position. The point is that the GDPR doesn't agree with that position -- and that has been made explicitly in the regulation: https://www.gdpreu.org/the-regulation/key-concepts/legitimat...
Even when data processing is necessary to the controller, such legitimate interests must be weighed against “the interests or fundamental rights and freedoms of the data subject”. Should data controllers justify processing without consent based on this subparagraph, they will need to be prepared to prove legitimate interests (a higher burden) relative to the implied general interests of data subjects.
So businesses will need to argue that their interest (income) outweighs the interests of their users (not to be sold out).
Specifically, when it comes to advertising itself as a legimate interest:
Where personal data are processed for the purposes of direct marketing, the data subject should have the right to object to such processing, including profiling to the extent that it is related to such direct marketing, whether with regard to initial or further processing, at any time and free of charge. That right should be explicitly brought to the attention of the data subject and presented clearly and separately from any other information.
Even when data processing is necessary to the controller, such legitimate interests must be weighed against “the interests or fundamental rights and freedoms of the data subject”. Should data controllers justify processing without consent based on this subparagraph, they will need to be prepared to prove legitimate interests (a higher burden) relative to the implied general interests of data subjects.
So businesses will need to argue that their interest (income) outweighs the interests of their users (not to be sold out).
Specifically, when it comes to advertising itself as a legimate interest:
Where personal data are processed for the purposes of direct marketing, the data subject should have the right to object to such processing, including profiling to the extent that it is related to such direct marketing, whether with regard to initial or further processing, at any time and free of charge. That right should be explicitly brought to the attention of the data subject and presented clearly and separately from any other information.
[deleted]
> GDPR has ruined the user experience of the web for 500 million people
No, that would be tracking and targeted advertising. No data processing - no need for popups or consent. If you want to sell me out to the highest bidder then you need to ask, and ruin the look of your site. Your problem, not mine.
> I saw that most sites based in the EU are either a) ignoring GDPR entirely, or b) taking the position that showing ads from third party ad networks without specific consent is a "legitimate interest" - whether you agree with that position or not. I also witnessed countless sites that required user consent in order to view content.
The law hasn't been in place for that long, and it will take a while for things to catch up. Your last two types of site there are specifically disallowed, and the first just naive.
No, that would be tracking and targeted advertising. No data processing - no need for popups or consent. If you want to sell me out to the highest bidder then you need to ask, and ruin the look of your site. Your problem, not mine.
> I saw that most sites based in the EU are either a) ignoring GDPR entirely, or b) taking the position that showing ads from third party ad networks without specific consent is a "legitimate interest" - whether you agree with that position or not. I also witnessed countless sites that required user consent in order to view content.
The law hasn't been in place for that long, and it will take a while for things to catch up. Your last two types of site there are specifically disallowed, and the first just naive.
> showing ads from third party ad networks without specific consent
Showing third party ads without consent is perfectly fine. IFF you don't gather, share, or process any personal data in doing so. If they serve static non-personalised ads, that's perfectly GDPR compliant.
Showing third party ads without consent is perfectly fine. IFF you don't gather, share, or process any personal data in doing so. If they serve static non-personalised ads, that's perfectly GDPR compliant.
You could also serve ads relevant to the page, e.g. an article about a country with tourism ads.
When you visit a U.S. newspaper (forget which one) you're greeted with a page. That page has a text blob which reads something like this: "We value your personal data, and so, because of GDPR we can't show you our content until we figure out how to show it in Europe".
Which is funny. Because they clearly don't care about personal data if you're in the U.S.
Hopefully in a few years (and hopefully a few multi-million dollar lawsuits later) the industry will learn to actually value my personal data and choices.
Which is funny. Because they clearly don't care about personal data if you're in the U.S.
Hopefully in a few years (and hopefully a few multi-million dollar lawsuits later) the industry will learn to actually value my personal data and choices.
It feels like at last half of the local papers in the US are doing this, including my hometown paper, the Temple Daily Telegram (http://www.tdtnews.com - https redirects to http, of all things...)
It's hard to say they don't target EU users, when they host a whole conference in Berlin: https://techcrunch.com/events/disrupt-berlin-2019/
And if they didn't target EU users they could just delete the ads, like USA Today does on its super fast EU-specific website (https://eu.usatoday.com/).
>> it doesn’t “envisage” serving EU users
Strange then that "techcrunch.co.uk" redirects to techcrunch.com/europe
Strange then that "techcrunch.co.uk" redirects to techcrunch.com/europe
The more rulings we have like this, the better. Yes it may cause some business models to disappear, but I feel it's worth it to take back control of our privacy.