Google accused of secretly feeding personal data to advertisers(ft.com)
ft.com
Google accused of secretly feeding personal data to advertisers
https://www.ft.com/content/e3e1697e-ce57-11e9-99a4-b5ded7a7fe3f
32 comments
http://archive.is/o8EGY
I can't read it and if I want to subscribe they want me to subscribe using Google
and after reading your title
I feel lost in an endless maze
I feel lost in an endless maze
Reading articles online in social media has evolved into social and collaborative effort where most people don't have to read the article itself.
HOWTO for (de facto) collaborative and delegated reading in the social media:
1/ You can upvote and comment articles based on the title without reading the article itself. If the subject is interesting, you agree with the title or you want to know more, upvote. When the article gains enough popularity and attention, the collaborative reading happens in three batches of comments.
2/ First batch of comments is from people who didn't read the article but want to say something or steer the discussion. They either use the title as writing cue to write what they think, or try to guess the article content and comment on it.
3/ Second batch is comments to the first batch from those who skimmed the article and correct the misconceptions the first batch of commenters had and provide information from the article.
4/ Third batch of comments comes from those who read the article or are subject experts or both. They correct the first and second batch comments and even correct errors in the original article. Sometimes the third batch never happens and the quality of the community reading suffers.
HOWTO for (de facto) collaborative and delegated reading in the social media:
1/ You can upvote and comment articles based on the title without reading the article itself. If the subject is interesting, you agree with the title or you want to know more, upvote. When the article gains enough popularity and attention, the collaborative reading happens in three batches of comments.
2/ First batch of comments is from people who didn't read the article but want to say something or steer the discussion. They either use the title as writing cue to write what they think, or try to guess the article content and comment on it.
3/ Second batch is comments to the first batch from those who skimmed the article and correct the misconceptions the first batch of commenters had and provide information from the article.
4/ Third batch of comments comes from those who read the article or are subject experts or both. They correct the first and second batch comments and even correct errors in the original article. Sometimes the third batch never happens and the quality of the community reading suffers.
Ironically, hitting „web” and opening the article from a google search results page, works.
Archive link:
http://archive.is/L2m5K
http://archive.is/L2m5K
CodinM(1)
From the FAQ [0]:
"It's ok to post stories from sites with paywalls that have workarounds.
In comments, it's ok to ask how to read an article and to help other users do so. But please don't post complaints about paywalls. Those are off topic."
[0] https://news.ycombinator.com/newsfaq.html
"It's ok to post stories from sites with paywalls that have workarounds.
In comments, it's ok to ask how to read an article and to help other users do so. But please don't post complaints about paywalls. Those are off topic."
[0] https://news.ycombinator.com/newsfaq.html
Ironic that the submitted link needless goes through google servers, giving them more data.
When I used a completely blank browser session, the google referrer allowed access to the site. This may have been inconsistent across more users or triggered an anti-abuse mechanism by the FT restricting access.
This article is centered around evidence submitted by Brave CPO Johnny Ryan. If you're not an FT subscriber, they have a blog post about it here: https://brave.com/google-gdpr-workaround/
This article seems to have more details but I'm still a little lost in it all. They actually link to a sample "push page" in that post:
https://brave.com/wp-content/uploads/files_2019-9-2/sample_p...
Ah, actually, this explains things a bit better:
https://brave.com/wp-content/uploads/sequence.pdf
So there's a "realtime bidding system" where when the user access a page, google goes out to bidders in realtime to figure out which ad to show. I haven't quite figured out the rest but in the process somehow, those networks are able subsequently match up details about the user.
EDIT from the Brave article:
>>> Every time a person visits a website that uses RTB, data about them is broadcast to tens or hundreds of tracking companies, who let advertisers compete for the opportunity to show them an ad. The data can include the category of what they are reading – which can reveal their sexual orientation,[4] political views,[5] their religion,[6] and health conditions including AIDS,[7] STDs,[8] and depression.[9] It includes what the person is reading, watching, and listening to. It includes their location. And it includes unique, pseudonymous ID codes that are specific to that person,[10] so that all of this data can be tied to you, continually, over time.
EDIT why does this article keep getting flagged? Can it just be redirected to the Brave post instead?
https://brave.com/wp-content/uploads/files_2019-9-2/sample_p...
Ah, actually, this explains things a bit better:
https://brave.com/wp-content/uploads/sequence.pdf
So there's a "realtime bidding system" where when the user access a page, google goes out to bidders in realtime to figure out which ad to show. I haven't quite figured out the rest but in the process somehow, those networks are able subsequently match up details about the user.
EDIT from the Brave article:
>>> Every time a person visits a website that uses RTB, data about them is broadcast to tens or hundreds of tracking companies, who let advertisers compete for the opportunity to show them an ad. The data can include the category of what they are reading – which can reveal their sexual orientation,[4] political views,[5] their religion,[6] and health conditions including AIDS,[7] STDs,[8] and depression.[9] It includes what the person is reading, watching, and listening to. It includes their location. And it includes unique, pseudonymous ID codes that are specific to that person,[10] so that all of this data can be tied to you, continually, over time.
EDIT why does this article keep getting flagged? Can it just be redirected to the Brave post instead?
Do they have an example of this data that is broadcasted to advertisers?
Ignoring the paywall, if the allegations are true, this is extremely sketchy behavior from Google. Is there something weasel-worded into the privacy policy that lets them do this after they’ve promised not to?
If the claims are true, man, Google has descended very far from their high “don’t be evil” perch. If true they are hardly better than content farms and herbal medicine sites. What a disaster.
I guess all the steady hands have cached out and retired leaving the new people to their own devices without the benefit of company history to guide them.
I guess all the steady hands have cached out and retired leaving the new people to their own devices without the benefit of company history to guide them.
I had to fill out a Google survey about my wireless habits just to read the article.
Bite the hand that feeds you much, FT?
Bite the hand that feeds you much, FT?
by hidden webpage do they mean an empty iframe that stands in place of the traditional pixel or js script? If so, this is old school methods.
The cookie name sound rather similar to a parameter used for AD id matching in tracking pixel api https://developers.google.com/authorized-buyers/rtb/cookie-g...
FYI changing the link to a google redirect did not fix the paywall for me.
Does nobody click the "your ad choices" button on each ad? I assumed a good amount of participating companies[0] build ad profiles at the same pace Google does.
0: https://youradchoices.com/participating
0: https://youradchoices.com/participating
Two levels of things here: Google/Doubleclick and the GDPR and then this particular "push page" issue.
- GDPR instructs that an organization maintain control of people's data. "Control" in the legal sense of it where you know who is getting the data, what their data handling practices are, how it's going to be used, etc.
- Real Time Ad bidding is the process where you land on a site and then that site has a JS snippet which passes your information (it can be more than this, but lets just say your IP address) to an Ad Auction where advertisers bid on showing you an ad. They do geolocation, company lookups, check retargeting cookies, etc. and then whoever offers the most money to show you an ad gets their banner on the page you are looking at.
- Google's Doubleclick is one of the largest Real Time Bidding setups.
Side Note: a frequent comment I see on HN is that "IPs are not personally identifiable" which is true in the abstract, but they are identifiable enough that advertisers are willing to spend significant amounts of money on ad bids.
You may immediately see the problem here: it's impossible for you (the person browsing) to give meaningful consent to share your information with all these companies participating in the ad auction because the site you just browsed to has zero flipping idea who they are and in any case there is a constantly churning audience of literally tens of thousands of companies participating in these auctions.
All of that is the context then for this newest development: push pages.
Google/Doubleclick is attempting a bunch of different approaches to deal with the fact that the GDPR shatters the current privacy destroying setup of anytime you land on a site with their JS include that your information is sent to several thousand companies unknown to you.
They're trying to implement psuedo anonymous identifiers [1] they're trying pull back on cross site matching, etc. all of which hurts their bottom line. So what this "push pages" looks like is an attempt at a technical workaround to some of the legislative hurdles raised by the GDPR. By moving the JS+Cookie setting to the Google domain they're able to say (in some context) that it's a 1st party cookie and not a tracker and able to do more sophisticated matching.
Side Note: another frequent comment I see on HN about the GDPR is that "It's too vague, why doesn't it just say what I can and can't technically implement" and this is exactly why: if the law is laid out in technical terms instead of intentions and actions it's easy to find loopholes (aka moving some aspect of tracking from a site to Google's page).
1 - https://support.google.com/analytics/answer/2763052?hl=en
- GDPR instructs that an organization maintain control of people's data. "Control" in the legal sense of it where you know who is getting the data, what their data handling practices are, how it's going to be used, etc.
- Real Time Ad bidding is the process where you land on a site and then that site has a JS snippet which passes your information (it can be more than this, but lets just say your IP address) to an Ad Auction where advertisers bid on showing you an ad. They do geolocation, company lookups, check retargeting cookies, etc. and then whoever offers the most money to show you an ad gets their banner on the page you are looking at.
- Google's Doubleclick is one of the largest Real Time Bidding setups.
Side Note: a frequent comment I see on HN is that "IPs are not personally identifiable" which is true in the abstract, but they are identifiable enough that advertisers are willing to spend significant amounts of money on ad bids.
You may immediately see the problem here: it's impossible for you (the person browsing) to give meaningful consent to share your information with all these companies participating in the ad auction because the site you just browsed to has zero flipping idea who they are and in any case there is a constantly churning audience of literally tens of thousands of companies participating in these auctions.
All of that is the context then for this newest development: push pages.
Google/Doubleclick is attempting a bunch of different approaches to deal with the fact that the GDPR shatters the current privacy destroying setup of anytime you land on a site with their JS include that your information is sent to several thousand companies unknown to you.
They're trying to implement psuedo anonymous identifiers [1] they're trying pull back on cross site matching, etc. all of which hurts their bottom line. So what this "push pages" looks like is an attempt at a technical workaround to some of the legislative hurdles raised by the GDPR. By moving the JS+Cookie setting to the Google domain they're able to say (in some context) that it's a 1st party cookie and not a tracker and able to do more sophisticated matching.
Side Note: another frequent comment I see on HN about the GDPR is that "It's too vague, why doesn't it just say what I can and can't technically implement" and this is exactly why: if the law is laid out in technical terms instead of intentions and actions it's easy to find loopholes (aka moving some aspect of tracking from a site to Google's page).
1 - https://support.google.com/analytics/answer/2763052?hl=en
Why is this flagged, please? Don't tell me it's because Google employees here banded together?
Looking below, it's an FT low-content wrapper that adds little to: https://news.ycombinator.com/item?id=20876683 — and has paywall complications: https://news.ycombinator.com/item?id=20876487
So maybe the original Brave post would survive unflagged? https://news.ycombinator.com/item?id=20876248
So maybe the original Brave post would survive unflagged? https://news.ycombinator.com/item?id=20876248
The Financial Times is being questioned as a low quality rag? How does it answer the question of flagging? So we routinely flag blogs and wrappers?
I'm just not buying the 'it isn't Google employees doing it' thesis.
I'm just not buying the 'it isn't Google employees doing it' thesis.
This seems to be the canonical version of this story:
https://news.ycombinator.com/item?id=20876248
https://news.ycombinator.com/item?id=20876248
[deleted]