Don Marti

How to beat adtech fraud: REGISTER ALL HUMANS

Ted McConnell, on AdExchanger: Advertising Fraud: It’s Time For Asymmetrical Warfare.

When you have an enemy that’s shape-shifting, agile, belligerent, invisible, greedy, fast and brilliant, you have a problem. Welcome to what military strategy people call asymmetrical warfare. It looks like terrorism. They lie about their identity. They only have to be right once. There are no lines in the sand. You can’t tell them from the good guys. They adapt.

I's actually worse than that. The best fraud rings only have to be better than the worst ad networks. The fraud perpetrators get to pick which network to attack, while the network doesn't get to pick which fraud perpetrators it deals with. The feedback for fraud is relatively quick. It's cheap and easy to try it on a small scale by buying or generating a little bit of bad traffic and seeing what happens. It's easy to decouple the parts of fraud that you're good at from the parts that you need help on, because that's how adtech is networked to begin with. Finally, the expected consequences of failure are small.

Where this piece gets problematic is in suggested solutions for dealing with the adtech fraud problem while keeping the adtech system intact. (Adtech, privacy, and fraud control, you can only have two.) Of course, this means abandoning privacy.

For example, "Make a publicly provided 'white list' of humans, accessible as a service to all transactions," and "tighten up Internet access...make sure an antivirus is in place." So in order to beat adtech fraud, McConnell wants to have (1) a white list of all humans and (2) control over all client systems (to verify that antivirus). Even the DRM maximalists didn't get that much.

And what happens while this perfect system of total control is being rolled out? Older clients, and humans who aren't on the white list of humans, will still be out there, so most of the fraud gets to continue. And by the time the system of control is in place, someone will subvert it for legit reasons.

If total Internet lockdown isn't going to happen, how do you beat fraud? A better answer is to turn the privacy up, not down: Adtech fraud: you can't cheat an honest man.

Bonus links:

Jon Udell: It’s time to engineer some filter failure

Atul: Does Privacy Matter?

Tim Peterson: Angry Birds Maker Rovio Points Finger at Ad Networks Over NSA Data Leak

Randall Rothenberg, president and CEO of the Interactive Advertising Bureau: IAB Head: 'The Digital Advertising Industry Must Stop Having Unprotected Sex' (via The Drift from Upstream)

David Rogers: Bad adbots and the vanishing CMO

Robin Hanson: Why Do Firms Buy Ads?

Ted Dhanik: We're All Responsible for Click Fraud and Here's How to Stop It

Doug Weaver: Dead internet ideas: The "right" to target

Posted Tue 22 Jul 2014 05:20:02 AM PDT
#

Surfacing, not hiding, the creepy?

Let's look at the scorecard for the surveillance marketing game. The mainstream coverage would choose up sides like so:

vs.

Not so good for the privacy side. But if you do some research, the scorecard probably actually looks like so:

vs.

Quite a difference. If you're a platform vendor using privacy as a selling point, how do you make the user aware of it? Most platforms try to conceal tracking. But if you're working with the creeped-out feeling instead of trying to soothe it, you need to give the user a little hint of, "Gosh, I'm glad I didn't step in that!" in the same way that a mail application shows you the count of messages in your spam folder. For example, users could get a notification when entering the range of a new wireless shopper tracker, then have the option to hush it up.

The dreaded "Do you want to accept this cookie?" dialog could even be simplified. Instead of presenting the cookie with no context, you could get...

Do you want to accept tracking by example.com? This site appears on the following lists:

Block this site / Block all sites covered by both of these lists / Accept tracking

The challenge is to add just enough "look how I'm protecting your privacy—aren't I a good little device?" to keep the user uneasy when he or she uses something else.

Posted Sat 19 Jul 2014 07:07:47 AM PDT
#

Opportunity in surveillance marketing consolidation?

In the surveillance marketing business, a bunch of companies that started off in different places have all ending up doing the same thing. A company that started as a 1980s dial-up online service is competing with a company that started as a 1990s web portal and both are competing with social networks and post-bro lean 21st-century whatevers. It's like sailors, merchants, and farmers all abandoning their original occupations and all headed out to pan for the same gold.

But is the surveillance marketing gold rush coming to its natural end? Are we entering the consolidation phase, at least on mobile devices? Derek Thompson: A Handful of Tech Companies Own the Vast Majority of Mobile Ads. Google, Facebook, Pandora, Twitter, and Apple have 75%, and a quarter of the pie is left for the rest.

So what happens to the losers?

As soon as you accept that your company is a loser in the surveillance marketing game, you get to stop repeating the same old Big Data jive and come up with something new. As far as I can tell, everyone on the whole Lumascape has the same Unique Selling Proposition. Which is not really the point as uniqueness goes.

Look, it's a basic marketing exercise. Lots of variants, but basically, you try to fill in something like this.

[Product] is the only [category] that [benefit] for [market] by [core competency].

Ready? Here goes.

[example.com] is the only [adtech intermediary] that [maximizes ROI] for [advertisers] by [creepy data collection and difficult math].

The "only" looks funny there, doesn't it? That is exactly as differentiated as:

[Joe Bloggs] is the only [random guy panning for gold] who [finds the most gold] by [panning for gold in this spot right here].

Boring. It's a recipe for consolidation of an industry. So losing could be the best thing that ever happened to you.

What's the alternative? Well, Microsoft seems to have part of the answer. Violet Blue writes, Second, using Android phones, I'm Google's lab rat and fighting back a continual invasiveness from a company that's really starting to freak me out.

Now we're getting somewhere. Sounds like a point of actual differentiation to me.

What if a vendor used its marketing power to amplify user feelings of unease about surveillance marketing, instead of trying to soothe them? Work with the creeped-out feeling, not agagainst it? Let's do that USP exercise again.

[Microsoft] is the only [productivity platform vendor] that [protects mental and economic integrity] for [users] by [blocking attempts to collect information about you].

That's something to work with, but it's just the start. A message without anything to back it up is as useless as the Scroogled campaign. Pointless. But if you build a security and privacy story keeping the USP in mind, within a couple of releases you've got something.

Clearly nobody in the IT industry is ready to give up getting a piece of the surveillance marketing business yet. But for whoever does first, the opportunity is waiting.

Bonus links

BOB HOFFMAN: The Dumbest People On Earth?

Tim Fernholz: Does the advertising business that built Google actually work?

Alex Kantrowitz: Ad-Tech Companies Form Group to Standardize User ID

The Tech Block: The truth about Google and evil

John Gruber: Privacy as a Competitive Advantage for Apple

BOB HOFFMAN: Misintermediation

Ricardo Bilton: Publishers’ plug-in addiction can come back to haunt them

Christof Wittig: Why mobile advertising isn’t as huge as it’s hyped to be (yet)

eaon pritchard: does culture really eat strategy for breakfast?

datacoup: What the brokers have broken: Shifting the conversation from Privacy to Control

Sam Thielman: This Is How Your Financial Data Is Being Used to Serve You Ads

MediaPost | Metrics Insider: Why Offline Data Is Key To Online Data Segmentation

MediaPost | Mobile Insider: Get This Crap Off My Phone: We Are Screwing Up The Mobile Experience

Lee Hutchinson: Op-Ed: Microsoft layoff e-mail typifies inhuman corporate insensitivity

Posted Fri 18 Jul 2014 04:21:48 AM PDT
#

You know what they put on their database marketing companies in Europe?

You know what they put on their database marketing companies in Europe?

What?

Regulation.

Goddamn.

I've seen 'em do it, man. They ------ drown 'em in that ----.

photo of conversation

Massive culture shock alert for this paper by Frederik Zuiderveen Borgesius: Consent to Behavioural Targeting in European Law: What Are the Policy Implications of Insights from Behavioural Economics? (PDF) Yes, in Europe, addressing privacy problems with government regulation is actually a thing. I guess that they have a different approach to Internet regulation in general (how's that right to be forgotten thing working?).

It's different here. In the USA, it's impossible to put the words "privacy" and "regulation" in the same sentence with a straight face. You know that some Lester at the Direct Marketing Association is going to make sure that any privacy regulations turn out to be more like anti-privacy regulations. (Remember how CAN-SPAM turned out?)

Here, instead of hoping for benevolent pro-privacy Eurocrats to protect us from surveillance marketing, we have to take a private sector approach to the problem. Fortunately, the privacy interests of end users coincide with the interests of other parties.

For example, legit publishers might choose to address the audience snatching problem by putting some interesting content behind a reverse tracking wall. (Tune in with privacy tech enabled and get an interview or concert; use an out-of-the-box targeting-enabled browser, and get a privacy tutorial instead.) (This may already be the plan at the New York Times—anyone else noticed a lot of first-party ads there? If Disconnect and Privacy Badger adoption went up, the NYT would be in a good position to handle it.)

The other problem is where regulation can be actively harmful. The more complex the adtech stack between advertiser and audience, the more fraud. Some fraud is inherent in highly intermediated adtech. The win for fraud rings is that adtech fraud isn't even illegal. It's against the terms of service of the ad networks, but that's it.

If we get "tough" anti-fraud laws here, it could result in artificially low costs for adtech intermediaries, along with privacy risks for users subject to anti-fraud tracking. The good news here is that the interests of Big Copyright and Surveillance Marketing are in conflict. Making the world safe from adtech fraud makes it safe for "brand-supported piracy."

Users, brand advertisers, and content creators all have an interest in creating a non-targetable medium, one that works more like magazine ads than like spam or direct mail. Adtech intermediaries and fraud rings are the only winners from the targeting-driven race to the bottom. So it should be possible to beat them without relying on the public sector. After all, regulators, even in Europe, are likely to have more and more difficulty promising strong privacy protections, because they'll be negotiated away in secret "trade" talks with the USA.

Posted Sat 12 Jul 2014 07:28:00 AM PDT
#

Paying for privacy

Here's a survey on online privacy that addresses the question of If users value privacy so much, why won't they pay for it?

Beliefs and Behaviors: Internet Users’ Understanding of Behavioral Advertising (PDF) by Aleecia M. McDonald and Lorrie Faith Cranor. (via Frederik Borgesius)

A majority of users surveyed agree with...

Privacy is a right and it is wrong to be asked to pay to keep companies from invading my privacy

and

Companies asking me to pay for them not to collect data is extortion

It's an oversimplification to say that if users won't pay for something, they don't want it.

One might expect that participants who highly value privacy would disagree, and would think it is worth paying for privacy even if they also believe they should not have to do so, but only 5% did. Distrust of the advertising industry, or perhaps of actors on the Internet as a whole, is another reason people may not be willing to pay for online privacy with just over a majority agreeing or strongly agreeing that data will be collected even if they pay companies not to collect data.

If one side sees some action as a good in a market, but the other side sees it as just complying with a norm, then no sale. A non-Internet example was telemarketing in the USA. Before the launch of the Do Not Call registry, sales of anti-telemarketer products were low. But at launch, Do Not call got ten million phone numbers in four days.

More: Conventional wisdom on privacy

Posted Wed 09 Jul 2014 04:42:08 AM PDT
#

Optimal privacy protection?

(Updated 23 Jul 2014: Add link to "Why digital publishers want to be in the magazine business")

Good paper from Henk Kox, Bas Straathof, and Gijsbert Zwart at the CPB in the Netherlands: Targeted advertising, platform competition and privacy (via Frederik Borgesius)

We find that more targeting increases competition and reduces the websites' profits, but yet in equilibrium websites choose maximum targeting as they cannot credibly commit to low targeting. [emphasis added] A privacy protection policy can be beneficial for both consumers and websites.

Read the whole thing. Good explanation of why high-value content sites are participating in ad targeting systems, even though it would be in their interest to work more like the magazine business.

If websites could coordinate on targeting, proposition 1 suggests that they might want to agree to keep targeting to a minimum. However, we next show that individually, websites win by increasing the accuracy of targeting over that of their competitors, so that in the non- cooperative equilibrium, maximal targeting results.

But I don't buy the conclusion that web sites are forced to get creepier and creepier, and less and less profitable, in the absence of certain privacy regulations.

The missing piece here—and I know it makes the model much more complicated—is that on the real web, the "consumers" are actually people who can switch browsers or install privacy tools to adjust the level at which they are targeted.

And the web sites have more options than just "target more" or "target less". For example, another move that's available to a site is to encourage the use of anti-tracking technology. As a webmaster, you could identify the users of privacy tools and offer them some kind of bonus content, such as single-page views of long paginated articles, full interview transcripts, or a forum for submitting questions to ask in upcoming interviews. You don't have to wait for regulators to pull you out of the death spiral of creepy.

Posted Mon 07 Jul 2014 06:34:04 AM PDT
#

The Internet is Temptation Island.

I'm still trying to unpack and interpret some of the "privacy is dead" claims.

Remember the TV show "Temptation Island"? It's all about inducing people to violate a norm.

On the Internet, you're always on the island. Behavioral marketing people, gamifiers, and growth hackers are inducing you to violate your civility, thrift, diligence, and privacy norms everywhere, all the time.

"Privacy is dead," in many cases, is short for, "Marketing can circumvent the norms-enforcing, long-term-thinking side of the user's brain, to reach the mindless-clicking, short-term-gratification-seeking side of the user's brain."

Betsy Haibel writes, in The Fantasy and Abuse of the Manipulable User,

“Banner blindness” - the phenomenon in which users become subtly accustomed to the visual noise of web ads, and begin to tune them out - is a semiconscious filtering mechanism which reduces but does not eliminate the cognitive load of sorting signal from noise. Deceptive linking practices are intended to combat banner-blindness and increase exposures to advertising material. In doing so, they sharply increase the cognitive effort required to navigate and extract information from websites.

If it's just one brain versus the collective manipulation power of the entire Internet industry, we're doomed. But our species has been fighting off temptations for a long time. We have those exhausting mental filters, sure, and if we work on it we can build temptation-resisting habits. But in the long run we build other tools.

In effect, we learn how to stay off the island in the first place. On the Internet, the biggest example of how to help our brains is email spam filters, but web ad blockers are catching up. The interesting trend is that the old-school general blockers are being joined by Disconnect and Privacy Badger—tools that specifically address targeting, not just ads in general. If we stay off "social" sites as much as possible, the available protection from manipulation that follows us across sites is looking pretty good.

The biggest problem with targeted ads, of course, is that they don't pay their way in exchange of information. An ad that's targeted to the user is no better than a cold call at carrying information to me, so it's not in my interest to spend time on it. But for targeted advertising, it's dammed if you do, dammed if you don't. If it fails, it's a waste of time. If it works, it's worse, a violation of the Internet/brain barrier. Haibel again:

“Growth hacking” - traditional marketing’s aggressive, automated, and masculinely-coded baby brother - will continue to expand as a field and will continue to be cavalier-at-best with user boundaries.

But boundary-testing is not news. The boundary between self and not-self has been under attack for thousands of years. Sometimes we lose, but we survive because we can win often enough. If the brain can beat habit-forming substances and cults of personality, it can beat surveillance marketing, too.

The four lines of defense as I see them are:

Listed from fastest-acting, most responsive, to slowest-acting, least responsive. When we get weary of using one, we fall back on the next one.

Oh, and how did that TV show come out? Three couples split up, one couple stuck together.. Better get your Privacy Badger on, people.

Posted Sun 29 Jun 2014 08:47:43 AM PDT
#

We marched on Google 12 years ago.

In 2002, The Mountain View, California Xenu Study Group did a small-scale Google protest. There was some issue with bogus DMCA takedowns against Scientology results in Google searches, so we organized a small group...

photo: "everybody look numerous"

We got some media coverage: Google Restores Church Links

...and Matt Cutts invited us in for a meeeting.

Eventually Google started sharing DMCA takedowns with Chilling Effects Clearinghouse to help expose that kind of thing.

Most importantly, the company protected the Google brand. They can stick with "Google’s mission is to organize the world’s information and make it universally accessible and useful." and not get stuck with "Google's mission is to organize the world’s information unless the Church of Scientology squawks about it, in which case we'll drop it like a hot rock." The company has taken a similar approach to other censorship issues too.

It wasn't the solution we wanted as protestors, but it was in the company's interest.

So that was Google in 2002. What about the Google of today?

At the Google I/O conference this week, the topic of security came up a few times. I got a flyer for a protest about lousy pay and benefits for security guards and also went to a talk on "Security at Scale at Google" by Stephan Somogyi. Looks like the video of the talk is up. Worth watching.

Today, the threat to the Google brand is that first, the company wants you to trust Google with your personal information, while at the same time the physical security of the place, well, based on how the contract firm handles it, it doesn't seem to be a priority. It's not an issue of loyalty or diligence. The problem is the cognitive load of dealing with poverty. You don't make people carry bricks and memorize random numbers while doing their jobs, because that interferes with decision making. Same with the whole extra job of "just getting by."

Google will always do two things: protect its brand and do something "googley" instead of whatever the prognosticators on the outside come up with. But I'm going to make a guess anyway. Instead of either beating down the protests (which beats down "the cloud" as collateral damage) or supporting SEIU, they're going to bring the security guards in-house.

Costs don't have to go up too much, since the company will be able to cut out the middleman, offer security guards Android development and SEO training as benefits to help with recruiting (it's all about the "learn to code" now, right?), plus put the security guards on (the thing that Google is going to do to disrupt health insurance) and charge it to R&D. SEIU will hate it, the contract security firm will hate it, but Google will come out ahead.

Again.

Posted Sat 28 Jun 2014 08:00:07 AM PDT
#

Evil

It would be good to see a little bit more "I choose to do this Evil thing" and a little bit less "this Evil thing is inevitable because of TECHNOLOGY." If you're going to Hell anyway, better to stride in as a badass than mope in like a nerd.

That's all.

Posted Wed 25 Jun 2014 05:29:49 PM PDT
#

Hey, kids! Actionable insights!

First, remember the gas pump sticker? Here's another image for you. This is a tag I found lying around:

RFID Protected Product

Why do things like this even exist?

Why don't people want "RFID Amplifying Product"?

Why isn't there something like "This front pocket features RFID Amplification to share relevant personal information with brands you love!"

Anyway, look what the RSS reader dragged in. (Advertising/surveillance marketing/privacy link dump follows. If you only have time to click through to one thing, read this one from John Broughton: Disintermediation and the curious case of digital marketing – revisited.)

Rebecca J. Rosen: Study: Consumers Will Pay $5 for an App That Respects Their Privacy

Timothy B. Lee: Thousands of visitors to yahoo.com hit with malware attack, researchers say Two Internet security firms have reported that Yahoo's advertising servers have been distributing malware to hundreds of thousands of users over the last few days. The attack appears to be the work of malicious parties who have hijacked Yahoo's advertising network for their own ends.

Jason Mander: Big Data, meet Big Privacy

Cody Beck: The Circle of Junk: Traffic => Content => Advertising

Egor Homakov: Cookie Bomb or let's break the Internet.

Google Public Policy Blog: Busting Bad Advertising Practices — 2013 Year in Review

Tim Peterson: Consumers Becoming Less Trusting of Google, Warier of Facebook, Twitter

BOB HOFFMAN: The Slow Painful Collapse Of The Social Media Fantasy

joebsf: Ad-Tech Valuation: Color by Numbers

iMedia Connection: All Feed: The future of third-party cookies

Salon.com: In defense of militant anti-Google protests

MediaPost | Data and Targeting Insider: Fake Clicks To Cost Marketers $11.6 Billion

Chris Heilmann: Why “just use Adblock” should never be a professional answer Creators of original content are not the ones who make the most money with it; instead it is the ones who put it in “this kid did one weird trick, the result will amaze you” headlined posts with lots of ads and social media sharing buttons. This is killing the web. We allowed the most important invention for publishing since the printing press brought literacy to the masses to become a glossy lifestyle magazine that spies on its readers.

Michael Schrage: Big Data’s Dangerous New Era of Discrimination

Chester Wisniewski: Misleading advertisements lead to hijacked browser settings

glyn moody: Interview: Eben Moglen - "surveillance becomes the hidden service wrapped inside everything"

mitchell: Content, Ads, Caution

eaon pritchard: I'll see you in the sewer

Dare Obasanjo: How Facebook Knows What You Looked at on Amazon

Lucia Moses: New Report Says How Much Advertising Is Going to Piracy Sites

Barry Levine: The average piracy site makes $4.4M each year on ads from Amazon, Lego, etc.

BOB HOFFMAN: The Epic Screwing Of Online Advertisers

Bill Davidow: Redlining for the 21st Century (via O'Reilly Radar - Insight, analysis, and research about emerging technologies) Businesses would like customers to believe that they use big data only to add value to the consumer experience. But the behavior of many businesses demonstrates a deep interest in customer control.

Tim O'Reilly: The Creep Factor: How to Think About Big Data and Privacy

Home - CBSNews.com: The Data Brokers: Selling your personal information (via Blog of Rights: Official Blog of the American Civil Liberties Union)

Glyn Moody: What Happens When You Marry The NSA's Surveillance Database With Amazon's Personalized Marketing?

Jack Marshall: Fraudulent traffic: adventures in ad farming

lioninasidecar: Disintermediation and the curious case of digital marketing – revisited The whole issue of disintermediation is one of the key phenomena of the internet age, yet for some reason digital advertising seems to have missed out. In fact, somewhat perversely, digital advertising has instead managed to go in entirely the other direction, filling up with a whole new class of mediators, the adtech companies.

The Tech Block: A ‘crisis’ in online ads: One-third of traffic is bogus

Alex Kantrowitz: Digital Ad Fraud Is Rampant. Here's Why So Little Has Been Done About It

Bruce Schneier: Don’t Listen to Google and Facebook: The Public-Private Surveillance Partnership Is Still Going Strong

Dillon Reisman: Cookies that give you away: The surveillance implications of web tracking

Barry Lowenthal: Mobile is hitting the nuclear reset button The startups I spoke with believe there are better ways to make money in mobile than advertising. I think this is very telling and worrisome for all the people reading this piece: Advertising on mobile devices is still broken.

BOB HOFFMAN: My Talk At "Advertising Week Europe"

Jonathan Levitt: In-Store Cell Phone Tracking Pits Consumers Against Retailers Industry research shows that consumers overwhelmingly reject cell phone tracking. In a recent OpinionLab study of 1,042 consumers, 77.0% said that in-store cell phone tracking was unacceptable, and 81.0% said that they didn't trust retailers to keep their data private and secure.

Elizabeth Dwoskin: Student Data Company to Shut Down Over Privacy Concerns

zephoria: New White House Report on Big Data

George LeVines: 1p – As domestic abuse goes digital, shelters turn to Tor Today, many abuse cases contain at least one digital facet because abuse is about power and control and most victims are using some form of technology...

Shoshanna Zuboff: Dark Google will earn its money by knowing, manipulating, controlling reality and cutting it into the tiniest pieces.

DoctorBeet: LG Disables Smart TV features in the EU to force users to accept new oppressive Privacy policy

Kif Leswing: Not all ad blockers are the same. Here’s why the EFF’s Privacy Badger is different

Tim Bray: Pervasive Monitoring Is an Attack I think it was very important, for the continued relevance and usefulness of the IETF, that it, in this case, rise above its own naysayers, bring to bear a mix of idealism, suspicion, and paranoia, and do what is right for the actual people who use the Internet.

Stacey Higginbotham: AT&T’s GigaPower plans turn privacy into a luxury that few would choose

BOB HOFFMAN: Ad Industry Is The Web's Lapdog

frederic: Privacy evaluation: what empirical research on users’ valuation of personal data tells us Most of the consumers whose privacy was fully protected did not considered $2 as a price high enough to sell their future purchasing data, while nine out of ten of the not protected individuals estimated $2 as a too high price to buy protection for future purchase data.The results of the experiment therefore suggest that when consumers feel that their privacy is protected, they might value it much more than when they feel their data has already been, or may be, revealed.

Neal Ungerleider: On The Russian Black Market, Prices Are Dropping For Your Personal Data

Adam Tanner: For Sale: Lists Of Men Who Take Viagra

MediaPost | Online Media Daily: FTC Says Web Sites Should Inform Consumers About Data Brokers, Allow Opt-Outs

BOB HOFFMAN: The Soon-To-Be-Legendary 45-Day Cheese Tweet (via Ad Aged)

VINDU GOEL: California Urges Websites to Disclose Online Tracking

David Ulevitch, Founder/CEO of OpenDNS: No more ads There’s also the elephant in the room: ads and security don’t mix. It’s clear to us that they are fundamentally incompatible. Text ads and banners alike, they’re all vectors for the spread of malware. We’re a security company first, trusted and relied on by Fortune 100 organizations to protect their people, data and networks. Anything that weakens our security offering by introducing vulnerabilities is a conflict. As we’ve become more and more of a security company, it was clear ads couldn’t stay.

Kate Crawford: The Anxieties of Big Data (via Freedom to Tinker) In other words, they use the concept of normcore to gesture toward something much more ambiguous and interesting. I think it captures precisely this moment of mass surveillance meeting mass consumerism. It reflects the dispersed anxiety of a populace that wishes nothing more than to shed its own subjectivity.

Reid: Bot traffic is not just a nuisance: Major brands are wasting more than half their budget

Alex Kantrowitz: Here's How Bots Scam Advertisers By Pretending to Be Human

kb: Find and kick Google Glass users off of a network (via prosthetic knowledge)

Dan Goodin: They’re ba-ack: Browser-sniffing ghosts return to haunt Chrome, IE, Firefox (via LWN.net)

Esther Dyson: The Private Sector’s Privacy Puzzle

Elizabeth Smythe: Online ads 'accepted as a feature of free content delivery', survey finds

Aaron Parecki / Articles: iOS 8 Wi-Fi Changes - A Privacy Win? Or iBeacon Lock-in?

CloudClinc: The Baycloud Privacy and Data Protection Blog: Is the Dutch DPA investigation of YD the beginning of the end for "AdChoices”?

jjerome: Interest Based Ads and More Transparency

AdExchanger: Fraud And Programmatic RTB: Perverse Incentives

PCMag.com Breaking News: Microsoft Promises Not to Scan Accounts for Targeted Ads

Ars Staff: Why online tracking is getting creepier

Kashmir Hill: Facebook Will Use Your Browsing and Apps History For Ads (Despite Saying It Wouldn’t 3 Years Ago)

Derek Thompson: A Dangerous Question: Does Internet Advertising Work at All?

(Still here? You did read that John Broughton essay, Disintermediation and the curious case of digital marketing – revisited, right?)

Posted Sat 14 Jun 2014 11:55:08 AM PDT
#

QoTD: Dustin Kirkland

If I could do what Elon Musk did with Tesla's patent portfolio, you have my word, I absolutely would. However, while my name is listed as the "inventor" on four dozen patents, all of them are "assigned" to IBM (or Lenovo). That is to say, they're not mine to give, or open up.
What I can do, is speak up, and formally apologize. I'm sorry I filed software patents. A lot of them. I have no intention on ever doing so again. The system desperately needs a complete overhaul. Both the technology and business worlds are healthier, better, more innovative environment without software patents.

Dustin Kirkland

Posted Fri 13 Jun 2014 06:51:02 AM PDT
#

Adtech fraud: you can't cheat an honest man

More news from the world of online ad fraud. Florida-Based Ad Fraudsters Skim Millions From Advertisers, Then Disappear: Some of the globe's most recognizable brands—including Oreo, GlaxoSmithKline, Burger King and Sprint—were bilked out of millions of dollars by a Florida company that used fake websites to skim from the ad-tech ecosystem.

Naturally, the industry's response to fraud is to turn up the creepy. (adtech, privacy, fraud control: pick two). Remember how they always used to say ad tracking was anonymous? Well, not so much any more. Ari Jacoby, CEO of Solve Media, writes, Fortunately, a new trend has emerged where users are ‘logged in’ to sites through existing social media accounts like Facebook or Google+. Publishers who also utilize the log-ins are then able to link the user to a logged in account, verifying humanity. In addition, social log-ins give advertisers access to a bevy of information about consumers and allow them to serve targeted ads.

Making adtech creepier makes it less vulnerable to fraud, but only by compromising privacy.

But where does adtech fraud come from in the first place? Unfortunately, the fraud we see, in examples like the Florida story, is just the mushroom on top of the fraud fungus that is inherent in the fundamental value proposition of adtech.

There has long been an understanding of reciprocity between advertisers, publishers, and the audience. Advertisers get some attention from the audience, and in exchange, they pay publishers to hire people to write articles, take photos, and all that good stuff.

If you read a collection of short stories, you're probably reading work that was originally paid for out of some company's ad budget.

Adtech is enabling advertisers to break the deal. Instead of paying for content in order to reach a user, the advertisers pay the surveillance marketing industry to track users onto increasingly skeevier, cheaper sites, and show the ads there. (And incidentally, instead of paying an ad agency 15%, they're paying 55-75% to adtech intermediaries.) As they say on the Internet, What could possibly go wrong? (Of course, not every ad impression ends up on a bottom-feeder sites, but the original sites have to lower their ad rates to compete.)

So this post is a longer way of explaining that thing I posted on Twitter yesterday. Privacy tech such as Privacy Badger can help fight fraud in a publisher-friendly way, but only by squeezing out the third-party tracking that powers adtech in the first place.

More: adtech, privacy, fraud control: pick two?

Posted Thu 12 Jun 2014 05:52:09 AM PDT
#

Leaving money on the table

It's that time again. The latest Internet Trends Report, from Mary Meeker at Kleiner Perkins Caufield and Byers, is out.

The question I always have about this report, year after year, is: why does print advertising bring in so much money compared to the online kind?

The 2011 numbers in the 2012 version have print at 7% of time spent and 25% of ad spending.

For 2012, print has 6% of the time and 23% of the money.

As of 2013, print is 5% of the time and 19% of the money.

The amount of time that people spend on print is declining, but print advertising is consistently more valuable per user minute than web and mobile advertising.

Why?

Maybe John Battelle has part of the answer.

Using programmatic tools, a media buyer can identify almost any audience segment they want with pinpoint precision – down to the exact cookie or data segment that matches a customer target. And for various reasons, including price, those audience members are targeted mainly on who they are, independently of what they are doing. Put another way, we buy audiences, but we aren’t buying the show they’re watching – we’re ignoring where that impression is served.

This is nuts.

It's not just context. An ad medium that requires ads to be attached to content, not targeted to the user, carries a signal that a user-targeted ad can't. (more on that) Direct mail, telemarketing, junk faxes, email spam, and user-targeted web ads can't perform the role that a print ad can. Richard Stacy explains it best: The great thing about advertising is that no-one takes it personally. If we want "great" (and the money we're leaving on the table) we have to be able to walk away from "creepy."

Posted Wed 28 May 2014 07:02:38 AM PDT
#

QoTD: Eben Moglen

The difficulty is that we have not only our good and patriotic fellow citizens to deal with, for whom an election is a sufficient remedy, but we have also an immense structure of private surveillance that has come into existence. This structure has every right to exist in a free market, but is now creating ecological disaster from which governments alone have benefited.

Eben Moglen

Posted Tue 27 May 2014 08:30:20 AM PDT
#

Conventional wisdom on privacy

Just wondering if there are some alternate explanations for the things that "everyone knows" about privacy.

Users are unwilling to pay for privacy technology, therefore users don't want privacy.

Users weren't willing to pay for the anti-telemarketer products offered before Do Not Call, either, and that program got 72% of US residents to sign up.

Norms are not necessarily expressed in terms of willingness to pay. If I ask you to turn your loud music down, it's because I believe the costs of coming into compliance with a norm should be on the transgressor. (This is a place where Homo economicus and Homo sapiens are different.)

Users always pick convenience or entertainment features over privacy features.

Home users didn't express interest in stable desktop OSs before Windows XP and Mac OS X came along to give them fewer crashes but with the ability to keep their existing applications. Today, users complain about privacy problems in the same way that they used to complain about "blue screens" (MS-Windows) or "bombs" (Mac OS). They're inevitable. What the machine does is annoying but that's just what machines do, right?

Today, it would be difficult to sell a computer as unstable as the ones sold to the home market in the 1990s. User expectations have changed.

Most advertising people are not Evil, therefore users don't need privacy from advertising.

Most companies that use email don't send spam, but that doesn't mean a user doesn't need a spam filter.

If you count heads, most advertisers are non-Evil. But more user interactions with new advertisers involve the Evil ones, because they burn through more lists as users catch on to them. (It's similar to the problem of hiring the top 1% of job applicants.)

Einbinder Flypaper from the Bob and Ray Show had the motto, The brand you've gradually grown to trust over the course of three generations. There are some trusted companies with which a user will choose to share information, but most contacts will be new and unknown.

Today's surveillance marketing is creepy because it's in an "uncanny valley." Making it creepier will make users finally like it.

The term uncanny valley comes from the visual arts. We know that a photo-realistic face is not uncanny, because we can watch people's reactions to existing photographs. We know that cartoonish renderings are not uncanny because we can watch people's reactions to existing cartoons.

But we don't have an example of extremely targeted advertising that people are comfortable with. What we do have is accidental random cases where an ad appears to be highly targeted and it creeps people the hell out.

Users can't beat the NSA or PLA, therefore privacy is pointless.

Surveillance marketing has negative externalities, mostly in the form of identity theft, stalking and other crime risks that the surveillance marketing industry imposes on users.

Mass-market advertising has positive externalities, in the form of valuable content that is later usable outside the ad-supported context. (I'm still reading Kurt Vonnegut stories that some Collier's advertiser paid for in the 1950s.)

So any privacy technology that tends to move ad spend from creepy to mass-market is a win for the users, even if it's not effective against extremely competent adversaries.

Posted Sat 24 May 2014 05:16:15 AM PDT
#

Older stuff: archive