When It Comes to Data Privacy, Consumers Must Be in the Driver’s Seat: Attorney General Bonta, Partners Secure $12.75 Million General Motors Privacy Settlement | State of California - Department of Justice - Office of the Attorney General The settlement, which is subject to court approval, includes $12.75 million in civil penalties and strong injunctive terms, including restrictions on its use of consumer driving data and a ban on such data being sold to data brokers.

Digital Advertising is a Casino, Pretending to be a Supermarket by Jacob Sanders. I could share (or you could look this stuff up) that over the past two decades, Meta has been caught inflating video metrics and “potential reach” numerous different ways often times by hundreds of percent; Google has been sued by the DOJ for manipulating its own auctions while running the exchange, the broker, and the bidding sides all simultaneously; programmatic pipelines have been shown to swallow 60%+ of every ad dollar into opaque fees; and industrial-scale fraud rings like Methbot and 3ve have siphoned off billions using fake humans that platforms couldn’t distinguish from real ones; or when Meta’s ad-delivery algorithms were found by the DOJ to illegally discriminate and in violation of the Fair Housing Act.

A Publisher Didn’t Get Its UID2 Setup Right. The Trade Desk Didn’t Notice. What Went Wrong? by Anthony Vargas. They clearly were unable to flag that we made an unintentional mistake, the source said. I’m not confident they would have been able to detect a malicious implementation, either.

Deepfakes are everywhere. The godfather of digital forensics is fighting back | Science | AAAS by Kai Kupferschmidt (this is the source of those example fake photos showing perspective failures)

Turn Off ChatGPT’s New Ad Tracking by Tate Jarrow.

App Store Search Ads and the Slippery Slope from the Think Tap Work blog. iOS App Store search is no longer about relevance. It’s about ad inventory.

Solex Energy plans 5 GW solar cell factory in India by Uma Gupta. The company has recently expanded its technology roadmap through a partnership with Germany’s ISC Konstanz, focused on advancing high-efficiency solar cell technologies.

Russian Sources: Ukraine Is Fielding New AI-Capable Drones That Can’t Be Detected or Jammed by Stefan Korshak. There has been a qualitative change in [unmanned aerial vehicles] at the front; in essence, Ukraine has introduced a new generation [drone], which is creating serious logistics challenges…these drones operate day and night, and are inaudible (except in the final seconds, when they’re diving, as in the video). They are undetectable by conventional detectors and are protected from electronic warfare. They are extremely high-quality, mass-produced military-grade. And there’s a theory that they’re controlled not by human operators, but by AI.

Are GPC Signals Anti-Competitive? by Alan Chapell. (In the W3C Privacy Principles, we did our best to make it clear that different contexts with common ownership should be treated fairly with contexts with different ownership. So far, California law needs some work in this area.)

It’s open season for refusing AI by Brian Merchant. It’s not just data centers, either. It’s a trend I’ve noticed over the last few weeks: Across the AI economy, workers and consumers have taken to refusing the technology in direct and robust ways.

“because fuck you”: why consumer choice is being stripped away and how the tech industry profits from it The tech industry has perfected the practice of presenting decisions without justifications. Not without explanations — they always have explanations, carefully worded explanations, explanations that have been through legal and comms and probably a focus group. What they don’t have are justifications. An explanation tells you what they decided. A justification tells you why it actually makes sense. The gap between those two things is where because fuck you lives.

Who: People in California who want to protect privacy

What: Alameda DROP Day

Where: Alameda Free Library main branch, 1550 Oak St., Alameda, California

When: Friday July 24, 2026. 10am-4pm

Why: Protect yourself from data brokers and get helpful privacy tips

Starting on August 1, 2026, all data brokers registered in the state of California will be required to remove your personal information—if you sign up for the new Delete Request and Opt-out Platform (DROP) operated by the state.

We will help you get started with DROP, and help you out with any other privacy questions. If you have already signed up for DROP, you are welcome to attend, to learn more about privacy and help others.

We will be available 10am-4pm, but signing up for DROP only takes a few minutes. Arrive as early as you want and stay as late as you want.

More info on DROP at the CalPrivacy site: “DROP gives you more control over your data. You can tell data brokers to delete and not sell your personal information.”

So maybe tracking-based advertising is what’s bad?

Tracking has a bunch of negative externalities, but the tracking is there in order to enable personalization, and the reasons we have personalization are

• to enable intermediaries to run higher-paying ads in lower-cost contexts

• to run a higher percentage of fraudulent ads without some enforcer (such as a regulator or the owner of a real brand being copied) finding out

• to enable platforms to deniably serve advertisers who want to discriminate illegally

So maybe personalized advertising is the problem?

But why do platforms choose to run so many fraudulent ads in the first place?

Because, in an auction market, adding bidders tends to drive up the price. And the operator of an auction market can capture all of the increased price, but pays none of the losses from fraud. That could be a Section 230 thing. In a legal environment where some liability is passed through to companies that touch an ad, the more fraud/less fraud decision would get harder. But in today’s environment, all the incentives are there to run more fraud.

What if the underlying problem is the auction? And auction-based advertising is the problem?

If platforms didn’t run the real-time auction, and set rates in advance, then they could still raise rates over time. So there would be a kind of slow-motion version of the effect where a higher number of fraudulent buyers act to drive up the ad rates.

But without the auction, in any given time interval, the legit advertiser’s rate doesn’t automatically go up the instant a fraudulent advertiser gets on.

We do have a market design problem here. Fraud is on the way up and the best-informed players in the market have an incentive to increase it. Just getting rid of real-time auctions doesn’t solve the whole thing. Somehow the expected value to a platform for delivering a fraudulent ad needs to go negative. This is why we need more diverse approaches to state privacy laws. Laws that protect legitimate advertisers would tend to produce better outcomes for customers, too—including improvements in the kinds of problems that get lumped together as “privacy violations.” More: a privacy law shortcut

The office printer market is different. And it’s not just the big printers. If you’re buying a whole bunch of small printers at once, for bankers, sales reps, or service advisors to have at their desks, you probably have more options. And any shenanigans, malarkey, or other growth hacking on one of those printers means lost time for the employee who’s supposed to use it, and for the IT person who has to come fix it or switch it out. And time is money.

Sometimes the best home printer is a used, reconditioned office printer, but that’s another story. (Recommendations for shops that recondition these welcome, I want to add to my business recommendations page.)

With browsers, there aren’t really home and office products. The same codebase gets shipped for both individual and business users. And that presents a problem for the business users, since the home version is enshittified. It’s not just the Google Chrome silently installs a 4 GB AI model on your device without consent thing. Right now all the major browsers are working on an attribution cartel that would report to advertisers that, for example, this guy’s “content” is a more effective context for advertising than any legit site, while also facilitating ad fraud and providing more motivation to do it. (What Happens When The Attribution Cartel Meets Advertising’s Halo Effect? The Hidden Dangers Of Privacy-Preserving Attribution – And A Smarter Solution)

So the mainstream browsers make it possible to, in effect, run a “pro” or “office” version by giving the system administrator the tools to turn the enshittification off. If you’re an IT manager and you want to not have Google Chrome download however many copies of that 4 GB “foundational GenAI model” then you can put the right files in the right place to turn off GenAILocalFoundationalModelSettings. There should also be a setting for the attribution cartel stuff—there was for the earlier “Privacy Sandbox” in-browser ad features, and you can even turn off third-party cookies.

You don’t have to be a corporate IT manager to use enterprise management features in the browser. Anyone with a little command-line knowledge on Linux or Mac OS should be able to do it on those platforms, and it looks a little different on Microsoft Windows, but hopefully the Windows Registry stuff should be pretty straightforward for anyone with Windows admin skills.

Anyway, the more that browsers enshittify, the greater the wins from learning and using the enterprise management features. It’s the return of the power user. I have been using the enterprise management features for Firefox and for Google Chrome for a while—turning off browser ad features from the command line—and it should be possible to do something similar for Mac OS. That way someone with homebrew could just

    brew install browserdeenshittification

and it would just do the right thing. If somebody makes this kind of package or tool for other platforms, please let me know and I’ll link here.

The trade offer is on the table.

• The quid: Big Tech is being asked to fund a pro-oligopoly party to get enough of their people into Congress to actually pass legislation

• The quo: That larger majority in Congress will burn some of its political capital to squash the state privacy laws, which are one of the few bipartisan, popular political trends in an otherwise bitterly divided USA

Even companies and organizations that normally come out against privacy bills, and for bills that would weaken protection, are staying well away from this “bill”. For example, the Association of National Advertisers, which makes Federal preemption one of their big issues, doesn’t even have this “bill” on their Federal Legislative Tracking page.

The “SECURE Data Act” is an offer from the Republican Party to Big Tech, not a bill that’s going to pass. But it is a good guide to what politicians think Big Tech wants, and what some politicians are prepared to offer. But not only is Federal preemption a terrible idea, this bill has its own problems even compared to previous attempts to do something similar. In A Disastrous Federal Privacy Bill, Daniel J. Solove explains some of the problems.

• Copies the parts of CCPA that we know don’t work

• Meaningless language on data minimization

• Registration for data brokers but minimal regulation

• Relies on (already understaffed) FTC and state AGs for enforcement

• Broad preemption

Eric Null at CDT covers many of the same points in Congress’s New Privacy Bill Is Built on Empty Promises. And,

Unsurprisingly, and unfortunately, this draft also lacks meaningful civil rights protections, which were central to prior iterations of bipartisan federal privacy bills (namely the American Data Privacy and Protection Act of 2022 and the American Privacy Rights Act of 2024). We know that data is used in discriminatory ways, and that current law is insufficient to address this issue.

I was on the Monopoly Report podcast, and Alan Chapell named a paradox after me.

The first is what I’m going to call the Marti Paradox. And yes, I coined that on the pod. You heard it here first, folks. Don’s observation that the most engaged, most valuable customers are often the same people who’ve taken the most deliberate steps to make themselves less measurable by conventional ad tech, which means that if you’re an advertiser that is optimizing purely for trackability, you may be underweighting your best customers.

This might be a general case of another effect I have observed for a while, which is that information and market habits of future mainstream audiences are closer to the habits of today’s early adopter nerds than they are to the predictions that marketers make based on today’s metrics and researchers.

• In the early 1990s, marketers predicted “interactive TV” but then we got the web.

• Sanford Wallace predicted that mainstream email users would want email to work more like direct postal mail. Instead, mainstream email norms ended up matching the implied rules coded into early spam filters.

• The “Slashdot effect” on open source sites in the late 1990s and early 2000s was a small-scale preview of social media’s impact on web sites in the 2010s.

I’m still figuring out what to do about the paradox, and have a couple of projects in progress. More on those later. For now, here are some links to some things that came up on the podcast.

What Happens When The Attribution Cartel Meets Advertising’s Halo Effect? by me, on AdExchanger

Don Marti columns at the Reynolds Journalism Institute

Research report on the value of privacy practices FIXME

Have you filed your compliance taxes? (Big Tech shifts the costs and risks of compliance onto smaller companies)

The First Principle of Honest Advertising Measurement Is Independence from the Media at Central Control

The Attribution Cartel at Central Control

The Hidden Dangers Of Privacy-Preserving Attribution – And A Smarter Solution by me, on AdExchanger

Towards Developing an Understanding of Consumers’ Perceived Privacy Violations in Online Advertising by Kinshuk Jerath, Klaus M. Miller, and D. Daniel Sokol. Importantly, consumer perceptions of privacy violations may not align with technical definitions, suggesting that operational investments in privacy technologies may fail without consumer validation.

FTC PrivacyCon transcript So keeping your data safer on your device seems to help in terms of consumer perceptions, but it doesn’t make any difference whether the firm is targeting the consumer at the individual or group level in the perceived privacy perceptions.

Google “Privacy Sandbox” timeline

Why People Push Boundaries & How to Protect Your Peace (General advice that applies to when your web browser keeps testing boundaries by adding advertising features)

The surveillance economy is more like the commodification economy

Winners don’t click search ads (FBI warning on fraud and malware)

IAB Sweden Expels Meta: Warns Advertisers About Fraud, Brand Safety

Microsoft’s commitment to GDPR, privacy and putting customers in control of their own data by Julie Brill

Antitrust and competition guidance - 2017 version at W3C

Antitrust and competition policy - 2024 version at W3C

Marketers for an Open Web calls on UK Competition and Market Authority to block Google’s ‘Privacy Sandbox’

Investigation into Google’s ‘Privacy Sandbox’ browser changes from the Competition and Markets Authority in the UK

Attribution Data Matching Protocol (ADMaP) from IAB Tech Lab

Reducing Friction in the Exercise of Privacy Rights CalPrivacy is exploring whether regulatory changes to reduce friction in the exercise of privacy rights are necessary. The Agency is gathering information and seeking input from stakeholders about this topic.

Facebook (Still) Letting Housing Advertisers Exclude Users by Race (So-called “privacy-enhancing” tracking technologies would make it easier for large platforms to avoid this kind of investigation)

One of the points that has come up in defense of the attribution cartel is, well, at least it’s better than nothing. If some people choose not to consent to turn off non-cartel tracking, but are subjected to cartel tracking because the cartel claims the right to do it without consent, then the attribution cartel is in a position to use information on some activity that wouldn’t otherwise be tracked.

But is it, really? An attribution system that’s designed to back up whatever ad placement decisions “Performance Max” and the other Big Tech algorithms make—even when that ends up supporting the lawful but awful content that tends to drag down brands—could be actively harmful.

Rick Bruner, CEO of Central Control, writes,

Budgets flow toward whatever gets credited. If dominant platforms shape the crediting system, then legitimate media companies can be systematically undervalued even when they create awareness, trust, brand preference, or future demand. Quality journalism, premium entertainment, audio, television, and independent publishing all risk losing revenue to environments that are simply easier for the platforms to count.

And I found another example of this kind of craving for bogus data: Half of AI health answers are wrong even though they sound convincing by Carsten Eickhoff. The chatbot habit is catching on with many people, even for medical advice. When you ask a chatbot about something you know, or can look up, you often get wrong answers. But the feeling of having a conversation about an issue, for those who can get that feeling from a chatbot, can be valuable, too.

It’s safer and more reliable to seek medical info at the public library, where the person in the loop is bound by the code of the librarian, not the inexorable imperatives of the trust collapse bubble. But the chatbot is right there and provides that conversational experience, at least for some. Going to the librarian takes more effort, and a librarian won’t provide medical opinions or affirm your medical opinions, just recommend legit sources.

For measuring advertising, the more correct but less convenient alternative is the kind of scientifically designed research, independent of media owners, that Central Control does. Central Control offers Experiments as a Service—and doesn’t depend on the kinds of individualzed tracking or “privacy-enhancing” obfuscation methods that feed into Big Tech centralization.

Because getting the right answer is a little less convenient—research has to be independent, not just another screen on the Big Tech ad portal—then real ad measurement will turn out to be something that marketers can build skills in. The attribution cartel vision is something like economic central planning, where a de-skilled marketer simply dumps data and money to Big Tech. Alternatives to the attribution cartel tend to push decision-making out to the edges, free market style.

More later.

VRM Day is coming up. Doc Searls writes,

Your present isn’t private. Not in the digital world. Not while you always agree to their terms, and not them to yours.

With MyTerms, they agree to your privacy terms.

That makes a lot of sense. Fewer possible sets of terms means less overhead for everyone.

Remember all the similar but often incompatible licenses that popped up in the early days of the corporate open source software trend? Now we’re (mostly, ZFS is still a pain, because reasons) down to a few standard licenses. It’s much easier this way. A developer can save mental swap space and track a few sets of license terms, or even do what I did for one project and treat anything with a license as if it were GPL and include it in the corresponding source release (which automatically built when the release did, so didn’t require any extra work once I got it into the build system).

MyTerms, if successful, will do for customer/supplier relationships what standardized software licensing did for software dependency relationships. Most companies need a vanity privacy policy and ToS about as much as they need a vanity software license.

But what’s the path from here:

• many different privacy policies and terms of service

• platform-enabled fraud and deception as the default

• lots of compliance taxes dumped on normal companies by oligopoly platforms

• much sad

to there:

• a few standard MyTerms options

• finally practical to get pretty close to the terms you want, whether those terms are “no cross-context tracking” or something like what Rewarded Interest offers, a sort of Green Stamps for tracking data.

• fewer losses to fraud, more win-win deals

• compliance tax cuts and lower transaction costs for all

Let’s go back to what Doc wrote.

With MyTerms, they agree to your privacy terms.

Doc is such a nice guy that he doesn’t include the “or else.” So I can come up with one here.

With MyTerms, they agree to your privacy terms, or else they don’t get your data—because you use every habit, technical, and legal power you can to protect it.

Without credible (and measurable, but that’s another story) protections, the BATNA for MyTerms is just the old, one-sided ToS, written by the company’s lawyer. So there’s no motivation to put scarce decision-maker attention into even considering MyTerms. The sad part is that most corporate privacy policies and ToS are just a list of whatever creepy stuff their lawyer’s other clients got caught doing, so the lawyer makes the documents as creepy as possible just to cover possibilities that might not happen. In practice, legit companies would be better off with MyTerms. When normal sites pass tracking data to Google and Meta, they’re training ML to better match scam ads with people more likely to fall for them, and a customer who loses money to a scam doesn’t have that money to spend on real products and services.

But without the “or else” there’s no energy to kick the system from today’s low-trust, high crime status quo into the MyTerms happy place. Trying to use MyTerms as an individual, when the surveillance economy keeps running as usual, is like trying to sell a sack of soybeans out of the back of your truck in front of the Chicago Mercantile Exchange.

The MyTerms starter pack needs to include not just the actual MyTerms implementation, but also a reliable set of privacy tools, habits, and patterns of interaction as a customer and as a citizen. Privacy is the opposite of “personal” and can’t be hacked into being in isolation.

Anyway, see you at VRM Day.

Updates to our partner ads setting control

Dear Google User,

At Google, we believe you should always be in control of your data. That’s why we’ve built My Ad Center and many Google Account tools, like Privacy Checkup, that make it easy to manage your data, privacy, and security settings.

Building on these controls, we’re introducing a new setting through Google Partner ad settings that lets you choose whether to provide additional information to advertising partners when you visit websites and apps that partner with Google. This data allows advertising partners to select which ads to show you and measure ad performance.

You can learn more about the tools you have available through Google, and about controls across partner sites and apps. Sincerely,

Your Google team

So should you go to Google’s Partner Ad Settings and turn off the two available options?

Yes, do it. It can’t hurt. If you look at the research, people who are getting personalized ads are probably worse off. After turning personalized ads off, you’re probably going to be less likely to get targeted for gambling ads or scams.

So go ahead and turn off both “Personalized ads on partner sites & apps” and “Help advertisers select ads for you”.

But those settings only affect so-called “RTB” (real-time bidding) ads on non-Google sites. (Because of a settlement in a class-action lawsuit, if you’re interested in the origin story) And the RTB ads are only a wretched-ish hive of scum and villainy compared to the real deal, the scams in the search ads. Those are bad enough that the FBI warns you to block them entirely.

So after turning off the “partner” ads, the important setting you need to check is in My Ad Center. Go there and turn off “personalized ads”. More: Click this to buy better stuff and be happier.

At this point you would still be getting non-personalized search ads, which is not ideal. But at least you’re probably less likely to be targeted for scams that you’re more likely to fall for, like ads that fake some software or service you really use. To deal with the remaining search ads, along with removing “AI Overviews” slop and other ways that Google Search has gotten worse, see fix Google Search.

Some more questions and comments on the attribution cartel came up after my AdExchanger piece on What Happens When The Attribution Cartel Meets Advertising’s Halo Effect? ran.

Doesn’t the attribution cartel have better privacy properties than other ways of measuring advertising?

In theory, yes. Attribution cartel proponents claim that their system makes it prohibitively hard to match the person who saw an ad (impression) to the person who bought something (conversion).

But all the big problems with the attribution cartel are still even there if you assume

• the design is perfect

• the design is implemented perfectly in large browser codebases

Designing a system without meaningful protection from fraud creates incentives to do fraud. And adfraud is not a “victimless” problem. The Big Tech companies assume adfraud isn’t a problem, because it’s revenue-positive for them and the costs fall on other players—but in practice, a high-fraud environment means not only that legit sites are under-compensated and advertisers fed misleading data, users are at greater risk. (I covered that problem in The Hidden Dangers Of Privacy-Preserving Attribution – And A Smarter Solution.)

The mathematical properties of this one proposal in isolation aren’t enough to justify a claim that it “provides better privacy.” It has to be understood in context. Like the man said,

A process cannot be understood by stopping it. Understanding must move with the flow of the process, must join it and flow with it.

Put the Attribution proposal up on a poster, award it a math prize, and I’ll give it a round of applause. But don’t put it out on the real Internet where it will cause all kinds of grief. And it could still have design or implementation problems after all that. Remember TURTLEDOVE came out on January 16, 2020 and the “Malicious match key provider attack” didn’t happen until March 24, 2023. (Google “Privacy Sandbox” timeline)

Can organisations the size of attribution cartel member companies really keep so much fraud a secret?

The Big Tech companies love to run yet another season of the layoffs reality show. So, for an employee, inside knowledge of attribution fraud would be like an immunity idol on Survivor, right? Squirrel away one notebook and you’re resting and vesting as long as you can stay quiet.

But it’s not quite that obvious. Complex reporting fraud issues can happen without any one person seeing the big picture. That’s because the revenue-positive bug effect is a thing. Any large software system will have more tickets than people (or bots) can actually fix. Some are going to end up in backlog for a long time. And when you’re talking about ads, the bugs that go to the head of the list are those that have a big negative revenue impact. Revenue-positive bugs are low priority.

The highest-priority and politically easiest bugs to fix will be those that make the attribution cartel reports different from the “Performance Max” or other Big Tech algorithm. Failure to show a halo effect for ads on legit sites might not even get flagged as a bug. The most obvious example is the whole pivot to video situation, but it can even happen at legit publishers. Gannett had a long-running, likely revenue-positive, bug that caused ads to be erroneously reported as running on the wrong site.

The difference between the Gannett bug and a hypothetical revenue-positive bug for an attribution cartel member is that outside researchers could see Gannett’s.

I don’t claim that the attribution cartel members will be able to do technothriller-level secret-keeping, but they won’t have to. Complexity and incentives will take care of it.

What’s the halo effect? It turns out that in a world where social science results are hard to replicate, and marketing results even harder, one consistent effect is that ads work better in trusted contexts.

• Comscore: The Halo Effect: How Advertising on Premium Publishers Drives Higher Ad Effectiveness

• Moat Analytics Reveal that Quality Journalism Eclipses Industry Benchmarks for Attention

• Newsworks: High-attention media delivers greater profits for advertisers

• The Trade Desk: The value of advertising on premium media

Meanwhile, the attribution cartel companies are all about doing things the other way around: getting the most lucrative possible ad onto the cheapest, crappiest possible content. (ICYMI, ad “safety” at Google keeps getting worse, and the Meta ad scams are bad enough that there’s now bipartisan legislation to combat predatory online scams.)

I wrote that from an advertiser point of view, because AdExchanger, but the attribution cartel is a risk to everyone.

• It’s not just a problem for advertisers who want accurate reports, as Rick Bruner wrote on LinkedIn.

• It’s not just a problem for the publishers who deserve a fair share of the revenue for the advertising results they help drive.

It’s bigger than that. Attribution reports help decide whether advertising budgets get spent on legitimate ad-supported resources that benefit the people being advertised to—or if Big Tech can divert ad money to support slop, misinformation, scams, privacy violations of all kinds, and some of the worst people on the Internet.

If you just read the headlines, it looks like Google’s “Privacy Sandbox” project to centralize control of advertising within the browser is over. But the process continues, now with Apple and Meta involved too.

The time to deal with it is now, before attribution cartel reports become part of an easy or default path to justify spending good advertising money in bad places.

By the way, I thought I might be the first person to mention Shrimp Jesus on AdExchanger, but it turns out that Shrimp Jesus has already been in AdExchanger. They keep up with this stuff. So check it out: What Happens When The Attribution Cartel Meets Advertising’s Halo Effect?

Previously: Attribution and consent, why I’m turning off Firefox ad tracking: the PPA paradox, a Terminator ending for Google “Privacy Sandbox”?, Performance Max Preserving Attribution, Attribution cartel update, Attribution cartel Q and A

Read the whole thing. As far as I can tell, here’s the list of things to check.

• Google Consent Mode (version 2, that is. If you set up version 1, it’s past time to upgrade. Googlers can’t get promoted by keeping old stuff working, so do your part)

• Consent Management Platform (which must support the above)

• Google Analytics

• Google Ads

• Google Marketing Platform

Now remember to set up “Basic vs. Advanced Consent Mode”.

And “Consent Mode reflects your CMP—it does not override it. And each Google platform must be configured to act on those signals.” See the list above.

There’s no “consent mode” in the law, but “consent mode” has to be upgraded—because of code churn on the Google side—and a CMP to configure, and multiply by the number of different Google services you’re using. Yes, this is a lot of Jira tickets, or whatever you use. And if you get one wrong, you lose the compliance game.

This set of changes is due before June 15, 2026. But don’t worry. Google will put out another set any day now.

No, Google doesn’t set up their services to keep sites on the right side of the law by default. No, they don’t even have one illegal/legal switch that you can flip for all the Google services at once. They put work on the advertisers, publishers, and app developers.

When Google tells 404 Media,

This report is based on a fundamental misunderstanding of how our products work. We honor opt-out provided by advertisers and publishers as required by law.

they might be correct, in a sense. If advertisers and publishers read the right documentation and do what it says, or hire the right team of compliance nerds, then maybe it is possible to use Google services in a way that complies with the law. (More coverage of this issue: Websites break California privacy law at ‘industrial scale,’ survey finds) But often people leave things set up in a way that…

• passes more information to Google

• is technically illegal

…and Google can be shocked to discover non-compliance along with regulators.

The conclusion to Vercellone’s LinkedIn post explains.

CMP, Consent Mode, and each Google platform must be configured as a system—not in isolation. Misalignment at any layer = compliance and measurement gaps.

A normal company wouldn’t be able to get away with dumping all this work on others. If one plumber hooked up your water heater to shock you in the shower, you could call a different plumber. Plumbers have to compete, and they read the building code for you.

But Google, because monopoly, just gets to sit back and do monopoly stuff. Google has figured out how to avoid consequences of CCPA-style privacy laws, while still getting a lot of the extra personal data that comes with breaking the law, and putting all the costs, and the risks of non-compliance, onto publishers, app developers, and advertisers. Google shifts the compliance tax onto smaller companies, just as Amazon did with the risks of operating delivery vans on a micromanaged, tight schedule.

Well played, Google.

Naturally, this whole disappointing situation has, as they say, important lessons for policy makers. Drafting a CCPA-clone, or near clone, privacy bill is copying a game level that Google has already beaten. Future laws can and should offer a compliance tax cut to legit companies. More: what California got wrong on privacy laws

It’s Google Ads Safety Report {PDF) time for all who celebrate, and, excuse me, but yikes.

The report is down to three pages from the six they put out last year, and this time it’s mostly a Google Gemini fan post. (Yes, the same LLM that’s behind the 91% right AI Overviews feature.)

I’m going to repeat the point I had last time: if a company is trying to brag on exposing people to less bad stuff, and they’re reporting the amount of bad stuff they blocked, they’re losing. When you ask how many rat turds are in the chocolate chip cookies, and the answer is “we swept up 99 million rat turds at the bakery last year!” that doesn’t make you want a cookie any more.

Look at your spam folder some time. A lot of stuff in there that’s obviously going to get blocked, because lots of people who are bad at doing crimes on the Internet try to do crimes on the Internet (maybe they bought a software package or training course that doesn’t work). The number blocked is always going to be high and not a good indication of the actual safety level. The meaningful metrics to report are on how much of the bad stuff got through—which Google never puts in these reports, because they let a lot through. By design. Features of Google’s ad system, such as Ads Transparency Center and the trademark policy, are set up to give an advantage to deceptive advertisers.

So, the numbers aren’t that helpful, but let’s compare to the 2024 report (PDF) anyway.

2024: 5.1 billion ads removed, 9.1 billion restricted

2025: 8.3 billion blocked or removed, 4.8 billion restricted

So if you add it up, they caught 14.2 billion in 2024 and 13.1 billion in 2025.

Are people really making 1.1 billion fewer policy-violating ads? If the number being made were going down, then why do legit small businesses keep getting priced out, as seems to have been the case in 2025?

2024: 39.2M+ advertiser accounts suspended.

2025: 24.9M+ advertiser accounts suspended.

What about bad sites? In 2024, Google took “site-level enforcement action” against 220,000 publisher sites. Update: there is a “publisher sites actioned” number for 2025, which is at “245k+”.

Pages are probably hard to compare across years, since it has gotten so much easier to vibe CMS a normal-looking article page. So I would expect more. But:

2024: 1.3 billion pages taken action against

2025: 480 million plus

Google’s biggest problem still seems to be sending people to malware from search. There is a “Malware or Unwanted Software” number for 2025, which is at “2M+”

For 2024, “Malicious or unwanted software” was at 19.3M.

Are malware operators really cutting back on Google Search campaigns, or is Google just catching fewer of them? A real “Ad Safety Report” would check in with security firms to see if their customers are getting more or fewer malware installs from search.

But even on the numbers that are easiest to make Google look good on, they’re not doing so well year to year. That’s not a surprise—safety is losing a game that they Google didn’t design for safety to start with.

Anyway, if you are keeping a file on why your household or workplace has ad blocking set up to protect people from Google ads, save both PDFs along with the FBI alert.

(And yes, from the state legislature point of view, this is a good reason why we need working Right to Know: inquiring minds (have a right to) know)

But there’s the possibility of a “works on my machine” feed. Not going to mention a specific company here, but I spotted a feed on an HTTPS site but with HTTP localhost links.

    <title>Funded Startup Blog</title>
    <link>http://localhost:5150/blog</link>
    <description>Awesome technology and business insights from our innovation journey</description>
    <item>
      <title>Our thing works with some other company's other thing</title>
      <link>http://localhost:5150/blog/please-googlebot-dig-these-keywords</link>

See the problem? The links work fine when they preview on localhost with the dev server running, but on the real Internet, not so much. And the feed is technically valid, just not really working.

So for now I am doing this.

def fix_url(source, dest):
    "For sites that leave localhost links in the production RSS feed"
    "Replace the scheme and netloc"
    sp = urllib.parse.urlsplit(source)
    dp = urllib.parse.urlsplit(dest)
    if dp.netloc.startswith("localhost:") or dp.netloc.startswith("127.0.0"):
        logging.info("fixing localhost link to %s" % dest)
        return urllib.parse.urlunsplit([sp.scheme, sp.netloc, dp.path, dp.query, dp.fragment])
    return dest

This is not going to be right in all cases (it doesn’t work if they use a different virtual host for the feed) but for what I have found so far it’s better than letting the localhost links be.

The second assumption is a little tougher to give up. Read The Internet’s Most Powerful Archiving Tool Is in Peril from Aram Zucker-Scharff.

Whatever you think about our machine learning overlord corporations, there’s no doubt that they are sucking immense value from journalists and giving almost none of it back. The only tool media companies really have in their arsenal is blocking.

I used to be able to assume that I could link to something from here, and if the original went away, I could swap in an Internet Archive link. For example, in Before surveillance capitalism and surveillance advertising, there was surveillance marketing I found what I think is the earliest use of the term—not by academics or privacy advocates, but by Mark Cameron in Marketing Magazine.

But now any halfway awake web publisher is going to block archives, Common Crawl, and other services, to try to keep their pages away from the deeply unsympathetic AI tycoons. (If you want a recipe for risotto, go to the library or find a legit human-tested recipe site.)

So that means if I link to something but I don’t have a local copy, it need to be an error. This way, if making an archive.org link doesn’t work, I can put up the local copy if it’s a government work or out of copyright for some other reason, or replace the link with a fair use excerpt.

I’m not going to automate it, since a lot of sites are going to be good enough at avoiding scrapers that they could avoid whatever I could set up. But now there’s one more task to add to the new page build process.

(Updated 19 Apr 2026)

What’s attribution and why does it matter?

Attribution is the process of correlating events, such as exposure to advertising, to an outcome, such as a sale. Usually people say “impressions” for the event and “conversions” for the outcome. See Digital Attribution Primer (PDF) from IAB.

The current state of attribution can be split into two tracks, paywalled vs. free: Paywalled is more scientific, and the free kind is what advertisers get from Google and Meta. More on that: Big Tech is squeezing advertising jobs and companies

Attribution matters because it guides advertising decision makers in determining where ad budgets get spent. Ad money can support legit sites and other resources that help the people being advertised to, or end up supporting parties that work against the interests of the people being advertised to.

How is the attribution cartel defined? Who’s in and who’s out?

The cartel members are some well-known companies that agree to operate an ad tracking scheme that will not require consent or be subject to objections or opt-outs. To get a peek of how this would work, a recent version of Firefox shipped with both an attribution tracking preference (on by default) and Global Privacy Control. But turning on GPC did not turn off attribution tracking.

A non-member is any company where consent, objections, and/or opt-outs apply to all of their personal data practices.

What would be the impact of the attribution cartel on web publishers and advertisers?

Giving large platform companies control of attribition would tend to aid their current tendency to shift more advertising onto low-trust content and AI-generated slop. What Happens When The Attribution Cartel Meets Advertising’s Halo Effect?

Is “attribution cartel” a negative or pejorative term?

No. The term “attribution cartel” reflects a Neutral Point of View. The attribution cartel meets all the generally accepted criteria for a cartel, according to their own meeting notes.

• The members are, at the same time, partners as well as competitors.

• The members of a cartel are independent of each other…there have to be at least two participants and they determine their interests autonomously.

• The members of a cartel know each other; they have a direct relationship, in particular they communicate with each other.

A negative term would be something like “attribution racket” or “attribution conspiracy”. It is recommended to avoid using those, and also to avoid terms biased in the other direction such as “attribution community”.

What’s Apple doing in the cartel? Aren’t they all privacy and stuff?

A lot of individual developers at Apple have been trying to protect their users from privacy problems on the web and from sneaky practices by iOS apps for quite a while. But in the big picture, management can justify participation in the attribution cartel by how it will move ad spend into Apple’s own ad system. Just out: Apple Gets Serious About Its Advertising Business by Lara O’Reilly. They’re limiting non-cartel tracking while building up an Apple Business tool that integrates Apple’s own attribution tracking, which you can still turn off but it’s buried under “advanced” somewhere.

The idea is to drive more money into App Store ads instead of to legit sites. If Apple didn’t control attribution, their app store ads would show a negative halo effect, because the App Store is full of fraud, so in the long run they need to either clean up or take control of attribution measurement. See App Store Search Ads and the Slippery Slope from the Think Tap Work blog.

The Attribution proposal looks complicated. Who’s going to run all that nerd stuff?

The point is to integrate into a system that both places ads (on slop and extreme political bullshit, naturally) and reports back that the decision to place ads there was the optimal thing to do. See, for example, Meta Is Launching An Easy Button For CAPI. The “open web” attribution data will feed into a system that shows how low the ROI for open web is compared to Meta’s whatever latest lawful but awful thing is.

But, technically, do the cartel members really need consent?

Questions like this help explain why the idea of g—like the real-world equivalent of one number for “intelligence” in Dungeons and Dragons—is bogus. See IQ is largely a pseudoscientific swindle (Argument Closed) by Nassim Nicholas Taleb. Google is the best example. So every time Google gets caught doing some kind of crime, their immediate response is something like, well, actually, if you were as smart as us you would be able to see that we went right up to the line of what’s a crime, but technically we didn’t cross it. Rachel Myrow at KQED asked, What Is the Point of California’s Privacy Laws if Big Tech Ignores Them? and the response from Google was,

This report is based on a fundamental misunderstanding of how our products work. We honor opt-outs provided by advertisers and publishers as required by law.

Google took this approach to the antitrust cases, too, and we’ll see how that works out for them. They set up an intricate box inside which they may or may not be doing crimes, but you need to be Google level smart to understand the contents of the box. When a counterparty has limited processing power, and understands that their capacity to understand Google is always going to be less than Google’s ability to increase the complexity of what’s inside the box, the counterparty has to fall back on the useful heuristic of just assuming that the box contains a crime. High g doesn’t necessarily mean a high score in the communications or market flavors of “intelligence”.

There’s sort of a version of falsus in uno, falsus in omnibus effect going on here. When a cartel member’s obvious choices have a high crime level (for example, sticking malware links into search results), then a counterparty can use that to assign a predicted crime level to the company’s more impenetrable actions. Having high g and high propensity to crime is like being good at dealing three-card monte: your win percentage is going to be high, but most people in a position to choose whether or not to play will choose not to play.

Attribution cartel members will be able to prove to themselves and to each other that “they don’t need consent” and are allowed to ignore objections and opt-outs, but they’re not trustworthy enough to prove it to non-members of the cartel.

How did the attribution cartel end up at W3C?

At the time that Google was choosing where to host their “Privacy Sandbox” proposals, W3C was still part of MIT, and had a really minimal antitrust policy. And Google managed to get a bunch of obvious anticompetitive tricks in pretty early on. It could have turned into a real mess, but fortunately the Competition and Markets Authority in the UK got involved. (see Google “Privacy Sandbox” timeline)

Meta has been expelled from IAB Sweden because of their persistent fraud problem but W3C, even though it is now a separate legal entity and has upgraded the antitrust policy, still has a kind of old-school Internet “assume good faith” attitude, which doesn’t work for the kind of companies that are members of the attribution cartel.

Why did the CMA release Google from their “Privacy Sandbox” commitments when Google was still active in the attribution cartel?

Good question. James Rosewell, in a LinkedIn post writes,

The government appear to have interfered and guided the CMA to go slow on enforcement. That’s not what UK voters and tax payers expect from government, no matter the party in control.

If Rt Hon Rachel Reeves is serious about economic growth she needs to take advice from the people that know how to deliver it.

After all the CMA’s 2019 study into digital markets found the cost to every household in the UK due to the excessive costs of digital marketing from Google and Meta Facebook’s control over advertising was £500 per household per year.

That’s over £1000 today per household per year.

What’s the Eurostack angle again?

The attribution cartel issue becomes important when you look at possible interactions between news sites that cover politics and the Big Tech companies that have their own political points of view. Right now, the attribution cartel members aren’t as loud about their politics as, say, “X” (the former Twitter) but it’s not going to be realistic to rely on them to be impartial. Facebook Charged Biden a Higher Price Than Trump for Campaign Ads, and the Trump administration is doing substantial advocacy for the attribution cartel members, the bill for which will come due at some point.

Research shows that ads perform less well on “toxic” or brand-unsafe contexts, but in the current political environment the attribution cartel members will tend to avoid “brand safety” measures in the same way that ad agencies do: FTC Orders WPP, Publicis, and Dents to Stop Alleged Brand Safety Collusion. For the attribution cartel, this would mean assigning more favorable attribution numbers to pro-Trump or anti-EU content.

How should state privacy laws handle the attribution cartel?

The big asks are the same as for any other adtech/martech. We need an effective right to know (RtK), and we need the right amount of private right of action.

State legislators mainly need to be looking at the impact of the system, and the potential harms, and considering those independently of whether the system is labeled with “privacy” terms. Just claiming the “privacy” label, or mathematical properties of a system in isolation, should not let it avoid the same legislative attention as other systems. Or more.

It helps to look back at the Facebook housing discrimination saga, which started in 2016 and took a while before Meta actually started obeying Federal law. Real-world privacy harms are harder to track down when Big Tech obfuscates them. State legislatures need to make sure we have effective RtK including inferences, and a common sense level of private right of action.

When in doubt, keep the law simple and general and leave as much up to the jury as possible. (The Flo case was common sense one, bullshit documents zero.)

More: More attribution cartel Q and A