By way of a short recap, a big part of the problem of tracking and targeting is information asymmetry. When a brand appears to know more about you than you’ve consciously shared, it triggers the same evolved instincts we use to detect threat, manipulation, or social imbalance. In evolutionary terms, that’s not a ‘conversion opportunity’. That’s a red flag to our stone-age minds.

What is designed as ‘relevance’ is not the same as trust (implicit as it is).

Personalization and trust tend to have a negative correlation. Rory Sutherland uses the example of a wedding ceremony. You don’t go around and tell people one by one that you’re together, you make a big deal of the celebration. And possibly the worst-personalized advertising medium, Little League sponsorships, is the best at trust building. Leagues keep photos and records, making team sponsorship a bad deal for a fly-by-night company and a good deal for a business that expects to offer win-win products or services in the long term.

Where did it all go wrong? Michael Farmer, in Why Have Most Advertisers Suffered From Slow Brand Growth Rates Since 2009? Ten Major Reasons, points out the problem of advertiser growth since 2009, when 2/3rds of major advertisers saw their sales growth rates fall to well below the nominal GDP growth rate of 4.7% (2.4% inflation plus 2.3% real growth).

A legitimate company like P&G (2009-2024 CAGR 0.6%) can, to use a polite expression for slop ads, create fast cycle content to drive traffic, but a scammer can always do it better. A scammer can use the best AI slop service and surveillance advertising available this minute, but P&G is always going to be a number of steps behind, because of the levels of approval needed to use some new AI slop service or ad personalization scheme. Often, by the time a big company can get on something, it has already been superseded or EOLed.

Any advertising medium that’s

• worth paying for from the seller side and

• worth paying attention to from the buyer side

has to be based on something that a legit seller can do better than a deceptive seller. Too often, legit companies are trying to compete with deceptive ones in a “move fast and break things” fight that they will lose. Christina Garnett writes,

Customers are more selective because we taught them to be. Their trust is thin because we diluted the very concepts that once signaled honesty and care. They can see when outrage is manufactured, when vulnerability is scripted and when belonging is offered only to drive metrics.

The tricks aren’t tricking anyone anymore. Consumers just feel manipulated.

P&G can make better dish soap than other companies, but they’re at a disadvantage in AI slop and surveillance advertising. Brian Jacobs writes,

If you believe everything you’re told, advertising is really very straightforward. Give your budget to META (insert the name of your favourite platform here). Send over your objectives and brief. META (or whoever) will deploy a magic AI tool, which will design a selection of ads. The alternatives will be pretested. They will then place the winning execution across their individual channels.

Meta advertising works better for a random drop-shipper than for an established firm with an actual detergent research lab. Meta ads work fine for a while, if the point is to trick people into voting for crooks or buying crap. A recent Meta success story, the “fastest growing company in history”, is a weight loss scam that makes up physician testimonials and uses face-swapped patient photos. (See The back story behind the first “$1.8 Billion” dollar “AI Company” by David Marcus.)

Meta’s personalized advertising is auction-based, and we have known since 2006 that auction-based ad platforms eventually bid up rates to extract all the profits from the advertisers that use them (Jakob Nielsen’s analysis applies not just to search, but to other auction-based designs including RTB and social). If typical advertisers on Meta’s sites and apps were anywhere near as successful as the outliers that make the news, then The “Passive Income” trap ate a generation of entrepreneurs wouldn’t be a thing. And it’s not just the small-timers. Relying on auction-based advertising is showing up as a problem for well-funded firms too. Allbirds are canaries in the Meta coal mine, along with Oddity Tech, which went all in on personalized cosmetics on Instagram.

The winners in the surveillance advertising game are the Big Tech platforms that design for scams and the scammers they enable. In The Myth of the Unwanted Internet, Julian Morris asserts that the Internet “solved for trust” by adding user-tracking features. But that doesn’t describe the Internet as we currently experience it. In fact, we’re in an economy-wide trust collapse because of decisions to add surveillance features that give deceptive companies advantages over legitimate ones. A 2025 FTC report showed a Big Jump in Reported Losses to Fraud to $12.5 Billion in 2024—before the change of administration to one that’s more friendly to large, deceptive companies. Thanks to decisions by politicians to prioritize “innovation,” the scammers even have their own payment platform, “crypto ATMs” and music scene.

It’s time for a more market-aware approach to privacy legislation and regulation. Instead of making the unrealistic assumption that surveillance advertising has some kind of economic benefit that needs to be balanced with user privacy interests, we have to recognize that consumers and legitimate companies are not on opposite sides, but cooperating players in a game with the goal of making win-win deals. The opponents are the Big Tech companies and the scammers. And the problem isn’t specific data practices that could be replaced by clever but pointless math. Privacy people need to bring more and thicker PDFs to the privacy bill hearings. More: advertising personalization: good for you?

Instead, the big prediction market news is ‘Gamblers on POLYMARKET vowing to kill me if I don’t rewrite Iran missile story’… by Emanuel Fabian at The Times of Israel. Journalists were offered bribes and received threats over changing a news story that was key to resolving a prediction market contract. The big connection between news organizations and prediction markets is not competition, as Prof. Robin Hanson suggest but dependency. A prediction market needs an outside source of information, or “oracle” to resolve contracts.

The Times of Israel situation is a much larger scale version of a problem that we ran into with bug futures. The cost of resolving a contract is high relative to the value of the contract. That applies to both really small incentivization market issues (does this patch fix this bug?) and big picture markets. Previous criticism of war markets, such as Gamblers can now bet on the outcome of wars – and that’s a problem, by Karoline Thomsen and Douglas Guilfoyle, focuses on the problems of corrupting decision makers and incentivizing leaks. But insider trading is a feature, not a bug. Prediction markets tend to blend into incentivization markets. Prof. Andrew Gelman writes,

To put it another way, the ideal for a prediction market is for it to have high stakes (so that it’s costly to try to manipulate the price) with bettors being people with no influence on the outcome. But such a market will be a ripe target for people who can influence the outcome and for insider trading.

In general, from the outside the possibility of insider trading is a win, because it disincentivizes other people from forming large, untrustworthy organizations. But the oracle problem is a lot bigger. The solution we came up with has two parts.

First, pay the oracle, a lot. Reporting from a war zone is obviously costly and risky, but resolving any market is usually going to cost a pretty high fraction of the money at risk. So we imposed high oracle fees, which are paid by the winners and disclosed up front.

Second, make it easy for traders to avoid the oracle fees by getting out of their positions. So you end up with a market that trades in a narrower band of prices (there are no worthless positions, even a bet on an impossible event is worth about the same as the oracle fee, because the holder of the winning side would rather get their 90% now than hold out for 100% minus a 10% oracle fee at maturity.)

Oracle fees are easy for an internal bug futures market or other internal corporate prediction/incentivization market, but for markets on news events, where the oracle is an outside source, markets need other options.

• Public sector oracles. Government bodies such as United Kingdom Maritime Trade Operations and the Bureau of Labor Statistics already produce oracle-ready information. And prediction markets provide an anti-corruption and counterintelligence check on those. It’s hard to tell if a government agency has a foreign spy, but an insider trading problem will be more likely to show up in the market numbers. (For example, the current US administration is obviously leaky, and prediction market trading patterns help people decide whether to share information with it.) So there is a good case for the public sector to provide oracle-friendly event reports.

• A copyright-like oracle right for news organizations. Article One, Section 8 of the United States Constitution just says securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries, so an oracle right would probably work here. Partnerships between news companies and prediction markets are a thing, but there’s still a free riding problem that an oracle right would help address. If a news site is not opposed to prediction markets on principle, there’s an incentive to seek oracle deals, because of the money talks bullshit walks effect. Total money at stake in contracts for which this site is an oracle could be a useful qualitative news metric.

News site revenue is a hard problem, and diversifying revenue is a big deal. Although a lot of people like micropayments, and the ability of a site to get micropayments is a useful crowdfunded quality check, micropayments have a fundamental problem. Much of the value provided by a news site is the stories that didn’t happen. Nobody would pay to read “City Council Didn’t Steal Everything In Town Because a Reporter Was At The Meetings” but that (unwritten) story is worth more to the town than the alternative.

It seems like the viable options are either an actively enforced ban on prediction markets, which would limit the number of people with the resources and incentives to bribe or threaten reporters, or an enforceable oracle right, which would give the news organization additional money to keep reporters safe and honest, and an incentive to stay accurate and useful as an oracle in order to keep oracle deals. Otherwise, traders on free-riding prediction markets, whether legal or illegal and tolerated, have the ability to subvert the news sites they use, but the news sites have no funding for their defense.

The long answer is that a dirty business has gotten dirtier. Not only have the ads gotten heavier (I went to the New York Times to glimpse at four headlines and was greeted with 422 network requests and 49 megabytes of data. It took two minutes before the page settled.) and added more aggressive data usage as they refresh on the page, the business side is all in on the low-trust economy, too.

Advertising’s hottest club is “principal buying” or “principal media”—big agency holding companies functioning not just as agencies to buy ad space on behalf of clients, but trading ad space for their own account before the client sees it. Nick Manning explains.

This has been going on for decades, especially in markets like Asia Pacific, Eastern Europe and Southern Europe. Broadly speaking, what’s happened over time is that those practices [were] imported into the U.S. around 2010-2011.

The thing that’s made it happen more recently is that the [agency] groups started to see their other revenues decline, and this is one way of arresting that decline — but it’s also easier to do this because you don’t have to win new clients, you don’t have to pitch, you don’t have to employ any more people. You just have to set up the financial machinery to do it.

A decades-old practice is getting more attention now, because of two stories.

• Paperwork that has come out in a lawsuit by a former WPP employee.

• A beef between another large holding company, Publicis, and a “demand-side” adtech firm, The Trade Desk, with each company accusing the other of non-transparent practices (and IMHO they’re both right).

Covered in The Rise Of Principal Media And The End Of The Agencies As We Knew Them by James Hercher. Companies that are in a position to get a peek at principal buying from both sides—as both owners of ad-supported contexts and buyers of ads—aren’t sold on it.

WPP’s legal disclosures reveal that none of its top 20 biggest clients participate in principal media – despite the fact that many of WPP’s largest brand accounts are themselves the purveyors of principal media deals on the supply side, including Paramount, Comcast, Uber, Amazon, Google and Sony.

These brands stand to gain the most from principal media, which rewards pure volume. They’re also very knowledgeable about the practice, which is perhaps one reason they avoid it when they have their buy-side hat on.

More info in The Trade Desk-Publicis Fight Is Really a War Against Transparency by Jay Friedman and Publicis vs. The Trade Desk isn’t really about transparency – it’s about who gets the margin by Ronan Shields.

When something isn’t easy to measure, price becomes the proxy. So, the world’s largest agencies now essentially pitch for free and operate on razor-thin disclosed margins.

To survive, they have to generate profit from hidden fees and undisclosed arrangements.

Marketers, in turn, reward this by continuing to hire and rehire the agencies that play the game most aggressively.

This forces increasingly complex schemes and systems, which pulls time, energy, and talent away from the thing the agency was theoretically hired to do in the first place: drive brand growth.

Michael Farmer has more info on how big agencies have failed to keep the rates up for the legit side of their businesses: Price premiums are the ultimate measure of successful professional relationships. Holding Companies have failed to achieve them

Besides brands, the other big losers from this whole mess are the long-suffering legit ad-supported sites, whose business model is like selling fresh artisinal donuts to a market that makes a point of not being able to tell a donut from a turd. More on that problem in The SEO parasites buying, exploiting and ultimately killing online newsbrands by Rob Waugh. Sites typically go from being viable outlets, still valuable enough to be bought for large sums, to being filled with AI-written articles and casino links, before simply being abandoned.

The same site refers to stories on Phoronix and others, too. At least they link to their source material. The sad part is that even though this site is missing an ads.txt file, it does have ads showing up for at least one real consumer electronics brand and one real business event.

TechCrunch does have the story that the error message seems to be about, so maybe either there was an error in the crawler, or TechCrunch was able to block the crawler, or I happened to visit while TechCrunch was in the process of catching this site doing this.

I’m not going to name the site because first of all, the company that runs it has a lot of domain names, and second, now that they have their automatic slop CMS going, they can always get more. The point of writing this is not, look, I found a slop site, everybody add it to your blocklist. The point is that the advice to use a blocklist to keep your ad from showing up on crap sites was always bogus—even before widespread use of LLMs, editing a blocklist for one brand or agency was always a losing race against all the crap site makers in the world registering domains.

Looking back at advertising history, getting ads into legit contexts is the original role of an ad agency. Back when the advertising options were basically signs and newspapers, a manufacturer couldn’t read all the local newspapers, so they needed a trusted set of eyes to keep up with which newspapers really reach the people they claim to, and handle the process of placing insertion orders and paying invoices. Agencies only started making the actual ads later. Yes, sellers of ads space tried to subvert agencies, and sometimes succeeded, but the expectation was that the agency works for the advertiser. (Part of the reason for the crisis that big agencies are in now is the shift from agency agency to inventory flipper.)

The slop situation should be an opportunity for agencies. (Not an opportunity to make slop—a dedicated platform tool will do it better.) The Forum on Information and Democracy has details, in the new report The online advertising market needs urgent, structural reform to support democracy and journalism.

Advertisers lack control over where their ads appear and what exactly it funds. This leads to significant resource wastage on platforms that promote low-quality or misleading AI-generated “made for advertising” (MFA) websites that would otherwise reach news publishers.

Legit sites are more effective than slop as an advertising medium (FIXME: add link to a piece about that, coming soon) but slop is the default.ICYMI: Google is Robbing You… and You Can’t Stop Them by Collin Slattery If the default is running on slop, then a brand or agency can get attention by doing the opposite.

Just announced: the new Navigator Award. They’re looking for ad-supported sites to nominate brands and agencies.

The Navigator Award gives publishers a way to recognize the brands and agencies that have made a real, intentional effort to show up in trusted news and publisher environments, especially where blanket approaches to brand safety and suitability would have made it easier to stay away.

Who is successfully avoiding the slop mongers and making a real impact?

Groups of Unknown Drones Spotted Over US Base Housing B-52 Bombers by Dmytro Shumlianskyi. These drones did not resemble commercially available models—they were high-tech, had a significantly greater range, and were resistant to electronic countermeasures. (Related: Surveillance risks and the TIDALWAVE report)

Pakistan’s solar boom is helping it save billions during the ongoing energy crisis by Adele Peters. Pakistan gets almost all its oil and gas from the Middle East, where U.S. and Israeli bombing of Iran have caused crude prices to blow past $150 a barrel and tankers can’t get through the Strait of Hormuz. But it has one edge in the crisis: a rapid, recent shift to solar power.

Germany Mandates ODF for Public Administration in Sovereign Digital Stack by Bobby Borisov. Germany has mandated the Open Document Format (ODF) as the standard for public administration documents within its new sovereign digital infrastructure framework, the Deutschland-Stack. Published by the Federal Ministry for Digital and State Modernisation, the framework sets technical standards for a unified, interoperable digital environment across all government levels. It explicitly requires ODF and PDF/UA as document formats, excluding proprietary alternatives from official use.

Lina Khan was right by Victoria Song. The FTC’s Meta lawsuit was often framed as an abstract attempt to rein in Big Tech. But in the end, the acquisition’s human cost was obvious—and an example of precisely why antitrust law matters.

90% of crypto’s Illinois primary spending failed to achieve its objective by Molly White. The cryptocurrency industry super PACs dumped $14.2 million into the Illinois primaries. 90% of that – $12.8 million – was wasted, in that it went to opposing Democratic candidates who won their primaries.

How China Aligned Itself with Saudi Arabia’s Vision 2030 by Hesham Alghannam. As for the localization of the renewable energy industry in Saudi Arabia, in July 2024, China’s Envision Energy entered into a joint venture with the PIF and the Saudi manufacturer Vision Industries, a private company, to build a turbine factory in the kingdom….Saudi Arabia also signed two other joint ventures with Chinese companies to manufacture and assemble equipment and components for solar power.

IBM and Ogilvy end 32-year creative partnership by Luz Corona. (All the Linux advertising I remember from the Linux boom was for IBM.)

‘New era for street vendors’: Mamdani names top advocate as NYC’s vendor czar by Arya Sundaram. Our street vendors are not a problem to solve — they are a community to support, the mayor said in a statement.

How Brazil’s innovative ‘Pix’ payment system is angering Trump and Zuckerberg by Vitoria Barreto. [Paul Krugman] emphasised that Pix is achieving what cryptocurrency boosters claimed, falsely, to be able to deliver through the blockchain—low transaction costs and financial inclusion.

Outpost Moved its Servers to the E.U. by Ryan Singel. Just to be clear, Outpost has never had a data request, subpoena or National Security Letter dropped on us for our data or any member publisher’s data. But we still thought this was a prudent step given the current political environment.

Beavers can turn streams into carbon stores – we measured how much by Joshua Larsen, Annegret Larsen and Lukas Hallberg. So when beavers dam rivers, they can also fundamentally change how carbon is stored in river landscapes.

Federal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway. by Renee Dudley, with research by Doris Burke. For years, reviewers said, Microsoft had tried and failed to fully explain how it protects sensitive information in the cloud as it hops from server to server across the digital terrain. Given that and other unknowns, government experts couldn’t vouch for the technology’s security.

How Can Governments Pay Open Source Maintainers? by Terence Eden. When I worked for the UK Government I was once asked if we could find a way to pay for all the Open Source Software we were using. It is a surprisingly hard problem and I want to talk about some of the issues we faced.

Bogdan’s Blog – Windows 8 Was Peak Microsoft and I will die on this hill I know it’s a hot take, and some of y’all might already be reaching for your keyboards, but I don’t care. I used Windows 8 on my desktop, used it on a janky 2-in-1 laptop, and had a blast with both. Dare I say, it might’ve been the snappiest, most responsive version of Windows ever released.

The analysis of 86 public companies across 17 sectors, using 15 years of public revenue data from 2009-2024 reveals a striking disconnect between modern marketing theory and actual revenue performance. Massive digital spending has failed to drive meaningful revenue expansion for most brands over the 15 year time span.

Some brands that spend a lot on modern advertising are growing more slowly than the economy as a whole. In Holding Companies Need High Level Strategic Plans, Not Just Announcements of New Structures and Cost Reduction Targets. Independent Agencies Will Take Advantage…, Michael Farmer writes,

Public data tells us that the 2009-2024 sales growth rate of 40 out of 60 major advertisers has been very depressed, averaging (as a group) only 2% per year for 15 years.

By contrast, the market had real GDP growth of 2.4% per year plus inflation of 2.3% per year — so the benchmarked nominal GDP growth rate was 4.7% per year.

Imagine! The group of 40 out of 60 big-spending advertisers grew at less than half of the nominal GDP growth rate for 15 years.

Dr. Fou suggests adfraud and under-investment in brand-building advertising as contributing factors. Another problem may be that money spend on surveillance advertising tends to crowd out investments in product improvements, or require disinvestment in products and services, much as sports betting tends to crowd out investments by households. Trader Joe’s peanut butter cups have milk chocolate, no ads, and no ingredients list drama.

The future timeline in which the role of marketing decision-makers is reduced to, effectively, interacting with an “AI”-based central planning system is already partly here. In Orwellian “Doublethink” and Programmatic Advertising, Farmer writes,

Programmatic is successful in generating income for Big Tech, particularly for Google, Meta, Amazon, data providers and martech infrastructure owners. Anyone beholden to or involved with Big Tech sees programmatic advertising as “good.” (What must be ignored is that the publishers and agencies are being starved of revenue by Big Tech…and agencies will be eventually squeezed out by Big Tech.)

Eventually could be soon. According to some documents that came out in discovery, at least one of the major agency holding companies is disturbingly reliant on “proprietary media trading” as their pricing power declines. Tom Denford writes, in 3 Things Marketers Must Do After the WPP Disclosures,

At the same time, the leaked “Project Claridges” presentation, released in ongoing litigation, shines a light on $1bn of what WPP calls a “non‑product related income” engine built on rebates, content deals and, most significantly, proprietary media trading. That disclosure doesn’t just affect WPP, it validates what many CMOs have long suspected about the wider holding‑company model.

Maybe surveillance advertising is working, and working so well that the Big Tech companies are capturing all the value created by it?

But it doesn’t look that way. Meta and Google are taking the kinds of high-profile risks of doing obvious crimes that a legitmately growing company shouldn’t have to. IAB Sweden just voted to expels Meta over crime issues, which is not the kind of thing that industry organizations just do to a major member. If we were on the timeline where Big Tech were making sustainable revenue from their advertising oligopoly, they would have been able to reverse fraud-friendly decisions and smooth this kind of thing over. Instead, because the companies are forced to juice their stock prices without enough legit revenue to justify it, the tricks continue. For example, they’re consolidating ownership of how ads are measured by putting obfuscated ad reporting into web browsers.The surprising part is that Apple is still going along with that one. It seems like they would have taken the opportuntity to squeeze Meta and Google, like they’re squeezing the laptop business by releasing a bargain-priced but good Mac OS laptop right when everyone else is dealing with the RAM shortage.

Surveillance advertising hasn’t been good for brands, agencies, or the people it tracks. (Even the literature that proponents cite doesn’t really support it, if you read the body copy.) It’s going to be harder and harder to justify the risks. Oh well, see you in the comment files for the next state privacy law.

The problem is that there are way too many people who are currently only in touch with each other on the Meta sites and apps. So how will a future monitoring trustee manage the process of putting an orderly end to Meta, without imposing unacceptable costs on the people who have gotten into a situation where they depend on Meta’s shenanigans?

This is how I would handle it if they wanted to appoint me to the monitoring trustee position. I have other stuff going on, but this will help out legit companies like [redacted], and will be a productive step toward ending the problematic attribution cartel thing so I think I can do it fairly. If you need a lawyer to be the monitoring trustee I can recommend some, lmk

So here’s how to do the shutdown. Borrow an idea from airline overbooking.

1. No more new accounts.

2. Update the sites and apps to require every Meta user to put in a price for which they would quit. Nobody gets booted off involuntarily, they’ll get an amount of money that they would prefer to their Meta account. Some people, infrequent users or those who were planning to quit anyway, would put in a low amount. Some people, such as Meta advertisers, people who want to work for Meta advertisers, and those who can’t reach their friends and family any other way, would put in a high amount. Users would be able to change their price at any time until it is accepted.

3. Every month, under the monitoring trustee’s supervision, Meta buys out the 50 million users who have asked the lowest prices. Those 50 million people lose access to Meta. When they log in to the sites or launch the apps, they only get a screen with info on the status of their payment, an option to download their photos and other info, and a way to put in to recover their account in case it was compromised. But each user is already better off overall, because they each get some amount of money that they already said is more than Meta is worth to them. As groups of people leave, the network effects for staying on Meta become less powerful, so remaining users would likely choose to adjust their prices downward. Yes, the monitoring trustee would have to set up a support operation to handle problems with people’s payments, but as Meta develops less new code, employees can be transferred to work on support and keep their health insurance. (Remember we’re going for minimum disruption here and that includes employees’ families.)

4. Eventually, Meta runs out of money and can’t buy out the next 50 million, so the remaining user database (containing info on those who named the highest prices) gets sold in bankruptcy. Those people never get paid to shut down their accounts. So everyone has an incentive to state a fair price and look for alternative communication methods, but nobody gets a sudden shock.

After step 4, whoever acquired the database can start making new accounts again. But in the meantime the users who left would have gone and made accounts on other services (will Microsoft start LinkedIn for Families? Can Google flip a feature flag to turn Google Plus back on? Or maybe Bluesky or the Fediverse will add enough features to become a contender?).

Previously every post just had the blog date, from the yaml_metadata_block at the top of the source file. (more info: Metadata blocks) But that’s the date I originally wrote something, so it’s the wrong date to use for an XML sitemap or for the RSS feed of recently changed pages. Since I build sitemaps and RSS from the generated HTML, I need to put two dates in each HTML page. The meta tags for that look something like this.

<meta content="2024-01-01" name="dcterms.date">
<meta content="2024-01-01" property="article:published_time">
<meta content="2026-02-27" property="article:modified_time">

The dcterms.date and article:published_time are the original date from the metadata block, in YYYY-MM-DD format. The modified_time has to be obtained from git, using git log, like this:

That’s gitdate.sh that runs in order to populate the Pandoc command line. I’m using UTC here because the server is on UTC and it would be confusing for a crawler to have HTTP Date headers in one time zone and meta tags populated from a different one. Besides, I’m from Indiana originally so time zones make my brain hurt.

Some other extensions technically work for most of the random adtech, but the most important ads to block are the ones on Google Search (where the FBI warns that you are likely to click on a fraudulent ad) and YouTube.

Every once in a while YouTube tries some anti-adblocker trick, but you can check the uBlock Origin subreddit for status updates. Usually they fix it pretty quickly.

Firefox also has some built-in advertising features, which can be turned off.

And you can test how well you are protected using Cover Your Tracks from EFF.

A lot of advice about how to do conventional compliance is coming out because many in the corporate privacy compliance scene have takes on the recent Ford and PlayOn cases.

• Ford to Change Practices, Pay Fine for Adding Unnecessary Friction to Opt-Out Process

• Youth Sports Media Company to Pay $1.10 Million Fine, Change Practices Over Privacy Violations

Neither company was doing anything out of the ordinary. Ford made the old mistake that GDPR compliance doesn’t get you CCPA compliance, and put the opt out of sale process through an email verification step. But opt outs are not verifiable, so they were out of compliance. PlayOn was doing pretty standard “best practices” tracking, probably straight from the recommendations at Meta and other companies, but opt‑out mechanisms—a toll-free phone number and an email address—were functionally disconnected from the actual data flows created by tracking technologies, and Global Privacy Control wasn’t hooked up correctly.

Plenty of advice is available on how to avoid being the subject of a case like one of these. But any company that goes with that conventional approach to compliance is signing up to pay three kinds of taxes to the compliance complex.

• lawyer hours: A lot of the questions on how to configure tracking service X to work correctly in state Y are hard.

• compliance SaaS: Yes, there is software to keep track of this stuff, and add “compliance” doo-dads to sites and apps. Another SaaS vendor, another license, another bill. (See below for some news from California. More money and drama for age estimation SaaS coming soon—for companies that choose the conventional approach.)

• developer time: Mostly the company is going to pay in opportunity costs, the revenue that would have been earned if developers had been working on other tickets.

Generally the company has to hire a privacy compliance manager to handle those, kind of like the tax preparer for the compliance taxes, so there is another layer of overhead. And depending on how you look at it, the taxes may not be the worst of it. Two other problems.

• If the company serves an early adopter, high-privacy customer base, management’s OODA loop now has a gap of unknown size. Decisions will be made based on the actions of the highly surveillable, atypical, subset of the customers, not those of the typical customers.

• If the company is in a market where typical customers are less privacy-protected and more surveillable, it’s on the losing end of the customer acquisition cost crunch as Google and Meta continue to capture a larger fraction of every sale. (As big-time growth stocks in a small-time growth economy, they have to.)

Is there a better way? No, I don’t mean use a chatbot for compliance and plan to pay the fines. At the beginning of CCPA, fines were cheaper than hiring a compliance manager and paying the costs they identify, but fines are going up. Is there a path to escape the CAC crunch, make better decisions, go tax-free? (There is the whole not participating in surveillance dystopia slash mental health crisis thing, but David Nyurenberg and Brian Jacobs already explained that.)

Update 12 Mar 2026: The Ninth Circuit, in today’s NetChoice v. Bonta opinion which partially vacates a preliminary injunction against the California Age-Appropriate Design Code Act,writes,

Accordingly, we vacate the preliminary injunction as to the age estimation provision and remand to the district court to consider this question in the first instance. However, we also emphasize that § 1798.99.31(a)(5) allows a covered business to avoid age estimation altogether if it defaults to “apply[ing] the privacy and data protections afforded to children to all consumers.” On remand, the parties and the district court may wish to consider the effect of that opt-out language on any burden on expression that may arise from the age estimation requirement.

Businesses operating a web site that might reach children in California can either (1) pay yet another compliance tax to the operators of some age estimation SaaS along with the usual compliance costs or (2) just turn off creepy mode for everybody instead of trying to classify children and adults and putting only the adults into creepy mode. Sounds like a good opportunity to lose the whole “compliance” stack and put the budget into something win-win instead. (More on the case in Ninth Circuit Deals Another Blow to Big Tech’s Campaign for Broad Immunity from Regulation, Allows Parts of California’s Design Code to Go into Effect from the Electronic Privacy Information Center.) Coming soon: the post-creepy version of the privacy compliance package.

First, big tech companies have spent a lot of time and money trying to convince the American public that we don’t deserve strong privacy rules because they would hurt small businesses. Don’t fall for it. Most of the noise coming from “small businesses” is really big tech in disguise. This includes downplaying their role in scorched-earth lobbying against any strong privacy rule by bankrolling and leveraging “small business collectives” to give the appearance of some kind of grassroots movement. Fake grass-roots movements are what are known in the trade as astroturfing, and they are a trick.

How long will small businesses and organizations keep going along with this, as Big Tech keeps driving up customer acquisition costs?

• Can small businesses compete on Google Ads anymore? [M]ore than 50% of respondents to a recent poll said small businesses have been priced out of advertising on Google Ads.

• The apparel retailer M.M. LaFleur had their customer acquisition costs on Facebook go from $13 in 2013 or 2014 to $250 today.

• Because Big Tech’s advertising systems are auction-based, the companies can drive up their own revenue in the short term by allowing more illegal and policy-violating ads. Not only are legitimate businesses paying more for advertising, they’re competing for the consumer’s budget. As online ads just became the internet’s biggest malware machine, every dollar lost to fraud is a dollar that’s not available to spend at a legitimate business.

Critics of privacy laws often claim that they’re imposing compliance costs on businesses. In Enforcement Has Shifted. The Ecosystem Is Now the Target, SafeGuard Privacy gives a long list of scary paperwork. And Prof. Eric Goldman covers the record-keeping requirements that any small business participating in surveillance advertising has to keep up with.

But the compliance complex is missing the point. The reason for a privacy law is not so that small businesses can (1) lose money on increasingly expensive surveillance ads (2) feed data to Big Tech-enabled scammers to harm their customers and (3) lose even more money by paying more and more for “compliance” services and paperwork. Privacy laws, if well designed, are a protection for legitimate businesses and an incentive to protect customers—and a customer who is less likely to be harmed is one with more time and money for win-win transactions. News coverage of the PlayOn case focused on privacy harms to users and the cost of the fine. But the harder-to-measure costs are in the form of the ML training data that PlayOn just gave to Meta—enabling fraud and misinformation against customers and working against the company’s long-term interest in future sales.

Michael Farmer, in Ad Tech, which Creates ‘Audience Balkanization,’ is Ineffective for Many Advertisers and Unhealthy for Democracy, writes,

The technology that allows programmatic advertising to exist, enriching Google, Meta, Amazon and others remains a dangerous virus in a demographic society. There is so much money in the pipeline that it will not be abandoned.

The country is polarized not because people disagree. People in different bubbles never hear the same arguments or evaluate the same data. They live in different worlds.

Everyone gets a different story, and no one can see what the others are being told.

And they’re all taught to hate each other.

and

The most reliable metric is revenue growth, and the evidence is that brand revenue growth has not been enhanced by the shift to programmatic.

So Big Tech is turning us all against each other, and all they promise small businesses is ever-higher customer acquisition costs. (And infringing your copyrights and trademarks for “AI” but that’s another story). This could be the year that the astroturfing stops. Legit businesses and their customers have inherent shared interests that connect them more closely than either one could be connected to Big Tech or to online fraud and misinformation. A good privacy bill is a good advertiser protection bill, and the other way around. More: a privacy law shortcut

“By refusing to cut off surveillance companies and sleazy data brokers, Big Tech companies are effectively collaborating with ICE’s lawless campaign of violence and terror. As a result, every internet ad on a website or app could be collecting location data that ICE will use for its next operation,” Senator Ron Wyden told 404 Media in a statement. “Congress could put a stop to this by passing my bills to ban the government from buying our data and ban tech companies from using surveillance advertising.

The problem with that is that is that it only covers one government, and people in the USA are under threat from many of them. Even though we technically have a Protecting Americans’ Data from Foreign Adversaries Act of 2024, it’s too hard to hide the ownership of a company here, and even if the owners aren’t foreign adversaries, foreign secret agents can get hired as SREs or DBAs with access to data. Anything that the government here can buy, foreign countries can buy. (And they can probably get a better price on it.) And an adversary-owned company has no obligation to disclose anything. Even if every possible data seller reads and heeds Ad Tech Says It’s Not In The Surveillance Business. Now Is The Time To Prove It by Allison Schiff, if a company is selling data, some of it will go to hostile buyers.

That means Senator Wyden is looking at the problem from the wrong end. Governments here should buy more data. We won’t get useful legislation out of the Federal government for now, but the problem can be addressed at the state level. The way to protect people is to fund some non-lethal uses of the surveillance data market, in order to incentivize the private sector to clean up. States need to fund some clever (including shell companies if necessary) programs to..

• Identify expensive lifestyle habits (such as high-end retail and destination resorts) by people who pay little in taxes.

• Track vehicle owners/drivers for automatic speed enforcement.

Obviously people are going to complain about those. But that’s the point. Better for a few people to get speeding tickets—because some family member was playing a game on their mobile device on a road trip—than for the country to remain vulnerable to a targeted drone strike on key military and defense manufacturing people.

People don’t want to be surveilled by their own government for speeding and tax enforcement, but they want the country to be vulnerable to attack even less. The only timeline in which we’re safe from a wave of targeted drone strikes is the timeline where tax and speed enforcement based on aggressive, clever data buying don’t work.

In reality, state legislative hearings about using surveillance data for tax and speed enforcement would drive a lot of companies to clean up, or pivot to some win-win use of their Big Data skills. And even if you’re only concerned about our own government surveillance, it would be relatively easy for an agency here to work with an agency in some other country, in such a way that the agency here technically never buys data, just gets copied on reports from abroad. Protection needs to be more deeply coded into the system, and affect more governments than just one.

(Update 18 Mar 2026): Not just ICE. FBI is buying data that can be used to track people, Patel says. FBI and DIA directors both confirmed that their agencies buy “commercially available information”.

alpha: See Greek letters to identify types of people.

answered: Avoid using conversational terms for generative AI interactions. Use more neutral language such as “output.”

art: Do not use for generative AI output. Use the general file type such as “image.”

beta: See Greek letters to identify types of people.

community: In software company writing, this means either people who will do work for my company for free or people who will pick up after me after I move fast and break things. Use a more specific word.

digital assets: This basically means shitcoins when someone is trying to convince the government to allow them in tax-advantaged retirement accounts.

energy security: Often used to mean dependency on fossil fuels, which is counterproductive because depending on facilities that are impractical to move, impossible to conceal, and full of explosive stuff is the opposite of security.

free market, the: Markets are designed. The state of nature is not a market (and it’s also not TCP/IP, or one of the line dances from Pride and Prejudice, or the Chuck E. Cheese ticket redemption rules). I’m surprised more market designers aren’t mad about the expression the free market. That’s like a board game designer showing up at game night and everyone talking about how the free Catan naturally emerged.

generative AI images: This is not just a political thing or a way to identify with a movement. Using AI slop to illustrate a blog post makes it less trustworthy. More: /ai

greek letters to identify types of people: This is a racket.

industry-wide problem: Something bad that our company does that we don’t want to fix. (For example, there is an adtech firm called The Trade Desk that is getting to be well-known for staying out of the worst of the web ads ran on WHAT? stories, but the others are remarkably uninterested in fixing their stuff. We as an industry must work together to… is adtech-speak for A hard problem that I don’t want to work on is…

innovation: This generally means any invention that makes things worse. People whose inventions make things better can generally lead with the benefit. For example, cryptocurrency doesn’t have enough legit applications to justify the fraud risks and environmental impact, but there’s always something new. Another good example is surveillance advertising. When a privacy bill with private right of action would make the residents of a state better off, often the best that surveilance proponents can come up with is CCIA Raises Concerns With New Mexico Privacy Bill That Departs From National Standards and Risks Digital Innovation - CCIA advertising personalization: good for you?

intellectual property: In legal contexts this term has a real meaning, but in other contexts it is often used to mean some kind of hypothetical general right to not be competed with. Use a more specific term except in a direct quote.

merit-based: This is an unclear way to describe a process for selecting people for a job or education program. It usually means based on some test that I did well on. Clarify the actual selection criteria.

semicolons: Necessary for some programming languages, and sometimes useful in fiction. In most writing, though, a semicolon means either (1) this sentence should be split into two or (2) you need to come up with the right conjunction to join the two halves of the sentence; don’t semicolon them together and make the reader figure out how they relate.

very: Omit the “very,” rewrite to include more info on how much, or upgrade the adjective the “very” applies to.

The company said algorithm changes at a key ad partner diverted its campaigns into “lower quality auctions at abnormally high costs,” leading to a significant increase in new user acquisition expenses.

And Oddity Tech falls again after bull ratings are pulled on Wall Street (ODD:NASDAQ)

Oddity Tech (ODD) went into freefall on Wednesday after the company disclosed that it experienced significant abnormal increases in its new user acquisition cost. The company said the unprecedented dislocation was with the large advertising partner Meta Platforms (META), which it believes is due to recent changes in its algorithm.

The changes on the Meta side that cause outcomes like this are not just about the algorithms—they also involve policy choices. Meta deliberately runs a scam-friendly advertising system in order to have more bidders in the system and drive up costs for all the other advertisers. In this case, they probably messed up. Instead of using the fraud ads to turn up CACs slowly for every advertiser, for some reason a single large advertiser got hit hard.

Oddity Tech sells cosmetics, so is probably up against a bunch of fraudulent competitors in the internal Meta ad auctions. Easy “AI” tools and services keep getting better at generating human faces, which lowers the barriers to entry for a small, easy-to-ship item. A surge in fraudulent offers in Oddity’s category could explain why Meta whacked them so hard. The question now is: will Oddity try to smooth things over and go back to being slowly squeezed like all the other Meta advertisers, or is there finally a plaintiff for that long-awaited Meta fraud case?

More: A marketing moment to remember

In Mozilla’s privacy preserving ad attribution: The future or an oxymoron?, David Fischer writes,

We are watching what Mozilla is doing with interest but it might just become yet another competing standard.

Now that other Big Tech companies have joined the Meta/Mozilla effort and are working on getting “Attribution” (formerly “Privacy-Preserving Attribution”) through W3C, it’s pretty clear that competing standards is the least of the problems here. Besides user harms like the alarming fraud-friendliness, and the fact that it’s based on cranking through extra garbage data (“for privacy”) on data centers in the USA—right at the time that lots of people are concerned about the impact of data centers on the environment and energy markets and the need to stop depending on IT services in the USA (read the room, people) a big question for advertisers needs to be: can this thing ever give an honest answer?

Imagine that “Attribution” does make it into the major browsers, and it does start producing attribution reports. Two possibilities:

• Wow, this attribution math shows that ads work better on legit sites! Jason Kint was right all along, and the zillions of dollars that Big Tech put into systems to drive expensive ads onto the cheapest possible content was wasted! Guess we better shut down Performance Max and Shrimp Jesus!

• Never mind, the attribution data shows that the best place to spend your ad money is on whatever slop the Big Tech algorithms were picking out for you all along. (ICYMI: Google is Robbing You…and You Can’t Stop Them by Collin Slattery at Taikun Digital. The problem with the garbage tranche is that Google has a ton of it, and in order to boost revenue they need to sell it. How does Google sell garbage that nobody wants to buy?)

The answers could end up a mix of the two, but realistically, the “right” answer is the second one. And we already know that the companies behind “Attribution” are willing to make a few tweaks to keep driving up their share of the advertising business. In any data-driven organization, the correct data to collect is the data that shows whatever Management chose to spend money on was a good idea.

If the first cut at “Attribution” doesn’t produce the answer that the decision-makers want, the second iteration will. The backers are the same people who funded the so-called “Epstein Ballroom”, and expect some return on their investment in today’s “crime is legal now” environment.

From the state legislature point of view, it is more important than ever to pay the same amount of attention—or more—to so-called “privacy-enhancing” ad tracking as to the old-fashioned kinds. A tracking scheme dressed up in privacy math can conceal a lot of deception, discrimination, and other harms to people. More: PETs and public policy