Recent blog entries for dmarti

The end of Please Turn Off Your Ad Blocker

More news from the ongoing malvertising outbreak.

These aren't skeevy ads on low-reputation pirate sites. These attacks are coming in on big-budget sites such as AOL's Huffington Post, and included in fake ads for real brands such as Hugo Boss. They're using A-list adtech companies. Read the articles. Nasty stuff. The ongoing web ad fraud problem is hitting users now, not just advertisers.

So far the response from the ad networks has been a few whacks at the problem accounts. So I can make the safest kind of prediction: someone made money doing something not very risky, not much has changed, so they'll do it again and others will copy them. Want to bet against me?

Users already trust web ads less than any other ad medium. Malvertising takes a form of advertising that's a bad deal for the user and makes it worse. (If sewer rats are coming out of the commode, users are going to put a brick on the lid. If the rats have rabies, make that two bricks.)

The more malvertising that comes along, the more that the "please turn off your ad blocker" message on web sites is going to look not just silly, but irresponsible or just plain scary. "Turn off your ad blocker" sounds like the web version of "If you can't open lottery-winner-wire-transfer.zip, turn off your antivirus."

Time to rewrite the "turn off your ad blocker" messages and talk about a sensible alternative. Instead of running a general ad blocker (and encouraging the "acceptable ads" racket) or running entirely unprotected, the hard part is just starting: how to educate users about third-party content protection that works for everyone: users, sites, and responsible advertisers.

Bonus links

Sherwin Siy: IP Rights Aren’t a License to Kill Devices (And No, Fine Print Doesn’t Make It OK)

Planet Debian: Joey Hess: a programmable alarm clock using systemd

Calvin Spealman: The Curl Pipe

@feedly: Why we retired the feedly URL shortener

James Gingell: Where Did Soul-Sucking Office-Speak Come From?

Glyn Moody: China Turns From 'Pirate' Nation To Giant Patent Troll

Joe Wein: Disclaimers by spammers

SMBlog -- Steve Bellovin's Blog: If it Doesn't Exist, it Can't be Abused

phobos: Partnering with Mozilla

Eryn Paul: Why Germans Work Fewer Hours But Produce More: A Study In Culture

The Tech Block: The tech worker shortage doesn’t really exist

Heidi Moore: The readers we can’t friend

Lary Wallace: Why Stoicism is one of the best mind-hacks ever devised

Steven Sinofsky: Why Remote Engineering Is So Difficult!?#@%

SysAdmin1138: Application firewalls for your phone

Syndicated 2015-04-18 14:57:06 from Don Marti

It's not about freedom

Doc Searls writes:

We hold as self-evident that personal agency and independence matter utterly, that free customers are more valuable than captive ones, that personal data belongs more to persons themselves than to those gathering it, that conscious signaling of intent by individuals is more valuable than the inferential kind that can only be guessed at, that spying on people when they don’t know about it or like it is wrong, and so on.

I'm going to agree with Doc that these are all good and important principles.

But then I'm going to totally ignore them.

Yes, it is "self-evident" that it's important to behave as a decent human being in online interactions, and in marketing projects. (Complexity dilutes understanding of a system but not moral responsibility for participating in a system. Just because you don't understand how your marketing budget gets diverted to fraud does not mean that you aren't ultimately responsible when you end up funding malware and scams.) Thinking about user rights is important. 30 years ago, Richard Stallman released the GNU Manifesto, which got people thinking about the ethical aspects of software licensing, and we need that kind of work about information in markets, too.

But that's not what I'm on about here. Targeted Advertising Considered Harmful is just background reading for a marketing meeting. And I've been to enough marketing meetings to know that, no matter how rat-holed and digressed the discussion gets, Freedom is never on the agenda.

So I'm going to totally ignore the Freedom side of discussing the targeted ad problem. You don't have to worry about some marketing person clicking through to this site and saying, WTF is this freedom woo-woo? It's all pure, unadulterated, 100% marketing-meeting-compatible business material, with some impressive-looking citations to Economics papers to give it some class.

Big Data proponents like to talk about "co-creating value," so let's apply that expression to advertising. The advertiser offers signal, and the reader offers attention. The value is in the exchange. Here's the point that we need to pick up on, and the point that ad blocker stats are shoving in our face until we get it. When one side's ability to offer value goes away—when a targeted ad ceases to carry signal and becomes just a windshield flyer—there's no incentive for the other side to participate in the exchange. Freedom or no freedom. Homo economicus himself would run a spam filter, or hang up on a cold call, or block targeted ads.

The big problem for web sites now is to get users onto a publisher-friendly tracking protection tool that facilitates advertising's exchange of value for value, before web advertising turns into a mess of crappy targeted ads vs. general filters, the way email spam has.

Syndicated 2015-03-30 14:33:29 from Don Marti

QoTD: Julie Fleischer

Kraft is reinventing marketing around data, infrastructure and content to be more informed, addressable, personal and meaningful. We have invested significant resources in building a proprietary data platform that allows us to know, serve and engage our consumers uniquely and at scale. We have trained our marketers on data literacy and reshaped our agency relationships to capitalize on our infrastructure and the opportunities that exist in today's media landscape to act with agility and purpose. We're creating new capabilities in content creation so that we can tell personal stories and launch experiences that attract and delight our next generation of consumers.

Julie Fleischer

My macaroni and cheese has an awesome surveillance bunker, which fills me with delight.

—nobody, ever

Syndicated 2015-03-08 18:37:20 from Don Marti

Digital dimes in St. Louis

From Jason Kint at Digital Content Next, here's all the third-party web tracking that comes with browsing the St. Louis Post-Dispatch web site.

Read the whole thing. (via Darren Herman, on Twitter)

So, not much of a surprise, people don't trust web ads, because creepy tracking. Kint writes,

This problem is only getting worse and the consumer tools that counter it are getting less effective and more and more damaging to those who respect the consumer’s right to understand when and why their activities are being tracked. Transparency and providing the consumer with adequate control over their online privacy are vital—not harmful—to businesses that are built on a solid foundation of trust.

But he's only got part of the solution. Transparency is unworkable. How can regular people read every privacy policy for the third-party trackers they run into, when nobody at the St. Louis Post-Dispatch seems to be able to read the privacy policies for the trackers the paper uses on its own site? Here's what the Post-Dispatch site has to say about their third-party ads:

These companies may employ cookies and clear GIFs to measure advertising effectiveness. Any information that these third parties collect via cookies and clear GIFs is generally not personally identifiable.... We encourage you to read these businesses' privacy policies if you should have any concerns about how they will care for your personal information.

In other words, "third party tracking? That's a thing on the Internet now. We have no idea what's going on with it, so you're on your own." No wonder, as Kint points out, Online advertising is trusted less than any other form of advertising.

The result of all this tracking isn't just wigged-out users and ever-increasing ad blocker installs. The real problem for newspaper sites is data leakage. All those trackers that Kint points out are busily digesting the paper's audience like flies on potato salad, breaking the readership down into database records, and feeding the "print dollars to digital dimes" problem by breaking signaling.

When it comes to data leakage, publishers aren't bringing a knife to a gun fight, they're bringing a white paper about a knife to a gun fight. Terry Heaton, in “Local” is Losing to Outsiders: In 2015, [non-local] independent companies will account for nearly three-fourths of all digital advertising, elbowing out local-media competitors who have tried for two decades to use their existing sales forces to also sell digital advertising. Why is it that when a St. Louis business wants to advertise to a St. Louis newspaper reader, three-quarters of the money goes to intermediaries in New York and Palo Alto?

The problem, though, isn't so much that the adtech firms are taking 3/4 of the advertising pie, it's that they're making the pie smaller than it could be, by building the least trustworthy form of advertising since email spam.

So how do we keep the local papers, the people who are doing the hard nation-protecting work of Journalism, going? Kint says the "consumer tools" are getting worse, and if you're just looking at the best-known ad blocker, I'd have to agree. The "acceptable ads" racket doesn't address the tracking problems that matter. Meanwhile, it's not practical to browse the web with no protection at all, because who's going to read all those "transparent" explanations of exactly how some company you've never heard of sells some information you didn't know you were revealing?

Fortunately, though, we have publisher-friendly alternatives to ad blocking such as Tracking Protection on Firefox, the Disconnect extension, and Microsoft's Tracking Protection Lists. Instead of focusing on the two bad alternatives: unaccountable tracking or misdirected ad blocking, why not focus on the tracking protection that works?

Don't worry, interesting stuff remains to be done. To start with, hey, where are all the ads on stltoday.com? Just because I want to get protected from creepy tracking doesn't mean I'm against advertising in general. I like to look at the ads in local papers when I'm going there, because it gives me a sense of business in the town. (The New York Times is showing me Saks Fifth Avenue ads, and I have tracking protection on.) St. Louis, please, make your newspaper site work with tracking protection, and show me some ads.

Syndicated 2015-03-03 03:39:32 from Don Marti

Personal data, politics, and an opportunity

Charles Stross, in A different cluetrain:

"Our mechanisms for democratic power transfer date to the 18th century. They are inherently slower to respond to change than the internet and our contemporary news media."

Bruce Schneier, on Ars Technica:

"Facebook could easily tilt a close election by selectively manipulating what posts its users see. Google might do something similar with its search results."

The bias doesn't have to be deliberate, though. Eric Raymond posted an example on Google Plus.

G+ may be engaging in non-viewpoint-neutral censorship of news articles relating to firearms.

Turned out that there was a bug in how Google Plus interacted with the CMS on a pro-Second-Amendment site. Not a deliberate political conspiracy, but software is full of bugs, especially when independently developed projects interact. When bugs affecting some political content are quietly fixed faster than bugs affecting others, it's not a sneaky conspiracy. It's just the natural result of programmers and early adopters choosing to test with less of the content that isn't a "cultural fit". Software developers have political views, and those views tend to escape into their software, and affect the software's users.

Google and Facebook don't have to decide to manipulate elections. Manipulation is an emergent property of networked software development. On the Planet of Classical Economics, Facebook and Google would sell their user-manipulating power to the highest bidder. But here isn't there. In the USA, the Data Party (mostly for mental extraction, mostly "blue") has the mainstream Internet businesses, and the Carbon Party (mostly for resource extraction, mostly "red") doesn't.

Which is the same problem that Roger Ailes had for TV in 1970, and we know how he ended up solving that one.

Today, is somebody on the Carbon Party side doing for their "SJW in our people's pockets" problem what Ailes did for their "liberal in our people's living rooms" problem? Yes, a Data Party has a head start over a Carbon Party in a race to build a mobile platform, but plenty of "red state" people can code, write checks, and place orders from the countries that still know how to make things.

Are we going to get two parallel user-tracking industries in the USA, the same way we have two factions in broadcast and cable media? And will each one offer tools to protect users from the other? I might buy a Koch-o-Phone just to watch the OS and the inevitable PLA spyware fight over my Facebook timeline.

Syndicated 2015-02-28 15:45:52 from Don Marti

Ad blocking, bullshit and a point of order

(Bob Hoffman says that the B word in a post title is good for more traffic so let's try it.)

Alex Kantrowitz for Advertising Age: Publishers Watch Closely as Adoption of Ad Blocking Tech Grows.

Adblock Plus, for instance, recently surpassed 300 million installs, according to spokesman Mark Addison, who said it stood at 200 million roughly a year ago. Mozilla has seen more than 200,000 downloads of Adblock Plus nearly every day since Sept. 1. Mr. Addison attributed the extension's popularity primarily to the fact that it is now available on every browser.

Lots of stuff is "available on every browser" but sank without a splash. There must be something more going on.

No One Should Be Outed By an Ad: Marc Groman of the Network Advertising Initiative points out that

A young man or (woman) searches on his computer in the privacy of his home for information about sexual orientation or coming out as gay. Hours or days later, he receives ads for gay-related products or services while surfing on totally unrelated websites. Maybe this happens while at school, in the office or when sharing his computer with family members. Recent developments in cross-device tracking mean that ads for gay events or venues could surface not only on his home computer where he originally searched for the information, but on his work laptop or tablet. In addition, the ads could even be displayed on his parents’ computers, which could unknowingly be linked to his PC because they appear to be part of the same household.

According to Groman, "nearly 100 of the most responsible companies in online advertising today" won't do this.

But as for the remaining, less scrupulous adtech firms, the take-away is: better get your ad blocker on.

Brian Merchant on Motherboard:

72 percent of US internet users look up health-related information online. But an astonishing number of the pages we visit to learn about private health concerns—confidentially, we assume—are tracking our queries, sending the sensitive data to third party corporations, even shipping the information directly to the same brokers who monitor our credit scores.

What could possibly go wrong?

That's just a couple of targeted advertising stories from the past week. And the IAB is worried that ad blockers are a thing? That's like crapping on the sidewalk and complaining about people wearing rubber boots.

"Online advertising" is turning into a subset of "creepy scary stuff on the Internet." Advertising done right can be a way to pay for things that people want to read, but it's not working.

So why do publishers put up with this? Why not just run only first-party ads? It's a long story, but basically because other publishers do.

If websites could coordinate on targeting, proposition 1 suggests that they might want to agree to keep targeting to a minimum. However, we next show that individually, websites win by increasing the accuracy of targeting over that of their competitors, so that in the non- cooperative equilibrium, maximal targeting results.

So the gamesmanship of it all means that publishers end up in a spiral of crap.

Ad blocking isn't helping. The AdBlock Plus "acceptable ads" racket will pass ads that are superficially less annoying, but still have fundamental tracking problems. It's "acceptable" to split a long article into multiple annoying pages to put ads at top and bottom, but not to put ads within the flow of a modern long-scrolling article. "Acceptable ads" requires 1990s-vintage design and avoids fixing the real problems.

Fortunately, there's a solution that works for users and for publishers. Tracking protection is a safe, publisher-friendly alternative to ad blocking. Blocks the creepy stuff, to help publishers, without dictating design or interfering with quality ads.

  • Tracking Protection on Firefox filters out tracking, while letting quality ads through. There's no "acceptable" program to join, and no limits on design.

  • Disconnect is a browser extension to protect users from the "web of invisible trackers."

Tracking protection helps publishers solve the big problem, the problem that the IAB doesn't want to talk about. Data leakage.

The prime "bovine-fertilizer-based information solution" here is all the verbiage about trying to break out the ad blocking problem from the ad fraud problem from the "print dollars to digital dimes" problem. It's all connected. Shovel through it all and you get something like:

  • Adtech as we know it is based on data leakage.

  • Ad blocking, along with adtech fraud, is a side-effect of the data leakage problem.

  • In the short term, data leakage is bad for publishers and good for adtech.

Having meetings to express grave concern about ad blocking isn't the answer, any more than having meetings to express grave concern about ad fraud is the answer.

Arguing about how to clean the carpet while the sewer pipe is still broken is not the answer.

Getting more users onto tracking protection, as an alternative to ad blocking? A way to fix data leakage at the source? For publishers, that's a good step toward the answer.

Point of order: I'm now avoiding the word "privacy" except in a direct quotation or a "Privacy Policy" document.

If I say it again, it's $1 in the jar for the EFF.

Terms to try to use instead:

  • tracking protection

  • data leakage

  • brand safety

Privacy is a big hairy problem, like the "freedom" in "free software." Plenty of people are philosophizing about it. But working with the web every day, the fixes that need to happen are not in the philosophy department, but in plugging the leaks that enable dysfunctional ads and building the systems to enable better ones.

Syndicated 2015-02-26 14:44:08 from Don Marti

Reactions from developers

When I explain the whole Targeted Advertising Considered Harmful thing to software developers who work in adtech, I keep expecting a "well, actually" from somebody. After all, the Lumascape is large so there's no way the general points I'm bringing up can possibly apply to every single company on the chart.

#NotAllAdtech, right?

Instead, I've been getting two main reactions from developers.

  • You're right, adtech is a racket, I'm surprised that clients and publishers put up with it.

  • You're missing something—another really messed-up thing about adtech is...

(example: The problem with anti-fraud measures so far is that their impact falls hardest on small legit publishers. Not only does adtech move ad revenue away from sites with real users toward fraudulent ones, but when networks attempt to stop it, they hurt the legit sites worse.)

Anyway, ad agency clients (not just CEOs) go read What Every CEO Needs To Know About Online Advertising by Bob Hoffman.

Web publishers, watch this space.

Syndicated 2015-02-22 16:03:49 from Don Marti

Picking the next end-user security tool

Malvertising is a thing on the Internet now. Ad fraud meets data leakage meets malware.

One way or another, some kind of tracking protection tool is going to join the basic recommended list of security software for regular users. Firewall, check. Virus checker, check. Tracking protection, check.

The question is whether the anti-malvertising slot on the shoppping list will be filled with a problematic and coarse-grained ad blocker, or with a publisher-friendly tracking protection tool such as Disconnect or the built-in tracking protection in Firefox.

What's the difference, and why does it matter?

Tracking protection tools and AdBlock Plus will each let some ads through. However, AdBlock Plus uses the concept of "acceptable ads", which is broken for modern web designs.

For pages featuring a reading text ads should not be placed in the middle, where they interrupt the reading flow. However, they can be placed above the text content, below it or on the sides.

So a nice-looking design like Quartz does not have "acceptable" ads because the ads there can appear when scrolling a long article, but a crap-ass legacy CMS that splits a shorter article into 9 pages is A-OK.

More importantly, targeted third-party ads can buy into the "acceptable" program too, which does nothing for improving the value of the medium.

This is where the IT media can influence, not just observe.

  • The more that you write about tracking protection tools other than ad blockers, the more users will get them, and the better that business becomes for content sites, including the ones that pay you.

  • The less attention you pay to the issue, the more users are likely to switch to a "dumb" ad blocker, and the more that web ads slide into a no-win struggle like email spam/anti-spam.

(More on the web ad problem)

Syndicated 2015-02-17 15:50:26 from Don Marti

Live and in person, in Los Angeles

SCALE badge

Attention all fans of me. Come hear me at Southern California Linux Expo, February 19-22 in Los Angeles, California, USA.

There's a speaker interview on the conference site, with some more info on what I'll be talking about.

(If you read this blog for the "targeted advertising considered harmful" stuff, I pitched a short talk on that, too, but I don't know if it'll get in.)

Syndicated 2015-02-13 03:45:36 from Don Marti

Hey, kids, slide!

The ad market, on which we all depend, started going haywire.

Alexis Madrigal

Haywire is about right. In one slide...

online ads

(from an upcoming conference talk, if I can get a conference to take it. Details.)

Syndicated 2015-02-11 05:42:28 from Don Marti

607 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!