Recent blog entries for dmarti

Digital dimes in St. Louis

From Jason Kint at Digital Content Next, here's all the third-party web tracking that comes with browsing the St. Louis Post-Dispatch web site.

Read the whole thing. (via Darren Herman, on Twitter)

So, not much of a surprise, people don't trust web ads, because creepy tracking. Kint writes,

This problem is only getting worse and the consumer tools that counter it are getting less effective and more and more damaging to those who respect the consumer’s right to understand when and why their activities are being tracked. Transparency and providing the consumer with adequate control over their online privacy are vital—not harmful—to businesses that are built on a solid foundation of trust.

But he's only got part of the solution. Transparency is unworkable. How can regular people read every privacy policy for the third-party trackers they run into, when nobody at the St. Louis Post-Dispatch seems to be able to read the privacy policies for the trackers the paper uses on its own site? Here's what the Post-Dispatch site has to say about their third-party ads:

These companies may employ cookies and clear GIFs to measure advertising effectiveness. Any information that these third parties collect via cookies and clear GIFs is generally not personally identifiable.... We encourage you to read these businesses' privacy policies if you should have any concerns about how they will care for your personal information.

In other words, "third party tracking? That's a thing on the Internet now. We have no idea what's going on with it, so you're on your own." No wonder, as Kint points out, Online advertising is trusted less than any other form of advertising.

The result of all this tracking isn't just wigged-out users and ever-increasing ad blocker installs. The real problem for newspaper sites is data leakage. All those trackers that Kint points out are busily digesting the paper's audience like flies on potato salad, breaking the readership down into database records, and feeding the "print dollars to digital dimes" problem by breaking signaling.

When it comes to data leakage, publishers aren't bringing a knife to a gun fight, they're bringing a white paper about a knife to a gun fight. Terry Heaton, in “Local” is Losing to Outsiders: In 2015, [non-local] independent companies will account for nearly three-fourths of all digital advertising, elbowing out local-media competitors who have tried for two decades to use their existing sales forces to also sell digital advertising. Why is it that when a St. Louis business wants to advertise to a St. Louis newspaper reader, three-quarters of the money goes to intermediaries in New York and Palo Alto?

The problem, though, isn't so much that the adtech firms are taking 3/4 of the advertising pie, it's that they're making the pie smaller than it could be, by building the least trustworthy form of advertising since email spam.

So how do we keep the local papers, the people who are doing the hard nation-protecting work of Journalism, going? Kint says the "consumer tools" are getting worse, and if you're just looking at the best-known ad blocker, I'd have to agree. The "acceptable ads" racket doesn't address the tracking problems that matter. Meanwhile, it's not practical to browse the web with no protection at all, because who's going to read all those "transparent" explanations of exactly how some company you've never heard of sells some information you didn't know you were revealing?

Fortunately, though, we have publisher-friendly alternatives to ad blocking such as Tracking Protection on Firefox, the Disconnect extension, and Microsoft's Tracking Protection Lists. Instead of focusing on the two bad alternatives: unaccountable tracking or misdirected ad blocking, why not focus on the tracking protection that works?

Don't worry, interesting stuff remains to be done. To start with, hey, where are all the ads on stltoday.com? Just because I want to get protected from creepy tracking doesn't mean I'm against advertising in general. I like to look at the ads in local papers when I'm going there, because it gives me a sense of business in the town. (The New York Times is showing me Saks Fifth Avenue ads, and I have tracking protection on.) St. Louis, please, make your newspaper site work with tracking protection, and show me some ads.

Syndicated 2015-03-03 03:39:32 from Don Marti

Personal data, politics, and an opportunity

Charles Stross, in A different cluetrain:

"Our mechanisms for democratic power transfer date to the 18th century. They are inherently slower to respond to change than the internet and our contemporary news media."

Bruce Schneier, on Ars Technica:

"Facebook could easily tilt a close election by selectively manipulating what posts its users see. Google might do something similar with its search results."

The bias doesn't have to be deliberate, though. Eric Raymond posted an example on Google Plus.

G+ may be engaging in non-viewpoint-neutral censorship of news articles relating to firearms.

Turned out that there was a bug in how Google Plus interacted with the CMS on a pro-Second-Amendment site. Not a deliberate political conspiracy, but software is full of bugs, especially when independently developed projects interact. When bugs affecting some political content are quietly fixed faster than bugs affecting others, it's not a sneaky conspiracy. It's just the natural result of programmers and early adopters choosing to test with less of the content that isn't a "cultural fit". Software developers have political views, and those views tend to escape into their software, and affect the software's users.

Google and Facebook don't have to decide to manipulate elections. Manipulation is an emergent property of networked software development. On the Planet of Classical Economics, Facebook and Google would sell their user-manipulating power to the highest bidder. But here isn't there. In the USA, the Data Party (mostly for mental extraction, mostly "blue") has the mainstream Internet businesses, and the Carbon Party (mostly for resource extraction, mostly "red") doesn't.

Which is the same problem that Roger Ailes had for TV in 1970, and we know how he ended up solving that one.

Today, is somebody on the Carbon Party side doing for their "SJW in our people's pockets" problem what Ailes did for their "liberal in our people's living rooms" problem? Yes, a Data Party has a head start over a Carbon Party in a race to build a mobile platform, but plenty of "red state" people can code, write checks, and place orders from the countries that still know how to make things.

Are we going to get two parallel user-tracking industries in the USA, the same way we have two factions in broadcast and cable media? And will each one offer tools to protect users from the other? I might buy a Koch-o-Phone just to watch the OS and the inevitable PLA spyware fight over my Facebook timeline.

Syndicated 2015-02-28 15:45:52 from Don Marti

Ad blocking, bullshit and a point of order

(Bob Hoffman says that the B word in a post title is good for more traffic so let's try it.)

Alex Kantrowitz for Advertising Age: Publishers Watch Closely as Adoption of Ad Blocking Tech Grows.

Adblock Plus, for instance, recently surpassed 300 million installs, according to spokesman Mark Addison, who said it stood at 200 million roughly a year ago. Mozilla has seen more than 200,000 downloads of Adblock Plus nearly every day since Sept. 1. Mr. Addison attributed the extension's popularity primarily to the fact that it is now available on every browser.

Lots of stuff is "available on every browser" but sank without a splash. There must be something more going on.

No One Should Be Outed By an Ad: Marc Groman of the Network Advertising Initiative points out that

A young man or (woman) searches on his computer in the privacy of his home for information about sexual orientation or coming out as gay. Hours or days later, he receives ads for gay-related products or services while surfing on totally unrelated websites. Maybe this happens while at school, in the office or when sharing his computer with family members. Recent developments in cross-device tracking mean that ads for gay events or venues could surface not only on his home computer where he originally searched for the information, but on his work laptop or tablet. In addition, the ads could even be displayed on his parents’ computers, which could unknowingly be linked to his PC because they appear to be part of the same household.

According to Groman, "nearly 100 of the most responsible companies in online advertising today" won't do this.

But as for the remaining, less scrupulous adtech firms, the take-away is: better get your ad blocker on.

Brian Merchant on Motherboard:

72 percent of US internet users look up health-related information online. But an astonishing number of the pages we visit to learn about private health concerns—confidentially, we assume—are tracking our queries, sending the sensitive data to third party corporations, even shipping the information directly to the same brokers who monitor our credit scores.

What could possibly go wrong?

That's just a couple of targeted advertising stories from the past week. And the IAB is worried that ad blockers are a thing? That's like crapping on the sidewalk and complaining about people wearing rubber boots.

"Online advertising" is turning into a subset of "creepy scary stuff on the Internet." Advertising done right can be a way to pay for things that people want to read, but it's not working.

So why do publishers put up with this? Why not just run only first-party ads? It's a long story, but basically because other publishers do.

If websites could coordinate on targeting, proposition 1 suggests that they might want to agree to keep targeting to a minimum. However, we next show that individually, websites win by increasing the accuracy of targeting over that of their competitors, so that in the non- cooperative equilibrium, maximal targeting results.

So the gamesmanship of it all means that publishers end up in a spiral of crap.

Ad blocking isn't helping. The AdBlock Plus "acceptable ads" racket will pass ads that are superficially less annoying, but still have fundamental tracking problems. It's "acceptable" to split a long article into multiple annoying pages to put ads at top and bottom, but not to put ads within the flow of a modern long-scrolling article. "Acceptable ads" requires 1990s-vintage design and avoids fixing the real problems.

Fortunately, there's a solution that works for users and for publishers. Tracking protection is a safe, publisher-friendly alternative to ad blocking. Blocks the creepy stuff, to help publishers, without dictating design or interfering with quality ads.

  • Tracking Protection on Firefox filters out tracking, while letting quality ads through. There's no "acceptable" program to join, and no limits on design.

  • Disconnect is a browser extension to protect users from the "web of invisible trackers."

Tracking protection helps publishers solve the big problem, the problem that the IAB doesn't want to talk about. Data leakage.

The prime "bovine-fertilizer-based information solution" here is all the verbiage about trying to break out the ad blocking problem from the ad fraud problem from the "print dollars to digital dimes" problem. It's all connected. Shovel through it all and you get something like:

  • Adtech as we know it is based on data leakage.

  • Ad blocking, along with adtech fraud, is a side-effect of the data leakage problem.

  • In the short term, data leakage is bad for publishers and good for adtech.

Having meetings to express grave concern about ad blocking isn't the answer, any more than having meetings to express grave concern about ad fraud is the answer.

Arguing about how to clean the carpet while the sewer pipe is still broken is not the answer.

Getting more users onto tracking protection, as an alternative to ad blocking? A way to fix data leakage at the source? For publishers, that's a good step toward the answer.

Point of order: I'm now avoiding the word "privacy" except in a direct quotation or a "Privacy Policy" document.

If I say it again, it's $1 in the jar for the EFF.

Terms to try to use instead:

  • tracking protection

  • data leakage

  • brand safety

Privacy is a big hairy problem, like the "freedom" in "free software." Plenty of people are philosophizing about it. But working with the web every day, the fixes that need to happen are not in the philosophy department, but in plugging the leaks that enable dysfunctional ads and building the systems to enable better ones.

Syndicated 2015-02-26 14:44:08 from Don Marti

Reactions from developers

When I explain the whole Targeted Advertising Considered Harmful thing to software developers who work in adtech, I keep expecting a "well, actually" from somebody. After all, the Lumascape is large so there's no way the general points I'm bringing up can possibly apply to every single company on the chart.

#NotAllAdtech, right?

Instead, I've been getting two main reactions from developers.

  • You're right, adtech is a racket, I'm surprised that clients and publishers put up with it.

  • You're missing something—another really messed-up thing about adtech is...

(example: The problem with anti-fraud measures so far is that their impact falls hardest on small legit publishers. Not only does adtech move ad revenue away from sites with real users toward fraudulent ones, but when networks attempt to stop it, they hurt the legit sites worse.)

Anyway, ad agency clients (not just CEOs) go read What Every CEO Needs To Know About Online Advertising by Bob Hoffman.

Web publishers, watch this space.

Syndicated 2015-02-22 16:03:49 from Don Marti

Picking the next end-user security tool

Malvertising is a thing on the Internet now. Ad fraud meets data leakage meets malware.

One way or another, some kind of tracking protection tool is going to join the basic recommended list of security software for regular users. Firewall, check. Virus checker, check. Tracking protection, check.

The question is whether the anti-malvertising slot on the shoppping list will be filled with a problematic and coarse-grained ad blocker, or with a publisher-friendly tracking protection tool such as Disconnect or the built-in tracking protection in Firefox.

What's the difference, and why does it matter?

Tracking protection tools and AdBlock Plus will each let some ads through. However, AdBlock Plus uses the concept of "acceptable ads", which is broken for modern web designs.

For pages featuring a reading text ads should not be placed in the middle, where they interrupt the reading flow. However, they can be placed above the text content, below it or on the sides.

So a nice-looking design like Quartz does not have "acceptable" ads because the ads there can appear when scrolling a long article, but a crap-ass legacy CMS that splits a shorter article into 9 pages is A-OK.

More importantly, targeted third-party ads can buy into the "acceptable" program too, which does nothing for improving the value of the medium.

This is where the IT media can influence, not just observe.

  • The more that you write about tracking protection tools other than ad blockers, the more users will get them, and the better that business becomes for content sites, including the ones that pay you.

  • The less attention you pay to the issue, the more users are likely to switch to a "dumb" ad blocker, and the more that web ads slide into a no-win struggle like email spam/anti-spam.

(More on the web ad problem)

Syndicated 2015-02-17 15:50:26 from Don Marti

Live and in person, in Los Angeles

SCALE badge

Attention all fans of me. Come hear me at Southern California Linux Expo, February 19-22 in Los Angeles, California, USA.

There's a speaker interview on the conference site, with some more info on what I'll be talking about.

(If you read this blog for the "targeted advertising considered harmful" stuff, I pitched a short talk on that, too, but I don't know if it'll get in.)

Syndicated 2015-02-13 03:45:36 from Don Marti

Hey, kids, slide!

The ad market, on which we all depend, started going haywire.

Alexis Madrigal

Haywire is about right. In one slide...

online ads

(from an upcoming conference talk, if I can get a conference to take it. Details.)

Syndicated 2015-02-11 05:42:28 from Don Marti

Signaling fail, or, Ogilvy was right

How retargeting is supposed to work, from Rohit Yadav:

For example, prospect visits your website and you have a cookie tied into that site. That cookie is tied into an Advertisement network on the web. This allows you to follow that person around for the next five, ten or thirty days with display ads. You in a way are re-marketing yourself to that person who first hit your website and you retain brand presence. The customer is saying. “Wow, this is a big company. They must be credible with a real brand.” This is a very cost effective way to spend money.

Unfortunately for retargeting, the customer probably isn't saying that at all.

As David Ogilvy once wrote, The consumer is not a moron, she is your wife. If retargeting is something that you can explain in a blog post to the average marketing person, or to your spouse (who as Ogilvy points out is just as much of not a moron as you are), how long does it take a customer to figure it out?

Yadav is 100% right on the desired signaling effect of web advertising. Advertising, when it works, does have the purpose of establishing the credibility of the advertiser's brand. (Which is why ad creative is so important. If it's memorable, the advertiser gets a multiplier effect on the cost of the same ad space.)

The problem, though, and why retargeting doesn't work for signaling, is that users are now aware of it. People commonly remark on ads that follow me around the web. User awareness of targeting breaks the signaling power of an ad.

Not only does retargeting not give one advertiser a free lunch, it contaminates everyone else's lunch by devaluing the medium. What's the solution? I think we're close to figuring it out.

Bonus links: fiction, non-fiction

Syndicated 2015-02-06 14:00:50 from Don Marti

Data Leakage 2.0

Mitchell Reichgut writes,

Forrester recently found that mobile represents only five percent of brands’ total advertising budget — and the majority are not making significant increases in their mobile investment year-over-year.

That matches up with other numbers out there. Mobile advertising works fine for search [coffee near me], or impulse app downloads ("I'm bored with this game, what else can I play?"). But mobile ads on average are consistently at the bottom of the standings in terms of revenue per user minute, because they're nearly perfectly targetable and carry no signal. Naturally, adtech players concur on the solution to low mobile ad revenue: throw more technology at the problem. The idea is to use "cross-device tracking" to match the people who saw mobile ads with web users.

Wait a minute—mobile ads are crappy, therefore connect them with less crappy (some web ads are remarkably good by now—see Quartz) web ads? That won't make mobile any better, because of signaling failure, but it's a pure loss for web publishers.

The data leakage problem has leveled up. With cross-device tracking, data doesn't just leak to less valuable sites in the same medium, but to a less valuable medium entirely.

Some background on data leakage from Sophia Cope at the Newspaper Association of America: Data leakage is a serious problem for newspaper websites:

Data leakage harms newspapers by affecting revenue from direct advertising sales. Third parties drop cookies when consumers are on newspaper websites, and then sell ads on other websites targeted to known newspaper readers.

Adtech advocates are trying to get everyone to flip out over ad blocking while ignoring data leakage, and so far it's working.

Ad blocking is survivable, but data leakage isn't. The web kept ad blocking to a tiny niche from 1996, when the first easy ad blockers came out, until 2010, when the Wall Street Journal's "What they Know" series hit. As browsers get better able to act on user intentions, ad blocking can be a tiny niche again.

Data leakage, on the other hand, is a long-term threat to journalism and other original creative work on the web. It forces reputable publishers to compete with infringing, fraudulent and other low-quality sites. Ad blocking is a 9-10% loss for non-technical sites. It's a problem, but not a severe one outside of the gaming niche, where more than 40% of impressions are blocked. Data leakage, though, by putting all sites into a race to the bottom, costs more like 90%, across all site categories.

The problem is that, from the point of view of adtech, data leakage is a win. Adtech is a constant game of how much data leakage various intermediaries can get away with. (Publishers and adtech firms are on opposite sides of the game, which is why publishers and brand advertisers need their own organization separate from the IAB, which works for data-leakage-powered tech companies.)

With various cross-device tracking concepts floating around, the pressure of the leak has grown. Valuable audience data isn't just leaking to bottom-feeder web sites, it can leak all the way down to mobile.

Solution?

A new kind of third-party service: original content sites are going to need another technology thing, as if there wasn't enough to worry about. A tracking protection solution. This will mean using a user trackability detection platform (UTDP), a new tech category, in order to classify user sessions into tracking-protected and tracking-vulnerable. (Once a site has the UTDP results, a tracking-protected user could get many different rewards: access to bonus content, comments promoted, or an early reset on the article count for a paywall.)

Most of the work is already done: the main part of tracking protection is on the client side, something that the users install and run. Tracking protection is a publisher-friendly alternative to an ad blocker, and many easy implementations are available. The server-side work is is to promote, nudge, and reward users for running them.

Finally, the best part: the web site side of a tracking protection program is a sponsorship opportunity, especially for advertisers with a brand personality connected to security or fraud prevention. For example, an area of a site behind a reverse tracking wall can be branded "Exclusive content only for tracking-protected users, brought to you by example.com Insurance." High-profile malvertising is likely to make this a hot sponsorship to sell.

Bonus links, part one: data leakage in action

Sean Flynn: Sports Illustrated Laid Off Entire Photo Department

MediaPost | Garfield at Large: 'Your a Traytor, You But Ugly Kosheralist Pusstard' Click Here to Learn More!

Yahoo Homepage – Now Featuring Extra-Scammy Scams (via Hacker News Daily)

Bonus leaks, part two: Have we reached "peak creepy"?

Jake Swearingen: How the Camera Doomed Google Glass (via Future Tense)

stopthecyborgs: Strategic pause

Ars Staff: Verizon will now let users kill previously indestructible tracking code

Gleb Budman: How to Save Marketing Money by Being Nice

Syndicated 2015-02-04 14:36:39 from Don Marti

Two half plans?

Ever wonder if this plan...

The Chinese government has adopted new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code...

...is the other half of this plan?

The Chinese regime is getting into the patent trolling business, having set up a company that will start suing American companies....

You know how regular patent trolls have to seek out infringers and then go through a complicated discovery phase? Both just got hella easier. This trolling operation not only gets pre-researched cases, it can also go through the code submitted for "security" in order to build a shopping list of patents to acquire.

Vertically integrated economic nationalism in action.

Of course, patent reform in the USA could stifle this plan, but a little lobbying cash can go a long way to perpetuate the current dysfunctional system. The funny thing is that open source companies have figured out how to be super-careful with patent-sensitive material in their codebases from the start, so will probably be much less vulnerable.

Syndicated 2015-02-02 02:06:47 from Don Marti

604 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!