Older blog entries for dmarti (starting at number 483)

Why is another adtech person freaking out over fixing a privacy bug?

Scott Meyer (not the Basic Instructions Scott Meyer) writes that Firefox's new policy on third-party cookies will mean a loss of privacy controls for consumers, a degraded web experience and further tilting of the playing field toward the biggest companies on the web.

That's a lot of impact for one bug fix, so let's try to unpack it. First of all, does the new policy have a disproportionate effect on smaller adtech companies? No doubt. Firefox is, in effect, leaving tracking open for big sites, such as Google and Facebook, which can give users a first-party cookie, then follow them across other sites. Meanwhile, hardly anybody ever visits the pure adtech firms directly, so their cookies get blocked. Unfortunately, the adtech field is crowded with similar firms doing similar things, and it's bound to consolidate anyway. What the shift to a small-timer-unfriendly cookie policy means is that more of the consolidation will happen on the acquirers' terms. Instead of adtech firms getting snapped up for their programmers and their partner lists, more are going to end as pure Talent Acquisitions.

So it sucks to be an adtech investor, but, seriously, people, all that investment based on a design mistake made in Netscape 1.0 that has been controversial from the beginning. It's hard to build a business on the expectation that a bug won't get fixed. (I could say the same thing about Microsoft Security Essentials and the MS-Windows desktop antivirus business, but that's another story.)

So the small fry of adtech will go away faster and with less lucrative exits. That, Meyer is right about. But there's a next step that will affect the larger sites. The harder problem is having the user stay logged in to sites he or she chooses to visit, without leaking information through third-party cookies from the same sites. I'm a fan of an approach called double keying, which would do what looks like the user-expected thing, but Social API and other ideas are also kicking around.

Should Mozilla have waited to fix the easy problem of pure third-party tracking until it could also handle the harder problem of "Like" buttons? I don't think so. If you have a clean fix for part of a hard bug, ship it and iterate. Don't hole up in an ivory tower and try to fix everything, then have to iterate anyway.

Next item: the degraded web experience. This one I'm just not seeing. Many of the most dedicated user experience people are fans of Apple's devices and operating systems. And, aside from users who never visit Disqus.com, but want to use the Disqus comments on blogs, the Apple implementation of third-party cookie blocking has been painless. Bloggers know that a post about an Apple problem is great clickbait, but so far we have: (1) Disqus comments break unless you also go to Disqus.com, and (2) well, fine, I'll get back to you on the other one.

Now for the overall point of Meyer's piece. There are "consumers" and "advocates", and the "consumers" want to be tracked, but those mean advocates are deceiving the browser developers into keeping users from giving away information. Or maybe a better way to put it is that users like to get original content free of charge, and that the advocates are destroying the adtech system that brings it to them.

This is where the adtech system is giving itself way too much credit. Alexis C. Madrigal writes, The ad market, on which we all depend, started going haywire. Advertisers didn't have to buy The Atlantic. They could buy ads on networks that had dropped a cookie on people visiting The Atlantic. They could snatch our audience right out from underneath us.

Snatching is going to be less and less of an option. One of the key points that privacy advocates often miss is that user tracking isn't just for targeting in order to increase response rates. User tracking is also a key part of adtech's fraud prevention efforts. After all, an adtech vendor that's willing to run ads on copyright-infringing or other illegal sites can't depend on those sites not to do some click fraud. Every extra step between the advertiser and the user is one more opportunity for fraud.

People disagree about the extent of fraud perpetrated on the adtech system—John Battelle makes a good case that there's a lot—but there's no doubt that denying third-party cookies will open up more places for it to happen. The natural response is for advertisers to pull back on highly automated adtech and go for more native advertising, just as publishers are backing away from third-party social sites to "own the conversation" about their content.

Today's online ad industry is largely based on exploits for a browser privacy bug. Fixing the bugs will mean fixing the business. This is good for online advertising in the long run, because paradoxically, the better targeted an ad medium can be, the less valuable it is.

And now, bonus links (things that the RSS reader dragged in. RSS forever.)

Mozilla identity team: Persona plays well with Firefox's third-party cookie policy

Bob Hoffman: Advertising Is Like Exercise and Money Is Their Leverage. Media Is Their Weapon.

Jacques Mattheij: Disqus bait and switch, now with ads

Bob Garfield at MediaPost: The Miracle Machine That Keeps A Dying Magazine Alive.

Josh Dreller asks, Ad Blocking: Theft Or Fair Use? (But my big question is: why was ad blocking so rare until users started learning about tracking? If the adtech proponents are right, targeted ads should make blocking go down instead.)

Adam Lehman: Just Who Do The Data Paranoiacs Think We Are?

Mozilla Privacy Blog: Firefox getting smarter about third-party cookies

Syndicated 2013-03-15 17:27:35 from Don Marti

minimal rss reader

If you really liked Google Reader you will not like my RSS reading thing, rtwt, at all.

  • strips images
  • lumps all feeds together
  • only controls are three mystery buttons
  • puts author's name at the end, not at the top
  • you have to ssh in to the server to add a feed since there's no form for it.

On the plus side, it does use Mozilla Persona, so no annoying password wrangling or online service lock-in.

Developed using the "write random crap until it basically works and then mostly leave it alone" methodology.

Syndicated 2013-03-14 13:58:00 from Don Marti

QoTD: Alexis C. Madrigal

The ad market, on which we all depend, started going haywire. Advertisers didn't have to buy The Atlantic. They could buy ads on networks that had dropped a cookie on people visiting The Atlantic. They could snatch our audience right out from underneath us.Alexis C. Madrigal

Syndicated 2013-03-10 16:21:54 from Don Marti

A patent troll defense scheme

Depressing piece from RPX: Quantifying the "Fight Hard" Strategy. This kind of “fight hard” stance against NPEs has always held tremendous emotional resonance. Its economic foundations, however, have been more elusive, and while dodging an approximately $25 million dollar verdict – based on the judgment of $2.5 million and a $.15/transaction running royalty – is always cause for celebration, it is worth noting that Newegg’s victory didn’t come cheap.

The big problem is that it's hard to convince a troll that you actually have a Fight Hard strategy and not a Put Up A Fight And Then Settle Strategy. Eugene Kaspersky wrote, From our (KL) side – we’ll fight the trolls until the last round of ammunition (their round!). If they attempt to just sneeze in our direction – we’ll be back at them in a flash and take no prisoners.

Kaspersky is credible because he has already done it. But are you? The troll probably figures that even if you want to fight hard, your board of directors will make you wimp out. So you won't get the same protection that a credible Fight Hard company has.

So here's a possible solution. Sign a contract with me, agreeing that if your company ever licenses from a troll or settles with a troll, you'll pay me ten times the amount first. You may not have established a credible Fight Hard position on your own, but you can show the troll that you don't have a viable alternative. (The contract will let you go out and license all the patents you want -- the protection just kicks in when an NPE contacts you with a licensing demand.)

I don't expect that any of my counterparties will ever have to pay me, but if anyone does, I'll figure out some productive troll-fighting things to do with the money.

Syndicated 2013-02-25 16:33:12 from Don Marti

Nuclear first strike?

Fortunately for advertising in general, Mike Zaneis has it wrong. Blocking third-party cookies would be a free gift to the advertising industry, because reducing trackability would raise the average value of online ads.

It's possible for both of these to be true:

This individual ad will have a higher click-through rate if we personalize it to the user.


Online advertising as a whole will be less profitable if we personalize ads to users.

Which makes it an interesting game theory problem. All advertisers would probably do better if nobody used creepy tracking on users, but if some advertisers track users and others don't, the ones who do might be at an advantage. As long as users believe that "online advertisers track and customize" the non-targeters won't get the credibility benefit they deserve.

Firefox fixing the problem at the client software level in a high-profile way is a win. Advertisers who are first to help with making "creepy tracking" harder will be better prepared for the new post-creepy Web.

Let's not get online advertising in general mixed up with specific creepy tracking techniques.

More: Can privacy tech save advertising?

Syndicated 2013-02-24 22:44:47 from Don Marti

The Hedge

(I wrote this short story a while ago, but the news is catching up fast, so I'd better put it up now.)

"Look, Agent Bellamy, I appreciate you coming out, but it's three in the morning. Can we set up a time to discuss this tomorrow, and can your people check the house while I'm at the office?"

Jack Murphy was too tired to follow some involved technical discussion with the big Intellectual Property Enforcement agent, who sat in Murphy's old steam-bent office chair, briefcase at his feet. Murphy, quickly dressed in chinos and Stanford Law sweatshirt, sat in his new ergonomic chair at a gleaming glass and metal desk. The desk looked out of place in the rambling Maryland house that Linda had found when Murphy accepted the appointment in DC.

"I'm afraid it won't wait, sir," Bellamy said. "Sorry for the unannounced visit, but as you're probably aware, our agency tracks the Free Markets closely."

"The Free Markets? That underground money web site?"

"Yes, basicially. Although it's not really a site, just a system for communicating and trading. That's what makes it so hard to shut down."

"Well, all I know is that if you jailbreak your computer you can get on anonymously and buy drugs or guns or whatever."

"That's right. Let me show you an example." Bellamy pulled a plastic IPEA evidence bag out of his briefcase. Inside was a heavy semiautomatic pistol. It was raw machined steel without the usual blued finish, and a blank slide where the manufacturer's name and serial number would be. The plastic bag, oily on the inside, looked like it was lined with little rainbows. "You can't make steel parts like this on a 3D printer, but you can make parts for a plastic machine that will cut aluminum. Then you can use aluminum parts to make machines that can cut steel. People trade machines, parts and weapons every step of the way. This one's complete, and it works. It was on its way to an underground gunsmith who puts a nice finish on them."

Murphy could see the shiny steel reflected in both of the room's immaculate black windows. "It's like Adam Smith's pin factory."

"Yes. And this piece could have come from any combination of thousands of basement workshops. It's completely untraceable, and infringes a zillion patents. These things are a headache for us, but that's not why I'm here."

Murphy leaned over the desk, and Bellamy continued.

"There's also an online scene called the prediction markets. Oh, hold on, sorry." Bellamy spoke quietly into his jacket cuff. The agents who had arrived with Bellamy were still doing some kind of security sweep of the house. Murphy was glad that Linda was away, dropping Jack Jr. off at college. Security stuff always put her on edge.

"All right. Prediction markets," Bellamy said. "If I want to bet on a football game, I can buy a prediction, say 'Eagles win on Sunday.' If they win, after the game the prediction expires and I get a dollar."

"Sounds like just online gambling. They're just saying 'prediction' instead of 'bet.'" Murphy yawned and shook his head to try to clear it.

"Yes, it's like an ordinary bet in a lot of ways. If the Eagles lose, my prediction expires worthless. Just like losing a bet. But those predictions trade up and down, like stocks and bonds, right up until the end of the game."

"And they're untaxed and anonymous."

"Right. And there are other predictions I could make. I could buy a prediction on 'Jack Murphy dead before October 14th'." And if, for whatever reason, you're no longer with us that day, I make a dollar."

"So is that how the assassination market works? Someone just makes a bet that somebody else will be dead?"

"That's one side of the deal. That's the bet that the assassin makes. Someone else has to take the other side of the bet, and lose. If you want somebody dead, you just place a bet that they'll be alive. You lose your bet, but they get taken care of."

One of the agents who had come in with Bellamy was standing in the office door. His light blue gloves and shoe covers didn't go with his dark blue suit. He was holding Murphy's laptop computer, with Murphy's mobile phone and charger on top.

"We're going to need to check those in the van," Bellamy said. "We'll have them back in ten minutes."

Murphy nodded and the agent turned and left. Bellamy had introduced him but Jack was too tired to remember the name.

"So the original client, or whatever you want to call him, makes a bet, and loses, and the assassin wins, and that's how the assassin gets paid. But you said a dollar. Nobody's going to murder someone for a dollar."

"Right. There has to be some volume in the market for it to be a significant risk. A lot of people have to be willing to buy those predictions of 'Jack Murphy alive.' and lose the money."

"So how is my stock doing?" Murphy knew that DC was still chattering about the news of his surprise appointment. The Secretary was an old colleague from think tank days, but nobody expected that the President would go along with bringing Murphy in. The President was too good a politician not to have his own person in every department's number two spot.

"That's why we're here. There's a lot of volume. A lot of outstanding predictions on you alive."

"They're predicting I'll be alive because they want me dead." Murphy finally yawned and got his hand over it.

Bellamy just continued. "Yes, that's right. The good news is that the administration has an independent fund for protecting appointees. Our agency can't know about it officially, of course. That fund buys the same 'dead' predictions that an assassin would. Makes it less profitable for the assassin. Basically, we play the market to lose. It's expensive, and it's not a hundred percent solution, but it's the best answer so far."

"What about just going after the people who want me dead?"

"Frankly, sir, that wouldn't scale. Between the senior citizens and the cat thing, our market model says that more than four hundred thousand people have some money on you. If you're alive next week, they make a little money. If you're dead, they're happy too."

Murphy was silent.

Bellamy said, "They don't really think of it as gambling. More like they're hedging their exposure to your continued existence."

Murphy looked up. One of the other agents, whose name Murphy didn't remember either, was standing in the doorway. "We're clear, sir. No cameras or devices left. Verified no other residents present. Charlie team is watching the egress. We're good to go."

"All right." Bellamy ripped open the evidence bag and pulled out the raw steel untraceable pistol. The room smelled of some kind of oil.

"What are you doing?" Murphy yelled. His voice went up in a squeak at the end. He grabbed for his desk phone and realized it was gone.

"Sorry, sir," said Bellamy. "But the money in that slush fund has to come from somewhere. Sometimes we play to win."

Syndicated 2013-02-19 13:21:29 from Don Marti

Real Advertising needs a voice

The Information Technology and Innovation Foundation bills itself as "Smart Ideas for the Innovation Economy," but what they're putting out there is just a well-summarized version of the conventional wisdom on creepy adtech: The problem is that if users are not tracked, then websites cannot deliver targeted advertising. Instead, websites would only be able to use non-targeted advertising which does not generate as much revenue. Less revenue means less free content and services for Internet users. But privacy advocates are pushing forward, regardless of the consequences.

The conventional wisdom has two key points. First, more creepy stuff means more money for everyone. Second, users don't mind creepy—it's those scary elitist "advocates".

I believe they're wrong on both points. First, the idea that the whole industry can profit by going creepy. I don't doubt that individual ad campaigns can get better click-through rates when targeted. But targeting tends to fuel a race to the bottom for content, and a decrease in signaling power for the medium as a whole. Look at the end of the road adtech is taking, and you'll see email spam already there, funding no content and satisfying no users.

Second, the conventional wisdom says that irresponsible "advocates", not regular users, are behind demands for privacy tech. I wondered about the demand for web ad blockers back in 2009, when hardly anyone was using them. Ad blocking had been around for years as an easy-to-install browser add-on, much easier than a bunch of things that did catch on. But calling it a niche product would have been generous. Nobody did it.

Today, though, ad blocking is is over 9 percent, and spawning at least one startup to help sites deal with it. What changed? Three words: What They Know. This popular Wall Street Journal series started in 2010, and began explaining adtech practices to the public, well enough that the explanation stuck. And a lot of other mainstream media coverage followed. If you believe the conventional wisdom, we should have seen something like: 2009, hardly any ad blocking. 2010, the WSJ explains how well customized those ads are to you. By 2011, ad blocking should disappear, right? Why should I block what's relevant to me? Instead, the opposite happened. People discovered the extent of tracking, and ad blocking finally went mainstream.

In a way, ad blocking is following in the footsteps of spam filters, which were also niche for a long time before they became a must-have. We missed the opportunity to align privacy tech with laws and norms to help everyone, both users and legit advertisers. Shortsighted lobbyists at the DMA got CAN-SPAM passed, which helped the bottom-feeders (who probably don't pay for DMA memberships anyway) but made it a never-ending challenge for legit DMA members to get a legit email newsletter through.

There are a lot of details to work out about how the norms and protocols for online ads have to change, all the way up and down the stack, to support real advertising, and not just direct response. (Firefox is making progress, for example.) But starting with the conventional wisdom on creepy tracking will get us to the wrong place. The real danger here is that the policy conversation about Internet advertising is missing a voice. Somehow, the chair at the debate reserved for Advertising is not occupied by Advertising in general at all—it's been reserved by the vendors of specific creepy techniques.

Syndicated 2013-02-18 15:38:46 from Don Marti

QoTD: Bob Hoffman

Every day, Facebook has an audience that is three times the size of the Super Bowl's audience. That's every day, not just once year. Yet, in its entire history, not a single person has ever mentioned or discussed or remembered a single fucking ad they've ever seen on Facebook.

Bob Hoffman, Ad Contrarian

Syndicated 2013-02-04 14:24:59 from Don Marti

Notifications and Interruptions: out of style?

Is it just me, or is everyone getting really tired of synchronous communications channels such as IM and phone, and of software notifying them about things?

Steve Pavlina: Please Don’t Interrupt. When you interrupt someone, on average it takes them 23 minutes to get back to the original task, plus up to 30 minutes to return to the flow state so they can be fully productive again. Almost half of the time you interrupt someone, you’ll actually knock them off task completely, such that they won’t return to the original task right away when the interruption ends. You may think you’re only putting them on pause for a minute or two, but the actual break from the task that results from your interruption may be significantly longer.

Joel Gascoigne: Zero notifications: With zero notifications, I feel like I can get my head stuck into a problem much more easily than I did before. I never realised when I had those notifications on that they truly could throw me off my current thought and cause me difficulty getting that focus back. More than anything, I feel a lot calmer. Notifications create a sense of urgency around something that’s not important at all.

Terry Heaton: Bombardment anyone? The advertising industry assumes much in its practices, the biggest of which seems to be an inherent right to disrupt any experience of human beings in order to sell them something.

Stephen O'Grady tried Turning Off Email on his phone and tablet. Over the two weeks I was on break, the difference was startling. Most obviously, I was less focused on my devices, because when I picked them up, they had nothing new to hijack my attention. More subtle was the mental impact. Instead of a relatively constant stream of interruptions coming from inbound email, I checked sporadically, at times of my choosing. Instead of being jarred out of my vacation day by the arrival of an email that I might not have to act upon immediately but which I would unavoidably be turning over mentally while I was supposed to be on vacation, I simply went about the business of enjoying my downtime. It was refreshing.
My first day back from vacation, I debated whether to turn the sync back on. In the end, I did not.

John Scalzi's new voicemail greeting, in Killing My Voice Mail: Hi, this is John Scalzi. I will never ever ever ever listen to the voice mail you’re about to leave, because voice mail is a pain in the ass.

Harald Welte: Why I hate phone calls so much: It is simply impossible to get any productive work done if there are synchronous interruptions. If I'm doing any even remotely complex task such as analyzing code, designing electronics or whatever else, then the interruption of the flow of thoughts, and the context switch to whatever the phone call might be about is costing me an insurmountable amount of my productive efficiency. I doubt that I am the only one having that feeling / experience.

Russell Coker: Phone Calls and Other Distractions. I have configured my laptop and workstation to never alert me for new mail. If I’m not concentrating then I’ll be checking my email frequently and if I am concentrating I don’t want a distraction.

You can trace it all back to Paul Graham's Maker's Schedule, Manager's Schedule, right?

Or maybe we can trace it all the way back to Prof. Donald Knuth, who wrote, in 1990, Email is a wonderful thing for people whose role in life is to be on top of things. But not for me; my role is to be on the bottom of things. What I do takes long hours of studying and uninterruptible concentration.

I think we can do better than that. The best early example of the notification-driven life, IMHO, is the 1961 story Harrison Bergeron, by Kurt Vonnegut, Jr. George, while his intelligence was way above normal, had a little mental handicap radio in his ear. He was required by law to wear it at all times. It was tuned to a government transmitter. Every twenty seconds or so, the transmitter would send out some sharp noise to keep people like George from taking unfair advantage of their brains.

Syndicated 2013-01-20 05:51:14 from Don Marti

sudo yum update moo

Fedora 18 is out. I've been running it since it was alpha, since it seemed stable enough for the new ThinkPad, so not much change here since I first installed it.

Still on GNOME 3.6, which is fine for what I'm using it for. I have added a couple more extensions, though. Now running Applications Menu, Coverflow Alt-Tab, and Workspace Grid.

I haven't tried any of the interesting-looking cloud stuff in this release, but it might be an interesting platform to use to start experimenting with flexible, low-cost private clouds, too. For now, it's good on the laptop.

Syndicated 2013-01-16 05:52:03 from Don Marti

474 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!