software development link frenzy
Great stuff that the RSS reader dragged in, some going back quite a ways. Enjoy.
software development link frenzy
Great stuff that the RSS reader dragged in, some going back quite a ways. Enjoy.
The gas pump test
One of the points that the adtech crowd keeps bringing up is that privacy demands are coming from "activists" or "advocates" or some other polite word for "long-bearded freaks who know how to do HTTP over a telnet connection but have no connection to how people actually want to shop for stuff."
So here's my question.
If regular people like being tracked, why is there a Saturday night key signing party is good fun?
Why is another adtech person freaking out over fixing a privacy bug?
Scott Meyer (not the Basic Instructions Scott Meyer) writes that Firefox's new policy on third-party cookies will mean
So it sucks to be an adtech investor, but, seriously, people, all that investment based on a design mistake made in Netscape 1.0 that has been controversial from the beginning. It's hard to build a business on the expectation that a bug won't get fixed. (I could say the same thing about Microsoft Security Essentials and the MS-Windows desktop antivirus business, but that's another story.)
So the small fry of adtech will go away faster and with less lucrative exits. That, Meyer is right about. But there's a next step that will affect the larger sites. The harder problem is having the user stay logged in to sites he or she chooses to visit, without leaking information through third-party cookies from the same sites. I'm a fan of an approach called double keying, which would do what looks like the user-expected thing, but Social API and other ideas are also kicking around.
Should Mozilla have waited to fix the easy problem of pure third-party tracking until it could also handle the harder problem of "Like" buttons? I don't think so. If you have a clean fix for part of a hard bug, ship it and iterate. Don't hole up in an ivory tower and try to fix everything, then have to iterate anyway.
Next item: the degraded web experience. This one I'm just not seeing. Many of the most dedicated user experience people are fans of Apple's devices and operating systems. And, aside from users who never visit Disqus.com, but want to use the Disqus comments on blogs, the Apple implementation of third-party cookie blocking has been painless. Bloggers know that a post about an Apple problem is great clickbait, but so far we have: (1) Disqus comments break unless you also go to Disqus.com, and (2) well, fine, I'll get back to you on the other one.
Now for the overall point of Meyer's piece. There are "consumers" and "advocates", and the "consumers" want to be tracked, but those mean advocates are deceiving the browser developers into keeping users from giving away information. Or maybe a better way to put it is that users like to get original content free of charge, and that the advocates are destroying the adtech system that brings it to them.
This is where the adtech system is giving
itself way too much credit. Alexis C. Madrigal writes,
The ad market, on which we all depend, started
going haywire. Advertisers didn't have to buy The
Atlantic. They could buy ads on networks that had
dropped a cookie on people visiting The Atlantic. They
could snatch our audience right out from underneath
Snatching is going to be less and less of an option. One of the key points that privacy advocates often miss is that user tracking isn't just for targeting in order to increase response rates. User tracking is also a key part of adtech's fraud prevention efforts. After all, an adtech vendor that's willing to run ads on copyright-infringing or other illegal sites can't depend on those sites not to do some click fraud. Every extra step between the advertiser and the user is one more opportunity for fraud.
People disagree about the extent of fraud perpetrated on the adtech system—John Battelle makes a good case that there's a lot—but there's no doubt that denying third-party cookies will open up more places for it to happen. The natural response is for advertisers to pull back on highly automated adtech and go for more native advertising, just as publishers are backing away from third-party social sites to "own the conversation" about their content.
Today's online ad industry is largely based on exploits for a browser privacy bug. Fixing the bugs will mean fixing the business. This is good for online advertising in the long run, because paradoxically, the better targeted an ad medium can be, the less valuable it is.
And now, bonus links (things that the RSS reader dragged in. RSS forever.)
Jacques Mattheij: Disqus bait and switch, now with ads
Bob Garfield at MediaPost: The Miracle Machine That Keeps A Dying Magazine Alive.
Josh Dreller asks, Ad Blocking: Theft Or Fair Use? (But my big question is: why was ad blocking so rare until users started learning about tracking? If the adtech proponents are right, targeted ads should make blocking go down instead.)
Adam Lehman: Just Who Do The Data Paranoiacs Think We Are?
Mozilla Privacy Blog: Firefox getting smarter about third-party cookies
minimal rss reader
On the plus side, it does use Mozilla Persona, so no annoying password wrangling or online service lock-in.
Developed using the "write random crap until it basically works and then mostly leave it alone" methodology.
QoTD: Alexis C. Madrigal
The ad market, on which we all depend, started going
haywire. Advertisers didn't have to buy The Atlantic.
They could buy ads on networks that had dropped a
cookie on people visiting The Atlantic. They could
snatch our audience right out from underneath us.
A patent troll defense scheme
Depressing piece from RPX: Quantifying
the "Fight Hard" Strategy.
This kind of “fight
hard” stance against NPEs has always held tremendous
emotional resonance. Its economic foundations, however,
have been more elusive, and while dodging an
approximately $25 million dollar verdict – based on the
judgment of $2.5 million and a $.15/transaction running
royalty – is always cause for celebration, it is worth
noting that Newegg’s victory didn’t come cheap.
The big problem is that it's hard to
convince a troll that you actually have
a Fight Hard strategy and not a Put Up A
Fight And Then Settle Strategy. Eugene Kaspersky wrote,
From our (KL) side – we’ll fight the trolls
until the last round of ammunition (their round!). If
they attempt to just sneeze in our direction –
we’ll be back at them in a flash and take no
Kaspersky is credible because he has already done it. But are you? The troll probably figures that even if you want to fight hard, your board of directors will make you wimp out. So you won't get the same protection that a credible Fight Hard company has.
So here's a possible solution. Sign a contract with me, agreeing that if your company ever licenses from a troll or settles with a troll, you'll pay me ten times the amount first. You may not have established a credible Fight Hard position on your own, but you can show the troll that you don't have a viable alternative. (The contract will let you go out and license all the patents you want -- the protection just kicks in when an NPE contacts you with a licensing demand.)
I don't expect that any of my counterparties will ever have to pay me, but if anyone does, I'll figure out some productive troll-fighting things to do with the money.
Nuclear first strike?
Fortunately for advertising in general, Mike Zaneis has it wrong. Blocking third-party cookies would be a free gift to the advertising industry, because reducing trackability would raise the average value of online ads.
It's possible for both of these to be true:
This individual ad will have a higher click-through rate if we personalize it to the user.
Online advertising as a whole will be less profitable if we personalize ads to users.
Which makes it an interesting game theory problem. All advertisers would probably do better if nobody used creepy tracking on users, but if some advertisers track users and others don't, the ones who do might be at an advantage. As long as users believe that "online advertisers track and customize" the non-targeters won't get the credibility benefit they deserve.
Firefox fixing the problem at the client software level in a high-profile way is a win. Advertisers who are first to help with making "creepy tracking" harder will be better prepared for the new post-creepy Web.
Let's not get online advertising in general mixed up with specific creepy tracking techniques.
(I wrote this short story a while ago, but the news is catching up fast, so I'd better put it up now.)
"Look, Agent Bellamy, I appreciate you coming out, but it's three in the morning. Can we set up a time to discuss this tomorrow, and can your people check the house while I'm at the office?"
Jack Murphy was too tired to follow some involved technical discussion with the big Intellectual Property Enforcement agent, who sat in Murphy's old steam-bent office chair, briefcase at his feet. Murphy, quickly dressed in chinos and Stanford Law sweatshirt, sat in his new ergonomic chair at a gleaming glass and metal desk. The desk looked out of place in the rambling Maryland house that Linda had found when Murphy accepted the appointment in DC.
"I'm afraid it won't wait, sir," Bellamy said. "Sorry for the unannounced visit, but as you're probably aware, our agency tracks the Free Markets closely."
"The Free Markets? That underground money web site?"
"Yes, basicially. Although it's not really a site, just a system for communicating and trading. That's what makes it so hard to shut down."
"Well, all I know is that if you jailbreak your computer you can get on anonymously and buy drugs or guns or whatever."
"That's right. Let me show you an example." Bellamy pulled a plastic IPEA evidence bag out of his briefcase. Inside was a heavy semiautomatic pistol. It was raw machined steel without the usual blued finish, and a blank slide where the manufacturer's name and serial number would be. The plastic bag, oily on the inside, looked like it was lined with little rainbows. "You can't make steel parts like this on a 3D printer, but you can make parts for a plastic machine that will cut aluminum. Then you can use aluminum parts to make machines that can cut steel. People trade machines, parts and weapons every step of the way. This one's complete, and it works. It was on its way to an underground gunsmith who puts a nice finish on them."
Murphy could see the shiny steel reflected in both of the room's immaculate black windows. "It's like Adam Smith's pin factory."
"Yes. And this piece could have come from any combination of thousands of basement workshops. It's completely untraceable, and infringes a zillion patents. These things are a headache for us, but that's not why I'm here."
Murphy leaned over the desk, and Bellamy continued.
"There's also an online scene called the prediction markets. Oh, hold on, sorry." Bellamy spoke quietly into his jacket cuff. The agents who had arrived with Bellamy were still doing some kind of security sweep of the house. Murphy was glad that Linda was away, dropping Jack Jr. off at college. Security stuff always put her on edge.
"All right. Prediction markets," Bellamy said. "If I want to bet on a football game, I can buy a prediction, say 'Eagles win on Sunday.' If they win, after the game the prediction expires and I get a dollar."
"Sounds like just online gambling. They're just saying 'prediction' instead of 'bet.'" Murphy yawned and shook his head to try to clear it.
"Yes, it's like an ordinary bet in a lot of ways. If the Eagles lose, my prediction expires worthless. Just like losing a bet. But those predictions trade up and down, like stocks and bonds, right up until the end of the game."
"And they're untaxed and anonymous."
"Right. And there are other predictions I could make. I could buy a prediction on 'Jack Murphy dead before October 14th'." And if, for whatever reason, you're no longer with us that day, I make a dollar."
"So is that how the assassination market works? Someone just makes a bet that somebody else will be dead?"
"That's one side of the deal. That's the bet that the assassin makes. Someone else has to take the other side of the bet, and lose. If you want somebody dead, you just place a bet that they'll be alive. You lose your bet, but they get taken care of."
One of the agents who had come in with Bellamy was standing in the office door. His light blue gloves and shoe covers didn't go with his dark blue suit. He was holding Murphy's laptop computer, with Murphy's mobile phone and charger on top.
"We're going to need to check those in the van," Bellamy said. "We'll have them back in ten minutes."
Murphy nodded and the agent turned and left. Bellamy had introduced him but Jack was too tired to remember the name.
"So the original client, or whatever you want to call him, makes a bet, and loses, and the assassin wins, and that's how the assassin gets paid. But you said a dollar. Nobody's going to murder someone for a dollar."
"Right. There has to be some volume in the market for it to be a significant risk. A lot of people have to be willing to buy those predictions of 'Jack Murphy alive.' and lose the money."
"So how is my stock doing?" Murphy knew that DC was still chattering about the news of his surprise appointment. The Secretary was an old colleague from think tank days, but nobody expected that the President would go along with bringing Murphy in. The President was too good a politician not to have his own person in every department's number two spot.
"That's why we're here. There's a lot of volume. A lot of outstanding predictions on you alive."
"They're predicting I'll be alive because they want me dead." Murphy finally yawned and got his hand over it.
Bellamy just continued. "Yes, that's right. The good news is that the administration has an independent fund for protecting appointees. Our agency can't know about it officially, of course. That fund buys the same 'dead' predictions that an assassin would. Makes it less profitable for the assassin. Basically, we play the market to lose. It's expensive, and it's not a hundred percent solution, but it's the best answer so far."
"What about just going after the people who want me dead?"
"Frankly, sir, that wouldn't scale. Between the senior citizens and the cat thing, our market model says that more than four hundred thousand people have some money on you. If you're alive next week, they make a little money. If you're dead, they're happy too."
Murphy was silent.
Bellamy said, "They don't really think of it as gambling. More like they're hedging their exposure to your continued existence."
Murphy looked up. One of the other agents, whose name Murphy didn't remember either, was standing in the doorway. "We're clear, sir. No cameras or devices left. Verified no other residents present. Charlie team is watching the egress. We're good to go."
"All right." Bellamy ripped open the evidence bag and pulled out the raw steel untraceable pistol. The room smelled of some kind of oil.
"What are you doing?" Murphy yelled. His voice went up in a squeak at the end. He grabbed for his desk phone and realized it was gone.
"Sorry, sir," said Bellamy. "But the money in that slush fund has to come from somewhere. Sometimes we play to win."
Real Advertising needs a voice
The Information Technology and Innovation Foundation
bills itself as "Smart Ideas for the Innovation
Economy," but what they're putting out there is just
a well-summarized version of the conventional wisdom
on creepy adtech:
The problem is that if
users are not tracked, then websites cannot deliver
targeted advertising. Instead, websites would only be
able to use non-targeted advertising which does not
generate as much revenue. Less revenue means less
free content and services for Internet users. But
privacy advocates are pushing forward, regardless of
The conventional wisdom has two key points. First, more creepy stuff means more money for everyone. Second, users don't mind creepy—it's those scary elitist "advocates".
I believe they're wrong on both points. First, the idea that the whole industry can profit by going creepy. I don't doubt that individual ad campaigns can get better click-through rates when targeted. But targeting tends to fuel a race to the bottom for content, and a decrease in signaling power for the medium as a whole. Look at the end of the road adtech is taking, and you'll see email spam already there, funding no content and satisfying no users.
Second, the conventional wisdom says that irresponsible "advocates", not regular users, are behind demands for privacy tech. I wondered about the demand for web ad blockers back in 2009, when hardly anyone was using them. Ad blocking had been around for years as an easy-to-install browser add-on, much easier than a bunch of things that did catch on. But calling it a niche product would have been generous. Nobody did it.
Today, though, ad blocking is is over 9 percent, and spawning at least one startup to help sites deal with it. What changed? Three words: What They Know. This popular Wall Street Journal series started in 2010, and began explaining adtech practices to the public, well enough that the explanation stuck. And a lot of other mainstream media coverage followed. If you believe the conventional wisdom, we should have seen something like: 2009, hardly any ad blocking. 2010, the WSJ explains how well customized those ads are to you. By 2011, ad blocking should disappear, right? Why should I block what's relevant to me? Instead, the opposite happened. People discovered the extent of tracking, and ad blocking finally went mainstream.
In a way, ad blocking is following in the footsteps of spam filters, which were also niche for a long time before they became a must-have. We missed the opportunity to align privacy tech with laws and norms to help everyone, both users and legit advertisers. Shortsighted lobbyists at the DMA got CAN-SPAM passed, which helped the bottom-feeders (who probably don't pay for DMA memberships anyway) but made it a never-ending challenge for legit DMA members to get a legit email newsletter through.
There are a lot of details to work out about how the norms and protocols for online ads have to change, all the way up and down the stack, to support real advertising, and not just direct response. (Firefox is making progress, for example.) But starting with the conventional wisdom on creepy tracking will get us to the wrong place. The real danger here is that the policy conversation about Internet advertising is missing a voice. Somehow, the chair at the debate reserved for Advertising is not occupied by Advertising in general at all—it's been reserved by the vendors of specific creepy techniques.
QoTD: Bob Hoffman
Every day, Facebook has an audience that is three
times the size of the Super Bowl's audience. That's
every day, not just once year. Yet, in its entire
history, not a single person has ever mentioned or
discussed or remembered a single fucking ad they've
ever seen on Facebook.
New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.
Keep up with the latest Advogato features by reading the Advogato status blog.
If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!