Yellow Flag: "Privacy on the web is fundamentally broken, for at least 90% of the population. Advertising on the web is fundamentally broken, for at least 90% of the population…" - Infosec Exchange
The founder of AdBlock Plus weighs in on PPA:
Privacy on the web is fundamentally broken, for at least 90% of the population. Advertising on the web is fundamentally broken, for at least 90% of the population.
Yet any attempt to improve this situation is met with fierce resistance by the lucky 10% who know how to navigate their way around the falltraps. Because the internet shouldn’t have tracking! The internet shouldn’t have ads! And any step towards a compromise is a capital offense. I mean, if it slightly benefits the advertisers as well, then it must be evil.
It seems that no solution short of eliminating tracking and advertising on the web altogether is going to be accepted. That we live with an ad-supported web and that fact of life cannot be wished away or change overnight – who cares?
And every attempt to improve the status quo even marginally inevitably fails. So the horribly broken state we have today prevails.
This is so frustrating. I’m just happy I no longer have anything to do with that…
We didn't used to have tracking, you know? You used to just put up a billboard or put an ad in the newspaper and you just hoped it'd lead to new customers.
It's a bit weird that the advertising people implemented fine gained tracking without asking anyone and now we're just expected to pretend there's no other way for advertising to work.
Even back then people tried to find ways to measure the effectiveness of the campaigns. For example, you'd get a discount if you passed a coupon or a coupon code, which would tell the seller that your purchase was in response to the ad.
Sure, but you couldn't analyse an individual's purchasing behaviour over time and show just that person ads for baby clothes because you think they got pregnant.
Right. And the proposed system doesn't allow for that either, as I understand it. Instead, you show ads for baby clothes next to an article about how to burp your baby, and then learn how many people buy baby clothes via that article without knowing anything about the people reading that article.
In theory, yes -- it's all aggregated and anonoymized. In practice, it's much more fine-grained than that, and ad companies under scrutiny have shown that their data can be deconvolved back to individual clients
Where did you get that from? That doesn't match at all what I have read. (At least not when it comes to this system - but maybe you're talking about Google's Topics API?)
https://www.eff.org/deeplinks/2023/11/debunking-myth-anonymous-data
That article is about:
Neither of those is what PPA does.
Of course, they're right that history has shown that this isn't easy. Hence:
Fundamentally what the alternative is, is to propose that you remain the sole owner of your privacy at the cost of sharing with advertisers that you have, say, 6 generic topics you're interested in. Like motorsports. It, with the millions or billions of others looking. The ad tracking currently knows everything about everyone and then works out if motorsports is an effective ad for you individually based on their profile of you.
For me, I'm fine with the current system. For my family though, they're just using phones and tablets with their default browser, blissfully unaware that there's no privacy. Then their data gets leaked out.
I know it's an extreme kind of case, but domestic abuse victims are always my thought when you think of a counter to "well I've got nothing to hide". Those people if they're unsure about privacy, will err on the side of caution. They stay trapped.
In conclusion, I'd rather move the needle forward for those who are at risk. Those who installing anti-tracking plugins would put at further risk. Where installing odd browsers make them a target. We can find perfection later. Make the Web safer now.
Plenty of people could justifiably take the opposite stance. But even just for my grandparents, they shouldn't be tracked the way they are. They're prime candidates for scams, and giving away privacy is one data leak away from a successful scam.
Kind of off topic to what you said I realise. :)
There was a hell of a lot less competition back then too. Don't pretend like advertising itself is the only thing that's changed.
In one sense there was some level of tracking, just not to the extent there is today. Fairly early on they stopped just throwing up billboards and hoping the right people would see them. They generally weren’t putting billboards for luxury cars up in the slums. Advertisers would try to place ads in the neighborhoods of their targeted socioeconomic demographic. Media companies started funding surveys to learn who their readers or viewers or listeners were. If you’re an American you may have heard of the Nielsen ratings for TV or less likely the Arbitron ratings for radio. Those companies would use statistical sampling to send journals to households in a market and over the period of a week or several weeks ask the household to record every TV show they watched or every radio station they listened to. They would also ask what age each person was, gender, how much money did they earn, what level of education had they completed, etc. With enough responses the companies could say, “okay, only 10% of the people in this market were watching this show, but 60% of the men between the age of 35-54 who were watching TV at that time were watching this show.” If an advertiser wanted that demographic, that’s the show they would pick. Newspapers would even change the fliers they would put in the newspaper depending on what part of the city they were going to. Discount stores for the poor neighborhoods, jewelers for the rich.
Of course, unless you were filling out the survey journal or had the reporting box on your TV, they weren’t tracking you directly. But you were being targeted based on your neighbors who had responded and more public demographic data about your age and likely income. This started surprisingly early on, because most business owners couldn’t afford to do a lot of slapping something up and hoping they’d get new business; they wanted to have some reason to be confident they’d see a return on their investment. It wasn’t anywhere near as invasive as what online tracking has become today, but that’s what advertisers have long wanted.
Isn't AdBlock Plus the one that takes money from advertisers to have their ads whitelisted by the ad-blocker?
Fuck this guy.
That's true but that doesn't mean that they can't be right.
I would argue that PPA is analogous to what ABP implemented. It seems to be a case of multiple people arriving at the same conclusion as how to try and fix the problem, contextually.
Sorry if this is a silly question, but how is a good adblocker like Ublock Origin not the answer? I don't care if ad-supported websites go under. I'm fine with everything becoming subscription and donation based. I don't want to see ads and am OK with fewer websites as a consequence.
We're not the target audience because we use uBlock. This is about the general user.
Regarding subscriptions and donations, I recently brought it up here: https://lazysoci.al/post/14704065
But if we essentially paywall the Internet, there will be a lot of people left behind, as most can't afford to donate or subscribe.
There's a middleground: privacy respecting ads (like Mozilla is pushing w/ PPA) and microtransactions per page (e.g. pay whatever they would've made through ads, so a fraction of penny per view). I'm okay with either and think we should have both.
I will happily put £10 a month into a pot, if I don't have to worry about how it gets distributed among the various instances I use and I think the same for lots of people, but someone needs to create that service.
They do fall behind either way. If you can't afford it, your privacy is exploited and you pay by being targeted by ads (if you don't know your ways around it).
You know that's not the same thing. Come on.
Neither solution is fair for some people. Being tempted into using your privacy as a currency, because you don't have much money shouldn't even be an option.
On one hand, hosting content online isnt free, so there should be some form of subsidization to offset that. But I feel like selling my privacy to massive firms so that they can analyze my habits to serve me ads about things I would be statistically more likely to buy is a bad solution to this problem.
I dont have a good fix, as the only 2 alternatives that seem to show up are paid subscriptions and decentralization. Which are both useful options, but not one that fits all cases.
If brave wasn't completely unhinged, the idea of the brave attention token was kind of a cool idea (assuming you could pay a reasonable rate and not with ads).
But yeah, I fundamentally am not OK with tracking, am fundamentally not OK with companies paying to try to manipulate me, and am fundamentally not OK with the big attack vector ads expose. I would be willing to pay a reasonable rate for quality content, but it's so fragmented there isn't really any way to do that, and because of the way the monetization works, a lot of that content is compromised. So the end result is I don't contribute anything to most sites I visit because I don't have a real way to do so, but will not watch ads.
The economics of Brave don't work.
Pay-to-surf doesn't work because it's essentially a Turing test. These didn't work in the 90s and they sure as hell won't work today.
Paying a third party to automate donations for you introduces a trusted third party, who in the crypto world are infamous for robbing their customers. They don't even make it to enshittification.
Brave is a scam. The CEO got kicked out of Mozilla for being a raging homophobe, and even the Bitcoin community told him to fuck off before he started a shitcoin. It's like if you could invest in early flying machines that flapped their wings - there's a problem and this rhymes with an answer, but it's not even close.
I said "if Brave wasn't unhinged". But the core concept absolutely has merit.
There's no inherent reason you couldn't have sites opt in to another third party service, hosted by someone credible like Firefox, that just signed the connection as "paid", then distributed most of the revenue to the sites, and it wouldn't be hard for sites to take that "paid" signature and not display ads or trackers.
Look what they're doing now. They're using anti-adblocker tools to limit your access to the site, even though they know the conversion rate to people willing to watch ads is basically zero. If they had an option for "here's how you can give us money", a lot of them would take it. And there are plenty of people like me who would like to pay generally, but not dollars here and there to read single articles I have a passing interest in, and am just unwilling to allow the maliciousness (on several levels) of ads or the tracking for ads anywhere near my computer.
But it is unhinged, the concept has no merit.
If you just want automated payments, we don't need yet another shitcoin just for that purpose. "Most" of the revenue? We don't need a third party at all, much less one that requires trust.
The concept absolutely has merit. It's basically what all the music platforms are. People are willing to pay for content when they don't have to pay individually for every listen.
It cannot even theoretically happen without a third party. Someone has to accept payments from users while protecting their privacy and redistribute it for the concept to work. I don't "just want automated payments". I want a single payment that covers my browsing behavior per month. I wouldn't remotely consider a service that actually did a payment per visit. They can keep earning nothing from me if they want to do that.
But you can't already get that same music for free, like you can with website access.
If you're deciding on tips yourself, why wouldn't you want to automate payments, regardless of how you'd like to structure it? Since you're already OK with crypto, you could make these payments with much stronger privacy than trusting a corporation to not sell your data.
Tipping makes sense, it's the trusted third party and shitcoin that are the issues.
A. Yes, you can. There's the radio and various other ad supported free channels. People pay because ads are annoying, and paying for content in a fair way is a better experience.
B. I have no interest in "deciding on tips myself". I want the sites I visit to be compensated, without the evil of ads.
C. I have no interest in crypto. Crypto is shit with pretty close to no redeeming qualities. I have no interest, ever, in any format that resembles a transaction per visit, or any format that results in a payment trail between me and websites I visit. I want to pay, once, per month, and have that money divided among sites I visit, just like it works with music.
That's the premise that brave got the closest to of any browser. But they're lunatics and absolutely cannot be trusted with any information in any format. That's what I want a Mozilla, or other organization that is actually trustworthy, to handle. Allow me to pay to remove ads, with the consent of the websites in question, and divide that money among the websites I visit, in bulk so there are no transactions between individuals and sites.
I won't even consider paying $1/month total to sites if the transaction is to the site. It violates my privacy to do so. I would happily pay $10-20/month to all the sites I visit if it was handled by a third party in a privacy preserving way, and I'm quite confident that there are plenty of people who would voluntarily pay more than whatever the "required fee" was if there was an optional higher tier that just gave more to the websites they used.
A. Radio is much worse quality, not on demand
B. Like, an equal amount per website? Or weighted somehow?
C. How would you prevent a payment trail without crypto?
And websites are much worse quality when ad supported. It's the same thing.
Don't care.
By using a fucking third party. The only payment trail would be that I paid 9.99 to Mozilla once a month or whatever. It wouldn't be to the websites. It's not a complicated proposition. It happens all over with all kinds of other content. Brave are just the only ones who tried to do something similar in a browser.
Alright well good luck, take care!
Except there are tons of alternatives that actually work. I watch plenty of YT videos with paid sponsors and if it's done well, I don't skip the sections because they are interesting.
What people dislike is obnoxious advertising, not advertising per se. Unfortunately, most advertising is obnoxious.
In other words, reality has already shown us what is possible. But it would probably reduce certain types of ad revenue, and big ad companies (i.e., Google) don't like that.
And also, these sponsors should be at least somewhat relevant to you (ofc does not always mean it is.) ex. I watch The Linux Experiment channel, and he has Tuxedo Computers as a sponsor, who make hardware for Linux. Perfect match.
Other example is on mozilla's developer platform (developer.mozilla.org), where the ads are not intrusive plus these are relevant for developers.
I just dont understand why cant we have these types of ads, instead of the tracking bullshit we have currently.
I feel that this money should be coming from what I pay my ISP. Most of that infrastructure was built with public funds and it does not cost the 180$ I’m paying per month to keep the lights on.
I mean, that's just your ISP ripping you off. They would just increase prices even more, if they'd have to give some of it to webpages.
Yeah, I know they are. My point is, I pay for internet acces each month. I’d like that to include full access to all the internet has to offer. If that were the case I feel that what I’m paying currently would be a fair price. This should be what pays for all these services and and should cover running all the stuff if each and every company wasn’t as greedy.
Basically if we strip away all the CEOs and shareholders, then each household paying for internet access should be more then enough to run it.
Yeah, I can see where you're coming from. Big problem there is that the internet spans between nations. You can't just nationalize service providers and have everyone with a webpage register it there to receive their rightful share of money.
Obviously, some system could be created, just as some global government could be established, but with hardly any structures in place so far, it would be difficult to regulate.
Blockchain has entered the chat.
This is not really on topic any longer, but I would love to see them regulated as utilities.
There are players in this space that from the start saw the opportunities to track people.
We discussed this stuff at work in the mid-90's. If us little IT geeks saw it then, surely the major players were already working on plans for more than we could imagine.
That's why they're looking for an alternative solution, no? As I understand it, this only tells advertisers which ads get clicked on how often, without sharing any data about you specifically.
You're criticizing advertising in general and looking for a "fix" which does not involve advertising of any kind.
What Mozilla is doing here tries to address your critique of advertising. It tries to fix the system that's in place. Obviously, we'll have to see, if it works out, but I don't feel like it's that different from your vision.
I was there, during the first advertising push of the mid/late 90s, where visiting the wrong website - or even the right one on the wrong day - spawned “uncloseable” pop-ups and pop-unders… uncloseable because as soon as you tried to dismiss the window, that action triggered a half-dozen more to spawn.
Eventually, the weight of all the browser windows would cause not only the browser to grind to a halt, but even the computer as a whole (single-thread CPUs & minimal RAM, nat), such that your only possible recovery path was to conduct a hard restart of the entire system, your unsaved work be damned.
I feel for those businesses whose only possible funding strategy is via ads, but that well was lethally poisoned for me decades ago. I jumped onto the world’s first adblocker the moment it became available for Phoenix (now Firefox), and I have never looked back. The only way I will ever stop using adblocking is to stop using the Internet entirely.
Many ads are scams or malware too, which ad brokers don't want to address because they get paid. The "we need ad money to support our service" sounds close to the mobs protect racket given the security risks on some ads.
While I also hate ads, what I hate even more is the tracking. I would honestly be okay with ads that respected my privacy, like they largely did back in the early days of the web. I remember visiting sites and having ads that had nothing to do with my interests, probably because they were either randomly or staticly (based on page content) assigned.
We have the technology, however, to move beyond ads. We can do microtransactions and just pay a nominal fee per page view. I wouldn't mind if I paid the fraction of a penny a page would've g otten by showing me an ad, provided that payment was anonymous (e.g. through something like GNU Taler or Monero). But for some reason, websites either expect a ton of money and a login, or ads, with no in-between. I hoped Brave would provide that, but that didn't happen at all.
Please, give us three options:
But if the current options are privacy invasive ads or subscriptions, I'm going to install an ad-blocker. If you prevent me from seeing it, I'm going to look at your competitors instead.
I don't think anyone is asking you to stop blocking ads. Block away!
I think the only request defenders of PPA are making, is please don't actively prevent it from making things better for everyone else.
The difference to me, between this thing and what Google is building ("Privacy Sandbox"), is that I trust Mozilla to have user interests in mind. They don't have shareholders, they don't have a massive foot in the advertising market, so if this thing turns out to be bad for users, then I expect them to fix it or to pull the plug. With Google, I rather expect them to worsen it for users, when they get the chance to do so, without journalists writing about it.
What would it take Mozilla to do, to break your trust?
For example, what if they sold private data? Or, if that is not extreme enough, what if they sold private data to advertising companies? Stuff like geolocation.
Not the person you replied to, but…
To move out of the least-worst option position.
Right now it’s in that position. It’s always been in that position, and IMO it has never not been in that position.
And for the record, I am not talking about Mozilla specifically, but the browser ecosystem for that rendering engine that includes any forks and derivatives… because things like Chrome’s maliciously flawed and user-hostile Manifest v3 also cascade down into forks and alternatives that are based off of it, and so contaminate many other normally-good alternatives.
Does that mean that you trust it, or just that you will continue using it because you need a browser?
Because to me, there's a big gulf between a company that hasn't broken your trust and a company that makes the minimum viable product that you need to use daily.
Exactly. If Brave delivered on what I thought they promised (an alternative compensation system for websites), I would've switched. I'm totally on-board with paying whatever websites would've made through ads to just not see the ads, and I had hoped Brave would've made that a thing. If Brave was based on Mozilla tech, I might even be giving them a shot right now.
But they didn't, so Mozilla remains the least worst.
My priorities are:
I used Opera for years mostly because they were on par w/ 1 and satisfied 2 and 4. Now I'm with Mozilla because they do reasonably well on all four. If Mozilla sells my personal data (violation of 1), I'd switch to something else (probably whatever KDE or GNOME ship with).
I want to agree, but I am reluctant because many platforms want to double dip with ads and subscriptions. Not to even say that everyone wants > $10/mo for everything.
And that's exactly why I'm dropping Netflix and Disney+. I was fine paying for them when they offered good value, but charging the same amount and adding ads rubbed me the wrong way, especially when the ad-free tier is so much higher that it's way above the actual revenue they would be making from those ads.
So yeah, the microtransactions to replace ads is predecated on websites not abusing that system. Otherwise I'll go back to blocking ads.
The problem is this was snuck in, there was no transparency.
If it's an improvement for users, wouldn't you be making a big deal of it?
That tells me all I need to know.
They listed it prominently in the official changelog, they've got a support page for it and they have a toggle to disable it. If they wanted to sneak it in, they would not have done any of that.
It's also still unclear, if this will improve the situation for users. If it sees no adoption, it's dead on arrival. If it ends up being abused by advertisers without evidence of it improving privacy, they'll throw it back out.
Like, I agree that a blog post engaging into the discussion would be nice, but I also get that it's not easy to time this correctly. Since Mozilla does develop out in the open, a feature like that could be discovered by journalists as early as the conception phase. Arguably, it still is in the conception phase. People are now stumbling over it, because they made it transparent.
Exactly. I left it enabled because I don't see an immediate privacy concern, but I will be watching future releases for updates to it. I hope this ends up as Mozilla promises it will, but I can always disable it if it ends up sucking.
I don't trust Mozilla, but I am willing to give them a chance.
So how come you know about this before it's been generally enabled?
"Why don't you want to compromise with the leopards? They don't want to kill you, just let them lick your nose a bit. That would be cute, right!?"
Well, using your leopard analogy. It's why wouldn't you go to a safari park in a car rather than on foot.
I mean… what's wrong with stuff like the Fediverse just gradually strangling the commercially-driven internet? I pay a couple bucks a month to a number of different Fediverse providers and if everyone does that, they'll likely be able to stay self-sufficient and community-oriented. I honestly don't mind paying websites directly in that fashion as long as my data is portable and not for sale, whereas I know that if I let most commercial websites have my data, they will sell it to whomever and however many times they are capable of, all while enshitifying the user experience on their website as much as possible without making everyone leave completely.
It's the most frustrating business model possible and why I refuse to give them any more traction than they already have.
The problem with donation driven Internet is that it lives on the whims of a few and weaker willed developers and content creators start trying to pander to whoever is paying them.
We can do better. It isn't the 10% ruining it it is the 10% who see that we don't need to live like lab rats