back to article Google resumes shoveling stuff into its 'Privacy Sandbox'

Google is preparing another round of tests for the latest iteration of its purportedly private-preserving ad technology, after last year's Federated Learning of Cohorts (FLoC) experiment revealed the need for further refinement. In separate messages to Chromium developers declaring their "Intent to Experiment," Google software …

  1. Totally not a Cylon
    FAIL

    Totally redundant tech.

    "The intent of the Topics API is to provide callers (including third-party ad-tech or advertising providers on the page that run script) with coarse-grained advertising topics that the page visitor might currently be interested in," Google says.

    Uhmmm, you know what the page visitor is interested in; IT'S WHAT IS ON THE DAMN PAGE!!!!

    If I'm reading TV reviews I'm probably thinking of buying a TV.....

    1. Ben Tasker
      Joke

      Re: Totally redundant tech.

      Ahhh but last week you bought a lawnmower, surely you'd rather have ads showing all the lawnmower deals you've missed out on for the next 6 months?

    2. Ken Hagan Gold badge

      Re: Totally redundant tech.

      If "you" are the ad provider, you know no such thing. This is just yet another page thst has been polluted with your shit. Unless you read the URL and parse the page contents, you can't tell whether this is a Mary Whitehouse tribute site or a Whitehouse magazine tribute site.

      1. Eguro

        Re: Totally redundant tech.

        Presumably, though, any webpage that displays an ad would have an interest in giving at least coarse topic information about their webpage. After all it's also in their interest for the ad to perform well.

        Given time and enough visitors you could potentially refine the topic, based on which ads seem to perform well, all without having to know who clicked any ad, but simply knowing that a given ad was clicked.

        1. Anonymous Coward
          Anonymous Coward

          @Eguro - Re: Totally redundant tech.

          Problem is Google sold this to advertisers bragging they know who, when and where the ad was viewed. Now Google can't go back to them and sell less stuff for the same price.

      2. big_D Silver badge

        Re: Totally redundant tech.

        You set up an API, so that the page calling the ad can provide topic information about the site/page.

  2. Neil Barnes Silver badge

    I wonder

    What minuscule fraction of the billions of adverts launched actually result in a click through to the serving site; and what minuscule fraction of that results in a sale?

    It seems to me that the problem is that advertising is too cheap, not that Google and friends make too much money at it. Perhaps an opportunity for governments to raise some revenue by taxing each and every advertising image that isn't on the originators own site?

    (And they should also tax adverts which are sent but not seen, too.)

    1. Fred Daggy Bronze badge
      Holmes

      Re: I wonder

      Internet advertising reminds me of what I've read about the old goldrush days.

      Millions went, a lucky few got rich, some scraped by. But the ones that made the money sold the shovels, provisions and the other mining tools.

      Internet ads are the same. Millions advertise, a few get rich, eg FAANG and the rest are left with scraps.

      It's not going to get better. Certain websites content ratio is getting content down to less than 20% per page with scrolling boxes and ads inter-spaced with text. In which case, I mentally check out of the site. There is even more content on a free throwaway dead tree newspaper one finds on the morning commute!

      Firefox or one of its cousins with a good adblocker or two.

    2. Anonymous Coward
      Anonymous Coward

      Re: I wonder

      What minuscule fraction of the billions of adverts launched actually result in a click through to the serving site; and what minuscule fraction of that results in a sale?

      It varies a lot, but the averages I hear are between 0.2% and 2% for both of these.

      Some are much higher, e.g people searching for "car insurance" are so likely to buy one that each click is paid over $10. Conversely, many ads never see a click. It's very top-heavy, meaning comparatively few ads get most traffic.

      1. AMBxx Silver badge

        Re: I wonder

        I've never intentionally clicked an advert. 100% of the clicks from me are accidental so of no use to anyone other than the company displaying the advert.

        I don't know what proportion of the 0.2% to 2% are accidental but I'd guess that with touch screens, it's getting higher.

    3. Graham Cobb Silver badge

      Re: I wonder

      What minuscule fraction of the billions of adverts launched actually result in a click through to the serving site; and what minuscule fraction of that results in a sale?

      Unfortunately, that is the problem which is causing all this tracking. The reality, as I understand it, is that virtually no one clicks on an ad and buys the product in that transaction. So, Google promise advertisers that they can tell them when the ad contributes to a future sale! I can understand why advertisers who believe this would see this as a useful metric - likely to encourage them to spend more on that type of advertising.

      That is what this Privacy Sandbox approach is promising to do: it tracks which ads were displayed to you, and it tracks what you bought, and it tells advertisers which ads resulted in a (later) sale. I have no idea whether it really does that very well - but that is what Google is promising advertisers.

      At the same time, Google is trying to promise to us that it will not let advertisers know who we are and will not allow (for example) things like web sites adjusting prices because they know what we are looking for or what we have bought.

      I have no idea whether what it is proposing can do either of those things. However, I am not willing to even let Google know any of this stuff (what about competitors to Google? do I have to tell them as well?). What I feel like doing today is none of anyone else's business.

      1. Anonymous Coward
        Anonymous Coward

        Re: I wonder

        The clever bit of this from Google's point of view is this: the biggest corporations tend to buy the most ads. They also sell the most goods (that's what makes them the biggest, duh). So if I'm Google and I'm selling my yellow pages ad space, it's very easy for me to show that "placing an ad retrieved by a browser" and "browser being used to purchase an advertised product or brand" are highly correlated. Well, of course they are! You have managed to spew thousands of ads into every browser every day, and most of them are for products people buy in great quantities. Even if an ad has negative effectiveness there will still be a strong correlation. Ignorant ad space buyers eat it up, their employers lose money, Google get richer, and the rest of us choke on ads or play the arms race game.

        When it was literally the yellow pages, the ads were very, very effective. But they were advertising goods and especially services offered by local providers, not global brand marketing departments. When you opened the yellow pages, you did so because you wanted, or needed, to purchase something and were ready to do so *right there* and *right now*. That kind of ad space was an easy sale to make because anyone could understand the premise and almost certainly had personal experience of it. Now it's all spreadsheet voodoo to trick the gullible. The ads that are still highly effective (precisely because a search for them practically guarantees that the user intends to purchase something *right here* and *right now*) are now so expensive that their buyers give up nearly all their profits. The rest are just marketing budgets set ablaze. Of course someone who was served your ad bought your product 3 months later; you have a 70% market share.

        Post hoc ergo propter hoc. Still going strong after three millennia.

    4. Anonymous Coward
      Anonymous Coward

      @Neil Barnes - Re: I wonder

      That's irrelevant. Google is not paid for the ads you're clicking on. They're paid on the promise they will show you the ad.

      1. ArrZarr
        Boffin

        Re: @Neil Barnes - I wonder

        Incorrect. Google show ads on a CPM (Cost Per thousand impressions) and a CPC (Cost Per Click) basis.

        CPM targeting has been falling out of style for a long time now, and the value of an impression is hotly debated. For some reason, these debates usually have proponents from places that stand to gain the most from CPM models (Those who put far too many ads on site). No idea why it skews that way, of course.

        When it comes to spending the client's money, CPM is very efficient. When it comes to making the marketing basically worthwhile, you should just use CPC.

  3. Anonymous Coward
    Anonymous Coward

    And yet can I find a clock that ticks ?

    Can I fuck ?

    Unless and until Google and their ilk deliver the ability to understand what I mean when I search for a "ticking clock", and not return pages of clocks being marketed proudly as "non ticking" then I think we are pretty safe from the rise of the machines.

    (When I was given a tour of IBM Hursley and broke a Watson demo with some questions, I was told that understanding language isn't really an AI problem ...)

    1. Dinanziame Silver badge
      Devil

      Re: And yet can I find a clock that ticks ?

      Why would you want a ticking clock?? Are you looking for a gift for your mother-in-law?

      1. DishonestQuill

        Re: And yet can I find a clock that ticks ?

        No, he's in possession of a very young crocodile.

  4. Norman Nescio Silver badge
    Joke

    Ticking?

    The AC is not looking for a noisy clock, but one made of ticking. I guess an odd form of plushy (do an internet image search for "IKEA HEMMAHOS clock").

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

  • FTC urged to probe Apple, Google for enabling ‘intense system of surveillance’
    Ad tracking poses a privacy and security risk in post-Roe America, lawmakers warn

    Democrat lawmakers want the FTC to investigate Apple and Google's online ad trackers, which they say amount to unfair and deceptive business practices and pose a privacy and security risk to people using the tech giants' mobile devices.

    US Senators Ron Wyden (D-OR), Elizabeth Warren (D-MA), and Cory Booker (D-NJ) and House Representative Sara Jacobs (D-CA) requested on Friday that the watchdog launch a probe into Apple and Google, hours before the US Supreme Court overturned Roe v. Wade, clearing the way for individual states to ban access to abortions. 

    In the days leading up to the court's action, some of these same lawmakers had also introduced data privacy bills, including a proposal that would make it illegal for data brokers to sell sensitive location and health information of individuals' medical treatment.

    Continue reading
  • Google battles bots, puts Workspace admins on alert
    No security alert fatigue here

    Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.

    The API capabilities – aptly named "Advanced API Security" – are built on top of Apigee, the API management platform that the web giant bought for $625 million six years ago.

    As API data makes up an increasing amount of internet traffic – Cloudflare says more than 50 percent of all of the traffic it processes is API based, and it's growing twice as fast as traditional web traffic – API security becomes more important to enterprises. Malicious actors can use API calls to bypass network security measures and connect directly to backend systems or launch DDoS attacks.

    Continue reading
  • TikTok: Yes, some staff in China can access US data
    We thought you guys were into this whole information hoarding thing

    TikTok, owned by Chinese outfit ByteDance, last month said it was making an effort to minimize the amount of data from US users that gets transferred outside of America, following reports that company engineers in the Middle Kingdom had access to US customer data.

    "100 percent of US user traffic is being routed to Oracle Cloud Infrastructure," TikTok said in a June 17, 2022 post, while acknowledging that customer information still got backed up to its data center in Singapore. The biz promised to delete US users' private data from its own servers and to "fully pivot to Oracle cloud servers located in the US."

    That pivot has not yet been completed. According to a June 30, 2022 letter [PDF] from TikTok CEO Shou Zi Chew, obtained by the New York Times on Friday, some China-based employees with sufficient security clearance can still access data from US TikTok users, including public videos and comments.

    Continue reading
  • Google: How we tackled this iPhone, Android spyware
    Watching people's every move and collecting their info – not on our watch, says web ads giant

    Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG).

    RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular spyware runs on both iOS and Android phones.

    We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It's said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too.

    Continue reading
  • Brave Search leaves beta, offers Goggles for filtering, personalizing results
    Freedom or echo chamber?

    Brave Software, maker of a privacy-oriented browser, on Wednesday said its surging search service has exited beta testing while its Goggles search personalization system has entered beta testing.

    Brave Search, which debuted a year ago, has received 2.5 billion search queries since then, apparently, and based on current monthly totals is expected to handle twice as many over the next year. The search service is available in the Brave browser and in other browsers by visiting search.brave.com.

    "Since launching one year ago, Brave Search has prioritized independence and innovation in order to give users the privacy they deserve," wrote Josep Pujol, chief of search at Brave. "The web is changing, and our incredible growth shows that there is demand for a new player that puts users first."

    Continue reading
  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • California state's gun control websites expose personal data
    And some of it may have been leaked on social media

    A California state website exposed the personal details of anyone who applied for concealed-carry weapons (CCW) permits between 2011 and 2021.

    According to the California Department of Justice, the blunder happened earlier this week when the US state's Firearms Dashboard Portal was overhauled.

    In addition to that portal, data was exposed on several other online dashboards provided the state, including: Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Safety Certificate, and Gun Violence Restraining Order dashboards. 

    Continue reading
  • Firefox kills another tracking cookie workaround
    URL query parameters won't work in version 102 of Mozilla's browser

    Firefox has been fighting the war on browser cookies for years, but its latest privacy feature goes well beyond mere cookie tracking to stop URL query parameters.

    HTML query parameters are the jumbled characters that appear after question marks in web addresses, like website.com/homepage?fs34sa3aso12knm. Sites such as Facebook and HubSpot use them to track users when links are clicked, and other websites like YouTube use them to enable certain site features too.

    On June 28, Firefox 102 released a feature that enables the browser to "mitigate query parameter tracking when navigating sites in ETP strict mode." ETP, or enhanced tracking protection, encompasses a variety of Firefox components that block social media trackers, cross-site tracking cookies, fingerprinting and cryptominers "without breaking site functionality," says Mozilla's ETP support page.

    Continue reading
  • India extends deadline for compliance with infosec logging rules by 90 days
    Helpfully announced extension on deadline day

    Updated India's Ministry of Electronics and Information Technology (MeitY) and the local Computer Emergency Response Team (CERT-In) have extended the deadline for compliance with the Cyber Security Directions introduced on April 28, which were due to take effect yesterday.

    The Directions require verbose logging of users' activities on VPNs and clouds, reporting of infosec incidents within six hours of detection - even for trivial things like unusual port scanning - exclusive use of Indian network time protocol servers, and many other burdensome requirements. The Directions were purported to improve the security of local organisations, and to give CERT-In information it could use to assess threats to India. Yet the Directions allowed incident reports to be sent by fax – good ol' fax – to CERT-In, which offered no evidence it operates or would build infrastructure capable of ingesting or analyzing the millions of incident reports it would be sent by compliant organizations.

    The Directions were roundly criticized by tech lobby groups that pointed out requirements such as compelling clouds to store logs of customers' activities was futile, since clouds don't log what goes on inside resources rented by their customers. VPN providers quit India and moved their servers offshore, citing the impossibility of storing user logs when their entire business model rests on not logging user activities. VPN operators going offshore means India's government is therefore less able to influence such outfits.

    Continue reading
  • Google, EFF back Cloudflare in row over pirate streams
    Ban akin to 'ordering a telephone company to prevent a person from having conversations' over its lines

    Google, EFF, and the Computer and Communications Industry Association (CCIA) have filed court documents supporting Cloudflare after it was sued for refusing to block a streaming site.

    Earlier this year, a handful of Israel-based media companies took Israel.tv to court, accusing it of streaming TV and movie content it had no right to distribute. The corporations — United King Film Distribution, D.B.S. Satellite Services, HOT Communication Systems, Charlton, Reshet Media and Keshet Broadcasting — won the lawsuit after Israel.tv's creators failed to show up to their hearings, and the judge ordered Israel-tv.com, Israel.tv and Sdarot.tv each pay $7,650,000 in damages. 

    In a more surprising move, however, the media outfits also won an injunction [PDF] in the United States in April against a slew of internet companies, among others, banning them from aiding Israel.tv in its piracy.

    Continue reading

Biting the hand that feeds IT © 1998–2022