The Washington Post is Preparing for Post-Cookie Ad Targeting:
The Washington Post has developed a first-party data ad targeting tool called Zeus Insights that offers detailed contextual targeting capabilities along with user-intent predictions for marketers. The goal: to give marketers a sophisticated ad-targeting tool that isn’t reliant on third-party cookies but still drives results despite stricter data-privacy stipulations laid down by regulators.
The Zeus platform monitors contextual data such as what article a person is reading or watching, what position they have scrolled to on a page, what URL they have used to arrive there and what they’re clicking on. The publisher will then match that data to its existing audience data pools, which it has accumulated over the last four years, to create assumptions on what that news user’s consumption intent will be. The technology uses machine learning to decipher the patterns.
However, The Post’s strategic goal isn’t just to provide ad-targeting options for advertising clients that want to wean themselves off reliance on third-party cookies; it’s also to widen other publishers’ ability to compete with the big tech platforms.
The Post plans to license the Zeus platform to publishers both domestically and internationally, by integrating it with its Arc technology platform, which it has licensed to publishers since 2016 and reaches a combined 750 million unique users globally, according to the publisher. The theory is that in doing so, publishers can compete more effectively with the scale and data-targeting opportunities provided by Facebook and Google.
[...] “In a world where third-party cookies are being killed and cookie pools are decreasing, we expect tools like this to increase in importance,” said Ryan Storrar, svp and head of media activation, EMEA for Essence. “Being able to action cookieless user data is a helpful step in the right direction to embrace privacy in precision marketing.”
(Score: 2) by SomeGuy on Friday July 19 2019, @03:49AM (8 children)
And I'm the only one left on this planet who find this creepy. I guess I should just go stare at some blue LEDs until my head explodes.
(Score: 3, Funny) by Anonymous Coward on Friday July 19 2019, @04:16AM
pssst... The red ones are better.
(Score: 3, Insightful) by krishnoid on Friday July 19 2019, @04:20AM
I was freaked out by "action cookieless".
(Score: 2) by mhajicek on Friday July 19 2019, @04:43AM (2 children)
There are four lights.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 0) by Anonymous Coward on Friday July 19 2019, @04:55AM (1 child)
There are four lights.
One of them is blinking, slowly.
(Score: 0) by Anonymous Coward on Friday July 19 2019, @02:01PM
Very creepy! How did you know what my 2009 Toyota Matrix is doing?
> There are four lights.
> One of them is blinking, slowly.
This is exactly the symptom. Check engine light, ABS, Stability Control and one other I've forgotten. Three are steady on, one blinks (all are yellow warnings).
If I drive it every day (hypothesis - keep the battery well charged), the lights stay off. If I let the car sit for a few days, the lights will come on the next time I drive the car, even though there is plenty of battery to run the starter motor. Then driving every day for a few days the lights will turn off.
(Score: 2, Insightful) by Anonymous Coward on Friday July 19 2019, @05:08AM (1 child)
Small secret - that monitoring can only happen if you allow them to run arbitrary program code on your machine.
Block their javascript, and there is no monitoring possible.
(Score: 2) by DannyB on Friday July 19 2019, @02:48PM
Shhhhhhhh! We wouldn't want people to know that!
uMatrix is great.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Friday July 19 2019, @07:03AM
But until we create a mirror content stream that aggregates only javascript hostile websites, this situation isn't going to get any better for us.
Even then we might be missing out on some subset of popular culture or key news unavailable anywhere else.
Honestly though, any garbage behind a javascript wall hasn't been worth it for me so far.
(Score: 4, Informative) by canopic jug on Friday July 19 2019, @04:04AM (7 children)
Though the article does not mention Javascript by name, the description of the new behavior of knowing the position which the marks have scrolled to on a page implies that this new system will be afflicted with Javascript. One can only hope that the page degrades gracefully and still provides something readable without it. Otherwise they risk their site becoming dead.
An alternative might have been tracking of internal anchors, the fragment of the URL after the hash, but stock Apache2 ignores those and does not pass them on to the logs. Further moving around inside the document using internal links works entirely from the browser's cache these days and so does not even poll the server, so even custom modifications to the web server aren't going to increase data collection that way.
Money is not free speech. Elections should not be auctions.
(Score: 2, Insightful) by Anonymous Coward on Friday July 19 2019, @04:48AM (2 children)
The irony here is that if they would use responsible ads, they probably wouldn't need to go to all this trouble. Targeting ads to the page they're placed on tends to target to the things the viewer is actually interested in. At the end of the day, nobody looked at the ads in the print edition, so why would the online one be any different?
Just target the page directly with ads served by the same server and it's unlikely people are going to block them frequently enough to be an issue.
(Score: 0) by Anonymous Coward on Friday July 19 2019, @05:16AM
Only a russian oligark would say something like that. How is exile?8
(Score: 2) by Pino P on Friday July 19 2019, @12:42PM
A 2014 study by J. Howard Beales and Jeffrey A. Eisenach [politico.com] reports that interest-based ads targeted to a viewer's history rake in three times the cost per thousand impressions (CPM) compared to contextual ads targeted only to "the page they're placed on." From the study's introduction:
(Score: 4, Insightful) by maxwell demon on Friday July 19 2019, @05:27AM (1 child)
Probably not. There are already lots of pages that are absolutely unreadable without JavaScript.
Dream on. The vast majority of people either don't know what JavaScript is, or don't care.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by DannyB on Friday July 19 2019, @02:50PM
If you're a bit geeky, and use uMatrix, you can selectively enable / disable JavaScript. This makes most sites continue to work, but blocks almost all ads.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 3, Informative) by Anonymous Coward on Friday July 19 2019, @10:43AM
A few years ago I started to reverse engineer obfuscated JS code in the biggest news websites, just for fun. Usually I do it with file formats, now with code. Generally what I saw there was enough to install NoScript and use a strict whitelist. If a webpage wants to run its malicious code on my computer just to show text, this is not a good webpage and information on it is not worth doing anything. Why?
Because objective of this page is to run a code, not provide a quality text.
So opening such webpage is like opening a malware-infected document file you got in e-mail only to see what interesting is in its text.
Period.
Details: There are generally two kinds of spyware activity related to websites. One is "explicit" in which JS code directly harvests data, encodes it and sends back. Using ootb access to get not own cookies in older versions of Firefox counts as "explicit" too :). Another one is "implicit", even if JS itself is harmless, e.g. is an animated menu, metadata sent with its transfer are the main factor of communication. It's not in parameter, like with tracking pixels (usage of these decreases more and more), but e.g. fetching JS from another domain, sending information in protocol's fields.
(Score: 3, Interesting) by Pino P on Friday July 19 2019, @12:36PM
It's a risk that many site operators have made a business decision to take. This decision may not make sense to some regulars of tech forums like SoylentNews, Hacker News, and the green site, but these tech forums are unrepresentative samples in that their fraction of users who abstain from script-in-the-browser is much greater than that of the general web population.
(Score: -1, Troll) by Captival on Friday July 19 2019, @04:22AM
Remember, the Washington Post really cares about YOU the humble everyday citizen. They are filled with righetous outrage over those terrible non-Democrats in government spying on people or frighteningly keeping track of them with evil census questions like "Are you a criminal? Y / N". How dare the government track your every move!? That's our job!
(Score: 4, Insightful) by Anonymous Coward on Friday July 19 2019, @05:02AM (4 children)
Can we outlaw advertising industry completely, please? Just like coal or plastic straws. It is polluting our planetary information space too much for long time already.
(Score: 0) by Anonymous Coward on Friday July 19 2019, @06:45AM
Yes we can. https://addons.mozilla.org/en-US/firefox/addon/umatrix/ [mozilla.org]
(Score: 3, Funny) by Pino P on Friday July 19 2019, @12:57PM (1 child)
Without advertising, how would you learn that new products are available in the first place? And without ad revenue, you'd probably see a lot...
Still reading?
This premium comment is available to subscribers to comments by Pino P
[ Subscriber Log In | Become a Subscriber ]
(Score: 2) by fido_dogstoyevsky on Sunday July 21 2019, @04:02AM
A small price to pay, and one which probably won't change much of what I see now because of my script blocking.
It's NOT a conspiracy... it's a plot.
(Score: 2) by DannyB on Friday July 19 2019, @02:52PM
I keep saying it.
Advertising has ruined every medium it has ever touched.
It may start out acceptable. But it can never stay that way.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by aristarchus on Friday July 19 2019, @07:13AM (9 children)
Years ago, I mentioned to a "webpage developer" that I blocked cookies. He was shocked! "We use them for so many things!", he said. "Not on me, you don't", I replied. These days, I mostly bake my own cookies, just like the Oracle in the Matrix, because cookies are made of love!
(Score: 3, Insightful) by Pino P on Friday July 19 2019, @12:54PM (6 children)
I can understand your point for websites that neither require a login nor offer a shopping cart.
But among sites using a login, I don't see a lot of them falling back to HTTP Basic authentication. I imagine this is because HTTP Basic authentication sends the name and password with every request instead of just the first request. This causes more load on the server, which has to (slowly) hash your password with bcrypt/scrypt on every single request instead of just (quickly) verifying that the token from your cookie corresponds to a valid session.
And if you're trying to buy something online and have it shipped to your home or to a pickup location in town, I don't see how the server can distinguish your cart from another shopper's cart without either A. using HTTP cookies or an equivalent mechanism, or B. requiring all shoppers to create an account before shopping and then using HTTP Basic authentication.
(Score: 0) by Anonymous Coward on Friday July 19 2019, @02:21PM (1 child)
Include the session id as a parameter in all links.
(Score: 2) by Pino P on Saturday July 20 2019, @10:36AM
This would have the serious drawback of letting anyone hijack your session if you share the URL of a page, such as if you share a link to a product in the store with friends to ask them for their opinion on that product. See answers to the question "Why is passing the session id as url parameter insecure?" by Jonathan Egerton [stackexchange.com].
(Score: 2) by DannyB on Friday July 19 2019, @02:55PM (3 children)
Simply allow "session" cookies. The kind that only exist for the duration of your interactive session, and then are deleted by the browser so there can be no tracking beyond your current interactive session.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by Pino P on Saturday July 20 2019, @10:42AM (2 children)
With session cookies only, there would be no way for a two-factor authentication provider to mark your computer's browser as "trusted." This means you would have to reauthenticate using the second factor on every site you visit every time you open your browser. For sites that use SMS 2FA and for users on metered SMS plans, this can get very expensive very fast.
(Score: 2) by DannyB on Monday July 22 2019, @01:28PM (1 child)
That is true. But it is a separate issue, unless you want to require 2FA -- which is a policy decision of the individual web site.
Another thing that persistent cookies prevents is the: [x] Remember Me
so that next time login is either bypassed or much simplified.
Using 2FA is going the opposite direction of "remember me".
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by Pino P on Tuesday July 23 2019, @01:05PM
A growing number of websites are making that decision after encountering abuse by bot users. Twitch, for example, instituted a 2FA requirement for Affiliate broadcasters long ago and expanded it to all broadcasters in June 2019 [reddit.com].
The assumption that sites requiring 2FA make is that a user will use "remember me" to convert each device that the user regularly uses into a backup second factor for that user. Thus you need 2FA to place a "remember me" cookie on a device but not to use such a cookie.
(Score: 2) by DannyB on Friday July 19 2019, @02:54PM
They're baked by little elves in a hollow tree. There's no factory.
You may be engaging in patent infringement.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Friday July 19 2019, @07:16PM
thnx for the soft touch, we prefer "unrepentant asshole"
(Score: 4, Funny) by Bot on Friday July 19 2019, @09:11AM (8 children)
Zeus meets noscript, blank page is their lovechild, traffic dies.
Account abandoned.
(Score: 2) by RamiK on Friday July 19 2019, @10:22AM (3 children)
1. To my knowledge, noscript doesn't block first-party scripts by default unless they're specifically blacklisted.
2. If they're collecting the data themselves it won't be long before they'll realize they can throw in some lua hooks into their C/C++ html server and collect the data from there.
compiling...
(Score: 2) by etherscythe on Friday July 19 2019, @01:23PM (2 children)
1. Yes, it does. If a page looks funny or elements are missing, the first thing I often do is unblock the first party domain. If that doesn't fix it, I add the third-nth parties in descending order of apparent respectability; e.g. anything with "cdn" in the name goes first, and anything with "facebook" in it... well, if not already blacklisted, then has a wait a dozen refreshes to get its turn, if I don't give up on the info I was interested in completely.
Although, I'm getting better with uMatrix, and might switch completely over before too long.
"Fake News: anything reported outside of my own personally chosen echo chamber"
(Score: 2) by DannyB on Friday July 19 2019, @03:01PM
If the page says "Something prevented this page from loading" the first thing I do is DISABLE first party JavaScript, and that usually fixes it.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by RamiK on Friday July 19 2019, @03:26PM
Good to know. Last I tried was during the Firefox webextension period when uMatrix wasn't work right so I guess it was just an odd buggy default that they sorted out eventually. Looking it up it seems someone noticed it too at the time: https://superuser.com/questions/1272825/how-can-i-stop-noscript-from-whitelisting-sites-like-facebook [superuser.com]
Check out Nano Adblocker and Nano Defender too. Combined with uMatrix they have countermeasures to a few anti-adblockers techniques. Very handy if you're going to change uMatrix default and disable 1st-party scripts as well (like I did).
compiling...
(Score: 2) by DannyB on Friday July 19 2019, @02:57PM (3 children)
I gave up on NoScript back when NoScript betrayed our trust.
uMatrix all the way. Never looked back. uMatrix has much finer grain control than NoScript ever did. (I can't speak about what NoScript might look like today, because I'll never use it.)
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by Bot on Sunday July 21 2019, @08:52AM (1 child)
Noscript has google friendly defaults indeed (also let google did cross domain stuff), but when did it betray?
Account abandoned.
(Score: 2) by DannyB on Monday July 22 2019, @01:20PM
NoScript blocks ads. But then it had its own ads, and manipulated AdBlock to not block NoScript ads. A mini arms race broke out. Then the headlines hit.
https://techjaws.com/the-noscript-controversy/ [techjaws.com]
https://en.wikipedia.org/wiki/NoScript#Controversies [wikipedia.org]
All ads are bad, except for mine, which all ad blockers must allow.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Sunday July 21 2019, @11:52AM
Enlighten the uninformed what NoScript did please? I use it a lot myself but wasn't aware of treachery.