This is one of the worst pieces of tech/business journalism I have ever had the misfortune to read. The overwhelming desire to paint Jonathan Mayer as David to the digital advertising industry's Goliath completely distorts the reality of the negotiations and misrepresents how decisions about both code and policy are made at Mozilla. It is insulting to Mozilla, which has been working in good faith on these negotiations from the beginning, and to Mayer, who it patronizingly describes as "just a volunteer who hangs around the offices of Mozilla."
It is also riddled with technical errors that suggest this journalist lacks even the basic understanding of technology that should be a prerequisite for working in this space.
This is all especially frustrating because, for some strange reason, these Business Insider pieces get a lot of traction online. This piece is on the HN front page at the moment, and their last, similarly asinine, piece about the proposal to block 3rd Party Cookies in Firefox has over 3,000 comments on Reddit. [1]
For a more accurate representation of the current state of Mayer's 3rd party cookie blocking patch, read Brendan Eich's recent post [2].
I would suggest Business Insider is banned from HN, there is no quality control, it is Demand Media's content farm model applied to news. If this was my responsibility I would also look very closely at who is upvoting Business Insider stories.
Yeah the part that got was me where they said that cookies "also help web sites handle logins and other basic functions" without making the distinction between domain cookies and 3rd party cookies. And then followed it up with "Currently, Apple's Safari blocks cookies;".
"The move might also invite legislation from Congress."
So ... presumably a govt body would define what a web browser is, then define what tracking is, and then ... what ? Legislate browser code ?
Would wget need defaults built in for the code that comes over ? What if I 'nc' to port 80 and redirect to a file ?
What is a "web browser" anyway ? What constitutes consumption of tracking codes ? Are there punishments involved ? Is the curl library at fault if it is misused in this government mandated way ?
Governments already (and appropriately) legislate all sorts of things about software.
* Some governments require windows to present a choice of web browsers.
* Some governments require websites, operating systems, or programs to provide for accessibility to the disabled.
Some governments also regulate information collection and sharing:
* Some governments (including the US) regulate what information credit card companies must provide to consumers.
* Some governments (including the US) regulate what info credit bureaus can collect, sell, require them to provide free copies on demand to those surveilled, and set up a framework for a dispute process.
It's perfectly reasonable for governments, as an agent of the people, to create laws and regulations around what can be collected and how. And yes, code may have to go into browsers to comply.
The long history of the interactions between relatively slow-moving governments and relatively fast-moving technology suggests that we should only legislate software as a last resort. One of the nice things about the proposed Do Not Track standard is that it requires no additional legislation. Once advertising bodies agree to some meaningful definition of DNT, any violations could be prosecuted using existing laws that protect consumers from deceptive advertising.
Online tracking is a difficult problem without a purely technical solution available. Even with 3rd party cookies blocked, advertisers will still use first party cookies (Google, Facebook), or more sneaky and difficult to mititgate mechanisms (browser fingerprinting, evercookies) to track Internet users.
Legislating is slow, uncertain, full of compromise, and riddled with conflicts of interest (hold the comparisons to the current DNT negotiations, please). While it is sometimes appropriate, or required as the only remaining recourse, it is far from an ideal solution - especially with a problem such as this where there is such an imbalance of influence between parties in Washington.
Governments routinely get involved in matters such as this and by every account it makes a lot of sense. Online advertising is a critical part of many businesses and there needs to be stable, considered policies that factor in everyone's interests.
Before this conversation gets out of hand let's analyze how asinine this is: you're proposing congressional oversight on open-source software.
Let's move beyond that obvious stumbling block and assume their non-existent jurisdiction actually exists: how do you expect this to be enforced? Do we levy fines against any entity (human or otherwise) distributing non-compliant web browsers? Do we install ransomware on people's computers that locks their devices unless only authorized browsers are installed?
When bits pass by my router then I will do with them as I please.
And, relatedly.... if I offer to perform allegedly-medically-beneficial surgery for free, am I exempt from all the laws about regulation of medical practice?
And relatedly, if I give away viruses for free, am I good to go?
Not that I'm particularly sanguine about the odds of legislators getting it right, but I agree with rayiner that "open-source" isn't a GOOJF card.
On the other hand, it seems clear that code I write only for my own use has different regulatory requirements. In general, laws often let people do riskier things for themselves, relative to risks they let people take on behalf of others. But in this case, if you write code for yourself, it's obvious that you opted in to its features.
> Not that I'm particularly sanguine about the odds of legislators getting it right, but I agree with rayiner that "open-source" isn't a GOOJF card.
Right. I think a law that said that open source browsers had to do this or that would be stupid. But that's a strawman anyway. The regulation would probably involve what advertisers could do, or regulate browsers sold with PCs or tablets, or whatever. Not that I'm in favor of regulating it at all... but the fact that it's open source has nothing to do with it.
hmm, construction and medical practice require legislation because dodgy practices may well result in harm to individuals. I don't see that's relevant here. BTW, I support the move by Mozilla.
That article states it's a logical fallacy, even though it's clearly not. When did this trend of labelling any argument you disagree with a logical fallacy begin anyway?
Is the new trope to say "you are just citing fallacies instead of having an argument?"
OK. Then instead I will say:
"The fact that there will be some dividing line between a web browser and something that sends out packets doesn't mean that we cannot establish any regulations at all on web browsers. Like there is some speed that you will get you written up while some speed marginally less than it will not -- this does not mean that there is no such thing as a legal limit on speed. Nerds often think they are Kirk talking the super-computer into destroying itself for having some logical inconsistency, when in reality the world is full of inconsistencies, and the law has already had a long line of jokers line up in court thinking that they are going to use their superior minds to outsmart the system. You are nothing new, you are nothing special, look on my works, ye Mighty, and despair."
I think it's easier on everyone to just link to a Wiki page, but, hey, I can cut-and-paste from my private text files just as easily.
A) Firefox holds its ground, Advertisers hold their ground as well. Advertisers refuse to work with websites that support the version of Firefox with "Do Not Track", unless the websites add some code to tell their visitors to use another browser/refuse to load the site. This leads to two scenarios:
Ai) Developers agree and implement advertiser strategy, Firefox becomes an unreliable browsing experience, market share slips. Firefox possibly reverses position.
Aii) Developers refuse to implement advertiser strategy (by using either another ad partner or moving to a different monetization strategy), and advertisers finally reverse position.
B) Firefox holds its ground, advertisers cave: websites start seeing less revenue from ads as targeting isn't as effective anymore, websites that get most of their money from ad revenue either start panicking and blocking Firefox users, or start putting up paywalls.
C) Firefox yields, advertisers get their way: pretty much the status quo.
D) Firefox yields, advertisers yield: some sort of compromise between the two camps.
E) Firefox holds its ground. Advertisers start finding more invasive ways to track people (flash cookies, user-agent strings, font packages ... "super cookies").
B is what I'm worried about and I'm worried that this has a 90% chance of happening. I have about 2 years of experience working in online ads in some way shape or form, and it frustrates me how much the implications here aren't really being considered.
Currently, whenever I hear "I see too many ads for shit that is too related to my interests" (paraphrased), I consider it the ultimate 21st century 1st world problem. Because this is how sites make their money, and how Google got to where it is today. You want to cut off online ads? Fine:
- Any sites that are free will undergo a paywall, as people don't work for free.
- More apps in the app stores increase their prices, as ad revenue is no longer there for the apps they create
- More paywalls and higher prices mean that lower income people and people in developing countries can't access free and distributable content.
And don't give me this BS about how "If X site were pay-per-use with no ads, I would totally pay for it" because <i>power users don't power websites</i> ... as soon as you charge for something then 90% of the users drop off. [See: Google Reader, any social network, etc.]
Most sites that are free won't suddenly turn paysites, people will continue to make blogposts for fame and the ability to sell their own products (which isn't ads in the traditional internet sense), plenty of newspapers may have to close their news sites but the best of the them will make enough money the old fashioned way: charging a few bucks a month.
And that is basically what I want: an internet of people who are writing because they want to, about what they want, not demand media writing crap. I want the rest to be paid for, or run on donations (see Wikipedia). I would love the best webmail client to be one I had to pay 3 usd/month for but which integrated PGP, instead of gmail.
Adds create monopolies, paying for services creates oppertunism for competition.
"Adds create monopolies, paying for services creates oppertunism for competition."
I REALLY disagree with this statement, namely because the data shows otherwise when it comes to the online space -- for example, Waze became a legitimate contender by <i>remaining free</i> and instead doing location based advertising. Bing and other search engines are allowed to be decent competitors to Google because advertising drives search.
Second, donations is not a scalable model for the internet, as it definitely doesn't allow for competition in any meaningful way at large scale. Why does it work for Wikipedia? Because of its mission to remain free for anyone in the world (also because of a desire to be unbiased, but let's table that for now, because as politics tells us donations don't always lead to unbiased decisions.)
And honestly, that should be the crux here: the idea of a paywall for Wikipedia or any site that advocates for free and open information dispersal would immediately devalue its mission -- a rando in Uganda should have the same access to information as me in my cushy western Tech job.
B is the option I am precisely hoping for. I find it really creepy to get cross-targeted ads. I am willing to give up 90% of the websites I view (and pay for the remaining 10%) so I don't have to look at ads, and more importantly, so that they don't look at me. After all the news about the government tracking us by gaining access to third-party services, I really don't want to give some company any more information that I absolutely have to. I regret that this hurts your bottom line as an employee of the advertising business, but just as my privacy is your casualty of doing business, your business is my casualty of maintaining my privacy.
"as soon as you charge for something then 90% of the users drop off"
Maybe you should find less obstructive ways to charge people? If the charges occurred in the background, without anyone having to log in and enter credit card data over and over, it would be a lot easier to get people to do it. If paying 0.1 cents per page were transparent and required no login or special authorizations, I am pretty sure that 90% would drop significantly.
Basically, what you need is digital cash, and you need to link it to something people already pay for (say, their ISP). Imagine if you pay your ISP for service, and as part of that payment, you received a bunch of digital cash tokens that would be sent to websites as you visited them. Yes, you would need some security to ensure that these tokens were not stolen by malicious advertisers, but I do not think that is an insurmountable problem (and it is no different than click fraud). Set a sensible default for the number of tokens that will be held at the begin of a billing period (say, enough for 50,000 page views per month -- probably more than even the most bored 4chan user will visit), and address issues related to large organizations providing their users with access (e.g. universities, libraries, etc.) and you might actually solve the problem.
It is not a perfect solution by any means, but (a) it protects everyone's privacy and (b) removes the need for spam^H^H^H^Hweb advertising.
Interesting, though I don't think the optimization of friction in payment flows is the issue -- it's more that people in general don't want to pay for access to the internet just to have to pay for specific sites/apps. It would be like paying for cable connection AND paying for individual channels -- it's stupid and a generally despised practice (and they STILL show you commercials!)
Further it's regressive, as it impacts lower income and developing countries hardest.
"people in general don't want to pay for access to the internet just to have to pay for specific sites/apps"
People in general do pay for apps and do pay for subscriptions to specific sites (e.g. Netflix). I do not think the problem is that people are cheap. Let's put it this way: imagine having to enter payment information every time you clicked on a HN link.
That is the reason sites see people running for the hills when they put up a paywall. The paywall interrupts the entire experience, and people just go elsewhere. There is also the matter of charging people enough to even cover the transaction costs -- which results in big charges that scare people off. From where I sit, the answer is to make the payments as small and transparent as possible, and digital cash is a perfect fit.
"it's stupid and a generally despised practice (and they STILL show you commercials!)"
This is where I think the problem will come in: the fact that web advertising would not go away even if a micropayment system were used. The answer is for browsers to fight advertising head on, making things like ABP the default.
"Further it's regressive, as it impacts lower income and developing countries hardest."
Sure, but that is a social problem, not a technical problem, and there are social solutions to it. Here is one idea, adapted from Jaron Lanier: pay people for their contributions to websites. Imagine if every HN upvote gave you 1/10 the cost of a single page view. Imagine if every time someone viewed your Youtube video, you received some fraction of the micropayment sent to Youtube. That is clearly a harder thing to do, since it requires that individual people receive payments, but again it is not insurmountable from a technical perspective. People in developing countries could then monetize their own use of the Internet, and possibly bootstrap their web browsing (or make it less painful).
Another idea is that developing countries can host their own websites, with their own payment structures, catering to local cultures and languages. The Internet is not supposed to have borders, so I am not a big fan of this approach, but it does have its advantages.
Power users can power websites, so long as the website's value isn't (too) dependent on the number of users it has. For example, Dropbox's power users essentially subsidize everyone else's usage.
That model may have worked for Google Reader as well. Social networks have a harder time, because anything that reduces interaction in the network reduces the value for everyone.
Interesting point, though I'm still convinced that Dropbox is the exception rather than the rule -- being a >90% margin business means you can take a risk like this and it's not really a "risk", whereas a search engine, news site, Youtube, etc. would not
That's because we're a small minority and usually convert poorly anyway, so the industry could care less.
Block third-party cookies for everybody, and the ad industry suddenly starts to care. The perennial pitches for first-party tracking and first-party ad-serving products get funded this time around, and eventually you won't be able to block ads and tracking without simultaneously blocking site content and functionality.
Having third-party cookies turned off won't cause you any problems, it's true, but that'll be because what they used to do will get done through other means.
Not many now, but if websites start feeling the squeeze from ad revenue, it will become more common (see Hulu making commercials 2-3x as long if Adblock is enabled).
It's also an unfair comparison because Adblock is opt-in -- you have to download the add-on to get it to work, which not many people are willing to do (what percentage of Firefox users use AdBlock -- maybe 5%?). DNT, on the other hand, is something all Firefox users will have enabled by default -- Imagine 20% of the worldwide browsing market suddenly blocking all tracking cookies.
Can you elaborate on the Hulu commercial thing with Adblock? Why would changing duration do anything? If Hulu can detect an adblocker, why not just not do the video at all? Playing a blocked ad for longer doesn't seem to make any sense.
...why not just not do the video at all? Playing a blocked ad for longer doesn't seem to make any sense.
Well, it's actually a fairly clever solution. If the person wants to block ads Hulu won't stop them, it will just make the commercial time take 3x as long ("commercial time" meaning silence in this scenario, since no ad is served, which is actually quite jarring in videos when you have silence for 6 minutes followed by the video continuing). The people who allow ads get to watch the original shorter commercials, meaning they don't have to wait nearly as long.
They could probably block people who block ads and just refuse to serve the video, but that could prevent people from legitimately watching the show if their adblock-checker went haywire. Plus, users would be probably more pissed if you outright blocked them rather than if you made their experience annoying.
> DNT, on the other hand, is something all Firefox users will have enabled by default
It's opt-in. My guess is that the gap between people willing to install an add-in and people willing to dig into their settings and check a box is not large.
...That would leave Firefox in a permanent state of blocking advertisers' cookies by default.
Default means this feature would be an opt-out feature, not an opt-in feature. Since Firefox now autoupdates, that means soon most Firefox installs would have this enabled by default without any user input.
I love the intention here -- but it seems obvious that this will just push advertisers to set up a subdomain that points to advertisers -- and advertisers will use ip address and/or browser fingerprinting to track across domains.
Giving another company the ability to serve content (javascript) on a subdomain would make ad companies prime targets for all kinds of hacking campaigns. Their ability to serve javascript and probably access session cookies on a large number of domains would turn them in some kind of skeleton key. This is bad for both the advertisers, the websites serving their ads and the visitors of those websites.
I certainly hope people would think twice about actually implementing something like that.
The irony of this article appearing on Business Insider, a site which won't work if you try to load it with Ghostery or AdBlock enabled, is rather piquant.
EDIT: Maybe I'm doing something wrong, but the only way I can get an article to show up on this site is to disable all plugins, and load it in an incognito window. Up-to-date Chrome on up-to-date Lion.
Every time I click the "Continue to business insider" link I am redirected to the same page with the "Continue to business insider" link. I'm using Firefox and Ghostery on XP.
Weirdly enough after four of five clicks it finally directed me to the article.
Exactly the behavior I see, except that I've never gone more than three clicks before giving up and trying in an incognito window (where I have all plugins disabled). Since that tends to work, first try, it's become my default.
There has been some talk that the reason Chrome stopped gaining share against IE and Firefox was because of the do-not-track situation. IE9 had it and then turned it back off by default, Firefox was the first to implement it and it is considering making it the default.
This is what I predict will happen, should Mozilla begin shipping with it turned on by default.
Advertisers will modify their contracts such that they pay $x if tracking is enabled on the browser and $y if it is not. $y will be much less than $x, perhaps 1/10th the amount because the Advertiser will argue it is harder to detect and prevent fraud without the tracking cookies.
Web sites will then these do not track (DNT) sessions as "low value" sessions and will either refuse to display content, or force some difficult to subvert captcha movie watching thing with survey in order to establish the low fraud barrier and get the 'good' price for ads.
The result will be that 'free' web sites will become even more obnoxious and subscription sites where they actually reduce or eliminate the advertisements altogether will become more practical.
I have just never realised there are people like johnathon on our side out there. Thank you.
I also just realised that there are sites in the US, UK, Europe to watch and follow debates on each parliament, but the debates on the important workings of these groups seem to be sporadically reported, even here on HN.
Anyone want to help me setup a "theyworkforyou" for w3c working groups?
(I mean if congress rules how a browser should behave in the US, does it affect me here? If not then frankly these groups overrule each individual parliament in fairly significant ways )
I do think there's something to the argument that any reasonable implementation of "Do Not Track" would just further entrench the companies who already have large consumer traffic (Google, Facebook, et al), by virtue of the substantial privileging of first-party cookies over third-party cookies at that point.
Now, you could argue, this is desirable -- after all, companies with large consumer brands have much more at risk in terms of doing unethical things with data (yes, I'm aware of the irony of saying that after the PRISM issue, but I think that only affirms my point). At the same time, does Google/FB/etc need any more help in dominating advertising than they already do?
Wikipedia says 85% of Mozilla's revenue is from Google. Mayer's moves are sure to ruffle some feathers at the search giant if they go through with it in Firefox.
Indeed - in fact, one little-discussed concern over 3rd-party cookie blocking is whether it would consolidate the power to track users into the hands of a few already powerful online companies (Google, Facebook, anybody that serves cookies on the domain that you also visit...)
Jonathan and Firefox have yet to explain how embedded modules like Disqus, Stripe, or similar are meant to go about their business and without resorting to the EverCookie-like tactics? Facebook or similar apps requiring stateful sessions? I guess we'll all just setup 2nd party sub-domains for advertisers, or serve our ads off a Google domain (or <insert entrenched advertiser>).
As long as I'm still allowed to block 3rd party cookies with a few exceptions (like Disqus), I don't really care.
If we (e.g. Mozilla, others, open web supporters) want to educate users about 3rd party cookies can't we just create a new startup wizard or something, like the windows "choose a browser" popup?
It is also riddled with technical errors that suggest this journalist lacks even the basic understanding of technology that should be a prerequisite for working in this space.
This is all especially frustrating because, for some strange reason, these Business Insider pieces get a lot of traction online. This piece is on the HN front page at the moment, and their last, similarly asinine, piece about the proposal to block 3rd Party Cookies in Firefox has over 3,000 comments on Reddit. [1]
For a more accurate representation of the current state of Mayer's 3rd party cookie blocking patch, read Brendan Eich's recent post [2].
[1] http://www.reddit.com/r/technology/comments/1dy74c/jonathan_... [2] https://brendaneich.com/2013/05/c-is-for-cookie/