Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
everdrive 3 days ago

Can you describe in more detail what sort of techniques were used to target and track people? What sort of privacy mitigations were feckless?

aerostable_slug 3 days ago | parent [-]

It wasn't so much that privacy mitigations were feckless, it was the fact that people who did things like falsify their User-Agent strings tended to cluster into distinct groups very nicely, and hence it was easy for the targeting algorithms to feed them effective ads, landing pages, etc.

The targeting system went "oh goody, privacy geeks" and was able to very effectively do its job. This is because ad tech systems care less about you as everdrive the named individual with privacy interests and other human aspects, and more about you as some potential consumer of goods.

While it's possible to use the systems to profile people in the sense that a stalker might, that's not really the intent (in the way people like to think of it). I (in the past tense, I don't do adtech anymore) honestly don't care about you, I just want you to buy shit from the people who pay me to sell you their particular flavor of shit. If you hiding your exact name or browser details or whatever makes that more likely (it turns out it did), then hooray! There's no conflict there, where to some there would be (because their assumptions about motive are all wrong).

In terms of what techniques, we found machine learning (stats) way back then did a pretty good job of clustering people based on things browsers return (monitor resolution, OS, etc.) coupled with time of day, search terms, and other things you can't really suppress. A completely contrived example might be pushing expensive pediatric electrolytes to someone with a large-screened Mac looking up baby flu symptoms at 2 am. The "system" did a far better job of real time targeting with this stuff than any human could, and the things it would cluster on were often rather unintuitive.

everdrive 3 days ago | parent [-]

Thanks, this is a really useful reply. With regard to identifying privacy-focused users in your system, I'm sort of imagining the following scenario:

- user has a bunch of privacy mitigations and tweaks in their browser

- user logs into your commerce site, searches for stuff to buy

- commerce site knows who the user is since they're logged in, and per your comment can infer whether or not they're wealthy, have kids, etc. based on the user activity and whether or not the user is likely have an expensive screen & GPU, etc.

Does that sound right? That's really interesting, and something I'm embarrassed to say I hadn't really thought of. In other words, I've spent a lot of time worrying about cross-site tracking, and advertising domains, etc. However, if I'm purchasing from Amazon they know it's me since I'm just shipping to my own house. Even in a scenario where my browser is magically un-fingerprint-able, it's obviously me since I'm using my account and shipping to my house.

In other words, I may potentially have prevented a bunch of cross-site tracking and fingerprinting. Perhaps when I go to washingtonpost.com they don't know I'm the same person that Amazon knows about. (that might be a best case scenario) However, by virtue of the fact that my privacy config is operating all the time, Amazon has also learned something about me I didn't necessarily need to tell them -- ie, that I'm privacy-focused.

Do you think that's a fair assessment, or am I missing the point?

aerostable_slug 2 days ago | parent [-]

> Amazon has also learned something about me I didn't necessarily need to tell them -- ie, that I'm privacy-focused.

Exactly, and it turns out privacy-focused people tend to be relatively self-similar in many ways and, at least back in the day, were easier to advertise to.

Now, Amazon (or whomever) still doesn't know your name, but they are still targeting you and, what I found super interesting, is the fact that it was often more effective targeting than if the person was just part of the bulk of the population. It's kinda like if the system observed all the nonconformist teens like to wear Doc Marten's.