What this person mentions is really just the tip of the iceberg. They link credit cards to phones because GPS coordinates and WiFi networks nail down your address, which they cross-reference with the billing address of credit cards.
They know who are you sleeping with, or if you aren't sleeping with anyone. They know your age and all the insecurities you have about your body, not to mention your health problems and every embarrassing fact about you. They know where you've been, where you're planning on going, and your political preferences. They know if you've donated to political parties, attended political rallies, if you voted, where, and when. And they know all your friends.
And we just let them do this. As tech people, we built this. And all the along the way we told ourselves it was fine, because it was very lucrative for the entire ad tech/fintech/startup ecosystem, and us personally.
From the outset people have enjoyed free services, and free means and ment “paid for by advertisers”, facilitated by Big Tech.
We created an economic system that is at times both parasitic and/or symbiotic in nature. We enjoy the free, we enjoy the bargain bin prices of Amazon shopping, we enjoy being nurtured by marketing moguls who will tell us what will Solve All Our Problems.
Paid for by advertisers != paid for by ads backed by persistent surveillance
The public promise was always it's free because we show you ads. The general public equates that with having to view a billboard on the highway. The fact that persistent surveillance is used to serve ads now is never called out or publicized by these companies for a reason. They know that most people would think that is creepy and that they are going to far.
The reasoning that we give the users a free app therefore we can do everything in our power to surveil and exploit the information of those users for money is bs. I can't think of a single person who has no conflicts of interest that would say otherwise. There is also so much hand wavy stuff thrown around with this argument like "but we're making the world a better place, so the means justify the ends". I haven't worked at any of the large social media or similar companies but I still feel guilty like I have blood on my hands because of those that feign altruism while being bloodthirsty capitalists in this industry. I am definitely a capitalist but some actions just aren't moral and I don't think we should ignore the reality of those actions.
As someone who never sees ads on my phone or online, here is how:
Ad blocker (uBlock Origin) in the browser.
No social media apps on the phone. No other "free" apps on the phone. Location services always disabled unless I'm actively using Maps navigation. Bluetooth always disabled.
I pay for YouTube Premium to not see ads. If there is another app that I find useful, I pay for it to not see ads.
It's kind of cute you think youtube and other google services aren't geolocating you (approximately) by the IP of the ISP you're on at any given time, and your pattern of life analysis using the internet at work vs home vs friends' wifi. And when your traffic shows up as coming from IP blocks belonging to your LTE mobile phone carrier vs a terrestrial ISP.
If they have a data set from a hundred other people whose behavior you can't control, using android phones in a default configuration, in a residential /24 DHCP IP block belonging to some last-mile ISP, where those people do turn on location and GPS services, and you regularly show up with traffic from the same block, you're being correlated with your neighbours.
Additionally lots of other people with fully-default android or ios location/advertising permissions are using other social media apps from the same netblocks that your traffic regularly appears from in a predictable daily wake/sleep pattern (facebook, instagram, twitter, reddit, tiktok, etc).
These correlation methods exist, and indeed reveal a lot about you, but they have precision limits. In rural areas, the ip block might be as large as an entire municipality, or even larger. If you turn on location services, Google knows which house you are in, and even where you are inside that house from the wifi networks you give them.
I live in a suburb and my IP frequently locates me all over the place spanning multiple counties and millions of people. So it is only really useful to get region.
Within the precision limits of what they'll publicly tell you from ARIN registration data for your ISP's netblocks and other geolocation services like maxmind, yes. But not in terms of what data they actually have access to for peoples' android phones in their homes, with full location services and GPS turned on, in IPs directly adjacent to you in the same last mile service segment. They don't share that.
That doesn't mean the apps aren't using analytics services that feed the data back to ad networks. Not only are these data useful for targeting ads to you later, they are useful for targeting to other people since they can be used to infer characteristics and behavior of similar people, which can then be used by advertisers for more precise targeting.
There's an built-in conflict of interest with mobile platforms, both Google and Apple, who both run advertising networks that are incentivized to collect data on you to improve targeting, whether you look at ads or not.
(It is helpful that Apple's core business is not advertising, though I still don't trust them.)
I’d opt for a clear contractual agreement that could be entered and exited, or a paid alternative priced fairly.
Same with the phone, one shouldn’t pay for a phone in cash (or payment plan) and continue to pay indefinitely with personal data. It could be worked out contractually that way a person knows what they are buying at time of purchase.
we enjoy being nurtured by marketing moguls who will tell us what will Solve All Our Problems
I don't think we do enjoy that, at least not once we're experienced enough to understand that it's all lies designed to sell us stuff rather than actually help at all.
Some of the "tech people" collecting their annual FAANG bonus would be incredibly upset if the 24x7 surveillance they helped build, would suddenly made personal.
Nobody gets upset with the 24x7 web browsing, video gait tracking, street video and audio recording, face-rec, FBI planes recording 24x7 for post analysis of possible crimes, etc...etc...As long as they do not see it.
Put "just another camera" a few meters and suddenly everybody is a ranging lunatic.
PS: Before you are going to criticize the ethics of the "human experiment" above....With comments mentioning privacy, consent an all that. Please make sure you do not work for one of the Silicon Valley companies enabling this and much worst :-)
You’d think that if they knew so much then they’d know to stop serving me ads for services I’ll literally never use. I am very surprised at how bad the ads I get are and how much they miss the mark and are a complete waste of money.
I get that for some people advertisers seem omniscient but man do they miss the mark with me. Getting Trump ads (I may as well carry a bash the fash bat) and advertisements for services that I am completely against. It’s like, “how fucking dumb is the algorithm? Do they really think I want to work in an Amazon warehouse when I make $400K/yr??”
They don't serve the ad that is most relevant to you, or even the ad that you are most likely to click on, they serve the ad that advertisers are willing to spend the most on.
> they serve the ad that advertisers are willing to spend the most on.
I guess my point is - why spend any money on me with these specific ads? They're not going to have any positive outcome. How many leftists get shown a Trump ad and are like, "Hell yeah I'm gonna donate/vote for Trump!" - it can't be any amount that makes it worth it...
I can imagine an endless number of scenarios where the person setting up the targeting doesn't particularly care about the efficiency. E.g. they were told to spend the entire budget, and can only do that with blanket targeting, and they'd rather just follow orders than push back.
> They know everything but they are completely unable to use it for advertisement.
You're almost right.
The data they collect wasn't ever intended to be used for advertising purposes. They do it because they seek to pivot from adtech to the much, much more lucrative and entrenched govtech in the future.
I have the same experience. The only thing Facebook has figured out about me is that I like bicycling (because I post about nothing but bicycling on Facebook.) Other than that, their ads are complete nonsense.
If an untargeted Trump ad impression costs $.02, targeting is worth no more than $.01 to the ad buyer. Meanwhile, the information might be worth $.10 to the local DNC or $5 to a prospective employer. The information would need to be laundered for the latter use case, but that's quite doable and economically so.
One use and price point doesn't necessarily preclude the other but discriminatory pricing is easy to arbitrage in the information market, so in practice it makes sense to ditch the low value applications in order to fully extract revenue from the high value applications.
I wish bad ad targeting meant that this wasn't happening, but wishful thinking doesn't make it so :/
This is something a modern Hitler would love to have access to. You never know who will be in charge tomorrow and whether you'll make the list of people to go to camp or get a special "vaccine"
That sounds optimistic, to be honest. I find it difficult to trust that strictly only "people in charge" have access to the datastores and profiles these various adtech companies manage.
Is there already an underground market for person-to-person sale of information about individuals for relationship-tailoring purposes, or could there be soon? And would those become commonplace or even socially accepted if so?
Those are the kinds of question I have about the territory we're getting into, and I wonder what the implications would be for society.
And by “we” I hope you mean consumers as much as the people who built this. Some may say this is a systemic problem and I don’t necessarily disagree with that but I think that narrative obscures the fact that the average person literally does not care. Maybe privacy-conscious tech nerds on the internet care but normal people really do not care at all because if they did they would not consent to it when purchasing an iPhone or Android. The public is well-aware of the lack of privacy of these devices yet their behavior does not change.
If you are a tech person who cares about your privacy then buy a Linux phone. Apple and google and government are not going to change this when there is no significant public will to change this.
> but normal people really do not care at all because if they did they would not consent to it when purchasing an iPhone or Android.
These platforms literally do everything possible to obscure what you are actually agreeing to. Google, for instance, has lawyers sign off on privacy design docs that set the verbiage on dialogs that users agree to. The lawyers are there to make sure it is as vague and as broad possible while being up to a hair's breadth of what is legally defensible.
Consumers are deliberately kept in the dark. One might say they are naive and trusting. But most would absolutely disapprove if they sat at the "God console" and saw other people's lives the way the vast towers of computing power and machine learning can. It's like a wireframe view of an ant farm, but with people.
> But most would absolutely disapprove if they sat at the "God console" and saw other people's lives the way the vast towers of computing power and machine learning can.
Sure maybe they would disapprove but they would probably still use their phones even after being horrified by the god console. The fact is that the average person is already aware their phone is spying on them without being told by the manufacturer yet they still use their phones. On a visceral level, the benefit of their phone far outweighs abstract privacy concerns.
For example, a troubling amount of people were seriously paranoid about 5G somehow causing them harm. What percentage of that group do you think will continue to use their 5G phone? I would guess upward of 80%
> But people still smoke even after seeing pictures of cancer-ridden lungs.
Great point all around. Similar to the smoking problem, I think if we want behavior around privacy to change it will require large amounts of funding and public campaigns. I think it’s unlikely there will be a grassroots effort.
> On a visceral level, the benefit of their phone far outweighs abstract privacy concerns.
True. Most have been fed the "if you have nothing to hide..." bullshit for too long, so they now think only criminals must have something to hide, which is nonsense, and paves the way to potentially horrific development if taken to the letter.
I get that it feels like that. I've been on the other side of these discussions and it's painful there too.
I've spent hours wordsmithing some text in a dialog that explains exactly what the problem is to people, then watched people blow through the dialog and get angry when they couldn't figure out what's wrong.
I think it's important to understand what you're agreeing to in simple, plain terms that aren't a mile long. But the legal system is so tortured with tort cases that you can't have a simple agreement like that and be protected from lawsuits where people are just trying to make a buck off you.
Surprised to see you mention fintech. I think you should leave them out of it — all this dystopian shit is made by the evil “don’t be evil” people.
It’s ironic. When I was 18 and I heard about people doing HFT I thought it was unethical, siphoning money from Joe Shmoe to evil rich people. The older I get, the more I realize Facebook and Google are the truly evil choice — it’s the people in HFT that can have a clear conscience.
IMO Google and Facebook have their hands remarkably clean relative to the rest of the Adtech industry.
I've heard some crazy shit about how much money comes from adtech to fund blackhat data brokers. Adtech buys hacked databases on underground markets, but more than that they fund supply chain attacks to get highly intrusive adware into popular apps. They frequently buy up applications that have a wide install base on phones and browser extensions, and then on the next update, request maximum privileges and use it to loot as much as they can from user systems.
It's a symbiotic relationship. Shady ad networks are often used by criminals for narrowly targeted attacks (advertise this crafted phishing site to women aged 25-35 in the greater Dallas Fort Worth area who are recently married). Those criminals use that access to obtain more private data which they sell to adtech companies. It's a pretty gross business.
In other news, HFT isn't bad because it's HFT, it's bad because order matching services have a bunch of shady, undocumented order types that are designed to allow HFT firms to specifically extract winnings from retail investors. They are absolutely economic parasites, and no one has any incentive to stop them.
While I agree with you on FB and Google. Fintech isn't just trading. Financial data is tracked and sold by these financial tech / services companies just like browsing activity. Even the "privacy first" companies like Plaid, who doesn't sell the data, would have given up their data to Visa had the acquisition gone through. All these companies are incentivized to track everything they can.
Bingo, and very well put. I have several friends who work at Facebook. I won’t, and this is why. I honestly think part of the reason Facebook pays such a premium for engineers is the ick factor.
I've got a question for anybody who works in ad/marketing tech - is what Robert is describing something that you've worked on/with and seen successful results? If so did you build it that way intentionally? Like, I totally understand that it's possible, but has anybody intentionally built something that tracks or correlates peoples location so they can group them with similar interests and sell them similar products?
To me, the stupidest simplest solution is probably the most likely - some naive marketing analyst probably just grouped all traffic coming from the same IP address into the same bucket and blasted ads to them based on recent Amazon purchases at the same IP address.
Yep, this is called cross-device matching. Generally consists of some modeling for devices seen together on the same IP address. One of the notable AdTech companies in cross-device modeling is Drawbridge (purchased by LinkedIn).
It works, and it's awful. I was looking for a present for my girlfriend, and she started seeing ads for the things I was looking at. About a week later, she was excited to show me her new purchase... and I'm scrambling to find a new gift idea. And now I'm paranoid -- it seems that the only way to stop this is to make a cash purchase in meatspace.
Your credit card company will still sell you out - but that does take a little more time, and will only include one item (rather than your entire browsing history) - meatspace cash is likely to help with that, but that’s much less of a problem in your context, I think.
I use uBlock Origin and have an iphone. Unfortunately getting an adblocker is not as trivial, so inertia took over and I see ads on youtube app and I see ads when generally browsing the web on the iphone.
I notice that over the course of the last year either some really sophisticated newer algos are being put to use, or the collaboration and sharing of information between ad networks has been streamlined or increased in some manner because I'm being served ads that are creepily relevant. But in any case, the clues and data you leave behind, they're aplenty and quite suspect to being compromised and pounced on by ad networks. I think at this point if you wanna play tango, don't only just play defense (ad block), go on the offense as well and use adnauseam to pollute the profiles they've built of you.
I want to articulate as well the annoyance I feel when being served targeted ads: an ad, if it's related to my interests, even tangentially, it does grab me, and no doubt it probably compels me to make some decision one way or the other. Particularly, what gets me, I believe, is both the mental overload of being served ads of "relevant" things which will attract my attention too much and clutter my mind and distract me, and the sheer arrogance of pushing things it believes are relevant to my interests.
Adguard on iPhone works alright, hooks into the Safari blocker API. It's not as effective as a proper blocker on Android but it does improve the experience.
I also run my iOS devices over Wireguard when out and about to my home network which runs a pihole DNS server. Works surprisingly well and also catches ads in apps that way.
I took a picture of a friend's headphones on Snapchat that they had left in my car. In the next week I started seeing ads for that exact model, and they were distinctly identical. Not a fun user experience.
I have an iPhone with AdBlock Pro and I use NextDNS on all my devices. I almost never have any ad with NextDNS (paid version) so for me it works really well.
Sometimes it’s « annoying » because I click on links from articles and emails and they are blocked so I can choose to give up or disable NextDNS for this time but it’s my choice to be tracked
Well. I would postulate, that targeting iphone users would be numero uno priority at any self-respecting adtech company, since its a strong signal that marketing does in fact appeal to you more strongly and you likely have a lot of "spare change"...
Magic Lasso works well on iPhone/iPad, and so does Firefox Focus ; I have both installed, not sure how they divide the work, but I hardly ever see an ad in Safari or Firefox on iOS.
Don't forget, a VPN, a new email account and a new phone number for "2fa". Also, where is it getting shipped? I can't receive packages at work. The "convenience" of shopping online is a legend from my youth
And by meatspace cash, it has to be pieces of paper and metal. If you use a debit card, the payment network knows anyway. And that might not even be good enough, if you carry your phone, they have your location at that time, so if someone really wanted to, it's probably not even hard to correlate the relatively rare cash purchase at that exact time and place and know it was you anyway.
Will Firefox and uBlock Origin prevent my IP address from being discovered? Sibling posts indicate this was probably accomplished via IP address targeting.
> We also use Cardholder Information for marketing purposes and to conduct research and analysis. We may provide certain Cardholder Information to companies, including our affiliated companies that perform business operations or services, including marketing services, on our behalf. We may provide certain Cardholder Information to others outside of American Express as permitted by law, such as to government entities or other third parties in response to subpoenas. We may develop marketing programs and send you offer for products and services. We do not share customer addresses with other companies for them to market their own products and services.
True. But if I buy a gift card with my regular CC, my CC record would have a line that says "purchased a gift card", but I don't think the actual gift card number would be there? And on the GC data there would be whatever I bought, but there's nothing linking the GC number to me, is it?
Yeah, I guess it depends on the level of data sharing and how good AmEx is at identifying its users based on other data points. Either way they are explicitly stating they're gathering data and passing it on in a much more standardized and defined form than they're willing to share with the consumer. Entities buying the data are probably throwing a lot of capital into joining datasets on a macro level.
Another comment mentions privacy.com as a solution. I've actually thought of creating a little terminal program to leverage it because it's a neat product and super cool they're maintaining a well-defined API for it.
All this ultimately bums me out though. Jumping through so many hoops to avoid this intrusive (and increasingly default) behavior can't be good for mental health. Plus where do you draw the line? When it's so widespread and largely unaccountable while everyone is saying it's up to the individual to avoid it, it really starts to feel rather quixotic trying to take measures to protect yourself.
She's the IT expert of the house. I don't tell her what to install, or how to manage our network. If anything, I should put a pihole on my wishlist -- but even that wouldn't solve the problem that all of our metadata is correlated, and nothing blocks first-party tracking
> but even that wouldn't solve the problem that all of our metadata is correlated, and nothing blocks first-party tracking
That's true – nothing stops Google from knowing what you were looking for – but if your girlfriend was seeing ads, she wasn't using uBlock: because it blocks all first-party ads, too.
I think a much bigger problem here is that almost nobody uses Firefox for Mobile. Also, uBlock doesn't block ads across native apps (for instance, YouTube).
The solution is to use something like NextDNS as your DNS provider at OS or router level. At least on Android 9+ and most latest Linux distributions (via systemd-resolved) no additional software is required for it to work.
I don't see much of a difference between recommendations and ads, personally. And in this context, the distinction is moot. Ublock doesn't hide amazon recommendations, does it?
That's a good point. But in such a case, it's neither cross-site tracking, nor ads. It's just Amazon's recommendations based on a shared IP address.
uBlock can be used to block both, "Sponsored" products, and Amazon's recommendations. But it won't help when using Amazon's native apps – which many people probably do.
You either have to use a VPN to hide your IP address (Mullvad seems to be trusted even by Mozilla), or at least switch to your mobile 4G/5G connection when doing anything more privacy sensitive.
What stops Amazon from purchasing my data from my credit card company and other data brokers? Those recommendations are advertisements for products, and they are almost certainly informed by third-party data. You can't block cross-site tracking by any technological means when you're giving out your name, phone number, credit card, and home address -- you'd need to generate a whole new identity every time.
I agree that ublock, VPN, browser compartmentalization, etc are all really good practices. But they don't stop a first party from sharing everything they know about you, or embedding content derived from third-party brokers
> Those recommendations are advertisements for products, and they are almost certainly informed by third-party data.
The initial example you gave was almost certainly informed by your browsing behaviour, because that's when those product recommendations started.
I agree, that it has become impossible to completely avoid being tracked, but there are many tools that can significantly reduce the data leakage.
In case of credit cards, that's what virtual disposable debit cards, such as from Privacy.com, are for. I personally never use my physical credit card for online purchases.
Reminds me when I was getting relentlessly retargeted ads to purchase something. So when I did, I paid cash to keep the ads coming and mitigate any attempts at offline attribution.
It doesn't, as you ask, prevent tracking of my online behavior. That's a lost cause. Cash allows me to hide select purchases, as long as I don't do any comparison shopping online. And that prevents disclosure of gift purchases to my housemates.
While not strictly accurate, it's easiest to think about it as a simple machine learning system. The system can't be interrogated, so you don't really know what correlations are being made.
The actual way it works is in layers. There's a human layer, using logic to create segments or other targeting methods. There's the ad network's automated optimisation options. FB really took this to the next level. There's retargeting. Bidding, and the economics of advertising plays a big role in giving the system intelligence. 3rd party ad management software.
Each piece/layer typically ads additional data to the set. The human/advertiser generally does this this by uploading or tagging their own customers. FB, for example, will allow you to create a "similar" list, where it finds user similar to those you designate. Similarity is somewhat ambiguous. FB/Adwords is where the heavy lifting happens, most commonly via bid optimisation.
The only intention is "goals per $." Price, and volume. As I said, the sausage factor is complex and no one sees the whole thing. In practical terms, a massive NN optimizing for sales/signups/etc itself is a decent analogy... and increasingly not an analogy.
These tweets are a pretty decent sample, though I suspect these factors (association with other phones/users and such) are more active in bid optimisation than list generation. Hands off stuff is gradually overtaking the "hand coded" elements. These, I imagine, can take advantage of wider set of heuristics.
List generation is dumber, and feels more hand coded. Basic demographics, facebook/instagram interests.
Just FYI, it's "carrier-grade NAT". And there are a lot of ways to associate people with each other other than their public IP address. The linked twitter thread doesn't even mention IP addresses, neither does the comment you responded to. I suspect IP addresses are already a pretty inaccurate way to link people with each other.
It likely doesn’t for IPv4 now that everyone has switched to HTTPS.
Many ISPs used to insert “client id” and other uniquely identifying information while NATting/proxying. Luckily, they can’t do that for https - but I wouldn’t put it beyond them to sell a back channel “connection xyz is unique user abc” service.
However, with the move to IPv6 , at least in my area, NAT is gone and static assignment is in. You just need to know the isp’s prefix length, and you get a unique identifier.
I think the question isn't so much how it works with that (as in you are pointing towards it just not working) and instead just how well it works with that.
Do you have numbers on how many consumers in say NA, various European countries etc are behind CGNs? I would guess most are used by mobile carriers (but I have no data) and I would gather that this particular technology is not going to be used to try and associate random mobile users anyway. It's more about who likely lives in the same household.
Google has that covered since many of those behind CGN are also on networks with native ipv6. Many mobile networks have already made the switch - dual stack to the handset with native ipv6 and ipv4 handled via CGN.
Googles interest in ipv6 isn’t entirely altruistic after all…
There are other identifiers that can work cross-device other than IP. Basically anything tied to you (identifying or not) that exists on both devices can be used.
Have you logged into a service or websites on multiple devices before? Then you voluntarily gave them enough data to link it.
Heuristics. Marketers do cross-device correlation only when seeing a small number of devices (ie. look like they could be part of the same household). If they see hundreds of devices behind the same IP it's probably a larger entity (ie. a company office).
My wife works with digital ads - on sale side, not tech - and the products that they offer in terms of geofencing goes something like this: they have a bucket of tracked people that went to a car show or a dodge dealer that they can then push ads from a local Toyota, or whomever her customer is. They further can track and determine how many of those people actually went to the said advertised dealer.
They did a compare for one dealer: out of 150 people that got pushed ads for the dealership 12 ended up buying cars there afterwards - on a higher $ purchase that’s pretty significant conversion.
Ads are a pretty good proxy for how much profit a sale is. While a car is a high $ purchase, moving your $40/month cellular plan from one provider to another is $thousands of profit loss for one provider and $thousands profit for another.
> To me, the stupidest simplest solution is probably the most likely - some naive marketing analyst probably just grouped all traffic coming from the same IP address into the same bucket and blasted ads to them based on recent Amazon purchases at the same IP address.
I agree with this as well. I've been living back at my parents house for a bit while I'm between properties, and I definitely see ads for stuff targeted at my parents. Sometimes I worry there might be a privacy breach there, e.g. my Dad has been suffering from a condition recently and I've seen ads for coping with it come up on my computer, most likely based on his google searches or whatever.
Ultimately, all attempts at attribution are heuristic in nature. Marketers know a single IP doesn't represent a single person, but if it's the best they can do, it's the best they can do. Even for services with accounts, tracking can't be perfect. When my wife's phone or laptop is closer than mine and she's logged into Amazon Prime or Uber Eats, I'm ordering through her account. Now she's gonna see ads for gym equipment she has no interest in. Oh well. It doesn't matter how good your location, device, browser fingerprinting is when people share locations, devices, and browsers. The only way to know it's really me is to get my actual fingerprint or some other truly unique biometric identifier.
Let me tell you this: I'm from the Flemish part of Belgium. YouTube and other sites with ads can't figure out that I don't speak French.
So even with this simplest of use-cases: GPS says I live in Flemish part, never search in French, etc. Still they sometimes show me French ads, which is a total waste of course.
So I don't believe the tech is so crazy advanced already.
There are a surprising amount of people that think Belgium is majority French speaking. While I understand Belgium is tipping few foreign curricula with such trivia, I blame it for this default across the many services that do it wrong. Also, non-Belgians I meet rarely know two-thirds speak Dutch rather than French.
It's a little different. Targeting these days is more and more machine learning driven. So it's not really someone sitting down and saying "show an ad to anyone who stayed at a house with someone who bought this toothpaste". Rather, a bunch of data flows into Facebook and it uses those signals to decide who should see what. It's not a naive analyst. It's a statistical engine (and yes, that engine can sometimes be naive, and it's working off of really noisy data).
For example, any good Facebook marketer probably uses "lookalike audiences". You upload some existing customers and then tell Facebook to show ads to people who are "like" your customers. Facebook then used whatever data it has to find similar users (demographic, interest, geographic, behavior etc).
In fact, lookalikes can be so good that any good marketer also knows to _exclude_ existing customers from the lookalike audience (unless you're actually retargeting your existing customers).
For about a week now, about 80% of the YouTube videos I've watched on my Android TV has been tampon ads, body hair removal machines (legs, not beard) and similar. My SO never uses this device nor the account.
I've disabled personalized ads, so YouTube tells me it's showing me these ads mainly due to time of day and the type of video I'm watching...
I can't be certain, but I'm pretty confident the number of tampon users watching videos about repairing parts for earth movers at 2am is rather low compared to those not using tampons...
So while others may have cracked the code, YouTube certainly has not.
When I was shopping for wedding rings, I started seeing ads for Peoples when streaming on tv and on the SO's own phone. This despite the fact I usually browse with an ad-blocker, no-script, and delete cookies. The tracking is remarkably invasive.
> To me, the stupidest simplest solution is probably the most likely - some naive marketing analyst probably just grouped all traffic coming from the same IP address into the same bucket and blasted ads to them based on recent Amazon purchases at the same IP address.
Yes, the dirty secret of basically all discussions about tracking on the internet is that IP+User-Agent is a pretty good baseline that is commonly used.
A lot of this is described in the book ‘The Age of Surveillance Capitalism’ by author Professor Shoshana Zuboff[1]. There’s also a good documentary on Netflix (I forget which, I think it’s ‘The Great Hack’[2]), explaining how the ‘Cambridge Analytica’ scandal utilised personal data and more importantly behaviour.
They’re just scarily good at predicting what you are going to do. They’re not listening in. It’s far scarier/more insidious than that.
I'm sure there's a lot of actual data sharing going on, but I also wonder how often these are just the Baader-Meinhof effect (noticing recently mentioned things everywhere).
Today I made an insta post about sand that resembled dunes at the beach, mentioning a camel in the description. Less than 5 minutes later I saw the camel logo at the beach bathroom, on someone's discarded cigarettes.
Here it's obvious that there is no connection. But if I had instead randomly seen a camel cigarette ad online at that point in time, I might have seriously wondered if it's because I mentioned it in the post.
There are definitely IP address based tracking going on.
My partners birthday was coming up and I thought she might like a weighted blanket as a gift.
Within 10 mins of doing some light searching for prices and local outlets on my office computer, she came into my office smiling asking if I was planning on buying her one for her birthday.
She had suddenly seen multiple ads for weighted blankets appear on Facebook.
This was the most obvious example, but there have been many others were one of us researching something through our home internet connection will affect the advertising the other person sees.
I now have to be more careful in how I do my gift searching. Personally, I'm not really seeing this type of targeted advertising as a net positive.
A simple experiment is to try thinking of some consumer product which you don't normally use and wait until you see an ad for that product. Make sure not to pick something you talked about recently or something you were reminded of by the media. In my experience you will be surprised how quickly you start seeing ads for that thing all of a sudden.
>> I wonder how often these are just the Baader-Meinhof effect.
No. That is, there's Baader-Meinhof effects, misattribution and other things going on at the surface level... but the actual reality is much worse.
Ad tech is the entirety of FB & Alphabet. Ad tech is their business and as an industry it rivals energy, shipping... everything but defense. It is the tech industries' biggest achievement, and the most economically significant "big data" and machine learning sector. Don't underestimate it.
Tracking and snooping are the single most important element in ad tech. Views & user volume is secondary.
Moved into a new place, in Poland. Bought a new smart TV, it was a Samsung (kaput after 2 years). Me and my wife decided to have an impromptu singing session just bellowing out 'Hotel, Hotel, Hotel, Hotel, Hotel, Hotel' in a Pitbull (Cuban rapper) style whilst looking for holidays to book.
Within the next 5 minutes, Trivago was on the TV. Now bear in mind I have literally never seen Trivago being advertising on the TV and all of a sudden their catchphrase at the end of the ad got me 'Hotel, Trivago'.
Safe to say me and wife had a few minutes of WTF just staring at the screen then each other. That's when I truly became convinced that everything is listening. Could have been a coincidence though but it was an almighty coincidence to say the least.
Google and youtube are the same company, so it's not exactly surprising that they'd share data. As for whether it's creepy, I'd say it isn't because you explicitly gave up that data. This is slightly different than something like google/facebook tracking you via third party cookies, because that involves no consent at all.
I do lean more towards coincidence but since then there's been no Trivago ads.
To be honest, the ads on TV are basically on repeat so this is why it stood out so much, the fact that I can practically give you the schedule of ads that I am about to be shown during a break which does not include Trivago is what gets me.
Reality is nuanced in a way that nothing was actually listening, but there were also other stuff going on that people don't expect, like credit card companies selling purchase history data, or companies buying data sets to aggregate, correlate and de-anonymize them. But the fact remains that whenever there's something, it's going to be abused.
I am just amazed people pay attention to the ads. I’m sure this is happening to me but my brain has gotten so good at filtering them out that I have no idea what they’re even trying to sell me!
That’s exactly the intention. There should not be a conscious connection between the ads and the actions, because it would reduce the effectiveness.
Thing is, your brain does all the processing: it reads the label, it detects the colors and brands, it associates it with previous experiences and reinforces all these connections. Then, at the last moment it decides not to engage the neocortex, so you’re not consciously aware of it.
I'll notice the look and feel and signifiers, but I go out of my way to avoid noticing the actual company name. After the ad is gone I'll sometimes try and recall the brand just to make sure that I can't. Usually I can't.
For the scarce Youtube ad I get, I made it a habit to close one eye, focus next to the video, not see the ad, and only look at the 'skip'-button. What also comes in handy is having a hardware volume knob for my speakers; with one tactful twist of my fingers I turn the volume to zero. This way, I actively prevent ads from entering my brain. See no evil, hear no evil.
Doesn't matter at all. If your eye can see it, it goes through the object detection process. Attention is not necessary. In particular, the brain associates it with all adjacent information.
I'm with you, but I'm just assuming we're a minority. Otherwise all those companies paying big bucks for "boosted"/"pro" listings are really throwing money down the toilet.
Seriously, go visit Stackoverflow Jobs. Start scrolling. It takes me so much conscious effort to read those listings with the yellow background. I'm specifically trying to read every listing and I keep missing them. They just look like rubbish ads, so my brain has been trained to ignore them.
It's the same experience with custom adverts on eBay or real estate websites. Any non-standard listing, I keep missing and have to scroll back through several times to "find" them.
There used to be a belief that if you were exposed to am image, say someone drinking a prominently labeled Coca-Cola, it would make you want a Coke even if the image only flashed by so fast that you were not even consciously aware you had seen it such as if the image was a single frame inserted in a scene in a movie.
This was debunked.
There is, however, something sort of in the same ballpark that has been reproduced and does show that your brain does have an astounding capacity to at least partially remember images seen only briefly.
Take a large collection of images of a variety of ordinary things. Pictures of things like a bunch of bananas, a dog catching a Frisbee, a cat sunning itself near a window, kids waiting for a school bus, a cat pouncing on a mouse, someone eating a banana, yadda yadda.
Divide the collection randomly into two equal sets, A and B.
Show test subjects the images from set A serially, letting them see each image for a hundred milliseconds or two, with occasionally rest breaks if the image set is large (I believe this has been with image sets up to 10K in the total collection, so it can take quite a while to go through set A).
If you then tested people on how well they could recall these images, they would suck at it. Ask them to describe all the dog images they saw, for instance, and they will only recall a small fraction of them.
Where it gets interesting is if instead the test you do is at a later time you randomly pair up each image from set A with an image from set B, and serially show the subjects these pairs in random order and with the random left/right placement, and ask the subjects to identify which of the two images is one they have seen before.
People get it right some astoundingly high percentage of the time, like 90% after several days. They might not really "remember" most of the A set in the sense that they can purposefully recall them, but apparently we do automatically and effortlessly store something that is good enough to let us tell which of two images is the one we've seen before.
I wonder if this effect would apply with ads? You see a banner ad in passing for brand X molten boron, not paying attention to it. This doesn't make you subconsciously want to go buy the product--that was the old debunked subliminal advertising theory.
But later, you actually need some molten boron and so head out to the store. They have brands X and Y. I wonder if because of the banner ad you saw a few days ago, you'd recognize brand X as one you have seen before and be more likely to choose it over brand Y.
The classic paper on this is Standing’s 1973 “Learning 10,000 pictures.”
The title really says it all: subjects shown up to 10,000 pictures (once, for a five seconds apiece) remembered a substantial fraction of them two days later. This is somewhat specific to images (and even moreso for “vivid” ones); people did worse with dictionary words.
However, one important detail is that subjects were told to pay careful attention to the stimuli; they were repeatedly reminded that a memory test was coming up.
yeah and then there was this other study where people had to count how often people would pass the ball in a video and no one noticed that there was a guy in a gorilla custom going around, because no one cared about that (they were distracted by counting). I think this is similar to how we usually try to avoid looking at ads in the internet: it's not what we are interested in at that moment! https://www.livescience.com/6727-invisible-gorilla-test-show...
A couple months back, I needed to buy car insurance. Literally, for six months, I had been being bombarded by Liberty Mutual. But I didn't google for car insurance. I the shitstorm that would create. Instead, I thought of 3 of the major ones, priced them out from their own websites and got the cheapest one. One mistake I did make was I went to one of those "compare rates" meta-sites, and the bastards wouldn't leave me alone for a few weeks. One of the companies I priced asked if I had previously had them. I told the truth and a local agent sent me email after email until I told them I already had bought a new plan.
It wasn't until some time later when I saw my next Liberty Mutual ad that I realized that they had never even crossed my mind during this whole process. Ha! I still chuckle. Now I am even more conscious to avoid things that I see a ton of ads for. I hate ads!
I’m one of those who claim to not (or seldom) be affected by ads, and I’d say my payment history can back that up. I usually buy based on other people’s experiences, eg by scanning 1-star reviews for red flags, or asking people I know about their experiences. When it comes to groceries I just buy products with certain traits (vegan, low on sugar, organic, low waste,...) which usually limits choices to products which are not advertised. Same thing with organic/sustainable fashion.
So maybe your purchase history is unaffected, which is a great thing I'd agree, but with ads, I worry about the psychological effect too. People can't really ignore manipulation, so I don't think it's plausible to say that how you _feel_ is unaffected by advertisements. I think the only way to remain impartial to it is to be never exposed the first place.
doesn't really matter since it's a numbers game: Even if the majority would be totally unaffected by ads, that would still leave a (significant) minority being affected, so still a very interesting business opportunity (which it is, of course). Nonetheless, I would count myself as one who is rather unaffected by ads, but still ads do give at least a presence to products that would otherwise get completely unnoticed. And if you don't drink beer and want to buy beer for friends who come over what could go wrong with the brands that are always on TV?
I don't pay attention to the ads I see either, but occasionally they are a little on the nose and I remember them. It's natural that you could recall one or two ads a year that came up at "the right time"
My wife's family is from Romania. A few months ago while eating with our children we were discussing flags, and I mentioned that Chad's flag is identical to the Romanian flag. The wife's phone, with Facebook and Whatsapp and a million junk apps installed was nearby.
The very next day I open Youtube and one of the suggested videos is an explanation of the Chad and Romanian flags. I had not searched for anything relevant, and upon asking the children and wife (only people present) if they had mentioned the conversation to anybody or looked for something online, they say that they hadn't. And I believe them, I'm always presenting to them small bits of information about the world even though I know that 99% of it gets forgotten immediately.
That was a few months ago.
Lately I have been unable to fall asleep. I refuse to use the phone or any electronic devices after 12 (and wear Gunnars after the sun goes down) but in any case I lie in bed sometimes until the sun rises. I mentioned this to one of my kids (5 years old) a few days ago, I don't know whose phones were where. But the very next day I get an advertisement for "Medicines for those sleepless nights". Now maybe, just maybe, one of the older children or the wife used a phone late at night that specific night. But it seems far too far fetched to imagine that this happened exactly the day after I mentioned that I sometimes don't sleep.
I am 100% convinced that our phones are listening for keywords and assigning us to categories based on that.
> I mentioned that Chad's flag is identical to the Romanian flag.
I find this unconvincing evidence because: you already knew this (somehow) and found it an interesting piece of trivia to bring up at that time. It's unsurprising, then, that a YouTube channel also finds it interesting.
It's very likely that you were influenced to remember this piece of trivia because of something you observed, like (for example) subconsciously spotting an advert.
These are common advertisements. You only noticed them the next day because you talked about them the previous day.
Conversation at the dinner table often leads to loose tangents. I'll be unable to convince _you_ that this is a subject that had no recent online evidence, but _I'm_ sufficiently convinced knowing the whole situation and aware of what information _is_ shared.
>I am 100% convinced that our phones are listening for keywords and assigning us to categories based on that.
I'm unconvinced. If this is happening to everyone, surely it's possible to conduct a randomized controlled trial? Despite that, we only have years of anecdotes but zero such trials. Moreover, this directly goes against the security models of both android and ios, which both require microphone permissions for apps to listen in on stuff. ios goes one step further and puts a recording indicator when the microphone is in use, so it's hard to imagine how these apps are are even listening in the first place.
The wife gives everything every permission it wants. She has no interest in protecting "privacy", the concept is meaningless to her. She wants Facebook and games and icon packs. How could installing an icon pack be "dangerous"?!? I'm the bad guy for mentioning it.
Her phone is a Samsung A50 probably Android 10 or 11.
> we only have years of anecdotes but zero such trials.
There's some quip about lack of evidence not equating evidence of lacking. But more importantly: at some point the quantity of individual anecdotes, along with the technical ability and interest of the parties involved, become data in and of itself.
>There's some quip about lack of evidence not equating evidence of lacking.
It's not, but the burden of proof is still there. It's up to the claimant to prove that some activity exists, not for it to be assumed to be true and for others to prove it's false.
>But more importantly: at some point the quantity of individual anecdotes, along with the technical ability and interest of the parties involved, become data in and of itself.
Ever heard of the saying "the plural of anecdote is not data"? I think this applies here. Specifically, I think this sort of phenomena is highly susceptible to publication bias/p-hacking. ie. you only remember/hear about all the instances that confirms this theory, but not all the instances where nothing happened. With billions of facebook/google users worldwide, and dozens of possible "topics" being generated per day, I'd expect millions of anecdotes to surface just by random luck alone.
Finally, if we're going by "a lot of anecdotes is proof in and of itself", what does this say about other paranormal phenomena? eg. ghosts or bigfoot? Those have a lot of anecdotes as well.
> It's not, but the burden of proof is still there. It's up
> to the claimant to prove that some activity exists, not for
> it to be assumed to be true and for others to prove it's false.
Of course, and I claim no proof. But we have no proof of gravity either, only very strong suspicion supported by loads of experimental data. Leaking a single keyword per day or per week would greatly enhance such systems' capabilities yet remain very very difficult to detect. Perhaps 52 new keywords per year is enough for them.
>But we have no proof of gravity either, only very strong suspicion supported by loads of experimental data.
Isn't that the difference between gravity and "facebook is surreptitiously listening to our conversations", that the former has loads of high quality evidence backing it up and can be trivially demonstrated and the latter doesn't? If someone claimed there was an invisible force that we don't know about, but you can't demonstrate it and the only evidence we have of it is various anecdotes, I'd be skeptical as well.
>Leaking a single keyword per day or per week would greatly enhance such systems' capabilities yet remain very very difficult to detect. Perhaps 52 new keywords per year is enough for them.
I suspect you're getting some of the threads mixed up. Other commenters have mentioned about this sort of activity being detectable via network monitoring, but I never made such claim. Instead, I claimed that such activity would be detectable by the operating system itself, due to the microphone activity indicators. That's not something you can sneak one word at a time, because you need to be listening all the time to pick up keywords.
If this was a widespread practice, don’t you think we'd have found hard evidence by now? That’s an awful lot of audio data to constantly process or upload, and as locked down as some modern devices are, we still have wireshark, iOS jailbreaks, and rooted Android phones. And, we have security researchers and other curious hacker-types who are constantly probing for stuff.
I think that enough anecdotes do add up to data. Hard evidence? Until a corporate Snowden comes along we may never know, just as we suspected similar things about government surveillance but had no hard evidence until Snowden surfaced.
It should be extremely trivial to show that some data is traversing the network you fully control.
While I would understand refusal to do so from non-technical crowd (e.g /r/technology or similar cesspolls), it's very difficult for me to understand this argument on hackernews.
> It should be extremely trivial to show that some data is traversing the network you fully control.
I obviously agree with you as the GGP, but the logical counterargument would be, these phones upload so much data in the normal case that it's hard to know what's what. And all of it is encrypted with https, often with certificate pinning.
But, well, audio files are really quite large, at least in the quantities we're discussing. And so in order for the data transfer to go unnoticed, the phone would have to be processing it locally, to decide what to upload. That would be a lot of work, in terms of cpu usage and battery life, and that, again, should have caught some researcher's attention.
Suffice to say, while I don't think any of this is feasible today, this is why locked-down devices and certificate pinning scare me. Audio is expensive, but you can learn a lot with a keylogger.
Those anecdotes can also be explained by psychological factors.
PRISM was operating at the network level, as opposed to widely-available consumer devices. It's the difference between tapping a phone line at the call center, and going into every individual person's house and planting a bug under their counter.
It's more like the difference between tapping a phone line at the call center, and giving into every individual person a handheld entertainment and communication device that also functions as a bug.
As the Twitter thread says this has been debunked many times. People have been sniffing traffic for years trying to find evidence of this. However, the point of the thread is that they don't need to since they have other, possibly more sinister, ways to target you.
Other ways of targeting may yield other results, but surely there is value in verbal keywords as well.
In fact, not only keywords but even by just knowing verbal habits such as phrases used, frequency of curse words, accents, etc, could be very valuable in targeted marketing. The couple who regularly say phrases such as "please prepare the tea, dear" may be better to target different ads to than the couple which regularly say "wazzup dog".
Yes, but when you can get similar results using completely "legal" methods that people, even when confronted with straight facts like this, don't seem to care about - why would you risk it?
Did the US government use completely "legal" wiretapping methods?
And their is nothing illegal about listening for keywords, even if the companies currently deny doing so. There really is no risk: The people up in arms about privacy will remain up in arms, and the 99% who don't care will continue not caring.
My wife, I, and some of our friends have also had this sort of gut feeling. However, I suspect it's a combination of selective memory (how many thousand random things have been thrown at you by advertising/YouTube suggestions in the past couple months?) and data mining being scarily more effective than we suspect.
Maybe the sorts of things or the pace of your web browsing early in the morning indicates grogginess. Maybe the machine learning has even picked up on some pattern like insomniacs clicking on a higher percentage of war and poverty news stories vs. celebrity gossip stories. It's also possible the ML has also used your browsing habits to pick up on the cause of your insomnia, while you think the advertising is due to your speaking about its symptoms.
Also, there's a bandwidth/battery life tradeoff associated with 24/7 sophisticated voice conversation tracking. It would certainly take a lot of bandwidth to send everything to Google, and the amount of processing power to filter for conversations about thousands of potential advertising products is significantly more than just listening for "Hey Siri". This is especially true of the amount of semantic processing to know that, unlike 99% of the mentions of "Chad" in English (and maybe Romanian) conversation, "Chad" isn't referring to the dude down the hall who makes a mean quinoa ceviche. I would expect that the kind of sophisticated processing we're talking about would kill a phone battery pretty quickly, and offloading it to the cloud would cause operators to start complaining about the bandwidth usage. Though, I could be wrong.
Edit: so, I think something spooky is going on, but I suspect that machine learning is sometimes just spookily accurate. I think it's Target that mixes in other coupons with baby product coupons when its ML has figured out a woman is 2 months ahead of giving birth, to make it seem less spooky.
Yes, the sleeping pills are far easier to find mundane explanations for than the Flag video suggestion. Either one individually could be a fluke. But together a pattern is beginning to emerge.
I mean, I'm pretty sure we know our phones aren't listening. We have privacy controls for microphone access and people are checking this stuff pretty regularly because they're scared of it too.
If that video about flags appeared when you hadn't talked about flags would you have thought about it? Probably not. You only made a note of it because you'd talked about flags and it "confirmed" your suspicions about phones listening to us.
What initially led you to talk about flags? Was flags something you'd actually looked at before? Maybe, but again you probably never thought anything of it and you probably can't remember whether you did or not. But youtube would remember.
Advertisers also use so many different things about you. They estimate or know your age, interests, location, eating habits, etc.
Without a doubt I have an interest in history and an interest in geography, and Youtube knows that. It is the timing and the specificity that is so suspect. This video was also not from one of the few channels that I watch, though obviously it has content of a similar genre.
Wouldn't it be possible that the wife looked up the flag topic on Google after the discussion and that it got mixed up as both devices shared the same (external) IP during that time? And because of that you got this suggestion? Just playing devils advocate here.
That is completely possible, and I did ask her. She, and the kids, say that they hadn't.
And honestly, I don't think that they had anyway. Maybe one of the kids will take an interest in dad's boring facts about the world at dinner, but the wife has long since stopped even listening!
I do think there's a lot of assumed knowledge gathered from your actions... my computers don't have microphones and I keep my phone in a box when I sleep (because I am that paranoid), but I started getting those when I switched from a day job to a night job.... being online on your off hours may class you as "having trouble sleeping"
A lot of people here are saying this isn't the case, that seeing seemingly targeted ads for things you discussed in the presence of a phone is just a coincidence. I've also read a few articles about this, and their conclusion is the same, so I guess it's common knowledge.
What I always wonder is: why not? We have the technology to recognize keywords in speech, the ability to passively identify handsets, and we certainly have the technology to target ads to people based on keywords. Unless there is no money to be made doing it, why the hell wouldn't your phone be overhearing your conversations and serving ads to you? Is it that we think Google and Apple and Amazon and Facebook and various ad platforms respect our privacy too much to do something that sinister?
Implementation will be hard. Having the mic on all the time drains battery. Storing the data offline and uploading discreetly when the device is plugged in will be discovered quickly.
I think on-device voice recognition has come a long way nowadays so with more powerful phones, one of the big companies might try this soon.
Siri can't even tell if I'm saying "apartment lights" or "Obama lights" when I'm talking directly to it. And if it's not even hard enough to transcribe all the ways all the people across the globe might pronounce words in all of the languages they speak, there's the problem of deriving who said it (was it you or was it the TV?) and deriving what was the expressed sentiment.
It's so much cheaper and technologically easier to parse your browsing history and parsing things you enter in as text than it is to parse voice. Especially when you don't own the platform your software is running on (what would need to happen for Apple to allow Facebook 24/7 access to the iPhone microphone)?
Also, Google/Apple/Amazon/Facebook don't have to respect our privacy, but they do need to respect privacy laws like the GDPR, so they can't actually tap your voice without your consent unless they want to risk actual billion dollar fines.
Some devices have physical kill switches for cameras and mics. Whether or not the eavesdropping theory is true, such devices can help you deal with your immediate worries.
On MacOS there are great tools from objective-see. One of them, OverSight, notifies you when your mic or webcam is activated.
Failing that some tape works quite nicely!
QubesOS allows you to assign certain devices to Xen VMs , compartmentalising your hardware. No spying if there is audio/video device (a Xen hypervisor escape not withstanding) available to the guest OS.
I do like devices with physical kill switches. Some USB sticks and devices by Purism.
"When I use my discount card at the grocery store? Every purchase? That's a dataset for sale."
He's just using that as a general example, right ? He does not, himself, as a data privacy expert and knowledgeable user of networks actually use a grocery discount card, right ?
Further, the more general set of examples that make up his narrative rely, to some degree, on using a mobile device that is connected to, or even registered in, his actual, real name.
He doesn't do that, right ? Is anyone here doing that ?
Yes? I don't particularly care whether or not the grocery store knows exactly which products I buy, especially since it's moot with 1) the introduction of eye-level facial recognition cameras at every checkout lane and 2) paying with a card because I don't want to carry cash.
Which country is that? US? I am glad in my country we do not have eye-level facial recognition cameras (I'd assume that would be illegal), and I can and happily do pay with cash.
Yes, the US. Virtually every large chain is doing it, even in the relatively remote area I live in. There's really no such thing as privacy here, too much money to be made tracking and selling to people.
Government bodies have forms that require you submit a phone number. You cannot go to a restaurant without using a QR code reader to see the menu. I'm not sure what reality you live in but having no phone is akin to living off grid now
That's geolocation. They knew your friend got a dog, they knew you were in the same location, now they assume you might be interested in dogs too. I still think it's super creepy and invasive, but I think most likely they aren't listening to microphones.
Morally? No. But I think they'd fear the legal repercussions of high-level company officers making public statements that they aren't doing it. I also think one of the many privacy researchers doing traffic sniffing probably would have picked up on some signature pattern. Is it possible I'm wrong? Of course. But if I had to make a bet at this moment in time, that's how I'd bet.
I have a suspicion on how they're doing it. Every time this has happened there was a tv around.
1. Use smart TVs to listen for ad relevant keywords.
2. TV manufacturers sell the data to FB.
3. FB gets keywords & geolocation data, combines it with it's won data and voila. You know these 2 FB users where near this place and dog stuff was discussed.
Pretty safe and distanced from a scandal and yet very effective.
Or Facebook already knew that he was friends with the person who got the new dog, knew that person had a new dog, and started showing dog-related ads to all of the people on Facebook that they knew were friends with the new dog owner.
How often do you open Facebook and see ads about irrelevant trash? Probably most of the time, right? So why is it so surprising that occasionally that irrelevant trash might align with something that happened in your day?
Another thing to consider: How many times do you hang out with a friend and not notice any particular connection in the ads you see later? Again I'm guessing that's the case most of the time. If they really had such sophisticated matching technology then why not do it all the time?
> If my phone is regularly in the same GPS location as another phone, they take note of that. They start reconstructing the web of people I'm in regular contact with.
> So. They know my mom's toothpaste. They know I was at my mom's. They know my Twitter. Now I get Twitter ads for mom's toothpaste.
Yes, whenever these stories come around, 90% of the time it can be explained by shared IP. It's not GPS. It's not microphones. It's not cameras. It's actually simple. You connected to someone's WiFi. You got their public IP. It's a unique 32-bit number, easiest thing in the world to store and associate. Now you are associated for a while and get some of the same ads.
If I follow someone to a number of different locations with Wifi, then I can learn a lot about them by using a simple intersection of the ads I'm now getting.
For instance, if I get ads about diapers in all locations, then I have a strong reason to conclude that the person I'm following is pregnant or has a baby.
Quite interesting, I hadn't even thought of it this way. In a way, VPNs could be pretty useful in this regard, as you share the same IP as several other people. So you'd be subject to irrelevant ads about the same topic that most of them are searching for.
I assume that even though I use a vpn and have ads blocked almost completely, my browser is fingerprinted and my phone tracked so that I'm giving valuable data almost all the time anyway.
I don't really consider it a good thing. I think VPNs should be the default for everyone. But yes, it means that ad networks aren't surreptitiously listening to your spoken conversations. They are just doing the most brain-dead obvious correlations.
Defending yourself against the efforts of Google's best minds takes time and energy that could be spent in better ways. Admittedly setting up uBlock is trivial, but going further takes moderate effort that often isn't worth it, especially considering Google have probably worked out how to track you anyway.
I took the time to setup PiHole at the network level, and uBlock Origin on my browsers, but to your point, I don't waste time trying to block YouTube ads on my Chromecast/GoogleTV (which is collecting data on everything I watch, not just YouTube, of course). I basically block the low-hanging fruit, but still get semi-targeted ads fairly often. But not quite to the extent I see described by people that put no effort into it, so I do feel like it has some affect.
for Android I use a little app called DNS66. This blocks most bad stuff, it sets up a virtual/loopback VPN on the device that I just leave running all the time.
Why is it that if I deny Instagram mic access on iOS these “coincidences” stop happening? I’m convinced Instagram listens, too many experiences to suggest otherwise. I’ve read all the articles and tweets on this subject and yet remain convinced. And when I deny mic access, issue goes away.
What's interesting is that we will get ads for things that sound the same as something we talked about, which further suggests the mic is on. Like a company with the same pronunciation as a different word altogether, and that being the only connection between us and the company -- we mention the other word, verbally, and the company's ads starting showing up that same day.
Yep this has happened to us too many times to be a coincidence.
Sitting on the couch and mention I noticed some issues while doing gardening and the side fence might need replacing - next minute Facebook is advertising fencing companies to her.
I never googled, she never googled it. Somehow it keeps happening.
AdTech just shows ads from the highest bidder. If a bicycle advertiser overpaid for ads and decided that they need millions of impressions, whereas a highly targeted toothpaste brand decided they need 1000 highly targeted impressions, you're going to see the bicycle ad first. Most advertisers just spray ads at people, so as a user, you end up seeing useless untargeted ads more than you see highly targeted ones.
Any chance you are browsing with a VPN? If all AdTech was as bad as you claim it to be, then Google, and the whole sector, wouldn't be as massive as they are today.
Just like with anything: There are implementations that don't work at all/are easily fooled, but there are also systems running so effective, that you most likely don't even notice their "invisible hand" guiding you or at least guiding what you see.
So, this is going to be slightly beyond me to accomplish. At least, I'm not really willing to apply the effort. But what if there was a service to pump out garbage data for these ad services to collect? Like, what if everyone used every toothpaste all the time (theoretically). Thus, marketers are flooded with bad leads. Enough to make a critical mass to stop relying on data collection tactics. To make sure this gets enough market usage, it would have to be free, thus the funding of such a project would be difficult. Perhaps a Wikipedia type of public funding rounds, maybe patreon and create merch. I don't know. I'm just interested in a way to dilute the data market and make it absolutely meaningless for anyone to buy. Hopefully, destroying the market. A handful of people doing a wee bit of ad blocking isn't working. Will this have 2nd and 3rd level repercussions? Absolutely. Will this hamper corporate surveillance on people? I think so. At least I think it'll be a better ride than the Gamestop market ride. Just a drunk idea. Throwing it out there. Maybe someone will think of something better off of this.
Are they listening to mics? That is constantly debated/debunked.
But yes...geolocation, networks you log to, phones you are near, what you search. That all seems to play a part.
Linkedin has in the past for me suggested connections based on the wifi I was using. Someone who I don't have common friends or career as and I was getting their contacts as suggestions just after using the same wifi. I have no facebook account...but it seems every phone I buy has it preinstalled.
To me I have long assumed this was going on. With the number of sensors and the capability to have a near constant data connection it boils down to "if they can...they will".
But as a good friend of mine says "I thought this was what we wanted". People seem to enjoy that the first button they see when they log in is the button they were actually looking for. (not saying everyone...some take security/privacy very serious...but the flame is bright for the masses).
I constantly have ads served to me for something that has been discussed in the room near me...or topics I would never have an interest in but the conversation was happening near me. My assumption is someone I was near enough for my phone to "see" their MAC address (if via common wifi or if it is adhoc...doesn't matter) and they searched the terms later.
I have become so used to this it has stopped bothering me. The real concerns I have are when I start getting served ads for things like Cancer or other medical treatments. It makes me say in my head "Does the bot know something I don't? Is there some sort of symptom I am having and the AI has picked up on it before me?"
At any rate...welcome to the future. Accept that tracking is a thing. I don't personally see a way to force the companies who have already become some of the biggest in the world by storing/selling data that they need to stop. Even through regulation. My personal opinion is we have passed the point of no return...it is the new normal until "the great reset" which will take a near extinction level event to force us back.
Location data is truly very powerful, this has been shown already.
As an example: I live in a large apartements complex. I mostly always see the same people, because we have the same in/out hours and days. There are people I know who live here that I almost never bump into by chance, sometimes not even once in a year. This give an idea of how timestamped location data is personal and identifies you. This is quite impressive if you think about it.
That's the reason why Google keeps pinging you if you change the location privacy settings on your Android phone.
Ok, now I want to know who the hell around me has a bunion. Please Social Media Algorithm, if you read this comment and can cross my HN account with whathever other information you have, I don't need a bunion remedy!
Weirdest anecdote for me: My wife and I were peeling shrimp for dinner and we were chatting how great it would be if there was some kind of tool that would make the task easier.
A while later after we ate, I was browsing Facebook and I was being shown ads for shrimp peeling tools. We had not done any kind of online search, etc. for it. We don't even have any "voice assistants" like Alexa, Google Voice, etc. (Though we both have iPhones so we have Siri).
So how did FB know we had been talking about shrimp peelers?
Had you or your wife looked up "shrimp recipes" or "how to make shrimp" or anything like that in preparation for the meal? Or did you use a loyalty/discount card at the supermarket that's tied to your identity?
My wife got a news article pop up because it included a Getty licensed stock image that was from a location and time she had physically been present at.
The article itself was unappealing in any other way.
I have a similar experience. I take all the precautions for disabling ads. I opted out from all the targeted ads. And still when my brother visits me, the ads on YouTube change.
A couple weeks ago there was an HN post about some lockpicking tool. I watched a video about it in Firefox Focus on my iPhone. Later that day, I was on YouTube on Safari, logged into my gmail account. It recommended videos on lockpicking.
I assume this is based on IP address? What can be done about this? If Firefox Focus/incognito isn't enough, what should I be doing? I already use NextDNS and mostly use Brave incognito on my laptop.
Or mabye he used the Wi-Fi and they detected that his phone was loggedin with the same ip. I don’t buy that people are being corrected on physical location. Some services probably do, but the normal ad network’s? Nah. where would they get my actual location data from.
I constantly get ads for things I just purchased. Note to Self: Need to figure out how I can get paid to sell useless advertising to marketing chumps:)
The craziest thing I’ve ever seen with targeted advertising (on iPhone) is when I was vacuuming the room one day & as soon as I finished & opened Safari, was seeing ads for Vacuums
I hadn’t even ever said the word ‘vacuum’ - iPhone literally seemed to have cued the sound of the machine in the background. And mind you it’s an iPhone 7 with few apps & not some Pro Max future phone ..
From that moment I’ve been convinced 100% microphones listening, cameras probs watching.
A little anecdata: I was halfway reading this comment thread in my iOS DuckDuckGo browser when I switched to the YouTube app and refreshed a couple times to see what ads I got: some mobile games, an online car dealership, a shower head and... a vacuum cleaner. Then I came back and read this comment.
I’m not too worried though, probably coincidence. The only place I really see ads anymore are on YouTube and most of the time they are irrelevant.
I've had this happen too, but I wonder how much of it is confirmation bias. I see ads for random stuff all the time and don't even think twice about it, but when we're talking about buying a laptop for my sister and I get laptop ads that sticks in my memory.
I would say it’s possible but at least in this case very unlikely.
It’s not the first time this has happened but definitely the most extreme case where I’d been alone for an extended time (during Covid) and the ad was pretty much immediately after vacuuming.
Of course no proof but like the saying if it looks like a duck and sounds like a duck etc
That's because what you're posting is pure FUD. I don't mean to discredit the experience, and how that made you feel, but posting your conclusions as facts added nothing to the conversation here.
this scenario would fit the parent comment's description:
speaker 1: I just bought a Turbobot 3000, you should get one they're great.
Speaker 2 thinks to himself: What the hell is a Turbobot, anyway speaker 1 is such a jerk and we have nothing in common anything he likes I'm sure to hate. If only he wasn't my brother in law.
Speaker 2: Sure thing.
Speaker 2 hangs up phone, goes on facebook, sees ad for Turbobot 3000.
on edit: of course I assume speaker 1 is not the parent commenter, as speaker 2 no doubt has multiple relatives.
This Twitter thread is hilarious. The author decries advertisers for evilly collecting all the world's information in order to... sell him toothpaste? The cherry on top is at the end when he discovers that his tweets have gathered some attention, he uses those eyeballs to flog his role-playing game and his brother's book.
Funny sidebar related to a top post yesterday about topical engagement on Twitter, the author of the tweet describes his feed as follows:
> If you like D&D consider sticking around, my account is 85% tabletop RPG development and 15% leftist politics.
Kudos to the author for taking his audience what they should expect after following. But isn’t this a really narrow audience? Why not have 2 accounts: robertgreeveathome and robertgreeveatwork so I can pick which content I’m interested in?
They know who are you sleeping with, or if you aren't sleeping with anyone. They know your age and all the insecurities you have about your body, not to mention your health problems and every embarrassing fact about you. They know where you've been, where you're planning on going, and your political preferences. They know if you've donated to political parties, attended political rallies, if you voted, where, and when. And they know all your friends.
And we just let them do this. As tech people, we built this. And all the along the way we told ourselves it was fine, because it was very lucrative for the entire ad tech/fintech/startup ecosystem, and us personally.