Your comment adds a lot to the conversation, so I don’t want to be more contrary than necessary.
It’s nonetheless a shame that it’s so universally misunderstood how ad-supported megacorps make their money that even highly sophisticated users of the web still talk about the value of personal data (source: I ran Facebook’s ads backend for years).
Much like the highest information-gain feature for the future price of a security is it’s most recent price: ad historical CTR and user historical CTR (called “clickiness” in the business) are basically the whole show when predicting user cross ad CTR. The big shops like to ham up their data advantage with one hand (to advertisers) while washing the other hand of it (to regulators).
As with so many things Hanlon’s Razor cuts deeply here: if your browsing history can juice CTR prediction then I’ve never seen it. I have seen careers premised on that idea, but I’ve never seen it work.
> It’s nonetheless a shame that it’s so universally misunderstood how ad-supported megacorps make their money that even highly sophisticated users of the web still talk about the value of personal data (source: I ran Facebook’s ads backend for years).
That may be the case for some people, but that is not my complaint, nor that of many folks I know.
I simply don't care how FB, Google and other surveillance outfits make money. I don't care about marketers' careers or their CTRs. I don't even care about putting a dollar value on my LTV to them.
I care about denying them visibility into my datastream. It is zero-sum. They have no right to it, and I have every right to try to limit their visibility.
Why? None of your business. Seriously - nobody is owed an explanation for not wanting robots watching.
But I will answer anyway. It is because of future risks. These professional panty sniffers already have the raw material for many thousands of lawsuits, divorces and less legal outcomes in their databases. Who knows what particular bits of information will leak in 10 years, or when FB goes bankrupt? I have no desire to be part of what I suspect will become a massive clusterfuck within our lifetimes.
If you're correct that this data has so little value, then it is more likely it will leak. FB and Google are the equivalent of Superfund sites waiting to happen, and storing that data should be considered criminal.
I didn't, but assume this is the case with everything. I mostly care about giving my data away for free (cut me in please), but none of my non-HN commenting roommates knew. Is their privacy less important than mine?
Is that so? What about the webmaster who simply wants to combat bots using his page, is the extent of data gathering on Google's behalf just part of the deal? What if selling user data is against the webmaster's ethics? "Don't use it I guess" Sure, except that no one in the exchange was told the extent to which this data is used, or what for. Users of Google's Captcha aren't told about this exchange. I disagree entirely that it's a matter of voluntarily opting in and out of Google's domain. Their business model depends on becoming inescapable, and they're not being honest about how their services collect our data.
That's what's great about GDPR. It makes privacy a fundamental right that can't be bargained away, much like you can't sign a contract binding you to slavery and you can't accept a bonus from your employer in exchange from losing your mandated breaks.
If I could upvote this comment twice, I would. This succinctly summarises my views on the subject. We shouldn't have to justify _why_ we don't want our private information harvested by these companies. I would still feel remarkably uneasy even _if_ Facebook and Google were demonstrably benevolent citizens of the online world, but we've seen time and time again how invasive and malicious they can be. The fact that both of these companies have political ambition makes the entire situation much scarier. Count me out.
You could either stop using these services or (as I suspect) you find them too valuable to dismiss entirely quarantine them to a VPN/incognito interaction in less time than it took to type that comment.
I don’t want to single you out personally but there’s a broad trend on HN of bitter-sounding commentary on the surveillance powers of these companies by people who can easily defeat any tracking that it’s economical for them to even attempt let alone execute that reeks of sour grapes that a mediocre employee at one of these places makes 3-20x what anyone makes (as a rank and file employee) anywhere else.
Again, you’re not likely part of that group, but seriously who hangs out on HN and can’t configure a VPN?
How do you stop using a service when you have little or no indication that it does something like this before hand, and afterwards the privacy is already gone?
If I use a site and view my profile page and the url contains aa account id or username and some google or facebook analytics is loaded, or a like button is sitting somewhere, how am I to know that before the page is loaded? What if I'm visiting the site for the first time after it's been added?
It doesn't even matter if I have an account on Google or Facebook, they'll create profiles for me aggregating my data anyway.
> quarantine them to a VPN/incognito interaction
Which does very little. I spent a few hours this morning trying to get a system non-unique on panopticlick, but the canvas and WebGL hashing is enough to dwarf all the other metrics. There are extensions to help with that, but for the purpose I was attempting, were sub-optimal (and the one that seemed to do time-based salting of the hashes wasn't working right).
So, I don't have any confidence that a VPN and incognito really does much at all.
No, a clean browser and IP with the combination of what fonts I have installed, how my video card renders a canvas and WebGL instance (which may be affected not just by the video card you have, but the driver version used with it), my screen size, and a few other system level items that come through may or may or may not be enough to uniquely identify you. Along with linking to a prior profile if you screw up one time (or load a URL that has identifying information they can use), and you're busted.
So, sure, a clean browser and IP and never logging into a site you're previously visiting might be enough, but who does that, and doesn't that halfway defeat the purpose?
I appreciate the information-theoretic validity of your argument, but if you think that one of these firms cares enough about your buying preferences to burn enough compute to find that correlation then you either work for the CIA or are mistaken.
It doesn't take a lot of compute resources to have multiple profiles, and when evidence of a high assurance level (a referring URL that is known to designate a specific user of a major service) to link it with other profiles that also have that designation.
To me, that seems par for the course for any service that's generating profiles of browsing behavior and trying to make any sort of decisions based on it. It reduces cruft and duplicate profiles while also providing more accurate information. Why wouldn't it be done?
> the information-theoretic validity of your argument
The portion about canvas, WebGL and AudtioContext hashing is not theory at all, it's well known practice from years ago. Jest the other day here there was a story about some advertiser on Stack Overflow trying to use the audio hashing to tracking purposes.
Hell, if you get enough identifiable bits of entropy, you can probably assume weak to strong level matching using a bit-level Levenshtein distance that's low enough.
GitHub is always at your disposal. NV doesn’t sell the consumer cards to enterprises. So on AWS a multi-GPU box will cost you about 12 dollars an hour. If you can disambiguate, let’s just say 85% of profiles absent IP or cookies, well I think you just broke the academic SOTA and I’d love to make some calls.
> GitHub is always at your disposal. NV doesn’t sell the consumer cards to enterprises. So on AWS a multi-GPU box will cost you about 12 dollars an hour.
I don’t see how this is related to the claim, since it doesn’t solve the problem. But the advertising company that I let run code on my website will certainly do the job pretty well, I’d say.
You use something that blocks scripts (like uMatrix) with an aggressive ruleset. On some sites you'll need to allow things to make them work. If they are loading trackers from the same servers that they load content from, you can't do much without wasting more time than you want. I'd say it breaks most of the tracking though.
More sites than you'd expect work without js or with first-party js only. It's annoying when you need to read a news site, because those are usually bloated garbage. Not a huge loss.
This was already with uBlock Origin. Also tried combinations of Ghostery and Privacy badger. All of it made very little difference for panopticlick, and that's probably a low-bar compared to what's common these days.
> You could either stop using these services or ...
Are you serious? Have you tried not using their services? Try blocking Google Analytics, Tag Manager, ReCaptcha, fonts, gstatic,... What you will see is that you can no longer access much of the Internet. Want to participate in StackOverflow? Good luck if you block Google.
My beef is not with them trying to find my data when I'm on their site(s). They are however everywhere, on almost every site I visit. Coupled with their (impressive) technical provess it is beyond creepy, and there is simply no way one can avoid them.
I don't know what the solution is or will be, but as far as I'm concerned, this should be illegal.
Blocking those two doesn't seem to break much, does it? I have uBlock Origin and/or Privacy Badger block them everywhere.
ReCaptcha on the other hand…
Just this week I needed it to complete the booking of an airline ticket and just now buying a high chair for my son. And today I've completed the blasted thing ten times in a row because of a game installer that was failing at a certain point (GTA V's Social Club thing); each attempt to figure out what was wrong meant completing the ReCaptcha again.
Fire hydrants, parking metres, pedestrian crossings, road signs, hills, chimneys, steps, cyclists, buses — that's what the internet looks like in 2019.
The costs of compliance are not too high. Compliance is actually ridiculously easy for new companies: they need to collect only the data they need. That is all there is
Yes. Your point? It’s actually ridiculously easy to be compliant with GDPR.
Edit: That is, ridiculously easy for new companies. Incumbents have been hoarding data for too long and it was actually harder for existing companies to become compliant.
I enjoyed reading what you said as a different perspective on the backend of ad technology vs privacy up until this comment thread.
I didn't build a profitable social consumer business in Europe after compliance, but I was part of a team that implemented compliance for a long existing company within the US due to them having clients and client's clients in Europe. They're profitable. Do you want my term sheet? Or are you weakly attempting to flex while complaining that people's basic right to privacy is preventing you from earning obscene amounts of money?
Most people here can avoid the impact of climate change - do you think we shouldn't talk about that either?
These are societal problems. It's good to care about people beyond yourself, and to talk about the professional ethical responsibilities of software engineers with regards to corporate mass-surveillance.
How about our friends and family? Should we configure a VPN for them too?
Btw the argument you just made applies to any form of surveillance or censorship. Just because your can still find functional VPN services for China, is China's great firewall OK?
And what happens when web services start blocking VPNs?
Netflix does it quite successfully. And I'm sure Cloudflare could provide such a service for free.
No you can't. Facebook creates shadow profiles for every single person in the world. If any single one of your friends has WhatsApp, Facebook has your phone number. They have your phone number and the entire address book of your friend, who probably has friends in common. If two of your friends have WhatsApp and they both have your number...
You see where I'm going here? There are pictures of me on Facebook that I did not put there. From friends or friends of friends.
I'm not even scratching the surface of what Google knows with GPS and WiFi connections.
> The question is “If it weren’t FB who would be doing it instead?” [...] “Should cheap digital cameras be illegal?”
Those are a complete non-sequitur.
Facebook (and Google) analyse every single photo that goes through their system with state-of-the-art ML (it's so good that it almost beat humans at matching faces ~5 years ago). This is a scale of surveillance which the human race has never encountered before in our history[+], and is a serious problem that we (as a society) need to make a decision on. In many countries, car license plates are OCR'd and automatically tracked whenever they travel on almost any main public road. Facial recognition in public places and on public transport is becoming a prevalent problem. And wearing masks is illegal in many countries -- meaning there is no way of "opting out" of the pervasive surveillance in the physical world. None of these things were nearly as commonplace ~30 years ago.
Cheap digital cameras are a completely unrelated topic. And if such large-scale surveillance was made illegal then nobody would be doing it legally, and those doing it would be held accountable for the public health risk they pose.
[+] The Stazi and KGB only really had filing cabinets for tracking people and physical surveillance measures. The Gestapo didn't even have that (the Third Reich had census data which was tabulated using IBM machines in order to track who was Jewish within the Third Reich).
Like I said: it’s not an argument, it’s an attack. Plus I’m sure that there’d be many people here able to counter your claim regardless of the compensation number you drop.
We’re on a site premised on entrepreneurship, and you’re pointing out what sounds like a big market gap. I angel invest now and then, if you have a plausible way to make two billion people care about something that we agree could be better my email is in my profile.
Even from the inside I didn’t see a way, but I’ve been wrong before.
Yes, looks like the industry cannot solve that problem alone, just like the electricity and chemical industries somehow didn't achieve clean air and water out of the goodness of their hearts. Another market gap. Or, wait, a case for government regulation.
A VPN will not help you against advanced behavioral browser fingerprinting like in this new Captcha. Not only do they have lists of VPN servers anyway, if you inadvertently log into your Google account once from the VPN (e.g. by launching your browser from your normal account), then the VPN IP(s) will be forever associated with your account and normal IPs, and they already know from the Captcha data that you're one and the same person. All the VPN does is adding the information that you sometimes use VPN servers of company such-and-such.
I appreciate your comments in this thread very much but could you please stop baiting people on this point? If there's one thing I've learned from running HN it's that the generalizations about the community that people come up with are invariably wrong. They're overgeneralized from a small sample of what the generalizer happened to notice—and since we're far more likely to notice what rubs us the wrong way, the results always have have sharp edges. In other words, people remember what they saw here that they liked the least, then tar the whole with it. To borrow your phrase, the TLDR is less interesting.
> Again, you’re not likely part of that group, but seriously who hangs out on HN and can’t configure a VPN?
Recaptcha tracks users / devices, not IPs. A VPN won't help, it'll only lower your score. At that point: not allowing them to track you just means you can't use large parts of the web.
"You don't want that GPS tracker installed into your skull? Well, we won't force you, of course, but public transportation, government services and most grocery stores can only be used by GPS-skull-people"
It is not "wild speculative hyperbole" not to give the benefit of the doubt to companies that have repeatedly demonstrated that they are not entitled to the benefit of the doubt.
I think it's worth pointing out that the comment you replied to didn't mention money, advertising, or CTR. People are concerned about data collection for more reasons than that. You've seen these attempts and entire careers about it without "juicing" CTR, so perhaps that isn't the true intent.
I admit that I inferred the proposed intent for grabbing maximum personal data, but if you’re interested in anecdotes from the trenches: no one below senior director level gets a couple million in stock for any other reason than they pushed CTR by a few basis points. What I was trying to say is that seen through the lens of mechanism design no one is incentivized to query the like button table because there’s no upside in it.
I'm not sure I understand correctly. Are you saying that all the personal user data is in reality not as valuable as everyone says it is? That is, all those megacorps are collecting terabytes of mostly useless data?
Then why is this data collected and archived in the first place?
I was never involved in those decisions but I suspect that when you’ve got a multi-dollar CPM and your biggest pain in the ass is pouring concrete and running power fast enough that a few PB of spinning disks are cheap enough that you hang onto it in case you ever find a way to make it useful.
That sounds logical. It’s also exactly the reason many of us don’t want to give up our information to these companies. There is absolute uncertainty as to how it will be used in the future.
The fact that so much potentially sensitive data exists in a few repositories is in itself a bit foreboding. Who knows what companies will be able to glean from it one, five, or twenty years down the road?
My behavior on the web being tracked by corporations with little incentive to do right by me is worrisome.
I’m more concerned that they’re designing the next version of the Web right under our noses than that they know what kind of sneakers I’m 8% more likely to buy.
However, I’m concerned that the data also allows them to see that I am 93% more likely to vote for a certain political candidate, 22% more likely to contract a chronic disease in the next ten years, and 16% more likely that I will have a friend that homosexual.
I'm not thinking about ad delivery, I'm thinking about behavioral analysis. Knowing how a person thinks and acts can be a very useful weapon in the wrong hands, and FB and the like have done nothing to make me think their hands are the right ones (I don't think any are really.)
I'm not sure where to add this comment, but I just wanted to briefly say that I appreciate your contributions to this topic. Both in terms of content and tone/delivery. These seem like constructive and valuable comments to me, so thanks!
I think the implication was that the leadership is hanging onto all that data because of an immediate fiduciary obligation. I suspect that it’s more in the nature of when you’re running a business in which a few hundred million QPS is slow that you archive in case it ever becomes useful.
Unless the point of your comment was to deny that Google is collecting this data at all (because, according to you, there's no financial incentive), I don't see the relevancy of your criticism. The complaint of the top level comment was that Google is collecting extremely personal data on us. Your response is that Google doesn't have an immediate financial incentive to do this. If you're not actually denying that Google collects this data, why does that matter? For most of us, the fact that our personal data has some financial value to a corporation is irrelevant to the fact that we don't want them to have it.
That's the annoying part of it. They try to collect everything about me, down to my favorite color and the brand of tea I am drinking, and they can't even deliver a semi-relevant ad. Best they can do is to bombard me with shoe and riding classes ads for 6 month after I search for "weight of a horseshoe" and stuff like that. They kill the privacy, they make 99% of the sites unusable without an ad blocker, and at the end it doesn't even amount to them making relevant ads...
If I were you I’d be more worried that Google de facto controls whatever we’re calling HTTP these days than that they have a BigTable entry that ties a browser you once used to a preference for Earl Grey.
I am worried by both. In fact, I am worried by more than these two things about Google, but listing them all would probably take this discussion way off course.
No offence, but your posts in this thread appear to be projections, and they derail the conversation.
The main topic we discuss is corporate surveillance. We are concerned about all the personal data that leaves our control. We are worried that evading this type of surveillance becomes increasingly difficult.
Some HN users may know how to mitigate these risks, but most people may not know how to defend themselves against corporate surveillance.
This is why me must speak up now, and not just for ourselves.
Can you provide any evidence that personal data doesn't improve CTR prediction for companies like Google/Facebook?
You state yourself that Google/Facebook publicly claim to advertisers that personal data improves CTR prediction. So I have a hard time believing that personal data isn't useful.
I’m already on a shaky limb being so candid about how the business actually works. If you want the opinion (albeit a little dated but still relevant) of someone who doesn’t give a fuck about who the truth pisses off I recommend a book called “Chaos Monkeys” written by a former YC (exited) founder.
> If your browsing history can juice CTR prediction then I’ve never seen it. I have seen careers premised on that idea, but I’ve never seen it work.
Isn't demographic targeting exactly that, based on your browsing history? Will showing an ad for a car wash have the same CTR for people that liked car products as for people that did not like car products? Or is your point that it still has to be a human that inputs "this is about car things, please show it to people that like car things" and it's not a magic AI that optimizes it automatically? And in that case: isn't that just a matter of time? Build the profile today, build the tech that uses it tomorrow?
We've banned this account for repeatedly breaking the site guidelines and ignoring our many requests to stop.
If we allow users to harass and attack people who have genuine expertise for posting here, does that make HN better or worse? Obviously worse. Mob behaviors like this are incompatible with curiosity.
If everyone sophisticated enough to be on this site would just use the term “applied computational statistics” (even just in their own thoughts) instead of “deep learning” or AI, the world would be a better place. Gradient descent finds some fun minimia (my current venture is heavily based on that idea) but to assign more agency to Adam or RMSProp than they merit is just an exercise in feeding the trolls.
Couldn’t agree more. All these delusional discussions: Is it intelligence? Is it true intelligence? How far is it to become true...? Skynet rising?
To be fair: The last question is certainly adequate regarding the application of unverified/-able algorithms in a life-changing incarnation as a virtually unsupervised decision making quality. This is horrible. But it is another question (and better answered skipping the pseudo-philosphical part)
Could you please explain in what sense deep learning is "applied computational statistics"?
What about classical planning, SAT solvers, automated theorem proving, game-playing agents and classical search? Could you please explain how one or more of those are "applied computational statistics"?
Further- I don't understand the comment about "agency". Could you clarify? Why is "agency" required for a technique or an algorithm to be considered an AI technique?
I don’t know anything about the underlying algorithms for the examples you rattled off, but deep learning trains a graph of neuron weights such that they are statistically optimized to minimize error in computed output labels for some domain of input data. Very much “applied computational statistics”.
The examples I gave are classic AI algorithms that are very easy to look up on wikipedia. They do not compute any statistics.
I'm not sure what you mean about "neuron weights that are statistically optimised". Modern-era, deep neural nets train their weights with backpropagation, which is basically an application of the chain rule, from calculus. They do not use statistics for that.
For example, calculating the mean of a set of values or calculating the pearson correlation coefficient of two variables are computations typical in statistics.
Could you please clarify what you mean by (applied) "computational statistics", so that I don't have to double-guess you?
Edit: Do you really not know what a SAT solver is? Not to be rude but if that is the case, from where do you draw your confidence about the correct terminology to use for AI?
He means that neural networks are applied statistics in that they solve a statistical regression problem. It's not conceptually different from classical methods of regression like least squares. The phrase "statistically optimized" is certainly a funky one, but regression is certainly as much a part of statistics as the two problems you mentioned.
There are non-statistical methods for training neural nets (no backprop) so 'applied computational statistics' really wouldn't capture it. Beyond that what is wrong with the term deep learning? I can at least understand objections to the use of the term AI (even though it was originally used to refer to narrow AI but was appropriated by hollywood) but deep learning seems like a fine term to me.
“I’m rich relative to the mean Twitter audience, please ruin your business model for something that is privilege at best and crypto-HN virtue signaling at worst.”
It’s been awhile since I’ve had the chance to measure the caliber of Twitter’s finance quants, but last I knew it was pretty fucking hard to get past the phone screen for that job. I enjoyed jousting with them.
Oh, please. Twitter's average revenue per user is something like $2-3 per quarter. Your notion that you have to be some kind of Scrooge McDuck to spend $25/year on a Twitter Premium subscription is ridiculous. Jamming "virtue signaling" into places where it doesn't fit is its own kind of virtue signaling.
Even amongst those who say they would pay $25/year for Twitter premium, we'd first have to account for stated vs. revealed preferences of how many would actually pay. I can't speak about you as an individual, but study after study has shown that this can be a huge effect. And keep in mind, this is only among privacy minded tech people. The vast majority of social media users do not give a shit about this (and will explicitly say so). Also, I imagine the people who are willing to pay for Twitter premium are highly correlated with the people who constantly rail about social media and threaten to quit/actually do quit. For those people, switching to a paid model is just going to provide the impetus to go ahead and quit anyway. All of which serve to bring the per user expenses up, but then increasing the cost of online services usually prompts a huge hue and cry (see: every time Netflix ups their prices), so you can't keep up with inflation even. And so people start quitting, and then due to network effects everyone else also starts quitting and the service dies. This is not in Twitter/Facebook's best interest and rest assured, they will not ever do it.
I don't think anybody's suggesting Twitter move to only having a paid offering, which I agree would be fatal. I also suspect the market of people who really would pay is not large enough for them to bother with, but it depends on what they put in the premium version. Dropping ads is easy to implement, but is a niche market. On the other hand, being able to create private spaces could be huge. And they do a decent business in access to data that nobody seems to mind.
something about this aspirational mumbo-jumbo rubs me the wrong way. there are plenty of objective standards to judge one's self against, most of the best ones are available to the general public in one form or another these days.
for a piece intended for a general audience I think the author did rather well, I can imagine a nontechnical person appreciating the world in a broader way having read it.
while i agree that there are ways in which native user interface controls are currently more compelling than their web alternatives, shouldn't we all be diligent in hoping for and working towards the end of that situation? it might not be as impossible as it once seemed, they're doing angry birds in a browser now!
either way i can't imagine that an iOS monoculture in high-end mobile applications really serves anyone but apple in the long run. i think there's a general consensus that it didn't work out that well with windows, and there's arguably a lot more at stake this time.
this is awesome! it's really very close to a native experience (on iphone 4 at least). my hat's off to mr hewitt. for a comparable experience check out gmail in mobile safari, it's also very convincing.
apologizing for my ignorance, does anyone know for sure why these libraries are necessary? it seems like it wouldn't be hard to offer a standard way (or even a meta tag, i appreciate that pinch zooming is a reasonable default) to get smooth accelerated scrolling of fixed and/or overflow:auto containers.
Libraries like these should not be necessary, but since Apple has not implemented proper scrolling of elements and iframes, we're left to do it ourselves. Perhaps iOS 5 (just two weeks until wwdc!) will solve the problem and make this project obsolete (I hope so).
Even if they do, libraries like these may still be necessary for more advanced scrolling mechanisms like those that snap to page boundaries or involve scrolling/zooming hybrids (like photo viewers common to many apps).
fantastic work and thanks for the quick reply. i'm eager to show this to some of the guys i work with as they're working on similar stuff. http://www.npr.org/webapp loaded on an ipad 2 is pretty slick, particularly in terms of multi-finger scrolling.
i'm sure i speak for a lot of people when i say thanks for working to advance the prospect of truly first-class web applications on mobile. these are exciting times!
Yeah. That is really smooth and fast on the iPhone 3G. It's a great job.
This is what overflow-scrollable areas on webpages should have been in iOS Safari. At the moment you have to mash two fingers into the screen and slowly drag it around; real clunky.
Fingers crossed (badum-tish) for an update next month.
I must admit I'm impressed. Barring a very slight jerkiness at some random times it actually feels native: fluid, fast, and the "physics" is very, very close. In comparison iScroll 4 is better on general smoothness but feels strangely alien to iOS (notably the inertia bounce at list ends).
With the swarm of crappy alternatives - barely mimicking the native behaviour - I saw before I was giving up on the hope that something like this could even remotely exist.
It’s nonetheless a shame that it’s so universally misunderstood how ad-supported megacorps make their money that even highly sophisticated users of the web still talk about the value of personal data (source: I ran Facebook’s ads backend for years).
Much like the highest information-gain feature for the future price of a security is it’s most recent price: ad historical CTR and user historical CTR (called “clickiness” in the business) are basically the whole show when predicting user cross ad CTR. The big shops like to ham up their data advantage with one hand (to advertisers) while washing the other hand of it (to regulators).
As with so many things Hanlon’s Razor cuts deeply here: if your browsing history can juice CTR prediction then I’ve never seen it. I have seen careers premised on that idea, but I’ve never seen it work.
reply