It's more like your accountant preparing your tax return for free in exchange for aggregating data about your receipts and offering you goods and services you may be interested in.
Let's split the difference. It's like your accountant preparing your tax return in exchange for using that tax return to develop a model of your spending habits. The value of this model is more than the cost of them doing your tax returns, and in fact is such that if you were simply to collect that data yourself, sell it on the open market, and spend a portion of the proceeds on the tax prep service, you would end up with profit, and the tax prep service would still exist.
> if you were simply to collect that data yourself, sell it on the open market, and spend a portion of the proceeds on the tax prep service, you would end up with profit, and the tax prep service would still exist.
Economies of scale; the market for that data would not exist if individuals collected it themselves to sell. Hence would break down.
Phrased another way; this data about 1 person is relatively valueless.
(I like the rest of your example BTW; just disagree with your conclusion)
> The value of this model is more than the cost of them doing your tax returns
It's likely the value Google got out of scanning your email wasn't worth that much in terms of modelling profiles for ads.
Probably because having both your search history and "anonymized" Google analytics, plus the sea of data that comes from owning Android is more than enough data that Google/Doubleclick needs.
From a purely capitalist perspective I'd bet the utility of them scraping this data no longer outweighs the privacy costs.
But at the same time Google is still scanning attachments for child porn and likely other data out of national security interests. And they still can access your data on a case-by-case basis which from a FISA perspective is a rubber-stamp away from accessing your data from 2 hops away from someone who may or may not have done something bad.
I personally will not weigh using Google vs any other email service in terms of privacy any different after this measure. But I still appreciate their efforts to reduce the "standard pratice" nature of scanning private email. If I do use anything Google-related I will not associate my personal identity in any way with the service, which is still requirement for Google play.
You can still use a fake gmail account and prepaid Google gift cards bought with cash to disassociate your identity from using the service. Although that's still well beyond the investment the majority of people are willing to make.
Regardless privacy comes at a cost these days. Good OPSEC > trusting cloud services privacy policy. You can either not use the services or invest in protecting your data when using them.
I will still cheer on Google's efforts to make those of us who care about privacy live's easier. I'm not naive enough to ignore how their business model works but that doesn't mean they always have to take the easy route and hand everything over without considering the costs - as many ISP/Telecom companies seem to do.
Eh? That assumption of "not associating my personal identity" doesn't actually work. Your profile IS your personal identity, and can be associated trivially. If not algorithmically, then via one connecting piece of information supplied by various databases and no such agencies. You're living in a dream.
> Your profile IS your personal identity, and can be associated trivially.
I'm hardly new to his stuff and to say it's trivial is nonsense. Most people make it trivial but it's not trivial to associate identities of people who put basic effort into obscuring them.
Merely disconnecting your primary profiles from your online activity is enough to throw most mass-surveillance/drag-net stuff off, aka 99.9% of advertising firms and most government programs.
If you're an activist or someone interested in keeping your internet activity private then the bar is far higher (and the targets of which are ever expanding as governments and private organizations get better at this stuff). FBI agents, or likewise in your country of residence, have plenty of forensic tools at their disposal to connect disparate identities. It takes some real time investment and requires being super careful to evade these measures. But I'm not talking about that here. I mean the average person in 2017.
I've personally done the total anonymity stuff as an experiment so I know what that takes.
Having studied many documents from the various global national security organizations and being fortunate to have dated a defense attorney in the past who engaged with police surveillance reports on a daily basis for their work I'm convinced that even basic privacy measures such as never using your real identity when using internet services, creating full legitimate sounding backstories (and subsequent online profiles) for your fake identity, and changing the ID you use often enough will throw off most basic surveillance measures.
I'm not doing anything to get people really invested in uncovering my online identities, as most people aren't, which is what I'm talking about.
The simple fact is the vast, vast majority of people reuse the same username (and passwords) across the internet and use their real name and emails everywhere. So it's really not hard to track people online from an LEO or 4chan doxxing perspective.
But I'm not convinced you have to be isolated from the utility of most online (cloud) services. You just have to invest in using them intelligently to not associate your actual identity with the services.
Ad companies aren't interested in deanonymizing people anyway. They are looking for low hanging fruit and there are more than enough people to fill databases who fit this profile. So I'm not that concerned about those who don't.
It's not trivial to match any arbitrary profile with an offline identity, but it is possible to cluster pseudonymous profiles into "almost certainly the same individual" by patterns and peculiarities in how they use their devices. If the same patterns later show up for an identified user, they can be linked with high probability.
With the sites Google runs plus running their own JavaScript on a sizable fraction of other people's web pages, they can pick up a lot of patterns, many of which would be inaccessible to police and intelligence surveillance.
Some people have nervous habits like moving the mouse around, clicking/tapping on whitespace, scrolling up and down, etc. Some always/never use the scrollbar. Some always/never open links in new tabs. Some tend to put the adjective before/after the noun in their searches. Some will rapidly open up the first 5 search results in new tabs. Some always disable instant search, and some of those change their settings to 20 or 50 or 100 results. Some use search features like the calculator, searching for "weather", stock symbols, etc, and others never do.
I disagree with you, but from the perspective that my email contains the history of every transaction I have ever made, all of the newsletters I sign up to, and, for another 3 days, ~50% of my conversations, since I do a good chunk of my communicating over gChat.
Consumer preferences change over time, so google is far more interested in the thing I bought yesterday than the thing I bought 4 months ago, so being able to read my emails is still a current interest of theirs.
Amazon's receipt emails stopped including an itemized breakdown. Perhaps this is for customer privacy or perhaps so Google can no longer scrape Gmail users' purchase histories.
> if you were simply to collect that data yourself, sell it on the open market, and spend a portion of the proceeds on the tax prep service, you would end up with profit
Hmm. Could you sell it on the open market? If so--if the margins for the ad-supported model like Google's are in fact as big as they appear--why isn't there a Google competitor who provides exactly the service you describe: some kind of opt-in system where they collect data (via, say, a browser extension), sell it to advertisers, and pay you a cut?
One generic answer to "why does the market not offer [some seemingly reasonable thing]" is inefficiency: maybe there's some cartel system at work where all major advertisers are hoarding the revenue for themselves. But I find that pretty unconvincing, since the whole market _seems_ to be otherwise quite competitive, and with low barriers to entry.
Perhaps a more likely theory is that if you were to offer a "we pay you for personal data" competitor, you'd face massive fraud--a la click fraud--in which attackers would pretend to be real users in order to get paid for searching (or whatever), and that the subsequent need for identity verification would become so burdensome as to eat away any profits.
Anyway, an interesting thought exercise, but I think one can broadly conclude that either:
1. There are real obstacles to paying people the "fair" price for their data, such that the current system is in fact fairer than it appears.
2. The entire market is unfair due to a cartel or similar (though like I said, I find this fairly unconvincing).
3. This is a great idea and you're the first to have it, so you should start a company that does exactly this. ;)
Interesting. How do they protect against clickfraud, though? Paying the user seems to me (somewhat naively, because I'm not super familiar with clickfraud) to increase the incentive for abuse, since you don't have to run a malicious website to do it.
One of the obvious advantages of the Gmail model seems to me to be that free email is less fungible than cash, though of course abusers resort to spamming and other practices to monetize the resource.
gmail can still advertise to me in the hypothetical scenario above, but if they want to do so in a targeted way, they would have to buy my data from me first.
Anecdata: in the past 5 years or so the number of relevant or interesting search ads Google has shown me can be counted with one hand.
- If I'm searching for technical documentation, I couldn't care less about all the random consultancies or shitty-SaaS-of-the-day trash that populate the ad slot(s).
- If I'm looking for technical details on a piece of malware or vulnerability research, the last thing I want to see on the page is a goddamn AV junkware full-frontal.
- If I'm searching for details on some car models ... why the fk is google shoving insurance ads on my screen real estate?
And so on. As far as I'm concerned, online advertising is a stripmined toxic dump. Only the shittiest swindlers and shadiest extortion artists remain.
>- If I'm searching for details on some car models ... why the fk is google shoving insurance ads on my screen real estate? //
Brand marketing. It may not work on you, but it works in general.
Personally I consider myself pretty imune to marketing but when you think "who else should I check to switch my car insurance to" then that brand is going to pop up if it's been fed to your brain enough. Indeed when you're looking at a list of similar offers the one that's associated with a name you already know will seem somehow more trustsworthy, it's an insidious finagling of a brand in to your brain drip by drip. Why do they do it? It works.
Here's a real life example. It's like Credit Karma who prepares your tax return for free, but then uses the info to help target you for ads on credit cards, loans, etc.
If its about offering me goods and services that I may be interested in, then ad blocking is a useful feature for both me and the advertiser. If I am not interested in any goods or services then no offering or aggregation is needed.
On the other hand, if its about offering me good and services which other companies want me to become interested in, then we have a different deal going on.
It's more like your accountant preparing your tax return for free in exchange for aggregating data about your receipts and offering you goods and services you may be interested in.
Hmm. I could actually see that working, as a spinoff of concierge services offered by companies like American Express.
can your accountant prepare your taxes without looking at your receipts? no. can webmail provider provide you email service without asking your emails? sure he can
my accountant preparing my tax return for free in exchange for...
inviting
...a sleazy salesman [to] sneak a peek at them and find new ways to sell me stuff.
Your accountant prepares your tax return for free. They also have a lot of boxes of flyers provided to them by people who want to sell things. After preparing your tax return, they use their knowledge of your return to choose which flyer to put into the envelope. They then send that envelope back to you, and when you open it to read your tax return, there's a flyer for something else paperclipped to the front with a note saying "Thought you might find this interesting."
(In particular, the accountant is only one who sees the information in your tax return.)