[hnaccy]

>But the cool part is that you can also track when someone views your ad, and then a bit later types in your web address to make the purchase without ever clicking the link.

>In other words you can track both people who click through an ad directly, or who see your ad and then visit your site a bit later

How does this work?

[troydavis]

Most larger ad networks track post-view conversion - that is, someone viewed an ad but didn't click on it, and then later visited the advertiser's site anyway - using a "conversion pixel." The ad network provides each advertiser with a HTML or JS snippet that loads an 1x1 pixel image or makes a similar small HTTP request to the ad network.

The ad network records a post-view conversion if either:

1. The ad network cookie that was set when the ad was served is still present, or

2. A user was logged in to the publisher's site (Google, Twitter, etc) when they viewed the ad, and is also logged in when they visit the advertiser's site.

#2 is also how most cross-device tracking occurs. For example, if you're logged in to Twitter on your phone and see a Twitter ad, then type in the advertiser's URL on your desktop where you're also logged in to Twitter (and the advertiser has Twitter's conversion pixel on their site), Twitter will record a cross-device post-view conversion.

Here are examples:

Twitter: https://business.twitter.com/en/advertising/campaign-types/i...

AdWords (for YouTube impressions): https://support.google.com/adwords/answer/2375431?hl=en

Facebook: https://www.facebook.com/business/a/performance-marketing-st...

Aside from blocking the ads, uBlock Origin blocks the conversion pixels/requests for the largest ad networks.

Often a conversion pixel snippet is used alongside retargeting/remarketing. Some ad networks use #2 above to do quite sophisticated retargeting, not just targeting those who viewed a specific page. For example, Google lets advertisers retarget AdWords ads to those who liked a video in the advertiser's YouTube channel: https://support.google.com/adwords/answer/2545661?hl=en&ref_...

[apricot]

Very interesting. Now, suppose I interpret this kind of action as spying on me, and I want to stop it, are there ways around it? Is not logging on to Google etc. and using the Privacy Badger extension enough, or do I have to ramp up the arms race further?

[Feniks]

https://github.com/kkapsner/CanvasBlocker/releases

All ads and tracking can be blocked if you want them to. Its a arms race.

[bpicolo]

Adblocking extensions like uBlock Origin. Privacy Badger is a good tool that looks to specifically aim to block things like conversion pixels, so that should be protecting you already from this class of things.

[troydavis]

uBlock Origin with EasyList and EasyPrivacy (https://easylist.to/) enabled blocks nearly everything that’s practical to block. Note that EasyPrivacy may need to be manually enabled in uBlock extension settings.

Disabling third-party cookies (desktop and mobile) is also easy to do. The only thing I’ve seen this break is inline support chat widgets. Enough clients have third-party cookies disabled (Safari defaults to disabled) that the chat widgets usually test for it and show an explicit message.

It’s much harder to block anything based on being logged in to a site (Google, Twitter, Facebook, etc), because:

* for retargeting based on intentional actions done while logged in (such as liking a YouTube channel): these can always get recorded, since the requests must succeed in order to complete the action you wanted.

* for conversion tracking: the hostname and even path of the conversion request can be very similar to that of an intentional request (like to login with SSO or to show content inline). The filter list entry is more brittle.

* for retargeting based on something done on a mobile device: you’ll need an ad blocker on the mobile device as well.

uBlock Origin with EasyList and EasyPrivacy gets as close as any other simple approach, though.

If you’re significantly more motivated, don’t browse while logged in to Google, Twitter, LinkedIn, or Facebook (and set their cookie duration short, like the current session). For most people, this is past the point of diminishing returns. If you change only 1, make it Google; it has the largest market share of advertisers, has the most services to target based on, and has the largest inventory.

Otherwise, put your money where your preferences are: move to FastMail or the like. Not because there’s anything wrong with Gmail (there’s not), or because they’re unethical (I have no reason to think they are), but because their product choices don’t meet your privacy preferences.

Hopefully anyone reading this far has already done it, but if not, pause everything on Google Activity Control: https://myaccount.google.com/activitycontrols

[toomuchtodo]

Assuming Google Analytics tying it all together.

[e12e]

And perhaps spying through Google searches and chrome? I guess Google never spies on you except by proxy via analytics - but then, if they correlate views on YouTube with analytic hits, that's not really true.

Anyway, the above, as well as:

> If that still doesn't make your campaign profitable, there are broader exclusions and bid adjustments you can make based on age, gender, device, location, parental status and household income.

Really stood out to me - if anyone needed further evidence that Google is still an ad company, and that the free services are about driving ad traffic.

It'll be interesting to see how GDPR affects this. I suppose the sad truth is that Google/alphabet has built a ton of cash on the back of user data, and now no-one else will be able to that as this particular form of business becomes illegal.

But Google is big enough to shift into other growth markets like media manipulation/lobbying and defence contracts etc.

[exchomedev]

Google does use the "anonymous" usage stats from Chrome to inform AdWords. Source: I personally developed on this feature. Response to rebuttal: the tree you're looking at isn't actually what's complied into the Chrome binary.

[delroth]

I currently work at Google, and from what I know and have seen about how we handle privacy internally I'd be really surprised and appalled if that was the case. Mind sending me more details? My nickname @google.com.

Anonymous reporting in Chrome has been one of the leading use cases for differential privacy at Google. See e.g. https://github.com/google/rappor and https://static.googleusercontent.com/media/research.google.c... which specifically mentions the Chrome use case. This seems to indicate the people who work on this do care at least in some amount about privacy.

(Given the fact that you use a throwaway account I'm very much not expecting to see anything else than FUD, but hey, I'll give you the benefit of the doubt.)

[judge2020]

Fairly obvious that Google uses upstream chromium then adds in all of the proprietary g APIs and anonymous usage statistics after the fact.

[manigandham]

Cookies are used and track both the ads you've seen and clicked on. Combine that with on-site analytics tags and you can see the campaign and traffic sources. View-through and click-through conversions are very standard in advertising.

Also yes, Google is an advertising company. I'm not sure when perception around that ever changed? Their biggest new avenue though is their Google Cloud Platform which has the potential in the future to make more than their entire business combined.

[nukeop]

>Really stood out to me - if anyone needed further evidence that Google is still an ad company, and that the free services are about driving ad traffic.

97% of their income is through ads. Maps, Docs, email, Google Plus, Youtube, even Search - it all exists only to increase advertisement profits, and to get ever more minable data from the users. If the ads money ever dries up for whatever reason, the entire company goes belly up.

[username223]

> But Google is big enough to shift into other growth markets like media manipulation/lobbying and defence contracts etc.

They're already the number one single company in lobbying, beating out AT&T and Boeing:

https://www.opensecrets.org/lobby/top.php?indexType=s&showYe...

I imagine DoD would love smarter autonomous drones and tanks. They bought Boston Dynamics awhile back, makers of seriously creepy things:

https://en.wikipedia.org/wiki/Boston_Dynamics

They'll do just fine when the ad bubble bursts.

[manigandham]

Google sold Boston Dynamics last summer to Softbank. Their next big moneymaker is the Google Cloud Platform which competes with AWS and Azure.

[jackgolding]

These are called conversion pixels, Google Analytics should have nothing to do with it (assuming there is a Chinese wall between AdWords, Doubleclick, GDN and Google Analytics.) Obviously Google offers some built-in integration within its products but you can achieve this within the ad-buying platform itself.