[swhalen]

My layman's understanding of the GDPR was that it was the primary website (i.e. the website you are actually and intentionally visiting) that could store your data on the basis of a legitimate business interest -- for example because they need that information to deliver some stuff you ordered from them.

However someone seems to have found a legal loophole whereby third parties ostensibly are able to track you on the grounds that their business is tracking, and they therefore have a legitimate interest in tracking you.

Hopefully this loophole is eventually struck down in some French or German court, and the GDPR will one day be applied as intended. Tracking is not, and will never be, a legitimate business.

[mschuster91]

> Tracking is not, and will never be, a legitimate business.

The problem is, the way the Internet and its services are financed, it is pretty much a requirement.

A lot of services absolutely depend on advertising revenue because affordable micro-transactions still are not a thing, not to mention 20 years of cultural ingrainment that services on the Internet have to be free when they are aimed at the general public. The alternative is philantropy aka rich billionaires footing the bill - we're seeing with the Washington Post (Bezos), Twitter (Musk) or Austrian newspapers just how problematic that is. The only relevant project surviving off of individual donations is Wikipedia and even that has issues (see e.g. the endowment debate that regularly pops up here), Mozilla depends on Google's money. Another alternative that regularly pops up, especially in Europe, is having the government fund services - but let's be real, who wants to use a messenger where the government has any sort of involvement? China shows why this is a very bad idea.

So basically, now that we have established that currently advertising is required, another can of worms opens up: ad fraud, which is incredibly widespread. Everyone but the advertiser clients has a massive financial interest in manipulations:

- ad networks want to claim "x millions of sites use our services to show ads", so they have an incentive to create fake sites that no one ever looks at

- ad agencies want to claim reachout capacity (to their clients) and maximize ad eyeballs because often they're paid as a percentage of ad spend

- content creators want to have as much income as they possibly can get. Click fraud and SEO spam fake sites/content mills come to mind here.

Advertisers, in turn, want to minimize their ad spend and maximize the ROI. That means they need a way to target ads to specific demographic groups, they need a way to weed out fraudulent spending and they need a way to weed out undesirable context (i.e. no popular brand wants to show a pre-roll ad to Alex Jones claiming crisis actors). And that is where tracking and other "middlemen" companies come in - they serve to protect advertisers from overspending and bullshit, and provide the actual data required for targeting.

The only groups that could get away without tracking and countless middlemen services are "household brands" that simply book ads at massive TV and radio stations and niche magazines and their advertising clients (say, a magazine about farming naturally yields itself to equipment manufacturers, pesticide and other farm suppliers) - but even there, media has an incentive to over-inflate their reader/viewer/listener counts to demand more money from advertisers, so they need third parties like Nielsen Ratings as independent "arbiters".

[tpxl]

> The problem is, the way the Internet and its services are financed, it is pretty much a requirement.

A bad business model doesn't mean you get to ignore the law.

[mschuster91]

A key part is that, while the GDPR undoubtedly is a good piece of law, it got introduced without a public debate on how the Internet should actually work and be funded.

Basically, GDPR kneecapped the entire business model of everyone but Wikipedia, and almost no thought was spared on how to replace that and make the Internet a better place for everyone.

[tpxl]

> Basically, GDPR kneecapped the entire business model of everyone but Wikipedia

GDPR did no such thing. There are thousands, if not millions, of businesses operating online that _actually sell goods and services for money_ and GDPR did nothing to stop those.

On top of all that, you can still show ads while being GDPR compliant. Just not slurp-every-piece-of-data type ads.

[danaris]

Personalized tracking is not a requirement for ads.

Ad agencies were making plenty of money for many years before the internet made this kind of tracking possible.

There's very little evidence that personalized tracking actually makes advertising more effective in terms of ROI.

Let ad companies sell ads, and websites sell their ad space, based on the content of what's posted there. The same way ads were sold in newspapers and magazines for decades.

And ad fraud on the part of any of the business parties involved in the ad transactions are not sufficient justification for tracking every person's entire life online. Let them deal with the fraudsters directly, in ways that don't involve incredibly invasive and privacy-eroding surveillance on a massive scale.

If they can't figure out how to do that, that's not my problem. It's their business model, not mine.

[dmitriid]

> The problem is, the way the Internet and its services are financed, it is pretty much a requirement.

It's not. Advertisement can and has worked very well without wholesale collection and trading of private user information.

The next time you feel like presenting the "we require tracking for financing services" bullshit as fact, please provide proof.