Get ready for ads to start addressing you directly by name and doing other like things to get your attention. Google isn't usually _too_ overt about these sort of things but the less savory ad networks could get really unpleasant.
"Hey there George Thompson, click to see one weird trick to hide your arrest records from your wife Mary"
You are prohibited from creating ad content which implies knowledge
of personally identifiable information or sensitive information
about your customers ...
Sensitive information about your customers can’t be used in Customer
Match campaigns or ads. Additionally, you can't use data from
your Customer Match campaigns to identify sensitive information
about your customers.
Sensitive information includes:
Interest or participation in adult activities (including alcohol,
gambling, adult dating, pornography, etc.)
Sexual behavior or orientation, such as sexual orientation
inferred from a user's visit to a particular website
Racial or ethnic information, such as from sites or apps that
collect affirmative racial or ethnic identification from visitors
Political affiliation (other than the public registration information
of United States voters), such as from sites or apps that solicit
or store people's affirmative political stances
There is actually a creep-out effect with taking this too far I think that drives people away from ads that are too stalkery. Consider the case of target who toned down the exactness of some of their targeted mailer ads to women likely to be pregnant after accidentilly kicking off the outing of a pregnant teen to her family.
Perhaps we should be more creeped out by the more subtle personalized ads than the clumsy attempt I suggested.
The creep-out effect depends heavily on whether you're a company with a reputation to protect (like Target)
As for the more subtle way of using this personalization will be to stick more ads in the faces of people that once signed up for a service but don't use it as much these days and don't open the reminder/newsletter emails that end up in their "social" or "promotions" tabs. I found this sort of badgering with traditional ad retargeting creepy enough to drive me to install an ad-blocker, but it undeniably works and is heavily used by companies that care about their reputation.
_you_ are prohibited, but Google is not. I'd suspect they will mix in more and more of this context (from Nest, from emails you provide, from your driving habits on Google Maps) to make ads "more personal" as time goes on.
Presumably Google could already be doing this in their own ads before this announcement. I don't know if this announcement implies any nefarious motives in this space (not to say they aren't planning this, but just seems unrelated).
advertisers will do what they do. pay some money on that to tag users with 3rd party cookies (which was 50% of the reason Google sponsored Mozilla. guess if it's enabled by default on chrome...) and then show that personal information on dynamic display (images, flash) ads. probably even on other networks since Google's suck for display.
Well, google doesn't know if people are active on non-google sites. And they couldn't tell advertisers or people would be able to upload 999 fake emails and 1 real one and tell if they're an active google user.
- google doesn't know if people are active on non-google sites -
I don't have numbers, but I know that the overwhelming majority of sites I see in a given day, week, or month use google analytics. A helpful 'free' tool that gives site owners excellent stats, and gives google insights into almost all of the off-google browsing that happens...
I wouldn't hold your breath. Marketers can already do this to an extent on Facebook. FB allow targeting in minimum groups of ten emails at a time. For large companies it's easy enough to batch data groups of 10 for things like happy b'day or 'Hello George' type messages. Or to take it to the 1-1 level there was an amusing case of someone trolling their flatmate by uploading 10 email addresses, nine of which were girls and selecting the sub-targeting option of 'male only'. He then ran super personal ads to freak out his flatmate. FB may have fixed this 1-1 option now given the publicity.
Personally I don't do these type of comms in my marketing as people find it creepy. Nor have I seen other utilising this like that. I have used FB for targeting with generic ads so people don't realise they are being targeted at that level. It was quite effective. End of the day professional marketers are trying to get relevant ads in-front of relevant users and not waste budget with unneeded impressions/clicks.
All that said, I do see the potential for abuse on this. I kinda feel regulators need to step in and place clear guidelines for people protection, perhaps rules around PII (personally identifiable information) sharing between organisation which is getting very common these days to enrich each others data. Also in the same way many professionals are accredited, I wonder if people working across larger PII data sets should require accreditation. Something that ensures they know the rules, and if they are abused they can be removed from the industry.
As another posted commented, there will be a minimum list size to prevent this sort of thing. For example, Twitter already allows targeting to specific individuals, but the list minimum is 500 (if I'm not mistaken).
I wonder how easy it is. Google says they require 1000 "Active visitors." So you need to not only create 1000 fake accounts to target a single real individual, but run 1000 undetected clickfraud bots (and then pay out on your own clickfraud). Not sure of the current state of the clickfraud arms race, but maybe there are cheaper and easier ways of snooping?
I don't imagine targeting any random user is particularly efficient, but when you are dealing with multi million user databases, finding close to a thousand people who share a first or last name probably isn't hard. They don't even have to address it to a person, simply provide some details (details vary based on database). Think "How was you recent trip to Hawaii? Click here for winter deals!"
Which is (a) cheaply broken by hiring a few hundred bored students, and (b) is also even possible to be broken analytically. It is actually easier to break than the highest level of the previous captcha, as now you just need a Google account with semi-normal activity and a JS runtime that pretends to be a normal browser. The semi-normal activity is simple to be possible by running it as a bot and feeding it with search queries for 8h a day, running a query every few minutes. Which, in turn, gets the account marked as active.
Which is trivially broken by having real people simulate a bunch of real Gmail accounts. Services like this already exist for Facebook likes, YouTube views, etc.
Far more sinister would be "Your wife Mary has an arrest record, click to see it!" (but of course, she doesn't - they just want the click, and get to imply validity by means of knowing other personal details).
As you said, I doubt Google would try/permit this, but this will certainly come through.
Body: Who knows what secrets are being hidden from you -- right under your nose! Do you know Mary as well as you think you do? For only $2.99/month we will alert you to any criminal actions and public records that we find on your wife. Get started today! Easy payments with Paypal
Related Stories:
Is your ex-wife Harriet on Ashley Madison?
Is your brother Blake in debt?
Are your parents Anita and John under foreclosure?
Some ads already have that much info about you if you're being advertised to because of retargeting/remarketing. Eg when you bail from a site with something in your shopping cart and that item follows you around the internet.
That said, this is a great reason not to browse the internet with logged in google email. That was always the flaw in the firefox 3rd party cookie blocking debacle: it would have been an enormous gift to fb, google, and twitter.
I am curious, why do they always say the word "weird" in these ads? It's too tacky for most people to think they are "dispassionately" describing the product. One weird trick. It's almost a shibboleth now of hucksters.
Most people on HN have probably grown sick of those stock phrases, but if they're still using them in ads, there's probably "plenty of other fish in the sea" willing to take the bait... if you've ever observed "normal" computer users browsing for any length of time, you'll see what I mean.
Which is kind of half pointless. I see ad's all day long that are half relevant to me. I rarely click on them. Just because they start screaming my name doesn't make me more likely to click.
The most effective advertisements aren't ads. Most of the time I use a product or service it's because I saw someone on here or someone I know talking about it.
This came up a few days ago on HN. There is brand awareness as well as direct sales. So if you see a Heroku advert, then see an article on HN a few days later about it, when looking for quick app deployment you may start at heroku instead of engineyard.
Also, everyone underestimates how much advertising works. People often downplay advertising and beleive it affects others much more than themselves. While for low hanging fruit like MacKeeper, a shit-tier virus-spam-app that constantly is displayed via popups, targeted ads based on your preferences are subtle and difficult to weigh.
This is nothing new as FB has had Custom Audiences available for a while now, and you could also do this with 3rd party audience lists via cookie onboarding services like LiveRamp, etc.
What I'm wondering here is if Google will provide any way to upload this info to them anonymously similar to how Liveramp does it.
I personally won't be running these, but I'm curious if others are really comfortable with the idea of uploading their customer lists to Google (or FB or anyone else for that matter) in plaintext vs. going through a neutral middle-man that lets you just provide hashed values to get a match.
EDIT:
Looks like my reading comprehension failed this morning and they do allow you to upload hashed lists per their support doc. Also, to clarify, I have little doubt that Google, FB, etc. can't figure out who the people are. The main concern is with the people managing the AdWords accounts pulling/sending around plaintext email lists of all these customer records. That is often extremely sensitive and valuable company data that should never be sent around like that. From my experience, the people managing these campaigns are often not technical or experienced enough to think of risks like that. So hopefully the only way they can access such info is via someone who does have the knowledge/experience to say "yeah, plaintext lists of our customer emails are NOT something I'm going to be sending you a CSV of."
> I personally won't be running these, but I'm curious if others are really comfortable with the idea of uploading their customer lists to Google (or FB or anyone else for that matter) in plaintext vs. going through a neutral middle-man that lets you just provide hashed values to get a match.
according to the linked [1] you only upload hashes of email addresses.
If you don't want Google matching your customer list to individual gmail accounts for targeting, then this service isn't for you. That's kinda the whole point.
> if others are really comfortable with the idea of uploading their customer lists to Google (or FB [)]
Just to present a cynical point of view, it is Facebook and Google. In America (and many other countries) Google provides mail servers via google apps or just directly on the gmail platform. I don't know the percentage so I won't invent one but I would argue it is quite likely that if an exchange takes place between 2 parties (the minimum for a convo) the traffic routes through google. Between facebook, chrome, gmail and android your customer lists are likely not private.
People send around plaintext files of email addresses all the time. Every single CRM, marketing automation, and ESP make it very easy to do so, and there are hundreds of reasons why you might.
This is already an option on Facebook called "Custom Audience" so I'm not surprised that Google is releasing this as well.
Regarding the privacy implications, almost every major e-commerce site already uses third party marketing systems, oftentimes with e-mail address, so this is pretty much the same. They're not selling the data to a 3rd party since they are a 1st party using a 3rd party tool.
The article, quoting Google's PR: "Google is in a unique position to connect consumers with your business in the most relevant ways. Whether they’re searching on Google, checking promotions on Gmail, or watching videos on YouTube, we can deliver the most relevant information based on what they’re doing, wherever they are, when they’re looking, and on any device they’re using. Today, we’re building on these capabilities with new ads innovations to deliver even more relevance."
"Checking promotions on Gmail"?
Eric Schmidt once wrote:
“Google policy is to get right up to the creepy line and not cross it… We don’t need you to type at all. We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.”
That was in 2010. They're now well over the "creepy line", and probably well past the European Privacy Directive.
Log out of Google, now. Delete all their cookies. And get off Gmail. There's a site on how to do this.[1] You don't need Google's "services".
So far I still find the value they provide in knowing that much about me to outweigh the costs and concerns. I constantly evaluate this metric in my head, but so far Google is still on the plus side.
I find it really handy when I pull up Google maps on my phone and it basically already knows what I was going to type. I find Google now to be super helpful.
er, what's creepy about looking at the promotions tab in gmail?
I'd suggest watching how other people use email once or twice. My mother has a number of emails from companies that I would consider outright spam (signed up for at purchase time of whatever) but she looks at them nearly every time for good deals.
I used to think this behavior was crazy until I bought some nicely tailored clothes at a smaller shop online and started getting "sale" and new product emails from them and I...didn't immediately mark them as spam. I now read them regularly even though I rarely buy from them, even if just to get ideas for clothing.
What browser do you use? If there was a sane option, I would use it but Firefox really consumes resources even putting effort in to optimizing my settings. Using the tor browser or something is just not practical for everyday use. You can either give your data to microsoft, apple or google (if you haven't already) or use FF.
i meant to imply that suggestions about browsers, (following a statement like "delete chrome") often aren't practical for most people, and as a web dev I need a fairly traditional environment. So by "sane", I meant things like using ice weasel with noscript or tor-browser, or a very non-traditional small independent browser. I have reasonable privacy and security settings in place but need to be able to test websites etc.
I was asking the above because I love FF but on my macbook it was spinning the fan up and using a lot of cpu. I will try it again, but it would crash or throw the computer into spinning beachball mode; a lot.
Reading a lot of the comments in this thread, you guys are taking this announcement and running with it in some weird directions. Google's just playing catch-up with ad targeting features that Facebook has had for years. Nobody is targeting individual users. There are HUGE amounts of depersonalization work and legal review that go into making something like this a reality. If you think Google's engineers spent more time developing this than Google's legal team spent approving it, you're probably wrong.
Say a company wants to target ads to people that are in their email subscription list. Or a brick-and-mortar retailer wants to marry up their in-store customers with online data to target in-store shoppers with online advertising. These are features that have been supported for a while through Facebook and through third-party services like Liveramp. Google is building the infrastructure to support these natively. It's not a new technology. It's a very old one - what used to be called database marketing back in the days of direct mail and catalogs.
Granted, I make my living in marketing, so I may be biased, but I think a lot of folks are looking at this the wrong way. More targeted advertising is less annoying, not more. (A) You aren't getting spammed with things that are irrelevant to you. The ads you are shown are more likely to be related to something you actually care about or could potentially want to buy. (B) Advertisers don't have to spend as much money on targeted ads as they used to have to spend spamming the world with untargeted advertising (see also TV, radio, sponsorship & endorsement deals, etc), so their margins go up and they can afford better product development, lower prices, etc.
The risks here are that you will somehow be outed as someone that shops frequently at a particular store, not that you're going to be "spearfished" or that the NSA will send drones to your house to kill you with missiles.
Your post assumes that marketing generally helps people do the stuff they want, not manipulate them into doing stuff according to advertiser wishes(to some extent). Many users here don't share that notion.
What's the implication here for sites wishing to monetize by selling (hashed) email lists of their users? Take Reddit for example, it could make a lot of money by selling the (hashed) list of users subscribed to /r/travel (or almost any other sub). Suddenly all those users with adblock who won't fork out for subscriptions would be generating income.
I know most TOS's say they don't share email addresses, but sites could theoretically specify that a hash of an email address be allowed.
This is going to require merchants to update their privacy policies, surely. Sharing personally identifiable information with Google (which could be subsequently joined together with data from other merchants to form an even bigger profile about you outside of your control) is entering a whole new (terrible) world.
Few third parties have the potential to do with your data what Google can - Facebook perhaps being one exception. I'd say this represents a significant step up in terms of data collection. I've certainly never worked with a supplier that could offer anything like Google could.
The article gave gave an example of 'Rewards program' of a company. Using that example, most rewards program give you the option not to receive 'promotional emails' from them. Does this mean such companies will also not upload to Google, the email of someone who has opted not to receive promotional emails? If the companies don't do that, how can a user 'opt out' of not receiving such targeted advertising?
This isn't about sending emails. It's about Google AdWords display ads. I think it's technically possible to "hide" individual advertisers, but the short answer is: no, the company is under no obligation to stop showing web ads to people who previously said they don't want emails.
Yes, the company may not give your E-Mail address to ANY third party unless directly authorized, and, in the future, even if authorized, companies may not give data of EU users to ANY US company.
Doesn't mean that at all. Reward program would just be an example of a not-necessarily-web company that has a list of customer emails. Nothing prevents them from adding your email to that list.
The scary thing is this means Google is targeting and following us on an account basis, not just an anonymous advertiser id.
If only there was some universally accepted 'do not track' feature....
I'm curious - is there any statistic around the number of people who browse while signed in to their google accounts?Personally, I don't do that. I make a conscious effort to be signed out when browsing but I've always wondered if majority of people are like me
A list of email addresses "which can be matched to signed-in users" - it is not clear if the list will have to be gmail addresses matching the logged in users? I'd assume so, unless Google is maintaining links between people's google email addresses and other addresses they might use (eg. multiple email boxes being used on the same phone)to make a match, which is also plausible.
The adtech term for this is call "CRM onboarding". This technique was actually around for a while and popularize by 2 independent companies, Datalogix and Liveramp (founded by Auren Hoffman). Both of these companies exited with Datalogix (sold to Oracle) at around $1.2b and Liveramp (sold to Acxiom) at $310m.
"Hey there George Thompson, click to see one weird trick to hide your arrest records from your wife Mary"