ok hear me out: client side targeted advertising. no unknown data is stored on some server somewhere without you knowing. you just add topics you like to an array and it's sent with each ad request.

i have nothing against advertising, i have stuff against stalking, and i'd be ok with this.

Except that client side tracker can retrieve a hell of a lot of personalised data 🤷‍♂️
Browser fingerprinting is a thing.

@C0D4 yes i'm aware that browser fingerprinting is a thing. first of all, browser fingerprinting would be server side tracking, and i'm not saying it tracks you at all. you would get to put topics manually, for example in your browser as an extension and it would send the topics whenever your browser requests an ad. no cookies or bullshit like that.

The code problem of advertising are two things:
1) unknown sender, no verification possible
2) unknown flow of information

Unknown sender is the fun and joy that web content can load anything from anywhere - jolly cross site scripting, browser bugs and so on.

Unknown flow of information is another issue. Just because you know it's a Google Server or the agreement box shows Google, it's impossible to really know who got your data in the end.

The second part has a deeper meaning - when you look at a company and all it's related companies which might or might not be included in the agreement, you will never come to an end.

Most companies have complex hierarchies for tax evasion and other stuff... And by complex I mean 'non human layman resolvable'.

So even if you knew all the companies names who did shiny stuff with your data, finding out who or why they did it - impossible.

So. Some thing has some where somehow a deep understanding of your behaviour for unknown reasons, selling it to some other thing for unknown reasons and get's paid.

Even if you send them what you like, it's hard to believe that the "things" give up your value just because you're nice to them.

You're a cash cow. ;)

@IntrusionCM no. the whole point is that the two parties don't matter - one gives information about what ads they may like to see and the other gives an ad in response.

there would be no issue about an unknown flow of information because the information wouldn't be associated with anyone's identity.

i'm confused as to what you mean by unknown sender and how it applies here. google and other advertising services don't know if a legitimate person is requesting ads, so it doesn't matter for this theoretical service either.

Developer rule #1:
Never trust the user.

User rule #1:
Never trust the service.

So basically, don’t trust anyone, ever. Someone will screw you over, happily, if given the chance. Even if it’s illegally. Why? It’s profitable and/or fun, and they don’t give a fuck about you, your morals, or whatever laws might strive to protect you from them. In fact, many probably pay lobbyists more than your yearly salary to push for laws that specifically protect them from you. See: RIAA, cigarettes, taxi companies, big oil, big pharma, banks (and exchanges and investing academies), Microsoft/Twitter/Facebook/etc., and basically every big corp out there.

But that’s where your flaw is: in your scenario, the user is trusting the server not to fingerprint and store those preferences. They will, guaranteed, because it is in their best interest to do so, and there is zero reason for them not to — except “nice guy” marketing, and there’s nothing stoping them from doing that anyway and just lying about all their shady practices a la Facebook.

If you want a better advertising solution, you need to devise an approach that protects both parties from the other. (Facebook and Google’s approach to this is being the source of truth for targeting data; it works as long as you can trust them with the data, and we really can’t, so theirs not the best approach either.)

@Root why can't you just block fingerprinting? firefox and other browsers block fingerprinting cookies, can't it be done with this

@calmyourtities You’re confusing fingerprinting with advertising ID cookies. Fingerprints aren’t (usually) stored on the client because they can be regenerated on demand. Advertising IDs are instead arbitrarily assigned by the server, so they’re not reproduceable on the client.

You can’t block browser fingerprinting without blocking or masking some features or data in JavaScript, or changing script behavior (e.g. execution speed, canvas abnormalities). Default settings across wide user bases help, but they aren’t a magic bullet either.

Circumventing stored advertising IDs, by contrast, is as easy as deleting your cookies.

@calmyourtities https://en.wikipedia.org/wiki/...

You have to change your browsers characteristics plus your own IP address for every request to somehow become unanimous, keeping in mind a unique fingerprint will make you stand out like a lightbulb in the dark.

For example: https://www.deviceinfo.me/

Good luck masking all that to blend in.

Even with cookies disables, you can be tracked from site to site.

@Root ah, i suppose that's true

@C0D4 i did consider the ip to be an issue, i am with you there.

what i'm hearing from both of you is that this would be great for the dark web. right? (you know, if they actually had advertising)