Hey everyone, welcome back to Reality 2.0. I'm Katherine Druckman. Doc Searls and I are talking to Augustine Fou, who you may remember from an earlier episode. If you didn't hear that one, I would recommend going back and checking it out.

Augustine is a well-known ad fraud researcher. He has also written a really cool web app for visualizing tracking data, and he's come on today to tell us a little bit more about it, and I'm really looking forward to this one, I think you do are gonna unpack this problem of ad tracking in a way that's pretty exciting.

So before we get started, there's something I wanted to quickly mention, we'd like to start sending out a newsletter to compliment the podcast and give everyone a little more information, so I hope you'll sign up by visiting us at reality2cast dot com and hit the newsletter link to sign up, thanks. With that, I will hand it over to all and let's look at this tool, it's page X-ray art Fou analytics dot com, and I'll put a link in the description of the podcast, so please go check it out, type in any URL to any website you want it to... Process, and it's gonna give you a really cool visual depiction of all of the trackers that are loaded on that site, so I guess to give us the correct spelling of fou analytics, so OU and then analytics dot com.

'cause foo has a deep meaning that... That's right, it's a homonym we don't want. That's pagexray dot Fou analytics with an s dot com.

So let me just give a little bit of background here. As a journalist, especially a Linux Journal, long time leaders know that I've been in vain against being tracked online for a long time, and it was through that work and just because I think we basically started tweeting at each other a lot, like little amends for what the other one was doing end then we got to know each other or both in New York at the time. I'll be back in New York, I hope, but... You live in New York, right? Seaplane is to... Let me give just a little bit more background. So the mark up great bag is a great publication, came up with something called black light, that does some of what Augustine's doing here, but basically in a summary form saying This site, this say tracks you in these waves, that one doesn't handout as much. That one does more, but to me, it's still all adjusted around a norm... That you're being tracked all the time. What I love about what Augustine has is a way to visualize what's happening behind the scenes when you go to a website, which the way website, the way the web was originally designed as you're asking for a file and you're gonna look at the file and there's the file as a document, you're looking at a web page and now you're getting this, this payload of you're getting injected with a zillion trackers is... Tell us how you visualize what goes on here or summarize it to... Okay, great.

Yeah, I'm also a big fan of the mark up, I think it's a black light or back light, that's black light, a bill in it. So it highlights the problem of the trackers on the page, but it does it incite summary format, and I actually think the main difference is that their audience is more the consumer that once you get a sense of how privacy invading a particular site is, so they kinda give some reason, they compare it to the averages, like this site has more trackers than average, and this other side is less... In my case, the tool was developed primarily for meeting years and also for privacy researchers, because they actually need to see the trackers and the tags that are not only loaded on the page, but also called in by other ads and trackers.

So for that to happen, we have to actually use a brow to load the page.

For example, a lot of this privacy research in the past has been done by people literally looking at the source, so they would just try to look at the trackers that are put on the page itself, but then you're only seeing the first later, meaning the trackers that the publisher voluntarily put on the page, but because of JavaScript, when the JavaScript executes, for example, to load an ad or to load a track, or the JavaScript can then call in a dozen other trackers and those are not on the page and therefore you cannot see them when you just do a new source on the HTML of the page, so what we did is we built a crawler, it's pretty standard that anyone else can do... It's a headless chrome, so it's a full Chrome browser, and the reason we call it Headless is that it just doesn't have a screen because it doesn't have to show anything to like you've been looking at is just run on the server.

So when the Chrome browser loads the page, it allows all the JavaScript to execute, and when those JavaScript executes, we can actually see other ads and trackers and other craft being loaded in on the page, and what we do is we literally record every network call, and we thread it together into what we call a tree graph, so essentially what it's showing to you is what calls what... And so we start with the page that the person visited, and then we'll see, Okay, here's a dozen things, here is 50 things, or maybe even 100 things that the publisher loaded on the page itself, but from there, we see almost like the entire rest of that tree graph it populated when those ads and trackers call in, lots and lots of things.

So as an example, if you're curious, you can go to pay Ray H analytics dot com and just type in something like Wired dot com or Smithsonian mag dot com, just check any website or webpage, it's one... And some of these tree grass will be so large that you'd be shock.

I'm looking at Wired right now, and again, for listeners, I really highly advise plugging this thing in page RAF analytics dot com, so I look at this, it's like, Okay, I'll go to wire, I wanna look at a specific article, and an interesting thing is, I've tried your tool with the name of an article with the URL, it does the same thing, it is just getting the same as if you're just wired dot com, and it's kind of like, Okay, you're looking for the story. But what I'm getting here is counting digital at Nexus, lots of trees come, lots of stuff from Adobe, but it's kind of like you have these uninvited files, but then you've got all their friends, see here's when called contextual media, and it's got adour Budd. Something would double click, but the one other double clicks and gum and Criteo and then some of double up, like one might be called more than one may be calling the same friend in as it were, and then they pull their friends in and they call their... For instance, it may go down four or five levels in... I'm looking at one here it goes from, let's see, cookie law to tag Bounce Exchange to another assets, Bounce Exchange to a tattoo change, and they're finding an asset Bounce Exchange and I have no idea what that is.

Right, exactly right, right. Do most consumers know? Most consumer Zillow's looking at what you know, you know a man, other people know we study this, that the key here is to allow the privacy researcher, a consumer might be just overwhelmed with this, but the point here is that just like what happened in 2016 with cameras analytic, we call it a scandal because most consumers didn't know Facebook was either selling their data or allowing third parties like average Analytica to come in and harvest their data, so most consumers similarly here, they think they're interacting with one web page on one publisher site, like wire dot com, they don't actually know all of this other stuff that's happening behind the scenes, and that's where the privacy violations are gonna actually happen, and so when we take into consideration GDPR and some of these privacy regulations that are just starting to be enforced, the question is, Has the consumer given consent to all these ad tech companies that they've never heard of before, like you said, gummer, crux digital or a LiveRamp or any of these... So it becomes very problematic. And that's why the privacy researchers are using this tool to just see what gets called into the page.

So I'm looking... So if I look here at cookie law dot org and there, and that fans out too, I think maybe more than a dozen others, some of the lines and your tree graph go in and which actually fans out kind of like a river Delta, kind of like the Mississippi Delta, the Nile Delta kind of spreads out 'cause it reaches his approaches to see, but some of them are gray, summer, orange or brown, I'm not sure in the summer read and so... Yeah, let me do a quick synopsis of what those things are, so on the first... Basically, first gland, you'll see all of these tree branches branching out, the ones that are colored orange, the lines, the color orange means a third party cookie was set, so we call it a third party cookies because it's some other domain other than the site that you were on, so in this case, the person was on wire dot com, but some other domain like, umm, dot com or something, or Criteo dot com is setting a cookie, that's why we call it a third party cookie, so when a third party cookie is set, it's called orange when it's great, that means there's no cookie set, and that's actually what we want.

So we've actually been doing a study of European sites to see if the enforcement of GDPR has caused more of these publishers to reduce the number of trackers and actually stop using third party cookies, and unfortunately, the preliminary evidence is that it hasn't had much of an effect of, I guess... So then there's a couple of other things in the little white circle, you'll see a number, which is a number of times that particular tag got loaded, now we highlight in yellow, so I don't see any ones in yellow here, but if there's 10 or more of that same thing loaded, then we highlight, that is yellow, and then you'll also see color coding where ad server requests are colored blue, so these are typically the domains where ads are served from, and then the trackers, so these are other domains that are used for tracking purposes and this includes analytics, so something like Google Analytics will be color-coded as orange, and then there's also gray, which are things that we can't even tell what they are, so it's not categorized as either.

And then two more quick things. One is the little flag that you see next to each domain, right.

This becomes important for the privacy researchers because if the user or the site is in Germany, for example, we wanna actually see if any of these trackers are being called from say, the US, or any of their data being sent back to the servers that sent the tracker because in that case, the data got shipped across country borders, and so that has implications for compliance with privacy regulations, so in most cases, because we're here in the US, we'll see most of the trackers and ads are also being served from servers here in the US, but it becomes less clear if you're actually loading this tool from EU or if you're loading a page from the U, how can you tell them from the US is just an IP... It's the IP address of the server that sent the tag, and then we look up the exact IP address, so we know which data center it came from and we can flag it.

Yeah, as I see one flag here, I don't recognize, and I see one Canadian flag.

When I see Hot Jordans up in Ireland, is the Irish flag.

Interesting, okay, so they're probably safe haven there or something. So just like criminal organizations register their companies in Trinidad and Tobago or something, this might be something like that going on, but you see those little finger print icons next to the car has been called out by the... There's a freedom to tinker a group or a blog at Princeton University, where a number of privacy researchers, I think in 2017, did a study to show these types of fingerprinting services are exfiltration user data, which includes login and passwords, and that's because the JavaScript from these services is actually logging the behavior of users as they use the site... On the one hand, it's actually useful 'cause the website owner can use that to say, Okay, well, how are they using the site, are they getting stuck at any point as the good use of that is for them to improve the user experience, but the other dangerous thing with that is that this data is being shipped off to some other place, in this case, the servers in Ireland or something, where potentially even login and passwords are shipped off because all of those are faithfully recorded by these kind of analytics when you're typing something, a record you move your mouse, it records all the eaten, I tried it out once and my mind was blown, I felt a little dirty actually to watch it tracks the whole session and where you move your mouths and stuff like that, ostensibly for user experience improvements. Yearning story actually, we used it for about 10 minutes on one external dot com, and a few of us were sitting around my laptop looking at a screen recording, Susan recording, and you could see you could see every mouse move and then reply, it hovered around the photo of one of our female employees in a way that we were all so uncomfortable with that we had to do to thing down and then we removed it from the site and it was terrible. Anyway, I wonder if you could speak to the level of tree branching and the significance of that, because I think what's particularly interesting about your visualization is that it goes so many levels down, and that's really the importance of it, because I just think that the publishers don't even know that this is happening.

The site owners, if you see that first level, so at the very left, we start with a page itself, so it's water dot com in this case, and then the first level would be all the ones that they actually deliberately put on their site, so that's fine. They know that they did that.

So things like Google Analytics, of course, there's a good reason for them to stick on the site, and there's also other things that are useful like when they're showing ads and stuff like that, you'll see Google syndication or Amazon ad system dot com, so those are all legit and you can understand the publishers using those to survey, but then when you see all of these other things being called in by some of those domains, all these other tree branches, that's the part that the users don't know about, and sometimes the publisher then so don't know about... So if all these things are being called into the page, these are our loop holes, and that's why we see phenomena like advertising, so alerting is basically an ad that is laced with malicious code, so very often these big publishers, they don't know that it's happening because they don't know what ad is actually gonna be served into that ad slot before it gets served into the ad slot because they're a programmatic, so then when we see that, that's kind of like how the advertising gets in, and so in this case, you can also surmise that privacy violations of their users are gonna happen in some of these branches beyond the first level that the pusher knows about, so if some other ad tech companies violating your consumers privacy, do the publishers even know about it, and are the publishers themselves liable for that? Do they have any liability under GDPR and CCPA, and this is because just taking the example from advertising, the consumer went to war dot com and they got malware, who do you think they're gonna blame... They're not gonna know that all these other companies behind the scenes is how the malware last... Got him into wire dot-com, they just said, Oh, I went to war dot com and I got an aware... So who do you think they're gonna sue or who do you think an ambulance chasing lawyer is gonna sue? It's gonna be wired dot com.

So I raise that because anything beyond that first level, the publisher's gotta really look into it and they gotta have some more rules and maybe terms in their agreements with the advertisers to say, Well, you're not allowed to call in all these other things without telling us... So I think there's a big question that still remains to be seen, how it plays out in terms of when the privacy regulations get enforced, whether the publishers themselves are responsible or have legal liability when someone else violates the privacy of the users that came to their site, wow. And then legal issues decided, it's just not a good look, right?

It's still any confidence and your readers or users or whatever you... And I kinda look at this and say, Well, their priority is making money, their priority is not necessarily serving the user with good content, whereas if I look at better sites like New York Times, ESPN is usually model citizen, and when I check in external, there was actually a very tiny number, literally five that we load it on the page and then those things didn't call in anything else.

So when you see that, then I say, Okay, well, this is a good publisher, they're actually very conscientious about the privacy of their users and they take that seriously, so I would put a lot more faith and a lot more weight into those kind of publishers than ones that have these enormous trees, it's like they either don't know what the heck they're doing or their priority is not me, the reader.

So another thing that I would mention or ask you about it, most privacy-related browser extension and that sort of thing to detect trackers will pull up... I don't know what 40-50 may be in the worst case, and you go in like, God, 40 trackers, but I really wanna emphasize that everyone really needs to look at this app because is the tip of the iceberg, that's really what they can see on the page, so literally when that page loads the Chrome extension or rather, whether it's an ad bolus or Privacy Badger or go, try, they'll see that first level.

And that's really the difference. We built this where we have a Chrome crawler go out and actually load the page and we actually record all the network calls, and that's how we can get all the other levels beyond that, so what goes to reports you... What disconnects reports to you or Privacy Badger is really that first level, but they're not executing the JavaScript and causing all the other stuff that would have been loaded in that we can see in this page X-ray.

So you gave on Twitter, I think, or somewhere, Smithsonian Meg as an example. And I just brought that one up, which is pretty massive, it just... It fans out. I notice a few than I saw it before it went... More than a thousand. I adore requests, I think, yeah, we're tracking requests down to 640 at the moment, but I'm wondering if they made me... Who makes the decision to do this? And does somebody sit there and say, we want as many of these things as we can possibly can, because... And I'm guessing we're just gonna get more money for more of these intermediaries and seems that's the line that these AdTech companies have sold to the publishers, so you're absolutely right, over the years, this kind of stuff that he's built up, accumulated crap.

So I would say the original reason is, Oh, if you put our tracker, if you put this pixel on and all that kind of stuff will help you find... Look like audiences will help you get higher CPMS, your audiences are more valuable the more trackers you put on, so a lot of those big publishers had got convinced that they would make more money this way, but what we've seen in literally the last 10 years and most aggressively, in 2013 is that instead of making more money, what's actually happened to these big publishers is that they've lost money both on top line ad revenues because now marketers can say, Oh, I can get cheaper at impression to over here on the change. Why buy from you guys, the premium publishers if I can buy some cheaper stuff over here, so the top line has been pressed down, and then the second thing is the bottom line, like their margins have also been compressed, and that's because they're trying to compete against fake sites that are offering 30-cent CPMS or 3 CPM, which is one-tenth of what these big publishers typically charge, so over the years, we've seen all these trackers get voluntarily put onto the site by the publishers, and in this particular case, first Missoni, the first level to the right of Smithsonian mag dot com would be the ones that they voluntarily put on the page, and that's a large number right there, it's accountable.

It's more than 100, so some of the other sites are not disagrees, but I would just say the more desk with the publisher, the more likely they're gonna get swindled by these attic companies, so like I said earlier, there might be some unknown liability, they need to be cautious of, but again, as I've advised a lot of these bigger publishers, if you don't know what these trackers are gonna be doing on your site into your users in credit to rip them out, and some of the bigger publishers have started actually doing a cleaner cleaning of the house... And so some of the ones where they clearly have not gotten any benefit from them, and in fact, their users data has now been shuttled off to somewhere else, their users are not being monetized by other people, so when they realize that they're actually stripping out more and more of these. And so they're... Hopefully, they'll have a much, much smaller set of trackers, and when you have that first level be smaller than the rest of the tree will definitely be smaller than what you see here.

I know, and I think somebody in the UK is trying to outlaw real-time bidding. When was to look for, okay, my data or data about me is going out in an auction somewhere, would you be able to look at this tool and say, Okay, there's an auction here, there's an action there kinda... You should be able to... There's certain domains like RTB IO or something. I don't think I see it here in this one, but there are gonna be certain domains that correspond to header, bitter code, and so in those cases, they send off some data, now in those cases, that may not be the thing that's violating the consumers privacy, it's gonna be the stuff that gets loaded after the bid, so at the time of the bid request, they only send back kind of tidbits of information, what I call her headers. Browser headers, because the JavaScript hasn't run yet, the rest of the JavaScript hasn't run yet, they don't have a lot of the other information about the user, so at that moment, it's still very, very early in the page load sequence, and then after the page loads and then after the ads low, that's where some of the problem comes in because the ads themselves might spawn another 10 trackers or so, so that's where some of the user information gets collected by their JavaScript and then sent off to some other third party.

So if you think about GDPR in particular, there's some specifics in there that say the anti-company has to gather explicit or what they call informed consent, so the user has to understand what the heck they're giving consent to, first of all, but then there's also some specificity so they're giving consent to this company for doing these things like setting a cookie or collecting their data for the purpose of selling in all that kind of of... And then for this specific period of time, and if you don't have that kind of specificity in the consent that you got from a user, it's gonna be not good enough at some point, again, it comes down to when those regulations are being enforced, so we're only at the very, very early stages of those regulations being enforced, you have any plans to... Roll me back up a little bit. Who do you expect to use this app? Is it primarily for research or do you expect a little bit more of a consumer audience or...

I don't think it's really gonna be a consumer audience ever, 'cause this is really meant to be this level of detail, so I think the first wave of users that are already using it right now are the privacy researchers, and many of them happen to be in the US, but I do think that this is an element that goes into how we grade the sites, so like we said earlier, sites like New York Times ESPN, their tree graphs are tiny, and that's because they've been very careful and conscientious about protecting the privacy of their users, whereas some of these other sites, top priority is make as much money as we possibly can, we'll put whoever on the site because they promised us more money, so then we can actually visually see the difference in quality, and I would say categorically, I would expect the bigger publishers to have less trackers in general, and then some of these longer teleosts, so it will be built into something in the future, it's not necessarily consumer-facing, but for marketers who actually want to buy ads on quality publishers, this is one ingredient that goes into the quality score. So part of it would be how many trackers do you load on your page voluntarily, how many other trackers you let be called in by those? And then other things like the quality of the traffic, is it majority humans that visit your site, or what percentage of your traffic is block traffic, and that also kinda gets to like if a publisher is deliberately buying traffic or sourcing traffic on... They call it them.

In those cases, it's like common sense will tell you there's just not a whole bunch of humans sitting around with nothing to do but to go to your specific web page 10 million times and repeatedly low pages for you, but it's very, very easy for a botnet to do that.

It's just one line of code, go hit the site 10 million times in the bottom that would go do it.

So it's just gonna be yet another ingredient that goes into how we grade each domain, and so for a marketer, again, when they're trying to do a more conscientious media buying, they'll say, Oh well, I wanna buy from high quality publishers that real human audiences that respect the privacy of their users, and here's a score below which we're not gonna buy, so it kind of gives you a preview of where we're headed with this, it's more to serve the marketers as well.

That's cool. Well, you just answered my next question, which is, do you have future plans or what are they... Yeah, I think right now, it's more just this a free tool, consumers can of course play with it, but I think they'll just be kind of overwhelmed to see this many levels... Again, I like the mark-ups tool, which is more simplified and summarized in layman's terms, but again, that's a little more consumer-facing, this is meant for more like privacy researchers and to collect the data so that we can kind of keep track of which are the domains that are serving ads and which are the domains that are serving trackers and things like that, because those also keep evolving it sometimes a bad guys or uncles ad to companies, they'll just keep changing the domains on you, 'cause we know that consumers use ad blockers and when those domains get added to the block list, they can't collect the data anymore, so then they change to a different domain, and so we gotta keep an eye on that because those domains are still collecting information about users, and we wanna make sure we help the privacy research is protect the consumers as well, Cowell first. Okay, so I just use pastry to look at the New York Times, 'cause they're good actor. Well, okay, so that fans out to the first level, just three places, but one of them is New York Times, and it's kind of fingerprint next to it, at first it was... When is iterated? Google syndication something. Yeah, so Google serving ads. Yup, yeah, and then the third is anytime dot com, and then that fans out to... I'm guessing maybe about 20, maybe 25, yes.

Some of them are so-called any times that makes complete sense to me on expect that, but then there's contextual media, and that goes out to a bunch of stuff I had heard of a... Of Googles, but then there's some... Is digraphs there? As a user, I don't wanna see any of it. Or very little of it. There's no... In communications, there's this thing called signaling, somebody holds up their hand and that means they're saying Stop, or if they wave through there, come here, that means, God, they've a thumb up, that means those are signals.

When you signal to a website that I wanna file, you're expected to one york times, you're not expecting to get all these guests, and speaking personally, and I'm looking... I realized I'm looking way down. streamers have been on... I've been an a-hole about all this for 20 years, so it's like, I'm patient about it, but at some point, the individual gets in the middle of this and says, Yeah, I'm cool with... I'm cool with Amazon, I'm cool with an air times, I'm cool with Google provider, or maybe I've a google dot, But whoever, Google intermediates, like we were talking earlier about, in CLL with Canadian I like Chevy say, or an any brand. Actually, I think very few people are gonna say that.

For the most Barber's see, people do at least they recognize the Bradstreet, recognize you said crux digital like, Who the heck is that?

If you said, no, exactly the hakata... All of these attic companies, they've never heard of 'cause they're not in birth... Right, and if you did B-RT that come... And a lot of these, if I look them up, there's not even a domain there is like... But if I look them up on a search engine, they'll say, Oh yeah, that's an added... That's an add thing that a product of this company, whatever it is.

So I think for the consumer, there's been privacy tools that have been available to them for a long time, so I'm gonna point out some good ones like Privacy Badger, and maybe even go try... But if you think about Privacy Badger, when they load a page, you'll show you what trackers are loaded there, you can actually... There's a little switch, it goes from red to yellow to green, you can manually say, Oh, I like these guys, you may not actually like that, but you'll say, Okay, I'm okay with them tracking. So maybe for Google Analytics, you'll set that, but I'll tell you, for most consumers, either they have an install Privacy Badger or they're not gonna take the time to go change each of those little slider things from red to yellow to green. And what does yellow actually mean? I don't even know what that means.

I just say that because I don't know either, and I've been using it for years.

As Nettie been using it, I switch out with others, the Bay cloud bouncer and whites in those cases, because it's just too much work for the consumer to decide which line items to permit or not, they'll simply either lock it all or not block it all, so they just because of just the amount of work that's required. And I don't know if you saw, I put up a short screen recording of a condo as website where they were trying desperately to do the right thing by prompting the user for consent, but if you look at the consent window, it basically has literally a 100 different antics, vendors, it's unreal is gonna do that.

And then you have the stolen, I'm gonna accept all these... Exactly, right.

So most consumers are not gonna do that, and at least they're not gonna be informed consent, they're just gonna say, Oh, I'm trying to get to that page, so effort, I'm gonna give consent. Everything, and that's not informed consent that will not hold up under the law, so I think other things like brave browser, there's been an uptick in consumers using that because in that case, they block everything, so for the consumer who doesn't wanna spend the time to fine-tune and explicitly allows certain things to go through, then especially these attic companies, then they're gonna use able that actually work at Block Plus to be sold out.

So users use them thinking that they're gonna block the ads, but because Ad Block Plus wanted a business model, they say, Oh well, whoever pays us, we'll just let your stuff through, Okay, so that means to add to it philosophies. So the pay-to-play just doesn't cut it.

They sold out. And that's not good. I don't use them anymore.

So for brave, it blocks everything.

Now, to me, there's an additional scenario which I think will make it easier for consumers, so if I go to New York Times, where if I go to USA Today or Boston dot com, and I like that publisher and I think they respect my privacy, there might be what I call a green option, where they say, Okay, well, this is a site that I respect, I'm okay with them monetizing via ads, because I know that's how they make money, so if I green list a domain, then that browser will allow the ad serving domains to come through, but not the other abstracts, so we still protect the consumer from tracking but unknown third parties, but we allow the ads to come through so that publisher can actually monetize the way they normally monetize, so in that sense, it's based on the domain of the publisher, and the consumer, because they went to Boston dot com, they know they wanted to be there, and so in that case, we still allow the ads to run through, but we still protect the privacy by blocking all the other trackers that might be called, and I think a publisher like boston dot com can have bragging rights to say, Hey, we have 40% of our user base green lights us, and that's a record. or something like that. I think you could come up with a metric around that that can give you bragging rights, so you mentioned brave, but Firefox and Safari also have approaches, they're different, which means nobody knows what's going on, but you've normalized to Chrome, your system actually emulates the chrome experiences of were, Oh well, yeah, this particular crawler is Chrome because Chrome itself is about two-thirds market share or browsers so far, it's the most common, and headless Chrome is an easy implementation, but is it worth it to people that... Brave makes it really clear that, Hey, we block it all, and then they allow through some things for some reasons, but... And they had some business models around that, but they done some broken field running and how they do that, but I respect that, I think they're cool, but Apple's doing something else that involves AI or something, and then Firefox has its own approach. Do you pay much attention to those in this or... Some of it is applying nuance to where you actually want a sledgehammer, so in those cases, I think the brave one is fine, but again, I do agree with you, they've been misunderstood, so I've heard a lot of publishers dislike them because somebody whispered in their ear saying Well, brave is blocking all the ads that you normally serve and then serving their own ads on top of that... Right, so on the surface, it appears that way, but the new ones, I don't know if anyone even cares about this nuance, what grave is doing is when they're getting the ads, they're actually splitting some of that ad revenue to the publisher and splitting the other part of that a gravity to the user and rewarding the user, right.

Yeah, so I think that part is lost, so a lot of the publishers will say, Oh, well, on the surface, it looks like you're blocking the ads that we're supposed to load on my page and then serving your own ads on top of that, so they kind of think of brave as in the bucket as those sleazy browser toolbars that literally do an injection, they cover up the actual ad on the page and inject their own... So that's very unfortunate that people that work in publishing have this misconception of brave, and I think that's where the cause of the green browser comes in, where we can green with certain domains, and it's not about the browser serving ads on top of the ads that would have served, it's actually allowing those good publishers who do protect and respect the privacy of their users to monetize normally, which is through the ads that would normally serve on their page.

So it's funny that year said that for privacy researchers, and I was thinking, I'm just a normal user, but then again, calm a privacy research... I guess I'm looking at it as a one in the Protestant thinking about this for a long, long time.

Yeah, I mean, you're a different level, doce, all are... I think none of us are just the average summer when it comes to maybe privacy related, but I think that... So part of what's going on here is, I don't know whether who said it first, you or me, or done Marty or somebody that... What we're looking at here is kind of a four-dimensional shell game, it is a shell game, you don't know what's under what Shell and what's going on there, and is it possible to say, I see an ad actually back on the New York Times page, let me go back to that one. Let's see, that was Smithsonian and... Oh yeah, there was... Oh, it's different now. That's interesting, but actually, you have a little image of an ad that got served... Let me see this. So that's an actual New Yorker. And on a New Yorker page, so then I'm like In New Yorker there, I have too many tabs open. Oh, here it is, it's in the wired one. There's one here, Okay, I'm seeing an ad for Banana Republic kayenta next to a 02 menu, Eric string.

It took 20 milliseconds for that to happen, and that is a bit at a Republican... But there you're actually showing. Well, there's the providence of an ad, if I were to see an ad for Banana Republic, I knew it came from three levels down from this MDOT net, by way of Google devastation to education, which had the fingerprint next to it, which comes down from secure pub AGDA DoubleClick dot net. Yeah, so now the question for me is, okay, I see that it... Is that just because... Well, that's just the NIOSH, or is it because they know something about me or they're guessing, so they're not knowing, or in this case, it looks like it's just the ad that was shown. 'cause I'm seeing the same Banana Republic.

Oh, you are in my side, so this one doesn't necessarily seem to be targeted individually, but there will be others, like the creepy as it follow around the web, the retargeting ones, those are their retargeting ones, I don't think these are... But when you look at a bike on Amazon, that specific like will be shown in an ad next time when you go to the next website, so those are typically different vendors, and that's how the fingerprints are used, so they either use a third party cookie to say Oh, it's the same person. So because they look at this, we wanna show them the same ad, but third party cookies are gonna get limited in the upcoming Safari and Firefox in that kind of stuff.

So they're now turning to finger prints, and that's why we put fingerprints in here, because without even setting a cookie by just triangulation, say a dozen different parameters in JavaScript, make your screen resolution and you list of plug-ins and your browser type, they can essentially... You need pre-identify your device, and that's what we call the fingerprint, so that goes in a couple of places, so you see them doing that, and that's why you put the fingerprint there... Yes, you see the... You see the triangulation happening in JavaScript... Yes, and Hot Jar, for example, we know that particular technology is specifically tracking everything, and so they do fingerprinting, so there's a number of those domains that... There's both the prince and research from 2017, and the one I think it's us, not Santa Barbara, but urine just published a few months ago, where they were specifically looking at fingerprinting, so all those domains we now have listed in here, so whenever we see those domains, we know fingerprint is going on.

So I just went to, uh, understand how your users are really experiencing your site without drowning in numbers, and then they show hot spots on a particular page that people are clicking on, and that to me... That's totally invasive. That's a shitty business.

I don't want that business in the world... Well, you gotta look at it from both sides. The original concept of it was to help publishers figure out whether they have any user... Right, and yeah, and how do you say... This is the question for... A question for me.

Do you put it this way, the cognitive overhead required to know what's going on is impossibly high, and to me, that's wrong. I walk into a store and if I see 50 people with binoculars looking at me, I know what's going on, Right, in clipboard and writing stuff down, and then handing paper to each other... Well, one of the smiles and the other one frons, and they add it to somebody else, 'cause that's what's going on, but not knowing this is just enormous cognitive overhead, and I see a number of ways this can go on is at some point when somebody uses your tool or one like it, and I hope they use yours 'cause I want you to see, you get the business to really deeply investigate this is... Where did all these... Where does this ad come from? What's it doing here and why?

What does the machinery behind the machinery. Behind the machinery, individually and collectively, and robotic ally, think about me as a visitor to the website, that I'm getting this and then I get it, 'cause it's not just the website experiences from placing... With retargeting, some place to place to place, I actually went to... It was a business thing.

Like several years ago, I was invited, I was paid to go to this company in Arizona that... I don't remember the name of it, but he said of a 2 billion company and they did all kinds of stuff, they did call center, they did outsource marketing of all kinds, but they wanted to explain to me that retargeting works when at least people see at the 75th time you see an ad to 75th time... And that's a success. They counted that as a success that I'm thinking.

Maybe the same, the time somebody hits it by mistake, it just... They aim wrong, and they saw that one of those crappy sites that has ads laying on top of ads and pages laid on top, 25 celebrities who cheated on their spouse is right, and you'll... You'll start clicking on that and you click to the right and you get a whole pile of it or craft, and links that aren't really links, they go to the next thing you wanna go to, and you click on one of those within the... I get an account that is success and somebody got paid, did you guys see the social dilemma cut a little bit of the latter, especially trust on... Yeah, I think those are still edge cases which people should be aware of how potentially bad it could go, but I think they're taking certain specific cases and implying that that happens.

So the point I'm trying to make here is that a lot of anti-companies are significantly over-selling their actual targeting effectiveness, and that's because data is crappy, the insights they derive from that data is crappy, and the actual execution of placing the ad to the right person at the right time is also crappy, so there's a bunch of who we're selling by the anti-companies as well, not to minimize the privacy issues and really creepy stuff, but I think there's still a long way to go for... But my whole point earlier was that a lot of this stuff is completely unnecessary, meaning the privacy, invasive data collection is completely unnecessary, if the marketers went back to in direct from good publishers, they would pay them to show their ads, those publishers have real human audiences, so then we give back to the original three-legged stool of the internet, which is a balanced internet versus the fourth leg is in a plugin, by the way, before the internet, and the fourth leg is where the fourth leg itself is actually trying to extract as much value for themselves and no one else.

So because of that, it's thrown everything out of balance, and then finally, I wanna bring back an analogy you said dock a long, long time ago, which is clothing, so in the physical or clothing, the signal that we don't wanna show you our private... Right, and we call them our private for reasons, whereas in digital at this point, unless the consumer uses brave or some actual ad blocking, not at locus, then it's hard to signal and digital, but that's what's necessary, and I think marketers and publishers can actually help us get to that better future more quickly, by realizing that a lot of this ad tech state oil doesn't work anyway, so they don't have to do all these privacy invasive data collection, like I'll use. All the stuff that you see in this page X-ray, if they just went back to basic blocking and tackling and doing marketing properly, they probably still get way better outcomes and spend way less money on these anti-companies.

Yeah, another way of looking at it, and this is just a re-state exactly what you're saying, which is that you have had to sponsor the publication, you know that we call them sponsors, and there's no cognitive overhead to it, if I... See, I can go to, if it's just like it is in a newspaper, I hope the New York Times, and I see an ad for ladies shoes, I know is it doesn't matter. It's there, and I don't if it's a brand... Let's say it's good. I don't... He know if the Cochin make shoes, I'm guessing, but anyway, but that helps their brand, right.

It's not... There are real economic benefits to sponsorship it, I'm guessing, I've never seen the numbers on this, but probably way over a trillion dollars, maybe two trillion has been spent on this kind of advertising so far, and not one brand known to the world has been made by it.

If you wanna make a brand, you gotta spend money in getting people to know you and... Yeah, that's what Bob Hoffman has been talking about.

Yeah, Bois. Perfect and contrarian. His handle, Twitter, and he's got a series of books, is also, I think, one of the best copywriters who ever walked the earth, and really clever, really good. enviable. Good as a writer and as a speaker. But it's really simple. I watched a fair amount of sports, and so I know 15 minutes, it'll save me 15% with going...

Yeah, I can't help knowing that.

Yeah, I... Areal.

Well, yeah, yeah, it works. Well, I know what for tough means. I know I'm in good hands with all state. And those companies have grown.

Geico and Progressive were also ran insurance companies until they really double he quipped truck to quadrupled down on TV advertising, that stuff works is... We don't like it in some ways, but all we've done is lost 30 seconds or the effort to skip past the anti... It's also, I describe it as the pendulum swinging too far one way, so a lot of the marketers in their effort to chase the shiny object called digital over the last 10, 15 years, they've allocated too many dollars to digital, but really the difference between branding and traditional channels like on TV and branding and digital, is that at least in TV, there's a finite audience, there's a real human audience sitting in front of the TV... Yes, of course, some of them go up and use a get up and use it, but the more go get on the dresser, whatever.

So some audiences there, and you can also think about offline billboards, right, people still drive down the highway and they can still see the billboard right next to the highway.

I say branding still occurs, the problem with digital is that when you're doing branding by buying billions and billions of display ads, what you're not taking into account is the portion that's not shown to humans, and that's due to the... You've done an awesome job with that and not... And stuff like that.

Let's say there's a pie chart, you probably really have it anyway, all the ad served... It doesn't matter to... It doesn't even have to be to a human... What percentage of all the ads that get paid for... Okay, is they pay... Somebody gets paid with... That are in the world, what percentage actually gets seen by human eyeballs...

Oh, that's too hard of a question. Do you can't ask that question?

Because if I gave the answer...

No, no, actually, to be serious, you saw my article saying that if we just take a lot of 50% and then Latino... The 50% of that 50% just do that four times. We're down to 94% loss, we're down to 6%After four having having it, so that wasn't even taken into account fraud, so when you talk about... Let me give you another ratio to just think about...

So how many domains do you think there are registered... It's gotta be many mill billions on that.

It's actually 15 billion domains registered.

Really? Okay, to how many websites do you think there exists a 10th of that... It's actually 300 million.

Okay, Sotho many of those websites, do you think humans actually visit... Oh yeah, it just say the top million... Let's just say the top million, right? Be very, very generous. And take the ALEXA top million or something.

So the ratio is one million that human visit to 300 million, it's about 350 years old, but just take a round number, 300 million other domains that there's not enough humans to go visit constantly to generate billions of impressions and that remind... In robots to do this, you can certainly get robots to do that because again, like we said earlier in this podcast, there aren't enough humans on earth, first of all, and there aren't a whole bunch of humans sitting around with nothing to do but to go to your specific website, when you tell them to... Right. humans just don't behave that way. So the ratio of domains that humans go to is one over 300, how many of those ad impressions could possibly be seen by humans... Right, and the other thing is, consider this number, so I do say the back of the envelope recently given someone else gave you an input point, it works out to be about half a quadrille on asper year.

Okay, and there's only seven billion humans on Earth, and that's counting old people and babies to be on internet... Right, yeah.

And people are into the math just doesn't work out. But because of programmatic and because of bad activity, lots are truly scalable, they can be made from headless chrome browsers like ours, and then you just be told to repeatedly load web pages way easier than trying to get a human to go to your site... If you're a site owner, you would know how hard it is to get enough humans to your site, so in that case, because of programmatic, it's basically enabled fraudsters to scale their volumes, so the vast majority of the impressions that you see, we have no evidence that is being shown to humans, and from my data, the very best managed campaigns, I can basically say roughly 1% I could confirm as humans seeing your ad, Welter may be a good summary place to think to stop.

One of the things that... If there's an interesting question, which is, how long will we be digital in the world... I mean, how long will we have digital technology, I think for the rest of time, probably as long as we are operating, but how long have we been digital in a couple of decades of that and in the current current form, maybe decade, less even. And Don Marty talks about how if you inventory to investigate all of this is kind of like painting to Golden Gate Bridge, at the time you get to one end, the other end has already changed. Do you know what an over again. But I think you've been doing this long enough, I... You see all the consistencies that are in it, but I think we'll look back on this in 10 years or whenever, and say, You do remember when that was going on, because it will be going on anymore, it'll be something else, there'd be some other crazy thing that's happening, but this is just an awesome way of looking at what's going on now, and I think most of our listeners are not ordinary consumers, so I think they would enjoy looking at this and that's great. I think it's just out of curiosity, just visit some of your favorite sites and if there are ones that have a of trackers that you didn't expect or ones that are actually behaving well and protecting your privacy. I think that's the key take away.

Yeah, I'm not sure I trust too many of them to do that, but that... I'm just suspicious.

It's funny, when I mentioned earlier, I don't think that any of us or your average consumer when it comes to privacy, I meant everyone listening as well, I don't think... I think if you're listening to us in the first place, I think that you have a heightened with our bugle rationalists.

Very cool.

So thank you so much for joining us, this has been really great, and I've actually learned a lot in the last hour.

Great, thanks. And on that note, thank you everyone for listening. If you have any feedback for us, you can email us at info at reality to cast dot com.

We'd love to see an email from anybody.

Thanks to good.

Thank You, e.