Forty-nine states and the District of Columbia are pushing an antitrust investigation against Google – gpgmail


Fifty attorneys general are pushing forward with an antitrust investigation against Google, led by the Texas state Attorney General Ken Paxton.

In an announcement on the steps of the U.S. Supreme Court building, Paxton and a gathering of attorneys general said that the focus of the investigation would be on Google’s advertising practices, but that other points of inquiry could be included in the investigation.

The investigation into Google comes as big technology companies find themselves increasingly under the regulatory microscope for everything from anticompetitive business practices to violations of users’ privacy and security, to accusations of political bias.

Last week, the New York State Attorney General launched an investigation into Facebook.

Action from the states follows movement from the federal government which is investigating just about every major technology company including Google, Apple, Amazon, and Facebook.

This story is developing.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Why am I seeing this ad? AI, ML & human error in advertising – gpgmail


Ad platforms create equal opportunities for businesses but not equal outcomes.

They’re mostly marketed as self-service and easy to use, however, there are new features added regularly and open-ended ways to set, structure and target. Meaning, countless ways to spend—creating winners and losers in advertising.

This is where machines and digital advertisers are needed, to provide a profitable outcome.

Enter AI, ML and experts as freelancers, via agencies or housed in some of the world’s biggest companies, equipped with ample data, tech and educational resources to match people with companies via ads on search, social, and elsewhere on the web.

But, are the machines still in infancy or too heavily relied upon and do the experts always get it right?

Well, how often are you seeing ads that are irrelevant to what you wanted or where you were or who you are?

An irrelevant ad is an ad paid for by the company advertising but can return zero value as it’s of no use to the person receiving the ad.

As a digital advertiser via my company Adboy.com, I’m always curious as to why I was served an ad and if the company paying makes or loses money from it.

Something I’ve noticed is that in easily avoidable errors, ads can be served to existing customers, people with irrelevant needs and people that can’t be or are far less likely to become customers.

With this article, I’m going to give you the lenses of a fastidious digital advertiser. You’ll spot errors like these for yourself and know how they could occur, what the negative impact could be and how they can be avoided.

Advertising to existing customers


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Spirable refuels with $7.4M to serve more personalized video ads in the US – gpgmail


London based adtech startup Spirable has closed a £6M Series A. The round was led by Smedvig Capital, with existing backers Frontline Ventures, Downing Ventures and 24 Haymarket also participating.

The startup is one of several playing in the customized video ads space — offering a platform that simplifies and scales video ad creation by enabling brands and advertisers to combine video templates with creative and data sources to automate the creation and delivery of scores of personalized marketing messages.

Spirable says its platform, which launched in 2014, is now used by more than 50 customers. Campaigns have run across 75+ countries, with more than 100M personalised videos distributed since launch.

Its most successful industries to date are CPG (consumer packaged goods), travel and telco, according to co-founders Dave and Ger O’Meara.

On the travel front, they give the example of a Deutsche Bahn ‘No Need to Fly’ campaign that used dynamic video to show a location-sensitive side by side comparison of flight costs juxtaposed with cheaper train trips to local beauty spots — which Spirable claims achieved a 397% increase in click throughs; a 849% performance increase; and 59% reduction in cost per click vs the control.

Another example they cite is a Vodafone campaign to promote two own brand smartphone models which integrates multiple data feeds (such as contextual weather and date data) with creative assets in order to dynamically spotlight different features of the devices. The personalized marketing messages were served across Facebook, YouTube and Display channels via APIs baked into the platform.

From five video templates the tech automated the creation of more than five and a half thousand “unique” videos, tweaked to be more relevant to the targeted viewers.

On that particular campaign, Spirable says Vodafone saw sales of its own-brand devices increase by 100%. While ad performance increased by up to 50%.

“We can use all the targeting available in Facebook and layer this with contextual live data like the weather, live sports scores etc. So if we know someone is in London (via geo-targeting via Facebook), we can pull the local weather for that location and tailor the video to people in that audience and also update the video when a goal is scored in a match by a team that the audience supports,” they explain. “Once set up the whole process if fully automated. When the weather, sports data etc change the videos update and change.”

As well as automating serving up personalized ads, the platform provides performance reports on the backend, and uses machine learning technology to optimize ad creative to boost engagement.

The startup notes it’s been a Facebook Marketing Partner for more than two years.

The privacy implications of such highly targeted ads are — or should be — plain.

Among the laundry list of data sources that Spirable’s platform lets advertisers plug in to automate “personalized” ads are “CRM data” which it says includes personal data, purchase data, website browsing, service usage data and preferences; “social audience data”, including behavioral data, audience persona, interests, preferences and intents; and “contextual” signals such as store locations, weather (including pollen and UV levels), markets and stock levels live spots, trending events, pricing, time & date, live travel data, Google traffic data and supermarket wi-fi data.

So, for example, a parent who recently logged into a supermarket’s wi-fi network to check their Facebook account and was tracked lingering near shelves of diapers might find themselves being served video ads for a discount on girlie pink baby products at a nearby store.

The sheer volume of data integrations Spirable offers is one of the areas it claims sets its platform apart from competitors — name-checking Clinch and Idomoo as its main rivals in personalized video ads.

“Spirable has an unparalleled amount of data integrations to uniquely personalise video ads in real-time,” it says, further claiming Idomoo “doesn’t talk about live data and pre-render ads and upload to Facebook — so there is a lack of data-driven pipelines”.

Other areas where it reckons its approach stands out vs the competition is because it’s offering a ‘self-serve’ platform — meaning advertisers and brands can use it to “create, scale and optimise personalised video in-house”, without the need for specialist teams or agencies trained in video effects software (such as After Effects) to make use of the platform.

The video ad building process is also “modular” and “100% customisable” — vs the two named rivals not supporting layer level manipulation, meaning it’s less easy for their users to make changes on the fly to optimize ads.

Another claimed differentiator is that Spirable’s platform is cross-channel — with support for “all major social, email, messenger and display channels”.

It says the Series A funding will go on expanding the business in the US, with a plan to ramp up spending there on sales, customer support and marketing. Product development will also get investment.

“We have an exciting product roadmap of new features that will enable us to reach our vision of making video ads as engaging and useful as any other content a person sees on digital. This requires investment to scale up our engineering and product teams,” the co-founders tell gpgmail.

Commenting on the funding in a statement, Joe Knowles, principal at Smedvig Capital, added: “Spirable is a critical enabler of personalised video advertising, one of the major trends in video advertising today. Every marketer wants to use video in a more personalised way. But so far, slow and expensive content creation has been a barrier to mass adoption. Spirable’s Software as a Service removes this barrier and makes real time, automated video personalisation at scale a reality.

“Having tracked the business for over a year, we are excited to work with Ger, Dave and the high-quality team they are building at Spirable.”


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Mental health websites in Europe found sharing user data for ads – gpgmail


Research by a privacy rights advocacy group has found popular mental health websites in the EU are sharing users’ sensitive personal data with advertisers.

Europeans going online to seek support with mental health issues are having sensitive health data tracked and passed to third parties, according to Privacy International’s findings — including depression websites passing answers and results of mental health check tests direct to third parties for ad targeting purposes.

The charity used the open source Webxray tool to analyze the data gathering habits of 136 popular mental health web pages in France, Germany and the UK, as well as looking at a small sub-set of online depression tests (the top three Google search results for the phrase per country).

It has compiled its findings into a report called Your mental health for sale.

“Our findings show that many mental health websites don’t take the privacy of their visitors as seriously as they should,” Privacy International writes. “This research also shows that some mental health websites treat the personal data of their visitors as a commodity, while failing to meet their obligations under European data protection and privacy laws.”

Under Europe’s General Data Protection Regulation (GDPR), there are strict rules governing the processing of health data — which is classified as special category personal data.

If consent is being used as the legal basis to gather this type of data the standard that must be obtained from the user is “explicit” consent.

In practice that might mean a pop-up before you take a depression test which asks whether you’d like to share your mental health with a laundry list of advertisers so they can use it to sell you stuff when you’re feeling low — also offering a clear ‘hell no’ penalty-free choice not to consent (but still get to take the test).

Safe to say, such unvarnished consent screens are as rare as hen’s teeth on the modern Internet.

But, in Europe, beefed up privacy laws are now being used to challenge the ‘data industrial complex’s systemic abuses and help individuals enforce their rights against a behavior-tracking adtech industry that regulators have warned is out of control.

Among Privacy International’s key findings are that —

  • 76.04% of the mental health web pages contained third-party trackers for marketing purposes
  • Google trackers are almost impossible to avoid, with 87.8% of the web pages in France having a Google tracker, 84.09% in Germany and 92.16% in the UK
  •  Facebook is the second most common third-party tracker after Google, with 48.78% of all French web pages analysed sharing data with Facebook; 22.73% for Germany; and 49.02 % for the UK.
  • Amazon Marketing Services were also used by many of the mental health web pages analysed (24.39% of analyzed web pages in France; 13.64 % in Germany; and 11.76% in the UK)
  • Depression-related web pages used a large number of third-party tracking cookies which were placed before users were able to express (or deny) consent. On average, PI found the mental health web pages placed 44.49 cookies in France; 7.82 for Germany; and 12.24 for the UK

European law around consent as a legal basis for processing (general) personal data — including for dropping tracking cookies — requires it to be informed, specific and freely given. This means websites that wish to gather user data must clearly state what data they intend to collect for what purpose, and do so before doing it, providing visitors with a free choice to accept or decline the tracking.

Dropping tracking cookies without even asking clearly falls foul of that legal standard. And very far foul when you consider the personal data being handled by these mental health websites is highly sensitive special category health data.

It is exceedingly difficult for people to seek mental health information and for example take a depression test without countless of third parties watching,” said Privacy International technologist Eliot Bendinelli in a statement. “All website providers have a responsibility to protect the privacy of their users and comply with existing laws, but this is particularly the case for websites that share unusually granular or sensitive data with third parties. Such is the case for mental health websites.”

Additionally, the group’s analysis found some of the trackers embedded on mental health websites are used to enable a programmatic advertising practice known as Real Time Bidding (RTB). 

This is important because RTB is subject to multiple complaints under GDPR.

These complaints argue that the systematic, high velocity trading of personal data is, by nature, inherently insecure — with no way for people’s information to be secured after it’s shared with hundreds or even thousands of entities involved in the programmatic chain, because there’s no way to control it once it’s been passed. And, therefore, that RTB fails to comply with the GDPR’s requirement that personal data be processed securely.

Complaints are being considered by regulators across multiple Member States. But this summer the UK’s data watchdog, the ICO, essentially signalled it is in agreement with the crux of the argument — putting the adtech industry on watch in an update report in which it warns that behavioral advertising is out of control and instructs the industry it must reform.

However the regulator also said it would give players “an appropriate period of time to adjust their practices”, rather than wade in with a decision and banhammers to enforce the law now.

The ICO’s decision to opt for an implied threat of future enforcement to push for reform of non-compliant adtech practices, rather than taking immediate action to end privacy breaches, drew criticism from privacy campaigners.

And it does look problematic now, given Privacy International’s findings suggest sensitive mental health data is being sucked up into bid requests and put about at insecure scale — where it could pose a serious risk to individuals’ rights and freedoms.

Privacy International says it found “numerous” mental health websites including trackers from known data brokers and AdTech companies — some of which engage in programmatic advertising. It also found some depression test websites (namely: netdoktor.de, passeportsante.net and doctissimo.fr, out of those it looked at) are using programmatic advertising with RTB.

“The findings of this study are part of a broader, much more systemic problem: The ways in which companies exploit people’s data to target ads with ever more precision is fundamentally broken,” adds Bendinelli. “We’re hopeful that the UK regulator is currently probing the AdTech industry and the many ways it uses special category data in ways that are neither transparent nor fair and often lack a clear legal basis.”

We’ve reached out to the ICO with questions.

We also asked the Internet Advertising Bureau Europe what steps it is taking to encourage reform of RTB to bring the system into compliance with EU privacy law. At the time of writing the industry association had not responded.

The IAB recently released a new version of what it refers to as a “transparency and consent management framework” intended for websites to embed to collect consent from visitors to processing their data including for ad targeting purposes — legally, the IAB contends.

However critics argue this is just another dose of business as usual ‘compliance theatre’ from the adtech industry — with users offered only phoney choices as there’s no real control over how their personal data gets used or where it ends up.

Earlier this year Google’s lead privacy regulator in Europe, the Irish DPC, opened a formal investigation into the company’s processing of personal data in the context of its online Ad Exchange — also as a result of a RTB complaint filed in Ireland.

The DPC said it will look at each stage of an ad transaction to establish whether the ad exchange is processing personal data in compliance with GDPR — including looking at the lawful basis for processing; the principles of transparency and data minimisation; and its data retention practices.

The outcome of that investigation remains to be seen. (Fresh fuel has just today been poured on with the complainant submitting new evidence of their personal data being shared in a way they allege infringes the GDPR.)

Increased regulatory attention on adtech practices is certainly highlighting plenty of legally questionable and ethically dubious stuff — like embedded tracking infrastructure that’s taking liberal notes on people’s mental health condition for ad targeting purposes. And it’s clear that EU regulators have a lot more work to do to deliver on the promise of GDPR.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

How to use Amazon and advertising to build a D2C startup – gpgmail


Entrepreneurship in consumer packaged goods (CPG) is being democratized. Every step of the value channel has been compressed and made more affordable (and thereby accessible).

At VMG Ignite, we have worked with dozens of direct-to-consumer startups trying to both find product-market fit and achieve scale through Amazon and online advertising.

This article focuses on customer acquisition, particularly Amazon and online advertising, for the direct-to-consumer (D2C) CPG venture. Selling on Amazon, specifically third-party (3P), has become an increasingly important component of the D2C playbook. About 46% of product searches start on Amazon, which makes it a compelling source of sales even for early-stage ventures.

Table of contents

How to find product-market fit 

People say that ideas are a dime a dozen. They aren’t valuable. But finding product-market fit? Now, that’s hard. The gap between an unexecuted idea and proven product-market fit can seem vast. Yet it’s a critical first step because, ultimately, marketing amplifies your product and value proposition.

If they aren’t compelling, marketing will fail. If they’re compelling, even mediocre marketing can often be successful. So start with a great product that people love.

How do you create a great product, you ask? A/B test your product configuration like you A/B test your landing page, copy, and design. Your product is a variable, not a constant. Build, ship, get feedback. Build, ship, get feedback. Turn detractors into your customer panel for testing.

Early-stage D2C companies typically get their first customers through three channels:

  1. Begging your friends and family to buy and promote your product.
  2. List it on Amazon as a 3P seller. Figure out the platform and start selling!
  3. Advertise on Facebook. Start with a daily budget of 10x your price point to get started and start tinkering with creative, audiences, and settings to minimize cost per order.

The companies that succeed are often the ones that iterate the fastest. In his book Creative Confidence, IDEO founder David Kelley and his co-author (and brother) Tom relay a story of a pottery class that was split into two groups.

The first group was told they would each be graded on the single best piece of pottery they each produced. The second group was told they would each be graded based on the sheer volume of pottery they produced.

Naturally, the first group labored to craft the perfect piece while the second group churned through pottery with reckless abandon. Perhaps not so intuitive, at the end of the class, all the best pottery came from the second group! Iteration was a more effective driver of quality than intentionality.

Don’t know how to manage Amazon or Facebook? Here are some best practices:

How to get started with Amazon


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

8 million Android users tricked into downloading 85 adware apps from Google Play – gpgmail


Dozens of Android adware apps disguised as photo editing apps and games have been caught serving ads that would take over users’ screens as part of a fraudulent money-making scheme.

Security firm Trend Micro said it found 85 individual apps downloaded more than eight million times from the Google Play — all of which have since been removed from the app store.

More often than not adware apps will run on a user’s device and will silently serve and click ads in the background and without the user’s knowledge to generate ad revenue. But these apps were particularly brazen and sneaky, one of the researchers said.

“It isn’t your run-of-the-mill adware family,” said Ecular Xu, a mobile threat response engineer at Trend Micro. “Apart from displaying advertisements that are difficult to close, it employs unique techniques to evade detection through user behavior and time-based triggers.”

The researchers discovered that the apps would keep a record when they were installed and sit dormant for around half-an-hour. After the delay, the app would hide its icon and create a shortcut on the user’s home screen, the security firm said. That, they say, helped to protect the app from being deleted if the user decided to drag and drop the shortcut to the ‘uninstall’ section of the screen.

“These ads are shown in full screen,” said Xu. “Users are forced to view the whole duration of the ad before being able to close it or go back to app itself.”

When the app unlocked, it displayed ads on the user’s home screen. The code also checks to make sure it doesn’t show the same ad too frequently, the researchers said.

Worse, the ads can be remotely configured by the fraudster, allowing ads to be displayed more frequently than the default five minute intervals.

Trend Micro provided a list of the apps — including Super Selfie Camera, Cos Camera, Pop Camera, and One Stroke Line Puzzle — all of which had a million downloads each.

Users about to install the apps had a dead giveaway: most of the apps had appalling reviews, many of which had as many one-star reviews as they did five-stars, with users complaining about the deluge of pop-up ads.

Google does not typically comment on app removals beyond acknowledging their removal from Google Play.

Read more:


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

How should B2B startups think about growth? Not like B2C – gpgmail


Over the years, we’ve seen a lot of B2B companies apply ineffective demand generation strategies to their startup. If you’re a B2B founder trying to grow your business, this guide is for you.

Rule #1: B2B is not B2C. We are often dealing with considered purchases, multiple stakeholders, long decision cycles, and massive LTVs. These unique attributes matter when developing a growth strategy. We’ll share B2B best practices we’ve employed while working with awesome B2B companies like Zenefits, Crunchbase, Segment, OnDeck, Yelp, Kabbage, Farmers Business Network, and many more. Topics covered include:

  • Descriptions of growth stages you can use to determine your company’s status
  • Tactics for each stage with specific examples
  • Which advertising channels work best
  • Optimization of your ad copy to maximize CTR and conversions
  • Optimization of your sales funnel
  • Measuring the ROI of your advertising spend

We often crack growth for companies that didn’t think it was possible, based on their prior experience with agencies and/or internal resources. There are many misconceptions out there about B2B growth, rooted in the misapplication of B2C strategies and leading to poor performance. Study the differences and you’ll develop a filter for all the advice you get that’s good for one context (ex: B2C) but bad for another (ex: B2B). This guide will get you off on the right foot.

Table of Contents

What growth stage is your B2B startup?

The best growth strategy for your company ultimately depends on whether you’re in an incubation, iteration, or scale stage. One of the most common mistakes we see is a company acting like they’re in the scale phase when they’re actually in the iteration phase. As a result, many of them end up developing inefficient growth strategies that lead to exorbitant monthly ad spends, extraneous acquisition channels, hiring (and later firing) ineffective team members, and de-emphasizing critical customer feedback. There is often an intense pressure to grow, but believing your own hype before it’s real can kill early-stage ventures. Here’s a breakdown of each stage:

Incubation is when you are building your minimum viable product (MVP). This should be done in close partnership with potential customers to ensure you are solving a real problem with a credible solution. Typically a founder is a voice of the customer, as someone who experienced the problem and sought out the solution s/he is now building. Other times, founders enter a new space and build a panel of prospective buyers to participate in the product development process. The endpoint of this phase is a working MVP.

Iteration is when you have customers using your MVP and you are rapidly improving the product. Success at this stage is rooted in customer insights – both qualitative and quantitative – not marketing excellence. It’s valuable to include in this iterative process customers with whom the founder(s) have no prior relationship. You want to test the product’s appeal, not friends’ willingness to help you out. We want a customer set that is an accurate sample of a much larger population you will later sell to. The endpoint of the iteration phase is product/market fit.

Scale is when you have product/market fit and are trying to grow your customer base. The goal of this phase is to build a portfolio of tactics that maximize market penetration with minimal – or at least profitable – cost. Success is rooted in growing lifetime value through retention and margin, maximizing funnel conversion to efficiently convert leads to customers, and finding repeatable tactics to drive prospective buyers’ awareness and consideration of your product. The endpoint of this phase is ultimately market saturation, leading to the incubation and iteration of new features, customer segments, and geographies.

How do you find B2B customers? 

Here’s a list of B2B customer acquisition tactics we commonly employ and recommend. Later in this article, we’ll connect each channel to the growth stage it’s best used in. This list is generally sorted by early stage to later stage:

1. Leveraging your network. This is particularly valuable for founders who are building a product based on their own past experience.

  • Reach out to old colleagues you know have the same problem you had (and are solving).
  • Leverage the startup ecosystem. If your startup is in YCombinator, for instance, other companies in your batch may be prospects, along with alumni who will take your call simply because of your affiliation.
  • Example: If you’re building an app for marketers, ask past marketing colleagues you’ve worked with to try out your product is a no brainer.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

WebKit’s new anti-tracking policy puts privacy on a par with security – gpgmail


WebKit, the open source engine that underpins Internet browsers including Apple’s Safari browser, has announced a new tracking prevention policy that takes the strictest line yet on the background and cross-site tracking practices and technologies which are used to creep on Internet users as they go about their business online.

Trackers are technologies that are invisible to the average web user, yet which are designed to keep tabs on where they go and what they look at online — typically for ad targeting but web user profiling can have much broader implications than just creepy ads, potentially impacting the services people can access or the prices they see, and so on. Trackers can also be a conduit for hackers to inject actual malware, not just adtech.

This translates to stuff like tracking pixels; browser and device fingerprinting; and navigational tracking to name just a few of the myriad methods that have sprouted like weeds from an unregulated digital adtech industry that’s poured vast resource into ‘innovations’ intended to strip web users of their privacy.

WebKit’s new policy is essentially saying enough: Stop the creeping.

But — and here’s the shift — it’s also saying it’s going to treat attempts to circumvent its policy as akin to malicious hack attacks to be responded to in kind; i.e. with privacy patches and fresh technical measures to prevent tracking.

“WebKit will do its best to prevent all covert tracking, and all cross-site tracking (even when it’s not covert),” the organization writes (emphasis its), adding that these goals will apply to all types of tracking listed in the policy — as well as “tracking techniques currently unknown to us”.

“If we discover additional tracking techniques, we may expand this policy to include the new techniques and we may implement technical measures to prevent those techniques,” it adds.

“We will review WebKit patches in accordance with this policy. We will review new and existing web standards in light of this policy. And we will create new web technologies to re-enable specific non-harmful practices without reintroducing tracking capabilities.”

Spelling out its approach to circumvention, it states in no uncertain terms: “We treat circumvention of shipping anti-tracking measures with the same seriousness as exploitation of security vulnerabilities,” adding: “If a party attempts to circumvent our tracking prevention methods, we may add additional restrictions without prior notice. These restrictions may apply universally; to algorithmically classified targets; or to specific parties engaging in circumvention.”

It also says that if a certain tracking technique cannot be completely prevented without causing knock-on effects with webpage functions the user does intend to interact with, it will “limit the capability” of using the technique” — giving examples such as “limiting the time window for tracking” and “reducing the available bits of entropy” (i.e. limiting how many unique data points are available to be used to identify a user or their behavior).

If even that’s not possible “without undue user harm” it says it will “ask for the user’s informed consent to potential tracking”.

“We consider certain user actions, such as logging in to multiple first party websites or apps using the same account, to be implied consent to identifying the user as having the same identity in these multiple places. However, such logins should require a user action and be noticeable by the user, not be invisible or hidden,” it further warns.

WebKit credits Mozilla’s anti-tracking policy as inspiring and underpinning its new approach.

Commenting on the new policy, Dr Lukasz Olejnik, an independent cybersecurity advisor and research associate at the Center for Technology and Global Affairs Oxford University, says it marks a milestone in the evolution of how user privacy is treated in the browser — setting it on the same footing as security.

“Treating privacy protection circumventions on par with security exploitation is a first of its kind and unprecedented move,” he tells gpgmail. “This sends a clear warning to the potential abusers but also to the users… This is much more valuable than the still typical approach of ‘we treat the privacy of our users very seriously’ that some still think is enough when it comes to user expectation.”

Asked how he sees the policy impacting pervasive tracking, Olejnik does not predict an instant, overnight purge of unethical tracking of users of WebKit-based browsers but argues there will be less room for consent-less data-grabbers to manoeuvre.

“Some level of tracking, including with unethical technologies, will probably remain in use for the time being. But covert tracking is less and less tolerated,” he says. “It’s also interesting if any decisions will follow, such as for example the expansion of bug bounties to reported privacy vulnerabilities.”

“How this policy will be enforced in practice will be carefully observed,” he adds.

As you’d expect, he credits not just regulation but the role played by active privacy researchers in helping to draw attention and change attitudes towards privacy protection — and thus to drive change in the industry.

There’s certainly no doubt that privacy research is a vital ingredient for regulation to function in such a complex area — feeding complaints that trigger scrutiny that can in turn unlock enforcement and force a change of practice.

Although that’s also a process that takes time.

“The quality of cybersecurity and privacy technology policy, including its communication still leave much to desire, at least at most organisations. This will not change fast,” says says Olejnik. “Even if privacy is treated at the ‘C-level’, this then still tends to be about the purely risk of compliance. Fortunately, some important industry players with good understanding of both technology policy and the actual technology, even the emerging ones still under active research, treat it increasingly seriously.

“We owe it to the natural flow of the privacy research output, the talent inflows, and the slowly moving strategic shifts as well to a minor degree to the regulatory pressure and public heat. This process is naturally slow and we are far from the end.”

For its part, WebKit has been taking aim at trackers for several years now, adding features intended to reduce pervasive tracking — such as, back in 2017, Intelligent Tracking Prevention (ITP), which uses machine learning to squeeze cross-site tracking by putting more limits on cookies and other website data.

Apple immediately applied ITP to its desktop Safari browser — drawing predictable fast-fire from the Internet Advertising Bureau whose membership is comprised of every type of tracker deploying entity on the Internet.

But it’s the creepy trackers that are looking increasingly out of step with public opinion. And, indeed, with the direction of travel of the industry.

In Europe, regulation can be credited with actively steering developments too — following last year’s application of a major update to the region’s comprehensive privacy framework (which finally brought the threat of enforcement that actually bites). The General Data Protection Regulation (GDPR) has also increased transparency around security breaches and data practices. And, as always, sunlight disinfects.

Although there remains the issue of abuse of consent for EU regulators to tackle — with research suggesting many regional cookie consent pop-ups currently offer users no meaningful privacy choices despite GDPR requiring consent to be specific, informed and freely given.

It also remains to be seen how the adtech industry will respond to background tracking being squeezed at the browser level. Continued aggressive lobbying to try to water down privacy protections seems inevitable — if ultimately futile. And perhaps, in Europe in the short term, there will be attempts by the adtech industry to funnel more tracking via cookie ‘consent’ notices that nudge or force users to accept.

As the security space underlines, humans are always the weakest link. So privacy-hostile social engineering might be the easiest way for adtech interests to keep overriding user agency and grabbing their data anyway. Stopping that will likely need regulators to step in and intervene.

Another question thrown up by WebKit’s new policy is which way Chromium will jump, aka the browser engine that underpins Google’s hugely popular Chrome browser.

Of course Google is an ad giant, and parent company Alphabet still makes the vast majority of its revenue from digital advertising — so it maintains a massive interest in tracking Internet users to serve targeted ads.

Yet Chromium developers did pay early attention to the problem of unethical tracking. Here, for example, are two discussing potential future work to combat tracking techniques designed to override privacy settings in a blog post from nearly five years ago.

There have also been much more recent signs Google paying attention to Chrome users’ privacy, such as changes to how it handles cookies which it announced earlier this year.

But with WebKit now raising the stakes — by treating privacy as seriously as security — that puts pressure on Google to respond in kind. Or risk being seen as using its grip on browser marketshare to foot-drag on baked in privacy standards, rather than proactively working to prevent Internet users from being creeped on.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Most EU cookie ‘consent’ notices are meaningless or manipulative, study finds – gpgmail


New research into how European consumers interact with the cookie consent mechanisms which have proliferated since a major update to the bloc’s online privacy rules last year casts an unflattering light on widespread manipulation of a system that’s supposed to protect consumer rights.

As Europe’s General Data Protection Regulation (GDPR) came into force in May 2018, bringing in a tough new regime of fines for non-compliance, websites responded by popping up legal disclaimers which signpost visitor tracking activities. Some of these cookie notices even ask for consent to track you.

But many don’t — even now, more than a year later.

The study, which looked at how consumers interact with different designs of cookie pop-ups and how various design choices can nudge and influence people’s privacy choices, also suggests consumers are suffering a degree of confusion about how cookies function, as well as being generally mistrustful of the term ‘cookie’ itself. (With such baked in tricks, who can blame them?)

The researchers conclude that if consent to drop cookies was being collected in a way that’s compliant with the EU’s existing privacy laws only a tiny fraction of consumers would agree to be tracked.

The paper, which we’ve reviewed in draft ahead of publication, is co-authored by academics at Ruhr-University Bochum, Germany, and the University of Michigan in the US — and entitled: (Un)informed Consent: Studying GDPR Consent Notices in the Field.

The researchers ran a number of studies, gathering ~5,000 of cookie notices from screengrabs of leading websites to compile a snapshot (derived from a random sub-sample of 1,000) of the different cookie consent mechanisms in play in order to paint a picture of current implementations.

They also worked with a German ecommerce website over a period of four months to study how more than 82,000 unique visitors to the site interacted with various cookie consent designs which the researchers’ tweaked in order to explore how different defaults and design choices affected individuals’ privacy choices.

Their industry snapshot of cookie consent notices found that the majority are placed at the bottom of the screen (58%); not blocking the interaction with the website (93%); and offering no options other than a confirmation button that does not do anything (86%). So no choice at all then.

A majority also try to nudge users towards consenting (57%) — such as by using ‘dark pattern’ techniques like using a color to highlight the ‘agree’ button (which if clicked accepts privacy-unfriendly defaults) vs displaying a much less visible link to ‘more options’ so that pro-privacy choices are buried off screen.

And while they found that nearly all cookie notices (92%) contained a link to the site’s privacy policy, only a third (39%) mention the specific purpose of the data collection or who can access the data (21%).

The GDPR updated the EU’s long-standing digital privacy framework, with key additions including tightening the rules around consent as a legal basis for processing people’s data — which the regulation says must be specific (purpose limited), informed and freely given for consent to be valid.

Even so, since May last year there has been an outgrown in cookie ‘consent’ mechanisms popping up or sliding atop websites that still don’t offer EU visitors the necessary privacy choices, per the research.

“Given the legal requirements for explicit, informed consent, it is obvious that the vast majority of cookie consent notices are not compliant with European privacy law,” the researchers argue.

“Our results show that a reasonable amount of users are willing to engage with consent notices, especially those who want to opt out or do not want to opt in. Unfortunately, current implementations do not respect this and the large majority offers no meaningful choice.”

The researchers also record a large differential in interaction rates with consent notices — of between 5 and 55% — generated by tweaking positions, options, and presets on cookie notices.

This is where consent gets manipulated — to flip visitors’ preference for privacy.

They found that the more choices offered in a cookie notice, the more likely visitors were to decline the use of cookies. (Which is an interesting finding in light of the vendor laundry lists frequently baked into the so-called “transparency and consent framework” which the industry association, the Internet Advertising Bureau (IAB), has pushed as the standard for its members to use to gather GDPR consents.)

“The results show that nudges and pre-selection had a high impact on user decisions, confirming previous work,” the researchers write. “It also shows that the GDPR requirement of privacy by default should be enforced to make sure that consent notices collect explicit consent.”

Here’s a section from the paper discussing what they describe as “the strong impact of nudges and pre-selections”:

Overall the effect size between nudging (as a binary factor) and choice was CV=0.50. For example, in the rather simple case of notices that only asked users to confirm that they will be tracked, more users clicked the “Accept” button in the nudge condition, where it was highlighted (50.8% on mobile, 26.9% on desktop), than in the non-nudging condition where “Accept” was displayed as a text link (39.2% m, 21.1% d). The effect was most visible for the category-and vendor-based notices, where all checkboxes were pre-selected in the nudging condition, while they were not in the privacy-by-default version. On the one hand, the pre-selected versions led around 30% of mobile users and 10% of desktop users to accept all third parties. On the other hand, only a small fraction (< 0.1%) allowed all third parties when given the opt-in choice and around 1 to 4 percent allowed one or more third parties (labeled “other” in 4). None of the visitors with a desktop allowed all categories. Interestingly, the number of non-interacting users was highest on average for the vendor-based condition, although it took up the largest part of any screen since it offered six options to choose from.

The key implication is that just 0.1% of site visitors would freely choose to enable all cookie categories/vendors — i.e. when not being forced to do so by a lack of choice or via nudging with manipulative dark patterns (such as pre-selections).

Rising a fraction, to between 1-4%, who would enable some cookie categories in the same privacy-by-default scenario.

“Our results… indicate that the privacy-by-default and purposed-based consent requirements put forth by the GDPR would require websites to use consent notices that would actually lead to less than 0.1 % of active consent for the use of third parties,” they write in conclusion.

They do flag some limitations with the study, pointing out that the dataset they used that arrived at the 0.1% figure is biased — given the nationality of visitors is not generally representative of public Internet users, as well as the data being generated from a single retail site. But they supplemented their findings with data from a company (Cookiebot) which provides cookie notices as a SaaS — saying its data indicated a higher accept all clicks rate but still only marginally higher: Just 5.6%.

Hence the conclusion that if European web users were given an honest and genuine choice over whether or not they get tracked around the Internet, the overwhelming majority would choose to protect their privacy by rejecting tracking cookies.

This is an important finding because GDPR is unambiguous in stating that if an Internet service is relying on consent as a legal basis to process visitors’ personal data it must obtain consent before processing data (so before a tracking cookie is dropped) — and that consent must be specific, informed and freely given.

Yet, as the study confirms, it really doesn’t take much clicking around the regional Internet to find a gaslighting cookie notice that pops up with a mocking message saying by using this website you’re consenting to your data being processed how the site sees fit — with just a single ‘Ok’ button to affirm your lack of say in the matter.

It’s also all too common to see sites that nudge visitors towards a big brightly colored ‘click here’ button to accept data processing — squirrelling any opt outs into complex sub-menus that can sometimes require hundreds of individual clicks to deny consent per vendor.

You can even find websites that gate their content entirely unless or until a user clicks ‘accept’ — aka a cookie wall. (A practice that has recently attracted regulatory intervention.)

Nor can the current mess of cookie notices be blamed on a lack of specific guidance on what a valid and therefore legal cookie consent looks like. At least not any more. Here, for example, is a myth-busting blog which the UK’s Information Commissioner’s Office (ICO) published last month that’s pretty clear on what can and can’t be done with cookies.

For instance on cookie walls the ICO writes: “Using a blanket approach such as this is unlikely to represent valid consent. Statements such as ‘by continuing to use this website you are agreeing to cookies’ is not valid consent under the higher GDPR standard.” (The regulator goes into more detailed advice here.)

While France’s data watchdog, the CNIL, also published its own detailed guidance last month — if you prefer to digest cookie guidance in the language of love and diplomacy.

(Those of you reading gpgmail back in January 2018 may also remember this sage plain english advice from our GDPR explainer: “Consent requirements for processing personal data are also considerably strengthened under GDPR — meaning lengthy, inscrutable, pre-ticked T&Cs are likely to be unworkable.” So don’t say we didn’t warn you.)

Nor are Europe’s data protection watchdogs lacking in complaints about improper applications of ‘consent’ to justify processing people’s data.

Indeed, ‘forced consent’ was the substance of a series of linked complaints by the pro-privacy NGO noyb, which targeted T&Cs used by Facebook, WhatsApp, Instagram and Google Android immediately GDPR started being applied in May last year.

While not cookie notice specific, this set of complaints speaks to the same underlying principle — i.e. that EU users must be provided with a specific, informed and free choice when asked to consent to their data being processed. Otherwise the ‘consent’ isn’t valid.

So far Google is the only company to be hit with a penalty as a result of that first wave of consent-related GDPR complaints; France’s data watchdog issued it a $57M fine in January.

But the Irish DPC confirmed to us that three of the 11 open investigations it has into Facebook and its subsidiaries were opened after noyb’s consent-related complaints. (“Each of these investigations are at an advanced stage and we can’t comment any further as these investigations are ongoing,” a spokeswoman told us. So, er, watch that space.)

The problem, where EU cookie consent compliance is concerned, looks to be both a failure of enforcement and a lack of regulatory alignment — the latter as a consequence of the ePrivacy Directive (which most directly concerns cookies) still not being updated, generating confusion (if not outright conflict) with the shiny new GDPR.

However the ICO’s advice on cookies directly addresses claimed inconsistencies between ePrivacy and GDPR, stating plainly that Recital 25 of the former (which states: “Access to specific website content may be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose”) does not, in fact, sanction gating your entire website behind an ‘accept or leave’ cookie wall.

Here’s what the ICO says on Recital 25 of the ePrivacy Directive:

  • ‘specific website content’ means that you should not make ‘general access’ subject to conditions requiring users to accept non-essential cookies – you can only limit certain content if the user does not consent;
  • the term ‘legitimate purpose’ refers to facilitating the provision of an information society service – ie, a service the user explicitly requests. This does not include third parties such as analytics services or online advertising;

So no cookie wall; and no partial walls that force a user to agree to ad targeting in order to access the content.

It’s worth point out that other types of privacy-friendly online advertising are available with which to monetize visits to a website. (And research suggests targeted ads offer only a tiny premium over non-targeted ads, even as publishers choosing a privacy-hostile ads path must now factor in the costs of data protection compliance to their calculations — as well as the cost and risk of massive GDPR fines if their security fails or they’re found to have violated the law.)

Negotiations to replace the now very long-in-the-tooth ePrivacy Directive — with an up-to-date ePrivacy Regulation which properly takes account of the proliferation of Internet messaging and all the ad tracking techs that have sprung up in the interim — are the subject of very intense lobbying, including from the adtech industry desperate to keep a hold of cookie data. But EU privacy law is clear.

“[Cookie consent]’s definitely broken (and has been for a while). But the GDPR is only partly to blame, it was not intended to fix this specific problem. The uncertainty of the current situation is caused the delay of the ePrivacy regulation that was put on hold (thanks to lobbying),” says Martin Degeling, one of the research paper’s co-authors, when we suggest European Internet users are being subject to a lot of ‘consent theatre’ (ie noisy yet non-compliant cookie notices) — which in turn is causing knock-on problems of consumer mistrust and consent fatigue for all these useless pop-ups. Which work against the core aims of the EU’s data protection framework.

“Consent fatigue and mistrust is definitely a problem,” he agrees. “Users that have experienced that clicking ‘decline’ will likely prevent them from using a site are likely to click ‘accept’ on any other site just because of one bad experience and regardless of what they actually want (which is in most cases: not be tracked).”

“We don’t have strong statistical evidence for that but users reported this in the survey,” he adds, citing a poll the researchers also ran asking site visitors about their privacy choices and general views on cookies. 

Degeling says he and his co-authors are in favor of a consent mechanism that would enable web users to specify their choice at a browser level — rather than the current mess and chaos of perpetual, confusing and often non-compliant per site pop-ups. Although he points out some caveats.

“DNT [Do Not Track] is probably also not GDPR compliant as it only knows one purpose. Nevertheless  something similar would be great,” he tells us. “But I’m not sure if shifting the responsibility to browser vendors to design an interface through which they can obtain consent will lead to the best results for users — the interfaces that we see now, e.g. with regard to cookies, are not a good solution either.

“And the conflict of interest for Google with Chrome are obvious.”

The EU’s unfortunate regulatory snafu around privacy — in that it now has one modernized, world-class privacy regulation butting up against an outdated directive (whose progress keeps being blocked by vested interests intent on being able to continue steamrollering consumer privacy) — likely goes some way to explaining why Member States’ data watchdogs have generally been loath, so far, to show their teeth where the specific issue of cookie consent is concerned.

At least for an initial period the hope among data protection agencies (DPAs) was likely that ePrivacy would be updated and so they should wait and see.

They have also undoubtedly been providing data processors with time to get their data houses and cookie consents in order. But the frictionless interregnum while GDPR was allowed to ‘bed in’ looks unlikely to last much longer.

Firstly because a law that’s not enforced isn’t worth the paper it’s written on (and EU fundamental rights are a lot older than the GDPR). Secondly, with the ePrivacy update still blocked DPAs have demonstrated they’re not just going to sit on their hands and watch privacy rights be rolled back — hence them putting out guidance that clarifies what GDPR means for cookies. They’re drawing lines in the sand, rather than waiting for ePrivacy to do it (which also guards against the latter being used by lobbyists as a vehicle to try to attack and water down GDPR).

And, thirdly, Europe’s political institutions and policymakers have been dining out on the geopolitical attention their shiny privacy framework (GDPR) has attained.

Much has been made at the highest levels in Europe of being able to point to US counterparts, caught on the hop by ongoing tech privacy and security scandals, while EU policymakers savor the schadenfreude of seeing their US counterparts being forced to ask publicly whether it’s time for America to have its own GDPR.

With its extraterritorial scope, GDPR was always intended to stamp Europe’s rule-making prowess on the global map. EU lawmakers will feel they can comfortably check that box.

However they are also aware the world is watching closely and critically — which makes enforcement a very key piece. It must slot in too. They need the GDPR to work on paper and be seen to be working in practice.

So the current cookie mess is a problematic signal which risks signposting regulatory failure — and that simply isn’t sustainable.

A spokesperson for the European Commission told us it cannot comment on specific research but said: “The protection of personal data is a fundamental right in the European Union and a topic the Juncker commission takes very seriously.”

“The GDPR strengthens the rights of individuals to be in control of the processing of personal data, it reinforces the transparency requirements in particular on the information that is crucial for the individual to make a choice, so that consent is given freely, specific and informed,” the spokesperson added. 

“Cookies, insofar as they are used to identify users, qualify as personal data and are therefore subject to the GDPR. Companies do have a right to process their users’ data as long as they receive consent or if they have a legitimate interest.”

All of which suggests that the movement, when it comes, must come from a reforming adtech industry.

With robust privacy regulation in place the writing is now on the wall for unfettered tracking of Internet users for the kind of high velocity, real-time trading of people’s eyeballs that the ad industry engineered for itself when no one knew what was being done with people’s data.

GDPR has already brought greater transparency. Once Europeans are no longer forced to trade away their privacy it’s clear they’ll vote with their clicks not to be ad-stalked around the Internet too.

The current chaos of non-compliant cookie notices is thus a signpost pointing at an underlying privacy lag — and likely also the last gasp signage of digital business models well past their sell-by-date.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Google adds playable podcast episodes to search results – gpgmail


Google is making it easier to find and listen to audio content specific to your search interests, with playable episodes surfaced in results that start rolling out today.

Playable podcasts will show up in results when you use “podcasts” as a keyword in your search, in combination with other terms. It’s intended to deliver you relevant results freed from the confines of a dedicated podcast player, and Google also intends to extend this search feature to queries that don’t even specify “podcast” in future as it refines its algorithms.

Google is also going to be rolling out this inline playable results feature for the search function in Google Podcasts on the web, and for Google Assistant. If you’re logged in, it’ll also sync your results so that you can pick up from wherever you left off in the dedicated Google Podcasts app.

This should be good for discoverability, since it means that a much broader potential audience can stumble across your podcasts then would be possible with existing tools, and sample them on the spot. But Google still plans to roll out finer controls for publishers, that mean you can specify where people can listen to them, and presumably where they can’t.

It’s yet another sign that podcasts are slowly and surely becoming more prevalent and mainstream than ever, and that Google is very interested in making sure that it doesn’t fall behind on ensuring this content is part of its overall search index and not the exclusive domain of other, more closed ecosystems that exist outside its sphere of influence.

Google is going to be rolling this out gradually beginning today, with initial availability open to U.S. users searching in English.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something