Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Lets Advertisers Target By (Anonymized) Customer Data

Posted by timothy on from the you-seem-to-like-sushi-and-the-occult dept.

An anonymous reader writes: Google's new advertising product, called Customer Match, lets advertisers upload their customer and promotional email address lists into AdWords. The new targeting capability extends beyond search to include both YouTube Trueview ads and the newly launched native ads in Gmail. Customer Match marks the first time Google has allowed advertisers to target ads against customer-owned data in Adwords. Google matches the email addresses against those of signed-in users on Google. Individual addresses are hashed and are supposedly anonymized. Advertisers will be able to set bids and create ads specifically geared to audiences built from their email lists. This new functionality seems to make de-anonymization of google's supposedly proprietary customer data just a hop, skip and jump away. If you can specify the list of addresses that get served an ad, and the criteria like what search terms will trigger that ad, you can detect if and when your target searches for specific terms. For example, create an email list that contains your target and 100 invalid email addresses that no one uses (just in case google gets wise to single-entry email lists). Repeat as necessary for as many keywords and as many email addresses that you wish to monitor.

58 comments

  1. Google is so innovative ... by Anonymous Coward · · Score: 0

    because other companies have had this feature for how many years?
    Google engineers must have had really nothing beter to do between their free lunch and free dinner after returning from their sabbatical while working on their free time projects.
    Wondering why I can't seem to join Google and they still always make me solve silly puzzles (who said that they quit the hiring practice?).

    1. Re: Google is so innovative ... by Anonymous Coward · · Score: 0

      Google engineer here. My interviews were strictly (fairly difficult) coding questions.

    2. Re: Google is so innovative ... by Anonymous Coward · · Score: 0

      They don't innovate. They copy.

    3. Re: Google is so innovative ... by Alascom · · Score: 1

      11 yr google veteran who has done 600+ interviews, confirming parent's statement.

  2. Ties in with their new motto by Anonymous Coward · · Score: 2, Informative

    Something about evil?

  3. An anonymous reader writes... by Anonymous Coward · · Score: 0

    An anonymous reader writes...

    I don't believe that for a second, Timothy. Honestly, do you disrespect us that much?

  4. Cows by Anonymous Coward · · Score: 0

    Mooooooo!!!!

  5. Cats by Anonymous Coward · · Score: 0

    Meowwwww!!!

  6. Sanitized data by phantomfive · · Score: 3, Interesting

    I've seen some sanitized data that censored the name, but included the gender, age and address.

    --
    "First they came for the slanderers and i said nothing."
    1. Re:Sanitized data by dinfinity · · Score: 3, Funny

      - "No, I'm sorry, I really can't tell you who it is."
      = "Aww, at least give me a hint."
      - "Alright. He's 54 and he's President of the United States of America."

    2. Re:Sanitized data by Anonymous Coward · · Score: 1

      Not to mention that by using different sources of "sanitized" data one can often reconstruct a full identity.

      Sanitization is clearly bullsh**. As long as there are multiple sources of sanitized identity data, each sanitizing different things -- the system won't work.

      Google pretends they exist in a vacuum. They don't. They're ultimately selling your identity -- just a piece of it -- but enough to reconstruct via multiple sources.

  7. Donkeys by Anonymous Coward · · Score: 0

    Hee-Haw!!Heeeee-Hawwwwww!!

    1. Re:Donkeys by Anonymous Coward · · Score: 0

      Is donkeyposting the new cowposting? You're all a bunch of cows! Mooooooo!

  8. Re:Lots of FUD in the headline, no substance by Anonymous Coward · · Score: 2, Insightful

    The privacy issue is the advertiser tells google that you are their customer.

  9. Slashdot Copying from Soylnet Now by Anonymous Coward · · Score: 1

    Might as well cut out the middle-man and go to the source.

    The submission is a cut-n-paste sans formatting from a soylent news story. You can tell its been lifted from Soylent because the third paragraph was written by myself for the soylent submission and exists no where else on the web (yet).

    1. Re:Slashdot Copying from Soylnet Now by Anonymous Coward · · Score: 0

      You can tell its been lifted from Soylent because the third paragraph was written by myself for the soylent submission and exists no where else on the web (yet).

      Too bad the herpes example got cut out, it makes the original a lot more clear.

    2. Re:Slashdot Copying from Soylnet Now by evilviper · · Score: 1

      The submission is a cut-n-paste sans formatting from a soylent news story.

      Should I be offended that nobody thought to steal my Pipedot story summary, even though it predates both by several days?

      http://pipedot.org/pipe/NZAB

      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
  10. Re:Lots of FUD in the headline, no substance by Anonymous Coward · · Score: 1

    > The advertisers don't get to see the email addresses, so there's no privacy issue here.

    You really don't understand how this works. You are the advertiser. With this scheme you give google the list of addresses you want to track. Google can't verify if they are valid addresses or not short of sending mail to them. Anyone can run ads on google, vetting is pretty damn slack just don't run malware or porn.

  11. Crows by Anonymous Coward · · Score: 0

    Cawwwww!!Cawww!!!!

  12. So... by Anonymous Coward · · Score: 0

    Is Google evil now?

    1. Re:So... by Anonymous Coward · · Score: 0

      Is Google evil now?

      Google has had a private jumbo jet for their execs for YEARS now.

      Anyone who EVER bought that "Don't be evil" line from a fucking ad agency was and is a fool.

  13. EU Privacy by Anonymous Coward · · Score: 5, Insightful

    EU needs to get off its ass and tackle Google.

    Shops giving a HASH of the email address knowing Google can match it to a hash of the list of email addresses it collected by Android, is linkage. It's no anonymized, its simply passed as a hash.
    *Linkage* of data by hashing is data. Unnecessary linkage of data beyond needed for a transaction is even spelled out as a no-no.

    At what fucking point, are you EU lot going to protect EU Privacy rights? You handed over our fooking banking data to a foreign power, you did nothing when they tapped out networks, get off your ass and enforce the few rights EU citizens have.

    1. Re:EU Privacy by Epsillon · · Score: 4, Insightful

      Shops giving a HASH of the email address knowing Google can match it to a hash of the list of email addresses it collected by Android, is linkage. It's no anonymized, its simply passed as a hash.

      This. Anonymised would be one-way, non reversible obfuscation of the source's identity. This is just pure sophistry foisted upon us simply because the vast majority of people this affects can't tell the bloody difference.

      --
      Resistance is futile. Reactance buggers it up.
    2. Re:EU Privacy by Anonymous Coward · · Score: 0

      Hashing is great. How about we distinguish between hashes for security, and hashes for convenience?

      md5 has become the new ROT13.

    3. Re:EU Privacy by Anonymous Coward · · Score: 0

      If you think md5 is so trivial to reverse....reverse this:

      6a168e4da0f9e1460f278d12821cfbaa

    4. Re:EU Privacy by Anonymous Coward · · Score: 0

      Obviously you can't invert md5, but if I hash my list, and you hash your list, and there is significant overlap, you can, to a reasonable but not 100% certainty, figure out which items on my list correspond to items on your list.

    5. Re:EU Privacy by Epsillon · · Score: 2

      The issue here is that a third party has access to the unhashed identities and are hashing it with the same hash and seed Google use - they have to be or there would be no point in giving the results to Google. That party may not have the nous to stop Google from reassembling their massive hoard of privately identifying information if they really wanted to. They can also gain insight into which hashes have relationships with their customers (the advertisers, we're product not customer) in order to poke even deeper into people's online activities.

      If you're anonymising, it means just that: The data cannot be traced back to a real identity. If you're data mining on an ongoing basis, don't use the word "anonymised" and say what you really mean, otherwise it's just meaningless, misleading bollocks.

      Also to remember is that your identity isn't just your name. In fact, the name is just a convenient pointer others hang on the person that is you. You are the sum of what you do, how you think and who you associate with. Given that, the name/e-mail address/UID is irrelevant, at which point the hash itself becomes your identity, even more so than your name or SSN.

      --
      Resistance is futile. Reactance buggers it up.
    6. Re:EU Privacy by Epsillon · · Score: 1

      The real issue here is identity. You are not your name. Your name is just a convenient pointer others hang on the person that is you. You are the sum of many things; who you associate with, what you do, how you think, et cetera.

      Obviously these customers are hashing with the same hash and seed Google are using; they have to be or the whole exercise would be pointless. These organisations may not have the nous to prevent Google from reassembling the original data, so there are no guarantees. Also, they're not anonymising when they're matching two separate data sources. That's not anonymisation in anyone's book. That's pure sophistry, bollocks and misleading bullshit to cover insidious mining and profiling of people's PII.

      All of this becomes irrelevant, however, when you realise that, to Google, your identity is that pesky hash. Talking about anonymity at that point becomes pointless.

      --
      Resistance is futile. Reactance buggers it up.
    7. Re:EU Privacy by cdrudge · · Score: 1

      EU needs to get off its ass and tackle Google.

      How is this Google's fault? Why aren't you having the EU tackle all the companies that would be sharing their data with Google in the first place? Seems like you're attacking the side affect and not the actual problem.

    8. Re:EU Privacy by swillden · · Score: 1

      Obviously you can't invert md5, but if I hash my list, and you hash your list, and there is significant overlap, you can, to a reasonable but not 100% certainty, figure out which items on my list correspond to items on your list.

      Depends on how it's done. For example, the advertiser could generate a bloom filter and provide that, rather than hashes of individual items on the list. Assuming the false positive rate was tuned correctly, you can use this method to arrange to provide very little information, while still generating the matches you want (plus some). Most advertisers wouldn't know how to tune the false positive rate appropriately, of course, but Google could tell them.

      That's just off the top of my head, first glance at the problem. I suspect that there are even cleverer techniques that could be used, and while I don't know any details of how this system works, I do know Google engineers, and Google privacy design policies and procedures, and I'd be shocked if there were any obvious way to extract personally-identifiable information, in either direction.

      (Disclaimer: I'm a Google engineer, but I'm speaking only for myself.)

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  14. Re:Ties in with their new motto by davester666 · · Score: 2, Insightful

    Sorry, now it's "Do the right thing."

    Of course, this is even more ambiguous than the previous one. I, for one, have no desire for the 'right thing' to be done to me, if an MBA is the one deciding it.

    --
    Sleep your way to a whiter smile...date a dentist!
  15. Googles reassurances ring hollow by Anonymous Coward · · Score: 1

    Not only are you posting as an anonymous coward but you won't tell us how you plan to do it and only call criticism of what your are doing "laughable." So "trust us"

    I'm not impressed. Companies don't give a shit about anything unless it gets a lot of media attention and threatens to derail their bottom line. If they can ignore a problem they will. I predict anyone bringing concerns they are being tracked to Google will be ignored and most users won't even know this is happening to them.

    Google is pushing ads hard. I wonder if they are the mystery buyer of Adblock? Try uBlock instead. It's much faster than Adblock and so far the creator isn't taking money from advertisers.

    1. Re:Googles reassurances ring hollow by Anonymous Coward · · Score: 0

      I don't have any idea of the details, I'm not involved in that work.

      What I do know is that "lolz maybe google didn't think of this!!!" is not a story.

      Please don't trust us. If there is a real problem, a media frenzy is a valid way to get it fixed. You'll get plenty of support from engineers, we care about privacy.

      But FUD doesn't help anyone. Nor does it generate a media frenzy because any half decent editor will kick the story out (cough cough slashdot).

    2. Re:Googles reassurances ring hollow by Anonymous Coward · · Score: 0

      Please don't trust us.

      We don't trust you, we hate you.

      You'll get plenty of support from engineers, we care about privacy.

      Ah, so it must have been the janitors who put the key-loggers in Google Chrome.

  16. Re: Lots of FUD in the headline, no substance by Anonymous Coward · · Score: 0

    They can still see how often each hash is seen in the wild, dummy. If one of 100 hashes gets 150 events in a day and the other 99 get 0, it's pretty easy to detect. Maybe actually inform yourself/critically think before running your smart mouth.

  17. Alphabet got rid of "Don't Be Evil." by transporter_ii · · Score: 2

    Alphabet got rid of "Don't Be Evil." So now they can carry on with a clear conscience.

    And funny, I have always had a hard time remembering how to spell conscience, so I had to look it up on Google. :)

    --
    Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
    1. Re:Alphabet got rid of "Don't Be Evil." by sconeu · · Score: 1

      Well, now we know what "The Right Thing" is.

      (the new motto is "Do the Right Thing".

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    2. Re:Alphabet got rid of "Don't Be Evil." by Anonymous Coward · · Score: 0

      I always remember it as "con" - "science". Make up your own pun.

  18. Advertisers will Be happy by all-the-stars · · Score: 1

    Isn't it like the ads will be served to those only who will be interested?

  19. Google on the way down? by Anonymous Coward · · Score: 0

    It seems to me that Google is becoming self-destructive.

    A Google manager told me that Google has so much money it is a challenge to know what to do with it. Self-driving cars anyone? Google in the auto business?

  20. Well, at least there's an opt-out. by c · · Score: 1

    From the announcement:

    Users can control the ads they see, including Customer Match ads, by opting out of personalized ads or by muting or blocking ads from individual advertisers through Google Ads Settings.

    Opt-out rather than opt-in sucks, and it does appear that my browser settings were independent of my Android Google Settings, but the option is there.

    I'm ad blocking, so in theory my account ad settings are irrelevant, but belt and suspenders, etc.

    --
    Log in or piss off.
    1. Re:Well, at least there's an opt-out. by JustAnotherOldGuy · · Score: 1

      Users can control the ads they see, including Customer Match ads, by opting out of personalized ads or by muting or blocking ads from individual advertisers through Google Ads Settings.

      If I could "control the ads" I see through their settings, I wouldn't see any. I'm guessing that "see no ads" isn't one of the settings.

      --
      Just cruising through this digital world at 33 1/3 rpm...
    2. Re:Well, at least there's an opt-out. by c · · Score: 1

      I'm guessing that "see no ads" isn't one of the settings.

      It is. On Android, it's the "Unknown Sources" toggle under the Security settings area. Then you install an ad blocker.

      They could have made that a little easier to get at, mind you...

      --
      Log in or piss off.
  21. Google stories by Futurepower(R) · · Score: 3, Informative

    Google selling targeted Gmail ads that look like emails

    Google violating Russian antitrust regulations by bundling its services with Android

    Many web pages load something from Google, so Google is tracking us wherever we go.

    The Slashdot home page loads these from Google:
    1) google-analytics.com
    2) googleadservices.com
    3) googletagservices.com

    1. Re:Google stories by x_t0ken_407 · · Score: 1

      Posting anonymous since I modded already, however, this is why uMatrix is so awesome...

  22. Google has jumped the shark by Anonymous Coward · · Score: 0

    Time to switch to Duck Duck Go.

    1. Re:Google has jumped the shark by Anonymous Coward · · Score: 0

      You won't last one day with Duck Duck Go. It sucks.

  23. Just Block All Ads by Anonymous Coward · · Score: 0

    I recently switched to uBlock Origen to ensure there is no corporate shenanigans behind my adblocking tools. It seems all these companies are really just feudal lords that we, the "unenlightened subjects" choose. Your feudal lord can be Google, Apple, or Windows. Blackberry has had all their land taken by other feudal lords, so their subjects are few and far between.

    I am disappointed, however, that I am almost "forced" to choose between Google, Apple, and Microsoft. I really do wish someone would invent a mobile phone that is not based on Android, iOS, or Windows 10. I want a phone that is not "gated", one that is not tied in any way, shape, or form to one of the aforementioned companies. Is this possible? Does it exist?

    I'm tired of being led. I seriously dislike it. I run Linux, pay for my own email, yet my mobile device seems to be tied to one of the three companies above and there is little to be done to escape it and still have a modern mobile device.

  24. Yippee! More advertising! by JustAnotherOldGuy · · Score: 1

    Yippee! More advertising!

    Gosh, I can hardly wait for this new round of advertising to kick in; I just haven't seen enough ads lately and this will be a refreshing blast of pure consumeristic happiness.

    I suppose it could theoretically mean fewer ads if they're really targeted, but as we all know, that ain't gonna happen.

    All hail our targeted advertising overlords, kneel before Zod, puny consumer!

    --
    Just cruising through this digital world at 33 1/3 rpm...
  25. Google's long con by Anonymous Coward · · Score: 0

    This has to have been one of the motivations for them creating Gmail and other login-based services from the beginning.

    1. Re:Google's long con by Anonymous Coward · · Score: 0

      Indeed. And once the sheeple taste "free" services, they're hooked for life. Almost no one pays for email anymore. I do because I want to be a customer. Fastmail have a fantastic track record of privacy and security and I've been using them for years because of their record and outstanding customer service. If there is a better email/calendar/storage provider, I'm not aware of them, and I've tried most of them.

      I wish there was a mobile phone that was not tied to one of the three overlords: Google, Apple, Microsoft. Blackberry would get my vote at the moment, but it's not looking good for them. Their recent device is Android based, which does not get my nod. If Blackberry can rise from the ashes, I'll go back willingly.

  26. Re:Ties in with their new motto by lister+king+of+smeg · · Score: 1

    Sorry, now it's "Do the right thing."

    Of course, this is even more ambiguous than the previous one. I, for one, have no desire for the 'right thing' to be done to me, if an MBA is the one deciding it.

    No it isn't the last motto "don't be evil" let them be chaotic neutral. With this they are stuck in the lawful alignment or possible the good alignments, depending on the relative alignment of the person interpreting it.

    old motto
    lg ng cg
    ln tn cn
    le ne ce

    new motto
    lg ng cg
    ln tn cn
    le ne ce

    --
    ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
  27. Ublock = inferior & inefficient vs. hosts by Anonymous Coward · · Score: 0

    Can ublock do 16 things hosts do for speed, security, & reliability:

    1.) Protect vs. malicious sites (past ads)
    2.) Protect vs. fastflux botnets + stop C&C communique
    3.) Protect vs. dyndns botnets + stop C&C communique
    4.) Protect vs. DGA botnets + stop C&C communique
    5.) Protect vs. downed DNS (4 reliability)
    6.) Protect vs. redirect poisoned dns
    7.) Protect vs. trackers
    8.) Protect vs. spam
    9.) Protect vs. phishing
    10.) Protect vs. caps
    11.) Get you by dns blocking
    12.) Keep you off dns request logs
    13.) Speed up surfing by adblocks & hardcoded favs
    14.) Work on anything webbound (ie email programs) multiplatform.
    15.) Give you easily controlled data
    16.) Do those & block ads better than addons more efficiently in cpu + memory use

    * ANSWER ="NO" to each on UBlock doing it as well or @ all!

    APK

    P.S.=> UBlock does less than hosts & less efficiently - hosts do MORE w/ less + Hosts start w/ the IP stack before REDUNDANT inefficient addons BEGIN to operate (as 1st resolver queried):

    Ublock's NOT as efficient:

    Hosts @ 3mb-11mb w/ current data vs. threats + ads - test yourself using my program.

    UBlock uses 63++ MB -> http://www.ghacks.net/2014/06/...

    SCREENSHOT -> http://cdn.ghacks.net/wp-conte...

    ---

    ClarityRay defeats it detecting it by dumping addons in use in a browser via native browser methods to do so!

    ---

    UBlock adds complexity/room for breakdown/exploit + from a slower mode of operations (usermode = more messagepassing overheads vs. hosts in kernelmode).

    ---

    What's better?

    APK Hosts File Engine 9.0++ SR-2 32/64-bit -> http://start64.com/index.php?o...

    MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...

    It's GUARANTEED safe & clean per it being checked by 57 antivirus programs recently in BOTH its 64-bit model https://www.virustotal.com/en/...

    +

    In its 32-bit model also https://www.virustotal.com/en/...

    ... apk

  28. Why's "AlmostAllAdsBlocked" not thus? by Anonymous Coward · · Score: 0

    See subject: It defeats that & shows their true colors - you get it whether you want it or not (or are even aware of it) by default.

    APK

    P.S.=> Do you know how much damange they've done? Take a SMALL partial peek only -> http://apple.slashdot.org/comm... & here too -> http://apple.slashdot.org/comm...

    ... apk

  29. Re: Lots of FUD in the headline, no substance by Anonymous Coward · · Score: 0

    And it's pretty easy to fire up some headless browser requests for 50 fake users in the list. (The other 49 may not be necessary).