alt.hn

6/2/2026 at 7:39:25 PM

The advertising cartel coming to your web browser

 https://blog.zgp.org/the-advertising-cartel-coming-to-your-web-browser/

by speckx

6/2/2026 at 9:24:48 PM

> Don’t look for a section on permissions or consent in that document, by the way. There isn’t one. And nothing about nerd lawyer stuff like “opt out of sale” or “objections to processing” in there, either. The Big Tech companies want a two-track system, where other companies’ ad features are required to do all the privacy regulation hassles, but the browser’s own built-in tracking feature is something that people have to find the right setting for and turn off.

This language to make consent popups sound good is suspicious. Not being interrupted while you're browsing is good. A browser setting that people can turn off once, for all participating websites, is good.

by skybrian

6/2/2026 at 11:31:46 PM

You don't need cookie banners unless you want to track the user before they opted in on their own (maybe in the "website settings"). That's why countless websites have none.

The browser would only have to ask once, and then it would still just be "one browser setting", except you'd be notified it exists, as soon as it exits. So what's the point here, other than trotting out the same old stuff nut about cookie banners?

On update, "this is the thing, and that thing is enabled by default, is that okay? Otherwise, click no, then it gets turned off. If you change your mind later, it's under settings -> thing"

It's not complicated, and blaming laws that enforce human rights to avoid the most basic craftsmanship is suspicious.

by customguy

6/3/2026 at 1:01:48 AM

Is it the case that "countless websites have none"? Some websites, especially small ones operated outside of the EU, simply don't care about their obligations under European law. But in my experience it's extremely rare for European websites not to feature a cookie banner. It's not like it's just corporations: the official websites of the European Commission (https://commission.europa.eu/), the presidency of France (https://www.elysee.fr/), the chancellorship of Germany (https://www.bundeskanzler.de/bk-de/), etc. all have one.

by SpicyLemonZest

6/3/2026 at 6:45:22 AM

The issue might be that a lot of websites are run by marketing and communications teams, that all have KPIs and metrics, which they need to track (sometimes for no good reason). Some of this could be done without cookies, but that requires an active operations team which can support it, but because these sites a managed solely by non-technical people they don't know what to ask for, they just know that if you slap on the snippet og JavaScript, they get the metrics they "need".

Github is probably the largest site that does not have a cookie banner, because they don't need on. If Github doesn't need a cookie banner, then maybe the EU commission could work on removing theirs as well.

by mrweasel

6/3/2026 at 2:35:02 AM

> Some websites, especially small ones operated outside of the EU, simply don't care about their obligations under European law. What about lobster.rs?

Such as HN? Honest question, for all I know they're breaking EU law and nobody cares. Or maybe they don't.

Anyway, pouet.net doesn't have one. It links to a ton of group sites, many European, try to count the ones that don't have a cookie banner.

For fun, I did a quick and dirty test on the HN front page at the time of this comment, out of 30 links, I counted 11 cookie banners. Let's say I missed a few (a bunch of the ones I counted were a small bar at the top or the bottom, easy to miss, not even sure if they blocked the page), let's say it's 20 out of 30. One third of all websites is still a huuuuuuge amount of websites.

I took privacy seriously before I "had to". So for me, nothing changed. Why would it? You can have a link in the footer to opt into tracking. If actually "value consent" and all that. It's a complete non-issue for most sites that have banners, they could just stop being creeps and it'd be fine. But they don't want to stop, they want to annoy users as much as legally possible and then funnel the annoyance at the laws protecting those users against them.

"Have you heard about this new thing, you have to wear something around your ankle and can't be a school teacher and stuff like that? Yeah it's really insane, how will children learn anything, ever again?"

"Wait, what are you even talking about? Have you done something?"

Of course there's corner cases, of course this can also be a hassle for sites that aren't "creeps". But generally? The same generic false claims, over and over? Just no.

by customguy

6/3/2026 at 3:22:47 AM

HN used to be non-compliant, but does seem to have fixed it, I'm not seeing any cookies in a browser where I'm not logged in.

pouet.net is tracking me. On my first visit they deposited a cookie named POUETSESS4 with a 1 year expiry and a persistent hash identifier in my browser.

I checked a few outbound links from that site to European domains, and it does seem to be about 50/50 on whether they have similar problems, which is much better than any rate I've seen elsewhere. Good on this community for having a lot of folks who care about privacy and roll their own web frameworks. But I doubt it's the case that the other 50% or the parent site intended to secretly track me; they just ended up with a dependency on some tracking framework by accident, and they're too small to get in trouble for it.

by SpicyLemonZest

6/3/2026 at 5:25:12 AM

> they just ended up with a dependency on some tracking framework by accident, and they're too small to get in trouble for it.

I'd say it's simply not in the spirit of the law. I.e. that cookie could be used to track you, but isn't. Sure, they could be secretly selling your info, but they could also be secretly storing your IP and anything else to fingerprint you. That would also be illegal, and no way you could know from the outside. So why are there not constant raids all over Europe, all the time?

As I said, I do think it's because that law isn't enforced to just waste time on BS. If I walk across a red light in the middle of the night [0], where there's a car every 5 minutes, and do it carefully after looking left, right, left again, and you run up to cops parked nearby who saw that, and insist they do something, they'll laugh at you. If you insist and freak out, you have a bigger chance to get in trouble than I do. But that's not some sinister law that everyone breaks and that is enforced selectively, it really is for what it says on the tin, what a reasonable person would abide by it for.

[0] Or put a session cookie I never use except for logged in users, and without any PII, because the site was written in 2000 and it's fine.

by customguy

6/3/2026 at 6:04:54 AM

> If I walk across a red light in the middle of the night [0], where there's a car every 5 minutes, and do it carefully after looking left, right, left again, and you run up to cops parked nearby who saw that, and insist they do something, they'll laugh at you

What country is that illegal in?

by hdgvhicv

6/3/2026 at 7:45:05 AM

Poland. My friend actually got a ticket for jaywalking at night across a completely empty street.

by Klayy

6/3/2026 at 6:37:29 AM

The US, and that's also besides the point. Why does stuff like this get bickered about, instead of simply showing the vast damages caused by this terrible law? I read FUD about it all the time, I don't know a single case of an actual problem it caused.

by customguy

6/3/2026 at 2:39:32 PM

HN explicitly breaks EU law. You can ask them to delete your comments because of GDPR, and they will tell you they don't follow European law so they won't so that.

by chadgpt3

6/3/2026 at 4:59:50 AM

Except this didn't need to be a thing at all. Nobody wants ads.

You could have no interruptions, no consent popups, and no tracking, just don't have ads.

Trying to find logic or middle ground on this issue will never make sense, because the ad cartel is based on absurd fiction: that ads are good for people, rather than just being stochastic predation on the fraction who are not successfully able to turn off the malware.

So we arrive at the absurdity that the onus is on the users to defend themselves against the product, and how to present the options to them, so that a sufficient proportion of the prey doesn't do it.

by avaer

6/3/2026 at 5:45:10 AM

Hell, you can have the damn ad without any tracking, and you still wouldn't need the popup.

by cwillu

6/3/2026 at 6:10:42 AM

Ronseal’s quick drying woodstain. Does exactly what it says on tin. Ronseal didn’t track me when they advertised it to me in the 90s, but the advert still existed and worked. Same with richer smoother Nescafé gold blend. the ambassador constantly spoils use with Ferraro Roche, and I can always get a great deal on car insurance if I compare the meerkat.

These adverts worked, and had no tracking.

by hdgvhicv

6/3/2026 at 6:47:57 AM

Exactly, I really question how much value personalized ads provide over contextual ones.

It's very hard to track or provide an experiment for, but right now companies seems to be accepting the "Trust me bro" from the large advertising companies.

by mrweasel

6/3/2026 at 9:23:21 AM

> how much value personalized ads provide

I think it's important we break this question apart by "value to whom."

1. Consumers barely notice ads for things they don't care about.

2. Sellers will see it as percentage inefficiency in their spending, wrapped up in other reporting noise.

3. Ad-networks on the other hand, may view a not-interested impression as a lost chance to make revenue by putting something "better" in its place.

by Terr_

6/2/2026 at 9:42:22 PM

That’s what the Do Not Track signal was for, but tech bros still don’t get consent sooooooooo…

by rho138

6/2/2026 at 7:55:37 PM

I'm not sure what this blog is complaining about.

>Problem one: Over-rating search, social, and app store ads

Isn't this a problem with today's ad attribution system? The author doesn't try to argue how the new system makes it worse.

>Problem two: Incentives for extra tracking

Same as above. It sounds like he's against attribution in general, which is an okay position to have, but I'd rather he say this upfront and more directly rather than spending 1k+ words on what essentially can be boiled down to "I hate Attribution Level 1 because it's attribution, and attribution is bad in general", and implying the issues he has are issues with Attribution Level 1 specifically.

by gruez

6/2/2026 at 10:28:41 PM

The issue is that problem one is real, but not in a way that's beneficial to other advertising products.

Search, social and app store ads are over rated in that a lot of brands should probably decrease their investment, but things like programmatic display ads are absolutely not under rated. The correct number of dollars that should be spent on those placements is close to zero.

by crowcroft

6/2/2026 at 8:09:44 PM

Agreed, this can't be worse than what it's replacing. Still, the author has some interesting points I hadn't considered before.

I guess from the advertiser's perspective this standard could be a concern, because the loss of cookie-based tracking might make it harder for them to develop alternative attribution tracking methods that don't have the same data quality problems.

by Ajedi32

6/2/2026 at 8:18:27 PM

> Agreed, this can't be worse than what it's replacing.

The mistake is assuming this replaces anything instead of becoming just one more piece of the tracking puzzle.

Even if it did "replace" cookies or whatever, it's strictly worse than "before" because it's giving advertising a front seat in the browser. My browser should be doing precisely nothing to help you attribute your ad impressions or whatever. But now Mozilla et al have to waste their time maintaining and augmenting this opaque piece of mathematical faff.

by akersten

6/2/2026 at 8:41:35 PM

This is a debate I've seen many times now on HN. I sympathize with what you're saying, but the flip side is that many users seem to prefer a free ad-supported funding model over a paid, ad-free model. If a site is going to be serving me ads anyway, then all else being equal I'd rather them make as much money off each impression as possible to incentivize them to keep providing me with free services. The privacy and resource cost of a user's browser sending anonymized attribution statistics is very minimal.

by Ajedi32

6/2/2026 at 9:10:55 PM

Do you want to click through and spend money on the ads?

If not you aren't really working towards them paying a lot for ads, right?

by nemomarx

6/2/2026 at 9:29:13 PM

>Do you want to click through and spend money on the ads?

Nobody "wants" ads, but they do want the free content they get today, which are funded by ads.

by gruez

6/3/2026 at 7:46:26 AM

Nobody asked for free content. It was pushed on us so they could track us. Before the Internet, you normally paid for what you consumed (at least, more than now. And before that even more).

by curtisblaine

6/3/2026 at 11:39:39 AM

Newspapers, network tv, etc has been subsidized by ads for 100 years+

by cm2012

6/2/2026 at 9:30:27 PM

Maybe? Depends on what the ads are for. Obviously I'm not going to buy something I don't actually want just to support the site I'm on, but I have no particular objection to buying something I discovered through an ad if it's something I would buy anyway if I discovered it organically.

by Ajedi32

6/2/2026 at 9:48:19 PM

> many users seem to prefer a free ad-supported funding model over a paid, ad-free model.

You don't need pervasive and invasive tracking and wholesale trading of your data to display advertising.

by troupo

6/2/2026 at 8:33:12 PM

> Agreed, this can't be worse than what it's replacing.

Why can't it?

by devmor

6/2/2026 at 8:44:41 PM

Because as GP alluded to, the thing it's replacing (cookies) already does exactly the same thing but isn't anonymized.

by Ajedi32

6/2/2026 at 9:49:02 PM

> the thing it's replacing (cookies) already does exactly the same thing but isn't anonymized.

No idea what it's replacing. Cookies is a red herring. Tracking involves more than just cookies.

by troupo

6/3/2026 at 3:06:31 PM

It’s not replacing cookies, though.

It’s adding an additional feature that provides information to advertisers that they currently use cookies as one part of, with different considerations.

by devmor

6/2/2026 at 9:00:37 PM

This seems like this is written by an advertiser who wants their profits, but pretending to care about privacy so they get users' support.

Here is a more honest summary:

"This proposal hurts us, small advertisement networks and professional marketers. Reject it, or we will ramp up the tracking to compensate for the lost opportunities!"

by theamk

6/2/2026 at 7:57:08 PM

> When Meta, Google and Apple [and Mozilla] agree on a “privacy” feature, watch out.

?

This feels like a good sign, to me. I get far more worried when I see the likes of Meta, Google, Spotify, Epic etc team up.

by sandcat_

6/2/2026 at 8:16:41 PM

And you think that they team up for your benefit?

by SirFatty

6/2/2026 at 9:10:05 PM

Most people (and orgs) do things that benefit themselves. The question as a user, who is likely to be more aligned with you?

- Mozilla, Meta, Google, Facebook

- VP of "monetization technology" company, "Marketing data expert"

by theamk

6/2/2026 at 10:13:05 PM

Meta and Google are entirely advertising-focused companies, with their main revenue coming from being able to put together accurate profiles of people to spam them with campaigning attempts to get them to buy things.

by fao_

6/3/2026 at 3:40:28 AM

Author of the OP is the VP of the adtech company, with their main revenue coming from being able to put together accurate profiles of people to spam them with campaigning attempts to get them to buy things.

He is not mad because Google can kinda-track users under new system. He is mad because Google can kinda-track users under new system, but his company _won't be able to any more_. Hence all the "cartel" talk.

by theamk

6/3/2026 at 5:32:58 AM

neither?

by _ZeD_

6/3/2026 at 12:07:39 PM

> This post is already getting too long, so I won’t cover all the extra problems besides the big two.

> There’s no estimate of the environmental impact of all the extra processing

The “environmental impact” of this data processing is one of the “big two” problems with the proposal? Maybe this was just a backup filler argument but it is such a silly point that it immediately makes me question the entire article. This is a massive tell that someone is arguing in bad faith.

by semiquaver

6/2/2026 at 9:38:41 PM

Closed immediately due to the invasive "using this site means you agree to our terms of service!!" Popup

by powerpcmac

6/2/2026 at 9:44:14 PM

Did you read it?

by monk_grilla

6/3/2026 at 6:00:54 AM

Meanwhile the most popular browser is by... google, the largest advertising corporation on Earth.

They've been there for a while now. Sadly.

by utopiah

6/3/2026 at 6:54:23 AM

And then to make it worse, plenty of devs see no issue shipping it with their applications instead of proper OS frameworks.

by pjmlp

6/3/2026 at 2:42:43 PM

Are there even any proper OS frameworks any more?

by chadgpt3

6/3/2026 at 2:46:01 PM

Yes, one only needs to bother to learn beyond JavaScript.

by pjmlp

6/3/2026 at 2:30:24 AM

I've been wanting to build something like this for mobile advertising attribution. Mobile attribution is much worse since it by nature needs to on a device / fingerprinting level track across apps, and since there is not HTTP direct connection between the apps, the tracking is much more broad. Companies like AppsFlyer are in 20% of apps and track everything that happens in those apps.

I'd like to see AppsFlyer work on this as well. Moving mobile attribution to device based would be a huge privacy benefit. But it might be quite difficult for a company like AppsFlyer to do this, so it might need to end up being pushed by Apple and Google, but as both advertising companies, they might be even less incentivized for this kind of local tracking.

by ddxv

6/2/2026 at 9:39:52 PM

You can tell who works in adtech

by sporadicism

6/2/2026 at 9:35:11 PM

> called Attribution Level 1, as a standard feature of web browsers

We need to eliminate private companies from our browsers in general. Many years ago they called it "acceptable ads".

by shevy-java

6/2/2026 at 10:24:18 PM

"The average person in the USA has about $1200/year spent on advertising intended to reach them. Where do you want “your” $1200 spent?"

Interestingly $1,200 is roughly 3.5% of what the average American spends per year (roughly $78k), and $1200 is roughly 15% of the average American's discretionary spending. That doesn't seem too crazy to me as a cost for the main driver of the matching and branding system of the capitalist economy of the United States.

by cm2012

6/3/2026 at 6:18:10 AM

That’s $3.30 a day.

In the days this was mainly spent on tv advertising the average American would watch an hour of adverts for this $3.30 (3 hours of tv)

That’s a massive drain on the economy, think what could be produced if that hour is spent on even minimum wage output.

by hdgvhicv

6/2/2026 at 10:28:26 PM

The cost is your attention, your mental health, as well as buying things you didn’t know you needed or didn’t know you didn’t need. It’s not a level playing field.

by rpastuszak

6/2/2026 at 11:09:43 PM

Except it isn't a level/merit-based 'matching and branding system', it's exactly the opposite - people see what others pay for them to see (and what's most likely to influence the viewer in a generally detrimental way), not what's actually beneficial/useful to them.

Imagine if all google results were ranked purely based on advertising potential... this is already starting to happen and it clearly makes google noticeably worse.

Not only is it bad for people and society, but it also undermines the whole idea of open and fair competition in a capitalist system - why do I need to make my product better if I can just spam advertising and dishonest marketing instead?

by aleqs

6/3/2026 at 12:35:16 AM

Both ads and capitalism are messy and have some externalized harms, but are better than the alternatives.

In the "advertising led" model of customer discovery, businesses advertise to essentially tell the market that they exist and provide a service. They do so by paying for advertising space across various mediums. This includes everything from their store signage to Craigslist ads, to TV and sophisticated digital advertising.

Most modern advertising is an auction where businesses compete to serve their message to customers the algorithms think are most likely to be interested.

This function - of matching users that might be interested in products to businesses providing products - is at this point hugely scaled.

People who want to ban ads will usually give the alternative of a reviewed directory of products and services for each category. That, they say, would be the ideal method of product discovery, along with word of mouth.

However, that runs immediately into the same problem that communism has historically. Who actually controls these directories, which would be a huge source of power for society? I posit that that it is impossible to centralize this effectively, and that the most likely most effective method for idea and product dispersal is something close to modern marketing and advertising.

by cm2012

6/3/2026 at 12:50:01 AM

Why do you assume that any alternative to ads has to be centralized? You also seem to assume the advertising space is not centralized (lol).

If we can build a (centralized or decentralized) system capable of querying/serving content based on price and ad revenue projections, we can also build system capable of querying/serving content based on relevance, ratings, reviews and any number of parameters.

You seem to imply that advertising and marketing give us some kind of advantage in terms of (de) centralization, but that's really not true. The whole purpose of advertising is MAKE people look at ads despite the fact that almost nobody actually enjoys or values looking at ads, whether it's run as a centralized or decentralized model is an implementation detail.

by aleqs

6/2/2026 at 11:21:55 PM

Time to fire up the chaffing. Or the pitchforks and torches. Either one.

Advertising needs to be over now.

by Hizonner

6/2/2026 at 7:55:48 PM

So they “reinvented” HTTP cookies but with only advertisers?

> Technically, the way it works is that a script running on a site with ads asks the browser to record an ad impression. Then the browser keeps a record of ads seen from all the sites you visit. Later, when you buy something, the retail site can ask the browser to generate a “conversion report” that can be passed to a centralized aggregation service.

by AndrewKemendo

6/2/2026 at 8:05:47 PM

Sort of. Cookies track you as an individual with a unique identifier. The conversion report only tracks anonymized aggregate statistics that can't be used to identify you as an individual.

by Ajedi32

6/2/2026 at 10:40:02 PM

This sounds a lot like “you’re getting analyzed by AI/ML, tied to a specific bucket of similar users, then your continued data expands the bucket, splitting off into different adhoc buckets of similar users”

If so, you can’t be tied to a specific purchase but you can be so tightly grouped it’s basically the same.

by xmcp123

6/3/2026 at 3:32:56 AM

Look up differential privacy. Done right, it is impossible to do what you said.

by shostack

6/2/2026 at 9:49:55 PM

> The conversion report only tracks anonymized aggregate statistics that can't be used to identify you as an individual.

Combined with the other 200+ tracking points from your machine... Yes, yes you can be identified.

by troupo

6/2/2026 at 8:04:17 PM

More importantly it's privacy preserving because it doesn't allow for bidirectional communication, which third party cookies could do.

by gruez

6/2/2026 at 9:47:23 PM

The next time anyone on HN says "GDPR should've been a setting in the browser", I'll just point them to this. This is what browser vendors are making as a default setting.

by troupo

6/3/2026 at 3:12:17 AM

Following the overturning of Roe v Wade, it is clear that the US needs privacy enshrined in the Constitution. For example, it is absurd to imagine a state government trying to distinguish between an abortion and a miscarriage in order to potentially prosecute; this distinction is something that no one beyond the woman should have any right to know.

It's my view that the Founders did not think to directly mention privacy since they had no capacity to imagine technology as powerful as that which enables today's surveillance capitalists. But the sort of law that would establish a general right to privacy (or the kind of values that would lead us to establish one) would likely also hinder companies from aggregating user data for any purpose other than directly serving users. (And it would also hinder the government from surveilling its citizens.)

If such an amendment were considered, we'd all fast find that most techies aren't actually liberals. Oh wait, we saw that when they all turned to support Trump. Surprise, surprise.

I promise you that when consumer and enterprise funds dry up, every one of these AI companies will be placing ads and selling surveillance and drone tech to the government. Anthropic already dropped the part of its constitution that forbid collaboration of any kind with the military. The pressure to profitability is immense.

Today, purported morality is mostly (temporary) sophistry. Most folks will work for Zsuck or Palantir if the money is good enough.

by jsrozner