โ„จ๐”ž๐” ๐”ฅ ๐”ˆ๐”ก๐”ด๐”ž๐”ฏ๐”ก๐”ฐ Profile picture
digital/founder @victorymedium // former cofounder @phone_banking +STG/MDM #Obama08alum #BillWhite10alum // CIPP/US cert /#build๐Ÿ”ฅ๐Ÿ•ธ ฯแ”•๐žแปฎฤŽ๐”ฌล‡สธเน“ร˜แต˜ไธ‚ he/him/yโ€™all
Eleni Palmos Profile picture 1 added to My Authors
22 Feb
Everyone in privacy + ad tech + internet regs should read the "News media bargaining code" from Australia (accc.gov.au/focus-areas/diโ€ฆ) - aka the "link tax" - it creates new rules for Facebook (& other tech orgs). It's legislation birthed from an antitrust report - it's big crap๐Ÿงต
I've been following all the antitrust reports about Facebook & Google - I've read all the major reports cover to cover & even helped a little on one. These entities need to be held accountable - Google should be forced to spin off their ad tech, FB banned from new acquisitions.
First, Australia is not proposing a "link tax" - they are proposing deeply nuanced "bargaining" rules for specific types of tech companies (Facebook & Google are targets) and the rules apply to an extremely broad range of "news websites" - they try to "even the playing field" ๐Ÿฅถ
Read 14 tweets
21 Feb
There is an alarming trend w/ smart home devices (mostly TVs) who have "App Ecosystems" -- their "smart microphones..." have data associated w/ IP addresses + device-specific IDs & the TVs let apps ingest that consumer audio under **the apps own TOS**
vizio.com/en/terms/privaโ€ฆโš–๏ธ
Smart TVs are made w/ a data supply architecture bolted on where the consumer is agreeing to layered Terms of Service...

The TV *Apps* can get *very* valuable data - and consumers are not being properly warned that they need to be *very careful* about which TV apps they install.
Samsung TVs (& many other TVs) run on the Open Source Tizen Platform (docs.tizen.org/platform/what-โ€ฆ)- just like Chromium they use W3c guidelines & API standards- but unlike Google, Samsung & TV makers are hoping regulators don't catch-wise to these non-compliant data flows for ad tech.
Read 6 tweets
20 Feb
Ba Da Ba Ba Bah, I'm Lovin' the app attribution fraud being pushed through the Fortnite YouTube Scams from PAF - they are using a fake Bootstrap domain (missing the "p") @ "bootstraplugin.(scam)com"

Some of the network has been researched by @RiskIQ @ riskiq.com/blog/labs/youtโ€ฆ ๐ŸŒฉ๏ธ
Also, it should be clear by now I'm finding this network because they heavily buy Google / YouTube ads

You can also site search their scam domains and get Google ads for other scams from (imo) the same group :/

~These phish kids & gamers - but are apparently low priority?:
The PAF attacks against Epic Games Fortnite Players are *quite epic* and these people have been attacking Epic Games since well before I caught the same group controlling a House Party subdomain.

They control numerous domains - orchestration for days - PAF gang are OG operators
Read 6 tweets
15 Feb
Are there any proposals to sandbox the mobile address book via iOS or Android so wild mobile apps like Clubhouse can't "go viral" and then encourage millions of Americans to share their personal user graphs and personally harvested contact information of friends/colleagues? โš–๏ธ๐Ÿงต
There are odd legal exposure issues related to a For-Profit Business requesting access to a Personal Contact Book from a non-business / person -- here's the flow imo:

Data Controller requests consent + marketing purpose to ingest Contact Address Book from non-covered entity
...
a Data Controller requesting 100% access to a personal Address Book, has ingested *user data, without consent from the users who the data belongs, to process it*

imo the phone APIs from iOS / Android that ingest + share address books violate Data Controller Frameworks
Read 17 tweets
14 Feb
Congress rarely provides justice or reform. It's a bastion of conflicts & procedural rules.

But for 18 months after a Presidential election, an agenda can be set.

& Congress can't chew gum and walk - they fuck that up bad. We could get 1 trial, or debates on a bunch of issues.
If President Biden had demanded Congress hold a trial, with witnesses and tons of subcommittee hearings, he could have easily done that. And he could have put so much pressure that today could have easily been a different outcome. Now, why didn't Biden put all his chips on this?
A U.S. President has about 18 months after a Presidential Election to get something important done. From 1990's healthcare reform attempts, Bush tax cuts, Obamacare, Trump's tax efforts -- and Biden *could have chosen* to spend his time/political capital on a trial.
Read 6 tweets
11 Feb
Imagine you are in charge of security for the Pentagon web portals - you've got a specific website to control where both external contractors + internal staff access it.

One day, you wake up & a Chrome Extension claims to "support your users" w/ XYZ features you didn't make ๐Ÿงต
To make matters worse, you've discovered that dozens of your users have installed the extension within days of the extension being released - & you find out that extension developer has been paying the extension store to promote this dangerous extension on search & video sites.
Now, what do you do? Do you initiate an internal meeting to audit the extensions in order to try and break the features that are unsafe? Do you contact the extension store to demand the extension be taken down? Contact the dev? Do you warn your users or disable their accounts?
Read 9 tweets
29 Oct 20
This is some of the worst ad tech research Iโ€™ve ever seen. The markup doesnโ€™t have access to the actual bidding details of either campaign - they donโ€™t have exclusion data either.

A few FB buying facts:

1) Exclusion audiences save money when high-bid pages are in an audience.
2) custom audiences cost less than native FB targeting of page interests/likes

3) lookalikes cost less than custom audiences, and less than native FB targeting

4) campaigns bid against each other - hugely popular states like Florida has tons of competition
5) itโ€™s possible to attack the CPM rates by buying ads against XYZ fan page. Take 40 ads accounts you control, bid on only fan pages (Obama/Biden,hrc) & bid very high. Bidenโ€™s optimization choices for a campaign could then be used to push his CPM rates in some markets sky-high.
Read 8 tweets
22 Oct 20
1) I've reviewed the "Evaluation of Cohort Algorithms for the FLoC API" @ github.com/google/ads-priโ€ฆ & have thoughts..๐Ÿงต

high-level takeaway is that both methods Google tested *require an anonymity server* to filter cohorts that are too small.

This is *not* a deal breaker* Image
2) *Google tested methods that required an anonymity server because they don't have federated learning built into Chrome.

So Google tested "Centralized cohort building/filtering" vs "Pseudo-on-device cohort building/filtering" - the privacy safe version was 85% of the quality.
3) Differential privacy โ‰  K-anonymity / We should focus on K-score to protect users (& merge cohorts) - it's a subtle difference but K-scores are more easily integrated into a "minimum viable cohort size" to be built into an open source anonymity server or federated Learning.. ImageImage
Read 12 tweets
19 Jul 20
I think there is another big twitter hack going on, but not to verified accounts... rayban DM spam going really big
Here's my threads w/ screen shots of users complaining about this recent twitter hack / DM mass messages pushing RayBans... (Seems like rate limits are being stomped imo)




1/2
Read 5 tweets
10 Feb 20
There is a data supply thread going around with experts dunking on people who believe microphones are listening to them & using their conversations to show targeted ads.

Experts claim itโ€™s impossible, but they are wrong...and numerous companies have tech to do it. Thread time..
Numerous companies have been testing this Speech->Keyword->Ad Segments for over a decade. Iโ€™m sharing 14 patents from major companies that do *exactly this*

Sony submitted for a patent for Speech to Keyword to Advertising tech in 2007 (received in 2011) @ patents.google.com/patent/US20080โ€ฆ
AT&T submitted for a patent for Speech to Keyword to Advertising tech in 2008 (received in 2015) @ patents.google.com/patent/US90150โ€ฆ
Read 24 tweets
1 Nov 19
Just a little reminder that Fitbit purchased TwineHealth.com in 2018 --- Twine was the HIPPA Custom Audience tool used by Fitbit + ties them into insurance/doctor/phRma networks

Twine Audience / Presentations are being purged @ webcache.googleusercontent.com/search?q=cacheโ€ฆ
"Helping patients become the masters" - a presentation from Google's new acquisition - the FitBit + Twine Patient Data connection!

Twine video @
This participant upload process used by Fitbit's Twine (now owned by Google) certainly seems like Fitbit has a bunch of patient data that is not HIPPA compliant and should never have been appended to the wearable data.
Read 8 tweets
18 Sep 19
yuck to the plaintext permutive custom params with client keyword blacklists clearly visible in page requests -- this is from the @Independent - here's one gross section:

facebook_block&topictags=
iran
saudiarabia
drone
oil
houthis
yemen
donaldtrump
hassanrouhani
@Independent * just a reminder -- the UK Independent is a NEWS website, yet they have advertising blocks for Yemen + Saudi Arabia + Houthis etc // this means that those articles do not monetize properly, aka there is a disincentive to cover the war due to advertisers being allowed to block.
**important clarification โ€”- permutive is the first Params but ***did not create the keyword blocklists**** I have confirmed from the permutive team this wasnโ€™t theirs but is injected by another partner in the ecosystem. Will follow up

Thanks p-team
Read 8 tweets
5 Sep 19
GOOGLE ๐Ÿช PUSH PAGE THREAD:

In May I was commissioned by Brave to help their team audit the Google auctions so they could file details in their GDPR complaint. My pixel auditing background is significant and Iโ€™ve built enterprise analytics for nearly 8 years @victorymedium
Here's one of the legacy threads i've done on pixel shenanigans & overlapping liabilities in the online advertising ecosystem due to how Javascript pixels piggyback from a 3rd party to 4th/5th/6th parties. It creates companies reliant on each other.

Before we begin, I keep VERY close tabs on Google systems. I'm a Google Certified Partner, I've taken and passed the Google Analytics certification, and i've been using tools like Google Tag Manager for over 7 years (since basically the start). I'm deep into Google pixels...
Read 20 tweets
1 Apr 19
Sizmek declared bankruptcy at the stroke of midnight on Friday. Come Monday, will any of their impressions still be showing? They owed $65 million - is that just delayed payments? Will payments flow to keep ads on? This feels like the ad bubble - who else has to close very soon?
When you look at the creditor balance sheet for Sizmek it should scare many folks watching markets- you could probably pick any of those companies and find similar books on their ends. They are all doing shades of auction arbitrage w/ cookie changes in browsers gutting data flow.
The subprime crisis occurred bc too many banks bet on each other and layered risk into assets that stopped being revenue multipliers and just started failing. Cookie consent rates w/ safari/Firefox changes (&chrome coming) are failures crossing that ~7% threshold like subprime...
Read 45 tweets