Update to our Advertising Guidelines

Will you disclose your "certain trusted advertisers" list?

Following the moderation strike, an agreement was reached that includes "gathering community feedback before committing to a major change to the platform". I am not aware of an attempt to gather or solicit feedback before making this change. Because of the privacy implications associated with this change, I would consider it to be a "major change" that would have an opportunity for members of the community to weigh in before it goes live.

I don't think that soliciting feedback necessarily means that you are obligated to change anything. However, the agreement was made that feedback would be gathered, and ideally read, before an announcement of the change was made.

I do not believe that posting on the Moderator team, especially without an orange diamond notification, constitutes "gathering community feedback before committing to a major change to the platform". Not all elected moderators are on the Moderator team space, and the elected moderators are a thin sliver of the affected community members. These kinds of changes should have feedback solicited on Meta.

Now that the use of retargeting pixels is allowed for advertisers, SE should remove/update the following line in the Activity Data section on the User Preferences page:

Stack Overflow never sells or shares your activity data with third parties

As Des said: "...advertisers can use data they have gathered to personalize the ads shown on Stack Overflow and Stack Exchange sites...".

This unfortunately renders 'never sells or shares your activity data' incorrect.

I may be blunt, but you probably noticed that my patience has been rapidly declining over the course of the latest dumpster fires, so... I simply don't have the will to embellish these post anymore.

I really suspect you didn't consider the realistic outcome of this choice. Let me introduce you to two friends.

They are called uBlock Origin and uMatrix. They do a wonderful job at ensuring that when you browse a site you aren't actually browsing N more unrelated sites that the owner declines any responsibility for (because let's be sincere: I doubt that Stack Overflow would take any blame if one of its "trustworthy" providers felt for a malvertising campaign—no one ever did).

Yeah, I know I know... maybe you hoped that Chrome would be your "Knight in Shining Armor™" and save you from those evil foes... I guess that the Manifest V3 API changes must look soooo good with Google trying to ensure that ad-blockers can't work anymore. But again, let's be realistic. Your SO-centric network cosmology probably already gave you a big hint: most of your users are developers and people working in IT-related technologies. I fear they know how to switch browsers if the one they are using does some major trust-breaking changes.

So... Congrats I guess.
You probably just pushed the few remaining users that cared about you, wanted you to be able to make some money and thus keep ads enabled on the network to finally walk out and block you fully... like everyone else was already doing. I am sure that this will work so well.

I almost feel like—taking into account the community and the history we've had with advertising—the inclusion of tracking pixels essentially does more harm than good to the company.

I do appreciate the heads up (both previously via the moderator team and here), but I think to an extent, this is still going to be controversial and the negative impact is less on 'user experience' than 'trust'.

For a company obsessed with developers and knowledge workers, a good chunk of their browsers already come with some degree of tracker blocking, either by default or via an addon. As such - well, the data that advertisers get, even from people who explicitly don't opt out, might not be great.

SE's also not historically engendered trust over their choice of advertisers and the advertiser's choices.

Consider the reaction to the last time someone tried tracking - see Why is Stack Overflow trying to start audio? and its response.

Microsoft is a big advertising partner with a very long-standing relationship, and well... their advertising partners tried this invasive tracking process and honestly the company's response was underwhelming.

And even if it's seen as a relatively small number of people complaining, they're valid complaints. I do realise SE 'needs' the money, and advertisers literally don't get the idea of things like privacy, and the right not to be tracked, but we do get and want privacy and a right not to be tracked.

Oddly, this is the one that pushes me over the edge. It is now abundantly clear to me that SO, Inc is desperate for money and has no respect for processes we've agreed on many times.

I have no confidence in the company's stewardship of my content and - most importantly - association of myself with it. The need for the company to make money has eclipsed its core principles.

I'd like to request disassociation from all posts on all network accounts except Stack Overflow. Please provide the process you'd like me to follow to make that happen.

I know I'm all about the privacy, but… Stack Exchange has already been letting arbitrary third-parties track us like this. As I understand, this is just documenting their existing practices, under the guise of a change of policy. (This assumption might not be is not correct: I've asked about it here.)

However, the digital advertising industry is increasingly moving towards a programmatic guaranteed model, in which the customer dynamically manages the campaign that then gets served on the Network following our advertising guidelines. In this model, we have made the careful decision to allow certain trusted advertisers to implement retargeting pixels.

That makes it sound like a recent thing, but they've been "moving towards" that for as long as I've been using the web! You can be honest with us: you want to use the Google Ad network for… reasons, the advertisers won't pay you enough money unless you let them track us, and they're doing it anyway. As I understand, all this change is (hopefully) doing is:

• actually making the "decline" option work; and
• adding proper documentation to the Cookie Policy.

You don't have to pretend that this is a new thing. That'll just make people less happy with it, for no benefit.

Only users that are opted-in to targeting cookies will see the programmatic ads from vetted customers using retargeting pixels.

I will be testing this. If you're just adding additional tracking, without resolving the existing issues I (and others) have raised over and over again… I can't say what will happen.

If you somehow weren't aware of the existing tracking being done by your advertising clients, and are proposing to add additional tracking on top, we need to have a serious talk yesterday.

Edit 2023-12-22: The existing tracking should not have been happening – and I'm not sure how it could've been, given SE's internal processes. (Perhaps it was an oversight with “3rd party tags”? I wish I'd kept more details.) This update is allowing additional tracking.

I was one of the few who saw the summarised pre-announcement in the mod team. On 2023-12-05, I left the comment:

This particular grump [me] is satisfied by the announcement you've described.

I didn't notice that this change wasn't advertised to moderators according to the usual procedures, for which I am sorry. My providing feedback without pointing this out was irresponsible, and – by leaving the CMs with feedback plural – helped obscure the communication failure. If I missed it, I see how they could have missed it. (Maybe this failure wasn't really a mistake, but I still don't believe that the individual people involved in decisions like these – many of whom I could name – are acting maliciously. Stack Exchange might be bad, but it's not Google.)

Honestly, I'm not even sure myself what the correct procedure for these announcements is. I just know SE didn't follow it, because nobody outside the company got to review the contents of this announcement before it became Policy.

What is involved in the vetting and pre-approval of a "programmatic partner" and what is done to make sure that their pre-approved compliance is continued?

To ensure that community members can confidently visit Stack Overflow and Stack Exchange sites to learn, engage, and ask and answer questions, we review our advertising and privacy policies on a regular cadence to stay up-to-date.

This is drivel. There is not a single community member who can "confidently visit" SO or other SE sites, as a consequence of this change, who previously could not visit with confidence. It's completely disingenuous for you to claim that this change will benefit users in any way, but the idea that it will improve people's confidence is more disingenuous still.

Obviously, allowing tracking by third parties will have a negative impact on people's confidence in the site. Just tell us you're doing it for money. At least that would be honest!

these changes to evolve with the industry landscape were made with your security and participation in mind.

This, too, is drivel. Sharing data with advertisers does not improve users' security and does not promote participation. It doesn't improve anything for users whatsoever, even the ones who "opted in" (read: clicked on the most prominent button to make the annoying popup disappear).

It is dishonest to claim there are "users opted-in to targeted cookie tracking"

The number of users who knowingly, willingly, and actively choose to "opt in" to having their preferences tracked with cookies for the purpose of allowing a network of advertising companies to build up a profile on them for the purpose of targeted advertising is close to zero.

Instead you have users who didn't bother to opt-out, who got apathetic and clicked whatever button, etc etc.

This is just grubby.

Opt in or out of cookie tracking

To opt in or out of cookie tracking, scroll down all the way to the bottom of any page on Stack Overflow or a Stack Exchange Site. Under the “Company” heading click “Cookie Settings”. There you can change your cookie preferences.

Glad to hear it!

This will probably sound nitpicky but I wouldn't have guessed these settings were configurable from the footer - I don't often have reason to visit it. It would be nice if there was a way for logged in users to configure them from the User settings page - even just a link that opens the same modal that the footer shows would suffice.

Update: This has been raised as a separate feature-request: Add a link to the site cookie settings from the User Settings page

The “data that [advertisers] have gathered” in this case refers to data they have gathered about user activity on their own websites that is being used to inform the ads that are displayed to the same user when on the Network.

Do those tracking pixels allow the advertiser to know what page on the Network the user is browsing when their ad is served?

The reason I ask is that on my profile it states:

Stack Overflow never sells or shares your activity data with third parties. We use your on-site activity to show you more relevant content. For example, we might show you questions based on the tags you usually browse, or show you job listings in your current location.

But, if you are allowing a third-party advertiser to know what page I'm on when you serve their ad and you allow them to send a tracking pixel that uniquely identifies me, you ARE sharing my activity data with a third party. It isn't very obvious that by allowing you to set "cookies and similar technologies (such as local storage and pixels)" that a user is agreeing to allow you to share their activity on the network, not just what ads they see and click on.

If the advertiser doesn't know what page a user is viewing their ad on, that's great! If they do, then they can infer a lot more about that user than the user might expect once the data is aggregated. Those inferences could include things like possible medical issues, or being part of a labor dispute, or being engaged to an addict^*.

I believe that the SE staff doesn't really want to invade people's privacy, but you're entrusted with more personal information than I believe you realize.

^* _{These are just a few random questions I grabbed with a quick browse on sites I knew there would be sensitive questions; they aren't the best or most compelling examples.}

To opt in or out of cookie tracking, scroll down all the way to the bottom of any page on Stack Overflow or a Stack Exchange Site. Under the “Company” heading click “Cookie Settings”. There you can change your cookie preferences.

It appears that we have to do this on every site. Could you at least offer a global option for all Stack Exchange sites?

Is there impact when visiting the site (assume for the first time) but not doing anything with the cookie dialog?

So, if a user neither accepts, nor rejects, nor changes anything about their cookie preferences, would they be served retargetting pixels?

For clarity, it is my understanding that the retargetting pixel relies on cookie information to serve content tailored to that particular user. And also my understanding is that right now, unless a user takes an explicit action for the cookie dialog (accept all, only necessary, custom), the cookies they would get would be limited to necessary only. Thus, the question is would retargetting pixels be served to users who have not expressed preference for cookies yet.

To opt in or out of cookie tracking, scroll down all the way to the bottom of any page on Stack Overflow or a Stack Exchange Site. Under the “Company” heading click “Cookie Settings”. There you can change your cookie preferences.

This link isn't working for me. It's just sending me to the current page's URL with a # postfixed to it.

On this question I get:

https://meta.stackexchange.com/questions/395389/update-to-our-advertising-guidelines/395399#

From

https://meta.stackexchange.com/

I get:

https://meta.stackexchange.com/#

(URLs are shown in code blocks to stop the site from showing the page title instead of URL text in the first one, and for consistency in the other two.)

This is a response to this comment and others in that thread. Posting as a separate answer for better visibility.

Sorry for the delay on this, but yes we are open to having a conversation around clarifying which changes necessitate broader community feedback. As you know, we negotiated the existing language as part of the agreement to end the Moderator Action last year. It’s clear that the language that finally made it into the agreement was a little vague and didn’t capture a number of potential use cases, so we are open to a reevaluation of that and an enhanced definition. But that conversation is outside the scope of this particular post.

Philippe agrees that there is a need to re-define this, so we’ll put it on our backlog as a task to look at sometime in the next fiscal year (which begins April 1st, 2024).

How exactly can I opt out of retargetting pixels (and all other tracking technology)?

You can, right?