> It's great that they do that, but it's still the bare minimum over here on the Old Continent. We can and should demand more.
Sure, but its been possible to do this since well before the GDPR mandated it. Now maybe you can argue that the threat of regulation is what keeps Google in check here, and ok fine that's an unfalsifiable claim but maybe it's true. But even still, that doesn't actually justify "we should demand more". Maybe more privacy regulation is justified, but "we already have some" isn't actually justification.
> What's currently stopping evil actors from exfiltrating data from Google's PII through buying narrowly targeted ads, each time with slightly different targeting
The snarky answer first. PII has a specific meaning. It means personally identifying information. Your ZIP code isn't PII. Your name is. No matter what ad targeting tricks you do you can't pull my name or address out of what Google sends you. So you don't get PII.
Now the less snarky answer. The actual attack you're describing does this repeated targeting thing, which ties private data to some pseudonymous ID, like a browser fingerprint. At this point they don't have any PII. Then, you get the victim to enter their personal information on your site. Now you can tie the PII to the other information from the shadow profile you've built.
So why isn't this useful? Mostly, cost. To get this to work, you need to have some one or some group click on multiple different ads you control ($ + time cost) and then enter their identifying information on a site you control. Click through isn't assured, and conversion to entering information is very unlikely. When you're, you know, actually selling a product, this is a worthwhile investment.
But this attack is essentially paying to advertise to people with the goal of learning who you are advertising to. As a result, this only really makes sense in the context of targeted attacks or generic blackmail. Targeted attacks don't work because now you need a specific person to enter their PII in your site (and then what?, you've learned that someone is interested in LGBT topics. I'm interested in LGBT topics and straight). And similarly broad blackmail doesn't work.
But I'm interested in how you think an attacker could do something in a cost effective manner.
> It's great that they do that, but it's still the bare minimum over here on the Old Continent. We can and should demand more.
Sure, but its been possible to do this since well before the GDPR mandated it. Now maybe you can argue that the threat of regulation is what keeps Google in check here, and ok fine that's an unfalsifiable claim but maybe it's true. But even still, that doesn't actually justify "we should demand more". Maybe more privacy regulation is justified, but "we already have some" isn't actually justification.
> What's currently stopping evil actors from exfiltrating data from Google's PII through buying narrowly targeted ads, each time with slightly different targeting
The snarky answer first. PII has a specific meaning. It means personally identifying information. Your ZIP code isn't PII. Your name is. No matter what ad targeting tricks you do you can't pull my name or address out of what Google sends you. So you don't get PII.
Now the less snarky answer. The actual attack you're describing does this repeated targeting thing, which ties private data to some pseudonymous ID, like a browser fingerprint. At this point they don't have any PII. Then, you get the victim to enter their personal information on your site. Now you can tie the PII to the other information from the shadow profile you've built.
So why isn't this useful? Mostly, cost. To get this to work, you need to have some one or some group click on multiple different ads you control ($ + time cost) and then enter their identifying information on a site you control. Click through isn't assured, and conversion to entering information is very unlikely. When you're, you know, actually selling a product, this is a worthwhile investment.
But this attack is essentially paying to advertise to people with the goal of learning who you are advertising to. As a result, this only really makes sense in the context of targeted attacks or generic blackmail. Targeted attacks don't work because now you need a specific person to enter their PII in your site (and then what?, you've learned that someone is interested in LGBT topics. I'm interested in LGBT topics and straight). And similarly broad blackmail doesn't work.
But I'm interested in how you think an attacker could do something in a cost effective manner.