Web ads are dramatically different from prior ad media, though — rather than just being printed on paper or inserted into a broadcast, web ads are software. They run arbitrary code on your computer, which can (and usually does) collect and send data about you and your behavior back to the advertisers and publishers. And there’s so much consolidation amongst ad networks and analytics providers that they can easily track your behavior across multiple sites, building a creepily accurate and deep profile of your personal information and private business.

All of that tracking and data collection is done without your knowledge, and — critically — without your consent. Because of how the web and web browsers work, the involuntary data collection starts if you simply follow a link. There’s no opportunity for disclosure, negotiation, or reconsideration. By following any link, you unwittingly opt into whatever the target site, and any number of embedded scripts from other sites and tracking networks, wants to collect, track, analyze, and sell about you.

Marco Arment on web ads.

I’ve mentioned this before and it bears repeating: the only reason this model of surveillance-as-advertising works is because the US has fucked-up data privacy laws.

Firstly, in the US, companies own user data. In most other developed nations, the individual retains ownership of data about themselves, even when those data are held by a third party (e.g. a website).

And secondly, in the US, companies that “own” user data may use that user data however they see fit (with a few very small exceptions), including selling it to third parties. Again, in most other places, companies can only use data for the express purpose for which they were collected, unless they obtain explicit consent from the individuals whom the data describes.

To say that the internet would be a very different place if the US had proper data privacy laws (i.e. ones that hadn’t been fucked up by corporate lobbying) is… something of an understatement.