OzBargain through a privacy lens

This year I took digital privacy more seriously. I started reading privacy policies. I started to be more conscious of the JavaScript that runs behind the scenes for every webpage I loaded. I started thinking about how online services make money to provide a free service. I started to re-think my association with Big Tech. In this post, I'll boil some of it down so that hopefully a layman/laywoman will understand. I'm a bit hesitant to post this because I don't know how it's going to be received so… YOLO. (Is YOLO still a thing…?)

Business model

There's a common saying that apparently originated from even before the first days of the internet that goes something like this - "if you're not paying for the product, you are the product".

Online services need some form of revenue to stay afloat. How does OzBargain do it? I found a post in 2013 that asked this very question.

@neil:

Yep, Google Ads + Affiliate links for non-logged in users.

@scotty

Yes it's based on volume. On an average day maybe 5-6 out of every 1,000 visitors click on ads, so to keep OzBargain alive we need to make sure it's popular enough. To keep it popular we need to make sure that it's useful and don't piss off too many people :)

As of server costs, I got many ways to save money there. Maybe I will find sometime to discuss and share that with the community.

A lot can change in 7 years. I would be interested to hear what's changed since that thread and if scotty ever did share how he saves on server costs. I'm not surprised at all with these responses.

Privacy policy

Okay, let's get to the thing that absolutely no one reads - the Privacy Policy. Firstly, I want to commend the OzBargain team for a super concise rundown. It's been written in a way such that someone with a basic level of technical knowledge will understand and it isn't just a page of legalese. Fantastic.

What, in my opinion, is actually noteworthy in there?

Third party cookies

Nothing unexpected given the business model I found earlier. There are some disclaimers that some third party cookies will be used. The section also goes on about Google's involvement.

Use of information

Here is the key line I looked for:

Under no circumstances will any of your personal information be passed on or sold to any third party, at any time.

Great! That's exactly what I wanted to see.

What actually goes on in the background?

Everything so far seems reasonable to me. Even though privacy policies are supposed to be a legal document, companies can lie.

A tool I like to run to get a general idea of how intrusive a website is is The Markup's Blacklight (clicking this link will run their tool against OzBargain). For anyone interested, I suggest actually going to the tool and reading what it has to say. What do the results look like? Here it is slightly dumbed down:

22 Ad trackers found on this site. This is more than the average of seven that we found on popular sites.

51 Third-party cookies were found. This is more than the average of three that we found on popular sites.

This website loads trackers on your computer that are designed to evade third-party cookie blockers.

This site allows Google Analytics to follow you across the internet.

😱 <—- This is how I would react if I didn't know better.

What do I know?

The above analysis would be from the perspective of a user who isn't logged in. Registered users can turn off ads. Whether or not the tracking is actually less aggressive for a logged in user, I have no idea. This is quite irrelevant to me since I browse OzBargain without logging in more than when I am logged in.

The main point is… OzBargain is super functional with JavaScript fully disabled. Sure, you lose the dynamic menus but the speed gain is tremendous. (I don't know if the OzBargain team appreciates me sharing this little secret since it does affect their revenue with more people doing it. I won't be offended if they delete this.) Cookies are easy to handle. I use an extension on Firefox called Temporary Containers. If Temporary Containers looks too complex, another great extension for managing cookies is Cookie AutoDelete. Most web browsers these days can isolate third party cookies and when combined with no JavaScript, it renders almost all tracking to be useless. You still need to be aware that you'll be followed everywhere based on your IP address.

The thread was originally intended to commend the OzBargain team in how they make it reasonably easy for privacy-minded people to opt out of aggressive web tracking. Hopefully that's the way it was always intended. I then decided to go down the rabbit hole of sharing every other thought I've had about OzBargain's interactions with a user's privacy. I honestly wish the rest of the internet was the same way.

Comments

  • YOGO trumps YOLO.

  • Do you want Scotty to ban you and your IP address?

    • Luckily for me, I picked up one of the 90% off VPN deals that are constantly on OzBargain a few months ago so I'd like to see him try.

      • +1 vote

        OzBargain doesn't collect much personal info; only an email address is required to join.

        You should be more concerned about other websites.

      • Just the one VPN running?
        Lucky you have the tin foil hat on
        Jokes XD

  • Scotty has stated publicly earlier that ozb is okay with adblockers.

  • I am not sure what this post is about.

    If a person is concerned about ad trackers, he will use necessary browser extensions to block them for all websites, not just OzBargain.

    • It's not just about ad trackers; it's about web tracking in general. Most other websites are a mess of content being loaded from Akamai, Cloudflare, etc. This means if you fully disable JavaScript, the website just ends up as a load of goop. OzBargain is still 95% functional with JavaScript completely off.

      • While I agree that web tracking is not a good thing in general, I don't think that it is reasonable to expect any website to work without JS these days.

        • I don't have that expectation either. I just wish we had a different version of the internet where we didn't have all these huge centralised entities in control of majority of the web.

          My post was really just about commending OzBargain for "failing" gracefully whether that be by design or otherwise. I was initially just going to make a small post in the 2020 feedback thread then I thought others might be interested in how OzBargain compares to a lot of the other websites in 2020.

  • Scotty has always been easy going about letting users do what they want like as lockers, so I would be surprised if he objects to turning off JavaScript.

    Good on you for spending some time investigating privacy.
    If you think it would be good to have stronger online privacy regulations, probably the best organisations in Australia working on this are efa.org.au and the APF privacy.org.au

    • Thanks. I actually have been thinking about how I can get more involved in digital privacy and I have looked at both of those organisations. Definitely something I'm going to look into more once we get out of the pandemic.

      I would give you a +1 vote but it seems that's dependent on JS…

  • Privacy online is an illusion. The only sure way it to turn off the modem.

    • Privacy is a spectrum where one end is total privacy and the other is convenience. Many people seem to think that it's not all or nothing. Most people also don't understand the consequences of sharing everything which is why privacy is such a complex issue. Each additional post I make is reducing my privacy but it's something I intentionally do. Is that exhausting to most people? Most definitely, yes.

    • I absolutely agree with you Gary.

      If your name is Gary then you just got the scare of your life.

  • OzB also earns from ad revenue and also affiliate links (like CR and SB) but uses those proceeds for their staff and running the website.

    Nothing is free, scotty and his team of mods are not free either.

  • No different from any other website. If you're concerned about online privacy and have any social media account whatsoever, then yes 5G causes Mexican beer virus and turns frogs gay.

    I'm more concerned about governments but simple DNS change sidesteps some of that. Run ad blockers as well.

    That said, internet is a public domain, treat it as such.

    • Well, the point of my post is that OzBargain is a bit different. I've been playing around with the dynamic filtering feature of uBlock Origin on Hard mode and OzBargain is one of the few sites I regularly browse that didn't totally collapse on itself. One of the others, interestingly enough, is Whirlpool but their usage of Cloudflare brings up the nagging check everytime I visit.

      Not sure what context you're bringing up 5G in, nor whether you're joking or not, but 5G actually does have its privacy concerns. Use 5G and the government, through your mobile carrier, pretty much will know where you've been down to the metre. (4G is a bit less accurate.) Whether you see it as a threat, I'll leave to you.

      • This is cheapskate shopping site, you're tracked regardless if you buy online or go into a brick and mortar store and tracked using cashless payment. At least here get stuff cheap, including my 5G enabled modem.

        5G, its a total magnet for nutcase conspiracy theory. I find it funny these nutcases ranting on it on the internet, on their modems and phones all of which have a 5G bands. Ignorant Luddites that shouldn't be near a computer and perhaps should pick up a yr11 book on physics.

        Even not on the internet you're tracked with every operating system that isnt a barely functional linux operating system on tor. This website is the least of your concerns.

  • Meh, Track me all you like. Least someone is paying me attention.

  • +28 votes

    I would be interested to hear what's changed

    Nothing has changed. Too lazy to think about extra revenue and other business stuff. Got lots of "proposals" from random emails every week telling us how we can "make more money" but not really interested as most of them would require us to be deliberately intrusive. So for now,

    • Majority of our revenue comes through display advertisement, managed by Publift through their header bidding set up. All we (at OzBargain) do is put an HTML tag on the website and tell them to "put an ad here".

    • We still earn affiliate commissions from some merchants. The affiliate links are automatically generated for non-logged in users, and links have disclosure in the form of "Affiliate Link" text on the deal image.

    Working with Publift is probably one of the biggest change over the last 5 years. Previously it was just Google AdSense ads. Now through something like header bidding, multiple networks are bidding to be shown on OzBargain, and sometimes some vendor would book directly with Publift for preferred spots. Google still wins out more than 50% of the time, but there are many other advertisement networks in the mix.

    That would explain why there are so many 3rd party cookies on this site — for us it's just one single tag but loads of ad networks are competing against each other behind that single tag. Another issue with header bidding is the delay for the ads to appear, as the requests are simultaneously sent to all bidders and the auction has a timeout for all parties to reply the bidding value — ads will only show after winner of the auction has been decided after that timeout. That explains the slowness of the ads sometimes.

    Do note that Firefox and Safari blocks 3rd party cookies by default, and Chrome is also phrasing out in the next 2 years. No doubt it's going to be major blow to the display ad networks — some won't survive, and some will find workarounds.

    if scotty ever did share how he saves on server costs

    These days BinaryLane pretty much takes care of everything. Our front end web server & database server are running CPU optimised instances with 16GB RAM + 8 threads, and a few other standard instances with 8GB RAM + 4 VCPU running app servers, redis, memcached, sphinx and live DB backup. However database server was at its limit on Black Friday last week with single digit idle CPU percentage and we do have plan to move it to a bigger box before Boxing Day. The server costs are still cheap comparing to staff cost.

    Registered users can turn off ads. Whether or not the tracking is actually less aggressive for a logged in user, I have no idea.

    When logged in user turns off ads in the settings, no script from Publift will be loaded. However we are still loading Google Analytics for us to track the number of users/guests. So if you do not wish to even load Analytics — use an adblocker.

  • To keep it popular we need to make sure that it's useful and don't piss off too many people

    Explains why zBargain leans to a certain side of the political spectrum when it comes to banning things…

  • No obtainable bargain listed in title.

  • You’re telling this to people who had all their private data leaked by Shopback, who got a $3 coupon and all was forgiven… The fact that this huge data leak happened and people still upvote the shit out of shopback deals proves that lots of people here just don’t give a shit about privacy and are happy to sell their personal data for a few pennies.

    • I think it has more to do with lack of education on the topic, and the absolute minefield it is to navigate and understand. Look at how much stuff OP had to reference to point out his findings. The average person doesn't have the capacity to spend that much time analysing every site they engage with, let alone be able to actually understand.

      I feel at this point there is so much data out there on me that unless a site is doing something particularly egregious, what's the point of trying?

      Most data is anonymised. You're bound to wind up included in a leak at some point. Beyond sites that might use my banking data, I don't feel particularly worried so long as I'm using good password hygiene.

      I can either spend my time worrying about something that certainly seems inevitable (being tracked, potentially being involved in a leak), or I can spend a much more minimal effort taking precautions and getting on with life.

      • Meanwhile our privacy law doesn't have our backs and is all about flexibility for business. I'm not in favour of something like the GDPR with its undesirable effects, but too much burden rests on the individual and I wonder if there isn't at least a specific aspect the public could focus on and get around the it's-all-to-complicated-and-hard problem.

        Deletion rights seems like a good candidate, having recently done an account clean-up and seeing how bad Australian companies are in that respect. Had much more luck with the larger multinationals (probably having to comply with such laws in some jurisdictions, they just offer it to all for consistency).

  • great article. ty.

  • There is a much simpler way to stay clean, just use 1.1.1.3 as your DNS.

  • Thanks for that… It seems "by looking at this screen you agree to all terms and conditions"…. what a joke. We are turning into an American data harvesting society, and this vassal govt intends to pry even more.
    I don't click on OzBargain marketing offers…. the last time I did so, I was inundated with phone calls and spam emails. They just want your data.
    Apple recently upgraded their OS… I can't use the printer, years of wordprossessing files "locked" and what seems to be the computer has pulled each file apart and scrutinised each component, categorising all photos, etc.
    But, of course, they are only after the bad guy!

  • Informative, thank you OP

    Apart from the site itself, One other aspect users might want to consider is how much info we voluntarily share simply in our posts. Sometimes we talk about things like credit cards, bank accounts, home loans, mobile carrier, families, and the list goes on I'm sure …

    Whilst 99% of the time I'm sure there isn't enough data for someone to sift through and piece together anything that can be harmful, I think we should be more conscious of what we share through the online forums.

    Just my opinion.

  • Interesting website. I've checked a few sites I often visit and the AB friggin C still tracks users. I can't even login to iView without disabling privacy addons.

    https://themarkup.org/blacklight?url=abc.net.au
    https://themarkup.org/blacklight?url=bom.gov.au