Imagine a Russian agent starting an ad campaign targeted at Ukrainian people who are interested in weapon systems. But... the actual ads are about an innocent thing, like cat food. An Ukrainian clicks the cat food ad, is directed to the Russian agent's fake cat food shop, places an order and fills in their address.
The whole "Google is not selling your data" excuse never held up to practical reality, it was always only a semantics argument along the lines of "They sell it, but not directly!".
This whole case exemplifies that very much, but it only garners attention due to who did it, Russia, not due to why and how this is actually possible.
I think it’s materially different though. Particularly when you contrast with the FB graph API and the Cambridge Analytica scandal where they were actually giving out the raw data.
There is a LOT more you can do with the raw data than with ads targeted on specific categories.
Like, I personally am never going to click the cat ad in the example above, but I very well could have had all my info leaked by a neighbor in my friend graph in the CA dump. So your ad-harvested data will always be sparse.
Can we get more specific on exactly what level of targeting is possible?
I see there is an attack here, but I’m still not exactly clear on the scope. I can’t see them getting very many conversions with a random cat food company. So did they dox 10 people? Or was this something that could actually get a meaningful amount of data?
How is Google not leaking information here?