What's good for privacy in the short term will likely simply allow Google to be far more dominant and ultimately will harm rather than help privacy. Third party cookies can be easily blocked. Anything integrated deeply into chrome is going to be a lot harder to de-activate.
What's really broken is that we end up giving control over the revenue streams of millions of websites to a couple of US based companies.
The goal of these companies is to have end-to-end control as this gives them control and security of their revenue.
This might not be a stated goal publicly but the deeper they can take things and the more things that they can put a moat around, the more they can rely upon and grow their revenue and profits in future. I can see how each step feels like a natural increment over the prior.
I loathe the privacy impact of the way cookies have been used, but these changes merely push the same issues inside a behemoth who can capitalise upon that data in a more opaque way. This feels like a transfer of control and a land-grab on a colossal scale.
My understanding is there are a minority of legitimate use cases that require them. If Chrome stops supporting them, those flows will get rewritten, and anyone not using Chrome benefits? Add to that an aggressive anti-trust action splitting Chrome from the bit of Google that sells ads (I can dream?), and this all works out fantastically well. Probably too much misplaced optimism.
I suspect what actually happens is that ad-tech companies end up using clever tricks at the CDN or server level to work around this.
An independent Chrome could provide this cohort data to other advertisers, as they clearly think it's very valuable. Google paying to keep it the default link doesn't remove the financial link, but it doesn't need to, it needs to remove the joint strategy and management decisions.
Yes, but with Mozilla an endangered species with funding troubles, regular lay-offs and a fragmented (and confusing) mission FireFox does not seem like it has the best of futures ahead.
If they only used 20M€/a (which is a fraction of investitions in R&D and minuscule compared to the subsidies for agriculture), they could hire 10 managers (or just reuse the R&D infra) and pay 190 devs at competitive salaries (for Europe!) to develop Firefox the way the developers want it to be (and let the stupid Mozilla foundation do their BS of value-adds...).
It occurs to me that one of Google's motivations for neutering adblockers could be that something like uBlock Origin might be able to interfere with the system if it had its full capabilities. Google could easily ensure anything about their ad system bypassed blocking, but when you're looking at several antitrust investigations plus the threat of more from this you probably don't want to look like you're giving yourself special treatment. It's a bit late given how badly they've sold this, but every bit helps.
AT&T, as Bell Labs, was a phone company that created the first working version of the transistor, a concept invented and patented by Julius Lilienfeld twenty years earlier.
But they were at the time, a technology company. Technology isn't defined by silicon and code, but by the fact that a company grows by inventing new things. Google may be on track to becoming an advertising company, but they seem damn resistant to the idea given how many of their new businesses they're burning through to find new revenue.
It doesn't look like Gmail came out of 20% time, Paul Buchheit was asked to work on it so it looks like it was an assigned project not a spare time thing, and Google Docs was an acquisition (Writely).
20% time is mostly used for side projects which aren't about coding or products anymore. But back in the day most new things Google was making came out of it.
The article doesn't offer a very good summary of Google FLoC, but I'm sure we'll be hearing much more about it in future.
> FLoC uses your browsing history to assign you to interest-based cohorts, the end result is akin to a super-tracker that is present on even more websites than Google Analytics
If they plan on using a new JavaScript API for this, as they apparently do, [0] do they really expect other browsers to implement it? I can't imagine Mozilla or Apple doing anything like this in a million years. If anything they're more likely to build countermeasures into their browsers.
> Google’s plan is to target ads against people’s general interests
I have to wonder if the double meaning here was intentional.
If Firefox and Safari implement this API but set it to return a hardcoded generic set of "interests" for everyone, that seems like a pretty good outcome to me. Chrome users can "enjoy" personalized ads and everyone else gets better privacy.
I don't object to seeing adverts, I do object to having all my personal data hoovered up by ad-brokers.
It would if it means advertisers use that protocol instead of devising a zillion underhanded workarounds (html5 canvas fingerprinting, proxying third-party cookies as first-party, etc.)
> implement this API but set it to return a hardcoded generic set of "interests" for everyone
Or just let people select their own interests. There's quite a few (particularly news / media) sites I'd be fine in disabling an ad-blocker on if the ads I was served were in any way useful to me rather than bottom-of-the-barrel "one weird trick"s
Ooh, that sounds like fun! How about returning some kind of randomized set of interests, or one of various curated sets, or even adversarial ones. You could even select from several personas.
No, the browser locally determines what cohort to assign you to (based on your browsing behavior, etc). Only the resulting cohort gets exposed to Google (or other advertisers).
So they don't get your browsing history, they get the derived conclusion that you're one of X thousand people who share a certain collection of interests.
(You may still be unhappy about that, but it's certainly not the same as exposing your browsing history.)
Google is sent most of what people type into the location bar anyway (in real time character by character), except if they start by some prefix that makes it look like they're typing a link. Regardless of whether they have an account or hit enter.
That sounds like a much worse idea than this ad thing, yet here we are.
I tried to download a file from Google Drive with third party cookies disabled a few days ago. Drive told me to enable them and retry, because of security checks or something.
Marketing companies are already side-stepping this. They already recommend (require?) customers that I work for create aliases/CNAMEs under the website domain precisely so they can plant first-party cookies on the site.
A solution that works in every browser and gives the user choice is hardly nonsense (also cookie law != GDPR). It's much, much better than a dominant ad company forcing through a solution that works in their browser and which users presumably can't opt out of.
Same site cookies aren't going anywhere for the foreseeable future, the vast majority of user session capability is built on the existence of cookies. 3rd party cookies only affect embedding of sites hosted on other domains, (mainly ads), which don't use cookies for user sessions but user tracking... or to use the ad industries euphemism "personalisation"
Those popups are not only necessary for cookies but for any kind of tracking that requires consent, e.g. all tracking for purposes of advertisements. So if you do browser fingerprinting instead of setting cookies, you still need that popup.
For using FloC data, if the granularity is sufficiently coarse so that a person cannot be identified by it and no specially protected groups can be identified (i.e. sexual orientation, religion, minors, etc.), then presumably using FloC data won't need that popup. But that remains to be seen, I guess it will take a few years of discussions in court until this is settled.
Letting google be in charge of this is completely insane.
Current Wild West situation isn’t great but nominating a global king to make the rules doesn’t seem much better. Especially one who’s business model is literally the biggest conflict of interest possible of all the parties you could nominate.
It seems to me that a cohortised approach is intrinsically better for privacy as a whole as you don't care about individuals but rather a group of individuals with similar interests.
If this standard is not abused / de-anonymised then surely this approach is a good thing?
What did Safari and Firefox do when they limited third party cookies? If the answer is that they just improved privacy while not “compensating” in any other way, then why would I use chrome?
Also, when things like these happen in chrome, I assume it doesn’t happen in Chromium, ms Edge? So if we want to run a chrome-ish browser and not have FloC we’ll just run any non-Google chrome browser?
I think it's a good opportunity to everyone that firefox is accepting donations (https://donate.mozilla.org/en-US/) soon enough there would be no easy alternative to a free web if mozilla is dying.
62 comments
[ 2.5 ms ] story [ 126 ms ] threadWhat's really broken is that we end up giving control over the revenue streams of millions of websites to a couple of US based companies.
The goal of these companies is to have end-to-end control as this gives them control and security of their revenue.
This might not be a stated goal publicly but the deeper they can take things and the more things that they can put a moat around, the more they can rely upon and grow their revenue and profits in future. I can see how each step feels like a natural increment over the prior.
I loathe the privacy impact of the way cookies have been used, but these changes merely push the same issues inside a behemoth who can capitalise upon that data in a more opaque way. This feels like a transfer of control and a land-grab on a colossal scale.
My understanding is there are a minority of legitimate use cases that require them. If Chrome stops supporting them, those flows will get rewritten, and anyone not using Chrome benefits? Add to that an aggressive anti-trust action splitting Chrome from the bit of Google that sells ads (I can dream?), and this all works out fantastically well. Probably too much misplaced optimism.
I suspect what actually happens is that ad-tech companies end up using clever tricks at the CDN or server level to work around this.
Google paying anyway to keep it alive through a search engine deal like Firefox? that doesn't remove the link between the two financially.
There IS still the option of not using Chrome.
ff is not even second
They only seem to talk about chip manufacturing, which only recently started in the first place.
> FLoC uses your browsing history to assign you to interest-based cohorts, the end result is akin to a super-tracker that is present on even more websites than Google Analytics
If they plan on using a new JavaScript API for this, as they apparently do, [0] do they really expect other browsers to implement it? I can't imagine Mozilla or Apple doing anything like this in a million years. If anything they're more likely to build countermeasures into their browsers.
> Google’s plan is to target ads against people’s general interests
I have to wonder if the double meaning here was intentional.
[0] https://github.com/WICG/floc
I don't object to seeing adverts, I do object to having all my personal data hoovered up by ad-brokers.
That wouldn't improve privacy over simply not supporting the protocol at all.
By this I mean, check if protocol returns something, else, “this site only works on chrome”.
This would effectively force, Firefox at least, to implement this protocol.
A version of this protocol with randomly generated data might be better for the user.
Or just let people select their own interests. There's quite a few (particularly news / media) sites I'd be fine in disabling an ad-blocker on if the ads I was served were in any way useful to me rather than bottom-of-the-barrel "one weird trick"s
I imagine a distributed machine learning algorithm could probe floc with random categories, and hill climb using the results of auctions.
No, the browser locally determines what cohort to assign you to (based on your browsing behavior, etc). Only the resulting cohort gets exposed to Google (or other advertisers).
So they don't get your browsing history, they get the derived conclusion that you're one of X thousand people who share a certain collection of interests.
(You may still be unhappy about that, but it's certainly not the same as exposing your browsing history.)
That sounds like a much worse idea than this ad thing, yet here we are.
or is that GDPR nonsense still going to make those persist?
Same site cookies aren't going anywhere for the foreseeable future, the vast majority of user session capability is built on the existence of cookies. 3rd party cookies only affect embedding of sites hosted on other domains, (mainly ads), which don't use cookies for user sessions but user tracking... or to use the ad industries euphemism "personalisation"
For using FloC data, if the granularity is sufficiently coarse so that a person cannot be identified by it and no specially protected groups can be identified (i.e. sexual orientation, religion, minors, etc.), then presumably using FloC data won't need that popup. But that remains to be seen, I guess it will take a few years of discussions in court until this is settled.
Current Wild West situation isn’t great but nominating a global king to make the rules doesn’t seem much better. Especially one who’s business model is literally the biggest conflict of interest possible of all the parties you could nominate.
It seems to me that a cohortised approach is intrinsically better for privacy as a whole as you don't care about individuals but rather a group of individuals with similar interests.
If this standard is not abused / de-anonymised then surely this approach is a good thing?
What did Safari and Firefox do when they limited third party cookies? If the answer is that they just improved privacy while not “compensating” in any other way, then why would I use chrome?
Also, when things like these happen in chrome, I assume it doesn’t happen in Chromium, ms Edge? So if we want to run a chrome-ish browser and not have FloC we’ll just run any non-Google chrome browser?
https://news.ycombinator.com/item?id=26018928
https://news.ycombinator.com/item?id=25903049
https://news.ycombinator.com/item?id=25813601