[Google] wants to replace [3rd party cookies] with new tools that give advertisers more limited, anonymised information such as how many users visited a promoted product's page after seeing a relevant ad - but not tie this information to individual users.
Here's the Chromium page about the "Privacy Sandbox":
We believe ... the web’s users can access that information freely because the content creators can fund themselves through online advertising. That advertising is vastly more valuable to publishers and advertisers and more engaging and less annoying to users when it is relevant to the user.
In other words, they still want to know as much as possible about the users.
Google for some owns the full pipeline of websites, from where the website is being served from (Google AMP), scripts where the website does client side stuff (Tag Manager + Analytics), to the browser that reads it (Google Chrome / Chromium) and in some cases even the OS (Chrome OS).
Is not hard to imagine that they are getting rid of Cookies because they now have other ways of getting the data, and getting rid of Cookies would make things harder for competitors that don't own the full pipeline.
Even with that, I'm sure that the engineers working on Chromium/Google Chrome are being told that they are removing Cookies for the greater good and don't have insights into the longer pipeline that we're now seeing the middle off.
Don’t forget, they often control the domain registration, have had huge influence in the formation of the languages sites are written in, in some cases the languages the server is written in, even the backbone and last mile delivery of those bits to the user, etc.
Most of that can be leveraged by google to replace cookies.
Well, the cookie policies in the EU are sort of weird, but they're not from the GDPR, but from an older directive, 2009/136/EC, the "cookie law". And this directive only uses the word once, in the parenthetical "(such as certain types of cookies)".
Even if you replace cookies with something else (localstorage or whatever), you're still on the hook for all the rules both here and in the GDPR with regards to personal information and informed consent.
Remember that the 'cookie law' says
> Exceptions to the obligationto provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user.
So you don't need a cookie banner for a login session cookie, or a cookie that stores preferences the user actively selected.
But you _do_ need a cookie banner, and a way to opt out, for all kinds of user tracking, both first- and third-party.
Of course, IANAL. Just angry at advertisers for muddying up this issue.
I often hear that but I don't think this is good at all. To be honest I am not subjected to a lot of ads today, but I don't want personalized ads because it always means the advertiser has incentive to collect info on me. Ads aren't worth that, not even close.
You might think otherwise, but for these cases I think there should be opt-in mechanisms instead of the assumption what people want. If they are that off with their ads...
There are no cookie policies in the EU. What we do have is a policy around personal data and identifying users, and cookies are mentioned in passing as a particular way this is achieved in practice.
There are cookie policies in the EU. GDPR covers personal data, of which cookies can be one particular way. The ePrivacy Directive is a separate law, modified but not repealed by GDPR, which addresses cookie data. The difference and interaction between those two laws ends up being extremely significant.
My point is that cookies have additional regulations beyond just being personal data covered by GDPR. You are correct that cookie-equivalents are similarly regulated (including most fingerprinting techniques!). But they're not just a special case of GDPR.
Most importantly, the ePD applies to cookies even when they are not personal data. Your post made it sound like the only concern is identifying users via cookies. That is not the case. Non-identifying cookies would not incur obligations under GDPR, but they do incur obligations under the ePD.
This isn't exactly a mystery. Google is doing this. Several of the pieces are already in place.
If you log into a Google account in Chrome, you log into Chrome itself with that Google account. Then Google tools can use your account as an identity signal. This is already available as a feature in Google Ads and Google Analytics. The name of the feature is "Google Signals" - they've posted documentation on how it works and what it does.
This identity signal works cross-domain and cross-device. Google is working to kill off other identity signals with those capabilities that would be available to competitors, such as third-party cookies. (This is also why I believe them when they say they're actively working against browser fingerprinting.)
This is a very good reason in and of itself to stop using Chrome. What you're describing is a very real attack by Google through a kind of regulatory capture on any possible competitor.
Basically, the only tracking solution that becomes viable is their own.
If they become a monopoly by simply providing the best service available, who is harmed? To me it looks like "won't someone please think of the poor advertisers"
Anyone who wants to avoid their services. I don't care if they provide a better experience on the web. I don't wish to do business with them because I don't trust them. No matter how good their experience, I want to use someone else.
That part is just smoke and mirrors, of course. They don't give a crap about that and "privacy" is becoming yet another marketing buzzword that rarely stands up to scrutiny but is very convenient to hit your opponents over the head with.
I'd disagree. There is a trend in HN comments to remind people that a company is a collection of people. Google is a collection of people. There are those of us who care deeply about privacy at Google.
First: it's interesting talking with googlers or reading their thoughts on how Google does ads and data collection. Many people definitely feel the same way as commenters on HN feel. Lots of people are torn on the fact that ads lets us build lots of other cool products for people. I would say this helps motivate other teams, like cloud, do you find other revenue sources for the company so you don't have to be as dated collection focused.
Second: I have seen googlers fight the privacy of users even within my division (payments). Many of us want to do right by our users, and be as privacy focused as we are capable given our constraints. We also know there is a general thought that Google is data collection focused, and one slip up will cause a big drama out on the internet and in the news (Google would likely receive more scrutiny here than some other companies). This helps remind us that we need to treat user data as best we can and minimize what we do collect.
> There is a trend in HN comments to remind people that a company is a collection of people. Google is a collection of people. There are those of us who care deeply about privacy at Google.
It sounds like there is little overlap between Google's employees and the people who make and influence major decisions for Google. Wasn't that recently given as one of the major justifications for unionization?
It's the same game theory behind dictatorship. In this case, the dictator can simply be an abstract profit motive, and its lust for blood tomorrow could always overrun today's principled moderation (especially once it begins to starve, which it will since all organizations, no matter how Ozymandian and grand, somehow crumble eventually).
The best foundation for good outcomes is to not trust a company and to reject its control to begin with.
I am sorry but this seems like a conflict of interest.
Googlers are earning most of their paycheck from spying on people. This is a fact. And everything about google is moving into direction of earning even more - stock owners demand it and based on infinite hunger for more revenue, this is a lost fight. Whatever you do, from within the Alphabet, it is lost game.
Now some fraction of those that are not aware of reality might be really fighting for user privacy but your fight is like biting a hand that feeds you. And this is observed as crazy at best. If you want to talk the talk and walk the walk, stop helping them and allow to have public image that they deserve instead of defending them based on some strange minority that is clueless where they work.
Or if you want it differently, it is like selling weapons to Central Africa and then saying "Weapons dont kill, people do.". Sure. True. But you are making it more efficient.
Now we will probably move to the part "someone else will do it instead". This is the part of having moral and this makes a difference between someone who has it and someone who is searching for apologies.
> Googlers are earning most of their paycheck from spying on people. This is a fact.
This a popular misconception about Google. They don't need to spy on people. You're the product, but you don't pay with data (except for basic demographics) - you pay with attention.
> Google is a collection of people. (...) Many of us want to do right by our users, and be as privacy focused as we are capable given our constraints.
When push comes to shove, Google _isn't_ a collection of people - it's a legal entity with the sole purpose of turning an ever-increasing profit.
The best way to ensure privacy is to not track users across the web. Hence, if Google was interested in privacy, that's what Google would do - not add extra "anonymized" tracking features.
> I want to have enough control to stop Google tracking me in the first place rather than anonymising things after the fact.
Google's proposals actually anonymize data before being sent to Google or any other ad network. But this only works by moving parts of the ad infrastructure into your browser. Do you really want your browser run machine learning algorithms to assign you to a cohort (see FLoC), or have ad auctions take place on your device (see TURTLE-DOV)?
Absolutely nothing about fraud in these. Interesting, considering who or what would validate that these actions are occurring in front of an actual user.
Thanks for the link, and also thanks to the ancestor commentors for sharing more information.
Although I understand that the revenue and reality of marketing revenue is vast and in some ways unstoppable, this is quite a bit of complex and challenging engineering work which creates more surface area in browsers in return for privacy.
It's probably worth it on the whole, as long as it's done carefully, but for someone who cares a bit about simplicity, efficiency and being able to comprehend what's happening: will there be an opportunity just to disable targeting advertising (and thus the code paths and logic associated with it all)?
(I'll try to reason about this and work it out myself from the documentation; I do already see that there's a "Disable Ad Interest Groups", but I don't know if that's quite it, yet)
The last CMA report[0] concluded[1] that Google's dominant position in search and advertising was partly due to how their extensive tracking enables them to get a higher ROI per user, allowing them to outbid potential competitors for things such as becoming the default search engine on Apple devices, further reinforcing their dominant position.
I agree with you, if I type in a search term from location X, advertisers have enough targeting to serve me a relevant ad which I'm totally fine with.
If there's an investigation it's because governments are starting to realise they are not totally fine with it.
You may be, but it's off topic. The topic is the UK.
Abuse of market position, free markets, monopolies, oligopolies, pools, trusts. Impoverishment of one nation's economy in favor of another, tax evasion, unfair business practices.
Individuals don't care about these things, but governments do.
>I agree with you, if I type in a search term from location X, advertisers have enough targeting to serve me a relevant ad which I'm totally fine with.
i am not fine with that, because that's just a step from sellers offering a personalized prices for me, trying to squeeze everything out of me.
I was meaning to differentiate between a vanilla search vs tracking data augmenting the search/ad delivery process.
Obviously the search term itself is used, and often location is required for queries such as "taxis near me". It's also essential for advertisers to know if you're in their geographical market.
That's just my opinion on what kind of data is OK to share, the point was that no further information is generally needed. The CMA reports highlight the fact that insidious tracking and the subsequent ROI tends to cement the dominant position of those who use it.
Tracking is much less useful than people believe (except for measurement of campaign success and retargeting).
Google's search ads work so well because Google has very good and reliable demographic data (i.e. "personalization") and the users literally them what they're looking for.
Hidden measures are the essence of surveillance capitalism. What's needed is personal choice and transparency. And yes, I agree. I want to be in control of my consent too. The thing I think we're missing is the informed in informed consent that legislation requires. These measures just help to keep us in the dark.
I get paid over $87 per hour working from home with 2 kids at home. I never thought I'd be able to do it but my best friend earns over 10k a month doing this and she convinced me to try. The potential with this is endless. Heres what I've been doing,..............__Www.Workapp2.Com
I think the real conflict of interest is when other services are layered on top of google.
For instance, you cannot make an appointment with the California DMV without using google services. Just accessing the website will try to log you into google.
The thing about Cookie-law and cookie privacy issues is: it assumes everyone has this centralized browsing session that they use for /all/ their browsing. There would be a good number of people who use incognito mode or private browsing mode. I don't know the stats, but I imagine a good chunk of people use incognito mode for NSFW surfing sessions. And whilst cookie banners are annoying, they are a small price to pay if it means you have the choice to wipe cookies after a browsing session.
For me personally I use different browsers for different things, and if I don't want to be tracked and have browsing artifacts like cookies correlating data together and tracking me, I just go incognito and call it a day. Google's attempt to re-design how browsers work at this fundamental level is welcomed, but that means other browsers have to do the same, which I don't see happening. Firefox rarely copies Chrome features (or Chrome's anti-features).
>Firefox rarely copies Chrome features (or Chrome's anti-features).
In so far as web technology goes, it certainly does. Lots of half-baked, non-standard features get added to Chrome, sites start using them, and then Mozilla has to follow suit in order to maintain web compatibility.
I use incognito mode _almost exclusively_ for SFW content. Heck, I use at least five browsers, container tabs, private modes, etc, and have rotating external IP endpoints as well as using Duck Duck Go. I have a pihole, and OS level application firewalls.
I've got a PhD and I find the lengths required to have some modicum of privacy on the internet truly insane, and at times, a little technologically annoying (especially when you have to debug which random script broke a particular page). The other trouble is of course apps: android is just a _dumpster fire_ and every MS product causes an awful lot of blocklist entries to mobile.pipe.aria.microsoft.com.
_Something_ new would be nice, but I fundamentally think that Google is the most conflicted company possible to deliver it.
As a user of tab containers and cookie auto deletion, cookie notices and sign up prompts are the bane of my existance. I audibly growl each time I open YouTube.
I simply can't use YouTube anymore directly. It's too annoying. Whenever I get a link, I just go right to youtube-dl and download the video because YouTube's interface is so awful.
The overwhelming majority of users run incognito/private mode only for porn and equivalent, to avoid leaving traces on the machine. The law should assume incognito mode does not exist, as a baseline.
> Firefox rarely copies Chrome’s features
I hope this is sarcasm. Sadly, FF is effectively pushed by market forces to adopt most Chrome features, down to the extension mechanics. This has always been true for every player, to be fair, it just so happens that Chrome is the current reference.
Yes you may not leave traces or history on the machine, but cookies can be correlated to other activity. For example, when logged into a Google account, if the site uses Google Analytics and you are logged into Google, then Google can build a profile of you and target ads at you based on your activity.
Also: Browsing artifacts may be left on a machine anyway due to swap (on Linux) or Windows' memory paging file. This is why I advocate for using something like TailsOS[0] if you don't want to leave a trace and be as anonymous as possible.
Yes, TailsOS is a lot of overhead for most people, but worth it if you want your privacy real bad.
Do you need to ban third party cookies? I would have thought that limiting the scope of third party cookies to the primary site visited would be sufficient to prevent tracking across websites (save for browser fingerprinting).
I'm very skeptical about this, as it seems like Google's just trying to pull another AMP and take control of how advertisers are able to advertise, and since they're a major player in the ad business that should be a big no no.
No user-agent strings is interesting to me, to me they seem like a minor concern privacy-wise, and doesn't a large portion of the web use them to maintain compatibility between browsers, detect your OS for downloads, and etc?
User-agent, in my experience, is mostly misused as an attempt for compatibility, but it really shouldn't be used that way. The proper way to do cross-browser compat is feature testing, as browsers keep adding more features. Google until recently was distributing a different, inferior (at least IMO) version of Google Search to Android Firefox users, based on user-agent.
To detect the OS for download, either JS will have to be used, or the new granular Client Hints[0], specifically User-Agent Client Hints[1]. You can use Sec-CH-UA-Platform and Sec-CH-UA-Arch to figure out the OS and CPU Architecture of the client. However, browsers may refuse to honor this, depending on the privacy budget.
Seeing User-Agent go away will be a net positive for web compatibility. That it also improves privacy is just a nice-to-have.
A lot of advertisers didn't care when Safari etc. did it, such is the scale Chrome has - they just stopped targeting users not using Chrome. Now it's affecting everyone there's an outcry
I couldn't care less in the adtech industry collapsed overnight, even if that meant I lose my job, but what's happening with Google and Facebook trying to push for privacy regulations is effectively raising the bar for competition and new comers.
Sort of. The investigation is because there may well be a competition issue here, where Google is leveraging its dominant position in browser to the benefit of its ad business, removing the ability for its competitors to compete.
Google identifies users using Chrome via other means than cookies (Google Signal etc) in a way that no other competitor can or is able to access, and therefore is now pushing to remove the ability for anyone else to do it who doesn't control the browser.
Guarantee you if Google was forced to stop sharing data from its browser business to its ad business, it would not be pushing to remove cookies.
Edit: One final note is that it's a shame because there really is an opportunity to create a new alternative to cookies, better suited to the risks posed by modern tracking methods. But Google leading the charge to dictate how you can be tracked should be a huge red flag for you.
Ugh. Tell me about it. I tried reading the GDPR stuff regarding legitimate interest but couldn't work out how it was relevant to what they are doing. It appears to be just two different switches for the same thing with one switch defaulting to off and the other to on. At least a lot of places do allow you to "object all", but it's just another thing you have to remember to select.
I didn’t see it mentioned but a common use case for 3rd party cookies is correlating session data across your own multiple domains (if your company owns multiple domains). Publishing companies typically own multiple domains/verticals and can increase ad revenue / seo / traffic quality by linking properties together. It’s important to be niche as a site (verticalization) but also broad as a publishing operation (own many verticals and shift your marketing spend daily).
Anyways, google has been writing a spec for “first party sets” to help replace the use of a 3rd party cookie to connect domains you own. https://github.com/privacycg/first-party-sets
I believe this will need to be implemented before Chrome moves aggressively against 3rd party cookies.
Remember the discussion about Manifest V3, eliminating webRequest API [1] which results in Adblockers being thrown out of the Chrome ecosystem?
Guess what the state is, now, 1 year later ... the declarativeWebRequest API is still on hold; and it's not supported outside of Beta Channel, and there are no plans to move it to stable. [2] Its documentation still states the same as it did half a year ago:
"Note: this API is currently on hold, without concrete plans to move to stable. Use the chrome.declarativeWebRequest API to intercept, block, or modify requests in-flight."
... which effectively means that there's no way to block or modify request/response headers in Manifest V3, which is essential for Adblockers because they tend to override the Content-Security-Policy and remove headers like "Cookie" or "Set-Cookie" etc.
And now we have the Chrome Web Store moving ahead with the Manifest V3 rollout. [3]
> Remember the discussion about Manifest V3, eliminating webRequest API [1] which results in Adblockers being thrown out of the Chrome ecosystem?
The whole point of declarativeNetRequest is to make it safer and faster to use adblockers. The tradeoff is fewer rules and less expressivity. As someone who couldn't live without an adblocker, I appreciate it and look forward to it because it removes a massive security risk (image the carnage if one of the major adblocker extensions get compromised).
Your citations do not support the claim that "It's only a matter of months before Adblockers won't work anymore.".
There's plenty of reasons to not like Chrome, but this is not a justification for spreading FUD.
In fact, the very blog post you cite states that "There is not an exact date for removing support for Manifest V2 extensions" and has a quote from the Adblock Plus team, praising the collaboration with Chromium.
> Your citations do not support the claim that "It's only a matter of months before Adblockers won't work anymore.".
Yes, I agree. I removed that part of my statement.
Still, the declarativeWebRequest API does not allow to filter out tracking-related headers from incoming responses or sent requests.
I mean, you cannot declare the rules via the RequestMatcher and know what headers are going to be sent or received in advance, as the API expects full declaration of all protocol schemes and host suffixes; which is very bad if a website can pretty much do whatever it wants when it executes js code.
> In fact, the very blog post you cite states that "There is not an exact date for removing support for Manifest V2 extensions" and has a quote from the Adblock Plus team, praising the collaboration with Chromium.
You know that eyeo GmbH were the ones with the "Acceptable Ads" initiative that are literally forcing websites to pay them money so that their ads continue to work, right? Personally, I would take their comment with a grain of salt.
For their whitelisting-ads use case the API works; for the use case of uBlock Origin et al - it doesn't.
> I mean, you cannot declare the rules via the RequestMatcher and know what headers are going to be sent or received in advance, as the API expects full declaration of all protocol schemes and host suffixes; which is very bad if a website can pretty much do whatever it wants when it executes js code.
Yes, but this is a good thing. This kind of intrusive logic with full access to view and modify request data does not belong in a Chrome extension that can be updated by a single account at a moment's notice through the store, with zero peer review (unlike changes to Chrome itself).
This is much safer to implement in the browser core. If the declarativeNetRequest API is insufficiently expressive, then it needs to be improved to handle those use cases instead of sticking with the old way.
> If the declarativeNetRequest API is insufficiently expressive, then it needs to be improved to handle those use cases instead of sticking with the old way.
You're welcome to prove me wrong by implementing an Ad-Blocker that can override Content-Security-Policy by default; and incrementally allow to execute things.
As Google continues the Manifest V3 rollout, their priorities seem to be not on that specific degradation of this featureset; and that was all I'm saying.
I've been working on my own Extension for the last week [1], and I had to switch back to Manifest V2 because there was no way to create an Adblocker that's based on a concept that allows the user to select what should be executed; as the Content-Security-Policy header couldn't be set and malicious HTTP headers couldn't be filtered for all domains by default.
You claim that the new API is a full replacement of the featureset, so rather than saying that I'd welcome a hint to some examples or other evidence I'm probably missing here.
Ahh yes, please go on and defend a billion-dollar company who has no reason to continue letting ad-blockers exist. If you are for taking away APIs that uBlock Origin needs to operate, you are on the wrong side of history and should re-evaluate your position. The lead dev of uBlock Origin can be trusted so much more than Google. You are the one spreading FUD here by claiming that the new API is so much better than the old one.
Chrome is a shitty browser. Google is a shitty company. Stop defending shit.
I read the design documents and I'm convinced that the new API is a big improvement, and that the design decision was made in good faith and for technical, not political reasons.
The uBlock Origin developer is very trustworthy, but there's so many things that can go wrong - like a workstation, repository, signing key or account compromise.
It's a massive single point of failure. Anyone who can sneak malicious code into the extension has instant and unlimited access to millions of browsers and sensitive personal and company data.
A project like Chrome has extensive processes and safeguards to prevent this kind of compromise, including strict code review. As far as I can tell, uBlock has no code review process[1]. We need to move away from such points of failure no matter how well-intentioned they are.
The webRequest API also forces a lot of IPC overhead and serialization in the runtime, no matter how fast the extension itself is. uBlock is very, very fast - but it's still a lot slower than native code in the core.
I'm not against adblocking or in favor of stripping away adblocker features, but why not implement it right in the core of the browser, where it belongs? Chrome is open source, if Google doesn't want to do it, another vendor or open source project most certainly could.
[Google] wants to replace [3rd party cookies] with new tools that give advertisers more limited, anonymised information such as how many users visited a promoted product's page after seeing a relevant ad - but not tie this information to individual users.
Here's the Chromium page about the "Privacy Sandbox":
https://www.chromium.org/Home/chromium-privacy/privacy-sandb...
Quote:
We believe ... the web’s users can access that information freely because the content creators can fund themselves through online advertising. That advertising is vastly more valuable to publishers and advertisers and more engaging and less annoying to users when it is relevant to the user.
In other words, they still want to know as much as possible about the users.
reply