Post AVlRuFaD9Ez2TsWvDs by lauren@mastodon.laurenweinstein.org
(DIR) More posts by lauren@mastodon.laurenweinstein.org
(DIR) Post #AVlPNG6E0WoqcMe2hk by lauren@mastodon.laurenweinstein.org
2023-05-18T01:13:18Z
0 likes, 0 repeats
***** New Chrome ad personalization settings apparently default to ON *****I just now received a pop-up about new #Google Chrome ad personalization settings (when I launched Chrome). There are three: Ad topics (based on browsing history) Site-suggested ads (based on your activity on a site) Ad measurement (sites and advertisers can understand how ads perform)Notably, even though I have routinely kept ad personalization turned OFF for Google, all three of these settings appear to have been defaulted to ON, which -- unless I'm misunderstanding this -- seems significantly problematic. It took a number of clicks to go through these three settings and turn them all off.Depending on how you feel about ad personalization, you may want to be aware of this. In the version of Chrome I'm running, the settings are in Settings->Privacy and security->Ad privacy.
(DIR) Post #AVlQfVW7WWahbM1TGq by bigbee@techhub.social
2023-05-18T01:27:49Z
0 likes, 0 repeats
@lauren For me in Chrome 113, those are Privacy Sandbox Beta trial features, and they are all turned off by the Trials master switch.
(DIR) Post #AVlR2u8u8HBAdXJv28 by lauren@mastodon.laurenweinstein.org
2023-05-18T01:32:03Z
0 likes, 0 repeats
@bigbee I don't have any Trials enabled in 113 Stable.
(DIR) Post #AVlR6reFLgpC3gruOu by lauren@mastodon.laurenweinstein.org
2023-05-18T01:32:46Z
0 likes, 0 repeats
@bigbee The pop-up appeared between two invocations of Chrome a little while ago.
(DIR) Post #AVlRRldgswRNVGZlSq by bigbee@techhub.social
2023-05-18T01:36:32Z
0 likes, 0 repeats
@lauren That was a clumsy reference on my part. On the latest stable channel release of Chrome 113 for ChromeOS, the Privacy Sandbox settings page has a switch labeled Trials. It appears to default to off (which I would expect for something labeled as "beta" and "trials.")
(DIR) Post #AVlRpkG1fq3oATwMWe by lauren@mastodon.laurenweinstein.org
2023-05-18T01:40:52Z
0 likes, 0 repeats
@bigbee I've never turned on any trials in Chrome stable, nor do I obviously have a page like that on initial inspection. The three settings I noted are in the regular settings section, not in any trial or beta section. I was led to them by the settings option in that pop-up I noted.
(DIR) Post #AVlRuFaD9Ez2TsWvDs by lauren@mastodon.laurenweinstein.org
2023-05-18T01:41:43Z
0 likes, 0 repeats
@bigbee Wait a sec, you're talking CrOS, I'm talking Linux right now. I haven't looked over on my CrOS devices.
(DIR) Post #AVlWb4VMbzoKOJw9Uu by bigbee@techhub.social
2023-05-18T02:34:08Z
0 likes, 0 repeats
@lauren It appears that Chrome's settings in Windows are identical to those in ChromeOS. The Linux version must be configured differently.
(DIR) Post #AVlWq8EJ2r8IHt8ia8 by lauren@mastodon.laurenweinstein.org
2023-05-18T02:36:59Z
0 likes, 0 repeats
@bigbee It appears Linux is showing what the non-trial version would look like -- because like I said, I don't have trials on, and the pop-up about those settings was completely automatic and sudden.
(DIR) Post #AVlZRmVATfW9oO6hGa by SpaceLifeForm@infosec.exchange
2023-05-18T03:06:00Z
0 likes, 0 repeats
@lauren From the Department of Redundancy Department:Use FF.
(DIR) Post #AVlZVzYjs6SJT2mjZI by lauren@mastodon.laurenweinstein.org
2023-05-18T03:07:03Z
0 likes, 0 repeats
@SpaceLifeForm Nope. Unhappy with Mozilla's trajectory of late.
(DIR) Post #AVlZjdSyoEWl0Ab52u by SpaceLifeForm@infosec.exchange
2023-05-18T03:09:21Z
0 likes, 0 repeats
@lauren I understand your point, but I think it is better than what you are experiencing with Chrome.
(DIR) Post #AVlZu7Wfu3hZ7rKD32 by lauren@mastodon.laurenweinstein.org
2023-05-18T03:11:20Z
0 likes, 0 repeats
@SpaceLifeForm I have FF here too. I use it occasionally, and I don't like it at all in its current incarnations.
(DIR) Post #AVlgqs8JNQ2sCCKMQy by jschuh@infosec.exchange
2023-05-18T04:29:01Z
0 likes, 0 repeats
@lauren These settings aren't Google advertising preferences. They're browser settings for a collection of open standard, privacy preserving APIs that are available to any site. And once they're stable they'll default to being on because they're vastly more privacy preserving than the existing things that they're replacing (i.e. 3p cookies and other Web APIs that are being removed).To briefly summarize each one:Ad topics - This replaces 3p cookie based interest tracking, which currently works by having every advertiser plant tracking cookies on every site they can as they try to reconstruct your entire browsing history to infer your interests. The Topics API instead runs a model over your local browsing history (entirely on-device) that maps to a set of ~350 likely topics. A site requesting your topic list may receive up to three topics that were highly ranked by the model (contingent on your settings, k-anonymity thresholds, etc.).Site-suggested ads - Replaces unrestricted 3p cookie based remarketing ads with FLEDGE and fencedframes, which dramatically limits the granularity of targeting and limits the ad's communication with its server unless the user interacts with it.Ad measurement - This replaces 3p cookie and URL decoration based attribution with the Attribution Reporting API, which provides privacy protections both by narrowly scoping the data that can be sent and by using blinding intermediaries. This one isn't even personalization; it's literally how advertisers measure the clicks that they get paid for.FWIW, Privacy Sandbox was the big project I led in my last few years at Google, and the whole point of it was to dramatically improve privacy on the Web without killing the things that actually fund most of the content on the Web. I never really cared about the ad haters. I just cared about making the Web safer.
(DIR) Post #AVljtoIyMipL3RPHMW by lauren@mastodon.laurenweinstein.org
2023-05-18T05:03:12Z
0 likes, 0 repeats
@jschuh Hi. Fyi, I am familiar in excruciating detail with the technical aspects of and policy decisions behind the privacy sandbox and its relationship to third party cookie issues in particular (I've also worked inside Google, which provided additional insight).That said, I stand by my post, which is not a technical analysis, but rather my view of how the decisions made in this project will be accepted or rejected by users, politicians, and other stakeholders, based on my decades of work in privacy and security contexts. Thanks for your note.
(DIR) Post #AVll4In9yFEKSS5qL2 by lauren@mastodon.laurenweinstein.org
2023-05-18T05:16:25Z
0 likes, 0 repeats
@jschuh I'll also add, as I mentioned in another post this evening, that privacy sandbox is a very interesting set of technologies, and that I fully appreciate the desire to keep the critical funding from ads flowing in privacy positive ways. Like I said, I'm not an ad hater and I don't run ad blockers. But my suspicion is that political and other pressures, including pressures from the ad haters themselves, will undermine this effort. It's not clear to me that there are any really practical solutions. Ad hate is just too high, and as soon as one mentions use of browser histories in any context for ads, no matter how filtered or anonymized, the hate will flow. Part of the problem of course is that even a relatively simple system like Google's traditional ad model, has never been understood by most users, with falsehoods like the claim that Google sells users personal information to advertisers, still rampant. A technology like privacy sandbox is frankly even more difficult for nontechies to understand given their lack of context, and that does not bode well.
(DIR) Post #AVm9LaSrumrb5kNRsu by nuncio@mstdn.social
2023-05-18T09:48:21Z
0 likes, 0 repeats
@lauren That's why I stopped using chrome - every time there's an update they put all the ad settings back to ON and re-opt you in to everything.
(DIR) Post #AVmEnYlqJ2XbiWPTbU by bassplayer@mas.to
2023-05-18T10:49:24Z
0 likes, 0 repeats
@lauren Consider using Brave. It's a better chrome than chrome.
(DIR) Post #AVmVsbsBthEi0XNC1w by sumek@hachyderm.io
2023-05-18T14:00:28Z
0 likes, 0 repeats
@lauren what specifically you don't like? I'm FF user that needs to use Chrome for work. I've noticed one nice feature that would be nice to have in FF: linking to text in page, but otherwise nothing that would make Chrome any better than FF
(DIR) Post #AVmfKcUi51t1d8oyDQ by jschuh@infosec.exchange
2023-05-18T15:46:39Z
0 likes, 0 repeats
@lauren I know your background, but my perspective here is that I was literally the executive responsible for Privacy Sandbox until March 2021. I juggled all the constituencies, externally and internally all the way up to Sundar. And I'm telling you that 3p cookies etc, can't be removed until these APIs are on by default. And there's no privacy improvement by introducing the new APIs unless the old ones are removed.Just read the last two years of the UK CMA's reports on the Privacy Sandbox¹; because those reflect the broader consensus of regulators and Google's ad tech competitors. They're generally positive about the privacy properties, but their major concern is that Google has a unique 1p data position and could use 3p data blocking to kill off its competition in Web ads. So, there will be a torrent of lawsuits and regulatory injunctions if Chrome blocks 3p tracking before these APIs are on by default and performing comparably to the 3p cookies of today.Again, I'm not dismissing your decades of experience in security and privacy, but I would ask that you not do so for mine either—which includes over a decade working on these exact issues in Chrome and the Web platform. I'd also suggest that maybe the years I spent directly responsible for the Privacy Sandbox give me better insight into the concerns than what can be gleaned from expertise alone (regardless how extensive that expertise is)._¹ https://www.gov.uk/cma-cases/investigation-into-googles-privacy-sandbox-browser-changes
(DIR) Post #AVmfm1U5HBtyxCaxcW by lauren@mastodon.laurenweinstein.org
2023-05-18T15:51:40Z
0 likes, 0 repeats
@jschuh Justin, hi. I know who you are, and I think you and your team did fine work on Privacy Sandbox. And (as per my post this morning which I will link) I agree it's better from a privacy standpoint than the ads ecosystem status quo with 3rd party cookies, et al. However, I don't view this as mainly a technical issue, and I suspect other factors will doom the effort in the long run (at least in key respects in its current form). Please see: https://mastodon.laurenweinstein.org/@lauren/110390398813235895I'd be glad to continue in more detail by DM and/or email. Thanks. -L
(DIR) Post #AVmfzyt9iuvOxRyhI8 by lauren@mastodon.laurenweinstein.org
2023-05-18T15:54:20Z
0 likes, 0 repeats
@jschuh I will add that the regulatory and political environment associated with "Big Tech" has become enormously more toxic since 2021. Even the best efforts will be sucked into the maelstrom.
(DIR) Post #AVmhi3xUKpKRNTaWf2 by jschuh@infosec.exchange
2023-05-18T16:13:28Z
0 likes, 0 repeats
@lauren I know you don't see the concerns as technical—we both appreciate that reality. I'm just saying that from dealing with numerous regulators and coalitions of ad tech companies it was very clear that they would never allow Privacy Sandbox to ship 3p data blocking if the new APIs were not also on by default. So, beyond the technical arguments, that's pretty much a guarantee that they ship that way.And yeah, like you I could definitely see the toxicity around big tech swallowing up the Privacy Sandbox. But I'm hopeful it has enough momentum at this point that it still makes it through. Because my biggest fear is that the Web continues to lose mindshare and quality content, and we all get stuck entirely in the walled gardens of companies like Apple and Google (and I state that as someone who still likes Google).
(DIR) Post #AVmiXkQgBmRJrpt4zI by lauren@mastodon.laurenweinstein.org
2023-05-18T16:22:50Z
0 likes, 0 repeats
@jschuh And I like Google too. And I get a lot of heat for my public statements that make this clear, and that when I'm critical of Google it's not mean-spirited, but trying to make things better for them, their users, and the community at large.That said, there are issues I've hammered on Google about for many years -- bother externally and internally during times I was internal -- that I've made little to no headway on. And some of these are blowing up to major issues now in the toxic environment.Keep in mind (and I know I'm preaching to the choir) we're now faced with a political reality of states banning individual apps, attempting to require government IDs for access to sites, political micromanagement (e.g. changes to 230) of content (ostensibly to "protect the children" from anything anyone feels is "inappropriate"), and efforts to kill or decimate end to end encryption. My prediction -- and I don't enjoy this at all -- is that efforts like Sandbox will have a high probability -- to use your word -- of being swallowed up in a maelstrom of anti-tech and anti-Internet idiocy. This may be impossible to stop.Just as a sidenote, when I mentioned some of these issues in my other (mailing list) venues, I got a torrent of hate mail back. "How can you possibly support any form of targeted ads in any way? How can you even bring up the question? I don't want anyone looking at my browsing history for any reason." Etc. Like I said, it does not bode well. -l
(DIR) Post #AVmipIv7CpFvlIUkTo by jschuh@infosec.exchange
2023-05-18T16:26:00Z
0 likes, 0 repeats
@lauren Sadly I'm in agreement on pretty much all of this.. but I'm hopeful it doesn't play out that way.
(DIR) Post #AVmiyZERvbmYxTxIJ6 by lauren@mastodon.laurenweinstein.org
2023-05-18T16:27:41Z
0 likes, 0 repeats
@jschuh Yeah, me too.
(DIR) Post #AVmjvNrrp7hanYRFwG by lauren@mastodon.laurenweinstein.org
2023-05-18T16:38:19Z
0 likes, 0 repeats
@jschuh Or to be more explicit, hope springs eternal. So I'm hopeful. But as for a reality prediction, I consider a continuing slide down the razor blade (to paraphrase Tom Lehrer) the most likely outcome.