[HN Gopher] Cohort IDs can be collected over time to create cros...
___________________________________________________________________
Cohort IDs can be collected over time to create cross-site tracking
IDs
Author : Hard_Space
Score : 324 points
Date : 2021-04-15 12:21 UTC (10 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| yalogin wrote:
| This is really disappointing. They failed to address the very
| basic privacy requirement given that this billed as privacy tech.
| Apple tackles this head on when they say the GUID is per app
| precisely to ensure users cannot be tracked across apps.
|
| This tells you where google's priorities are, not that it was in
| question before, but it just makes it clearer.
| EMM_386 wrote:
| Note the suggestion they are looking into, making sites "sticky":
|
| https://github.com/WICG/floc/commit/d822a35f4bfe7d5003fda4a7...
|
| Although the follow-up comment summarizes why this probably won't
| work
|
| https://github.com/WICG/floc/commit/d822a35f4bfe7d5003fda4a7...
| unicornporn wrote:
| Switch browser while you can. Firefox might not be perfect (or
| even getting slightly worse), but at least it's an alternative
| and I can easily say it's better than Chromium in most. At least
| ad blocking worka as it should.
| Semaphor wrote:
| > (or even getting slightly worse)
|
| FWIW, it has only been getting better for me
| DoingIsLearning wrote:
| Yeah strong agree, apart from the mess up with Firefox on
| Android.
|
| Both at home and work, Firefox desktop (with uBlock Origin)
| has been a pretty frictionless tool in terms of my browsing
| experience these past years, across Linux, Windows, and Mac
| machines.
| Mudface_72 wrote:
| Try firefox lite , you can get it on uptodown and
| apkmirror, its is not available in the play store for all
| regions.
| Groxx wrote:
| From a quick glance, this seems to be even further down
| the "messy" side of the firefox-on-android mess. I.e. its
| capabilities are even more restricted.
|
| Which is not to say it's not useful, and TIL - I didn't
| know they had released this, so thanks :) But I don't
| think it particularly applies to this thread.
| Daho0n wrote:
| What is the 'messy' problem with Firefox on Android? I
| have moved those I help with tech to Firefox. My mother
| for example. They don't know the difference between "the
| internet" and "Firefox" but so far they run Firefox with
| UBO with no problems (well not anything new that wasn't
| there with Chrome too but that is a old people Vs tech
| problem not unique to Firefox).
|
| Anything I need to know?
| Groxx wrote:
| The messy problem is that you _used to_ be able to run
| uBO with no problems on Firefox on Android. And most
| other extensions, with some obvious limitations (e.g.
| desktop-only UI extensions didn 't work, some UIs weren't
| mobile-friendly, etc).
|
| Then they released a preview of a re-design which also
| broke all extensions. That's arguably fine for a preview,
| though a bit concerning. Many were raising alarms at this
| point.
|
| Then they released the re-design to the stable release,
| with still-broken extensions. This pretty unambiguously
| is "a mess", if not earlier.
|
| Then they released built-in support for a couple dozen
| Mozilla-selected extensions (uBO included, I believe).
| This is still a mess, and rightfully raises a few
| eyebrows.
|
| ... and we're still there now, after over a year of "this
| will be fixed soon". I believe you can install nightly +
| manually tweak config and still install other extensions,
| but _Firefox for Android does not support extensions
| right now_. That 's A Problem(tm), and not a good sign
| for extension-longevity that it was ever allowed out of
| preview. It broadly implies extensions are very low on
| their priority list, which is concerning, as extensions
| have been the clear leaders on preserving privacy and
| user control in general. Browsers overwhelmingly follow
| popular extension behaviors, not the other way around -
| cripple extensions and you also cripple advancement and
| experimentation.
| tinus_hn wrote:
| It's a fine browser and it is really important to make sure the
| landscape is not dominated by one engine.
| waheoo wrote:
| What? I switched a couple years ago, chrome is a mess whenever
| I'm forced to use it.
| qwertox wrote:
| Please educate me: I am a Chrome user and I do rely on browser
| syncing my tabs and some passwords.
|
| I know that Firefox also has a syncing feature ("Sign into
| Firefox", "Continue to Firefox Sync").
|
| My problem is that I don't trust Mozilla's ability to keep this
| data secure. I believe that sooner or later they are going to
| get hacked, and that data will leak. The same might happen to
| Google, but I also believe that no other company has the degree
| of expertise of Google to protect that data.
|
| Am I wrong in this assumption? Does Firefox Sync end-to-end
| encrypt the data, without knowing the key, like Google's Sync
| Passphrase feature?
|
| What are your experiences with Firefox Sync? Does it work just
| as good as Chrome's, or even better?
| chillydawg wrote:
| it's encrypted, they store the blob and ship it to any
| browser that auths correctly. sync works just fine.
| klondike_ wrote:
| You can actually self host Firefox Sync on your own server if
| you want.
| DenseComet wrote:
| I've had a pretty good experience with Firefox Sync, although
| I don't use it for passwords. Firefox Sync has E2E encryption
| to ensure that Mozilla doesn't have the ability to view any
| of your data.
|
| https://hacks.mozilla.org/2018/11/firefox-sync-privacy/
| [deleted]
| eplanit wrote:
| I have noticed a recent decline in the debugging features of FF
| -- downright buggy. View source shows a form I used 3 pages
| ago, not the form rendered. I now switch to chrome just for
| debugging.
| foepys wrote:
| You don't deserve the downvotes. We are using mainly Firefox
| at work and sometimes, not often but sometimes, Firefox
| refuses to load the current file in the debugger. The only
| solution is to restart Firefox. I get why some are annoyed by
| this when they are in a debugging session. Although the last
| time it happened to me was one or two Firefox releases ago.
| Maybe it got fixed.
| swimming_elwood wrote:
| That's interesting. I have somewhat recently encountered
| the same thing with Chrome. I don't know what causes it but
| when it happens, the debugger hits and doesn't show me the
| context at all. But if I re-trigger the debugger again, it
| shows me everything just fine. :shrug:
| tomashubelbauer wrote:
| Try accessing the URL of the resource directly in its own
| tab and then restarting the tab where you're seeing the
| issue. That works for me.
| worble wrote:
| I have a similar issue where very occasionally the debugger
| tab will just be empty, just absolutely no files in there
| at all. The fix is simple enough - just open the site in a
| new tab, although it's a little annoying.
|
| I still do all my development in Firefox regardless, I'm
| sure if I switched to Chrome I'd quickly discover a set of
| equally annoying bugs and quirks there too. Better the
| devil you know.
| hosteur wrote:
| Did you report the problem?
| foepys wrote:
| No because I cannot reproduce it. It just happened
| randomly in the past.
|
| As I don't like getting bug reports that boil down to
| "doesn't work", I don't create them myself.
| kevingadd wrote:
| When struggling with a persistent issue like this in FF
| devtools it can still be worth filing an issue on the
| bugzilla tracker. Worst case, it gets closed as not
| reproducible. In practice many of these issues will
| eventually get caught if enough people complain about
| them and someone manages to dig through all the reports
| and come up with theories about the issue.
|
| You may get a helpful reply from someone on the team with
| suggestions on how to troubleshoot it, like enabling
| specific logging flags or pulling some info out of the
| console.
|
| I've filed lots of bug reports against Firefox in the
| past and just because you don't have an isolated
| reproduction case for a devtools issue, that doesn't mean
| it can't be fixed.
| capitainenemo wrote:
| https://bugzilla.mozilla.org/show_bug.cgi?id=1685334 perhaps?
| eplanit wrote:
| That describes it exactly -- thanks for finding that.
| barbazoo wrote:
| What do I, as an end user, have to do to be protected? Is it
| sufficient to use Firefox with its default settings?
|
| Honestly I don't know and I think I should. I have uBlock
| Origin, Privacy Badger, ClearURLs installed on Firefox, I'm
| running pi-hole at home, it's just so much.
| surround wrote:
| Don't sweat it. All you really need is Firefox + uBlock
| Origin. And even without uBo, Firefox blocks some trackers by
| default.
|
| Privacy badger is largely useless ever since they got rid of
| heuristics. ClearURLs is useful, but you'd probably be fine
| without it. And pi-hole doesn't block anything that uBo
| doesn't in Firefox (but is still useful for applications
| outside of the browser).
|
| On the other hand, maybe you're like me and want to squeeze
| as much privacy out of your browser as you can, even if it
| means breaking some websites. If that's the case, check this
| website out. Just remember that the tweaks listed here are
| _nice_ , but not entirely necessary.
|
| https://privacytools.io/browsers/#about_config
| HDMI_Cable wrote:
| With uBO, I would also disable things like Third-Party
| Cookies. I also have No-Script, but that's mainly for
| making sites easier to load (Though it does block ad-
| tracking js-files, like uBO).
| barbazoo wrote:
| Thank you, I'll have a look!
| heavyset_go wrote:
| Under Enhanced Tracking Protection, select the Strict option.
| Firefox also has native HTTPS-only and ESNI features.
| knalum wrote:
| Switched to Brave on mobile. Never looked back. You can see how
| many mb of data saved due to blocking of trackers.
| Mudface_72 wrote:
| Try firefox lite , get the apk from uptodiwn or apkmirror,
| because ff lite is region locked in the playstore.
| Brian_K_White wrote:
| Dude wtf, not interested in your Watchtower or whatever.
| theshrike79 wrote:
| I use Safari as my primary browser on MacOS, Chrome is only
| used for the developer mode.
|
| Dunno if it's better than the one in Firefox, but it's the one
| I know =)
| prepend wrote:
| I only use Chrome for Google stuff and everything else is split
| across Brave, Safari, Edge, and Firefox.
| why_Mr_Anderson wrote:
| The only thing that keeps me using Chrome from time time is the
| in-place translation feature. If anything comparable was added
| to Firefox (which I mainly use), I would be more than happy to
| get rid of Chrome once and for all.
|
| And yes, I'm aware of the extensions that offer similar
| functionality, but unfortunately they still have some way to go
| before they can reach parity with Chrome translator.
| prezjordan wrote:
| I ignored this advice for several years but ~6 months ago
| switched to Firefox cold turkey and don't miss Chrome one bit.
| Even when doing web development (I thought I'd miss chrome's
| CSS/HTML/JS inspector and devtools in general but Firefox's are
| the same if not better)
| sneak wrote:
| The security sandboxing of Chromium-based browsers is sadly
| unmatched, however.
| 55555 wrote:
| What's the most frictionless page language translation plugin?
| julianlam wrote:
| I'm a huge proponent of Firefox on desktop, but the new Firefox
| on mobile is just awful awful awful.
|
| I've switched to Vivaldi and it's just much snappier and
| doesn't have the papercuts FF mobile is currently struggling
| through.
|
| Total rewrites are cool, but they're real rough around the
| edges at first.
| Mudface_72 wrote:
| Try firefox lite, get it on uptodown or apkmirror. Its has a
| region lock an the ppay store.
| CivBase wrote:
| > I'm a huge proponent of Firefox on desktop, but the new
| Firefox on mobile is just awful awful awful.
|
| I strongly disagree. There are certainly issues, many of
| which are a result of the recent redesign, but I still find
| it a much better experience than Chrome on mobile and I think
| calling it "awful" is hyperbolic. Here are some examples of
| why I think FF > Chrome on mobile:
|
| Firefox mobile supports extensions which I consider necessary
| at this point, such as uBlock Origin.
|
| I can put the address bar at the bottom, where my fingers
| are.
|
| The reader features makes many websites much easier to read -
| particularly on mobile.
|
| Chrome defaults to opening things in tab groups now, which I
| find to be much more finicky to use than normal tabs.
| Bookmarks are for saving pages long-term, not tabs.
| vharuck wrote:
| I'm with you. I preferred the previous version of Firefox on
| Android. Since switching to the new version:
|
| - I've noticed it crashes _much_ more.
|
| - It still doesn't support all the extensions I used to have,
| like uMatrix.
|
| - All my bookmarks disappeared when it updated to the new
| version. I know syncing bookmarks would've let me recover,
| but I didn't realize it'd happen on the first place. And it
| seems like an easy problem to Amos even if a user didn't
| sync.
| Daho0n wrote:
| Doenonenof you points: You can't really blame Firefox for
| not supporting uMatrix since it isn't developed anymore.
| kiwijamo wrote:
| I've not noticed a crash in the several months I've been
| using the new version. Have you tried the usual things like
| clearing cache/data, reinstalling, etc? It took me a while
| to get used to it (especially the move of the address bar
| to the bottom) but I'm quite happy with it now. It also
| supports uBO which blocks pretty much all the ads. I agree
| it's disappointing what they have done with extensions
| though. Syncing to Firefox on my laptop is quite good
| though and very useful for looking up history e.g if I
| remember finding a good website I don't have to worry about
| recalling whether I was using my mobile or my laptop when I
| found it. All my history across all devices are there so
| I'll easily find whatever it is I was looking for.
| Mudface_72 wrote:
| Try firefox lite on android, you can dl the apk on uptodown
| or apkmirror, its region locked in the playstore.
| heavyset_go wrote:
| I've been using Firefox on Android for several years, and I
| like the new Firefox for Android.
| InvOfSmallC wrote:
| Firefox Focus is the best.
| bentcorner wrote:
| I stay on Firefox because of UBO and containers, but when I
| discovered tree-style tabs I'll likely never leave.
|
| Edge has an ok-ish implementation of vertical tabs but it still
| has a ways to go to match tree-style tabs.
| unicornporn wrote:
| I've been a Tree Style Tab user for many years, but I have to
| confess I have a complicated relationship with this add-on.
| I've reached >600 tabs more than once. That's not only a
| feature.
| qwertox wrote:
| I used to use Tab Mix Plus on Firefox. Having three rows of
| tabs and the ability to scroll them vertically for more
| tabs was the absolute killer feature for me. I loved
| Firefox for this.
|
| Once Firefox moved to the per-process approach and removed
| the ability to hack the UI, I saw no more reason to stay on
| what was a terribly slow browser back then, compared to
| Chrome. Startup times of 10+ seconds and such shenanigans.
| petepete wrote:
| When you have more than (say) twenty, what does having a
| tab open give you that bookmarking the page doesn't?
| alert0 wrote:
| I switched to Firefox for container tabs a few years ago and
| love it.
| z77dj3kl wrote:
| There is a whole field (now relatively mainstream) of
| differential privacy, concerned with answering questions such as
| "can I be correlated and de-anonymized across queries" (query
| might be "what's your current cohort id?").
|
| Is FLoC not built on sound principles of differential privacy?
| That would be a big shame on Google.
|
| EDIT: Huge shame on Google! From their FLoC whitepaper: "We want
| to emphasize that, even though differential privacy is now the de
| facto privacy notion in industry and academia, we decided against
| using it as our privacy measure for building audiences."
|
| What in the world are they thinking?!
| benlivengood wrote:
| Differential privacy is useful for training or updating a
| public model where individuals' features should be kept
| private.
|
| In floc's case the model is public but isn't being trained on
| individual's features in realtime, only used for inference as
| far as the proposal says, e.g. the proof of concept stage will
| develop a fixed model that all browser instances (of a given
| vendor) share. Individuals' features are kept private to the
| extent that the model output can't be effectively reverse-
| engineered.
|
| Differential privacy probably also won't be useful in the POC
| stage because the training will require accurate labels which
| defeats privacy.
| dp_throw wrote:
| differential privacy is good for answering population questions
| like "how many people in my dataset have property x?". it's a
| lot less clear how to apply it to something as granular as
| serving personalized ads. and as the example demonstrates, this
| compounds if you're doing it repeatedly with data that keeps
| getting updated. to the best of my knowledge, "differentially
| private personalized ads" is a hard problem, and maybe just a
| contradiction in terms.
| SpicyLemonZest wrote:
| I think it's Google's responsibility to make it clear,
| though, either by putting in the theoretical work to apply
| differential privacy or proposing a refinement of the concept
| that allows them to. It's like those people who propose grand
| new theories of physics without using any math; if you can't
| connect your ideas to what's come before, people will be
| rightfully suspicious whether they're built on quicksand.
| pfortuny wrote:
| Well-known since the netflix prize challenge:
|
| https://www.researchgate.net/publication/265973077_Robust_De...
| crazypython wrote:
| Ad networks often show us ads we don't want to see, and don't
| show us ads we want to see.
|
| One of the problems I see with is FLoC is that giving the user
| direct control over their cohort ID.
| GekkePrutser wrote:
| This FloC initiative just needs to be shot down hard. It's only
| meant to allow Google to continue business as usual in the face
| of privacy regulations. Everything else including privacy is
| secondary.
| leephillips wrote:
| I think it's potentially even worse than this. We seem to have to
| re-learn this lesson periodically: seemingly anonymous data about
| groups of people _does_ confer the ability to identify
| individuals:
|
| https://www.cnbc.com/2019/07/23/anonymous-data-might-not-be-...
| EGreg wrote:
| Basically, take it to its logical conclusion
|
| Privacy is dead. Once they have ubiquitous cameras everywhere,
| and connect the databases, the AI can correlate everything you
| do, and infer who is meeting whom and for what etc.
|
| Similarly online. You are going to get deanonymized unless you
| go to great lengths to change everything about what you do,
| including not doing anything in real time.
|
| More info: https://magarshak.com/blog/?p=169?p=169
|
| JK Rowling: https://www.smithsonianmag.com/science-nature/how-
| did-comput...
|
| And the mac daddy: https://news.bitcoin.com/a-look-at-
| stylometry-can-we-uncover...
| Retric wrote:
| It's still possible to be anonymous online, most people
| simply are unwilling to make any tradeoffs for privacy.
| adamiscool8 wrote:
| Is it possible to be anonymous online and still engage in
| the "online world" as most non-tech folks see it?
| Increasingly I think the answer is no, without substantial
| tradeoffs.
| Retric wrote:
| It comes down to what you want in terms of anonymity. You
| can't anonymously order food from an app and have it sent
| to your house while posting your wedding photos on
| Facebook.
|
| But, if you want to anonymously browse the web and talk
| to people on HN then that's still possible.
| EGreg wrote:
| So you think.
|
| A state level actor can easily dox u
| heavyset_go wrote:
| From https://en.wikipedia.org/wiki/AOL_search_data_leak:
|
| > _In 2006, the internet company AOL released a large amount of
| user search requests to the public. AOL did not identify users
| in the report, but personally identifiable information was
| present in many of the queries. This allowed some users to be
| identified by their search queries, prominently a woman named
| Thelma Arnold._
| Taek wrote:
| I call it the privacy doom principle. Any information which
| separates you into a subset of a larger group can eventually be
| compounded to fully break your anonymity.
|
| I did a lot of work on privacy coins, and the power of statistics
| is staggering. Doesn't matter if you shield yourself by grouping
| with 100,000 people per transaction, if your anonymity set isn't
| _everyone_, eventually you can be singly identified.
|
| Same goes for browsers, tracking, and "anonymized data".
| ixwt wrote:
| There's an old post about the Anime Death Note and the "bits of
| entropy" in relation to anonimity. It boils down to enough
| true/false questions about a person is enough information to
| uniquely identify them.
| swsieber wrote:
| I think this is the post: https://www.gwern.net/Death-Note-
| Anonymity
| geofft wrote:
| Looks like https://www.gwern.net/Death-Note-Anonymity , which
| has a lot of references and side notes more relevant to this
| story than to _Death Note_ per se, e.g.,
|
| > _The researchers generalized their Netflix work to find
| isomorphisms between arbitrary graphs (such as social
| networks stripped of any and all data except for the graph
| structure), for example Flickr and Twitter , and give many
| examples of public datasets that could be de-anonymized--such
| as your Amazon purchases (Calandrino et al 2011 ; blog)._
| bogomipz wrote:
| Did you publish any work on your privacy coin findings? If not
| might you or someone else have some links to share regarding
| their strengths and weaknesses?
| prepend wrote:
| Especially if you can belong to multiple 100,000 people groups.
| It doesn't take very many until you can find an individual by
| looking at the intersections.
| jrott wrote:
| Also works for health data as well[0] if anonymity is actually
| important it's really hard to collect data at all.
|
| [0] https://www.nature.com/articles/s41467-019-10933-3
| rocqua wrote:
| Which privacy coins did you look at, and what kind of results
| did you get? Sounds quite interesting!
| ComodoHacker wrote:
| So can privacy coins scale or all the efforts put there were
| futile?
| Taek wrote:
| Privacy coins can work if you can maintain the property that
| _every_ transaction could plausibly be spending _any_
| historic output. For the most part, that's just Zcash-like
| coins
| endisneigh wrote:
| I've been pretty much given up on privacy. Not to say that it
| shouldn't be pursued, but I think more effort should be put into
| security and stakeholders who are honest and won't abuse your
| data to begin with. At the end of the day I do not believe a
| trustless environment is sustainable.
| twobitshifter wrote:
| Google must have seen this coming. It was never going to be the
| privacy savior Google billed it as, so why push forward with the
| concept? We have to look deeper to understand what value FLOC
| provides to Google. They can exclusively gather tracking info
| through the browser they control, and they can weaken
| competitor's privacy arguments by claiming that they do not track
| individuals.
| Vespasian wrote:
| Probably because they feel that the tide is turning against
| 3rd-party cookies and maybe even fear legislative action in
| some markets.
|
| The beauty is that Googles business works just fine with FLOC
| and their competitors don't.
|
| When third party trackers "abuse" the ids one "obvious"
| solution could be to only allow "trusted" advertisers to
| receive it.
|
| If, in a great stroke of fortune, the requirements to become
| trusted are basically "be Google" I wouldn't be surprised.
| 015a wrote:
| The worst part is actually, it will never look like "just be
| Google", because that would be too obviously evil and be
| subject to decisive legislative action.
|
| Google's Widevine (streaming media DRM) is a great correlate
| to this. If you wanted to try and create a great, novel 4th
| web engine/browser; good luck. Many of the major streaming
| sites use Widevine. You can't build a browser to stream that
| content without asking for access to Widevine encryption.
| Google will not give it to you; they may, eventually, if you
| build up enough of a userbase, but what browser would be able
| to build up that userbase without access to streaming media?
|
| Its less about building a bulwark around Google's technology,
| a clear monopoly, and moreso a bulwark around the Boys Club
| of Established Big Tech. Then Google can go to Congress and
| say "we have competition, look, Facebook serves ads".
| HDMI_Cable wrote:
| Also we have to ask the question: does DRM like Widevine
| even work? One could just take a video recording of their
| Netflix stream using OBS or something similar, and Widevine
| can't even do anything to counter it.
| mike_d wrote:
| > does DRM like Widevine even work?
|
| Yes, you just don't understand what working is. Everyone
| realizes you can do screen recording, HDMI recording, or
| just invite a friend over to watch on your screen. What
| it does do is make the content owners comfortable enough
| that there is a reasonable level of protection as to
| allow their content to be streamed online.
| tyingq wrote:
| They were similarly pushy about Manifest V3, AMP, etc. I
| suppose anything they can do that creates more of a gap between
| their tracking abilities and other people's is a really core
| way to boost revenue. Shareholders really want to hang onto the
| history of strong double-digit percentage YoY gains.
| indymike wrote:
| Many competitors were depending on third party cookies.
| privacylawthrow wrote:
| >It was never going to be the privacy savior Google billed it
| as, so why push forward with the concept?
|
| Because these users are still anonymous to companies using
| Google services. Uniquely identifying users, and the liability
| for doing so, falls to intermediary services. I expect it will
| be the domain of data brokers like LiveRamp, Epsilon, and
| others.
|
| "Use Google and be compliant" is a good sales tool and good
| value for companies that use Google services. Companies that
| don't want to sell data to brokers will stick with Google.
| morelisp wrote:
| The number of companies that want to sell to brokers is
| rapidly increasing though - basically all retail wants to, or
| spins off a BI division that wants to. They hired all those
| data scientists, gotta find something for them to do...
| privacylawthrow wrote:
| Data scientists would rather buy data to work with big data
| sets than sell their own data for money. It's the marketers
| and people with P&L obligations that usually want to sell.
| foobiter wrote:
| it's Google exercising more control over the advertising
| industry, pure and simple - they see cookies are dying and are
| looking for a way to circumvent it by leaning on their
| dominance in the browser market
| jonnycomputer wrote:
| Yesterday a video conferencing web application (that I had to
| use) refused to work with Firefox, saying that it did not meet
| minimum requirements, and that I needed to use Chrome or Safari
| instead. I'm curious whether there is an actual technical
| justification.
| wizzwizz4 wrote:
| Get a user agent spoofer and find out. The answer's usually no.
| eternalban wrote:
| TIL.
|
| https://addons.mozilla.org/en-US/firefox/addon/user-agent-
| st...
| foobiter wrote:
| targeted advertising is inherently problematic, and anyone trying
| to sell you a "better" version is trying to fool you
| benlivengood wrote:
| I think floc will be useful because I'll hardcode a very
| inaccurate cohort in my browser to get amusingly meaningless ads
| that are as unobtrusive as possible.
|
| From what I've seen the most unobtrusive ads are the most
| expensive methothelioma and personal injury ads since they're
| generally a short message on a solid color background.
| asquabventured wrote:
| Best of luck with your mesothelioma that was caused by that
| asbestos laden boat collision you were involved in!
| alkonaut wrote:
| Wouldn't it be much simpler and less invasive to have a system
| where the browser user chooses a few interests from a fixed set?
| constituting only a few bits of entropy for ads (I wear men's
| clothing and I like ice hockey and cooking) and that's it?
|
| The browser can tell any site this data and it's a small enough
| number of bits that I'm not uniquely identifiable even when
| geography is added.
| dillondoyle wrote:
| one thing i haven't been able to understand?: if each cohort
| group is so small (relatively i think in the thousands) combine
| with a UA should be 100% unique?
|
| even if cohort is in the millions a UA+ip or geo should be enough
| to ID, or even add a couple more bits of window.property entropy
| enough to stay under the 'budget' limit
| vxNsr wrote:
| Kinda sucks for google that within 2 months of them beginning
| their trial it's already got a million holes in it.
|
| Do you think they keep going bec they don't actually care about
| the privacy implications or do you think they try to "legislate"
| their way out of it by adding something to the EULA of the FLoC
| program that you can't share IDs. So they can say "see we don't
| allow it" and can pretend no one is gonna do it behind their
| back.
| xg15 wrote:
| I thought FLoC was supposed to become yet another DOM API that
| any Javascript of any web page you visit can access (if Google
| got their way). Where would there even be an EULA to sign?
| foobiter wrote:
| all the data gathered by floc is algorithmically categorized
| and anonymized by google, they also determine what qualifies
| as a "protected" content
| SpicyLemonZest wrote:
| That's how you find holes, by running trials. Remember that
| this isn't a privacy regression; they're trying to find an ad-
| friendly replacement for third party cookies, which can do
| cross-site tracking without any need for holes.
| vxNsr wrote:
| It's a regression bec they're taking control away from the
| users, you can decide to not allow 3rd party cookies, but you
| can't opt out of FLoC very easily.
| SpicyLemonZest wrote:
| It's my understanding (source: https://blog.malwarebytes.co
| m/cybercrime/privacy/2021/04/mil...) that users who opt out
| of third-party cookies are also opted out of the FLoC
| trial. I do agree that more granular controls would have
| been ideal.
| slt2021 wrote:
| Does having uBlock Origin help in being not tracked?
| choeger wrote:
| Err, don't you need a unique ID to associate the different cohort
| IDs in the first place?
| kevingadd wrote:
| As I understand it, the attack here is that the user in
| question has an account on site A, and site A is able to share
| the user's cohort IDs with other websites and this allows the
| creation of a unique tracking profile _across all websites_
| over time
| robin_reala wrote:
| Remember, as a site owner you can choose to stop your website
| participating in Google's user tracking by sending this header:
|
| Permissions-Policy: interest-cohort=()
| buro9 wrote:
| That would be a good option for Cloudflare to give site
| operators.
|
| [ ] Add `Permissions-Policy: interest-cohort=()` header.
| ghughes wrote:
| They should look at the way the wind is blowing and enable
| this by default for all domains.
|
| edit: in a previous version of this comment I said that
| Cloudflare should use this mechanism to "kill FLoC in the
| crib", which is quoted in southerntofu's reply.
| southerntofu wrote:
| I find it worrying that a huge company is pushing an opt-
| out privacy-hostile feature (you have to send a header so
| that hopefully they will disable it, if they are in good
| faith) and the best we can do to fight it is to ask another
| huge corporation to "kill it in the crib".
|
| Maybe its finally time we stopped using these corporations
| and their products once and for all and started empowering
| our own communities instead?
| SpicyLemonZest wrote:
| Respectfully, I don't think your category of "we" is as
| universal as you think. Privacy-focused people can and
| largely do use browsers which simply refuse to send this
| kind of potentially sensitive information; for the rest
| of us, this new feature is substantially less privacy-
| hostile than what it's replacing.
| ocdtrekkie wrote:
| This is definitely worse than the fingerprinting being
| replaced, because whereas the old methods were
| inadvertently using browser traits unrelated to user
| behavior for tracking, this is an intentional feature for
| user tracking related intentionally to user interests.
| SpicyLemonZest wrote:
| It's a replacement for third-party cookies, not
| fingerprinting.
| foxhop wrote:
| I agree, here is my public statement on the matter.
|
| https://www.remarkbox.com/remarkbox-is-now-pay-what-you-
| can....
| bytematic wrote:
| I recently implemented all these do not track headers that
| exist in my companies applications. I hope more devs consider
| doing the same. You can still get valuable analytics without
| tying identifying information to every request
| [deleted]
| mpclark wrote:
| So do I literally just put...
|
| Header set Permissions-Policy: interest-cohort=()
|
| ...into my site's .htaccess and that's it, job done?
| remram wrote:
| Apache: Header always set
| Permissions_policy "interest-cohort=()"
|
| nginx: add_header Permissions_policy
| "interest-cohort=()" always;
| EMM_386 wrote:
| For your site. If you don't serve ads that rely on Google-
| FLoC rankings, then you won't see any impact. Otherwise you'd
| see a financial hit.
|
| If your users go to another site, and they don't have client-
| side FLoC-blocking in Chrome, your settings obviously won't
| do anything for them.
|
| So it's a nice step for your users, but is limited.
| inetknght wrote:
| So not only do users need to actually opt-out but site owners
| have to opt-out too?
|
| Has anyone stopped to consider where laws and regulations
| should come in to say that tracking like this is far too
| invasive?
| robin_reala wrote:
| You don't _have_ to, what happens between a user and their
| browser is theoretically none of your business. But if you
| care about your users' privacy, I see no reason not to send
| this header as there's no defined value for you as a business
| (unless you plan to somehow try to retarget users who've
| visited your site based on guessing which cohort that
| potentially refers to).
| EMM_386 wrote:
| > So not only do users need to actually opt-out but site
| owners have to opt-out too?
|
| By setting this on the site level, your users won't have to
| opt-out. You are doing it for them (all of them).
|
| If you don't, then the browser can always ignore it also. But
| that would only affect that individual user.
| mark_and_sweep wrote:
| Weird question: What if a user actually wants to opt-in but
| the site has opted-out? Should user opt-in override site
| opt-out?
| robin_reala wrote:
| The user opts in to being placed into a cohort. The site
| opts out of providing information to Google to let them
| generate cohorts based on the site. There's no overlap.
| de6u99er wrote:
| The reason why FLOC was invented, is to a oid lawmakers
| getting involved.
| [deleted]
| throwaway189262 wrote:
| Google's FLOC has an unfixable problem. As soon as other
| advertisers create their own FLOC's, anonymity goes away. No
| matter how careful Google is to make sure these ID's aren't
| unique, as soon as users have several FLOC identifiers, maybe
| even two, they're uniquely identifiable.
|
| Behavioral tracking needs to die. It was a mistake created from
| lack of web security in the early days, nothing more. It's a bug,
| not a feature.
|
| Google is finally showing us what Chrome was meant to be. A
| browser monopoly to defend Google's user tracking interests.
| ComodoHacker wrote:
| The browser provides FLOC IDs. How do you think other
| advertisers convince browser vendors (and particularly Google)
| to include support for their FLOC's?
| throwaway189262 wrote:
| Antitrust most likely. FLOC + anything else is probably
| identifying too. If there's a couple thousand FLOC ids, you
| only need one more identifier with that level of specificity
| to form a unique identifier. IP alone might be enough
| [deleted]
| adriancr wrote:
| Umm... IP address + FLOC is enough to track people behind
| NAT... Enough to track after IPv6 address change.. (same subnet
| + same floc = same person)
|
| Even if FLOC changes you just link a new floc to old IP, if you
| never see the old floc and you start seeing new one you have a
| transition and continue tracking. (not all will change at the
| same time i assume)
|
| This thing fixes cookies... they would be obsolete... It would
| allpw an ad network to track you much better.
| foxhop wrote:
| Properly implemented cookies will never be obsolete. I use
| cookies to as a way to keep a user's session authenticated.
|
| 3rd party cookies are basically already gone.
| jqpabc123 wrote:
| Privacy invasion and tracking is built into everything Google
| does. It's part of their DNA. No real need to look for details,
| if their name is on it, you know it's in there somewhere.
| judge2020 wrote:
| Making money off of you is their DNA; how they do it can
| change, and if they could make the same money or more (long-
| term) without actually storing advertising profiles, you bet
| they would.
| flixing wrote:
| Well I think each user can only be in a single floc.
| dathinab wrote:
| Not really surprising just think about following:
|
| Cohorts are sized at "a few thousands" (what does that even
| mean?).
|
| There is a lot a heuristic information retrievable using JS. This
| is _separate_ from the information Cohorts use to group you.
|
| Put both together and you have something quite close to a unique
| id.
|
| There is absolutely no way to fix this problem while having
| cohort id's and not having very very large cohorts. Which I can't
| see google using.
|
| Just as an example, I have a unusual setup so
| `coveryourtracks.eff.org` reports that my fingerprint is unique
| in the 292,340 tested in the last 45 days _from heuristics
| alone_.
|
| Thinks are not that bad for the average windows or mac user (me:
| Linux, Firefox, 1440p screen, etc. I'm not surprised tbh.). Still
| combined that "not so bad" with a FLoC Id and you are back at
| basically unequally identifiable.
|
| EDIT: Btw. there IS a fix, instead of letting advertisers decide
| on the ad based on you FLoC Id you let your Browser decide based
| an "available ad topic channels" (if combined with a fixed set of
| lables and a few other thinks, it's not trivial).
| thomasahle wrote:
| Google's proposed solution to this is an "entropy budget". If
| you have already asked about other JS things that can be used
| for identification, you won't get a floc id.
| ghughes wrote:
| ICYMI, this analysis is written by the principal engineer behind
| Intelligent Tracking Prevention in Safari. John knows what he's
| talking about.
| thomasahle wrote:
| I'm not sure I understand it. Sure, if a website knows the floc
| of a user on multiple weeks they can presumably use a third
| party service for identification.
|
| But how does the website initially join the different floc ids,
| unless they have already identified the user?
| fumar wrote:
| I wish someone could explain how Apple does this with
| advertising segments. https://support.apple.com/en-us/HT205223
|
| > Segments We create segments, which are groups of people who
| share similar characteristics, and use these groups for
| delivering targeted ads.
| nojito wrote:
| The attributes apple uses is listed in that very link.
|
| The key to segments is ensuring that the attributes give you
| enough entropy.
| fumar wrote:
| Isn't Google doing the same or less based on only browser
| data? How does each solution differ in entropy? I didn't
| get that from Apple's policy page. I am genuinely trying to
| understand and this isn't a snarky comment.
| float4 wrote:
| ICYMI: In Case You Missed It
| brnt wrote:
| Never thought I'd ask for this, but I wish Safari was available
| on Linux.
| crazypython wrote:
| I hear the performance and memory usage of WebKitGTK is much
| worse than WebKit on macOS.
| brnt wrote:
| You mean Midori (AFAIK the only browser using WebKit
| outside of Safari)?
| saagarjha wrote:
| GNOME Web is a user, and it happens to integrate with
| Firefox Sync.
| robin_reala wrote:
| All the PlayStation browsers use WebKit, and I think
| Kindle / Kobo too?
| SubzeroCarnage wrote:
| Midori has been overhauled and is Electron based now. old
| [0] new [1]
|
| See also this extensive list of browsers [2].
|
| [0] https://github.com/midori-browser/core [1]
| https://gitlab.com/midori-web/midori-desktop [2]
| https://wiki.archlinux.org/index.php/Web_browsers#WebKit-
| bas...
| brnt wrote:
| Thanks for the Arch link, but seems outdated (lists
| Midori under WebKit still). And the warning sounds a bit
| ominous too: what is an up to date and secure WebKit
| browser?
|
| I guess I'll still be waiting for Safari.
| julianlam wrote:
| Well, it is! Just not the version you're hoping to use.
| est wrote:
| What am I looking at? https://wicg.io/
|
| Jesus christ what a mess. This web browsing looks like navigating
| across a minefield.
| intricatedetail wrote:
| Can we start lobbying for a tracking ban? This only helps big
| corporations to manipulate consumers and improving techniques of
| manipulation.
___________________________________________________________________
(page generated 2021-04-15 23:00 UTC)