[HN Gopher] A new path for Privacy Sandbox on the web
___________________________________________________________________
A new path for Privacy Sandbox on the web
Author : agwa
Score : 61 points
Date : 2024-07-22 19:14 UTC (3 hours ago)
(HTM) web link (privacysandbox.com)
(TXT) w3m dump (privacysandbox.com)
| JohnFen wrote:
| Did I miss something here? It seems like a whole lot of
| marketing-speak that never gets around to describing what this
| "new path" consists of.
| skilled wrote:
| > Google Chrome is no longer 'deprecating third-party cookies'
| JohnFen wrote:
| That counts as a "new path"? My, how low that bar has become.
| robhlt wrote:
| The new path is they aren't deprecating third-party cookies
| anymore. Instead they're going to "introduce a new experience
| in Chrome that lets people make an informed choice that applies
| across their web browsing" (in the 4th paragraph).
| deskr wrote:
| It'll be like Android's location sharing with Google. Nothing
| works unless you agree to a wholesale google location
| surveillance. Then they can say you agreed to this.
| jeroenhd wrote:
| I disagree. Things may be different in the EU, but for
| every feature that triggered the "enable location history"
| popup, it made a lot of sense to require it. And, most
| importantly, you can just turn it off and everything
| important keeps working.
|
| You can disable the "send a list of nearby cell towers to
| Google's live database" setting, the "send a list of
| Bluetooth beacons to Google's live database" setting, and
| the "send a list of WiFi networks to Google's live
| database" setting, all without losing location access. Your
| location access will become a _lot_ slower, but that 's
| just a consequence of having to rely on GPS again, like we
| did before all of these extra features became available.
|
| Google is even making their location history feature worse
| because they don't like how many blanket location history
| requests they're receiving from authorities, by moving
| location history to be stored on-device.
|
| For years Google lied about consent users supposedly gave
| for some types of location tracking, but after they got
| found out (and the authorities got involved) they changed
| their tune.
| JohnFen wrote:
| > after they got found out (and the authorities got
| involved) they changed their tune.
|
| So we can expect similar shenanigans when it comes to the
| "privacy sandbox".
| vmfunction wrote:
| >For years Google lied about consent users supposedly
| gave for some types of location tracking, but after they
| got found out (and the authorities got involved) they
| changed their tune.
|
| And I will never trust google again after that with my
| person important data! No matter what day do now!
| hedora wrote:
| The location API sends your gps position to google so
| they can annotate it.
|
| They claim they don't record your history, but, at the
| very least, as a US company, they have to share it with
| the authorities.
|
| If you could truly opt out, then it'd be much easier to
| use third party software without google play services
| installed.
| rjh29 wrote:
| There is so much stuff Chrome sends to Google though. I
| was curious how their autofill implementation works
| and... there is code to send a list of all form and field
| names to a Google API. That alone could be sensitive
| information.
| zorrn wrote:
| [delayed]
| legitster wrote:
| It sounds like some sort of browser-based configuration and
| they don't want to talk about it because lawyers.
| fumar wrote:
| They should've started with user choice as the first milestone
| when it was originally announced. Similar to Apple's app
| tracking. Or just get rid of cookies and let ad tech be less
| invasive.
| agwa wrote:
| > _Or just get rid of cookies and let ad tech be less
| invasive._
|
| They tried to get rid of third-party cookies and regulators
| wouldn't let them do that.
| InTheArena wrote:
| primarily because it would put any publisher or site not
| named Facebook or Google out of business, or have to shift
| all of their ads to google or facebook.
|
| You would have to break up Google in order for them not to
| have a a insane market advantage if they got rid of 3pc.
| Google would still have access to all their consumer markets,
| google analytics, etc, and everyone else would have to do
| business with google or go out of business.
| fumar wrote:
| Why? I get that publishers want ads but cookies are not
| required for ads. Safari and Firefox have 3P cookie
| restrictions already.
| jcranmer wrote:
| Because Google (the ad provider) gets to do all the
| tracking without third-party cookies (by asking Google (the
| web browser) for that information), which the other ad
| providers can't do.
| agwa wrote:
| I'm not aware of any functionality in Chrome that allows
| Google to get tracking data that other ad providers
| can't, but it seems like regulators should target that
| instead of preventing Chrome from banning third-party
| cookies.
| odo1242 wrote:
| When you sign into Chrome, you allow Google to associate
| websites you visit with your Google account.
| jeroenhd wrote:
| Google's competitors complained that they couldn't track
| users enough with Google's proposed new scheme. They had
| to bend over backwards and make privacy worse to make the
| scheme pass the regulators.
|
| Market regulators don't care about privacy or data
| safety, they care about whether your local ad agency can
| make as much money as Google can doing the same stuff.
| agwa wrote:
| Ad revenue declines without 3P cookies[1]. Safari and
| Firefox have less market share than Chrome and aren't made
| by a giant advertising company so they don't attract the
| same scrutiny. When Google tries to restrict 3P cookies it
| creates the appearance that they're just trying to kneecap
| their competitors, whether that's true or not.
|
| [1] https://support.google.com/admanager/answer/15189422
| legitster wrote:
| Cookies are honestly the least bad part of the problem.
|
| Cookies are cross-platform, and transparent. I can see and edit
| and erase my cookies locally at any time.
|
| I would rather tighten the rules around privacy and keep
| cookies around rather than the opposite.
| legitster wrote:
| > In light of this, we are proposing an updated approach that
| elevates user choice. Instead of deprecating third-party cookies,
| we would introduce a new experience in Chrome that lets people
| make an informed choice that applies across their web browsing,
| and they'd be able to adjust that choice at any time.
|
| If this is a more prominent & robust implementation of "Do Not
| Track" with actual teeth from the browser, I would be fully on
| board. It probably won't be, but it could.
| btown wrote:
| From the OP:
|
| > Instead of deprecating third-party cookies, we would introduce
| a new experience in Chrome that lets people make an informed
| choice that applies across their web browsing, and they'd be able
| to adjust that choice at any time.
|
| The OP also cites
| https://support.google.com/admanager/answer/15189422 (also
| published today) which makes the "why" of this self-evident:
|
| > By comparing the treatment arm to control 1 arm, we observed
| that removing third-party cookies while enabling the Privacy
| Sandbox APIs led to -20% and -18% programmatic revenue for Google
| Ad Manager and Google AdSense publishers, respectively.
|
| For the mysterious "new experience in Chrome" they mention, I'll
| be keeping an eye on their public planning repositories, but
| there's no guarantee that the project they're mentioning is
| related to any of these:
|
| https://github.com/orgs/explainers-by-googlers/repositories?...
|
| https://github.com/orgs/privacycg/repositories?type=all
|
| https://github.com/privacysandbox/privacy-sandbox-dev-suppor...
| righthand wrote:
| > new experience in Chrome
|
| An unnamed experience to replace a bad policy seems like the
| kind of thing you state when a project has failed and is
| winding down.
|
| I agree that Google needs an eye kept on them though. They are
| never to be trusted.
| DougN7 wrote:
| It's sad that "don't be evil" is now a joke.
| righthand wrote:
| Or maybe it was always a joke that people took seriously?
| What about Dont Be Evil was guaranteed to render different
| results than Microsoft besides passionate speeches? The
| motto should have been "Complexity Shift Evil" or "Evil
| Differently".
| tambourine_man wrote:
| Evil, petty (url shortener), incompetent.
| agwa wrote:
| To be clear, the outcome quoted above (Privacy Sandbox, no 3P
| cookies, ~20% reduction in ad revenue) is what Google
| _wanted_ but regulators (spurred on by the ad industry)
| wouldn 't let them have.
|
| I agree Google needs an eye kept on them, but unfortunately
| the people doing that are looking out for the interests of
| other ad providers, not the public.
| victor- wrote:
| A major problem with blocking third party cookies is that it
| kills any embeddable logged in experience. Think payment gateway
| widgets that would now require you to login every time you want
| to make a purchase, or youtube embeds that would no longer
| recognize your premium subscription and roll ads across the web
| if if you pay for none, etc.
| Vinnl wrote:
| That's what browsers are working on Federated Credential
| Management APIs for:
| https://developer.mozilla.org/docs/Web/API/FedCM_API
| grishka wrote:
| And that's the only good use case for third-party cookies. I'm
| willing to sacrifice that if it would mean that reliable cross-
| site tracking is made impossible.
| freitasm wrote:
| > "Instead of deprecating third-party cookies, we would introduce
| a new experience in Chrome that lets people make an informed
| choice that applies across their web browsing, and they'd be able
| to adjust that choice at any time."
|
| Do we believe an average Internet user has any knowledge to make
| an "informed decision"?
| svat wrote:
| > _Throughout this process, we've received feedback from a wide
| variety of stakeholders, including regulators like the UK's
| Competition and Markets Authority (CMA) and Information
| Commissioner 's Office (ICO), publishers, web developers and
| standards groups, civil society, and participants in the
| advertising industry._
|
| Chrome (and Google in general) has a tough problem of having to
| satisfy such diametrically opposed "stakeholders" -- being stuck
| in the middle and having to satisfy both "civil society" and "the
| advertising industry" means it won't do a great job at either, no
| matter what.
| troyvit wrote:
| If I was under pressure from so many different stakeholders
| with different requirements I'd probably ask to be broken up.
| InTheArena wrote:
| The challenge is more satisfying anti-trust and privacy. Anti-
| trust requires transparency to validate that no one is abusing
| the system, privacy requires opaqueness.
| Doctor_Fegg wrote:
| > including regulators like the UK's Competition and Markets
| Authority (CMA) and Information Commissioner's Office (ICO)
|
| > as we finalize this approach, we'll continue to consult with
| the CMA, ICO and other regulators globally
|
| Very interesting that it specifically calls out the little UK
| regulators rather than the much bigger US or EU bodies.
| pupppet wrote:
| I've been wearily ignoring the "Third-party cookie will be
| blocked in future Chrome versions..." notice in the console for
| months now knowing I'd have to act on it eventually. Hurray for
| procrastination!
| rjh29 wrote:
| Let's hope their extension V3 proposal dies the same way.
| alexkim97qaw wrote:
| What challenges will this will face in the future?
___________________________________________________________________
(page generated 2024-07-22 23:04 UTC)