EFF Warns: 'Don't Play in Google's Privacy Sandbox' (eff.org) 52
An EFF analysis looks at the problems with some of Google's new "Privacy Sandbox" proposals, a few of which it calls "downright dangerous":
Perhaps the most fleshed-out proposal in the Sandbox is the conversion measurement API. This is trying to tackle a problem as old as online ads: how can you know whether the people clicking on an ad ultimately buy the product it advertised....? Google's ID field can contain 64 bits of information -- a number between 1 and 18 quintillion. This will allow advertisers to attach a unique ID to each and every ad impression they serve, and, potentially, to connect ad conversions with individual users. If a user interacts with multiple ads from the same advertiser around the web, these IDs can help the advertiser build a profile of the user's browsing habits.
Even worse is Google's proposal for Federated Learning of Cohorts (or "FLoC").... FLoC would use Chrome users' browsing history to do clustering. At a high level, it will study browsing patterns and generate groups of similar users, then assign each user to a group (called a "flock"). At the end of the process, each browser will receive a "flock name" which identifies it as a certain kind of web user. In Google's proposal, users would then share their flock name, as an HTTP header, with everyone they interact with on the web. This is, in a word, bad for privacy. A flock name would essentially be a behavioral credit score: a tattoo on your digital forehead that gives a succinct summary of who you are, what you like, where you go, what you buy, and with whom you associate...
If the Privacy Sandbox won't actually help users, why is Google proposing all these changes? Google can probably see which way the wind is blowing. Safari's Intelligent Tracking Prevention and Firefox's Enhanced Tracking Protection have severely curtailed third-party trackers' access to data. Meanwhile, users and lawmakers continue to demand stronger privacy protections from Big Tech. While Chrome still dominates the browser market, Google might suspect that the days of unlimited access to third-party cookies are numbered. As a result, Google has apparently decided to defend its business model on two fronts. First, it's continuing to argue that third-party cookies are actually fine, and companies like Apple and Mozilla who would restrict trackers' access to user data will end up harming user privacy. This argument is absurd. But unfortunately, as long as Chrome remains the most popular browser in the world, Google will be able to single-handedly dictate whether cookies remain a viable option for tracking most users.
At the same time, Google seems to be hedging its bets. The "Privacy Sandbox" proposals for conversion measurement, FLoC, and PIGIN are each aimed at replacing one of the existing ways that third-party cookies are used for targeted ads. Google is brainstorming ways to continue serving targeted ads in a post-third-party-cookie world. If cookies go the way of the pop-up ad, Google's targeting business will continue as usual.
The Sandbox isn't about your privacy. It's about Google's bottom line. At the end of the day, Google is an advertising company that happens to make a browser.
Even worse is Google's proposal for Federated Learning of Cohorts (or "FLoC").... FLoC would use Chrome users' browsing history to do clustering. At a high level, it will study browsing patterns and generate groups of similar users, then assign each user to a group (called a "flock"). At the end of the process, each browser will receive a "flock name" which identifies it as a certain kind of web user. In Google's proposal, users would then share their flock name, as an HTTP header, with everyone they interact with on the web. This is, in a word, bad for privacy. A flock name would essentially be a behavioral credit score: a tattoo on your digital forehead that gives a succinct summary of who you are, what you like, where you go, what you buy, and with whom you associate...
If the Privacy Sandbox won't actually help users, why is Google proposing all these changes? Google can probably see which way the wind is blowing. Safari's Intelligent Tracking Prevention and Firefox's Enhanced Tracking Protection have severely curtailed third-party trackers' access to data. Meanwhile, users and lawmakers continue to demand stronger privacy protections from Big Tech. While Chrome still dominates the browser market, Google might suspect that the days of unlimited access to third-party cookies are numbered. As a result, Google has apparently decided to defend its business model on two fronts. First, it's continuing to argue that third-party cookies are actually fine, and companies like Apple and Mozilla who would restrict trackers' access to user data will end up harming user privacy. This argument is absurd. But unfortunately, as long as Chrome remains the most popular browser in the world, Google will be able to single-handedly dictate whether cookies remain a viable option for tracking most users.
At the same time, Google seems to be hedging its bets. The "Privacy Sandbox" proposals for conversion measurement, FLoC, and PIGIN are each aimed at replacing one of the existing ways that third-party cookies are used for targeted ads. Google is brainstorming ways to continue serving targeted ads in a post-third-party-cookie world. If cookies go the way of the pop-up ad, Google's targeting business will continue as usual.
The Sandbox isn't about your privacy. It's about Google's bottom line. At the end of the day, Google is an advertising company that happens to make a browser.
This is ridiculous! (Score:3)
I already have a browser full of ads for cute dresses and high heels thanks to my wife using my PC.
Well, that's my story and I am sticking to it!
(Serious note, this is a bad idea, especially for shared computers.)
Re: (Score:2)
Re: (Score:2)
(Serious note, this is a bad idea, especially for shared computers.)
Is it though? I have a similar situation where Google seems to have absolutely no idea who I am. Even when the ads are remotely relevant due to something I've searched for and I've made the purchase using my GMail account for the receipt I'll keep seeing ads for that thing for weeks. It might be a bad idea for anybody seeking to actually use this information to glean any insights but if it helps to demonstrate that all these analytics don't produce useful data then I'm not really opposed.
Safari is fine 97% of the time (Score:5, Interesting)
Meanwhile at my work (a SASS company and I'm in dev/eng), I get the occasional "you use Safari?"
I just say "yeah" because it links my Apple ecosphere well. But honestly, I'm slowly disassociating myself with Google. My primary email is still gmail so that's an issue, but one step at a time. Browsing is Safari or private Opera sessions. I did use Startpage but have found DDG to be pretty good ... most of the time.
I'm not paranoid but am a little tired of the endless tracking in ways I cannot grok.
Re: (Score:2)
Re: (Score:2)
U-Block Origin works just fine on Safari.
Google is (quite literally) banking on most people either not caring or not thinking about the privacy issues. And, from what I’ve seen, they are right. I don’t know how many times I’ve had the same conversation with people, which always ends with them saying “I really should move away from Chrome”... and months later we have the exact same conversation.
My personal stuff has mostly been disassociated from Google’s ecosystem for thr
Re: (Score:2)
I did better. I never used Google's "ecosystem" so there was no need to get "disassociated" from it.
Re: Safari is fine 97% of the time (Score:2)
Re: (Score:2)
I use the email address from my ISP. I'd never use some 3rd party email that charges ads for using their service. Even back in late 90s I never signed up for Hotmail or yahoo mail. I never understood why use webmail from ad companies.
Re: (Score:2)
Do you really think that closing your Google account and stopping to use their search will keep Google from tracking you? And you must think that deleting your Facebook account will stop them from tracking you too.
Re: (Score:2)
....you must think that deleting your Facebook account will stop them from tracking you too.
Well, there's always suicide. ...nah, com to think of it, that won't work either.
We've got the nuclear option! ...at least our humanity can still keep the upper hand on this corporate-technocratic bullshit.
* poof *
"Privacy sandbox" (Score:3, Funny)
Privacy for the ads is now sold as privacy. (Score:1)
Not user code to block what the ad paying customers need for tracking their transactions.
The product (a flock of users?) get a nice unique ID to go with that ad privacy.
Encrypted to prevent trying next gen ad blockers. No trying to sneak in a third-party ad.
Sandbox: Its industrial ad farming for the flock of users.
Re: Privacy for the ads is now sold as privacy. (Score:1)
Re: (Score:2)
Of course not, why would they?
You'll just get more ads for the same product and a gazillion ads for products like it.
Comrade, you WILL buy EVERYTING we tell you to. Think of the children!
I'm sure glad (Score:2)
Re: (Score:3)
Every company is an advertising company.
No, some companies actually make things called 'products' instead of advertising for other 'products.' It's an interesting concept.
The box (Score:4, Insightful)
>"A flock name would essentially be a behavioral credit score: a tattoo on your digital forehead that gives a succinct summary of who you are, what you like, where you go, what you buy, and with whom you associate... "
That is bad enough. But also, just as bad, it isn't what you are, it is what they THINK you are. And if that is wrong (which it can be for any number of a zillion reasons) then you are being stereotyped and pre-judged by systems or even people.
>"If the Privacy Sandbox won't actually help users, why is Google proposing all these changes?"
Because Google wants people to THINK Google cares about privacy, when they don't. And all these people continue to happily use chrome and the many chrome-based browsers, and Gmail, etc.
>"At the end of the day, Google is an advertising company that happens to make a browser."
No, it happens to make ALL major browsers now, except Firefox and Safari.
Re: (Score:2)
It seems they don't get what the flock is about, and why it is named like this.
A whole flock of people, thousands, it not millions are hiding behind the same FloC: so no, you can not single out and track a single one. That is as far as I get it the purpose of it and yes it enhances privacy as no one can distinguish you from me.
Re: (Score:2)
yes it enhances privacy as no one can distinguish you from me
If you read even the summary more carefully, you'll see that Google is also sending an unique 64 bit ID associated with ads, which - and this is a direct quote from the summary - will allow advertisers to attach a unique ID to each and every ad impression they serve, and, potentially, to connect ad conversions with individual users. If a user interacts with multiple ads from the same advertiser around the web, these IDs can help the advertiser build a profile of the user's browsing habits.
Google isn't repla
Re: (Score:2)
Re: (Score:2)
No it does not. ... hence look exactly like me.
As another million users use also only one browser and are in the same Flock
Re: (Score:2)
And I talked about .... ....
Oh, it was the FloC and not the adds
Re: (Score:2)
Because Google wants people to THINK Google cares about privacy, when they don't.
+100
Google carefully (and quite successfully) cultivates an image that it cares about our privacy, when in fact they are horribly unethical. I find Android to be riddled with dark patterns which make it easy to unintentionally send personal data to Google's servers.
Lack of progress (Score:3)
Something I don't understand: there's so much effort put into Internet advertising, and yes sometimes there's something clever about it, but most advertising is not especially well focused for its target audience. I frequently see adverts that are laughably irrelevant. I don't doubt that advertisers consider it cost effective, but I'm just disappointed that 2019 technology is not able to make better use of such a massive amount the personal information that they are so creepily collecting.
The aims are deluded (Score:2)
The industry is fixated on knowing the person doing the clicks. But instead they should just be concentrating on the subject matter of the webpages themselves.
Tracking needs eliminated entirely. That'll eliminate all those kiddy scripts.
Google proposes eliminating tracking individuals (Score:5, Interesting)
Currently, advertisers use a variety of methods to ID a particular person or browser, then look up that ID in their database to find out about that person's demographics, interests, and preferences.
Attempts to fight this tracking over the years have been rather ineffective. Clever people just come up with new ways to track users. There are super cookies, browser fingerprinting is very effective, etc.
The modern WWW economy is based on personalized ads using this tracking. Ads without tracking, which are focused on the site content, bring in only half as much money. So there is a huge incentive for clever people to keep coming up with ways to track - it's worth a trillion dollars.
Suppose we could magically eliminate tracking through policy. (We can't). There is also an incentive to be careful in HOW we eliminate or reduce tracking on a broad scale via public policy. If we actually totally eliminated tracking overnight, we'd cut the revenue of all web-related companies in half. If that happened suddenly, global recession could be expected due to so many companies going out of business all at once. Buy again, there is no technical means to actually do that.
Google proposes an outside-the-box approach. Advertises track individual users only to then look them up to see which group they belong to. Advertises want to know if you're a Raspberry Pi / Arduino type of nerd. They don't care that you are userid 8485739; they just want to know whether they should show you ads related to Raspberry Pi, or ads related to hip hop.
Google proposes arguably improved privacy and making it easier for advertisers by skipping the individual tracking step. Instead, the browser would just tell the advertiser directly "the user is into electronics like Rrpi or Arduino or ESP32. No, you can't get an ID number for this user. Just show them RPi type ads".
I'd really like my browsing to be totally anonymous. For fraud-prevention I did some user ID stuff, similar to what advertisers do, and I know I can track you pretty easily almost no matter what you do. Of course I was only interested in whether the person trying to log in to your bank account is really you. As the login page finished loading, before you typed in your password, I could identify you with a high degree of confidence.
Google proposes making it so the advertisers have no reason to track you as an individual - the advertiser can see directly whether you are a nerd or a jock, without any need to ID an individual.
What might make this more interesting to me would be two things:
Reliable blocking of IDs (not technically possible, probably)
A user-accessible list of checkboxes where I could mark what I actually am interested in and what I'm *not* interested in
That certainly would not be ideal! My experience in fraud reduction tracking tells me that the ideal isn't possible, though. So an unpalatable approach *could* be the best we can do.
Re: (Score:2)
Attempts to fight this tracking over the years have been rather ineffective.
The tracking is certainly objectionable, but it also doesn't seem all that effective. It's likely better than random adverts but I'm not convinced it's better by much, and the technology hasn't progressed for a long time.
Re: (Score:2)
I wish that they would default to having ads placed based on the content of the page or site. It's easy to do if you are on a site about your favourite hobby or making plans for a vacation. What do you show if the person is reading the local news about a traffic accident or about the latest weather disaster? The sports section would be easy.
While I would love for them not to track me I don't think the answer is completely content based ads as not all content lends itself well to it.
Maybe of function of cont
Re: The aims are deluded (Score:2)
Not to mention just making better ads. Most of them are terrible.
Re: (Score:1)
That allows the user to grant a user approved site some of that cash for good content?
Sites and their content become like apps? Cant do content, no users will want to pay?
Re: Lack of progress (Score:2)
That is the concept behind the Brave browser
Re: (Score:3)
Turns out, convincing potential advertisers the platform sells products better sells more ad space than actually making a platform that sells products better. You are not the target audience of Google. Companies that buy ad space are the target audience.
Re: (Score:2)
There's advertising on the Internet? Never seen it. I feel deprived.
Can someone write an app (Score:2)
to clean the sandbox and instead change every advertisement id to 2128675309 ?
The real problem with sandboxes seems to be keeping out the neighborhood feral cat population.
Re: (Score:2)
Even better: don't use Chrome.
Re: (Score:1)
Dont use a product made by a computer company that offers ads on its services.
Have to use it? Block everything that can be blocked. Use better brands for everything else.
Well, ain't that a coinkydink (Score:2)
Google's ID field can contain 64 bits of information -- a number between 1 and 18 quintillion.
Hunh. That's roughly half the size of the IPv6 address space. So even if I were to say, rotate through my allocated /64 at one per minute...I'd die well before anything approaching saturation could be achieved.
So how about it everyone? Can we please sit down and talk about how shit IPv6 is now?
Not half the size. 1 / 2^64 size (Score:2)
You probably meant half the number of bits, but just to explain to anyone else who didn't catch it:
Is 10 half the size of 1,000?
Is 1,000 half the size of 10,000,000?
It's half as many digits.
A number with 128 digits (or bits) is a LOT bigger than a number with 64 digits (or bits).
Raise 2 to the 64th power. 64 bits is 9,223,372,036,854,775,807.
Dvide 1 by that huge number. You'll get a number very, very close to zero. So close that we can just call it zero.
All of various fields of the ID combined ar
How many IPv6 addresses there are (Score:2)
The number of molecules in one drop of water is a 21 digit number. A very large number.
The number of molecules in the entire earth is about the same as the number of IPv6 addresses.
Re: (Score:3)
The number of molecules in the entire earth is about the same as the number of IPv6 addresses.
So you're saying if I want to port scan the entire IPv6 space I might be waiting a while?
That's a problem I actually needed to solve (Score:3)
Funny you should mention that. I actually had to come up with solutions for IPv6 port scanning. As a security analyst, we want to audit which ports are open on every host in the network. On an IPv4 network, that's easy enough with nmap. With IPv6 it's a lot harder. You have to be clever.
Re: (Score:2)
Oh molecules, for a second I thought it was atoms and you were talking about a large number.
Roboswatting (Score:5, Interesting)
A few days ago, I wanted to refresh my memory that blue cheese mold (P. roqueforti) can under certain conditions produce some fairly vile toxins. I clicked a link somewhere that went to a laboratory chemicals distributor who sells one of these in minute quantities at a high price for research. Their site, sort of like Amazon, has a "you might also be interested in these compounds" feature that mostly shows intriguing molecular structure diagrams. I clicked on several of these, and most turned out to be deadly. Afterwards, the dental material ads seem to have been replaced by ads for deadly research chemicals that happen to have visually interesting molecular structures.
Note to SWAT: my kitchen bio lab experimentation is limited to trying to make cottage cheese, plus something disgusting that happened in a neglected opened bottle of V8 juice in the fridge.
Google is evil. Duh. (Score:2)
Re: (Score:1)
Being reminded once a month probably isn't nearly often enough.
What's an 'Ad'? (Score:2)
Never see them, never click on them.
"Privacy Sandbox" (Score:2)
Re: (Score:2)
Re: "Privacy Sandbox" (Score:2)