A Privacy War is Raging Within the World Wide Web Consortium

Inside the World Wide Web Consortium, where the world's top engineers battle over the future of your data. From a report: One of the web's geekiest corners, the W3C is a mostly-online community where the people who operate the internet -- website publishers, browser companies, ad tech firms, privacy advocates, academics and others -- come together to hash out how the plumbing of the web works. It's where top developers from companies like Google pitch proposals for new technical standards, the rest of the community fine-tunes them and, if all goes well, the consortium ends up writing the rules that ensure websites are secure and that they work no matter which browser you're using or where you're using it. The W3C's members do it all by consensus in public GitHub forums and open Zoom meetings with meticulously documented meeting minutes, creating a rare archive on the internet of conversations between some of the world's most secretive companies as they collaborate on new rules for the web in plain sight.

But lately, that spirit of collaboration has been under intense strain as the W3C has become a key battleground in the war over web privacy. Over the last year, far from the notice of the average consumer or lawmaker, the people who actually make the web run have converged on this niche community of engineers to wrangle over what privacy really means, how the web can be more private in practice and how much power tech giants should have to unilaterally enact this change. On one side are engineers who build browsers at Apple, Google, Mozilla, Brave and Microsoft. These companies are frequent competitors that have come to embrace web privacy on drastically different timelines. But they've all heard the call of both global regulators and their own users, and are turning to the W3C to develop new privacy-protective standards to replace the tracking techniques businesses have long relied on. On the other side are companies that use cross-site tracking for things like website optimization and advertising, and are fighting for their industry's very survival. That includes small firms like Rosewell's, but also giants of the industry, like Facebook.

One of them is fighting on two sides

[Visarga]

One of them is fighting on two sides, guess who?

Re:

[chispito]

One of them is fighting on two sides, guess who?

I honestly don't know. Please spell it out for me. Which of the participants is both trying to enhance the standards that the W3C is in charge of and also undermine them for profit?

Re: One of them is fighting on two sides

[iNaya]

Um, Google.

Re: One of them is fighting on two sides

[TuballoyThunder]

I think Google is trying to enhance privacy to the extent that it prevents other business entities from collecting data, thus becoming a better competitor. This protects Google's revenue stream. For example, encryption while data is in transit is consistent with that goal. Supporting communication topologies that have Google servers at junctions that handle unencrypted data is also in align with their business model.

Re:

[phantomfive]

That seems to be the motivation behind FLoC.

Re:

[AmiMoJo]

I've been participating in the development of FLoC and I get the impression that Google staff are genuinely trying to improve privacy. The motivation is because the industry is headed in that direction, with other browser vendors already starting to include more aggressive blocking. Privacy has become a valuable selling point now.

FLoC is unfortunately a bad idea and looks like it's dead now, in part because of it being developed openly and getting public comments. Check out the Github page, there is a lot o

Re:

[phantomfive]

For its part Google probably isn't too worried about ad revenue

ok you just went off the deep end there lol.

Some people at Google are not interested in ad revenue, but institutional pressure as a whole is entirely oriented towards maximizing ad revenue.

Re:

[AmiMoJo]

I mean they aren't worried about it falling because things like killing third party cookies impacts them far less than their rivals.

Re:

[phantomfive]

Oh. I think you are right, FLoC is something that hurts Google competitors much more than it hurts Google themselves.

Re:

[arglebargle_xiv]

Google does whatever's best for Google, it's the same for the IETF where they'll stack working groups to ensure the stuff they want goes in the RFC. It's pretty easy to see which way things will go when they're involved, just look at whatever direction to take thing that would further their business goals and that's where they'll go.

Re:

[chispito]

What are the standards the W3C might implement that Google would oppose?

Re: One of them is fighting on two sides

[laird]

Anything that protects users from being tracked by cross-site ad networks, for sure. For example, Apple's new secure proxy in iCloud+ that prevents ad networks from fingerprinting users would reduce Google's ability to monetize users. It wouldn't "destroy" the ad networks, since they can still sell ads targeted by placement. It's just that their rates would be lower than for precisely targeted ads based on user demographics.

Re: One of them is fighting on two sides

[ChatHuant]

What are the standards the W3C might implement that Google would oppose?

One glaring example is the DNT standard; Google opposed the protocol proposed by Microsoft (which was akin to building adblock in the browser itself) and pushed through its own "standard" - the bad joke currently known as the DoNotTrack header. This effectively killed any attempt to stop tracking on the internet, to the immediate and obvious benefit of Google, and to the immediate detriment of consumers.

Re:

[Antique Geekmeister]

The "DoNotTrack" header is like the "Do Not Call" list, it's a useful marker of victims with whom one might have fewer competitors when scamming them.

Re:

[Anonymous Coward]

It's worth remembering Firefox was complicit in this and this is why I've never been able to trust Firefox whilst it takes Google's money.

Worse, after DNT was implemented Google and Firefox killed it off with the absurd argument that if it was on by default it would not be honoured. Why did they do this? Because under GDPR it would legally have to be honoured in Europe because GDPR requires explicit opt-in consent, not opt-out and thus DNT on by default would both be GDPR compliant and would be enforceable

Product vs Customer

[FeelGood314]

You are Amazon's and Apple's customer, you are the product for google and facebook. You only pay money to Apple and Amazon not to Google or Facebook. The later two are advertising companies. The motivations of these companies will be different. However, we have already given up most of our privacy to Google and Facebook. If anything those two companies care even more that your information can't be gathered by other companies.

Re: Product vs Customer

[spinitch]

Where does China fall behind, they mainly want to censor but also helps by tracking.

Re:Product vs Customer

[93 Escort Wagon]

You are Amazon's and Apple's customer, you are the product for google and facebook.

I dunno... Amazon seems to want it both ways.

Re:

[JBeretta]

You are Amazon's and Apple's customer,

Baloney. You're also Amazon's product as it sells your data to advertisers to help push directed advertising at you. You think that treasure-trove of information about what you purchase, how often you purchase it, and where you purchase it isn't being used to generate additional revenue? You live in a dream world.

A common refrain, but not quite accurate

[raymorris]

That's commonly said, and there is some truth to it.

On the other hand, who uses Google search? Gmail? Google Docs? Google Maps? We are the users. Google needs to keep the users happy, or they switch to a competing product and the company dies.

Do the users/customers pay for the product with a credit card? No, not normally. With PayPal? Nope. We pay by seeing ads.

Media (including TV, radio, and the vast majority of web sites) has a different *payment method* than most physical products. That doesn't mean TV

Re:

[bn-7bc]

Sell i lay google (or us it the perrent Alphabet? Both for google drivea d yt premium, so I'm in fact their costumer, now where canI I turn off the tracking in chrome??

Hmmm

[DarkRookie2]

Well, I see that one of the biggest problems was letting ad-tech firms in.

Re:

[Ostracus]

Representational organizations means everyone affected by it's decisions gets represented. But course that runs smack into "but I don't like them" and the only solution is taking them out back and shooting them.

Re:

[Anonymous Coward]

Like engineers when they turn 40

Slim, trim internet.

[Ostracus]

And then give Gemini [youtu.be] a seat at the table for a less bloated internet.

Unanswered question

[93 Escort Wagon]

Does Skynet [wikipedia.org] have a seat at the table yet?

Re:

[SWPadnos]

Skynet is the table.

Piracy

[fafalone]

Google and the other ad companies should just tell the W3C not allowing extensive tracking and having privacy in general allows piracy... that should get them to drop the principle of an open web and perhaps add EAE, a binary blob to track you across the web by your hardware IDs and files in your home dir, and monitor all your activity to detect and block and running ad blocker. What could go wrong? [boingboing.net]
Coming Soon: Encrypted Advertising Extensions. I'll put Sir Tim down as a yes vote.

The web has been compromised beyond control

[xack]

Mozilla has been neutured and turned into a anti trust token offering instead of legitimate competition. The entire web is Chromium powered now.
Webkit is basically proprietary to Macs/iOS at this point as no one other than Gnome’s Web is offering a browser based on it any more. Even Microsoft the original anti trust villain is a Chromium user now. If the W3C is serious it would make its own web engine and browser and treat tracking and ads like a virus with active counter measures beyond what current blockers allow.

In fact they used to have one called Amaya.

Re:

[brunes69]

You're confusing rendering with the broader browser.

Brave is also based on Chromium. However Chrome and Brave could not be more different in how they treat ads and tracking.

Note I do not endorse Brave either as it's also a piece of shit, it's just a piece of shit for different reasons ( https://practicaltypography.co... [practicaltypography.com] )

Re:

[Ostracus]

You could always try Nyxt. [youtu.be]

Don't forget China is lurking in the background

[Nocturrne]

When you see a push for weaker privacy, it isn't always a big US social media company doing the pushing.

Re:

[Antique Geekmeister]

Don't forget the NSA. Do others remember the limitation to 80-bit maximum SSL keys? Or the mandated federal access to private escrow keys?

One question remains

[Opportunist]

On the other side are companies that use cross-site tracking for things like website optimization and advertising, and are fighting for their industry's very survival.

The question is, how can we kill them off for good.

Re:

[evanh]

Thing is, ad dollars won't just vanish because tracking become disallowed. Throwing the survival of advertising into the discussion is nothing but a red-herring.

So they have to rely on crowd based metrics again. What it might mean is some of the tradition outlets gets some of that ad revenue back again.

There is no rational argument against privacy

[euxneks]

There is no rational argument against privacy. A typical argument against privacy is something like "if you've got nothing to hide then you've got no reason to worry". I think people should be thinking more along the lines of something like: "If I've got nothing to hide you've got no reason to look".

In any case, just like I don't want someone staring at me while I brush my teeth or read a book I don't appreciate that someone is taking notes about what websites I may visit in order to "better serve me advertising". Get the fuck outta here with that bullshit. Advertisers have no right to know whether I may be more prone to purchase their product, that's not their decision to make for me.

I cannot think of a single good thing to come from advertising - it's always negative, and they're always overreaching. Constantly pushing their boundaries and having to be put in check. Remember popup ads? Remember the obnoxious flash ads with loud noises? No, advertisers don't get to decide a single thing in my life and our lives would be better without advertising.

Re:

[Antique Geekmeister]

> There is no rational argument against privacy.

If I may say, nonsense. Abuses occur more frequently when there is no oversight and no recourse. Whether the inevitably larger abuses of, say, BitCoin and its use for drug sales, fake medicines, blackmail and human trafficking are worth the benefits to people who want no government interference in their commerce is a very fair question to ask. The founders of "The Silk Road" Bitcoin exchange, especially the founder who tried to hire assassins to kill other

Re:

[Brain-Fu]

euxneks was talking about the ability to browse the web without being tracked by advertisers. That is a different category of privacy than what you are talking about.

And, in any event, I agree that businesses should not have privacy. And they don't. Regulation varies depending on details but all must be open with the IRS when filing their taxes.

I also agree that state employees should not have privacy when doing state business. That includes police, as well as politicians at every level. The government

Re:

[Antique Geekmeister]

> Your specific example is about drug dealers. That would qualify as running a business,

Do note. I did not say "drug dealers". I said "drug sales, fake medicines, blackmail and human trafficking". None of those necessarily involve a business rather than individuals: they all involve felonies in US law, so there is often good legal grounds for obtaining the records. I see no way to record or provide to law enforcement or shareholders only one end of such transactions so that only the transactions of the d

Re:

[euxneks]

Privacy doesn't automatically negate laws. If someone is breaking the law I fully expect government prosecution or police (or whoever) to be able to provide proof beyond a doubt that a person is behaving criminally. If they have to do it by invading the privacy of law abiding citizens, that's not worth it - especially when there are governments out there like China. It's not hard to imagine the sort of abuses that can and do happen with panopticons - because it is a one-sided relationship: the government ge

Re:

[Antique Geekmeister]

> There's no rational argument to allow that.

I'm afraid that this is the difficulty with your claims. Easing access for legitimate investigation into abuses is a very rational argument. It's not a _compelling_ one in view of repeated abuses of such authorized access, especially access with no legal limitations. Law enforcement personnel tracking attractive women or former spouses include some of the most notorious abuses.

Re:

[starworks5]

There is no reasonable expection of privacy in information you willingly give to third parties, instead what you prefer is to gag people from speaking about the information you provide them yourself, you are essentially by extension claiming that "gossiping" violates your privacy rights.

Asshole of the month: Rosewell

[oh_my_080980980]

"Should web browsers really become implementation mechanisms of specific government regulation?"

Should we allow businesses to use browsers to track people's browser's information...I'm thinking not. You can fuck off now you parastic leach.

The W3C has compromised its purpose

[Dracos]

They have made many egregious decisions in the past several years which have damaged online privacy and the openness of the Web in order to serve the agendas of the big tech companies who have far too much influence throughout the organization.

The W3C needs to be taken over by a more robust and objective organization such as IETF or IEEE.

Why advertising anyway?

[Archtech]

I once heard the story of a CEO who said that he knew half his advertising budget was wasted, but not which half.

Apparently it didn't occur to him that it might all be wasted.

Who spends money to buy things they saw advertised on the Web? Honestly? I can't think of any such thing I ever bought.

Useful, somewhat objective reviews are another matter; they can help choose once you have decided roughly what you want. But advertising?

Toxic organizations

[bustinbrains]

There is such a thing as a "toxic human." The topic is interesting enough in its own right - go look it up if you aren't familiar with it. But it is also possible for there to be such a thing as a toxic organization. It is important for communities and organizations to identify and then expel both toxic humans and organizations. It's okay to ask a legitimate question when the answer is truly unknown to the asker. It's not okay to ask questions that are intentionally designed to undermine and subvert go

The real problem

[Rumagent]

Rosewell sounds, and acts like, a massive asshole. That being said, in my mind the real problem is Google - their core business is ads and as long as Chrome is dominant we will never have decent privacy online.