> Once these approaches have addressed the needs of users, publishers, and advertisers, and we have developed the tools to mitigate workarounds…
A browser vendor that cared about its users would make a browser for them, not publishers or advertisers. It would block all tracking garbage by default.
Just admit it Justin, the real Chrome customers are advertisers. You don't actually give a shit about users if it interferes with ad dollars.
Edit: I left out this good quote
> Some ideas include new approaches to ensure that ads continue to be relevant for users
More user-hostile advertiser appeasement.
Google is just acknowledging that for-profit, advertising-supported websites are a three-sided market; consumers, website authors, and advertisers all have interests. Figuring out how to satisfy everyone is tricky.
It may be that these competing interests can't all be satisfied and an advertising-supported Internet isn't going to make it in the long term, but they are going to try.
Of course they can't all be satisfied. The needs of advertisers are diametrically opposed to the privacy needs of users. There is no way to square this problem so that both groups are happy and Google certainly understands this. They aren't "trying" things out as experiments, they are executing on strategies to ensure their dominance over the business of digital advertising.
(yeah, I know they have to care about website designers, otherwise every website will just break, but when you have substantially a huge share of the browser share, you can tell website designers to get stuffed and they will have to deal with it)
I'm being intentionally simplistic- sometimes, complicating things with markets and so on feels like it obscures more than it illuminates.
Have you ever dealt with Google as a customer :) ?
Consider Mozilla, the privacy maniacs. Even they let proprietary and intrusive DRM plugin inside, though it is totally contradicts FOSS approach https://news.ycombinator.com/item?id=7746585
This is life -- you have to take other parties interests into account or you will be buried.
Start block all tracking garbage by default and sites will ban your users, forcing them to choose another product.
Speaking about Google: when you're (unlike Apple) making most of your revenue from ads, any hostile action to ad industry will be considered hypocrisy and unfair competition
DRM is an entirely different problem to that of privacy. While DRM is disgusting, a threat to open source as we know it and overall harmful to humanity as a whole, it does not inherently violate privacy.
Thus, saying "Even [the privacy maniacs] let proprietary and intrusive DRM plugin inside" doesn't make any sense.
Even if this question sounds naive, I feel like we should from time to time take a step back and review our situation.
> Speaking about Google: when you're (unlike Apple) making most of your revenue from ads, any hostile action to ad industry will be considered hypocrisy and unfair competition
I can agree with that (esp. given their monopoly), but the truth is not black and white here: there's a difference between applying the same measures equally to everyone and leaving a bunch of escape hatches for yourself, e.g. that time when Chrome decided to exclude certain Google cookies from the "Clear all cookies" screen.
This just smells of whataboutism.
As for your hypothesis that websites will start blocking browsers that ban tracking and so forth, frankly, that remains to be seen, and my bet is we'd never actually see that happen in practice. The optics are just too toxic. Surveillance capitalism survives because people don't know it's happening. Banning a browser like Firefox would call attention to an infrastructure and ecosystem that those individuals don't want to talk about in public.
Edit: As an aside, if sites did start banning privacy-conscious browsers like Firefox, I'd just stop going to those sites. In that respect, I'd actually perversely appreciate something like this: It'd finally make it blatantly obvious who is and isn't collecting and profiting from data about me and my actions online without my permission.
This is how it should work, users come first.
Users need publishers to be able to make enough money to survive, or there won't be any content for them to use. You can't totally screw over either side, or the other will no longer exist.
No, absolutely not. User-targeted advertising does not need to exist, a priori. Plenty of empires were built on privacy-friendly content-targeted advertising in the past and there's no reason that can't be done now. Except that Google would make far less money.
I strongly doubt the internet would stop working.
I think a probable scenario is that Google’s search ads and display ads business will have to be segmented from the rest of Google’s businesses. The other alternative may be to remove search bundled with search advertising, YouTube with its accompanying video advertising, and so on.
I would be more optimistic about Google’s ability to keep itself together, but they seem to have turned themselves in to a case study of corporate mismanagement and disfunction. Who knows what sorts of insane criminal things and accumulating at this point. Those future moments of weakness and going to make them incredibly vulnerable to regulators on both sides of the Atlantic, from both the right and the left. That is not a survivable position.
I fixed it for you.
So, this monster is "too big to fail"? All the more reason to kill it now before it gets even worse.
When users can't be tracked, ads will be less targeted which means Google will not be as valuable to advertisers.
i don't understand how this helps the conversation.
But Google really has no choice here due to aggressive campaign by Mozilla, Apple and Microsoft who boast with their Intelligent Tracking Prevention ( https://webkit.org/blog/8828/intelligent-tracking-prevention... ) implementation blaming Google as a company which does not value users privacy. Google would lose privacy-conscious users otherwise.
But it is clear for me how all this anti-thirdparty cookies situation will go further: server side third party ad trackers -- this will bypass Same Origin Policy and will pose a privacy and security threat for users and websites even more than todays third party frontend ad trackers.
It implies that other browser vendors (Mozilla, Safari/WebKit, new Edge) are in fact making the Web a more dangerous place.
I believe it's dangerous because it creates a harmful, unproductive PR narrative—people might just assume this is a true statement, without learning about both sides of the problem. I'm not trying to strip anyone of agency, I just don't think most of my friends would have time to research this topic and might decide to follow the main opinion instead.
The answer I'd like to hear: Yes, it does push some actors towards fingerprinting, but preventing fingerprinting should be dealt with regardless. Changes should happen both on legislative and browser-vendor level.
> But it is clear for me how all this anti-thirdparty cookies situation will go further: server side third party ad trackers -- this will bypass Same Origin Policy and will pose a privacy and security threat for users and websites even more than todays third party frontend ad trackers.
Server-side as well as white-labelled (subdomain) integrations already exist. Lotame (DMP) has at least one product of this kind, afaik.
That said, Apple/Mozilla/etc know this and so they are simultaneously trying to make fingerprinting more difficult. If they were not, I would agree with Google's stance. But since they are, it is really more of a footnote.
Same Origin Policy does not seem to provide any protection against DNS-based tracking.
For example, putting a series of links to resources in a page and making conclusions from the series of DNS requests made automatically by "modern" browsers like Chrome, Safari, Firefox, Edge, Opera, etc.^1,2
To be fair, this sort of tracking is arguably brittle, e.g., if user has auto-loading of images disabled or is not using a cache that randomises the ordering of IP addresses within a response packet like BIND.
It can also be easily avoided by user control over her client automatically making DNS requests for any resource^3 and user control over her own source of authoritative DNS data. For example, using a client that does not automatically load resources and using a local source of DNS data like a HOSTS file or a zone file served from a logging authoritative server on localhost like tinydns.
1. https://www.ndss-symposium.org/wp-content/uploads/2019/02/nd...
3. Not just images or third party scripts
Arguably gun owners, strip clubs and porn magazines have fought for free speech more than facebook and google combined.
I am happy to willingly share my personal data with your advertisers if that helps you keep profitable (NYT, Reason, Cato, Vice, Pornhub etc.) you need to figure out how to achieve that without acting like jerks.
From my perspective, good. Advertising is toxic even when it's not invading my privacy, and maybe if we make it less effective people will do less of it.
Which is of course the intent.
AFAIK, all that matters is how many conversions you get from $ spent. Both of those are perfectly visible, no tracking needed.
Would these users be using Chrome in the first place?
The Google search engine could be run for some small number of billions per year (or less) but Google extracts tens of billions per year from our pockets. It's a leech on society in the same way that Wall Street is.
They successfully propagandized the idea that "relevant ads are good" when it's patently obvious that relevant search results are what you want from a search engine. There's no need for ads at all.
This caught my attention, as I haven't heard anything about this before. Do you have a source with more details on it specifically? All I see is that Google pays Mozilla to make Google Search the default search engine and pays Adblock Plus to whitelist their ads. I'm not seeing any sources indicating that Google paid Mozilla any money to keep ad blocking out of their standard feature set.
Google already knows most of what it needs about you, and it will in the future from searches. It has no motivation to allow 3rd parties help in tracking visitors. This way it can build a moat around its business while pretending to care about privacy. It's bullshit.
But that wouldn't be good for Google. This is the exact reason an ad company should not be allowed to own a web browser.
But I’d recommend not using it at all, I don’t.
chrome://settings/content/cookies
Go there and enable "Block third-party cookies".
The internet still works without them.
Credit to Apple for being aggressive taking on the ad companies. Yes this is totally a business decision that benefits them, but it also benefits consumers. So in that sense, the incentives are aligned.
Hope they keep going.
No. Rather, Safari uses "Intelligent Tracking Prevention". This blocks SOME (most?) 3rd Party cookies, but not all. For example, single sign on providers will often use cookies, and they are often explicitly 3rd party. ITP tries to let those through.
IIRC Safari can be set to block ALL 3rd party cookies, but it is not the default setting.
SSO providers don't NEED cookies, they can do full page redirects to avoid being 3rd party, but it does complicate matters, and the relationship between you, a site, and a 3rd party identity provider you've presumably agreed to can be a different beast than the tracking cookies that are the focus here, though of course identity providers could always join the dark side as well.
https://nakedsecurity.sophos.com/2017/11/30/google-sued-over...
> [...] we plan to phase out support for third-party cookies in Chrome. Our intention is to do this within two years [...]
As for what they're replacing them with, sounds like they don't quite know yet. They seem to still be in the requirements gathering phase: https://github.com/w3c/web-advertising
With WebAssembly now.. And your company being one of the leading browsers.. The cookie transport looks like pigeon mail.
This is news to me.
Between Chrome, GA, AdSense, DoubleClick, Gmail, etc, they don't need 3rd party cookies to gather user data. Even if killing 3rd party cookies drops them back a little, it drops the #2 panopticon back more...extending Google's lead.
Sure. So how about we block fingerprinting? Oh waaaaaait I see. What you actually want is your privacy invading business model to not be impacted.
Why are sites able to ascertain the type of browser, operating system, OS version, webkit version, Safari version, time zone, language, platform, vendor, screen dimensions, plugins, etc.
This shit should be as locked down as location, web cam, and microphone. Block all of it.
So I see this as a : 'Hey we got in before everyone and stopped using cookies first' — When in reality, they're becomming less of a valuable commoddity.
I'll be very happy when companies stop storing excess info in their own storage.
Until then, no round of applause from me .
I wonder how removing a feature might go, however. The answer is "probably well because Chrome has overwhelming market share", but I do wonder if, between AMP and "no URLs" and no 3rd party cookies, if there's room for a small but growing "it just works how I'd expect it to on Firefox" contingent to spring up...
This is disingenuous. Reducing tracking does not undermine websites. It undermines advertisers that depend on tracking. If tracking stopped, advertisers would target something else (e.g. content or coarse location) and roughly the same amount of money would go to websites. Google’s privileged position would be a lot less inherently valuable, though.
The Webkit team already proposed a privacy-preserving way to do ad click attribution [1]. I'm guessing that was too private and Privacy Sandbox works better for Google.
[1] https://webkit.org/blog/8943/privacy-preserving-ad-click-att...
Still, Google's revenue on third-party site ads was $6.4bn in Q3 of 2019 out of the $40.5bn in total revenue so it could be felt a bit there too.
I fear that it all will move to first-party tracking though which will be so much more difficult to block and so much more dangerous in terms of security.
I'm not sure this will accomplish much as it's not that hard to serve things from one's own domain. More work for the tracking company to get things set up, I suppose, but harder to detect once established.
My guess is we will need custom GreaseMonkey scripts that prevent parameters from being appended to URLs so when you click on a link to another site it will not pass tracking information. Generally whenever a tracking network changes these parameters the Greasemonkey scripts will have to be updated whereas in the past you could just block the third party cookies and avoid a lot of the tracking.
interesting to see if that's the future. certainly anyone with substantial inventory has experimented with this (NYT for example) because they suspect they're getting cheating by G/FB
Addressing anything else is like pissing in the ocean to change it's colour.
What's more, Firefox is just an off-brand of Google to capture the "privacy first" consumer market segment.
Doesn't mean I'm going to stop using Firefox, but it just helps to see the big picture.
https://webkit.org/tracking-prevention-policy/
We can see, google doesn't need to inform their chrome users :
> A privileged third party is a party that has the potential to track the user across websites without their knowledge or consent because of special access built into the browser or operating system.
INOL but my understanding of this would put Google's Chrome into that bracket. Potentially also Microsoft/Apple ?
