Brave is perhaps the most ethically challenged browser out there. Hopefully they have stopped doing this, but they were injecting their own ads instead of what the publisher put on their website.
I have a few apps that I just use the mobile web version. The bonus is that there is no app collecting gps and lists of installed apps and such, though, in theory, the new permissions help with that.
I know it might be the extensions (I have 20+) but I seriously don't care. Chrome manages to be fast with the same set of extensions.
I don't like Google but Firefox's slowness is a real strain on my productivity and brain well-being. Hope they improve even more soon.
I am on an iMac Pro btw. Stuff like this should not ever happen on a workstation.
You can't really compare that to a native linux/windows experience.
You mean to tell me that FLoC will be used for fingerprinting anyway, and it changes nothing about advertiser's strategies and tracking techniques, and they won't self-regulate, and that it doesn't work to throw them bones of extra data and hope that they'll willingly stop their abusive behavior if we meet them halfway?
This is a shocking development.
The only consolation is that Google's next privacy compromise with the ad industry definitely won't suffer from exactly the same problems. The best thing for us to do now is to assume that this is a completely random, one-time fluke that doesn't reflect anything on the industry's character. No need to change the way we engage with the advertising industry on privacy issues because of it. We should keep offering them compromises that make it easier for them to track users, and keep assuming that they'll in good faith regulate themselves.
Google is known to fingerprint you on their sites[0] and this practice will continue unless some sort of political action is taken to make fingerprinting illegal. WebGL is not the only heuristic used to reliably determine it's a specific device accessing a site, but a whole slew of techniques can be used to reliably determine it is 'you' who is on a site (you can even detect if a browser is running in a virtual machine, among many other techniques to fingerprint).
To mitigate this, I do most of my browsing with JS disabled by default, and if I really need JS turned on (for a site I trust like my bank), then I temporarily turn it on for that specific site. Also you can just disable WebGL in Firefox in about:config but keep in mind, there are many other techniques Google and `ADTech` in general can use to fingerprint you.
Firefox has per-site settings for whether the canvas should be accessible which are very useful, but they don't have per-site settings for WebGL, it's either on or off for the entire profile. Which kind of defeats the point of Canvas blocking since (at least last time I checked) WebGL fingerprinting is possible regardless of whether Canvas can be read from.
I'm sure there's some technical reason, but it really seems like turning Canvas reads off for a site should also turn off WebGL.
To my understanding, Google (and many other sites) use WebGL and other fingerprinting techniques to distinguish real users from bots.
This does not mean they use it to track individual users (if that were even legal in Europe under GDPR).
It is an improvement to privacy. Cookies uniquely identify me with no other information required. FLoC does not uniquely identify me with no other information required.
The opt-out is similar too: block cookies in the browser or block FLoC in the browser.
Cookies were going away regardless, every other browser is doing it, Chrome is not powerful enough to go against the grain on this issue.
Separately from removing cookies (which was always going to eventually happen), Google proposed FLoC because they claimed it would help advertisers accept the change without encouraging them to build another equivalent tracking method using fingerprinting. Unsurprisingly, advertisers immediately took FLoC and used it to build another equivalent tracking method using fingerprinting.
The mistake here is meeting the advertising industry halfway. Just remove cookies. You don't need to propose anything else beyond that.
How can you have an Internet without using IP addresses? Do you just use Onion routing all the time?
I think cookie + browser fingerprinting is a much better way to track people in this situation, because it removes the uncertainty associated with dynamic IPs and multiple users behind a NAT.
For you that don't live in small countries being 2 hours away in Sweden means you have to pass several other independent cities on your way there.
They only identify people when joined with other information.
Private relay is secure as long as Apple and the third party do not cooperate, but end to end flow correlation is much easier because streams are not isolated.
Onion routing is much more sophisticated than private relay: even end to end correlation is more difficult because of how virtual circuits are made.
You don't get to be the biggest entity on the internet and keep the cutesy hacker facade, they've got an enormous responsibility to the community now.
Why do anti-google articles always have some one claiming unfairness or singling out as one of the first comments?
I have often noticed that the mods alter the ranking of posts, but I don't think that they did in this case (they admitted doing it in some cases). The content on HN is very much curated/controlled.
Looks like to disbable it in Chrome... you have to find a deeply nested config and then tell chrome you want to "disable privacy-preserving features". !?!?
I can do this. But of course nobody else is, it's telling you are disabling privacy-preserving features! Its' making me kind of livid.
If you want privacy, stay on Firefox.
really, if you are in a point where you hunt for hidden settings to disable in your browser? why not just use firefox?
"If you are a website owner, your site will automatically be included in FLoC calculations if it accesses the FLoC API or if Chrome detects that it serves ads."
Personally, I don't trust Google that much. Chrome knows which websites I've been to, so it could easily (accidentally, or on purpose) just include any site. Google also has a history of starting conservatively, then rolling out stuff a little at a time. "Boiling Frogs".
Rolling out the header everywhere seems like a good way to keep Google honest about it. Chrome can obviously still do whatever it wants, but it would be harder to explain for them if they shared info on an explicitly opted-out site visit.
It's also just a sort of ceremonial way of expressing dissent with the idea in general. In a way that people could collect statistics on and track.
It does very little; effort is better spent getting people off FLoCed browsers like Chrome.
More info: https://seirdy.one/2021/04/16/permissions-policy-floc-misinf...
This is what's really bad about FLoC; it's so hard to fight back on behalf of oblivious Chrome users who didn't opt out. For the uninformed, there's no winning move.
FLoC (and FLEDGE, and PARAKEET, and a million other bird proposals) is being used as a way to mitigate some of the loss that publishers and advertisers will see when those privacy measures are put into place.
I think this illustrates that the whole bird-brained idea is to placate the advertisers so they won't run to congress, while continuing to allow Google to fingerprint people with its own, better, data, thus increasing its advertising advantage.
I sit in on many of these W3C meetings (I'm not from Google) and the discussion is always "given that we want to achieve X definition of privacy (where X varies depending on the proposal), how can we mitigate some of the fallout that will happen". It's never "how can we defeat these privacy measures that are going to be put into place so we can keep the status quo".
You can argue that advertising is a net negative for the web or that it's evil or whatever you want, but if you frame it as "how can we take steps to make things more private for end users without completely destroying the way business on the web make money" then I think the current path is a reasonable one.
Dropping third party cookies is just one small piece of it.
"New thing not perfect!"
> As privacy and data ethics advocates warned, companies are starting to combine FLoC IDs with existing identifiable profile information, linking unique insights about people’s digital travels to what they already know about them, even before third-party cookie tracking could have revealed it.
and
> Advertising companies are already strategically gathering FLoC IDs and linking them to identifiable data or analyzing them in an attempt to uncover information about people that may not have been known before, mimicking how they have parsed what third-party cookies told them about people’s behaviors.
I see the submitted title has been altered anyway.
There is a fundamental tension between me wanting to walk around the world as a free human individuum and a large group of people who for some reason or another want to know exactly what kind of fart I prefer so that they may match me with the correct kind of fart-cushion so that I might buy it.
The idea that I might not want to have a fart cusion in the first place, and If I fancied the idea of getting one, I might go to the fart cusion store to find the perfect fart cushion does not seem to occur to these people - I am sure technically they have thought of the possibility, but they do not respect me or my boundaries.
What this "new thing" does, is manage my suspected fart-cusion preferences inside my browser, instead of some "cloud" to then tell fart-cusion-selling-enthusiasts that indeed, I might be one of these people with an interest in fart-cusions.
This "new thing" doesn't change anything about the fundamental issue that my thoughts and aspirations as a fart enthusiast are not the business of any moron who want's to market their newest fart-cushion invention to me.
Don't forget that there are people who want to find out if you are a fart enthusiast, so they can then use that to coerce you into "playing ball" with them.
Sort of the digital equivalent of the "$5 wrench[0]." Social media and adtech have been a freaking goldmine for spies.
Those using ad-blockers are going to use them anyway, but some assurance that I won't be tracked would go a long way towards me turning off ad-blockers on the sites I don't frequent, and even those that I do if they don't have a ad-free subscription. Those wanting personalized ads, can set the Do Not Track preferences accordingly, possibly by site.
Too busy to do a long post in detail, but short version is that advertiser's acceptance of DNT was entirely dependent on people not using it. If Microsoft had left it as opt-in but the majority of consumers had turned it on, we would have seen the same result.
You can see the same principle to explain the response to iOS's privacy changes, which are not opt-in or opt-out; they force the user to make a choice. The ad industry is still furious about this.
DNT could have only worked if no one used it, and that is not a privacy outcome that is worth pursuing or advocating for. It's not Microsoft's fault that DNT went away, Microsoft was just the excuse the advertising industry needed to avoid it. I don't think that DNT was ever anything other than an excuse the industry could use to keep tracking people and avoid legislation without changing anything. Microsoft didn't take it away from you, they just pulled back the curtain and showed you the truth about it.
A privacy standard that fails as soon as it's turned on by default is almost worthless and it really shouldn't be advocated for in the first place.
- https://news.ycombinator.com/item?id=26821972
- https://news.ycombinator.com/item?id=24294280
If they are not able to make those numbers, they fear becoming irrelevant.
These ad-tech companies are simply stuck and unable to innovate due to their current clients and promises.
Not saying this is ok, but this was the plan from the beginning, being able to offload responsability far from Google. This article[1] actually shows what it's like for an advertiser.
[1] :https://cafemedia.com/early-status-of-the-floc-origin-trials...
EDIT: Did not finished the article before posting, they actually talk about cafemedia's work.
FLoC is NOT proven to be incentive-compatible with consumers and how they value their privacy. The only guarantee is that users are (on average) harder to distinguish within a cohort. Google absolutely studied the possible economic consequences of FLoC prior to announcement and they are hiding that study. Either because the results are crappy, the Google Ads employees are less competent than they were a decade ago, or both.
Could you walk through your ideas of the incentives here? I'm curious because while I like the idea of FLoC in general, Google is the last company I trust with this. Moreover there are a lot of details (such as cohort sizes) that could have the potential to mask identity and align incentives, but has been underspecified by Google so far.
This seems all quite speculative. In the first paragraph they describe FLoc IDs as changing constantly - why would they assume new IDs are not being generated, and groups are not constantly being mixed?
> “If your behavior doesn’t change, the algorithm will keep assigning you in that same cohort, so some users will have a persistent FLoC ID associated with them — or could."
When combined with other information that is already being used (such as canvas fingerprinting and other techniques), this looks like it can help narrow it down even further.
> “We can use that as another signal to create a stable identifier for them.”
The best way to explain it is that a lot of companies have been making significantly more money than their technology is worth. A number of initiatives have attacked the data-in side of the equation so the underlying tech is showing how questionable it really is.
This type of research should be filed under “could be big” but at this point it’s closer to public relations for ad tech firms than “the sky is falling, become Amish.”
Every time I see an ad that relates to my current unique interests I feel spied upon and concerned that my private life is leaking without my knowledge or control.
https://github.com/WICG/floc/issues/69
As a fingerprinting surface FLoC has similar properties to the Battery Status API -- not stable for the same user over long intervals, but can be used to help match pageviews from different domains that were close in time.
https://www.schneier.com/blog/archives/2016/11/firefox_remov...
But only the big sites like google have enough users to birthday-paradox their way into a meaningful ID graph, so you're safe from that tiny ad startup that also happens to be threatening google's business model...
Not sure how it works, but the EFF doesn't seem totally confident that it can detect those affected: "This page will try to detect whether you've been made a guinea pig in Google's ad-tech experiment."
There's no reason why the website would not be reliable at detecting whether FLoC is enabled on your browser.
You can also used https://floc.glitch.me/ which was linked in one of the blog posts from google.
Privacy Analysis of FLoC - https://news.ycombinator.com/item?id=27463794 - June 2021 (2 comments)
The proper headline should be "Ad tech films test FLoC".
Ads by themselves aren't bad and neither is personalization. These methods of monetizing content have led to the huge surge of interest, talent and capital into Software Engineering companies and has arguably funded some of the most remarkable technological advancements of the past two decades or longer if you consider all the things that have come out of research projects in companies with primarily an advertising business model.
There are certainly valid criticisms of personalized advertising and personally, i believe there is too much concentration of power in the market.
However, i'd love to hear intelligent peoples perspectives here on how we preserve this wildly successful business model while tackling the abusive parts? If tomorrow the consequences of these restrictions by platform owners such as Apple or Google end up concentrating more of the power within the walls of the largest players, we're simply trading one set of problems for a much larger set.
No regards for privacy at all, this rampant data harvesting and spying must stop now.
