Google wants your Google Account to be the only Identity Signal available on the web.
This feature is available right now in Analytics and Ads. It's called "Google Signals." The documentation is publicly available, although it's a little scattered between different product page. I'll summarize:
If the user is using Chrome, and is logged into their Google Account, then you can use that instead of cookies. This is used for pulling in demographic information, cross-domain tracking, and cross-device tracking (something even 3rd-party cookies can't do without fingerprinting!).
The Privacy Sandbox kills other channels that might be an identity signal. Meaning ones available to parties other than Google.
Even as an anti-Google zealot who disapproves of this, I'll admit there are some ancillary benefits. For one, I honestly do believe that Google intends to kill fingerprinting, because it's in their interest to do so. For another, Google does offer a setting "disable personalized advertising" which will centrally let you opt-out of this tracking.
But most people are surprised when they find out that things already work this way, which to me already puts it on ethically dubious foundations from a privacy perspective. And, of course, the monopoly issue.
You are plainly ignoring the actual privacy sandbox in favor of the clickbait. Google is killing 3p cookies which kills google competitor products. But the sandbox is purpose built to create new infrastructure for the competitors (and google) to rebuild in a privacy focused way. The privacy sandbox is a way to create an alternative to IDs (like google’s sign in option) and 3rd party cookies. You can go through proposals and see how these can work here: https://github.com/w3c/web-advertising
Look, I’m not a google fan but you can’t just ignore half of what google is doing. Even then, you’re missing that they are other ID projects that are closing ground on googles ID.
If the user is using Chrome, and is logged into their Google Account...
What does it do if the user isn't signed in to Google?
Google's engineers would have to have an unbelievable level of contempt for users to propose a feature that claims to improve privacy by signing in to Google.
> Google's engineers would have to have an unbelievable level of contempt for users to propose a feature that claims to improve privacy by signing in to Google.
I, for one, find that level of contempt totally believable.
This is an egregious violation of privacy of the unsuspecting Chrome user who conducts their business while signed in to Chrome.
To make things worse, couple of years ago, Chrome started mingling Chrome Sync and cookies for accounts.google.com which meant that signing into Chrome Sync also automatically signed you into all of Google services. The cookies reappear even if you delete them, just because you are signed into Chrome Sync. Now, that same identity (<you>@gmail.com) is not just used for Google's own websites, but also made available to anyone who uses Google Analytics - which is 90% of the web - including your cross-domain and cross-device history. Of course, none of this is new, but I shudder every time at the thought of how much information the user is giving away about themselves.
On this bit, tracking concerns are not just for advertising though. Extending your reading on how they replace cookies with the Google id, I’d see them replacing ad targeting with other uses of the data anything that wouldn’t straight be labelled as “ad” (scoring, black listing, indirect target matching, etc.)
The "Ad personalization" bit is probably what the parent comment is referring to. But it sounds like you're interested in the "Web & App Activity" bit, which will turn off the non-ads usage of your data. To a certain extent at least, since there are some grey areas.
For example, I'm on the team that sends Google Shopping emails. If you click a button to track the price of a specific TV, we'll still send you an email if that price drops even if you've opted out of "Web & App Activity". But if you've just been browsing shopping pages for TVs, we won't send you a general email about TV deals if you've opted out. Both of those cases are in some literal sense "web activity" but it's still pretty clear what the user expects.
But you might imagine- if you're tracking the price of a specific TV and opted-out of Web & App Activity, should we send you an email if a near-identical TV drops in price? We probably wouldn't, and we don't have anything like this today, but it's not quite as clear. And Google has so many features across different teams, I can imagine there's probably at least one where some privacy reviewer made a different call than what you would have made.
An interesting thing I've noted on disabling personalized advertisements: My SO, who has personalized ads on and lives in the same household, sees ads based on my behaviour. So the ads aren't personalized to me, but they certainly are to my SO.
In other words, they're personalised to your IP address, but since only your SO has personalised ads turned on, they see what's personalised to both of you.
Depending on the type of ads being served that cross-profile-pollination could lead to info leakage and problematic and/or weird situations. It makes me want to be able to build a fake persona rather than a ghost/anonymous profile
Interesting way of looking at this: monopolies stifle markets and hurt consumers. But consumers of the ad market are not the end-users, they're the companies buying ads. Therefore, by strangling the market, it is actually possible for Google to be helping people for whom that market is a bad thing (which is most of us).
That sure doesn't sound insidious...kind of like a large Internet ad company trying to make sure that they're the only one who can track your activity online.
Don't worry, though. If you were using any of the now-dead competing advertiser networks, you can target using this information for a small fee! They sure know how to benevolently push forward the wheel of progress to fight to ensure your absolute privacy from everyone but them.
Not that I'm a fan of these 'Signals'--or even cookies for that matter.
"Oh _these_ aren't cookies! It's just that Chrome sets and sends custom http headers to all Google owned websites. _Totally_ not cookies! _Totally_ GDPR compliant!"
Set-X-Totally-Not-An-HTTP-Cookie: sessionToken=bigiain; Expires=Wed, 17 Jan 2091 10:18:14 GMT
Many ways! You reduce the nearly unlimited responses for various aspects of a defined few - such as a basic list of fonts or the nearest screen resolution. You only provide random data unless the user specifically grants fine tuned info. You stop providing long lists of capabilities and instead leave it to the implementation to assume.
Providing a “baseline” user agent instead of a detailed specific version could help for example.
I wonder if they are also doing this to get around the GDPR related cookies stuff. Don't need to have a banner if you don't use cookies. I assume this would also apply to sites using Google Analytics as well
GDPR is actually technology agnostic, it doesn't mention cookies or any other technology. If you store extra PII in any way, cookies, fingerprinting, localstorage or whatever you need to ask for consent with opt-in.
Ok, so basically Chrome will keep a profile on you and send that Google, so as long as the ads on the webpage are Google ads they will be targeted, but any third party provider will not be able to do the same?
Sounds like they are finally realizing their vision for making Chrome in the first place -- to sell more ads.
I'll stick with Firefox with temporary tabs -- I already an protected from third party cookies because Firefox already isolates every tab, but importantly doesn't send my browsing data anywhere.
Can you provide some references to where you're seeing this. If anything they are killing off third party cookies just like Apple and Firefox. Also they are making it so even third party Javascript is less likely able to track you - meaning everything has to be first party. IMO this just means there will be a shift in how tracking works. Moving from third party tracking scripts you install on your website to using CDN's to pull code through or host on your own domain. IMO this means you'll be less able to identify when you're being tracked much more like how it works today on native apps, e.g. you can't tell whether that native app is tracking you.
I'm making some logical leaps. They appear to be killing off 3rd party cookies just like Apple and Firefox. The difference is that Apple and Firefox do not sell an ad product and don't have a reputation for tracking your every move on the internet. Google on the other hand does have a reputation for tracking you through Chrome.
Everyone in adtech, except perhaps Google, is worried. One non-Google player I know is seriously concerned about what the cookie-less web means or online ads. Essentially the entire online advertising industry, both publishers and advertisers, is built on 3rd-party cookies.
The goal: to show you only ads for things you care about and are likely to buy and be influenced by advertising for, is good. But the reality is a mess.
Some of the downsides of Google's proposal are obvious, given its position, but there's at least one downside that users might notice: lots more ads targeted only by the demographic of the publication, making the web look more like print media or TV and presenting you and me with a lot more space on our screens wasted showing ads for things you don't care about.
As for the "fingerprinting" proposals? Bad. Very Bad. Think digital "facial" recognition bad.
As opposed to the current advertisements, which are for... A mobile game? Another mobile game. A behavioral science app. A hyperspecific ad for a watch based on a video game I played, which would be cool but is useless because I have already bought that exact watch. An ad for an armored personnel carrier.
Please. Individual targeted ads are worse than content-based ads.
Wait a second. An armored personnel carrier? What's the conversion funnel here? Do they send it to you? Do you get a discount if you equip your own personal motorized infantry battalion? Is there an update channel for anti-air?
I fell left out because I want an ad for an armored personnel carrier - I won't need it, but at least that ad would be for something cool.
Honestly it feels like there haven't been any decent innovations in a long time. Aside from Apple producing an ARM laptop that doesn't suck I can't really think about what the last product I was excited for was.
I like to click on the weirdest ads I see, either because I'm curious or because I'm a sucker.
It does ... weird things to the ad targeting; I'm currently seeing ads for crystal figures that cost six figures. They're pretty, but not that pretty.
It's fascinating to me that people buy ads pointing to things that essentially no one can afford. I guess the idea is that they'll attract attention and people will click around the site to find cheaper things?
I never said that the targeting was any good. I said it was a mess, just that it was supposed to be good. Believe me, advertisers are very aware of the problem of showing you ads for things you just bought and would love to stop doing it.
Advertising was around for thousands of years before tracking. The fear is that they won't make as much money and will have to go back to how they did it before all the privacy invasion. Very sad indeed.
It's easy really, you just put ads on sites visited by your target market. That's how advertising was always done before Gattica style snooping was involved.
Individually targeted advertising needs to be illegal. It's bad for society.
It's not unreasonable to think that a lot of current digital ad spend is 1) an arms race for slices of a pre-existing attention pie that also resembles a protection racket, 2) a huge waste of money.
There have been a couple of natural experiments showing #2 where entire digital ad spends were slashed at once with little to no impact.
As for #1, look at where a massive chunk of Google's revenue comes from: companies trying to squat their own name and similar keywords to prevent some competitor's product from showing up next to their own.
Targeted advertising through tracking is only good for “aggregators” that want infinite eye balls.
Any platforms that create content already have well targeted ads without tracking. e.g. HBO
Even on content aggregators, that target niche audiences like HN have well targeted ads without tracking. Jobs and of course Ycombinator listed everywhere.
Killing tracking kills the mega content aggregator industry (front page of Reddit, maybe Facebook feed, etc) but this is likely a good thing.
Exactly! Even for free market believers, ads are just a way of manipulating consumers so that they are less rational, and so they are a distortion of the market (in favor of the biggest players, of course, as they can spend the most on advertising).
Time for everyone in adtech to start advertising Firefox then. Google has made it clear they want to be the only platform where users can watch ads. OSes, Browser, websites.
> ...there's at least one downside that users might notice: lots more ads targeted only by the demographic of the publication, making the web look more like print media or TV...
...this is bad? Sounds great to me.
> ...showing ads for things you don't care about.
This is what targeted advertising already accomplishes: showing me ads for things (or equivalents of things) I already own. Either that or things so wildly off base I have to wonder if the targeting works at all.
Yes, advertisers would love to stop showing you ads for things you just bought. If you see a wildly off base ad, it's likely not targeted, it's just part of an ad buy.
Targeting only by the demographic of the publication is not so great because publishers usually only have a vague idea who their actual demographic is. Take for example the TV show Golden Girls. It was supposedly all about the 50+ demographic, but it was a huge with with queer people of all ages right from the start.
>presenting you and me with a lot more space on our screens wasted showing ads for things you don't care about.
As opposed to the ads for toilet seats from that one time I bought a toilet seat online 6 months ago.
If anything forcing adds to be dumb will mean that we get high quality publications in niches again. If you sell model ships advertising on model-ships-magazine.com actually incentivizes a quality site that is interested in furthering the hobby and keeps your dumb smart ads from clogging up the rest of my life.
Targeting is a piece of the puzzle. As an advertiser I need frequency capping, brand safety, page quality, geo, etc. Ignoring all that.. I still need to measure results.
Yet somehow advertising existed for decades without being able to completely track the full path from viewed ad to purchase.
Seriously, the completely f'd up view of advertisers ("Ads won't work unless I can basically track everything about you!!") shows how bonkers the world has become. If your job can't exist without in-depth tracking of how a shown ad influences purchasing behavior, maybe your job shouldn't exist.
Seriously, ads would work plenty well enough by just showing the same ads to all users based on the contents of the page (or search query). Honestly, I'd be all for a legal framework that completely outlaws any "personalization" on the internet unless a user clearly and optionally opts in.
There is nothing your client can do (other than blocking ads entirely) that would stop a company from serving you car ads on a car site - that's contextual ads.
Personalized ads are the opposite - you're browsing a fashion site, but you'll get car commercials because you've been visiting car commercials lately.
If I'm reading an article about the pandemic, I probably don't want to see ads selling me face masks. If I'm reading an article about the inauguration, I probably don't want ads selling me inauguration t-shirts.
I am however more likely to click on ads selling me home renovation stuff because they know I've recently bought something in Home Depot. Even though I'm not currently on a home renovation website.
The most effective ads on me, in terms of intentional click through rate (not going to count predatory clicks) are contextual ads on specialized sites. This doesn't work well for general stuff like news sites, but webcomics that do their own ads, or a super focused forum like candlepower or head-fi? Contextual ads are ideal there.
Second most effective are platform-specicic hypertargeted ads, such as Facebook ads. Lot of misses there too, but their first party targeting is good to the point of actually giving me some interesting content.
In practice the third party "contextual" ads mostly are misses for me. Wow, another ad for the home improvement thing I either researched and bought last month, or that I was looking up on a whim and don't have any intention of actually purchasing.
Maybe some articles just shouldn't have ads at all. That would be refreshing. Sites publishing ad-supported content obviously need to put the ads somewhere, but that doesn't mean every single article needs its own revenue stream to justify its existence.
You've just given two bad examples, contrasted with one good example, to prove your point. Pick a good example of a contextual ad and a bad example of a personalised ad (there are many) and the proof is reversed.
That is the scariest thing about this. Google already has an effective monopoly on information discovery via its search engine, and is rapidly approaching one with what software people use to view information on the Internet. It controls the "web standards" and can change them rapidly with little opposition. Websites that have no business being anything but browser-agnostic, yet are usable only in the latest version of its ever-churning browser (or its not-too-different clones), are already uncomfortably common. For a lot of people, Google is "the Internet".
I don't know what the solution is. But there's definitely a problem.
>“We’re in this in-between situation where it’s really not satisfactory because you’ve got consumers not accepting cookies and no solution in place.”
Oh my. That sounds awful.
You know, I think I actually do want Google to build this into Chrome, wire it up to your Google account for nefarious purposes and/or have the whole thing turn into an example that K-anonymity doesn't work well in practice, and try to ram it down everyone's throats. Perhaps that will finally drive people away, and start up some monopoly investigations with teeth.
In the meantime, I'll keep blocking 3rd party cookies, and rejecting on-site ones when undesired.
FWIW these proposals change every month and there are weekly calls with some of the W3C group about this. Nobody in adtech actually believes 3p cookies will be gone by the claimed date.. you can’t rebuild the entire ecosystem in (now) less than a year.
The main reason is speed. It ads extra latency that kills ad response rates.
Secondly is trust. The third party has no way to verify the first party isn't sending bogus requests to increase their payments from the third party and/or hurt their competitors.
Ad fraud is real. It goes the other way too, the "proxy" site could serve up a different ad from the one it's supposed to be sending, and it would be hard to know.
It only works if you have identified (logged-in) traffic and pass the identifier (ie, email hash) along to the side-channel.
Otherwise there's no way to target the ads, it's a first-party cookie but scoped to a single domain so there's no useful targeting data.
(and yes, this is the industry plan, but it's TBD whether publishers like media websites can get a workable fraction of their users to log themselves in)
Readit News
This feature is available right now in Analytics and Ads. It's called "Google Signals." The documentation is publicly available, although it's a little scattered between different product page. I'll summarize:
If the user is using Chrome, and is logged into their Google Account, then you can use that instead of cookies. This is used for pulling in demographic information, cross-domain tracking, and cross-device tracking (something even 3rd-party cookies can't do without fingerprinting!).
The Privacy Sandbox kills other channels that might be an identity signal. Meaning ones available to parties other than Google.
Even as an anti-Google zealot who disapproves of this, I'll admit there are some ancillary benefits. For one, I honestly do believe that Google intends to kill fingerprinting, because it's in their interest to do so. For another, Google does offer a setting "disable personalized advertising" which will centrally let you opt-out of this tracking.
But most people are surprised when they find out that things already work this way, which to me already puts it on ethically dubious foundations from a privacy perspective. And, of course, the monopoly issue.
Look, I’m not a google fan but you can’t just ignore half of what google is doing. Even then, you’re missing that they are other ID projects that are closing ground on googles ID.
What does it do if the user isn't signed in to Google?
Google's engineers would have to have an unbelievable level of contempt for users to propose a feature that claims to improve privacy by signing in to Google.
I, for one, find that level of contempt totally believable.
Well, then they just use you to train their fire-hydrant, bus, bicycle, and stair image recognition algorithms.
I guess I just don't care who makes money off fingerprinting as long as I can choose that no one makes money off me personally.
To make things worse, couple of years ago, Chrome started mingling Chrome Sync and cookies for accounts.google.com which meant that signing into Chrome Sync also automatically signed you into all of Google services. The cookies reappear even if you delete them, just because you are signed into Chrome Sync. Now, that same identity (<you>@gmail.com) is not just used for Google's own websites, but also made available to anyone who uses Google Analytics - which is 90% of the web - including your cross-domain and cross-device history. Of course, none of this is new, but I shudder every time at the thought of how much information the user is giving away about themselves.
Are you conflating the aggregate anonymized data in GA with the user level visibility Google has into the raw data?
> “disable personalized advertising”
On this bit, tracking concerns are not just for advertising though. Extending your reading on how they replace cookies with the Google id, I’d see them replacing ad targeting with other uses of the data anything that wouldn’t straight be labelled as “ad” (scoring, black listing, indirect target matching, etc.)
There are a few settings for this kind of thing. You can take a look at https://myaccount.google.com/data-and-personalization
The "Ad personalization" bit is probably what the parent comment is referring to. But it sounds like you're interested in the "Web & App Activity" bit, which will turn off the non-ads usage of your data. To a certain extent at least, since there are some grey areas.
For example, I'm on the team that sends Google Shopping emails. If you click a button to track the price of a specific TV, we'll still send you an email if that price drops even if you've opted out of "Web & App Activity". But if you've just been browsing shopping pages for TVs, we won't send you a general email about TV deals if you've opted out. Both of those cases are in some literal sense "web activity" but it's still pretty clear what the user expects.
But you might imagine- if you're tracking the price of a specific TV and opted-out of Web & App Activity, should we send you an email if a near-identical TV drops in price? We probably wouldn't, and we don't have anything like this today, but it's not quite as clear. And Google has so many features across different teams, I can imagine there's probably at least one where some privacy reviewer made a different call than what you would have made.
That sure doesn't sound insidious...kind of like a large Internet ad company trying to make sure that they're the only one who can track your activity online.
Don't worry, though. If you were using any of the now-dead competing advertiser networks, you can target using this information for a small fee! They sure know how to benevolently push forward the wheel of progress to fight to ensure your absolute privacy from everyone but them.
Not that I'm a fan of these 'Signals'--or even cookies for that matter.
How is the Google Account ID shared if not by cookies?
Set-X-Totally-Not-An-HTTP-Cookie: sessionToken=bigiain; Expires=Wed, 17 Jan 2091 10:18:14 GMT
Providing a “baseline” user agent instead of a detailed specific version could help for example.
But only because they have a far more efficient way of tracking users _and_ make sure they're the only one who can benefit from this.
It's unbelievable how absurdly anti-competitive and anti-consumer google has become, yet nobody seems to care.
Dead Comment
Sounds like they are finally realizing their vision for making Chrome in the first place -- to sell more ads.
I'll stick with Firefox with temporary tabs -- I already an protected from third party cookies because Firefox already isolates every tab, but importantly doesn't send my browsing data anywhere.
Dead Comment
The goal: to show you only ads for things you care about and are likely to buy and be influenced by advertising for, is good. But the reality is a mess.
Some of the downsides of Google's proposal are obvious, given its position, but there's at least one downside that users might notice: lots more ads targeted only by the demographic of the publication, making the web look more like print media or TV and presenting you and me with a lot more space on our screens wasted showing ads for things you don't care about.
As for the "fingerprinting" proposals? Bad. Very Bad. Think digital "facial" recognition bad.
Please. Individual targeted ads are worse than content-based ads.
Honestly it feels like there haven't been any decent innovations in a long time. Aside from Apple producing an ARM laptop that doesn't suck I can't really think about what the last product I was excited for was.
It does ... weird things to the ad targeting; I'm currently seeing ads for crystal figures that cost six figures. They're pretty, but not that pretty.
It's fascinating to me that people buy ads pointing to things that essentially no one can afford. I guess the idea is that they'll attract attention and people will click around the site to find cheaper things?
It's easy really, you just put ads on sites visited by your target market. That's how advertising was always done before Gattica style snooping was involved.
Individually targeted advertising needs to be illegal. It's bad for society.
There have been a couple of natural experiments showing #2 where entire digital ad spends were slashed at once with little to no impact.
As for #1, look at where a massive chunk of Google's revenue comes from: companies trying to squat their own name and similar keywords to prevent some competitor's product from showing up next to their own.
Any platforms that create content already have well targeted ads without tracking. e.g. HBO
Even on content aggregators, that target niche audiences like HN have well targeted ads without tracking. Jobs and of course Ycombinator listed everywhere.
Killing tracking kills the mega content aggregator industry (front page of Reddit, maybe Facebook feed, etc) but this is likely a good thing.
No, that's bad. The last thing I want is to be influenced by adverts.
And I'd rather not make ads less effective because that would mean either more ads or fewer publishers.
...this is bad? Sounds great to me.
> ...showing ads for things you don't care about.
This is what targeted advertising already accomplishes: showing me ads for things (or equivalents of things) I already own. Either that or things so wildly off base I have to wonder if the targeting works at all.
Targeting only by the demographic of the publication is not so great because publishers usually only have a vague idea who their actual demographic is. Take for example the TV show Golden Girls. It was supposedly all about the 50+ demographic, but it was a huge with with queer people of all ages right from the start.
As opposed to the ads for toilet seats from that one time I bought a toilet seat online 6 months ago.
If anything forcing adds to be dumb will mean that we get high quality publications in niches again. If you sell model ships advertising on model-ships-magazine.com actually incentivizes a quality site that is interested in furthering the hobby and keeps your dumb smart ads from clogging up the rest of my life.
Seriously, the completely f'd up view of advertisers ("Ads won't work unless I can basically track everything about you!!") shows how bonkers the world has become. If your job can't exist without in-depth tracking of how a shown ad influences purchasing behavior, maybe your job shouldn't exist.
Seriously, ads would work plenty well enough by just showing the same ads to all users based on the contents of the page (or search query). Honestly, I'd be all for a legal framework that completely outlaws any "personalization" on the internet unless a user clearly and optionally opts in.
Personalized ads are the opposite - you're browsing a fashion site, but you'll get car commercials because you've been visiting car commercials lately.
I am however more likely to click on ads selling me home renovation stuff because they know I've recently bought something in Home Depot. Even though I'm not currently on a home renovation website.
Second most effective are platform-specicic hypertargeted ads, such as Facebook ads. Lot of misses there too, but their first party targeting is good to the point of actually giving me some interesting content.
In practice the third party "contextual" ads mostly are misses for me. Wow, another ad for the home improvement thing I either researched and bought last month, or that I was looking up on a whim and don't have any intention of actually purchasing.
That is the scariest thing about this. Google already has an effective monopoly on information discovery via its search engine, and is rapidly approaching one with what software people use to view information on the Internet. It controls the "web standards" and can change them rapidly with little opposition. Websites that have no business being anything but browser-agnostic, yet are usable only in the latest version of its ever-churning browser (or its not-too-different clones), are already uncomfortably common. For a lot of people, Google is "the Internet".
I don't know what the solution is. But there's definitely a problem.
https://news.ycombinator.com/item?id=25802366
Oh my. That sounds awful.
You know, I think I actually do want Google to build this into Chrome, wire it up to your Google account for nefarious purposes and/or have the whole thing turn into an example that K-anonymity doesn't work well in practice, and try to ram it down everyone's throats. Perhaps that will finally drive people away, and start up some monopoly investigations with teeth.
In the meantime, I'll keep blocking 3rd party cookies, and rejecting on-site ones when undesired.
Secondly is trust. The third party has no way to verify the first party isn't sending bogus requests to increase their payments from the third party and/or hurt their competitors.
Otherwise there's no way to target the ads, it's a first-party cookie but scoped to a single domain so there's no useful targeting data.
(and yes, this is the industry plan, but it's TBD whether publishers like media websites can get a workable fraction of their users to log themselves in)