Google is in the business of surveiling users and selling them to advertisers. Hell, if it weren't for Google, other business models that don't require user surveillance might have taken off. The only solution to surveillance is software that users are in full control of. Chrome isn't that.
There's no difference. Targeted advertising demands information that I (and others) may not want Google (or other scumbag advertisers) to have. That's a privacy violation.
I suggest they do so. It gives a good look at the conflict between the different departments in Google re: revenue vs. value. If there are any questions about the motivations behind changes such as these, this may provide a bit of insight.
1: User visits domain A which includes a script from domain T. The script sets a cookie with a unique ID on domain T.
2: User visits domain B which also includes the script from domain T. With the request for the script, the browser also sends the cookie with the unique ID.
3: T now knows "Someone visited domain A and B".
4: If T figures out something private about the user on site A (say their Twitter handle), they now know that Twitter handle X visited domain A and domain B.
Is this a correct summary of what this is about?
I guess this means that Meta knows a lot of domains which handle xyz visits. Because they set the cookie when the owner of handle xyz logs into their account and then sees them on every domain which includes a script from Meta.
They can still accomplish this by loading some resource from meta servers. They don't need the cookie at all. They could do it with a .png icon if they wanted to.
Looks like they figured out a way to track you without 3rd party cookies and are looking to use their dominant position as a browser vendor to undercut competing ad vendors who haven't figured it out yet. I wonder if those obnoxious Login with Google popups have anything to do with it.
The spec for the targeting replacement is public, I believe it's called FLEDGE. Third party cookies uniquely identify one browser allowing direct targeting, whereas FLEDGE only allows general targeting of larger groups by topic as far as I understand it. I believe it's entirely distinct from Google accounts.
Disclaimer, I work at Google on related things on the Android side, but I only have a layman's understanding of the Chrome side.
How many people have you met in your life that have told you that they want to help advertisers serve them better personally targeted ads?
If the answer is a very low number, then why is Privacy Sandbox on by default?
In Chrome, none of the Privacy Sandbox APIs even respect the browser's built-in Do-Not-Track setting.
Contextual ads are enough. Advertisers don't have an intrinsic right to optimally profit off my device hardware, and they should be thankful for whatever profit they do end up getting.
Google's tech lead on Privacy Sandbox, Michael Kleber, says that "[…] limiting the web to contextual advertising solutions dramatically decreases the ability of web sites to fund themselves — for example, 52% less revenue for sites on average, and 62% less for news sites, according to https://services.google.com/fh/files/misc/disabling_third-pa..., […]"
48% of current revenue is plenty. Privacy Sandbox is adtech greed forced onto users.
It feels like there's a bunch more pieces to the puzzle too. There's Topic API, which by itself only tells a site more about users, but does so in a supposedly privacy preserving way. There's dozens of efforts listed on https://developers.google.com/privacy-sandbox/relevance/prot... , mostly slated for 2023 & seemingly not updated in a while (with abundant broken links too). It's a bit wild that third party cookies are deprecated even though it seems like then promised fair privacy preserving replacement for ads is maybe still being built?
The spec and impl might be public, but the actual market analysis that drove the change and how it will make non-Google ad targeting less competitive is not, and your employer will go scorched-earth to hide whatever they can from public inquiry just as they’ve done in current trials e.g. https://arstechnica.com/tech-policy/2023/09/google-fights-to...
The obnoxious Google Login popups are designed to create lift for Google auth over e.g. Facebook, Microsoft, or even per-site accounts. While logged-in helps them track you, Google already has you through your phone or Google Analytics. Google Plus was where they launched the TOS and formally started cookie-joining across all their platforms.
This has nothing to do with the Google Login pop-up. Incidentally, it used to be that you could turn them off in your Google account settings, and the option is still there, but it seems to be broken since a while now. At least for me.
Google loves doing this as they have all the info from everyone anyway and have first hand access to fingerprinting users, so they just cut out the competition who do it in this outdated fashion.
Readit News
* https://www.justice.gov/d9/2023-11/417581.pdf
I suggest they do so. It gives a good look at the conflict between the different departments in Google re: revenue vs. value. If there are any questions about the motivations behind changes such as these, this may provide a bit of insight.
1: User visits domain A which includes a script from domain T. The script sets a cookie with a unique ID on domain T.
2: User visits domain B which also includes the script from domain T. With the request for the script, the browser also sends the cookie with the unique ID.
3: T now knows "Someone visited domain A and B".
4: If T figures out something private about the user on site A (say their Twitter handle), they now know that Twitter handle X visited domain A and domain B.
Is this a correct summary of what this is about?
I guess this means that Meta knows a lot of domains which handle xyz visits. Because they set the cookie when the owner of handle xyz logs into their account and then sees them on every domain which includes a script from Meta.
So is this an attack on Meta by Google?
Deleted Comment
Disclaimer, I work at Google on related things on the Android side, but I only have a layman's understanding of the Chrome side.
If the answer is a very low number, then why is Privacy Sandbox on by default?
In Chrome, none of the Privacy Sandbox APIs even respect the browser's built-in Do-Not-Track setting.
Contextual ads are enough. Advertisers don't have an intrinsic right to optimally profit off my device hardware, and they should be thankful for whatever profit they do end up getting.
Google's tech lead on Privacy Sandbox, Michael Kleber, says that "[…] limiting the web to contextual advertising solutions dramatically decreases the ability of web sites to fund themselves — for example, 52% less revenue for sites on average, and 62% less for news sites, according to https://services.google.com/fh/files/misc/disabling_third-pa..., […]"
48% of current revenue is plenty. Privacy Sandbox is adtech greed forced onto users.
Docs for Protected Audience API: https://developers.google.com/privacy-sandbox/relevance/prot...
It feels like there's a bunch more pieces to the puzzle too. There's Topic API, which by itself only tells a site more about users, but does so in a supposedly privacy preserving way. There's dozens of efforts listed on https://developers.google.com/privacy-sandbox/relevance/prot... , mostly slated for 2023 & seemingly not updated in a while (with abundant broken links too). It's a bit wild that third party cookies are deprecated even though it seems like then promised fair privacy preserving replacement for ads is maybe still being built?
If you work on Android maybe you can do a 20% project where you let users completely opt out of motion-based user fingerprinting even when airplane mode is on https://www.thesun.co.uk/tech/7811918/google-is-tracking-you...
Or even a change to let Android users get a percentage of the profits garnered from Google’s fingerprinting of them.
Dead Comment
More recent discussion over last few days instead of this old post that's been submitted a bunch.
https://news.ycombinator.com/item?id=38880690
https://news.ycombinator.com/item?id=38866109
Preparing for the end of third-party cookies
https://news.ycombinator.com/item?id=38413263
Is it what you want - often "no"
Is it better than what we have - often "I suppose so :("
"chrome://flags/#test-third-party-cookie-phaseout is available from Chrome 118" if you want to test it.
Deleted Comment