IPA now allows these companies to track users across multiple IP addresses, and regardless of the user's cookie settings, via a unique tracking identifier. It is also proposed that the operating system provides the unique tracking identifier which can then be used by all applications or browsers on a device, allowing different devices behind a single IP address to be distinguished.
Mozilla has disabled privacy controls in the past without informing users. For example, they removed the “prompt when setting a cookie” (so that you could reject/accept/accept for this session only) without a replacement. Newer versions just accepted all cookies as persistent, non-session cookies automatically. There are other examples like this.
It's difficult to deal with because as the code evolves, so do the configuration settings. The rate of change is high, and it's not always obvious what is relevant to users (and whether a new feature increases or decreases privacy!), so it's hard to communicate this in release notes.
> ... you don't need to worry that toggle will get mysteriously turn back on.
Using Firefox Developer edition and toggle(s) will get mysteriously turned back on all the time. And Mozilla is not immune to this practice at all for standard Firefox.
Use chromium-ungoogled [1] if you want chrome(ium) without Google-specific stuff.
Mozilla actively supports online ads and tracking. Without their partnership with Google, they could not continue as a going concern for very long.
The deception is to make people believe that studying them as ad targets through their internet use can be "private". Many will believe this nonsense. Including regulators. "It's OK, folks. Privacy is preserved." Green light to keep on tracking, collecting data and serving ads.
But the study of people's internet use to enable programmtic advertising _is_ the problem. There will be more ads. They will be more personal. The www will become even more annoying. Perhaps moreso than any other medium that has come before it.
To Mozilla, there can be no www without advertising. The truth is that there can be no so-called "tech" companies, monopolisng intermediaries, without programmatic internet advertising. The www does not need it and the original www did not have it.
First Mozilla partners with Yahoo. Then Google. Perhaps Meta will be next. Mozilla is no different than so-called "tech" companies in at least one regard: it cannot find a "business model" besides internet advertising.
Yeah, that is my understanding as well. While many promote Firefox as an alternative to Google Chrome, it simply lacks adequate proof that Firefox is any better than Chrome at tracking. Else, how does Mozilla survive?
What do you do if websites are "best viewed in Chrome"?
Embrace: Embrace the open web, create an excellent product and aggressively promote it until you take over the market
Extend: Chrome experiments and advanced features that improve the user experience and developer experience through Chrome only API and Google services. Even provide these services to everyone who wants to use them free or charge so that the user expectations are elevated to that point and web businesses depend on these by building their products around them. Maybe make developers depend on this "topics" feature even.
Exterminate: Cut off or degrade the free services to 3rd party browsers, remove or tame extensions that harm your business and recoup the costs of the free services. Since you no longer have viable competition, reduce the development of Chrome any further, optimize only for profit. Developers who depend on you ad tech can choose to refuse serving users using another browser or opt out of Google verification or account services? The users will stay like they sat with IE.
Don't use them unless you must. The internet is a big place. Any piece of information of value can be found at its origin and no less than 10 copycat sites, one of which inevitably will work in Firefox with uBlock enabled.
Also note that Chrome on my home machine has asked me more than once to enable the new feature. Each time I've said no, I find it has turned on other related features. This may be the final irritation that makes me pull my finger out and switch to Chromium or back to FF¹. I used to switch back & forth every year or two, as one of them did something to irritate me⁴ I switched to the other.
--
[1] I switched to Chrome a few years ago when FF went through a period of being unstable²
[2] and because certain extensions didn't have good FF alternatives, because they never were or because some were crippled by the changes in ~2017³, but that latter point is fairly moot as Google is now taking their turn to work towards crippling useful extensions
[3] at least FF's change here were mostly due to massively misreading the room while trying to streamline their platform, where Google's seem to be more malicious when you consider most of the affected extensions are ones that go against their primary business of tracking people & selling adverts.
[4] things breaking after updates, periods of general instability, not keeping up in the performance race for a while, etc.
In descending order of significance (i.e. most important objective first):
1. ungoogled-chromium is Google Chromium, sans dependency on Google web services.
2. ungoogled-chromium retains the default Chromium experience as closely as possible.
Unlike other Chromium forks that have their own visions of a web browser, ungoogled-chromium is essentially a drop-in replacement for Chromium.
3. ungoogled-chromium features tweaks to enhance privacy, control, and transparency.
However, almost all of these features must be manually activated or enabled. For more details, see Feature Overview.
Our research group does work in this space[1], so I’ll claim some familiarity.
This article has multiple problems:
1. Privacy Sandbox is a project, consisting of many proposals. To pitch it as some cohesive product is misleading.
2. Related: FLoC and Topics are completely separate things, aside from existing under the same project.
3. Topics is reducible to (implementable using) third-party cookies. While the proposal has issues and doesn’t resist tracking as well as Google claims (see below article), Ars’ implication that this is somehow making Chrome less privacy-preserving is patently false.
Although the source article here is clearly opinionated in one direction, I’m not impressed with your claims about actual problems in it. (For reference, I agree with the direction it takes and would make only minor adjustments to it if I were writing it—the only of any substance would be not calling the Privacy Sandbox an “ad platform” just because in a way it’s a little more like a shop that sells picks to ad platforms.)
> 1. Privacy Sandbox is a project, consisting of many proposals. To pitch it as some cohesive product is misleading.
Look, that’s how Google are branding it. It’s an initiative which has turned into a cohesive brand. Just look at how https://privacysandbox.com/news/privacy-sandbox-for-the-web-... speaks of it all. That’s pretty much how it’s being presented in the browser, too.
> 2. Related: FLoC and Topics are completely separate things, aside from existing under the same project.
They’re about as completely separate as Chrome 17 and Chrome 117, or StarOffice and OpenOffice.org. OK, these are both very imperfect comparisons, but although FLoC and Topics work in somewhat different ways, Topics is for all practical purposes just a fork that continues FLoC. They even treated it that way in the browser (at the time at least, no idea if it’s still so). https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts#... seems overall a fair enough portrayal. They simply rebranded the basic concept.
> 3. Topics is reducible to (implementable using) third-party cookies. While the proposal has issues and doesn’t resist tracking as well as Google claims (see below article), Ars’ implication that this is somehow making Chrome less privacy-preserving is patently false.
The first and last claims here are obvious nonsense. Third-party cookies only let you track stuff where your code runs, whereas the Topics API uses the entire browser history, so it’s not reducible to third-party cookies unless you mean something very different from me by that word. Ars’ implication is by no means patently false; as far as the current status is concerned, where they’ve added this and not removed third-party cookies, it’s patently true. In the longer term, it’s less clear, better in some ways and worse in others, but “patently false” is still an unreasonable characterisation.
>whereas the Topics API uses the entire browser history
It doesn't use the full history. If a site is using the Topics API it will only get back topics that it has observed from sites in the last 3 epochs. For site X to observe a topic from site Y. Site Y must either:
* Be site X
* Embed site X in an iframe on the page with a special attribute on the iframe element
* Send a fetch request to site X with a special header and site X must respond with a special header
I didn't read the Ars article as saying FLoC or Topics make Chrome less privacy-preserving than it was before, but rather that, once Chrome disables third-party cookies, they make Chrome less privacy-preserving than other browsers with third-party cookies disabled. What the author would prefer is that Google also disable third-party cookies and also not ship FLoC or Topics.
> What the author would prefer is that Google also disable third-party cookies and also not ship FLoC or Topics.
That's not an option now thanks to multiple antitrust regulatories. Google actually tried to get rid of 3p cookies to use it as an advantage against competitors as well as privacy friendly PR but this has been blocked. One example from CMA (but not limited to): https://assets.publishing.service.gov.uk/media/62052c52e90e0...
Ron Amadeo has such a consistently snarky anti Google stance that I no longer read his articles. I haven't seen any other tech company get such dismissive treatment on Ars.
Agreed. I think he crossed the line way beyond being skeptical about Google, and into partisan politics level biased reporting against Google. E.g. his coverage of passkey was so bad - misleading half truths and outright incorrect claims - that made a subsequent article on the passkey by another Ars reporter look completely opposite from what he wrote.
What are you upset about, that he's reflexively anti-big tech which includes Google, or that he's anti-Google out of all the big tech? Because personally I don't give any of the FANG+ the benefit of the doubt on anything now.
> Topics is reducible to (implementable using) third-party cookies.
Yes, but aren't 3rd party cookies going to get banned? That seems to be the common assumption in the adtech space. If that's true isn't topics just google's mechanism to continue the kind of tracking that lawmakers are trying to ban by banning 3rd party cookies?
Huh. I did not detect such an implication. The gist of the article for me was Google is using a new system. Perhaps there is an implication that based on the deceptive use of the term "privacy" some users might believe that Chrome is now more privacy preserving. That would of course be patently false.
But it seems this comparison to third party cookies ignores the fact that now one company, Google, gets a maximum amount of tracking data without having to cooperate with any other entity. That potentially could be a loss for privacy because the concentration of personal data at one entity, i.e., Google, requires less cooperation, e.g., data sharing. It's easier.
It's less privacy preserving in that it is anti-competitive, so now google gets a monopoly on this form of tracking. I assume they'll eventually combine all the data from their other monopolies, and continue to use lobbyists to block improved laws or even enforcement of the existing laws they break.
I'm kind of torn on this. The general idea that the user's browser tracks him by itself instead of utilizing cookies or fingerprinting seems like a step up for privacy. Obviously the devil is in the details - Google controls that whole algorithm, and there obviously is a conflict of interest.
But the alternative that the people who are against it are proposing is either to keep the status quo or kindly ask Google (and other ad companies) to stop existing, which is not gonna happen. They seem to ignore the fact that ad-tech is a huge industry and a large part of the internet relies on it. Basically the only way to make it go away would be to outlaw it.
(Also so nobody accuses me as being pro-ads: I hate ads and tracking, but sort of in a way like I hate being sick. I can reduce my exposure to ads and tracking (adblock, not using certain apps, etc.), but I know that complaining about it won't make it go away)
> I hate ads and tracking, but sort of in a way like I hate being sick
What if the illness you hoped to avoid were leaking all your private behaviours to the world as though the sickness were the proper state of existence?
> ad-tech is a huge industry and a large part of the internet relies on it.
The Internet is not going away and advertising is not the Internet that we want.
They seem to ignore the fact that ad-tech is a huge industry and a large part of the internet relies on it. Basically the only way to make it go away would be to outlaw it.
Not necessarily. It will also go away - or more usefully, change its behaviour - if its current model becomes less cost effective. Apple restricted what apps could spy on and Facebook complained like a spoiled child but the sky did not fall. The evidence of effectiveness for all these tracking-based "personalised" ads is limited at best anyway. If you're running a search engine where users have literally just told you what kind of thing they're interested in right now or you're hosting videos where you know which video a user is about to watch or you're serving ads to be included within someone else's web page and you can tell what the content of that page is then you already have very useful information to help you choose which ads might be relevant without needing any additional user tracking at all.
Thank you for this. There seems to be layers of delusions throughout this comment section where it seems many people simply cannot imagine a functioning world sans some bit of questionable tech and its derivative marketing strategies that are barely 20-years old.
Context-based advertising, AKA “advertising”, has been around forever, and respected privacy to the extent that Gatorade only needed to know that people at gyms might be thirsty. Still sold a ton of slightly salty sugar water, and didn’t even suggest that they should be allowed to rummage through every customer’s gym bag, follow them home, take notes on their dinner choices and television habits, watch them sleep while taking their pulse, and then slip random notes to them throughout the day reminding them that their electrolytes were dangerously slightly on the lower side of average (code RED).
This API wont remove or deprecate the already existing tracking methods, third party cookies can be disabled but alternative practices have been developed a good while ago (and new ones are actively being found). Advertisement networks _will_ find a way (avoiding fingerprinting is impossible, unless all browser companies decide to merge; exposing hardware to the web is the new trend for web technologies, and hardware can be extremely unique especially when combined with an IP yada yada) without depending on Google, their competitor in advertising, for their own product. Google, however, will hand your search history out to any website for free(?)
The existence of this APIs will be very useful to argue that server-side data collection is not reasonable under GDPR anymore.
I hope it gets implemented because it will give significant ammunition to us in Europe to make server-side behaviour tracking marked as unreasonable under GDPR provisions.
I heard about this the other day and didn’t think much of it.
I got the actual update today on my work laptop and… just wow. How did the folks at Google ship this with a straight face? The changeboarding modal basically lies to your face.
I’ve always felt a little weird about Google’s tracking, but this takes it to another level. Creepy as heck.
> How did the folks at Google ship this with a straight face?
You have been doing 60-70 hours a week for a few years at startups that never took off. You tried to go into some big companies but got rejected several times. You managed to pass the first screening to the process at being hired at Google. You go through all the process. It’s long and tiring. Somehow you went through it after several weeks and so many steps. After several years in your career of not so successful job/startups this is like a huge thing. You can say to all your family and friends and girlfriend that you work at Google. The pay is great but the work is bad. They ask you to code more stuff to track people into Chrome. You evaluate what quitting would be like and what other opportunities like this you could have. And then I guess they are like hmm no. Let’s code this things from now on.
I’m convinced at least 75% of devs consider working at a FAANG to be the absolute apex of a career, regardless of what’s worked on. Which, to me, says it’s purely about prestige.
It’s impossible to say for sure, but there’s a certain pervasive collective worship of these employers that will just not quit.
I think this would actually be bad for their careers. I believe this is all open source and in public and you would get really bad rep for building this. If it was me I would ask for a transfer to a different team.
There are also a lot of Googlers who got in on their first or second try and genuinely do not understand end-users, do not WANT to understand end-users, and thus are very happy to implement this stuff. Also PMs who are extraordinarily metrics-focused and will buy the koolaid 100%
It's a government mandated bullshit as a replacement for third party cookies.
When all other browsers disable third party cookies, everything is fine. Apple for example has disabled it for years. When Google does it, antitrust regulators fear that this could benefit Google ads more than non-Google ads. Hence this bullshit to "restore competitiveness" between Google and non-Google ad networks.
My recommendation is to both disable third party cookies and this new thing. You don't need either of them.
This is definitely what Google would like you to believe. Considering indeed all other browsers have killed third party cookies, Google legally very well could as well. But they'd love you to believe they must provide a way to invade your privacy.
The issue regulators had was Google retaining special access to user tracking, they have no problem with Google removing their own ability to track as well. Of course, that doesn't buy Larry and Sergey's next yacht or private island remodel.
Some government regulators used to primarily focus on natural persons (i.e. citizens/consumers) and prioritize them above all else.
Then neo-liberalism took over and they took a page out of the US’ playbook, and started prioritizing businesses.
But unlike in the US they aren’t comfortable outright stating that they’re prioritizing business interests over consumer interests, so instead they do this weird thing in their communications where they act like they’re standing up for small businesses.
Problem however is that their definition of “small” business is everything below a trillion euro market cap.
It’s kind of jarring really, to hear them talk about having to protect those poor advertisers, like it’s some UNICEF donation ad.
Context? That whole project was kind of a cluster when I was involved with it, how does this help? Or is it more, without a replacement for 3p cookie tracking they couldn't break it (useful uses of 3p cookies be damned)?
When I saw that dialog, I didn't know which button to click. I knew I didn't want to share the topics I am interested in or have personalized / more relevant ads of any kind, but the text was so confusion and mixing so many things (like activate the privacy feature when in fact you are activating the tracking feature).
In the end, I reverted to clicking the non-primary button (which you are not supposed to click) and checked in the settings everything was in order.
Maybe they are talking a leaf out of Zuck's playbook. Two steps forward and one step back conditional on backlash. Reddit did this recently. Outrage can be managed until things cool down.
I’m thoroughly impressed how HN also buried this story so quickly; usually something so dramatic would stick on the front page for days. Speaks a lot about Google-biases in the content moderation of HN.
All this focus on cookies and FLoC feels like smoke and mirrors from Google.
Modern adtech can track users regardless if cookies are enabled or not, and whether they enable this new Chrome feature or not, via browser fingerprinting. They've been doing this for years.
So this new "privacy sandbox" is a diversion to the public, and particularly to law makers, that signals "see, we care about user privacy". When in fact it ultimately makes no impact on their revenue.
The public and law makers are barely starting to get an understanding about cookies, and there's a growing concern about them, so this is Google being proactive towards the blowback. Fingerprinting is much more complex to understand, and concern about it is so under the radar, that it will take many more years for the focus to catch up to these nefarious practices.
The frog is being boiled[1], make no mistake about that.
This is a take from someone who’s clearly not a domain expert. The purpose of finger printing is to identify individual users - which is pointless if you’re able to use third party cookies, unless you want to do cross-device tracking or get around as blockers. If third parties cookies are not a targetable Id in the bid stream (in a post cookie world), there is nothing to match a fingerprint to, so fingerprinting is useless. You can talk about ID5 and IDLs in this same discussion, but they are explicitly opt-in.
Additionally fingerprinting is not a tactic that advertisers want to use - anyone spending real money bets their vendors and wants to stay away from sketchy bs vendors who do that. Google doesn’t want it, TTD doesn’t want it, xandr doesn’t, cococola doesn’t, Nike doesn’t, etc. We all want a technology that is truly privacy focused for users, but still enables functionality that is critical to advertising like brand safety, frequency caps, and some semblance of targeting (even via context). That doesn’t even get into retargeting/dynamic retargeting.
Way to ad hominem, but you're right, I'm not a domain expert. Just a web user who refuses to be tracked and manipulated by advertising, and highly skeptical that any of these changes are done to benefit the user.
> there is nothing to match a fingerprint to, so fingerprinting is useless
Huh? A fingerprint doesn't need to match _to_ anything. It just needs to be consistent across browsing sessions for a profile of visited sites and interests to be built.
> Additionally fingerprinting is not a tactic that advertisers want to use
Really? Citation needed. All advertisers want their ads to be highly targeted to a consumer who is most likely to make a purchase. The reason web advertising is much more appealing than advertising in traditional media is precisely because it allows microtargetting on a level not possible via traditional means. Advertisers are always chasing a higher conversion rate, and microtargetting is proven to yield better results than showing ads to a large and generic cohort of consumers. Advertisers aren't happy about the Topics API, and many will choose the technology that allows them to continue to target ads more accurately. Fingerprinting is so far the most foolproof method of doing this, since it avoids pesky cookie blockers, and is difficult to detect.
> We all want a technology that is truly privacy focused for users, but still enables functionality that is critical to advertising like brand safety, frequency caps, and some semblance of targeting
I call BS on the first part. Ad targetting goes directly against user privacy. There's no reconciliation of the two. Advertisers can go back to buying ad space in context-relevant places (e.g. show fishing ads on fishing-related sites), but none of them want to lose a _substantial_ part of their revenue by not taking advantage of user tracking.
How you can be so defensive about this is beyond me, and leads me to believe you work in the ad industry.
> Modern adtech can track users regardless if cookies are enabled or not, and whether they enable this new Chrome feature or not, via browser fingerprinting. They've been doing this for years.
One of the explicit goal of "privacy sandbox" is preventing browser fingerprinting by limiting informational entropy from user environment. https://github.com/mikewest/privacy-budget
But the implicit goal is that _Google_ now owns fingerprinting in Chrome, versus the various other actors and tech in the space. Same as Apple owning fingerprints in iOS (and thus disrupting Facebook).
For anything “privacy tech” you must divorce the adversarial case (an actor maximizing an attack vector) with the average case (a monopolistic company using the tech to control overall opportunity costs). The latter has under-funded public study because Google et al will both throw gobs of money against it and throw shiny privacy tech problems out there to distract researchers.
Google's justification for this was after all that it's a nerved alternative to persistent user identifiers (like 3rd party cookies), because you have to give the poor, starving advertisers something in exchange if you take away their ability to identify users.
So far, so bad, but if advertisers can in fact still identify users, then FLoC will just be another, relatively high-quality signal that they can add to the profile. (In fact, fingerprinting isn't even needed yet as Google apparently feels it's fine to activate FLoC long before they disable 3rd party cookies. How that squares with the presentation as a privacy feature is a lection in corpospeak I guess)
So especially in that situation, you should turn off FLoC.
They have to set up the replacement (topics API) before they get rid of the previous solution (third-party cookies). Sites need time to adjust and implement the new systems.
They also need to not make sweeping changes to the ad industry that could be described as anti-competitive or monopolistic. I doubt they'd get away with just turning off third-party cookies in their browser.
In the EU, as far as the ePrivacy Directive (cookie law) is concerned, fingerprinting is similar to using a tracking cookie, even if no cookies are actually involved. And as far as GDPR is concerned, fingerprinting can identify a visitor, it counts as personal data, therefore you need a legal basis for processing it.
Not sure what the point you're trying to make is.
Also, Google under Privacy Sandbox has been exploring ways to introduce a fingerprinting limitations and a budget. Which may as well be smoke and mirrors, but if you watch their marketing materials, they talk of fingerprinting in general.
Sites that use tracking cookies rarely comply with the law as it is, and even then skirt around it via "legitimate interests" and other dark patterns. What makes you think they would disclose a behavior that is even more difficult to detect?
We can't assume good will and behavior from an industry that is built on deceiving and manipulating the user. The GDPR is a good first step at regulating these practices, but it's too vague, and it's applied far too leniently. It also obviously only applies to EU citizens, and not to the global industry.
I wasn't familiar with the privacy "budget", but it sounds like Google is trying to define privacy as a scale, where some amount of fingerprinting is OK. Users can be identified with just a few data points, and some are more valuable, depending on the context. Some might even be required for the site to function, so will there be "legitimate" exceptions to the budget in those cases? It sounds like a backwards approach that will be difficult to manage, so I'm not sure it will be a win for protecting privacy.
More importantly, I don't trust that an adtech company will go out of its way to implement solutions that go against its bottom line. These companies have a track record of abusing user data, and the only reason they take these initiatives is for good PR, which is again protecting their bottom line. The entire industry needs much broader and stronger regulation for any of this to actually improve.
> Chrome's invasive new ad platform, ridiculously branded the "Privacy Sandbox,"
Ars seems to be confusing the topics API with the privacy sandbox as a whole. Most features are early, like client hints, while others like privacy budget haven't even been released yet.
And if Steve Gibson is to be believed Topics is not only an improvement, it's an unqualified good. (I'm not yet convinced though if Google didn't have so many other harvesting avenues I'd see it as better for privacy too.)
Looking at 'Ad topics' in Chrome settings, they seem extremely generic and barely count as targeting. If disclosing these topics to a bunch of websites harms me, I don't see how? I don't care who knows them.
Here you go:
* Arts & Entertainment
* Computers & Electronics
* Internet & telecom
* News
* Online communities
Seems reasonably accurate, but so what? What am I missing?
Those are only some of the top categories, the taxonomy file currently has ~600 more detailed entries and it is rapidly growing. The goal seems to be well in the thousands.
I think Google is being reasonably transparent here:
- When this was introduced, Google asked my if I permit using those topics. I declined and now in the settings the toggle is switched off, just as it should be.
- Your topics will be listed when you open the ad settings.
- Instead of disallowing topics, you can also block individual topics.
Is it true Chrome keeps third party cookies while all other major browsers have disabled them long time ago? And disabling in Chrome isn't even scheduled, right? Then this is in addition to cookies.
Second, if you have a bunch of parameters attached to you, then you can be tracked. What exactly those parameters are doesn't matter, as long as the set is more or less stable and unique.
Third, do you really want to disclose your interest to every website? Without a way to opt out.
It does matter what is tracked, because advertisers need to be able to match on-site behavior to what they can identify and target in a bid.
You’re not disclosing your interest to every website. Your allowing your browser to store a list of your interests and then advertisers can target users who have those interests. This is miles more privacy focused than the current solution where any vendor can place pixels all over the web to build any audience they want, small or big. They can track really any data they want, combine it with any offline data see they want, and sell it to anyone they want.
At the end of the day, I think the categories are very broad and better respect people's privacy compared to what we had before. Some people in the privacy community seem to think advertising and tracking in any form should not exist and will always make a stink about whatever incarnation they take.
These proposals were made directly because of legislation like GDPR. It's not as if Google got up one day and said "Let's make our job harder."
> Some people in the privacy community seem to think advertising and tracking in any form should not exist and will always make a stink about whatever incarnation they take.
I don't think I'm in the "privacy community". It's my opinion that advertising will always exist, but tracking is complete horseshit and should be abolished ASAP. I don't think this is a very unpopular opinion either. There seems to be an attempt to Stockholm us all into thinking tracking is a necessary evil we must accept.
When a large, publicly traded ad-company (that relies on collecting data and tracking users for most of it's income), creates a product that costs them quite a lot of money to make, and then gives that product to you for free...
Do you expect them:
A.) to be taking a loss on that product because they really just want to gift it to you from the goodness of their heart with no ulterior motives?
B.) to actually have another way to make money from that product, which makes the whole endeavor financially worthwhile to them?
People are bending over backwards to justify why they should continue using a browser that is actively hostile to them made by a company whose sole revenue comes from collecting the entire world's data at all times.
I don't mean to trivialize it but it seriously reads like an abusive relationship. Or an addiction or something. Just leave, man.
I read a very apt quote[1] on HN a month ago, about how much Google values Chrome users thoughts:
> Chrome user opinion to them is important to their business in about the same way meatpackers care about what cattle think of the design of the feeding stations. As long as they keep coming to eat, it's just mooing.
It 100% is an abusive relationship. And it's the same as with Microsoft and Windows. People struggle a lot against it, but at the end of the day, they are completely vulnerable to Windows, as they depend on it.
I don't use Chrome as my main browser but I can see one reason why people continue to do so despite the problems with it: there are simply no good alternatives, only slightly less bad ones. Mozilla absolutely does not care about your privacy as anything other than a marketing tool or they wouldn't keep pushing adding a million different ways the browser phones home and in some cases executes remote code each release. They are also funded by Google. Brave is mired with crypto and also involved in ads. Edge is Microsoft, enough said. Same for Apple's walled garden browser.
If you have to chose one devil over another anyway it becomes easier to put your convenience first and ignore the rest.
I'd expect the government to step in because that is a highly anti-competitive distortion of the market. Microsoft once got punished pretty badly for including a free Internet Explorer with Windows, to the detriment of Netscape. I'm not sure Google pushing a free browser to the detriment of Mozilla is much different.
Not the best example though, as Windows these days is pushing Edge as anti-competitively as ever.
Windows now comes with three built in browsers: IE, Edge(Blink), Edge(Webkit) - none of which can be uninstalled.
Every other update users will bugged about switching to Edge again (exact amount varies by version and locale).
System apps will ignore default browser settings and use Edge to open all links (except in the EU they very recently went back to using the default browser again).
Browser-choice dialogue is gone, instead Edge will pester you if try to use it to download another browser.
Point being, all those punishments did absolutely nothing to stop or curb the anti-competitive behavior.
I’d expect them to consider Chrome a loss-leader to get people online since the vast majority of their advertising is online. So giving people the best possible web experience will increase the amount of ads they’ll see.
Everyone already have built in browsers. If chrome was shutdown tomorrow its not like people would all go offline because they cant access the internet.
Google aren't doing it out of the kindness of their hearts. Dominating the browser market means de facto free reign on setting standards. Chrome isn't a nice freebie, it is the most important moat Google has for its AF business.
Without Chrome, Google has no control over its product (your eyeballs as you browse) at all.
My understanding is that DDG relies on selling "keyword match" type ads based on what you searched for.
For example: if you search for "standing desk", it will include one or more paid ads that are keyed for some combination that matches with the search query. Those ads aren't targeted at you based on your gender, or your home address or where you eat lunch on Tuesdays or how many devices you regularly use or any number of other creepy shit Google tracks about it's flock of willing cattle.
It's a good point but also not that cut and dry. Chrome started as Webkit, which forked from KHTML, which was part of the very open source KDE.
Has Google benefitted more from other people's open source contributions, or have we benefitted more from Google's open source contributions? The answer is not obvious to me.
Google is definitely no stranger to shutting down and killing unprofitable products - often pretty early even. They have a long history of doing just that.
And being a publicly traded company - they would have to shut down Chrome as well, if it actually were unprofitable/not worthwhile.
And they do have the data needed to actually get a relatively accurate picture of how Chrome affects their bottom lines overall. They know what they are doing, giving it away for free.
Honestly I never quite understood why most folks switched so easily and unquestioningly to Chrome.
Maybe I'm just an open source purist. However, I will say that in almost all tests with websites I am actually using Firefox is faster.
(Maybe not that much of a purist: I do use Chrome at work as we're using various Google products... docs, meet, etc, and those work better on Chrome. Go figure.)
When it first came out, Chrome was much, much more performant than Firefox, and had better standards compliance than Safari. It was just a better browsing experience. V8 was a big deal performance-wise.
Firefox has since largely caught-up from a performance perspective, although there is still some functionality inconvenience.
Of course the stated attitude toward the user is night and day - I switched back to Firefox about the same time they started integrating Gmail / Google accounts into Chrome.
When it first came out, it really was so much faster than every other option that even ordinary users would immediately notice a difference. 2008 Google also had an incredibly positive reputation. If you tried to tell someone in 2008 that Google was an advertising company, you might convince them to agree that it was technically true, but they'd tell you that it was a stupid and reductive view of the company. Everyone was on board with the idea that Google's goal in creating Chrome was to help grow the web because obviously google search was reliant on the open web doing well.
I wouldn't underestimate the impact the Chrome TV ads had on regular computer users. The banners atop Google search results encouraging people to switch also played a big role. by the time Chrome launched, I think there were a ton of people who were sick to death of hearing one extended family member or another who was into tech cajole them to drop Internet Explorer. Switching to Chrome was easy. Just click the link that Google gave them, and plus, they were familiar with it from TV.
Chrome also stealth installed itself with Adobe flash and reader updates with a default check. I remember it in antivirus software and who knows what else.
I'll admit this traditional installer dark pattern seems quaint compared to what OSes regularly attack users with these days but this was the behavior of most pay-to-pack-in crapware at the time.
Let’s not forget the bubble we’re in here. Google are aiming for Jane and Joe Muggle who click on that icon to get the internet. Google have done a really effective marketing job there, Chrome in that sense is almost like a virus in the way it has propagated for no other good reason.
Firefox also can display images correctly if the site happens to not include a web optimized version in the correct resolution. I don't know the web you visit, but that is pretty common in a lot of places.
Chrome users looked at worse versions of images on the web for years. It is a completely bonkers performance optimization.
Chrome did kick Firefox off in web development tools though, so I can understand some people. But today I don't think there is much difference anymore. I am not web dev though. On the other hand webdevs should know about image quality on websites.
Following this launch I've been test-driving both Firefox and Vivaldi. I'm surprised how few issues I've encountered browsing with Firefox, despite it not being part of the Chromium borg.
I dare say it's actually a nicer experience overall than Chrome, with the caveat that I haven't looked into battery life impact yet.
There are a few replies on performance here: I didn't notice at the time, I just did it because Google was still a 'cool' company.
In the intervening years I bounced between the two depending on which made the most asinine UI decisions but settled on Firefox when my FOSS sensibilities and distaste for Google hardened.
Google sites and services where constantly nagging users to "upgrade to Chrome" and some even broke on Firefox (unless you changed the user agent string to chrome). It was also bundled on nearly every software download site, so you got it even if you never explicitly asked for it.
I use Chrome in development on a Windows box. Here is my experience with this upgrade:
1. Upgraded manually from 116.0.5845.179 to 116.0.5845.180 through About dialog.
2. Restart. No notification that anything has changed.
3. Go to settings, privacy and security, privacy guide, and on the 4th page (only 3 pips!)
Or go to settings, privacy and security, Ad privacy (the new element)
4. The privacy guide blurb: Privacy Sandbox trial
Chrome is exploring new features that allow sites
to deliver the same browsing experience using less of your data
Under Ad privacy:
5. Ad topics: Site-suggested ads.
Based on your activity on a site. This setting is on.
6. Site-suggested ads.
Based on your activity on a site. This setting is on.
7. Ad measurement.
Sites and advertisers can understand how ads perform.
This setting is on.
This roll out is filled with dark patterns. At (2) there is no notification that anything has changed. If not for this article, I would not have known about this at all. At (3) the feature seems intentionally hidden. At (4) the description of these features misleads the user that the purpose is to "use less of their data". This is false, or at least badly misleading. At (5,6,7) they've defaulted all new "features" to "on".
This is all so shady, and very un-Google like. I have such high regard for the Chrome team: was there push back on this? Do they realize what a bad look this is?
Let's say that they do realize it. The 0.x% of users that are aware of, understand, and will do anything other than just blindly continuing to use the software is an acceptable number of lost users. In other words, everyone reading HN could stop using Chrome right now, and Googs would not notice the blip
I was expecting this response, and let me say: it fills me with distaste. You cut off any possibility of improvement, on their part, because no matter what they do, you won't accept it. It is the opposite of constructive criticism: it is an ideological stance.
They are definitely acting in far more ethically concerning ways than they used to, but as for literally ditching the phrase “don’t be evil”, most of the internet conventional wisdom on that is incorrect.
When they reorganized to have Alphabet as a new parent company, Alphabet’s code of conduct said “do the right thing”, but the subsidiary Google that still makes everything we usually discuss as Google kept “don’t be evil” in its code of conduct. At a later point Google did move that sentence out of of the most prominent position in the preamble, but it’s now in the second-most prominent place, right at the end.
But, yes, as I said at the start of this comment, they do a lot more awful or potentially evil things than they used to.
Disclosure: I worked for Google years ago, but I left before all the changes I discuss in this comment and had nothing to do with any of them. I am sad to see Google decline to roughly the level of being at least as ethically good as most of their major competitors, instead of far better as they used to be.
It's nefarious how they ask you if you want to turn on "ad privacy", indicating that this feature increases your privacy when in reality it does the opposite.
Technically they’re correct: the privacy offered by this new system is superior to that which is offered by the web with no tracking protection.
Thinking about it in a very abstract way I find the whole thing fascinating. Google is clearly terrified that the tracking protection offered by other browsers is going to become the norm and they’re trying to head that off at the pass by implementing this compromise. But I’m not sure why they’re all that worried about it, they still have the lions share or the browser market. Maybe they’re worried about incoming legislation?
If I'm understanding correctly, they're not turning on some other tracking prevention when you enable this "feature". It's strictly a privacy downgrade.
Third party cookies can do everything the topics API can do and more. Third party cookies lets sites collect granular data about what exact site you on and any data they want from it. This API just gives them some topics which may even be a random chosen one and not a real one.
Precisely. The article (and seemingly everyone else) fails to realize that topics is reducible to TPC. If you have TPC then topics provides no additional tracking capability.
Topics is a mess (see a great analysis from a colleague of mine[1]), but it’s a hard sell to call this current step nefarious.
Can you give me a source that enabling the topics API disables third-party cookies? And once Chrome has phased out third-party cookies the topics API will strictly decrease my privacy, not increase it.
I think the Ars writer here is very uninformed. Floc is completely different from Topics, and if you actually read the Topics spec, it seems to be significantly better than 3rd party cookies? At least to me. Maybe I’m missing something.
Topics is a refinement of FloC… no third-party cookies and no Topics would be significantly better but Google is an adtech company and there’s anti-competitive concerns from other ad tech providers
He's faced enormous challenges due to Google's "privacy" policies... Google is removing nearly all access to user data, they don't even like you looking at the user agent string (which issues a warning)... not to mention its impossible to know about search traffic and even referring urls.
Meanwhile Google has access to all this data, so he tells me all this is just gaslighting so they can illicitly protect their monopoly on web data.
Seeing this all go down, it feels like this is exactly Google’s master plan.
1. Roll out stuff they brand as “privacy respecting” that actually collects data for their own use.
2. Brand anything that would give competitors access to that data (third party cookies, user agent strings, etc) as a threat to user privacy.
3. Lock all of that stuff down so that nobody can access it (“we’re protecting you!”)
4. I don’t think we need the ???, it’s just straight to profit, via monopoly over the data.
The brilliant/terrible thing about this is that third party cookie tracking is not great so it’s hard to set up a defensible argument where leaving things as they are is the better alternative. Apple and others have been waging a war on third party tracking for years now, and pushing public opinion in that direction, and it seems to me that Google is playing 4D chess here and using it against them (and frankly, the entire internet).
The solution is very easy for consumers looking for a real privacy solution:
Use a browser that is not made by an advertising company.
In other words, just drop chrome. It has never been easier to do, with Edge and Safari readily available on all major platforms and Firefox for those who prefer it, and of course the many other chromium forks that are around.
There is no reason to be dependent on chrome today. There was a few years where it was overly dominant and very hard to avoid for compatibility and performance reasons, but that is just not true today.
Personally I use Firefox on android and desktop and I don't miss chrome at all. I uninstalled (technically, disabled) it on mobile as Google widgets like to open links in it otherwise.
I have chrome on the desktop as I work in software so I need to test compatibility with it, but that's it.
> stuff they brand as “privacy respecting” that actually collects data for their own use
The kool-aid is in their definition of the word "privacy." You and I might think "privacy" means "other entities aren't observing you" but Google in their benevolence knows that it really means "Google will keep your data safe from third parties." Their newspeak doesn't even allow the concept of "data that Google does not collect."
(A friend of mine was involved in the launch of Google Allo. I asked them if it would be possible to use the virtual assistant features offline without sending everything to Google. They never spoke to me again.)
I don't think there's any 4D chess going on here. Nobody is buying Google's "privacy" argument. This is a simple case of other browser vendors improving actual web privacy and Google undermining that effort.
That is Apple's plan, too, except for the collecting data or profiting part. They still have a monopoly on your data, it's just locked on your devices.
This doesn't make sense. The browser provides the user agent as a header in HTTP requests. They can't detect if or how the server is using that information.
Or do you mean your friend's product is a browser plugin? In which case, um, yes, I don't want it having access to any more information than it it needs to do it's job (and honestly, probably not even that.)
I’m loathe the defend Google but I don’t think this is the case. The replacement for user agent sniffing (client hints? I forget) is a universal thing and I don’t think Google has a secret back door tracking mechanism their ad network is able to use. It would certainly be a big story if they did.
> I don’t think Google has a secret back door tracking mechanism their ad network is able to use.
they have 80% population using search, youtube, storing browsing history etc while logged into google account, so they have lots of data about most of the people.
google "has access to all this data" in exactly the same way any other website does. you request the information you need from the client, and the client can choose to provide it or not. clients provide it by default.
hate on google all you want, but UA reduction is objectively a good thing. "my friend jacob wants to slurp up everything from the user-agent string on the first request" is not a good argument.
> Meanwhile Google has access to all this data, so he tells me all this is just gaslighting so they can illicitly protect their monopoly on web data.
To throw them in the same pit, they're taking a page from Apple's playbook: the privacy benefits for the user will justify any market effect from closing the platform and keeping all user data internals. Platform owner gets to protect the user from some of the abuse, while gaining a critical edge on the competition.
In the current climate, I'm not sure there is any good angle to solve this, short of strong regulation limiting the advantage they get from doing these "privacy first" moves (basically find a way to forbid the platform owners from using their own users' data...I'm not holding my breath)
> In the current climate, I'm not sure there is any good angle to solve this, short of strong regulation limiting the advantage they get from doing these "privacy first" moves (basically find a way to forbid the platform owners from using their own users' data...I'm not holding my breath)
Well, you could also look into removing some rules, in addition or instead of piling on new ones. Eg you could weaken intellectual property rights, to make it easier for upstart competitors to take on the established giants.
Or you could make it easier for foreign competitors to enter local markets. (As an example, the US has become more protectionist of their tech markets. And the EU has a lot of red tape that's even harder to follow, if you are from outside the area.)
I took it more as an anecdote to show how Google is intentionally using its size and influence to engage in anticompetitive practices by forcing the adtech industry to standardize on technologies that only Google can use effectively.
More of a "be upset with Google" than a "feel bad for my friend" kind of thing
> not to mention its impossible to know about search traffic and even referring urls.
I think it was the migration to https everywhere that killed that. Not sure why it went down that way, or if Google was responsible.
But yeah, when I ran a blog, I would look through the referrer URLs to see what people were actually searching for and write articles about that because it was obviously an untapped void in the market.
That's exactly what it is. Google spends a fortune on lobbying Brussels to let the natives know that they have their best interests at heart. That's proof of the opposite as far as I'm concerned. Check out the ads on Zaventem airport (right next to Brussels) if you're ever passing through there, it's comical.
Or check this video if you can't make it in person:
Years ago I remember having a very similar reaction to many online platforms switch to https. It was pitched as protecting people from isp packet based ads but it always felt more motivated by locking the competition out of the data stream
No offence, but your friend Jake can go fuck himself.
I have very little trust for Google and other megacorps like it, but I have even less trust for parasitic entities like Jake that just piggyback on top of Google's already horrid practices to extract wealth from, so you'll find no sympathy for Jake from me.
Such is the issue with any business connected to a single large and private infrastructure provider. Of course this is, in part, why we have anti-trust laws.
It's arguably not, depending on how you slice "worse."
Google's philosophy on this sort of thing has been pretty consistent for over a decade: they trust themselves with user data. It goes in a vault, it's very hard to access inappropriately, and they have some of the best security possible on the modern web. Practically speaking, yes, it's still a risk; if the data collections get breached, that's all the data. But they don't see themselves as more of a risk than anything else out there, so for them it's not philosophically inconsistent to claim other companies doing what they are doing should be considered a privacy threat.
... And honestly, I think there's a good case to be made that if you don't trust Google to respect your privacy and secure your data, You shouldn't be using Chrome period, because the organization you don't trust controls the source code of that browser.
>this feature will track the web pages you visit and generate a list of advertising topics that it will share with web pages whenever they ask
This is factually incorrect. It works like third party cookies, but with privacy. A web page can only retrieve a topic if that site has already observe you visit pages of that topic. In order for you to observe a site that site must send a fetch request to you or embed you in an iframe.
If a random site calls document.browsingTopics() they get no topics as not enough data has been observed by them.
Everything I'm seeing is that it is Chrome doing this, not Chromium. If the Googs decides to add features on top of Chromium in its Chrome release, that does not mean that other Chromium based browsers will have those changes automatically as well. It totally makes sense to me that Googs would not want these in the base Chromium as it's the secret sauce just for the Googs
I would think Google would want this in Brave and Edge also. Google will want to advertise to the users of these browsers even though they aren't using Chrome.
My friend who was the biggest Google evangelist 10yrs ago who went through a round of interviews there (stellar Kotlin programmer) has completely written off the company after this announcement some months ago.
He's committed to deGoogling his life now and is even migrating off Gmail this weekend - I think I'll be joining him.
Opera, Brave, and Vivaldi are just Chromium with an extension or two added and a Chrome feature or two disabled. They're not legitimate browser competition.
There are only 3 real browsers today that meaningfully compete and control their own destiny: Chrome, Safari, and Firefox. Everything else is mostly just a fresh coat of paint on one of those browsers.
Apple, which owns Safari, is the largest company in the world. Alphabet, which owns Chrome, is the 4th or 5th largest company in the world.
Mozilla is a small non-profit that exists to provide meaningful choice. Those others are small businesses trying to make a buck riding Google's treadmill or surfing their wake.
What makes you think Chrome's market share will decrease? Google has a strong hold of their position, and other browsers are barely competing.
If anything, it wouldn't surprise me if Mozilla announces that they're discontinuing Firefox. Those alternative browsers you mention don't even register on the usage radar to be relevant in a browser "war".
Everything seems to indicate that we're heading towards an even worse single-browser dominance than IE had in the 90s.
It was lightweight and fast, but still managed to have a built-in mail client, RSS reader, and IRC client.
All with a consistent and clean UI that treated the user like an adult. Maybe I'm just old, but I hate the flat "everything looks like a webpage" UIs in today's browsers.
> Would a VPN do what I need? Where are instructions that a n00b can follow?
Never used them myself but lots of HN commenters think highly of the VPN services offered by Mullvad [0]. In fact, right now, Mullvad is currently on the HN frontpage [1], from a blog post by Tailscale.
I’ve been waiting for years for Safari to support multiple profiles so I can have a work and personal profile, instead of using Chrome for work. Finally this year we’re getting that, goodbye chrome, it’s been a fun 10 years. Unfortunately Chrome turned into a bloated mess over time, even before this news I was waiting to switch.
Google was playing 3D chess when they started developing Chrome, and when they started making moves to strip away things like user agent strings, they were really just making the final moves of a campaign set years before to create a walled garden of ads data.
As much as I hate what Google has done with Chrome and I choose not to use it, the comparisons to the IE6-8 dominance are even more acute when you consider that Chrome is also successful in the enterprise due to its support for both typical group policy/Mobile Device Management configuration as well as its integration into Google Workspace.
Edit: I had initially said “dominant” in the enterprise, but I imagine that title still goes to Edge?
It would be impressive if it wasn’t so depressing and gross.
Congratulations to everybody who's been working overtime to simp for Chrome for so long.
Firefox has had its ups and downs, but it and its progenitors have been great daily drivers for me over 20 years now. It's not too late. The best time to switch was, well, forever ago -- but today is also a great time to switch. Get on the fucking bus.
Like most companies, Google has a mission statement or "philosophy." Google's philosophy is divided into 10 points; each point is one sentence long. The first and most interesting is quoted in the title of this part of the book. Unlike most corporate mission statements, this phrase did not come about through long committee discussions: This statement is Larry Page's mantra. Early on, when people asked him about financing his projects, he always replied with something like, "Don't worry about it. If our users are satisfied, if we give them all they want and more, we'll be able to find some money.""
Wonder if there is a "Gentoo for browsers," where you specify certain parts of the stack: layout engine, HTTP engine (cURL), JS engine (V8, none) and conveniences (password management, bookmarks), and the script builds it for you.
The conceit is the ability to view responses as nodes in a graph, and laying filters on top. The tradeoff for performance being introspection and control.
I stopped using Chrome and uninstalled it from all my devices a year ago. It was hard at first, but you get used to other browsers pretty quickly (took me two weeks).
Safari on macOS works like a champ, and if I'm doing web development I switch to Firefox which has excellent developer tools (remember firebug?)
Didn't the very initial release of Chrome, many years ago, already create a unique, identifiable ID per user, and open a connection to phone home to Google servers (using that unique ID) on every single key-press and mouse click done anywhere in the browser?
I just want to say that I’m glad Apple does the exact opposite with Safari of what hostile things Google, Microsoft, and sometimes even Mozilla do to their browsers. Call me an Apple fanboy all day long but they proved for years that they care about speed, privacy, and even simplicity.
I found about https://librewolf.net/ from a web search. Has anyone here tried it or can recommend any other alternative firefox build without telemetry?
lol just updated my chrome before I saw this, I instantly got what it's about and didn't allow, why would I want any ads at all, I have a blocker, it doesn't matter, but that's sneaky from them and unhumane to push for that.
Why do people still use Chrome? I can kind of understand Google search, Gmail and Maps(though search kind of sucks nowadays), but chrome is turning into one of the most user hostile pieces of software.
And there are perfectly fine alternatives that do not sacrifice features or convenience in the slightest. I don't see a legitimate use case for Chrome.
Because Firefox exists. And anyone can use Chromium to compete with Chrome fairly rapidly.
It’s not the new IE. In my mind it’s worse than the new IE because it achieves similar goals as the IE abuse but without necessarily doing anything illegal.
Mozilla and Opera existed at the time, as well as a bountiful amount of IE shells which essentially acted as the Chromium derivative equivalents. Outside of Chrome (technically) shipping the same binaries across all the platforms it supports, and using scope creep in a more subtle way compared to 90s-era IE, I don't see how the situation is materially different between now and then.
Firefox is barely surviving. Skinning Chromium hardly counts as competing with Chrome.
I agree with you that Chrome is even worse than IE ever was. Mostly because Google is much smarter than MS was when it comes to ensuring market dominance. It will be much harder to dethrone Google, simply because Chrome is a much better product.
Maybe not yours, but it's baked into the operating systems used by billions of phones (Android) and millions of kids/others with generally lower tech literacy who may not have great context on the privacy implications of these changes (ChromeOS)?
Hey guys, please stop giving market share to Chrome. Firefox is not only an objectively better browser but you're supporting an open web instead of a terrifying data behemoth.
I think here on hn many people us Firefox, with Chrome as backup for institutional sites that won’t work on FF(at least it’s the case for me). Or other alternativies or all of them interchangeably based on purpose. What makes the real market share is the rest of world outside of hn
It is really hard to fight the advertising and luring of The Google machine. I never mind being annoying to my friends and relatives and talk about how Firefox is a safer and better alternative. People are often surprised that a choice even exists. To many just outside my circle, browser == Chrome , mail == Gmail, phone == Android, maps == Google Maps, payment solution == Gpay, and instant communication == WhatsApp.
It is hard to beat free.
My own 74 year old dad says.. be practical, I don’t care if Google wants to profile me as a 74 year old man interested in watching my regional language news and religious videos. Nor do I care if Google knows that I spend the little retirement money of mine buying these medicines or paying for the taxis. They can try targeting ads to me all they want, but good luck to them, I’m not going to book an expensive holiday in the Himalayas, nor am I going to buy something I don’t want to buy. I just want something that works in a way I have gotten used to. I don’t want change at my age.
I can sympathize with his argument. I just wish young people don’t find an argument like his..
We have regulations preventing some rich dude flooding the market with free product to gain a monopoly and then charge exorbitant prices. Why not the same for digital services in this internet age?
I wish we regulated internet services the same way. No “free” email, chat, social services paid for by creepy ad companies. The real cost of these services at the scale of the number of users is minuscule anyway. The field Google, Amazon, Meta and Apple plays at should be leveled for new competition - that is a Government’s duty to enable.
Firefox is mostly paid for by Google, so I wouldn't suspect it's a threat to their goals. I think a 'dumb' protocol or partition of the web might be the best we can do.
Key actionable info: to fix this, go to this URL:
and turn off the toggles on each of the three subpages.
Alternatively, go to this URL https://www.mozilla.org/firefox/ to fix this permanently.
Key actionable info: use Firefox.
Completely immune from this and you don't need to worry that toggle will get mysteriously turn back on.
> you don't need to worry that toggle will get mysteriously turn back on.
I will be caustious with such statement.
https://github.com/patcg-individual-drafts/ipa/
IPA now allows these companies to track users across multiple IP addresses, and regardless of the user's cookie settings, via a unique tracking identifier. It is also proposed that the operating system provides the unique tracking identifier which can then be used by all applications or browsers on a device, allowing different devices behind a single IP address to be distinguished.
Mozilla is one of the authors.
5 replies →
Mozilla has disabled privacy controls in the past without informing users. For example, they removed the “prompt when setting a cookie” (so that you could reject/accept/accept for this session only) without a replacement. Newer versions just accepted all cookies as persistent, non-session cookies automatically. There are other examples like this.
It's difficult to deal with because as the code evolves, so do the configuration settings. The rate of change is high, and it's not always obvious what is relevant to users (and whether a new feature increases or decreases privacy!), so it's hard to communicate this in release notes.
Ding ding ding! Switch now. If you use Chrome, you are complicit in what Google is subjecting the entire world to.
This isn't iPhone vs Android. This isn't vim vs emacs. You can switch browsers in 5 minutes and never notice any meaningful difference.
Degoogle today.
7 replies →
> ... you don't need to worry that toggle will get mysteriously turn back on.
Using Firefox Developer edition and toggle(s) will get mysteriously turned back on all the time. And Mozilla is not immune to this practice at all for standard Firefox.
Use chromium-ungoogled [1] if you want chrome(ium) without Google-specific stuff.
[1] https://github.com/ungoogled-software/ungoogled-chromium
2 replies →
I wouldn't call it completely immune, Fx is just better Chrome for time being. Tons of dark patterns and inner circle decision makings.
5 replies →
Agreed, using Firefox more and more and assisting everyone you know on how to switch and make it default with it is key.
Show someone how to do it, and they can be asked to show someone else
Until you can't. The Chrome team routinely remove options from settings, usually keep them for a few months until there's no way of changing them.
Mozilla actively supports online ads and tracking. Without their partnership with Google, they could not continue as a going concern for very long.
The deception is to make people believe that studying them as ad targets through their internet use can be "private". Many will believe this nonsense. Including regulators. "It's OK, folks. Privacy is preserved." Green light to keep on tracking, collecting data and serving ads.
But the study of people's internet use to enable programmtic advertising _is_ the problem. There will be more ads. They will be more personal. The www will become even more annoying. Perhaps moreso than any other medium that has come before it.
To Mozilla, there can be no www without advertising. The truth is that there can be no so-called "tech" companies, monopolisng intermediaries, without programmatic internet advertising. The www does not need it and the original www did not have it.
First Mozilla partners with Yahoo. Then Google. Perhaps Meta will be next. Mozilla is no different than so-called "tech" companies in at least one regard: it cannot find a "business model" besides internet advertising.
https://analyticsindiamag.com/despite-clashes-in-the-past-mo...
https://www.adweek.com/programmatic/ipa-the-meta-and-mozilla...
https://www.admonsters.com/eletters/mozilla-and-metas-ipa-fr...
Yeah, that is my understanding as well. While many promote Firefox as an alternative to Google Chrome, it simply lacks adequate proof that Firefox is any better than Chrome at tracking. Else, how does Mozilla survive?
What do you do if websites are "best viewed in Chrome"?
Embrace: Embrace the open web, create an excellent product and aggressively promote it until you take over the market
Extend: Chrome experiments and advanced features that improve the user experience and developer experience through Chrome only API and Google services. Even provide these services to everyone who wants to use them free or charge so that the user expectations are elevated to that point and web businesses depend on these by building their products around them. Maybe make developers depend on this "topics" feature even.
Exterminate: Cut off or degrade the free services to 3rd party browsers, remove or tame extensions that harm your business and recoup the costs of the free services. Since you no longer have viable competition, reduce the development of Chrome any further, optimize only for profit. Developers who depend on you ad tech can choose to refuse serving users using another browser or opt out of Google verification or account services? The users will stay like they sat with IE.
IE of the 2020s.
Don't use them unless you must. The internet is a big place. Any piece of information of value can be found at its origin and no less than 10 copycat sites, one of which inevitably will work in Firefox with uBlock enabled.
Use ungoogled-chromium: https://github.com/ungoogled-software/ungoogled-chromium
> What do you do if websites are "best viewed in Chrome"?
Try Chromium?
Decide the site is too much hassle and back away?
Not always practical options, but they are options.
2 replies →
Use edge for the websites that only work in chrome.
3 replies →
Does Google do the scummy thing where these toggles get reset to default after an update?
Yes. Very commonly they change a feature, put the old behaviour behind a config setting (flag), then silently remove the flag later.
No, this is mainly Microsoft's domain. Google's thing is boiling the frog under the hood.
same with Firefox in my case. after restart, it asks to be the default browser. and again. and again.
2 replies →
Also note that Chrome on my home machine has asked me more than once to enable the new feature. Each time I've said no, I find it has turned on other related features. This may be the final irritation that makes me pull my finger out and switch to Chromium or back to FF¹. I used to switch back & forth every year or two, as one of them did something to irritate me⁴ I switched to the other.
--
[1] I switched to Chrome a few years ago when FF went through a period of being unstable²
[2] and because certain extensions didn't have good FF alternatives, because they never were or because some were crippled by the changes in ~2017³, but that latter point is fairly moot as Google is now taking their turn to work towards crippling useful extensions
[3] at least FF's change here were mostly due to massively misreading the room while trying to streamline their platform, where Google's seem to be more malicious when you consider most of the affected extensions are ones that go against their primary business of tracking people & selling adverts.
[4] things breaking after updates, periods of general instability, not keeping up in the performance race for a while, etc.
Thanks. Somehow this latest ickiness from Chrome was the push I needed to switch to Firefox.
Any binary hackers to modify the executable of Chrome directly?
What's the point? It's open source. So some people naturally spend the effort to maintain something like https://github.com/ungoogled-software/ungoogled-chromium
3 replies →
Or use brave.
Why do you consider a Chromium-based browser from another for-profit company that has done some morally debatable things as an alternative?
11 replies →
Also alternatively, go to this URL https://brave.com/download/ to fix this permanently.
Please don’t use Chromium based browsers. Support real alternatives like Firefox.
8 replies →
[flagged]
7 replies →
Our research group does work in this space[1], so I’ll claim some familiarity.
This article has multiple problems:
1. Privacy Sandbox is a project, consisting of many proposals. To pitch it as some cohesive product is misleading.
2. Related: FLoC and Topics are completely separate things, aside from existing under the same project.
3. Topics is reducible to (implementable using) third-party cookies. While the proposal has issues and doesn’t resist tracking as well as Google claims (see below article), Ars’ implication that this is somehow making Chrome less privacy-preserving is patently false.
[1] https://arxiv.org/abs/2306.03825
Although the source article here is clearly opinionated in one direction, I’m not impressed with your claims about actual problems in it. (For reference, I agree with the direction it takes and would make only minor adjustments to it if I were writing it—the only of any substance would be not calling the Privacy Sandbox an “ad platform” just because in a way it’s a little more like a shop that sells picks to ad platforms.)
> 1. Privacy Sandbox is a project, consisting of many proposals. To pitch it as some cohesive product is misleading.
Look, that’s how Google are branding it. It’s an initiative which has turned into a cohesive brand. Just look at how https://privacysandbox.com/news/privacy-sandbox-for-the-web-... speaks of it all. That’s pretty much how it’s being presented in the browser, too.
> 2. Related: FLoC and Topics are completely separate things, aside from existing under the same project.
They’re about as completely separate as Chrome 17 and Chrome 117, or StarOffice and OpenOffice.org. OK, these are both very imperfect comparisons, but although FLoC and Topics work in somewhat different ways, Topics is for all practical purposes just a fork that continues FLoC. They even treated it that way in the browser (at the time at least, no idea if it’s still so). https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts#... seems overall a fair enough portrayal. They simply rebranded the basic concept.
> 3. Topics is reducible to (implementable using) third-party cookies. While the proposal has issues and doesn’t resist tracking as well as Google claims (see below article), Ars’ implication that this is somehow making Chrome less privacy-preserving is patently false.
The first and last claims here are obvious nonsense. Third-party cookies only let you track stuff where your code runs, whereas the Topics API uses the entire browser history, so it’s not reducible to third-party cookies unless you mean something very different from me by that word. Ars’ implication is by no means patently false; as far as the current status is concerned, where they’ve added this and not removed third-party cookies, it’s patently true. In the longer term, it’s less clear, better in some ways and worse in others, but “patently false” is still an unreasonable characterisation.
> Third-party cookies only let you track stuff where your code runs, whereas the Topics API uses the entire browser history
This is false. Topics only allows ad trackers to see topics associated with sites they were embedded in. In this way, topics is reducible to TPC.
>whereas the Topics API uses the entire browser history
It doesn't use the full history. If a site is using the Topics API it will only get back topics that it has observed from sites in the last 3 epochs. For site X to observe a topic from site Y. Site Y must either:
* Be site X
* Embed site X in an iframe on the page with a special attribute on the iframe element
* Send a fetch request to site X with a special header and site X must respond with a special header
10 replies →
I didn't read the Ars article as saying FLoC or Topics make Chrome less privacy-preserving than it was before, but rather that, once Chrome disables third-party cookies, they make Chrome less privacy-preserving than other browsers with third-party cookies disabled. What the author would prefer is that Google also disable third-party cookies and also not ship FLoC or Topics.
> What the author would prefer is that Google also disable third-party cookies and also not ship FLoC or Topics.
That's not an option now thanks to multiple antitrust regulatories. Google actually tried to get rid of 3p cookies to use it as an advantage against competitors as well as privacy friendly PR but this has been blocked. One example from CMA (but not limited to): https://assets.publishing.service.gov.uk/media/62052c52e90e0...
5 replies →
Ron Amadeo has such a consistently snarky anti Google stance that I no longer read his articles. I haven't seen any other tech company get such dismissive treatment on Ars.
Agreed. I think he crossed the line way beyond being skeptical about Google, and into partisan politics level biased reporting against Google. E.g. his coverage of passkey was so bad - misleading half truths and outright incorrect claims - that made a subsequent article on the passkey by another Ars reporter look completely opposite from what he wrote.
6 replies →
What are you upset about, that he's reflexively anti-big tech which includes Google, or that he's anti-Google out of all the big tech? Because personally I don't give any of the FANG+ the benefit of the doubt on anything now.
> Topics is reducible to (implementable using) third-party cookies.
Yes, but aren't 3rd party cookies going to get banned? That seems to be the common assumption in the adtech space. If that's true isn't topics just google's mechanism to continue the kind of tracking that lawmakers are trying to ban by banning 3rd party cookies?
This is the first I've heard of such a law. Do you have a reference? Which country?
5 replies →
Huh. I did not detect such an implication. The gist of the article for me was Google is using a new system. Perhaps there is an implication that based on the deceptive use of the term "privacy" some users might believe that Chrome is now more privacy preserving. That would of course be patently false.
But it seems this comparison to third party cookies ignores the fact that now one company, Google, gets a maximum amount of tracking data without having to cooperate with any other entity. That potentially could be a loss for privacy because the concentration of personal data at one entity, i.e., Google, requires less cooperation, e.g., data sharing. It's easier.
It's less privacy preserving in that it is anti-competitive, so now google gets a monopoly on this form of tracking. I assume they'll eventually combine all the data from their other monopolies, and continue to use lobbyists to block improved laws or even enforcement of the existing laws they break.
> 3. Topics is reducible to (implementable using) third-party cookies.
Even with 1st-party cookie jar isolation?
Disclaimer: you work for Google?
If you go to his bio he doesn't say that on his CV, so seems kinda unlikely
Disclaimer: I work for Google but my opinions and web crawling abilities are mine and mine alone.
No.
I'm kind of torn on this. The general idea that the user's browser tracks him by itself instead of utilizing cookies or fingerprinting seems like a step up for privacy. Obviously the devil is in the details - Google controls that whole algorithm, and there obviously is a conflict of interest.
But the alternative that the people who are against it are proposing is either to keep the status quo or kindly ask Google (and other ad companies) to stop existing, which is not gonna happen. They seem to ignore the fact that ad-tech is a huge industry and a large part of the internet relies on it. Basically the only way to make it go away would be to outlaw it.
(Also so nobody accuses me as being pro-ads: I hate ads and tracking, but sort of in a way like I hate being sick. I can reduce my exposure to ads and tracking (adblock, not using certain apps, etc.), but I know that complaining about it won't make it go away)
> I hate ads and tracking, but sort of in a way like I hate being sick
What if the illness you hoped to avoid were leaking all your private behaviours to the world as though the sickness were the proper state of existence?
> ad-tech is a huge industry and a large part of the internet relies on it.
The Internet is not going away and advertising is not the Internet that we want.
They seem to ignore the fact that ad-tech is a huge industry and a large part of the internet relies on it. Basically the only way to make it go away would be to outlaw it.
Not necessarily. It will also go away - or more usefully, change its behaviour - if its current model becomes less cost effective. Apple restricted what apps could spy on and Facebook complained like a spoiled child but the sky did not fall. The evidence of effectiveness for all these tracking-based "personalised" ads is limited at best anyway. If you're running a search engine where users have literally just told you what kind of thing they're interested in right now or you're hosting videos where you know which video a user is about to watch or you're serving ads to be included within someone else's web page and you can tell what the content of that page is then you already have very useful information to help you choose which ads might be relevant without needing any additional user tracking at all.
Thank you for this. There seems to be layers of delusions throughout this comment section where it seems many people simply cannot imagine a functioning world sans some bit of questionable tech and its derivative marketing strategies that are barely 20-years old.
Context-based advertising, AKA “advertising”, has been around forever, and respected privacy to the extent that Gatorade only needed to know that people at gyms might be thirsty. Still sold a ton of slightly salty sugar water, and didn’t even suggest that they should be allowed to rummage through every customer’s gym bag, follow them home, take notes on their dinner choices and television habits, watch them sleep while taking their pulse, and then slip random notes to them throughout the day reminding them that their electrolytes were dangerously slightly on the lower side of average (code RED).
This API wont remove or deprecate the already existing tracking methods, third party cookies can be disabled but alternative practices have been developed a good while ago (and new ones are actively being found). Advertisement networks _will_ find a way (avoiding fingerprinting is impossible, unless all browser companies decide to merge; exposing hardware to the web is the new trend for web technologies, and hardware can be extremely unique especially when combined with an IP yada yada) without depending on Google, their competitor in advertising, for their own product. Google, however, will hand your search history out to any website for free(?)
The existence of this APIs will be very useful to argue that server-side data collection is not reasonable under GDPR anymore.
I hope it gets implemented because it will give significant ammunition to us in Europe to make server-side behaviour tracking marked as unreasonable under GDPR provisions.
2 replies →
[flagged]
I heard about this the other day and didn’t think much of it.
I got the actual update today on my work laptop and… just wow. How did the folks at Google ship this with a straight face? The changeboarding modal basically lies to your face.
I’ve always felt a little weird about Google’s tracking, but this takes it to another level. Creepy as heck.
> How did the folks at Google ship this with a straight face?
You have been doing 60-70 hours a week for a few years at startups that never took off. You tried to go into some big companies but got rejected several times. You managed to pass the first screening to the process at being hired at Google. You go through all the process. It’s long and tiring. Somehow you went through it after several weeks and so many steps. After several years in your career of not so successful job/startups this is like a huge thing. You can say to all your family and friends and girlfriend that you work at Google. The pay is great but the work is bad. They ask you to code more stuff to track people into Chrome. You evaluate what quitting would be like and what other opportunities like this you could have. And then I guess they are like hmm no. Let’s code this things from now on.
I’m convinced at least 75% of devs consider working at a FAANG to be the absolute apex of a career, regardless of what’s worked on. Which, to me, says it’s purely about prestige.
It’s impossible to say for sure, but there’s a certain pervasive collective worship of these employers that will just not quit.
12 replies →
I think this would actually be bad for their careers. I believe this is all open source and in public and you would get really bad rep for building this. If it was me I would ask for a transfer to a different team.
2 replies →
> The pay is great but the work is bad.
In just about any other context this is called a bribe. But you're right. If that person doesn't do it, someone else will.
There are also a lot of Googlers who got in on their first or second try and genuinely do not understand end-users, do not WANT to understand end-users, and thus are very happy to implement this stuff. Also PMs who are extraordinarily metrics-focused and will buy the koolaid 100%
It's a government mandated bullshit as a replacement for third party cookies.
When all other browsers disable third party cookies, everything is fine. Apple for example has disabled it for years. When Google does it, antitrust regulators fear that this could benefit Google ads more than non-Google ads. Hence this bullshit to "restore competitiveness" between Google and non-Google ad networks.
My recommendation is to both disable third party cookies and this new thing. You don't need either of them.
> It's a government mandated bullshit
This is definitely what Google would like you to believe. Considering indeed all other browsers have killed third party cookies, Google legally very well could as well. But they'd love you to believe they must provide a way to invade your privacy.
The issue regulators had was Google retaining special access to user tracking, they have no problem with Google removing their own ability to track as well. Of course, that doesn't buy Larry and Sergey's next yacht or private island remodel.
2 replies →
> It's a government mandated bullshit
Who says that, google?
To make an analogy, don't believe any EU country government when they blame some EU directive for a new law.
1 reply →
Some government regulators used to primarily focus on natural persons (i.e. citizens/consumers) and prioritize them above all else.
Then neo-liberalism took over and they took a page out of the US’ playbook, and started prioritizing businesses.
But unlike in the US they aren’t comfortable outright stating that they’re prioritizing business interests over consumer interests, so instead they do this weird thing in their communications where they act like they’re standing up for small businesses. Problem however is that their definition of “small” business is everything below a trillion euro market cap.
It’s kind of jarring really, to hear them talk about having to protect those poor advertisers, like it’s some UNICEF donation ad.
> My recommendation is to both disable third party cookies and this new thing. You don't need either of them.
then you will see random low quality ads instead of something you may be interested in
17 replies →
Because they don't get to kill third party cookies without shipping it.
Context? That whole project was kind of a cluster when I was involved with it, how does this help? Or is it more, without a replacement for 3p cookie tracking they couldn't break it (useful uses of 3p cookies be damned)?
7 replies →
When I saw that dialog, I didn't know which button to click. I knew I didn't want to share the topics I am interested in or have personalized / more relevant ads of any kind, but the text was so confusion and mixing so many things (like activate the privacy feature when in fact you are activating the tracking feature).
In the end, I reverted to clicking the non-primary button (which you are not supposed to click) and checked in the settings everything was in order.
Maybe they are talking a leaf out of Zuck's playbook. Two steps forward and one step back conditional on backlash. Reddit did this recently. Outrage can be managed until things cool down.
I’m thoroughly impressed how HN also buried this story so quickly; usually something so dramatic would stick on the front page for days. Speaks a lot about Google-biases in the content moderation of HN.
The fix sounds easy to me.
Switch to a better browser.
All this focus on cookies and FLoC feels like smoke and mirrors from Google.
Modern adtech can track users regardless if cookies are enabled or not, and whether they enable this new Chrome feature or not, via browser fingerprinting. They've been doing this for years.
So this new "privacy sandbox" is a diversion to the public, and particularly to law makers, that signals "see, we care about user privacy". When in fact it ultimately makes no impact on their revenue.
The public and law makers are barely starting to get an understanding about cookies, and there's a growing concern about them, so this is Google being proactive towards the blowback. Fingerprinting is much more complex to understand, and concern about it is so under the radar, that it will take many more years for the focus to catch up to these nefarious practices.
The frog is being boiled[1], make no mistake about that.
[1]: https://gazoche.xyz/posts/boiling-frog/
This is a take from someone who’s clearly not a domain expert. The purpose of finger printing is to identify individual users - which is pointless if you’re able to use third party cookies, unless you want to do cross-device tracking or get around as blockers. If third parties cookies are not a targetable Id in the bid stream (in a post cookie world), there is nothing to match a fingerprint to, so fingerprinting is useless. You can talk about ID5 and IDLs in this same discussion, but they are explicitly opt-in.
Additionally fingerprinting is not a tactic that advertisers want to use - anyone spending real money bets their vendors and wants to stay away from sketchy bs vendors who do that. Google doesn’t want it, TTD doesn’t want it, xandr doesn’t, cococola doesn’t, Nike doesn’t, etc. We all want a technology that is truly privacy focused for users, but still enables functionality that is critical to advertising like brand safety, frequency caps, and some semblance of targeting (even via context). That doesn’t even get into retargeting/dynamic retargeting.
Way to ad hominem, but you're right, I'm not a domain expert. Just a web user who refuses to be tracked and manipulated by advertising, and highly skeptical that any of these changes are done to benefit the user.
> there is nothing to match a fingerprint to, so fingerprinting is useless
Huh? A fingerprint doesn't need to match _to_ anything. It just needs to be consistent across browsing sessions for a profile of visited sites and interests to be built.
> Additionally fingerprinting is not a tactic that advertisers want to use
Really? Citation needed. All advertisers want their ads to be highly targeted to a consumer who is most likely to make a purchase. The reason web advertising is much more appealing than advertising in traditional media is precisely because it allows microtargetting on a level not possible via traditional means. Advertisers are always chasing a higher conversion rate, and microtargetting is proven to yield better results than showing ads to a large and generic cohort of consumers. Advertisers aren't happy about the Topics API, and many will choose the technology that allows them to continue to target ads more accurately. Fingerprinting is so far the most foolproof method of doing this, since it avoids pesky cookie blockers, and is difficult to detect.
> We all want a technology that is truly privacy focused for users, but still enables functionality that is critical to advertising like brand safety, frequency caps, and some semblance of targeting
I call BS on the first part. Ad targetting goes directly against user privacy. There's no reconciliation of the two. Advertisers can go back to buying ad space in context-relevant places (e.g. show fishing ads on fishing-related sites), but none of them want to lose a _substantial_ part of their revenue by not taking advantage of user tracking.
How you can be so defensive about this is beyond me, and leads me to believe you work in the ad industry.
2 replies →
> Modern adtech can track users regardless if cookies are enabled or not, and whether they enable this new Chrome feature or not, via browser fingerprinting. They've been doing this for years.
One of the explicit goal of "privacy sandbox" is preventing browser fingerprinting by limiting informational entropy from user environment. https://github.com/mikewest/privacy-budget
But the implicit goal is that _Google_ now owns fingerprinting in Chrome, versus the various other actors and tech in the space. Same as Apple owning fingerprints in iOS (and thus disrupting Facebook).
For anything “privacy tech” you must divorce the adversarial case (an actor maximizing an attack vector) with the average case (a monopolistic company using the tech to control overall opportunity costs). The latter has under-funded public study because Google et al will both throw gobs of money against it and throw shiny privacy tech problems out there to distract researchers.
That makes it even worse IMO.
Google's justification for this was after all that it's a nerved alternative to persistent user identifiers (like 3rd party cookies), because you have to give the poor, starving advertisers something in exchange if you take away their ability to identify users.
So far, so bad, but if advertisers can in fact still identify users, then FLoC will just be another, relatively high-quality signal that they can add to the profile. (In fact, fingerprinting isn't even needed yet as Google apparently feels it's fine to activate FLoC long before they disable 3rd party cookies. How that squares with the presentation as a privacy feature is a lection in corpospeak I guess)
So especially in that situation, you should turn off FLoC.
They have to set up the replacement (topics API) before they get rid of the previous solution (third-party cookies). Sites need time to adjust and implement the new systems.
They also need to not make sweeping changes to the ad industry that could be described as anti-competitive or monopolistic. I doubt they'd get away with just turning off third-party cookies in their browser.
In the EU, as far as the ePrivacy Directive (cookie law) is concerned, fingerprinting is similar to using a tracking cookie, even if no cookies are actually involved. And as far as GDPR is concerned, fingerprinting can identify a visitor, it counts as personal data, therefore you need a legal basis for processing it.
Not sure what the point you're trying to make is.
Also, Google under Privacy Sandbox has been exploring ways to introduce a fingerprinting limitations and a budget. Which may as well be smoke and mirrors, but if you watch their marketing materials, they talk of fingerprinting in general.
Sites that use tracking cookies rarely comply with the law as it is, and even then skirt around it via "legitimate interests" and other dark patterns. What makes you think they would disclose a behavior that is even more difficult to detect?
We can't assume good will and behavior from an industry that is built on deceiving and manipulating the user. The GDPR is a good first step at regulating these practices, but it's too vague, and it's applied far too leniently. It also obviously only applies to EU citizens, and not to the global industry.
I wasn't familiar with the privacy "budget", but it sounds like Google is trying to define privacy as a scale, where some amount of fingerprinting is OK. Users can be identified with just a few data points, and some are more valuable, depending on the context. Some might even be required for the site to function, so will there be "legitimate" exceptions to the budget in those cases? It sounds like a backwards approach that will be difficult to manage, so I'm not sure it will be a win for protecting privacy.
More importantly, I don't trust that an adtech company will go out of its way to implement solutions that go against its bottom line. These companies have a track record of abusing user data, and the only reason they take these initiatives is for good PR, which is again protecting their bottom line. The entire industry needs much broader and stronger regulation for any of this to actually improve.
1 reply →
Yeah and the Legal Basis will be something like “we need to track users to improve our services”
6 replies →
Google can also use people's IP address since so many use Gmail, Android, YouTube or Google Sync.
> Chrome's invasive new ad platform, ridiculously branded the "Privacy Sandbox,"
Ars seems to be confusing the topics API with the privacy sandbox as a whole. Most features are early, like client hints, while others like privacy budget haven't even been released yet.
https://privacysandbox.com/open-web/#proposals-for-the-web
The whole article is a mess of confusion. FLoC and Topics have nothing in common functionally, aside from being useful for ad targeting.
IIRC the failure of the first lead to the second.
And if Steve Gibson is to be believed Topics is not only an improvement, it's an unqualified good. (I'm not yet convinced though if Google didn't have so many other harvesting avenues I'd see it as better for privacy too.)
1 reply →
Looking at 'Ad topics' in Chrome settings, they seem extremely generic and barely count as targeting. If disclosing these topics to a bunch of websites harms me, I don't see how? I don't care who knows them.
Here you go:
Seems reasonably accurate, but so what? What am I missing?
Those are only some of the top categories, the taxonomy file currently has ~600 more detailed entries and it is rapidly growing. The goal seems to be well in the thousands.
https://github.com/patcg-individual-drafts/topics/blob/main/... https://github.com/patcg-individual-drafts/topics/blob/main/...
https://developer.chrome.com/en/docs/privacy-sandbox/topics/...
Are these subtopics somehow not shown in Chrome settings, or did it not find any?
I think Google is being reasonably transparent here:
- When this was introduced, Google asked my if I permit using those topics. I declined and now in the settings the toggle is switched off, just as it should be.
- Your topics will be listed when you open the ad settings.
- Instead of disallowing topics, you can also block individual topics.
If you count the dark pattern of "we've improved privacy, got it" while having all ad-related toggled on is not "reasonable transparent"
Is it true Chrome keeps third party cookies while all other major browsers have disabled them long time ago? And disabling in Chrome isn't even scheduled, right? Then this is in addition to cookies.
Second, if you have a bunch of parameters attached to you, then you can be tracked. What exactly those parameters are doesn't matter, as long as the set is more or less stable and unique.
Third, do you really want to disclose your interest to every website? Without a way to opt out.
It is scheduled for 2024.
It does matter what is tracked, because advertisers need to be able to match on-site behavior to what they can identify and target in a bid.
You’re not disclosing your interest to every website. Your allowing your browser to store a list of your interests and then advertisers can target users who have those interests. This is miles more privacy focused than the current solution where any vendor can place pixels all over the web to build any audience they want, small or big. They can track really any data they want, combine it with any offline data see they want, and sell it to anyone they want.
you know what is even better? disclosing nothing.
At the end of the day, I think the categories are very broad and better respect people's privacy compared to what we had before. Some people in the privacy community seem to think advertising and tracking in any form should not exist and will always make a stink about whatever incarnation they take.
These proposals were made directly because of legislation like GDPR. It's not as if Google got up one day and said "Let's make our job harder."
> Some people in the privacy community seem to think advertising and tracking in any form should not exist and will always make a stink about whatever incarnation they take.
I don't think I'm in the "privacy community". It's my opinion that advertising will always exist, but tracking is complete horseshit and should be abolished ASAP. I don't think this is a very unpopular opinion either. There seems to be an attempt to Stockholm us all into thinking tracking is a necessary evil we must accept.
3 replies →
It's not harmful.
So, here's the question:
When a large, publicly traded ad-company (that relies on collecting data and tracking users for most of it's income), creates a product that costs them quite a lot of money to make, and then gives that product to you for free...
Do you expect them:
A.) to be taking a loss on that product because they really just want to gift it to you from the goodness of their heart with no ulterior motives?
B.) to actually have another way to make money from that product, which makes the whole endeavor financially worthwhile to them?
People are bending over backwards to justify why they should continue using a browser that is actively hostile to them made by a company whose sole revenue comes from collecting the entire world's data at all times.
I don't mean to trivialize it but it seriously reads like an abusive relationship. Or an addiction or something. Just leave, man.
I read a very apt quote[1] on HN a month ago, about how much Google values Chrome users thoughts:
> Chrome user opinion to them is important to their business in about the same way meatpackers care about what cattle think of the design of the feeding stations. As long as they keep coming to eat, it's just mooing.
1: https://news.ycombinator.com/item?id=37035733
1 reply →
It 100% is an abusive relationship. And it's the same as with Microsoft and Windows. People struggle a lot against it, but at the end of the day, they are completely vulnerable to Windows, as they depend on it.
I don't use Chrome as my main browser but I can see one reason why people continue to do so despite the problems with it: there are simply no good alternatives, only slightly less bad ones. Mozilla absolutely does not care about your privacy as anything other than a marketing tool or they wouldn't keep pushing adding a million different ways the browser phones home and in some cases executes remote code each release. They are also funded by Google. Brave is mired with crypto and also involved in ads. Edge is Microsoft, enough said. Same for Apple's walled garden browser.
If you have to chose one devil over another anyway it becomes easier to put your convenience first and ignore the rest.
1 reply →
I'd expect the government to step in because that is a highly anti-competitive distortion of the market. Microsoft once got punished pretty badly for including a free Internet Explorer with Windows, to the detriment of Netscape. I'm not sure Google pushing a free browser to the detriment of Mozilla is much different.
Not the best example though, as Windows these days is pushing Edge as anti-competitively as ever.
Windows now comes with three built in browsers: IE, Edge(Blink), Edge(Webkit) - none of which can be uninstalled.
Every other update users will bugged about switching to Edge again (exact amount varies by version and locale).
System apps will ignore default browser settings and use Edge to open all links (except in the EU they very recently went back to using the default browser again).
Browser-choice dialogue is gone, instead Edge will pester you if try to use it to download another browser.
Point being, all those punishments did absolutely nothing to stop or curb the anti-competitive behavior.
4 replies →
I’d expect them to consider Chrome a loss-leader to get people online since the vast majority of their advertising is online. So giving people the best possible web experience will increase the amount of ads they’ll see.
Everyone already have built in browsers. If chrome was shutdown tomorrow its not like people would all go offline because they cant access the internet.
2 replies →
No. It is their way of influencing how the web shapes out to be.
Your theory doesn't make any sense since every OS/device comes with a free web browser since I can think.
6 replies →
Google aren't doing it out of the kindness of their hearts. Dominating the browser market means de facto free reign on setting standards. Chrome isn't a nice freebie, it is the most important moat Google has for its AF business.
Without Chrome, Google has no control over its product (your eyeballs as you browse) at all.
> that relies on collecting data and tracking users for most of it's income
How then duckduck go managing to compete with them wituhout collecting data and tracking user to the same extend? https://fourweekmba.com/duckduckgo-business-model/
My understanding is that DDG relies on selling "keyword match" type ads based on what you searched for.
For example: if you search for "standing desk", it will include one or more paid ads that are keyed for some combination that matches with the search query. Those ads aren't targeted at you based on your gender, or your home address or where you eat lunch on Tuesdays or how many devices you regularly use or any number of other creepy shit Google tracks about it's flock of willing cattle.
It's a good point but also not that cut and dry. Chrome started as Webkit, which forked from KHTML, which was part of the very open source KDE.
Has Google benefitted more from other people's open source contributions, or have we benefitted more from Google's open source contributions? The answer is not obvious to me.
I honestly don't see how "who benefited more" matters to the question of whether it's bottom-line worthwhile for Google to give Chrome away for free.
Google impacts infinitely more lives than KDE does…
4 replies →
> Chrome started as Webkit, which forked from KHTML, which was part of the very open source KDE.
Safari started as Webkit which forked from KHTML which was part of KDE.
The various forks of webkit incl Chrome came later. If Chrome was ever based on webkit, iForget.
Option C. (shutdown unprofitable project) would be preferable for me ;)
Google is definitely no stranger to shutting down and killing unprofitable products - often pretty early even. They have a long history of doing just that.
And being a publicly traded company - they would have to shut down Chrome as well, if it actually were unprofitable/not worthwhile.
And they do have the data needed to actually get a relatively accurate picture of how Chrome affects their bottom lines overall. They know what they are doing, giving it away for free.
“I want real Chrome on iOS. Safari sucks! It’s the new IE 6! Chrome is moving the web forward!”
Yeah. Things are going great in Chrome world. Totally should give them dominance over the one sliver they don’t control.
(I have no problem with letting people have FF/etc. but let’s face it, it will be 90%+ Chrome within days)
Honestly I never quite understood why most folks switched so easily and unquestioningly to Chrome.
Maybe I'm just an open source purist. However, I will say that in almost all tests with websites I am actually using Firefox is faster.
(Maybe not that much of a purist: I do use Chrome at work as we're using various Google products... docs, meet, etc, and those work better on Chrome. Go figure.)
When it first came out, Chrome was much, much more performant than Firefox, and had better standards compliance than Safari. It was just a better browsing experience. V8 was a big deal performance-wise.
Firefox has since largely caught-up from a performance perspective, although there is still some functionality inconvenience.
Of course the stated attitude toward the user is night and day - I switched back to Firefox about the same time they started integrating Gmail / Google accounts into Chrome.
Another key differentiator for Chrome, when it came out, was its process isolation model. Firefox has that too now.
> When it first came out, Chrome was much, much more performant than Firefox, and had better standards compliance than Safari
When it first came out, it was almost literally Safari (well, WebKit).
When it first came out, it really was so much faster than every other option that even ordinary users would immediately notice a difference. 2008 Google also had an incredibly positive reputation. If you tried to tell someone in 2008 that Google was an advertising company, you might convince them to agree that it was technically true, but they'd tell you that it was a stupid and reductive view of the company. Everyone was on board with the idea that Google's goal in creating Chrome was to help grow the web because obviously google search was reliant on the open web doing well.
Everyone who was there when it came out knows/remembers why. It was unbelievably fast and lightweight compared to Firefox and IE.
WebRTC support in FireFox and Safari had been abysmal for years. This has now gotten much better.
I wouldn't underestimate the impact the Chrome TV ads had on regular computer users. The banners atop Google search results encouraging people to switch also played a big role. by the time Chrome launched, I think there were a ton of people who were sick to death of hearing one extended family member or another who was into tech cajole them to drop Internet Explorer. Switching to Chrome was easy. Just click the link that Google gave them, and plus, they were familiar with it from TV.
Chrome also stealth installed itself with Adobe flash and reader updates with a default check. I remember it in antivirus software and who knows what else.
I'll admit this traditional installer dark pattern seems quaint compared to what OSes regularly attack users with these days but this was the behavior of most pay-to-pack-in crapware at the time.
Let’s not forget the bubble we’re in here. Google are aiming for Jane and Joe Muggle who click on that icon to get the internet. Google have done a really effective marketing job there, Chrome in that sense is almost like a virus in the way it has propagated for no other good reason.
Firefox also can display images correctly if the site happens to not include a web optimized version in the correct resolution. I don't know the web you visit, but that is pretty common in a lot of places.
Chrome users looked at worse versions of images on the web for years. It is a completely bonkers performance optimization.
Chrome did kick Firefox off in web development tools though, so I can understand some people. But today I don't think there is much difference anymore. I am not web dev though. On the other hand webdevs should know about image quality on websites.
Following this launch I've been test-driving both Firefox and Vivaldi. I'm surprised how few issues I've encountered browsing with Firefox, despite it not being part of the Chromium borg.
I dare say it's actually a nicer experience overall than Chrome, with the caveat that I haven't looked into battery life impact yet.
There are a few replies on performance here: I didn't notice at the time, I just did it because Google was still a 'cool' company.
In the intervening years I bounced between the two depending on which made the most asinine UI decisions but settled on Firefox when my FOSS sensibilities and distaste for Google hardened.
Google sites and services where constantly nagging users to "upgrade to Chrome" and some even broke on Firefox (unless you changed the user agent string to chrome). It was also bundled on nearly every software download site, so you got it even if you never explicitly asked for it.
When Chrome came out, it was and FELT waaaay faster than Firefox or any other browser. By miles. And back then, Google had a great reputation.
I use Chrome in development on a Windows box. Here is my experience with this upgrade:
This roll out is filled with dark patterns. At (2) there is no notification that anything has changed. If not for this article, I would not have known about this at all. At (3) the feature seems intentionally hidden. At (4) the description of these features misleads the user that the purpose is to "use less of their data". This is false, or at least badly misleading. At (5,6,7) they've defaulted all new "features" to "on".
This is all so shady, and very un-Google like. I have such high regard for the Chrome team: was there push back on this? Do they realize what a bad look this is?
> Do they realize what a bad look this is?
Let's say that they do realize it. The 0.x% of users that are aware of, understand, and will do anything other than just blindly continuing to use the software is an acceptable number of lost users. In other words, everyone reading HN could stop using Chrome right now, and Googs would not notice the blip
> This is all so shady, and very un-Google like
Where have you been the last several years?
I was expecting this response, and let me say: it fills me with distaste. You cut off any possibility of improvement, on their part, because no matter what they do, you won't accept it. It is the opposite of constructive criticism: it is an ideological stance.
4 replies →
"This is all so shady, and very un-Google like"
Since when has shady been un-google like? they ditched "Don't do evil" decades ago.
They are definitely acting in far more ethically concerning ways than they used to, but as for literally ditching the phrase “don’t be evil”, most of the internet conventional wisdom on that is incorrect.
When they reorganized to have Alphabet as a new parent company, Alphabet’s code of conduct said “do the right thing”, but the subsidiary Google that still makes everything we usually discuss as Google kept “don’t be evil” in its code of conduct. At a later point Google did move that sentence out of of the most prominent position in the preamble, but it’s now in the second-most prominent place, right at the end.
But, yes, as I said at the start of this comment, they do a lot more awful or potentially evil things than they used to.
Disclosure: I worked for Google years ago, but I left before all the changes I discuss in this comment and had nothing to do with any of them. I am sad to see Google decline to roughly the level of being at least as ethically good as most of their major competitors, instead of far better as they used to be.
I got a notification in browser of this change.
Really? Where? What did it look like?
2 replies →
It's nefarious how they ask you if you want to turn on "ad privacy", indicating that this feature increases your privacy when in reality it does the opposite.
Technically they’re correct: the privacy offered by this new system is superior to that which is offered by the web with no tracking protection.
Thinking about it in a very abstract way I find the whole thing fascinating. Google is clearly terrified that the tracking protection offered by other browsers is going to become the norm and they’re trying to head that off at the pass by implementing this compromise. But I’m not sure why they’re all that worried about it, they still have the lions share or the browser market. Maybe they’re worried about incoming legislation?
If I'm understanding correctly, they're not turning on some other tracking prevention when you enable this "feature". It's strictly a privacy downgrade.
11 replies →
> Technically they’re correct: the privacy offered by this new system is superior to that which is offered by the web with no tracking protection.
That’s not true, this new system is a tracker, not tracking protection. Simply turning it off improves privacy.
4 replies →
As of right now they don't turn off 3rd party cookies when you enable this, so no. This objectively decreases your privacy.
It’s beautiful, from a sociopath’s perspective, if you think about it.
“If you let me punch your teeth out, the stabbings will stop (sometime in the future, terms and conditions may apply)”
All while refusing to acknowledge that there is an option that requires neither punching nor stabbing.
To an uninformed user that takes Google’s words at face value it sounds like an upgrade.
>in reality it does the opposite.
Third party cookies can do everything the topics API can do and more. Third party cookies lets sites collect granular data about what exact site you on and any data they want from it. This API just gives them some topics which may even be a random chosen one and not a real one.
Precisely. The article (and seemingly everyone else) fails to realize that topics is reducible to TPC. If you have TPC then topics provides no additional tracking capability.
Topics is a mess (see a great analysis from a colleague of mine[1]), but it’s a hard sell to call this current step nefarious.
[1] https://arxiv.org/abs/2306.03825
Can you give me a source that enabling the topics API disables third-party cookies? And once Chrome has phased out third-party cookies the topics API will strictly decrease my privacy, not increase it.
3 replies →
I think the Ars writer here is very uninformed. Floc is completely different from Topics, and if you actually read the Topics spec, it seems to be significantly better than 3rd party cookies? At least to me. Maybe I’m missing something.
Topics is a refinement of FloC… no third-party cookies and no Topics would be significantly better but Google is an adtech company and there’s anti-competitive concerns from other ad tech providers
My friend Jake runs an analytics company.
He's faced enormous challenges due to Google's "privacy" policies... Google is removing nearly all access to user data, they don't even like you looking at the user agent string (which issues a warning)... not to mention its impossible to know about search traffic and even referring urls.
Meanwhile Google has access to all this data, so he tells me all this is just gaslighting so they can illicitly protect their monopoly on web data.
Seeing this all go down, it feels like this is exactly Google’s master plan.
1. Roll out stuff they brand as “privacy respecting” that actually collects data for their own use.
2. Brand anything that would give competitors access to that data (third party cookies, user agent strings, etc) as a threat to user privacy.
3. Lock all of that stuff down so that nobody can access it (“we’re protecting you!”)
4. I don’t think we need the ???, it’s just straight to profit, via monopoly over the data.
The brilliant/terrible thing about this is that third party cookie tracking is not great so it’s hard to set up a defensible argument where leaving things as they are is the better alternative. Apple and others have been waging a war on third party tracking for years now, and pushing public opinion in that direction, and it seems to me that Google is playing 4D chess here and using it against them (and frankly, the entire internet).
The solution is very easy for consumers looking for a real privacy solution:
Use a browser that is not made by an advertising company.
In other words, just drop chrome. It has never been easier to do, with Edge and Safari readily available on all major platforms and Firefox for those who prefer it, and of course the many other chromium forks that are around.
There is no reason to be dependent on chrome today. There was a few years where it was overly dominant and very hard to avoid for compatibility and performance reasons, but that is just not true today.
Personally I use Firefox on android and desktop and I don't miss chrome at all. I uninstalled (technically, disabled) it on mobile as Google widgets like to open links in it otherwise.
I have chrome on the desktop as I work in software so I need to test compatibility with it, but that's it.
28 replies →
This is why the worlds largest advertising company should not be fielding a search engine, a massive email platform and a browser as well.
2 replies →
> stuff they brand as “privacy respecting” that actually collects data for their own use
The kool-aid is in their definition of the word "privacy." You and I might think "privacy" means "other entities aren't observing you" but Google in their benevolence knows that it really means "Google will keep your data safe from third parties." Their newspeak doesn't even allow the concept of "data that Google does not collect."
(A friend of mine was involved in the launch of Google Allo. I asked them if it would be possible to use the virtual assistant features offline without sending everything to Google. They never spoke to me again.)
I don't think there's any 4D chess going on here. Nobody is buying Google's "privacy" argument. This is a simple case of other browser vendors improving actual web privacy and Google undermining that effort.
1 reply →
That is Apple's plan, too, except for the collecting data or profiting part. They still have a monopoly on your data, it's just locked on your devices.
3 replies →
It’s the AI thing. Everybody is building walls around their data.
Same playbook with apple vs Facebook
This doesn't make sense. The browser provides the user agent as a header in HTTP requests. They can't detect if or how the server is using that information.
Or do you mean your friend's product is a browser plugin? In which case, um, yes, I don't want it having access to any more information than it it needs to do it's job (and honestly, probably not even that.)
> The browser provides the user agent as a header in HTTP requests.
They (Chrome) are taking it away [0].
[0]: https://developer.chrome.com/en/docs/privacy-sandbox/user-ag...
69 replies →
> Meanwhile Google has access to all this data
I’m loathe the defend Google but I don’t think this is the case. The replacement for user agent sniffing (client hints? I forget) is a universal thing and I don’t think Google has a secret back door tracking mechanism their ad network is able to use. It would certainly be a big story if they did.
> I don’t think Google has a secret back door tracking mechanism their ad network is able to use.
they have 80% population using search, youtube, storing browsing history etc while logged into google account, so they have lots of data about most of the people.
4 replies →
Google’s ad network might not have access. But does Google have access?
Because there are many ways Google can leverage this data without giving their ad network access.
Privacy isn’t just about privacy from ads. There are all sorts of non ad related privacy abuses that can exist.
1 reply →
yes, client hints.
google "has access to all this data" in exactly the same way any other website does. you request the information you need from the client, and the client can choose to provide it or not. clients provide it by default.
hate on google all you want, but UA reduction is objectively a good thing. "my friend jacob wants to slurp up everything from the user-agent string on the first request" is not a good argument.
You only need a backdoor if you do not also have a 6 lane highway to your users premises.
> I don’t think Google has a secret back door tracking mechanism their ad network is able to use. It would certainly be a big story if they did.
Like Chrome??
> Meanwhile Google has access to all this data, so he tells me all this is just gaslighting so they can illicitly protect their monopoly on web data.
To throw them in the same pit, they're taking a page from Apple's playbook: the privacy benefits for the user will justify any market effect from closing the platform and keeping all user data internals. Platform owner gets to protect the user from some of the abuse, while gaining a critical edge on the competition.
In the current climate, I'm not sure there is any good angle to solve this, short of strong regulation limiting the advantage they get from doing these "privacy first" moves (basically find a way to forbid the platform owners from using their own users' data...I'm not holding my breath)
> In the current climate, I'm not sure there is any good angle to solve this, short of strong regulation limiting the advantage they get from doing these "privacy first" moves (basically find a way to forbid the platform owners from using their own users' data...I'm not holding my breath)
Well, you could also look into removing some rules, in addition or instead of piling on new ones. Eg you could weaken intellectual property rights, to make it easier for upstart competitors to take on the established giants.
Or you could make it easier for foreign competitors to enter local markets. (As an example, the US has become more protectionist of their tech markets. And the EU has a lot of red tape that's even harder to follow, if you are from outside the area.)
2 replies →
Are we suppose to feel bad for your friend’s analytic company?
I took it more as an anecdote to show how Google is intentionally using its size and influence to engage in anticompetitive practices by forcing the adtech industry to standardize on technologies that only Google can use effectively.
More of a "be upset with Google" than a "feel bad for my friend" kind of thing
1 reply →
You're supposed to feel bad for people who use Chrome.
That is about the entire desktop user base btw.
We all suffer when competition is stifled.
16 replies →
> not to mention its impossible to know about search traffic and even referring urls.
I think it was the migration to https everywhere that killed that. Not sure why it went down that way, or if Google was responsible.
But yeah, when I ran a blog, I would look through the referrer URLs to see what people were actually searching for and write articles about that because it was obviously an untapped void in the market.
That's exactly what it is. Google spends a fortune on lobbying Brussels to let the natives know that they have their best interests at heart. That's proof of the opposite as far as I'm concerned. Check out the ads on Zaventem airport (right next to Brussels) if you're ever passing through there, it's comical.
Or check this video if you can't make it in person:
https://www.youtube.com/watch?v=f0UevGxfXXY
Years ago I remember having a very similar reaction to many online platforms switch to https. It was pitched as protecting people from isp packet based ads but it always felt more motivated by locking the competition out of the data stream
No offence, but your friend Jake can go fuck himself.
I have very little trust for Google and other megacorps like it, but I have even less trust for parasitic entities like Jake that just piggyback on top of Google's already horrid practices to extract wealth from, so you'll find no sympathy for Jake from me.
I just don't want Google adding extra tracking, I don't mind if they stop your friend Jake from tracking me.
Such is the issue with any business connected to a single large and private infrastructure provider. Of course this is, in part, why we have anti-trust laws.
Is there a write up examining the replacement (cohorts I guess) and showing how it is worse for user privacy?
It's arguably not, depending on how you slice "worse."
Google's philosophy on this sort of thing has been pretty consistent for over a decade: they trust themselves with user data. It goes in a vault, it's very hard to access inappropriately, and they have some of the best security possible on the modern web. Practically speaking, yes, it's still a risk; if the data collections get breached, that's all the data. But they don't see themselves as more of a risk than anything else out there, so for them it's not philosophically inconsistent to claim other companies doing what they are doing should be considered a privacy threat.
... And honestly, I think there's a good case to be made that if you don't trust Google to respect your privacy and secure your data, You shouldn't be using Chrome period, because the organization you don't trust controls the source code of that browser.
1 reply →
Sounds great. Now we just need to figure out a way to stop Google instead of Google and numerous other surveillance capitalism corporations.
>this feature will track the web pages you visit and generate a list of advertising topics that it will share with web pages whenever they ask
This is factually incorrect. It works like third party cookies, but with privacy. A web page can only retrieve a topic if that site has already observe you visit pages of that topic. In order for you to observe a site that site must send a fetch request to you or embed you in an iframe.
If a random site calls document.browsingTopics() they get no topics as not enough data has been observed by them.
I wonder how Brave and Microsoft Edge will handle this change. Are they also going to ship this "feature"?
Everything I'm seeing is that it is Chrome doing this, not Chromium. If the Googs decides to add features on top of Chromium in its Chrome release, that does not mean that other Chromium based browsers will have those changes automatically as well. It totally makes sense to me that Googs would not want these in the base Chromium as it's the secret sauce just for the Googs
The code for it is included with Chromium. Responsibly phasing out 3rd party cookies is important for the whole ecosystem.
https://source.chromium.org/chromium/chromium/src/+/main:com...
I would think Google would want this in Brave and Edge also. Google will want to advertise to the users of these browsers even though they aren't using Chrome.
2 replies →
Microsoft will probably redirect it to their own servers. Brave will probably disable it. It's not hard.
Right now third-party cookies are blocked in Brave, so they'll probably also block this as well, but it remains to be seen. (I avoid Edge)
Microsoft has much more data about you, that just what can be gleamed from the browser.
It doesn't matter if edge does not have this "feature".
Microsoft can simply scan documents on your PC.
Jokes on you, I don’t use Windows
My friend who was the biggest Google evangelist 10yrs ago who went through a round of interviews there (stellar Kotlin programmer) has completely written off the company after this announcement some months ago.
He's committed to deGoogling his life now and is even migrating off Gmail this weekend - I think I'll be joining him.
As someone who has left, let me try to help.
Nextcloud
Syncthing
Firefox
Bitwarden
Aegis
GrapheneOS
F-Droid
ntfy
NewPipe
Signal
Matrix
Stop using email or do custom domain + some service. Sync locally with Thunderbird or whatever you like.
The silver lining is maybe we can return to the days of browser wars. Chrome came out of nowhere to win this and it seemed to dial down in prominance.
Would be great to see more attention being brought to the independent browsers: Firefox, Opera, Brave, Vivaldi etc
Not sure if we are there yet, but seems we are heading that direction.
Opera, Brave, and Vivaldi are just Chromium with an extension or two added and a Chrome feature or two disabled. They're not legitimate browser competition.
There are only 3 real browsers today that meaningfully compete and control their own destiny: Chrome, Safari, and Firefox. Everything else is mostly just a fresh coat of paint on one of those browsers.
Apple, which owns Safari, is the largest company in the world. Alphabet, which owns Chrome, is the 4th or 5th largest company in the world.
Mozilla is a small non-profit that exists to provide meaningful choice. Those others are small businesses trying to make a buck riding Google's treadmill or surfing their wake.
What makes you think Chrome's market share will decrease? Google has a strong hold of their position, and other browsers are barely competing.
If anything, it wouldn't surprise me if Mozilla announces that they're discontinuing Firefox. Those alternative browsers you mention don't even register on the usage radar to be relevant in a browser "war".
Everything seems to indicate that we're heading towards an even worse single-browser dominance than IE had in the 90s.
You shouldn't be suggesting Opera. Opera is full of Chinese foot print.
I still miss the original Opera browser.
It was lightweight and fast, but still managed to have a built-in mail client, RSS reader, and IRC client.
All with a consistent and clean UI that treated the user like an adult. Maybe I'm just old, but I hate the flat "everything looks like a webpage" UIs in today's browsers.
1 reply →
I use Firefox almost exclusively, and have done for years. But there are sites that only work with Chrome. So far I've always either:
(a) Ignored them, or
(b) Used an incognito window.
But now, when I'm forced to use Chrome, I'm seriously looking at disguising my IP address, etc. But this is not my field.
Would a VPN do what I need? Where are instructions that a n00b can follow?
Every site I've found so far has either been:
(i) Advertising;
(ii) Assuming too much competence;
(iii) Out of date, or
(iv) Wrong.
Clear, robust, and up-to-date advice welcome, as I'm sure it would be for many.
> But this is not my field.
> Would a VPN do what I need? Where are instructions that a n00b can follow?
Never used them myself but lots of HN commenters think highly of the VPN services offered by Mullvad [0]. In fact, right now, Mullvad is currently on the HN frontpage [1], from a blog post by Tailscale.
0: https://news.ycombinator.com/item?id=37420053
Disable it here: chrome://settings/adPrivacy
(for now)
You can also disable it by going here: https://www.mozilla.org/firefox/
Wow, Chrome has become Facebook ... having to drill in and find/disable newly added opt-out features.
Time to uninstall chrome! I keep it around just incase but nah.
For almost all the times when you really need Chrome because Firefox doesn't work, Chromium will work just fine. You probably don't need Chrome.
Out of curiousity, what do you use instead?
Not the OP, but I use Safari on my personal devices, or Firefox if I have to use Windows. The efficiency of Safari is unbeatable, and I prefer its UX.
I also use Kagi instead of Google search.
1 reply →
Firefox -- faster, better feature like container tabs, more secure and more private
Brave, Firefox, or Vivaldi.
Vivaldi's team made a statement on the matter:
https://vivaldi.com/blog/news/alert-no-google-topics-in-viva...
Shortly: they disable the tracking forcibly, even if "someone" tries to enable it remotely or via flags.
I’ve been waiting for years for Safari to support multiple profiles so I can have a work and personal profile, instead of using Chrome for work. Finally this year we’re getting that, goodbye chrome, it’s been a fun 10 years. Unfortunately Chrome turned into a bloated mess over time, even before this news I was waiting to switch.
Glad this is getting press!
Google was playing 3D chess when they started developing Chrome, and when they started making moves to strip away things like user agent strings, they were really just making the final moves of a campaign set years before to create a walled garden of ads data.
As much as I hate what Google has done with Chrome and I choose not to use it, the comparisons to the IE6-8 dominance are even more acute when you consider that Chrome is also successful in the enterprise due to its support for both typical group policy/Mobile Device Management configuration as well as its integration into Google Workspace.
Edit: I had initially said “dominant” in the enterprise, but I imagine that title still goes to Edge?
It would be impressive if it wasn’t so depressing and gross.
Not that am in support of Google's ad model or use Chrome with defaults but I would personally take this over 3rd party cookies given the choice.
How about, well, just neither?
Depends on your situation.
1 reply →
Congratulations to everybody who's been working overtime to simp for Chrome for so long.
Firefox has had its ups and downs, but it and its progenitors have been great daily drivers for me over 20 years now. It's not too late. The best time to switch was, well, forever ago -- but today is also a great time to switch. Get on the fucking bus.
"Part III. Put Users First; the Rest Will Follow
Like most companies, Google has a mission statement or "philosophy." Google's philosophy is divided into 10 points; each point is one sentence long. The first and most interesting is quoted in the title of this part of the book. Unlike most corporate mission statements, this phrase did not come about through long committee discussions: This statement is Larry Page's mantra. Early on, when people asked him about financing his projects, he always replied with something like, "Don't worry about it. If our users are satisfied, if we give them all they want and more, we'll be able to find some money.""
https://www.oreilly.com/library/view/the-google-way/97815932...
Switched to Firefox years ago. Hopefully now more people will.
Wonder if there is a "Gentoo for browsers," where you specify certain parts of the stack: layout engine, HTTP engine (cURL), JS engine (V8, none) and conveniences (password management, bookmarks), and the script builds it for you.
The conceit is the ability to view responses as nodes in a graph, and laying filters on top. The tradeoff for performance being introspection and control.
So stop using chrome. Tell your CTO that your engineer department no longer wants to develop for chrome as the primary web app target.
In what sense did google 'get its way'? Was there some legal attempt to stop them that they somehow defeated?
I stopped using Chrome and uninstalled it from all my devices a year ago. It was hard at first, but you get used to other browsers pretty quickly (took me two weeks). Safari on macOS works like a champ, and if I'm doing web development I switch to Firefox which has excellent developer tools (remember firebug?)
Using Firefox or Brave mostly now, good to have another article to use against Chrome. Not to mention MS Edge...
I'm wondering about the "now".
Didn't the very initial release of Chrome, many years ago, already create a unique, identifiable ID per user, and open a connection to phone home to Google servers (using that unique ID) on every single key-press and mouse click done anywhere in the browser?
I just want to say that I’m glad Apple does the exact opposite with Safari of what hostile things Google, Microsoft, and sometimes even Mozilla do to their browsers. Call me an Apple fanboy all day long but they proved for years that they care about speed, privacy, and even simplicity.
"Do no evil". What a joke.
"No, do evil!"
The solution is simple: use Firefox.
I found about https://librewolf.net/ from a web search. Has anyone here tried it or can recommend any other alternative firefox build without telemetry?
lol just updated my chrome before I saw this, I instantly got what it's about and didn't allow, why would I want any ads at all, I have a blocker, it doesn't matter, but that's sneaky from them and unhumane to push for that.
Why do people still use Chrome? I can kind of understand Google search, Gmail and Maps(though search kind of sucks nowadays), but chrome is turning into one of the most user hostile pieces of software.
And there are perfectly fine alternatives that do not sacrifice features or convenience in the slightest. I don't see a legitimate use case for Chrome.
I like the Brave browser, but it is based on Chromium -- how badly is it affected?
Should I just restrict myself to Safari now? I don't really like Firefox for some reason.
Firefox.
And how is Chrome not the new Internet Explorer?
Because it's been less than 6 years since the last Chrome update. Probably less than 6 weeks even.
I'm not a fan of Chrome though. But the problems with Chrome are not identical to the problems of IE.
Because Firefox exists. And anyone can use Chromium to compete with Chrome fairly rapidly.
It’s not the new IE. In my mind it’s worse than the new IE because it achieves similar goals as the IE abuse but without necessarily doing anything illegal.
Mozilla and Opera existed at the time, as well as a bountiful amount of IE shells which essentially acted as the Chromium derivative equivalents. Outside of Chrome (technically) shipping the same binaries across all the platforms it supports, and using scope creep in a more subtle way compared to 90s-era IE, I don't see how the situation is materially different between now and then.
1 reply →
Firefox is barely surviving. Skinning Chromium hardly counts as competing with Chrome.
I agree with you that Chrome is even worse than IE ever was. Mostly because Google is much smarter than MS was when it comes to ensuring market dominance. It will be much harder to dethrone Google, simply because Chrome is a much better product.
Because the new Internet Explorer is Chrome-wannabe
Chrome is not baked into the operating system.
Maybe not yours, but it's baked into the operating systems used by billions of phones (Android) and millions of kids/others with generally lower tech literacy who may not have great context on the privacy implications of these changes (ChromeOS)?
Just… just stop using google.
Stop.
Stop excusing it. “It’s work. It’s my hobby. I like it. But I can make it work.”
Just stop. It’s only hard because you think you’re in this world technology that’s more important than you as a human.
Uninstall chrome. Tell others to do it. Tell others why. Tell others the lies, deceit, marginalization, and corruption. And then don’t participate.
Any thoughts on pros and cons of usung Brave browser on iOS?
Um, sweety, Chrome is the user-tracking ad platform.
Beginning of the end
Hey guys, please stop giving market share to Chrome. Firefox is not only an objectively better browser but you're supporting an open web instead of a terrifying data behemoth.
I think here on hn many people us Firefox, with Chrome as backup for institutional sites that won’t work on FF(at least it’s the case for me). Or other alternativies or all of them interchangeably based on purpose. What makes the real market share is the rest of world outside of hn
It is really hard to fight the advertising and luring of The Google machine. I never mind being annoying to my friends and relatives and talk about how Firefox is a safer and better alternative. People are often surprised that a choice even exists. To many just outside my circle, browser == Chrome , mail == Gmail, phone == Android, maps == Google Maps, payment solution == Gpay, and instant communication == WhatsApp.
It is hard to beat free.
My own 74 year old dad says.. be practical, I don’t care if Google wants to profile me as a 74 year old man interested in watching my regional language news and religious videos. Nor do I care if Google knows that I spend the little retirement money of mine buying these medicines or paying for the taxis. They can try targeting ads to me all they want, but good luck to them, I’m not going to book an expensive holiday in the Himalayas, nor am I going to buy something I don’t want to buy. I just want something that works in a way I have gotten used to. I don’t want change at my age.
I can sympathize with his argument. I just wish young people don’t find an argument like his..
We have regulations preventing some rich dude flooding the market with free product to gain a monopoly and then charge exorbitant prices. Why not the same for digital services in this internet age? I wish we regulated internet services the same way. No “free” email, chat, social services paid for by creepy ad companies. The real cost of these services at the scale of the number of users is minuscule anyway. The field Google, Amazon, Meta and Apple plays at should be leveled for new competition - that is a Government’s duty to enable.
2 replies →
Firefox is mostly paid for by Google, so I wouldn't suspect it's a threat to their goals. I think a 'dumb' protocol or partition of the web might be the best we can do.
Dupe: https://news.ycombinator.com/item?id=37401909
People hate on Google yet...continue to use their services and want to work there. Therefore, people do not disapprove.
Perhaps those are mutually-exclusive groups of people.