Comment by arpowers
3 years ago
My friend Jake runs an analytics company.
He's faced enormous challenges due to Google's "privacy" policies... Google is removing nearly all access to user data, they don't even like you looking at the user agent string (which issues a warning)... not to mention its impossible to know about search traffic and even referring urls.
Meanwhile Google has access to all this data, so he tells me all this is just gaslighting so they can illicitly protect their monopoly on web data.
Seeing this all go down, it feels like this is exactly Google’s master plan.
1. Roll out stuff they brand as “privacy respecting” that actually collects data for their own use.
2. Brand anything that would give competitors access to that data (third party cookies, user agent strings, etc) as a threat to user privacy.
3. Lock all of that stuff down so that nobody can access it (“we’re protecting you!”)
4. I don’t think we need the ???, it’s just straight to profit, via monopoly over the data.
The brilliant/terrible thing about this is that third party cookie tracking is not great so it’s hard to set up a defensible argument where leaving things as they are is the better alternative. Apple and others have been waging a war on third party tracking for years now, and pushing public opinion in that direction, and it seems to me that Google is playing 4D chess here and using it against them (and frankly, the entire internet).
The solution is very easy for consumers looking for a real privacy solution:
Use a browser that is not made by an advertising company.
In other words, just drop chrome. It has never been easier to do, with Edge and Safari readily available on all major platforms and Firefox for those who prefer it, and of course the many other chromium forks that are around.
There is no reason to be dependent on chrome today. There was a few years where it was overly dominant and very hard to avoid for compatibility and performance reasons, but that is just not true today.
Personally I use Firefox on android and desktop and I don't miss chrome at all. I uninstalled (technically, disabled) it on mobile as Google widgets like to open links in it otherwise.
I have chrome on the desktop as I work in software so I need to test compatibility with it, but that's it.
I agree in principle, but wouldn't wish the coupon catalog emulator that Edge has become onto anyone. It's beyond bizarre.
My personal picks are Firefox on Windows and Linux, and Firefox or Safari on macOS.
11 replies →
> Use a browser that is not made by an advertising company.
Personal opinion we need to tweak business incorporation rules to firewall ad business from all other types of businesses. Meaning General Motors can't sell ads. And ad companies can't sell cars.
And as someone on this site suggested extend antitrust dumping laws to services.
2 replies →
I’m so hurt by how Edge has turned out. I was ready for a tier-1 browser experience on Windows comparable to Safari on Mac. Microsoft has utterly wasted its leadership opportunity here, cramming in scammy garbage.
Firefox, god love it, is a rough and clunky browser by comparison. Sure you can make it what you want, but it’s an investment. As the only viable noncommercial cross-platform option though, what else are we gonna do
5 replies →
Microsoft is also a web display ads company, what exactly do you think the business model for Bing is?
There’s zero point in switching from Chrome to Edge.
Firefox to my knowledge has no ads revenue, apples limited ads revenue doesn’t come from the web.
Brave I think is a low-key crypto grift run by a homophobe, but still better than Chrome.
On Apple OS also two alternative browsers rising: Arc https://arc.net and Orion https://browser.kagi.com Both making nice progress with their own strong points.
3 replies →
> Use a browser that is not made by an advertising company.
> In other words, just drop chrome. It has never been easier to do, with Edge and Safari readily available
Considering Windows 11 has ads in the operating system, how is Edge not made by an advertising company these days?
[dead]
This is why the worlds largest advertising company should not be fielding a search engine, a massive email platform and a browser as well.
At least it anti-trust laws are hard at work! Glad it's not like the dark ages, when your operating shipped with a default browser that could be used to install any other browser you wanted.
They sure have done a job at positioning themselves at the intersection of maximum control over the web.
> stuff they brand as “privacy respecting” that actually collects data for their own use
The kool-aid is in their definition of the word "privacy." You and I might think "privacy" means "other entities aren't observing you" but Google in their benevolence knows that it really means "Google will keep your data safe from third parties." Their newspeak doesn't even allow the concept of "data that Google does not collect."
(A friend of mine was involved in the launch of Google Allo. I asked them if it would be possible to use the virtual assistant features offline without sending everything to Google. They never spoke to me again.)
I don't think there's any 4D chess going on here. Nobody is buying Google's "privacy" argument. This is a simple case of other browser vendors improving actual web privacy and Google undermining that effort.
I hope the regulators are not and wish Google would be hit with huge antitrust fees in the EU due to this. We shall see.
That is Apple's plan, too, except for the collecting data or profiting part. They still have a monopoly on your data, it's just locked on your devices.
> except for the collecting data or profiting part
Isn’t that pretty much the issue here?
Anyway, what’s really locked? Text messages?
Because I can export pretty much everything else. Images, videos, documents, passwords, bookmarks.
Maybe Apple Music’s playlists?
In what sense is this Apple having a monopoly on your data? If it's "locked on your device" then they don't have it. This is literally what we're asking for, or at least half of it. I agree it'd be nice if we could retrieve everything from the device ourselves, but I'll settle for this (and ensure I never give my iPhone the last copy of anything I care about) over carrying a hostile observer everywhere I go.
Data collection isn’t really central to Apple business model though. I’m not too worried about them.
It’s the AI thing. Everybody is building walls around their data.
Same playbook with apple vs Facebook
This doesn't make sense. The browser provides the user agent as a header in HTTP requests. They can't detect if or how the server is using that information.
Or do you mean your friend's product is a browser plugin? In which case, um, yes, I don't want it having access to any more information than it it needs to do it's job (and honestly, probably not even that.)
> The browser provides the user agent as a header in HTTP requests.
They (Chrome) are taking it away [0].
[0]: https://developer.chrome.com/en/docs/privacy-sandbox/user-ag...
Excellent. Sites shouldn't know what user agent we're using anyway. Pretty much the only thing they use this for is to lock us out when we use "unsupported" browsers. The less information they get, the better. Hopefully they'll get rid of referrer too and weaken fingerprinting methods.
I have no doubt Google has self-serving motivations here but the result is still a win for us. I wish Firefox had enough leverage to force decisions like this down people's throats whether they like it or not but it just ain't so. Reality is imperfect so I'll take what I can get.
39 replies →
I'm all on board calling Google out for slowly implementing a user data protection racket, where Google owns all the data and everyone else is squeezed out and has to go through Google as The central data broker. At the same time this user agent reduction thing seems like a decent idea at first blush and good for users privacy.
28 replies →
> Meanwhile Google has access to all this data
I’m loathe the defend Google but I don’t think this is the case. The replacement for user agent sniffing (client hints? I forget) is a universal thing and I don’t think Google has a secret back door tracking mechanism their ad network is able to use. It would certainly be a big story if they did.
> I don’t think Google has a secret back door tracking mechanism their ad network is able to use.
they have 80% population using search, youtube, storing browsing history etc while logged into google account, so they have lots of data about most of the people.
Right but that’s not a secret back door tracking mechanism. It’s a pretty blatant one!
My point is that even this blatant logged in user tracking won’t be able to use user agent strings to track either.
3 replies →
Google’s ad network might not have access. But does Google have access?
Because there are many ways Google can leverage this data without giving their ad network access.
Privacy isn’t just about privacy from ads. There are all sorts of non ad related privacy abuses that can exist.
A while ago now I booked a room on Expedia, which ended in me getting a confirmation email with an itinerary to my Gmail backed address. Lo and behold, few minutes later a CTA pops up on my Android phone offering to create a matching trip in Google's trip planning product. I'm sure it's all above board once you got into the fine print but it was not a pleasant experience.
yes, client hints.
google "has access to all this data" in exactly the same way any other website does. you request the information you need from the client, and the client can choose to provide it or not. clients provide it by default.
hate on google all you want, but UA reduction is objectively a good thing. "my friend jacob wants to slurp up everything from the user-agent string on the first request" is not a good argument.
You only need a backdoor if you do not also have a 6 lane highway to your users premises.
> I don’t think Google has a secret back door tracking mechanism their ad network is able to use. It would certainly be a big story if they did.
Like Chrome??
> Meanwhile Google has access to all this data, so he tells me all this is just gaslighting so they can illicitly protect their monopoly on web data.
To throw them in the same pit, they're taking a page from Apple's playbook: the privacy benefits for the user will justify any market effect from closing the platform and keeping all user data internals. Platform owner gets to protect the user from some of the abuse, while gaining a critical edge on the competition.
In the current climate, I'm not sure there is any good angle to solve this, short of strong regulation limiting the advantage they get from doing these "privacy first" moves (basically find a way to forbid the platform owners from using their own users' data...I'm not holding my breath)
> In the current climate, I'm not sure there is any good angle to solve this, short of strong regulation limiting the advantage they get from doing these "privacy first" moves (basically find a way to forbid the platform owners from using their own users' data...I'm not holding my breath)
Well, you could also look into removing some rules, in addition or instead of piling on new ones. Eg you could weaken intellectual property rights, to make it easier for upstart competitors to take on the established giants.
Or you could make it easier for foreign competitors to enter local markets. (As an example, the US has become more protectionist of their tech markets. And the EU has a lot of red tape that's even harder to follow, if you are from outside the area.)
> make it easier for upstart competitors to take on the established giants
No specific regulation is stopping this. If anything, all the regulation that are getting added have as a goal to reduce the red tape around smaller players and limit the extent of the giant players' monopoly.
If you were thinking about the rules forbidding dark patterns to suck client infos and accelerate growth, it would be a tough sell to be honest.
1 reply →
Are we suppose to feel bad for your friend’s analytic company?
I took it more as an anecdote to show how Google is intentionally using its size and influence to engage in anticompetitive practices by forcing the adtech industry to standardize on technologies that only Google can use effectively.
More of a "be upset with Google" than a "feel bad for my friend" kind of thing
The privacy preserving ads tech has been around a while and a lot developed outside of Google and Meta. I made a stab at it while an intern at Mozilla, and we basically succeeded at the very easy part of accounting. Training the bandit is a lot harder.
Also the adtech industry in it's current form is harmful to users. First of it exploits tracking vectors. Secondly it's a malware distribution technique second to none.
You're supposed to feel bad for people who use Chrome.
That is about the entire desktop user base btw.
We all suffer when competition is stifled.
The market for private user data should not even exist. So the call for more competition in that area is absurd.
1 reply →
it's not stifling any competition. the data that used to be in the user-agent header is now in the sec-ch-ua header. servers can set response headers to request more information if they want it, assuming the website makes more than one http request, which every website does.
Surveillance capitalism corporations should not even exist at all. They should be illegal.
So it's bad when there's less competition for organized crime?
11 replies →
> not to mention its impossible to know about search traffic and even referring urls.
I think it was the migration to https everywhere that killed that. Not sure why it went down that way, or if Google was responsible.
But yeah, when I ran a blog, I would look through the referrer URLs to see what people were actually searching for and write articles about that because it was obviously an untapped void in the market.
That's exactly what it is. Google spends a fortune on lobbying Brussels to let the natives know that they have their best interests at heart. That's proof of the opposite as far as I'm concerned. Check out the ads on Zaventem airport (right next to Brussels) if you're ever passing through there, it's comical.
Or check this video if you can't make it in person:
https://www.youtube.com/watch?v=f0UevGxfXXY
Years ago I remember having a very similar reaction to many online platforms switch to https. It was pitched as protecting people from isp packet based ads but it always felt more motivated by locking the competition out of the data stream
No offence, but your friend Jake can go fuck himself.
I have very little trust for Google and other megacorps like it, but I have even less trust for parasitic entities like Jake that just piggyback on top of Google's already horrid practices to extract wealth from, so you'll find no sympathy for Jake from me.
I just don't want Google adding extra tracking, I don't mind if they stop your friend Jake from tracking me.
Such is the issue with any business connected to a single large and private infrastructure provider. Of course this is, in part, why we have anti-trust laws.
Is there a write up examining the replacement (cohorts I guess) and showing how it is worse for user privacy?
It's arguably not, depending on how you slice "worse."
Google's philosophy on this sort of thing has been pretty consistent for over a decade: they trust themselves with user data. It goes in a vault, it's very hard to access inappropriately, and they have some of the best security possible on the modern web. Practically speaking, yes, it's still a risk; if the data collections get breached, that's all the data. But they don't see themselves as more of a risk than anything else out there, so for them it's not philosophically inconsistent to claim other companies doing what they are doing should be considered a privacy threat.
... And honestly, I think there's a good case to be made that if you don't trust Google to respect your privacy and secure your data, You shouldn't be using Chrome period, because the organization you don't trust controls the source code of that browser.
I guess my question is: how is Google getting that data now? Is FLoC or Topics beamed to Google ad preferences? Is it included in chrome sync?
Sounds great. Now we just need to figure out a way to stop Google instead of Google and numerous other surveillance capitalism corporations.