← Back to context

Comment by ericpauley

3 years ago

Our research group does work in this space[1], so I’ll claim some familiarity.

This article has multiple problems:

1. Privacy Sandbox is a project, consisting of many proposals. To pitch it as some cohesive product is misleading.

2. Related: FLoC and Topics are completely separate things, aside from existing under the same project.

3. Topics is reducible to (implementable using) third-party cookies. While the proposal has issues and doesn’t resist tracking as well as Google claims (see below article), Ars’ implication that this is somehow making Chrome less privacy-preserving is patently false.

[1] https://arxiv.org/abs/2306.03825

42 comments

ericpauley

Reply
chrismorgan  3 years ago

Although the source article here is clearly opinionated in one direction, I’m not impressed with your claims about actual problems in it. (For reference, I agree with the direction it takes and would make only minor adjustments to it if I were writing it—the only of any substance would be not calling the Privacy Sandbox an “ad platform” just because in a way it’s a little more like a shop that sells picks to ad platforms.)

> 1. Privacy Sandbox is a project, consisting of many proposals. To pitch it as some cohesive product is misleading.

Look, that’s how Google are branding it. It’s an initiative which has turned into a cohesive brand. Just look at how https://privacysandbox.com/news/privacy-sandbox-for-the-web-... speaks of it all. That’s pretty much how it’s being presented in the browser, too.

> 2. Related: FLoC and Topics are completely separate things, aside from existing under the same project.

They’re about as completely separate as Chrome 17 and Chrome 117, or StarOffice and OpenOffice.org. OK, these are both very imperfect comparisons, but although FLoC and Topics work in somewhat different ways, Topics is for all practical purposes just a fork that continues FLoC. They even treated it that way in the browser (at the time at least, no idea if it’s still so). https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts#... seems overall a fair enough portrayal. They simply rebranded the basic concept.

> 3. Topics is reducible to (implementable using) third-party cookies. While the proposal has issues and doesn’t resist tracking as well as Google claims (see below article), Ars’ implication that this is somehow making Chrome less privacy-preserving is patently false.

The first and last claims here are obvious nonsense. Third-party cookies only let you track stuff where your code runs, whereas the Topics API uses the entire browser history, so it’s not reducible to third-party cookies unless you mean something very different from me by that word. Ars’ implication is by no means patently false; as far as the current status is concerned, where they’ve added this and not removed third-party cookies, it’s patently true. In the longer term, it’s less clear, better in some ways and worse in others, but “patently false” is still an unreasonable characterisation.

  • ericpauley  3 years ago

    > Third-party cookies only let you track stuff where your code runs, whereas the Topics API uses the entire browser history

    This is false. Topics only allows ad trackers to see topics associated with sites they were embedded in. In this way, topics is reducible to TPC.

  • charcircuit  3 years ago

    >whereas the Topics API uses the entire browser history

    It doesn't use the full history. If a site is using the Topics API it will only get back topics that it has observed from sites in the last 3 epochs. For site X to observe a topic from site Y. Site Y must either:

    * Be site X

    * Embed site X in an iframe on the page with a special attribute on the iframe element

    * Send a fetch request to site X with a special header and site X must respond with a special header

StewardMcOy  3 years ago

I didn't read the Ars article as saying FLoC or Topics make Chrome less privacy-preserving than it was before, but rather that, once Chrome disables third-party cookies, they make Chrome less privacy-preserving than other browsers with third-party cookies disabled. What the author would prefer is that Google also disable third-party cookies and also not ship FLoC or Topics.

  • summerlight  3 years ago

    > What the author would prefer is that Google also disable third-party cookies and also not ship FLoC or Topics.

    That's not an option now thanks to multiple antitrust regulatories. Google actually tried to get rid of 3p cookies to use it as an advantage against competitors as well as privacy friendly PR but this has been blocked. One example from CMA (but not limited to): https://assets.publishing.service.gov.uk/media/62052c52e90e0...

    • StewardMcOy  3 years ago

      Sorry for responding 12 hours later, but I felt I should actually read the ruling here before I replied.

      It's certainly interesting. The CMA seems to be attempting to balance interests of multiple parties, including both user privacy, healthy competition in the ads space, and the ability for digital publishers to generate revenue from displaying ads.

      However, most of it appears to focus on the way Google's superior access to information could distort competition. It's not just about cookies. For example. Google could mine synced history data from Chrome.

      Now, I'm not so naive as to think this would actually happen, but again, the Ars author's solution here could solve that particular problem: If Google ceased all behavior-based advertising in favor of, for example, subject-based advertising, there would be no distortions to competition. Google can't track you, and neither can other advertisers. Everyone has a level playing field.

      Of course, that would drop revenues for digital publishers and advertising networks, including Google, but it would solve the problems of user privacy and distorted competition.

      The one thing this ruling makes very clear though, is that it's very difficult to balance these concerns while Google makes a browser. There's a conflict between Google running a behavior-based advertising network and shipping a browser, and these regulatory bodies seem to be bending over backwards to try to find a solution where both of these things can exist. They could most certainly have taken the much easier road of forcing Google to discontinue Chrome.

      4 replies →

cageface  3 years ago

Ron Amadeo has such a consistently snarky anti Google stance that I no longer read his articles. I haven't seen any other tech company get such dismissive treatment on Ars.

  • drivebycomment  3 years ago

    Agreed. I think he crossed the line way beyond being skeptical about Google, and into partisan politics level biased reporting against Google. E.g. his coverage of passkey was so bad - misleading half truths and outright incorrect claims - that made a subsequent article on the passkey by another Ars reporter look completely opposite from what he wrote.

    • ghusto  3 years ago

      Isn't that much like how reporting of Microsoft during the 90s wasn't "sceptical", but just calling the pot black? At a certain point — i.e. given enough history — it's a given that a company acts against your best interests. I don't see judging a company on their actions as bias.

      Google is a corporation that does terrible things. That's not bias, it's observation.

      Having said all that, what were his half truths and incorrect claims on passkey? genuinely interested to educate myself.

      4 replies →

  • CatWChainsaw  3 years ago

    What are you upset about, that he's reflexively anti-big tech which includes Google, or that he's anti-Google out of all the big tech? Because personally I don't give any of the FANG+ the benefit of the doubt on anything now.

seanhunter  3 years ago

> Topics is reducible to (implementable using) third-party cookies.

Yes, but aren't 3rd party cookies going to get banned? That seems to be the common assumption in the adtech space. If that's true isn't topics just google's mechanism to continue the kind of tracking that lawmakers are trying to ban by banning 3rd party cookies?

1vuio0pswjnm7  3 years ago

Huh. I did not detect such an implication. The gist of the article for me was Google is using a new system. Perhaps there is an implication that based on the deceptive use of the term "privacy" some users might believe that Chrome is now more privacy preserving. That would of course be patently false.

But it seems this comparison to third party cookies ignores the fact that now one company, Google, gets a maximum amount of tracking data without having to cooperate with any other entity. That potentially could be a loss for privacy because the concentration of personal data at one entity, i.e., Google, requires less cooperation, e.g., data sharing. It's easier.

hedora  3 years ago

It's less privacy preserving in that it is anti-competitive, so now google gets a monopoly on this form of tracking. I assume they'll eventually combine all the data from their other monopolies, and continue to use lobbyists to block improved laws or even enforcement of the existing laws they break.

the8472  3 years ago

> 3. Topics is reducible to (implementable using) third-party cookies.

Even with 1st-party cookie jar isolation?