
Privacy Sandbox – Open standards to enhance privacy on the web - infodocket
https://www.blog.google/products/chrome/building-a-more-private-web/
======
danShumway
> "large scale blocking of cookies undermine people’s privacy by encouraging
> opaque techniques such as fingerprinting"

"If y'all had just handed over your wallet when we asked, we wouldn't have had
to hurt you. So really, this is your fault."

More seriously, what Google is saying here is that privacy can't be
mainstream. It's no different from the arguments that advertisers gave when
they rejected DNT. They're willing to let a few privacy-minded people avoid
being tracked, as long as that group never becomes a majority. But it was
never their plan to get rid of tracking, every compromise they ever offered
had the catch, "as long as it doesn't affect our bottom line."

It's just another Equifax settlement. "Yeah we offered it, but we never
assumed that so many of you would take it. Be reasonable."

Heck that. If you genuinely believe that people should have a choice about
privacy, then you have to accept that maybe the majority of people will decide
they don't want cookies. You have to take a step back and consider that
browsers that block cookies by default are just reflecting what their users
already widely want; people want their browsers to protect them from tracking
by default, without configuration.You're not offering users a choice, you're
just mad that you can't use dark patterns to make users unsafe-by-default.

This entire article is just insulting.

~~~
Ajedi32
> "If y'all had just handed over your wallet when we asked, we wouldn't have
> had to hurt you. So really, this is your fault."

Seeing as Google doesn't engage in fingerprinting and are actively taking
steps to block it[1], I don't think this is a fair characterization of
Google's position.

[1]: [https://blog.chromium.org/2019/05/improving-privacy-and-
secu...](https://blog.chromium.org/2019/05/improving-privacy-and-security-on-
web.html)

~~~
driverdan
I've downvoted you because, as others have pointed out, your statement that
Google doesn't fingerprint is factually incorrect.

~~~
ocdtrekkie
HN guidelines would prefer that you don't comment on downvoting, as it makes
for boring reading. If you don't have anything substantive to add (such as, if
"others have pointed out" your thoughts already), just vote and move on. :)

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

~~~
yjftsjthsd-h
Although the words "I'm downvoting you" aren't useful, I would argue that
saying _why_ you're downvoting someone is really important. Helps prevent the
feeling of shooting the messenger.

~~~
drankula3
In that case, "I'm downvoting you because you're wrong" could be condensed to
"you're wrong."

------
ghostwords
>Recent studies have shown that when advertising is made less relevant by
removing cookies, funding for publishers falls by 52% on average

The source for this seems to be a Google Ad Manager "study" (a paragraph in
the middle of [https://www.blog.google/products/ads/next-steps-
transparency...](https://www.blog.google/products/ads/next-steps-transparency-
choice-control/)).

Was this an apples-to-apples comparison, i.e. did they serve relevant
contextual ads when they turned off cookies?

Other studies disagree:

>We find that when a user’s cookie is available publisher’s revenue increases
by only about 4%

\-- Online Tracking and Publishers’ Revenues: An Empirical Analysis
([https://weis2019.econinfosec.org/wp-
content/uploads/sites/6/...](https://weis2019.econinfosec.org/wp-
content/uploads/sites/6/2019/05/WEIS_2019_paper_38.pdf))

Edit:

>After GDPR, The New York Times cut off ad exchanges in Europe — and kept
growing ad revenue

\-- [https://digiday.com/media/gumgumtest-new-york-times-gdpr-
cut...](https://digiday.com/media/gumgumtest-new-york-times-gdpr-cut-off-ad-
exchanges-europe-ad-revenue/)

~~~
jefftk
This is a study any publisher can replicate today. Compare an experimental
group with setRequestNonPersonalizedAds [1] against a control group. I think
you'll see similar numbers.

[1]
[https://support.google.com/admanager/answer/7678538](https://support.google.com/admanager/answer/7678538)

(Disclosure: I work at Google, on ads. Speaking only for myself. I haven't
seen anything internal about how this study was run.)

~~~
rurp
Does that test replace targeted ads with contextually relevant ones?

~~~
jefftk
My non-expert [1] understanding is that by default Google's ads are both
contextually targeted and personalized. If you recently visited a mattress
site and they are trying to bring you back for a sale, you'll get mattress ads
everywhere via remarketing, a kind of personalization. On the other hand, if
you're visiting a mattress site for the first time, you'll probably also get
mattress ads, but this time because of the context of the page.

If the publisher requests non-personalized ads, that turns off the
personalization, but not the contextual targeting, so the answer to your
question is kind of yes, kind of no: it removes personal targeting from the
mix, but contextual targeting is always on.

[1] I work in ads, but in tagging not targeting.

------
iamben
Probably going to take some heat for this answer, especially as many of the
comments here are very negatively Google, but I actually think that was pretty
balanced. Sure they're (obviously) protecting their own interests, but
realistically SO much of the web relies on advertising. I mean, how many
startups did we watch over the last 20 years with no real source of revenue
(but some of which were actually fun/useful) end up doing the whole "we'll
just use ads" thing? And ultimately as a product owner (web or otherwise),
you're not going to spend money on ads (and thus fund a whole load the
Internet) if you a) can't make a return on your ad spend, and b) can't
understand what and where performs best.

Don't get me wrong, I hate the super spammy intrusive ads, and sometimes
retargeting does feel like I'm being eavesdropped on, but I can't be the only
one that prefers to see relevant ads? I'd much rather see ads for sneakers and
watches (which I'll frequently click), than I would for some other junk that
doesn't interest me. I genuinely don't mind ads if I know it's supporting the
thing it's displaying ads on.

And as for the cookie stuff - it's a complete mess now. I get that we as a
community should probably be spearheading SOME sort of privacy to bubble down
to those that don't 'get' it, but talk to the bulk of my non-tech friends and
it's a non issue. All those cookie popups are clicked without being read (and
they never will be read ever get, that behaviour has been established) - the
brightest button gets the click and they can move on and get to actually
looking at what they wanted. Literally nobody reads, cares or understands.
Even the "they're selling my data" / "they're tracking me scandals" \- maybe
five minutes of outrage and then assuming you can still share cat memes and
holiday photos, who cares? Yesterday people were all over Instagram sharing an
outraged message that "Instagram have no permission to do what they want with
my content" \- and yet no one left IG. Everyone is still back today, business
as usual.

I think at least _exploring_ this whole thing in a way that's balanced towards
the entire internet ecosystem is way more thoughtful than a knee-jerk "block
everything, privacy everything" response. It's a pretty emotive topic, and
close to a lot of our hearts, but we definitely need more talk. Just my 2c!

~~~
saagarjha
> Don't get me wrong, I hate the super spammy intrusive ads, and sometimes
> retargeting does feel like I'm being eavesdropped on, but I can't be the
> only one that prefers to see relevant ads? I'd much rather see ads for
> sneakers and watches (which I'll frequently click), than I would for some
> other junk that doesn't interest me. I genuinely don't mind ads if I know
> it's supporting the thing it's displaying ads on.

None of this fundamentally requires the surveillance apparatus that most ad
scripts come with.

~~~
Ajedi32
I think that's exactly Google's point. They're trying to build an alternative
system which allows ad personalization, but blocks the sort of intrusive
tracking prevalent in the modern-day advertising industry.

~~~
driverdan
> They're trying to build an alternative system which allows ad
> personalization

That's the antithesis of privacy. You can't have personalization without
privacy invasion.

~~~
Ajedi32
That's false, and can be trivially shown to be so with a simple hypothetical
counterexample:

Imagine a system where ad servers sent 10 ads to your browser instead of one,
and then your browser decided which ad to show you based on some settings you
previously selected in your browser settings page. There you have it:
personalization without privacy invasion. Easy.

Google's system will undoubtedly be a bit more complex than that, but there's
no reason why it would necessarily have to invade your privacy just because it
allows ad customization.

~~~
Drdrdrq
The system you suggest doesn't come near privacy. Sure, there is some
uncertainty over which ad was shown, but as soon as it is clicked you have
revealed that too. And it's clicks and page visits that buils visitor's
profile, much more than ad views.

~~~
wstrange
If you are that concerned about privacy, why would you click on the ad?

~~~
saagarjha
Why would I want to see online ads that I can click on if I can't actually
click on them?

------
sha666sum
> _Second, blocking cookies without another way to deliver relevant ads_
> significantly reduces publishers’ primary means of funding, which
> jeopardizes the future of the vibrant web.

Herein lies the issue. Users blocking cookies are trying to avoid being
tracked and "seeing relevant ads". Essentially, he is trying to create web
standards in order to do the thing that users specifically don't want them to
do. Google's business model requires Schuh to twist logic in a manner that
makes it seem like it isn't so.

~~~
Ajedi32
Is "I don't want to see relevant ads" _really_ the user's ultimate goal? Or is
their goal actually something more like: "I don't want advertisers tracking
me", and not seeing relevant ads is just a side-effect of that?

It sounds to me like Google's goal here is to give users what they want (less
tracking, better privacy) _without_ hurting their ad revenue. That seems like
a reasonable compromise to me, assuming they can pull it off. At the very
least, it's an improvement over the status quo.

~~~
sha666sum
I left out of my comment that there's significant overlap between users who
block cookies and those who use adblockers. Many users simply don't want to
see ads, but are subject to intrusive tracking nevertheless.

However, you are right that most people would probably be fine with
personalized ads if it was possible to show them without identifiable
tracking.

Personalizing content without identifiable tracking is a really hard issue
that I'll be surprised if anyone ever manages to solve. It will also most
likely involve some compromises that hurt Google's bottom line, so I think the
financial incentives just aren't there for them. Given those two assumptions
and Google's track record, I think it's absurd to assume that any standard
they create will meaningfully improve user privacy.

Also, I fear their new standards would most likely just circumvent the tools
available for users to avoid tracking, as the tracking would be baked into the
browser itself.

~~~
prophesi
What gets me is that you can very easily have personalized ads just by showing
an ad relevant to the content on the current page.

There's no need for harvesting any data on the user, or tracking them across
sites in this case.

~~~
NoGravitas
This, is, indeed, a big part of Duck Duck Go's business model: showing you ads
that are related to _what you just searched for_.

~~~
freeAgent
This isn't a foreign concept, either. It's how everyone started out. Google
just thought they could charge more for ads if they also began tracking users
so they could display higher-value ads that are supposedly relevant to a user
regardless of the content of the page they are on. It turns out that they were
right, and they are able to make more money doing this. Unfortunately for the
rest of us, privacy is collateral damage.

------
gorhill
> large scale blocking of cookies undermine people’s privacy by encouraging
> opaque techniques such as fingerprinting

The safest assumption is that fingerprinting is and will be used regardless of
whether local storages (of which cookies is one flavor) are forbidden -- these
are not mutually exclusive.

~~~
travisporter
I enabled fingerprint blocking on Firefox after reading this. Does it break a
lot of websites? This site says some banks use it to authenticate.
[https://medium.com/slido-dev-blog/we-
collected-500-000-brows...](https://medium.com/slido-dev-blog/we-
collected-500-000-browser-fingerprints-here-is-what-we-found-82c319464dc9)

~~~
jazzyjackson
I closed my accounts with Chase and Citi because I kept getting locked out of
my accounts for suspicious activity. Disabling PIA VPN helped but I never
could figure out what else about me trying to avoid being tracked looked
suspicious.

Apparently they take a 'only criminals would clear cookies' approach.

~~~
_underfl0w_
Maybe you're mistaking that for "only criminals would use a VPN [to disguise
the true origin of their web requests]" approach.

Still not an absolute one should be unequivocally confident in, but risk
management types for a major bank... probably don't care.

~~~
yjftsjthsd-h
Then we simply decline to do business with them. Either they learn to care...
or we don't care anyways, because they're no longer our problem.

------
wybiral
This reads as "save the cookies" to me. From a company who specializes in
tracking of all forms including location from our phones and parsing all of
our emails to enumerate our recent shopping orders on 3rd party sites.

What if websites just return to contextual ads and proper opt-in consumer
studies (as traditional groups like nielson still do) instead of tracking
everything their users do online and offline for aggressive targeting?

Then we wouldn't need to "save the cookies".

~~~
starbugs
This reads as "we will make tracking harder for everyone else but us" to me,
which is even worse.

~~~
dimator
Wait how is that? At the very least, what they're proposing sounds like open
specs and industry standards.

~~~
starbugs
It doesn't matter. That's the beautiful thing about being the owner of Chrome,
which kind of is "the web" now. Open specs and industry standards are
basically what you propose and accept. And you get the data anyway regardless
of these standards since you own the OS (Android), the browser (Chrome), and
the search engine. So anyone else getting less data equals you being ahead of
all others even more equals your risk of being disrupted is even lower.

Welcome to the net monopoly!

------
jedberg
At the end of the day, Google has a fundamental crisis. Their entire business
depends on your lack of privacy from them. They would be happy to help keep
you private from everyone else but they definitely need to invade your privacy
to keep their business alive.

~~~
ehnto
I wonder if they could survive off of search page ads and website contextual
ads? No user targeted ads. If they could, they could squash the invasive
marketing advertisers with lobbying for privacy policy and then regain a total
monopoly as no other tracking adtech is viable anymore.

I personally believe fingerprinting should be illegal, and that any company
that relies on it is inherently unethical. I think Google could survive
without it.

I am by no means a Google fan either, just recognizing they have some power
here and that fighting for ethical policy might actually be a good business
move.

~~~
ocdtrekkie
Contextual ads would be perfectly fine and unlikely to be any less relevant
than user targeted ads. However, _any ad company can easily offer this_.
Google's raisin-d'etre is that they track everyone on the Internet, and that
they claim by doing so, can offer the best ads. If they admit that's not true,
you might as well go with any other ad company.

~~~
ehnto
In my read of the situation, Google's ads dominate because of their network.
Other ad suppliers can't put their ads into Google search results, and it
would be hard to build a network of display advertisers as big as Google's.

I wouldn't mind a shake up in the display network side of things. "Carbon" ad
network is a great example of what can come out of a niche, well managed ad
network and people choose them because they are present where the eyeballs for
their demographic are. Like putting motor oil adverts on a racetrack. You
don't have to track people around for those types of networks to work.

~~~
floatboth
Oh yeah, there were multiple networks like Carbon, The Deck, etc. The only
kind that doesn't suck.

It's weird that tracking-based ads have taken over. Logically, contextual
makes a lot more sense. But apparently statistical data is telling ad
companies that tracking is worth it :(

------
falcolas
Personally, I don't trust the fox (Google) to guard the hen house (my
privacy). Sure, they might keep other foxes away, but I'll still be short a
few hens at the end of the day.

------
jsgo
Going to try to respond to this in good faith. I know there is some intrinsic
bias what with Google being an ad company, but I'll try to ignore that and
assume they wish to protect users within Chrome, advertising division be
damned.

On point one, regardless of cookie blocking or not, these more aggressive
means of tracking users are going to happen. If they (ad programs) can eke out
extra data points on users, that's more value that translates into revenue for
them so of course they're going to do it. They're saying they're going to do
what they can to mitigate fingerprinting, face value, that's great, but it's
like anything: a game of cat and mouse where when one opportunity closes,
they'll chase another.

Point two is going to be a hard sell. They're asking users to care about
advertisers when users have had issues with advertisers before (massive string
of redirects to a "congratulations, click here for your free Amazon gift
card/Xbox/whatever" page that screws with the tab's history to the point you
can't even get back to where you were before requiring closing the tab
anyone?). I don't disagree that advertisers are a necessary evil on the
Internet (sites want to make money, we're usually not paying them, so forth
and so on), but at the same time, some networks are historically bad for user
experience: not in a "ah man, that banner ad is annoying" way, but in a "it
just hijacked the page and now I'm trying to do a bunch of stuff to get back
to the content/away from the site" way.

~~~
kotrunga
I don't think Google has its customers best interest in any of this. They try
to make it seem like it at face value, but to deliver real privacy, they
wouldn't get the data they need for their own business.

An example from the article- "First, large scale blocking of cookies undermine
people’s privacy by encouraging opaque techniques such as fingerprinting."

I'm pretty sure fingerprinting can happen either way. It's just easier for
Google to control cookies and prevent users from blocking cookies because
cookies will provide more exact data on what Google wants.

They'll sell the point that they will keep your data safe from 3rd parties...
but they will use it for their purposes however they please.

~~~
AlexandrB
> I don't think Google has its customers best interest in any of this.

It absolutely does! Google’s biggest customers are its advertisers. We’re
Google’s _users_.

~~~
_underfl0w_
This distinction seems to escape a lot of people - not just the shills!
Customers != users. Thanks for pointing it out.

------
Ajedi32
What's funny is, despite all the criticism this is getting on Hacker News,
this move is probably going to end up doing more to improve the online privacy
of the average user than every ad blocker and tracking blocker has combined
over the last decade or so.

Google, the world largest ad provider and browser vendor, is essentially
proposing to tear down the web's current free-for-all cookie-based ad
targeting and conversion tracking system, and replace it with a privacy-
respecting one built on standardized APIs implemented by the user's browser.
If they're even _moderately_ successful at this, it's going to be a _huge_
improvement to the current status quo of online advertising from a privacy
perspective.

For those who haven't, read the Chromium blog post on this effort[1] and the
associated early proposals[2]. They're a lot more concrete about what exactly
this new vision entails.

And for those cynics who are skeptical of this effort just because of their
preconceptions surrounding the company proposing it, consider this: Google has
every reason to want to improve the reputation of online advertising. Better,
more privacy-respecting ads mean less people blocking ads, which means more
revenue for Google. Last year Chrome implemented a built-in ad blocker for a
similar reason[3]. Personalized ad targeting doesn't have to mean compromises
to user privacy, and Google intends to prove it.

[1]: [https://blog.chromium.org/2019/08/potential-uses-for-
privacy...](https://blog.chromium.org/2019/08/potential-uses-for-privacy-
sandbox.html)

[2]: [https://www.chromium.org/Home/chromium-privacy/privacy-
sandb...](https://www.chromium.org/Home/chromium-privacy/privacy-sandbox)

[3]: [https://blog.chromium.org/2017/06/improving-advertising-
on-w...](https://blog.chromium.org/2017/06/improving-advertising-on-web.html)

~~~
danShumway
All of these proposals are compromises.

Even Privacy Budgets (a genuinely interesting proposal) is not particularly
useful right now, because in order for a Privacy Budget to work, you first
have to identify and build blocking tools for all of the potential
fingerprinting vectors it encompasses -- that's the actually hard problem that
Safari and Firefox are working on right now.

The only reason Google is at the table at all is because they have to be.
They've disclosed multiple times in their earning reports that they consider
adblocking to be a threat to their business, and adblock usage is pretty
steadily rising. Right now adblockers are a minority, but if nothing changes
they will eventually be a majority. Google's only here to stick a foot in the
door and say, "but you're not gonna block _all_ tracking, right? We'll come up
with some advertising tools that are actually palatable."

But that's the problem: palatable isn't good enough any more. Given that
Google is likely only here because they feel threatened, and given that other
browsers like Firefox are putting in the majority of the work right now to
actually block fingerprinting in the real world outside of proposal documents
-- as a user, why should I be excited about compromising with the advertising
industry?

Why should I be excited about blocking most tracking, when I have two browsers
who are committed to blocking all tracking?

Google is really misreading the room here. Since when has the advertising
industry ever showed restraint about anything? They're not going to stop
fingerprinting just because an extra API exists. We can't bribe the industry
into not tracking us with concessions, we just have to buckle down and block
fingerprinting. There's no advantage to compromising; there's no reason to be
excited about a theoretical new, better way to serve targeted ads when you can
just _block ads_ instead.

~~~
Ajedi32
The fact that these proposals are compromises is _precisely_ what makes them
so potentially effective.

Instead of playing the usual game of cat and mouse where browsers move to
block tracking and ad providers respond by coming up with creative ways to
circumvent those restrictions ad infinitum, Google is creating a mutually
acceptable compromise where ad companies don't _have_ to fight against user
privacy in order to make a profit.

It sounds like you believe you've got the upper hand in this fight, so you're
more inclined to push for unconditional surrender rather than a peace treaty.
That's understandable, and if you want to go that route I'm sure there will be
other browsers and browser extensions which will continue to pursue that
strategy. Just as, as you say, there will probably be advertisers who continue
to peruse the "gather as much data on users as possible" route (though Google
plans to fight those advertisers themselves to maintain the truce). But that's
not the _only_ valid solution to the problem, and I'm glad to see Google
offering an alternative.

~~~
danShumway
I do think that blockers have the upper hand, but even if they didn't, I
wouldn't trust a compromise solution like this.

As a reminder, we're talking about an industry that uses wifi signals to track
customer's positions through stores, that has embedded trackers in TV sets,
that has bought credit reports on customers. The advertising industry is
addicted to data; that's not going to change just because Google says so.

If Google's compromises here made me think that that advertisers weren't going
to use fingerprinting any more, then I'd be more open to the idea. But even
Google isn't pretending that proposals like FLoC will mean that browsers won't
have to block fingerprinting.

And post DNT, I don't even trust that it would only be occasional bad actors.
Advertisers have made it obvious that they're willing to compromise on privacy
only if it doesn't cost them anything at all. The moment people en-mass start
using private options, they'll back out of the arrangement the same way that
they always have under the excuse that they have to stay competitive with
advertisers who do fingerprint. Give it a year, and we'll be seeing think
pieces about how FLoC just doesn't provide enough granularity, so we have to
use FLoC _and_ data-point X to be competitive.

So if we compromise with the advertising industry, and we _still_ have to
block fingerprinting to prevent bad actors, and it's the same amount of work
to plug the same number of holes, what do we actually get out of this
arrangement as users? It's not just that it's a compromise, it's a compromise
that has no value to anyone except advertisers.

~~~
Ajedi32
Seeing as how Google themselves (possibly the world's largest advertiser)
seems willing to compromise, I don't think it makes sense to assume no other
advertising company will be willing to follow them down that path. And even if
no other advertisers were participating, isn't the fact that Google themselves
_are_ participating already a huge win? They are a pretty big player in the
advertising industry after all.

As a user, what you get out of this arrangement is that a large number of
online advertising agencies will stop _trying_ to build systems that track
your online activity, because they won't need to track you anymore to run
their business effectively. They can get what they need in a way that doesn't
hurt user privacy.

Yes, there'll be bad actors, but as you said that's a problem we'd have
anyway. At least this way the number of bad actors will be reduced, and the
economic advantage gained by such misbehavior will be minimized. Why would an
advertising agency bother spending a ton of money trying to develop new
fingerprinting techniques to fight cookie blocking if doing so doesn't result
in any significant revenue increases over just using FLoC?

In effect, Google is fighting a two-pronged battle against online tracking:
they're increasing the cost companies need to spend to track users, while
simultaneously decreasing the economic benefit gained from doing such tracking
in the first place.

------
olivierduval
It's (almost) funny to see how Google "reframe" the concept of privacy to
preserve its business model !!!

\- "large scale blocking of cookies undermine people’s privacy by encouraging
opaque techniques such as fingerprinting"... so it means: one way or another,
it's OK to gather as much information as possible to show relevant (targeted
and weel paid) ads. But there are good ways (cookies) and bad ways
(fingerprinting).

\- "blocking cookies without another way to deliver relevant ads significantly
reduces publishers’ primary means of funding". And what about delivering
"standard" ads ???? Newspapers have shown non-targeted ads for years and
nobody complained about that (I mean... except marketers maybe). If publishers
stopped relying on targeted ads, maybe they may at last find some really new
business model (like shared subscription) instead of just being lazy, using
Google/Facebook products ?

\- "If this funding is cut, we are concerned that we will see much less
accessible content for everyone", meaning...? Oh... less things to show on
google search engine and with AMP. As Google is not producing content by
itself but using (stealing?) content produced by others, it's quite
understandable that their bottom line is tied up to the content publishers
providing free content. Actually, maybe Google should pay content provider to
be able to include it in their serach engine ? (ok... link the link tax)

It seems to me that Google doesn't understand that users DON'T WANT TO BE
TRACKED AT ALL. It has gone too creepy for years. It's not a matter of being
tracked by one trick or another, it's not been tracked AT ALL. But, admitting
this would mean the end of GoogleAds. And Google seem to has lost any
creativity to find new solutions to replace that product that users can't bear
anymore. Sad... "do no Evil" if really gone forever :-(

~~~
kotrunga
You're right. But, Google _does_ understand that their users don't want to be
tracked. They just don't care.

The __real __solution is to "Get off Google". If _everyone_ reading this did
that, would it impact them? No, they would be fine. But I think it's better to
do _something_ rather than nothing.

~~~
Despegar
>If everyone reading this did that, would it impact them? No, they would be
fine. But I think it's better to do something rather than nothing.

As with climate change, systemic problems can't be solved with individual
action.

~~~
techsupporter
This seems like a cop-out to me. “What can I, as one person do? Just don’t
bother since the impact is tiny.”

I think people leave out the word “only” in statements like yours. Systemic
problems can’t be solved with _only_ individual action but the actions of many
individuals can very much set examples, serve as encouragement to others,
shift norms, and make the political space for regulated or coordinated action
more available.

We should not exempt ourselves from individual action, especially when it is
inconvenient, simply because our small change won’t single-handedly solve the
whole problem. This goes for browsers, “free” email, privacy, and
environmental impact.

~~~
jeromegv
True. Customer boycott have worked in the past. DELETEUBER campaign was quite
a big PR nightmare for Uber and this could be measured in their market share
vs Lyft.

Same from buying power. You can either buy from small business and make a
difference for a family. Or you can keep shopping at big box stores. Sure it
feels like a small impact, but this isn't small at all for the small business.
Those things add up.

------
ziddoap
> _Technology that publishers and advertisers use to make advertising even
> more relevant to people is now being used far beyond its original design
> intent - to a point where some data practices don’t match up to user
> expectations for privacy._

The whole thing reads like Google is just discovering the abuse that they
themselves have perpetuated and bred into a real monster.

But, a noble goal nonetheless.

------
amluto
> Second, blocking cookies without another way to deliver relevant ads
> significantly reduces publishers’ primary means of funding,

Cookies and tracking have nothing whatsoever to do with relevant ads.
Publishers can put ads relevant to their content on their pages with no
client-side participation whatsoever.

Tracking is important for ads that target the user. The targeted advertising
business may account for huge amounts of money spent, but I would argue that
it is a race to the bottom and adds no value to the overall economy. The
outright failure of the targeted advertising industry would arguably be a good
thing.

------
hackerbrother
Why can't publishers like the NYT simply sell ads directly to businesses, and
display them without using adsense and tracking? Like newspapers used to do
back in the day...

------
cameronbrown
Relevant Chromium Blog post: [https://blog.chromium.org/2019/08/potential-
uses-for-privacy...](https://blog.chromium.org/2019/08/potential-uses-for-
privacy-sandbox.html)

------
ocdtrekkie
"Privacy Sandbox" ...Okay, sounds good.

"ensure that ads continue to be relevant for users" ...Oh, that's what this is
about.

------
nerdjon
Let me guess, everything about "Privacy Sandbox" is meaningless when the
company that proposes it also holds a major stronghold on the web thanks to
Google Analytics, Google SSO, etc. Google themselves will likely barely be
impacted (and why should we expect otherwise, google is not going to shoot
themselves in the foot)

Makes me think of this quote from the webkit policy
[https://webkit.org/tracking-prevention-policy/](https://webkit.org/tracking-
prevention-policy/) :

> When faced with a tradeoff, we will typically prioritize user benefits over
> preserving current website practices. We believe that that is the role of a
> web browser, also known as the user agent.

Google clearly does not believe that.

~~~
ehsankia
Except without advertising half of the internet collapses. And to anyone
suggesting that a paid model will just surface, I don't really want to live in
a world where only the rich have access to tools as useful as Maps, Translate
or Youtube.

~~~
jedberg
> Except without advertising half of the internet collapses.

You can still run ads without knowing anything about the user. They will be
less targeted and less profitable, but you can still use them.

~~~
jefftk
_> They will be less targeted and less profitable, but you can still use
them._

Specifically, about half as profitable:
[https://www.blog.google/products/ads/next-steps-
transparency...](https://www.blog.google/products/ads/next-steps-transparency-
choice-control/)

 _" Based on an analysis of a randomly selected fraction of traffic on each of
the 500 largest Google Ad Manager publishers globally over the last three
months, we evaluated how the presence of a cookie affected programmatic
revenue. Traffic for which there was no cookie present yielded an average of
52 percent less revenue for the publisher than traffic for which there was a
cookie present."_

(Disclosure: I work for Google on ads, speaking only for myself)

~~~
ocdtrekkie
Wouldn't this data be tainted by the fact that those deleting your cookies are
the sort of people who actively adblock or protect their privacy, and hence
are naturally unlikely to click on ads?

If the default for everyone was to not target users, the actual revenue value
would probably be a wash, because ad targeting is useless.

~~~
jefftk
Ad blocking users wouldn't be affected by the study at all.

~~~
ocdtrekkie
Perhaps, but many are using other privacy protection methods. Like I use
Privacy Badger, which aims to largely leave ads but kill tracking cookies. I
don't ever click ads though, so people like me are who fill out much of the
"no cookie" market.

If everyone didn't have user tracking, the metrics on the effectiveness of
stalking everyone would be very different.

------
yalogin
The post does not even give a high level technical aim of they want to achieve
it. They just threw a "privacy sandbox" phrase at us that's it. If they are
talking about standards there must be some technical solution they have in
mind. What is this? Does anyone know?

~~~
anaphor
And will we be stuck with whatever solution they come up with, even if it
sucks, just because it's Google and they can pressure everyone into following
them?

------
open-source-ux
It's hard to take seriously initiatives like this. Google tracks users on a
industrial scale that no other online company can match. Their digital
fingerprints can be found in every corner of the web. Just why are they so
obsessed with tracking users to death? I'm beginning to believe that tracking
online behaviour is in the DNA of the company and that it simply can't reign
itself back. It escapes serious scrutiny, not least because the tech community
would rather rush to it's defence than scrutinise it's practices and
behaviour.

It has, in my view, a narrow view of privacy (shared by large swathes of the
tech community) which is essentially: privacy = security. Of course, you can't
have privacy without security, but security by itself does not equal privacy.
Or put another way, Google's attitude is essentially: we'll track you to
death, but we guarantee that information will never leak from Google. The
response from large swatches of the tech community: that sounds fine.

------
CamelCaseName
I breathed a real sigh of relief when I realized this initiative is about
privacy, rather than privatizing the web.

~~~
zzzcpan
> I breathed a real sigh of relief when I realized this initiative is about
> privacy, rather than privatizing the web.

Well, an initiative for other browsers, publishers, and their advertising
partners to protect adtech is definitely not about privacy.

------
maximente
> Privacy is paramount to us, in everything we do

this statement is fraudulent and Justin Schuh should be embarrassed to have it
associated with his name. i'm tired of being lied to about this company's
obviously fake "values".

~~~
tobr
Here’s another fuddy lie:

> Second, blocking cookies without another way to deliver relevant ads
> significantly reduces publishers’ primary means of funding, which
> jeopardizes the future of the vibrant web.

I think you could argue that targeted advertisement has jeopardized the future
of the vibrant web.

~~~
ignoramous
I like the word, _fuddy lie_. Never heard it before. Here's a new motto for
Goog in light of the current article: "Don't be fuddy".

This Google piece somehow tops Mark Zuckerberg's 3000 word drabby drivel:
[https://www.facebook.com/notes/mark-zuckerberg/a-privacy-
foc...](https://www.facebook.com/notes/mark-zuckerberg/a-privacy-focused-
vision-for-social-networking/10156700570096634/)

------
z3t4
I have a better idea, bake in ID in browsers, then make the website/script
request the ID and the user can choose if they want to identify themselves or
not. A basic ID should only be a public key. Then the browser can make a
"signup" request where they can get more info about the user. The user id can
then be used for a passwordless login. Kinda like Google or Github ID but
built into the browser, standardized and easy for developers to integrate. For
extra security client certificates can be used (but current implementations
need to be overhauled) and second factor hardware keys can be used for
additional security. Ad publisher do not need to have the same level of
security as bank id, so there need to be something very basic and easy to
implement as well.

------
techntoke
"Some ideas include new approaches to ensure that ads continue to be relevant
for users, but user data shared with websites and advertisers would be
minimized by anonymously aggregating user information, and keeping much more
user information on-device only. Our goal is to create a set of standards that
is more consistent with users’ expectations of privacy."

These ideas don't work together Google. First, I don't want to see ads at all
to lookup information. Encyclopedias didn't have advertisements in their Table
of Contents. Second, you can't show relevant ads for users while keeping user
data anonymous, especially when your algorithms and methods of doing so are
closed-source.

------
no_wizard
Here's a thought, addressing the point of

>>Recent studies have shown that when advertising is made less relevant by
removing cookies, funding for publishers falls by 52% on average

Has anyone ever done a study of some sort of natural heuristic advertising?
Instead of tracking people, track what a publisher publishes and through that,
you can make some very plausible (and specific, I'd think) assumptions about
the people who consume those publications.

Like, if I'm reading arstechnica, you don't need a tracking cookie to tell you
that I am likely intersted in:

\- Video Games \- Consumer Electronics \- Some light-medium
scripting/programming \- Generally am technology minded

Is that not valuable to advertisers somehow?

I might have this whole game wrong.

~~~
etchalon
Wasn't this sort of the point of the Google Ad Network, originally? You could
place ads on sites which contained keywords relevant to your target.

Of course, content farm sites ruined the whole thing.

------
nubela
I find this rich, coming from Google.

------
tcd
Yet they don't mention Android, where the security is so lax you can also be
fingerprinted and data sent to a remote server without you ever knowing, where
Chrome on Android doesn't even allow you to use ad blocking tools?

This is a weak attempt at showing how tracking Google has been a part of and
enabled is not being accepted by certain vendors anymore.

Let's build a cross OS, cross browser and cross platform set of standards, not
just for the web but computing as a whole.

Also, didn't Google propose cutting the web manifest to prevent tools like
uBlock from working as well? Not sure what's going on with this...

------
thsealienbstrds
TIL: you don't always need to read TFA before you can conclude with reasonable
certainty that it is BS.

------
dessant
> First, large scale blocking of cookies undermine people’s privacy by
> encouraging opaque techniques such as fingerprinting.

Including delivering browser exploits [1] to better track users, for which
Google was fined.

People's privacy is undermined primarily by companies which would do anything
to track users, not by attempts to prevent tracking.

[1]
[https://www.bbc.com/news/technology-19200279](https://www.bbc.com/news/technology-19200279)

------
someexgamedev
This reminds me of oil companies sharing footage of their employees scrubbing
oil off ducks.

~~~
hedora
What? You want them to waste all that oil?

Yeah; the analogy does work.

------
sdinsn
I don't like this article.

1\. Fails to mention that the reason why many people block ads is because
publishers sue overly aggressive ads or ads that advertise harmful content
(scams). Publishers who use these practices _should_ be losing money.

2\. Pretends that if cookies are used then companies will stop trying to
fingerprint.

3\. Sounds like they are trying to prevent blocking cookies entirely- I'm not
sure how that is giving more power to the users.

~~~
benologist
This is like when Nintendo and Microsoft demand loot boxes include the
0.00000001% odds of getting what you want. They do this because they are
looking for a way to save loot boxes because childhood gambling is immensely
profitable and some children are so generous they may even spend thousands.
They seek a safe middle-ground where most children can still be exploited and
their parents defrauded but the mechanic itself is not made illegal and they
are not breaking any law.

Google wants to save internet-wide tracking before it is irreversibly thwarted
or outlawed for being generally abusive to society, because it put a hundred
billion in their savings account and there's more coming.

------
mosselman
> Privacy is paramount to us, in everything we do

There is either a problem with the meaning of “privacy” here or the meaning of
“paramount”

~~~
ignoramous
Privacy is indeed paramount: If a few 100 million more users start taking
matters in their own hands, Google is toast.

------
bonsai80
Looks like Google has their calendars messed up and meant to post this on
April 1.

"Privacy is paramount to us" and then blaming abuses of my privacy on me?
Funny stuff Google; you've really outdone yourselves with your April Fools
post this year!

------
frenchman99
> Recently, some other browsers have attempted to address this problem, but
> without an agreed upon set of standards, attempts to improve user privacy
> are having unintended consequences.

Haha, nice, blame it on the ones that actually try.

> First, large scale blocking of cookies undermine people’s privacy by
> encouraging opaque techniques such as fingerprinting.

Fingerprinting was used in addition to cookies. Banning 3rd party cookies is
just a first step.

> Second, blocking cookies without another way to deliver relevant ads
> significantly reduces publishers’ primary means of funding, which
> jeopardizes the future of the vibrant web.

Here's the problem. Google only wants a solution if it works with it's current
business model, which is ads. Trusting Google to protect our privacy is like
trusting a burglar to protect your home whilst you're away.

Want to not be tracked ? Install Firefox or Safari, turn on ad blockers, use a
different browser for Facebook (or use Facebook Container on Firefox), and
refuse any "Consent approvals" when you visit a website. Also, advocate for
laws like the GDPR (it has made privacy a bigger concerns for companies in the
EU).

~~~
kotrunga
Why was this downvoted? Save the fact that you just shouldn't use Facebook at
all, I think this is great comment. It actually references text from the post,
unlike many of the other comments.

It must have been a few Google bots...

I especially like this text they wrote: "attempts to improve user privacy are
having unintended consequences"

Unintended consequences? Oh no! Google's evil business model is being messed
with!!!

------
zelphirkalt
In general, if Google talks about open standards, don't let it blind you.
Somewhere in there _will_ be some loophole, through which Google will benefit
from any standard they propose. And, in the very unlikely case, that we cannot
find that loophole, their benefit will be, that some competitor has a
disadvantage.

When Google talks about privacy, you can be 100% sure it is some kind of
deception to make you trust them more or shift how you perceive things, in
such a way, that benefits Google.

They are riding that "It's open! It must be good!" wave quite hard and too
many people are fooled by such a tactic.

------
rapht
I couldn't resist laughing out, just as I think if this guy Justin Schuh had
been presenting this in-person at any non-adtech gathering, he would have been
laughed out of the room.

~~~
deburo
Maybe if he presented it to the Hacker News crowd, for which the popular
opinion seems to be that anything less than 100% privacy is acceptable.

You know this, but plenty of people, including me, prefers free content to
paywalls at every corner. That Google is ramping up efforts in trying to
improve privacy while maintaining the viability of free content providers is
very positive.

What's interesting anyway is what mechanisms they'll implement. I'm intrigued
about the fingerprinting budget: how well will it really work?

~~~
rapht
I for one don't believe 100% privacy is even possible, and you've got to keep
some kind of reality principle to decide what's "acceptable".

But anyway, as someone else said, I don't trust the fox to guard the hen house
- even though again there's some kind of reality check that says if (one of)
the most powerful actor starts doing something, there _will_ be some traction,
so yeah, let's see concretely what it is about...

About the privacy budget: if I understand well, they want to count API calls
that return device/environment-specific data, probably giving some set of
weights to each of calls and stop accepting requests after a certain
threshold. I'm a bit skeptical with that kind of complexity but why not.

~~~
ignoramous
_Privacy Budget_ seems like a repackaged DNT. It is going to be better before
it gets worse.

------
strzzz
When first sentence is a lie, why should you read the rest?

------
tannhaeuser
I've got a better idea: let's continue to get rid of fingerprinting and third-
party cookies alltogether, then place ads on topical interesting sites (eg
lets return to content-based ads). This will also greatly counter the web
becoming a few portal sites to other people's content. It solves two problems
at once - that of surveillance and that of monopolization.

------
musicale
> Second, blocking cookies without another way to deliver relevant ads
> significantly reduces publishers’ primary means of funding, which
> jeopardizes the future of the vibrant web.

1\. Other media - TV, radio, print magazines - seem to have no trouble
delivering advertising without using tracking cookies.

2\. The web was pretty vibrant before adtech became the monster it is today.

------
ignoramous
Here are the initial proposals from Chrome engineering:

> [https://github.com/jkarlin/floc](https://github.com/jkarlin/floc)

> _Browsers would need a way to form clusters that are both useful and
> private: Useful by collecting people with similar enough interests and
> producing labels suitable for machine learning..._

This still doesn't address spreading mass propaganda (show feed of immigrant
crimes to floc 43A8C before the elections, because well, they happen to be
Xenophobic) and user control. They propose browsers send random flocs to avoid
clustering _flocks_ of sensitive categories, but pretty sure the default isn't
going to be random.

\--

> [https://github.com/bslassey/privacy-
> budget](https://github.com/bslassey/privacy-budget)

> _Fundamentally, we want to limit how much information about individual users
> is exposed to sites so that in total it is insufficient to identify and
> track users across the web, except for possibly as part of large,
> heterogeneous groups._

So, this is a glorified version of _Do Not Track_ but with budgets and
involves _more_ telemetry to be shared with browser vendors and/or websites?
How is this even in the conversation? How about browsers simply block attempts
to fingerprint a user or allow extensions that do? Penalise websites known to
fingerprint from search results? Display a big red banner before the user
navigates to that website? Proxy such websites, if the user so agrees and send
only content that's relevant (like some kind of an advanced read-mode)?

\--

> [https://github.com/dvorak42/trust-token-
> api#motivation](https://github.com/dvorak42/trust-token-api#motivation)

> _Preventing fraud is a legitimate use case that the web should support, but
> it shouldn’t require an API as powerful as a stable, global, per-user
> identifier. In third party contexts, merely segmenting users into trusted
> and untrusted sets seems like a useful primitive that also preserves
> privacy. This kind of fraud protection is important both for CDNs, as well
> as for the ad industry which receives a large amount of invalid, fraudulent
> traffic._

I like the concept of issuing _tokens_ and then redeeming them later... but it
seems like a lot of elaborate crypto to only really prevent ad-fraud (the
advanced fingerprinting techniques they talk about elsewhere cannot prevent
it?). It opens up another attack surface, whilst also not being truly
anonymous to the first-party that issues the tokens.

\--

> [https://github.com/csharrison/conversion-measurement-
> api](https://github.com/csharrison/conversion-measurement-api)

> _Since the ads industry today uses common identifiers across advertiser and
> publisher sites to track conversions, these common identifiers can be used
> to enable other forms of cross-site tracking._

> _This doesn’t have to be the case, though, especially in cases where
> identifiers like third party cookies are either unavailable or undesirable.
> A new API surface can be added to the web platform to satisfy this use-case
> without them, in a way that provides better privacy to users._

This is all out battle against content-blockers. Block third-party cookies,
and still you're in their cross-hairs... but wait... this is more privacy-
friendly, so will you, the end-user, please suck it up.

\--

I hope Raymond Hill is reading and already thinking of ways to mitigate this.
I see this as push by Chrome in response to the ecosystem Brave is building
and the direction Apple is going, and simply taking control of the privacy
conversation by doing what's best for them, all around, without holding back
any punches. That's not to say, Apple isn't doing the exact same thing!
BigTech can't be trusted with privacy, and this post kind of proves it?

"It is difficult to get a man to understand something, when his salary depends
on his not understanding it." Indeed.

~~~
sciurus
There's one more repo

> [https://github.com/michaelkleber/privacy-
> model](https://github.com/michaelkleber/privacy-model)

I thought it was odd and annoying that the 5 proposals are in different place,
and it took me so many clicks to get to them from the blog post.

------
jszymborski
If they want to build a more private web, they can start by nixing AMP and
(more existentially) Google Ads.

------
segmondy
This is disgusting. I was actually excited in thinking this was a development
of a new concept, instead it's a plea for folks not to use ad blockers so they
can make money from tracking and adds. If this was April 1st, I would laugh at
how hilarious it reads, but it's not.

------
ylambda
The chromium blog entry mentions a browser that blocks cookies. Which browser
are they referring to?

> We’ve seen this recently in response to the actions that other browsers have
> taken to block cookies - new techniques are emerging that are not
> transparent to the user, such as fingerprinting.

~~~
ziddoap
Firefox allows control over cookies, and there are a number of extensions
which serve this function as well. Does Chrome not give an option re cookies?

------
user183736
"Recent studies have shown that when advertising is made less relevant by
removing cookies, funding for publishers falls by 52% on average"

It would be more profitable ir Google could read our minds. So... Should we
allow that ?

------
arendtio
It would be a start if users could select in the browser if they want to
receive personalized content/advertising, be tracked or whatever. All those
new GDPR induced layers definitely make the web a whole step worse (and I
don't blame the GDPR for that).

Every time I see a website having 'essential' and 'functional' cookies I start
freaking out because, in my opinion, those websites are just lying. In most
cases, their 'functional' cookies are either marketing or tracking cookies,
but never relevant for the core functionality of their website.

And there are still too many websites out there which either try to make you
click the 'Accept all' button or simply don't understand that the law requires
an opt-in and not opt-out.

Pushing the UI for the cookie-use-case selection into the browser would at
least end this UI layer hell. But I am sure, some browser vendor will mess up
the party and go some extra way, similar to what we had with the DNT header...
Maybe we just need another law like 'Do Not Track means Do Not Track!'.

------
nostalgk
Any update on the whole adblock thing that was popular here a little bit ago,
with them deprecating the ability to drop web requests? Seems kinda paramount
to this initiative.

~~~
ehsankia
As expected, it was pretty overblown. Realistically though we won't really
know for another year or two. The specs keep on changing, and even if it's
finalized, it won't be enforced for a long while.

------
akiro
> If this funding is cut, we are concerned that we will see much less
> accessible content for everyone.

Yeah, that is exactly what Google is concerned about. /s

------
sevenoutofmeh
tlwr; How does this 'open standard' benefit google's ad strategy at the
expense of its competitors in so many words ?

------
IloveHN84
I hope they start ditching user tracking from Android and Chrome and enforce
more security: that would be a real privacy improvement

------
anaphor
> We are following the web standards process and seeking industry feedback on
> our initial ideas for the Privacy Sandbox.

In other words, they're not doing anything new or taking any real risks.
They're going with whatever the status-quo (i.e. broken solution) is.

------
jakeogh
Stop executing their code. Disable JS.

------
samat
Such bullshit

------
noncoml
Set the fox to guard the henhouse?

------
pgcj_poster
I can't read this because I block all Google's domains in my hosts file for
privacy reasons. Can someone tell me what it says?

~~~
groovybits
[https://web.archive.org/web/20190822160008/https://www.blog....](https://web.archive.org/web/20190822160008/https://www.blog.google/products/chrome/building-
a-more-private-web/)

------
ldng
How am I going to trust google on the word Privacy when just yesterday my
Android smartphone force updated 3 apps on me while on 4G and preference is
set to "no automatic" update at all and only on WiFi ?

~~~
hedora
Why should Google explain their actions to you? Respect their privacy.

------
Havoc
> Privacy is paramount to us, in everything we do

...because we can't let you have any of it since our business model would
collapse. So yes I can see how it's paramount

Go away Google.

~~~
Havoc
Loving how this is getting downvoted.

Hi Googlers!

------
secfirstmd
This is about an insincere as Google's lazy abandoned efforts to do something
about bringing in end to end encryption for email following its exposure as
being involved in PRISM.

------
RonaldSchleifer
Google talking about enhancing privacy on the web reeks of the sulfurous lies
of Satan speaking through his children on earth.

Google has 0 incentive to actually introduce privacy, let alone anonymity or
Constitutional rights to free speech.

But ALL the incentive to undercut and take out all the actual efforts to
redistribute the web and introduce real freedom and privacy and allowing
humans to have the rights they already have and which government does not have
the right to curtail or allow the curtailment of in any way (as outlined in
the Bill of Rights); regardless of whether the tyrants keep trying to ever
increasingly tighten the noose they have slipped over our neck at this point.

No need to try to flee or put your efforts into redistributing the internet,
citizen, see, we are providing all you need here on FAANG Ranch.

