
Apple will soon treat online web tracking the same as a security vulnerability - praveenscience
https://thenextweb.com/privacy/2019/08/16/apple-will-soon-treat-online-web-tracking-the-same-as-a-security-vulnerability/
======
tannhaeuser
I wonder if this will undo, in large parts, the "new" web that's being worked
on for the better part of this millenium. Third-party cookies are blocked,
presumably YouTube-like redirection to make cookies first-party are detected,
other cookies are held no longer than a week, etc. So advertisers will turn to
browser fingerprinting, so soon we'll see requesting window/viewport
dimensions as being flagged as insecure. Even CSS media queries aren't safe as
they can trivially be used for fingerprinting (and I have seen CSS where max-
width was beeing queried in steps of 3 pixels out of sheer incompetence). Also
caching/timing "attacks" for fingerprinting. And finally, arbitrary JavaScript
execution will be questioned, as it should've been a long time ago. It'll be
interesting to see this arms race enroll, with Apple protecting their users
(and also their apps and iDevice market) and Google protecting their version
of freedom (and unchecked privacy invasion and monopolization of the ad space
and web). Hint: I've recently purchased an iPhone

~~~
danShumway
> And finally, arbitrary JavaScript execution will be questioned, as it
> should've been a long time ago.

I run UMatrix and manually whitelist 3rd-party scripts, I've blocked web
features like WebGL and Canvas behind prompts, and I regularly disable JS on
websites that I think don't need it (news sites in particular). At the moment,
if you're really worried about tracking, it is a very good idea to think about
blocking most Javascript and culling down the language features your browser
supports.

However, I want to stress _at the moment._ The problem is that pervasive
tracking and device fingerprinting will go wherever the app functionality is.
Currently, even with all of the many, many problems on the web, it's still
better to use apps like Facebook via a website than it is to download them as
native apps to your phone. The web has better fingerprinting resistance than
most native platforms.

Again, doesn't mean the web is great. It just means we need to think about
where Google Maps is going to end up if it's not on the web. What I'm getting
at is that blocking scripting isn't a long-term solution to fingerprinting in
general. We could get rid of Javascript on the web, it might even be a good
idea. We will still need to solve the same problem with native apps.

Forget the web for a second, what it comes down to is that we need a way to
run a turing complete language that is incapable of fingerprinting the host
environment. That language doesn't have to be Javascript, and it doesn't have
to be on the web, but it does have to be something, somewhere.

It's a really hard problem -- vulnerabilities like Spectre and Meltdown have
made it worse. Now we're asking questions like, "is it actually reasonable for
applications to have access to high-resolution timers?" People look at the web
and say, "oh, this is a web problem." It's an everything problem. If we really
want to get rid of pervasive tracking, we now have to think about how high-
resolution timers are going to work on _desktops_.

What the web promised was a VM where anybody (technical or not) could run
almost anything, without validating that the code was safe, and the VM would
just protect them. We're finding holes in this particular implementation, but
I still eventually want that VM as promised.

~~~
hollerith
Thank you for your well-written comment.

I don't want to deprive you of the VM as promised, but that seems very hard to
implement, and I don't have time to help.

I just want to solve the much easier problem of giving people some way to use
the internet to read documents without getting tracked [1].

By "document" I mean a page of text, images, links to other documents and
maybe some other _easy-to-implement_ non-privacy-compromising things.

The web is how almost all documents are made available on the public internet.
Most document authors don't even consider or imagine any other way to do it.
And the web is a privacy nightmare. That is the problem I'd like to solve.

I felt the need to write this because past discussions on this site of the
problem I want to solve have gotten derailed into a discussion of how finally
to achieve the vision of "a VM where anybody (technical or not) could run
almost anything", which, like I said, strikes me as a much harder nut to
crack.

[1]: and without the need for anything as demanding of the user's time or the
user's technical skills as you described when you wrote, "I run UMatrix and
manually whitelist 3rd-party scripts, I've blocked web features like WebGL and
Canvas behind prompts".

~~~
danShumway
We already have all the of the technology we would need to build a document-
only web now. The biggest unresolved problems are asset caching[0] and IP
addresses[1]. But for the most part, nobody would even have to build a new
browser, they could just distribute a custom build of Firefox that turned off
Javascript and a few other features.

It would be very fast, reasonably private, probably a lot nicer to use (at
least where documents are concerned), and nobody would use it. I don't
necessarily disagree with your goal -- it seems very reasonable to want a
document distribution platform that isn't encumbered with JS. But given that
news sites can _already_ speed up their pages dramatically by removing JS, and
they don't, why would they support this new browser or platform? And without
them supporting it, why would users move to it?

We've seen this play out with AMP. AMP is fundamentally flawed, but it did get
one thing right: that news sites only care about search engine placement, and
they do not care about user experience past that point.

I would (very cautiously) suggest that it might actually be easier to
implement a VM that safely runs arbitrary code, than it would be to convince
publishers to move to a user-friendly platform that only distributed
documents. The only success I've seen in getting publishers to abandon
scripting is via platforms like Facebook and Medium -- maybe that's replicable
with a new browser or distribution layer on top of the web[2]? I dunno; I
think that also might just be a really, really hard problem.

I'd be happy to be proven wrong, I would happily start using a ubiquitous,
script-free platform for document distribution.

\---

[0]: We maybe need to just bite the bullet and get rid of asset caching, or at
least give asset caches a very short expiration date (<1 day). I guess making
them domain-specific could help too.

[1]: IP addresses are a huge issue, and I don't think the tech community talks
about them enough. TOR is not really scaling. The best solution for ordinary
consumers is a VPN, and VPNs have a lot of pretty obvious problems.

[2]: My guess would be, someone would need to make publishing _much_ easier
than building a website (ie, Medium), maybe by adopting the DAT protocol and
just offering free hosting for everyone. That runs into the same IP address
problems (DAT and IPFS are _not_ privacy friendly), but there's progress being
made in that area. Or someone would need to find a way to get users to en-mass
abandon the web and move to the new platform.

~~~
hollerith
>it might actually be easier to implement a VM that safely runs arbitrary
code, than it would be to convince publishers to move to a user-friendly
platform that only distributed documents.

Would the VM that safely runs arbitrary code render existing web pages or
would it be necessary to persuade publishers to adopt it?

~~~
danShumway
The current strategy being pursued by Apple and Mozilla is -- yes. They're
hoping to make Javascript into that VM without breaking the majority of web
pages.

It is yet to be seen whether that's feasible. Apple and Mozilla are certainly
making a lot of progress, but Javascript is very old, and was designed in an
era where the attacks were much less sophisticated.

The most promising progress (I think) is in building tracking protection that
is undetectable. For example, you can put a permission prompt in front of
someone's location and block off the API if the user clicked "no", but you
could also just lie about their location, which means you'd still be
compatible with most existing pages, and publishers wouldn't be able to
strong-arm users into turning off the setting. This is how Firefox currently
handles high-resolution timers. You can request them, they'll just lie to you
sometimes.

Again, it's yet to be seen whether that kind of stuff will work.

The other hope is that WASM may be good enough on its own to encourage wide
adoption -- being able to use (almost) any language to compile to the web is
very, very attractive, so WASM might overcome Javascript's network effects (no
pun intended) and replace it as the dominant language on the web.

If that happens, WASM _might_ be an opportunity to rethink web permissions.
_Might_.

If neither of those approaches work, then anything is fair game. At that
point, we might as well try to make a document-only web, or migrate everyone
to a new platform. I think that will be very difficult though.

------
orhmeh09
According to this article, Goldman-Sachs is paying Apple a considerable amount
for the privilege of facilitating Apple Card, expects to lose money for a
while, but is confident it can make the deal profitable by employing brand-new
technology. This suggests to me something highly intrusive. I cannot take
Apple seriously on any privacy claims as they partner with GS and do things
like develop iBeacon.

[https://9to5mac.com/2019/06/10/apple-card-goldman-
comments/](https://9to5mac.com/2019/06/10/apple-card-goldman-comments/)

~~~
stock_toaster
They could be desiring data (even anonymized) to assist leading edge
prediction of market trends (purchasing, interest, etc) _immediately as they
happen_. In a world of algorithmic trading and futures speculation, perhaps
that matters a great deal?

It _is_ goldman though after all, so you could be right!

~~~
sweeneyrod
We know from this case
[https://www.bloomberg.com/opinion/articles/2015-01-23/capita...](https://www.bloomberg.com/opinion/articles/2015-01-23/capital-
one-fraud-researchers-may-also-have-done-some-fraud) of insider trading based
on spending data at Capital One that such data would be extremely valuable.
But it sounds like it would probably be illegal because merchants wouldn't
agree to let their data be used like that.

~~~
lotsofpulp
I don’t see why merchants would have any choice, the payment networks hold the
cards and they themselves sell it.

[https://www.bloomberg.com/news/articles/2018-08-30/google-
an...](https://www.bloomberg.com/news/articles/2018-08-30/google-and-
mastercard-cut-a-secret-ad-deal-to-track-retail-sales)

~~~
sweeneyrod
Retailers may sell data (via payment networks) to Google so the latter can use
it for their advertising business, but it seems (at least to Matt Levine in
the article I linked) that they can't/won't sell it to hedge funds to trade
on:

> does that mean that Capital One was allowed to trade on this data for its
> own profit? Wouldn't that be amazing? Surely the answer is no: I assume that
> Capital One signed agreements with retailers (or rather, with Visa and
> MasterCard, which signed agreements with retailers) in which it promised not
> to disclose transaction data, or use it for nefarious purposes.

If you think about it this makes sense. A retailer selling material non-public
information to a hedge fund which then trades on it is essentially the same as
them executing trades based on the data via the fund, which is obviously
insider trading.

~~~
tomp
No, I don’t think that’s correct. “Selling” data is typically enough to make
it “public” (i.e. it’s dissemination), after all most financial data isn’t
available for free (e.g. stock prices).

~~~
sweeneyrod
That can't be right, otherwise a CEO could "sell" their revenue figures to a
golf buddy who then trades on them. Possibly allowing a reasonably broad set
of people to buy the data is enough, but I don't think that's what we're
talking about here.

------
onyva
Isn’t it strange that an article that has a very specific title immediately
changes the topic and starts promoting brave—a browser that practically nobody
uses, and has a controversial business model—while there are companies like
Mozilla, that have proven record of protecting users’ privacy online? It’s not
the first time I’ve seen this aggressive, misleading, promotional articles,
which makes you wonder about if Eich and friends are desperate to hype their
Ware by injecting brave into this clickbait articles?

~~~
jraph
Yeah I'm fed up with unwarranted mentions of Brave. Indeed they are always
"aggressive, misleading, promotional", and nothing close to informational. The
article was supposed to be about Apple and Webkit, and Brave is just off-
topic.

Brave is not a privacy-focused browser. It is an ad-focused browser and the
business model of Brave is just this: ads, through Basic Attention Tokens.
Privacy and BATs are in conflict and Brave will never be incentivized to
respect the privacy of all its users. If you want privacy for you and for
everyone, competition except Chrome is already better.

Brave is not a solution for a browser user's problem.

~~~
justsee
There is always something curious about an opinion so strongly held and
communicated that is at the same time so wilfully ignorant.

Brave is clearly a privacy-focused browser: it takes very little time for a
technically-minded, veteran HNer to kick the tyres on that project's focus and
codebase to understand that privacy is their USP.

It's obvious the whole team believes in the idea of a user agent being an
Agent of the User.

A little more time reviewing key figures, from Yan Zhu through to Johnny Ryan,
reveals the calibre and integrity of people working on this project.

They are attempting to build a model that upsets the current surveillance
capitalism status quo, so it's no surprise that there are attempts to spike
perceptions around the project.

~~~
onyva
ROFL. Especially the “a user agent being an agent of the user”. Who said
surveillance capitalism has no sense of humor ...?

~~~
justsee
Browsers can and should be agents of the user:
[https://en.wikipedia.org/wiki/User_agent](https://en.wikipedia.org/wiki/User_agent)

Google's Chrome has distorted that historical idea so they are agents of the
ad network and advertiser, working against the user.

~~~
onyva
No sure. I get it. But the seriousness with which you attribute a for profit
like brave a benevolent mission, as if. How many times do we need to go down
the same road of talking about features vs what really counts: track record
and who's actually standing behind the technology? Clue: people. Why would you
trust Brave to begin with? Because Brenden Eich is such a role model (a racist
homophobe last time I checked)?

~~~
BrendanEich
You checked and found I am racist? Where?

As for homophobe, I reject your definition. Call me what you want there, but
“racist” is a lie. Either yours or your “last I checked” source’s.

From what you write, nonprofits are innocent and for-profits are guilty. I
worked for a nonprofit or its wholly owned for-profit subsidiary for 11 years,
and I can tell you that the profit motive does not go away in nonprofits.
Check the 2017 form 990 on Mozilla’s site for the top salary, >$2.3m. I never
got 1/3rd that and went down to 1/15th to start Brave.

Brave uses all open source for auditability and we pay for audits as well as
bug bounties. We pay the user 70% of user private ad revenue. For publisher
ads (not yet done, working with publisher partners) we will pay users the same
15% we get - publisher gets 70%. So we won’t make revenue without our users
being happy and making more than we make. Let’s see Firefox share Google
search revenue (which held up tracking protection in Firefox for years) with
its users, giving more to the user than Mozilla gets.

You ad hominem argument against an open source product is absurd on its face.
Should right wingers use only software from righties? How many tribes must
hive off and build their own software, and reject open source that’s ritually
unclean? Judge products on their observable design, implementation, and
business properties.

------
spitfire
We can just go all the way and call it counter-intelligence, with a
significant component of sigint.

OS developers and browsers will need to emit statistical noise to mask a users
identity/activity. That will mean all emissions down to wifi packet levels.
Expect significant restrictions of what javascript can do in the future (No
more window.history, etc).

There won't be the opportunity to lay back and say "This emission isn't
trackable." very smart people at public and private intelligence agencies
(Facebook, Google, GCHQ, Spetssvyaz, NSA) are working to find a way.

You might not think FB or Google are evil. But we live in a cyberpunk world
now, there are criminals who are learning to act more sophisticated.
Eventually they'll get leverage over an employee at Google/FB/etc and the data
they get access to will be used offensively.

The current guys working in tech, tracking your every move are on the
_friendly_ end of the spectrum. They just want to sell you things, or get you
hooked on e-cigarettes.

EDIT: Also a note that iOS doesn't have any way to control app network access,
I don't think Android does either. So there's another easy front.

~~~
efreak
> EDIT: Also a note that iOS doesn't have any way to control app network
> access, I don't think Android does either. So there's another easy front.

I don't know about Apple/iOS, however Android has plenty of third party local
vpns that exist specifically to filter per-app internet access (No Root
Firewall, NetGuard, etc), as well as iptables GUIs like AFWall+ for those who
are rooted. Without installing a third party app, while you can't entirely
prevent an app from going online, there's a toggle in app settings,
"Background data: Enable usage of mobile data in the background", though I'm
unsure of the exact effect this toggle has. With more technical knowledge, you
can leave the Android platform and run a pihole or a privoxy. It _should_ also
be possible on Android to write a no-root vpn that switches between different
proxies/profiles for various apps (ie, use squid/privoxy on browsers, use DNS
proxies for native apps, whitelist as necessary). If you're rooted, you can
also run your privoxy/pihole on the local device; I've had success with
running a local dnsmasq, however it's far from battery friendly.

------
Avamander
In my opinion Firefox could take it one step further and build-in Ublock
Origin into the browser. Give it extreme speed with native Rust code. Of
course configurable but with a few malware lists enabled by default and a few
trackers blocked.

That'd make me definitely switch if I'd get faster ad-blocking and only lose
HW accelerated video.

~~~
woah
You’ve just described Brave

~~~
Avamander
Brave doesn't have enough of an userbase for any impact compared to say
Firefox saying they're one-upping Apple. It also isn't mainstream enough that
I'd trust it security wise, any steps behind me and vendor security patches is
usually bad.

~~~
liquid9
I'd give it a try. I disabled the Rewards button and everything else that I
don't like and it has been working great for me.

------
mirimir
This seems like more good news from Apple.

TFA is a little incoherent, however.

> Publishers and companies rely heavily on online tracking — i.e. collecting
> _(anonymized)_ data about a user’s activity on the web — to keep tabs on
> your every move as you hop from one site to the other. [emphasis added]

> While this is typically used for targeted advertising, the implications go
> beyond just serving relevant ads in that it allows marketers to create
> detailed dossiers about your interests — resulting in significant loss of
> privacy.

> This involves the use of cookies, tracking pixels, browser and device
> fingerprinting, and other adtech-based navigational tracking methods
> intended to amass browsing activities and build elaborate profiles of web
> users.

None of that is at all "anonymized".

~~~
luckylion
> None of that is at all "anonymized".

It sounds like many people now use _anonymized_ whenever there's no obvious
personal identifier (name, email, social security number etc) in the data.
Never mind that a thorough profile doesn't need one to identify individuals.

~~~
mirimir
Exactly.

IP addresses are PII under GDPR, for example. And it's well known that many
HIPPA-level "anonymized" datasets have been deanonymized.

------
whatshisface
For a long time people have said that tracking will be an endless arms race
between blockers and ads. You know what else is an endless arms race? Malware.
However for many purposes the arms race has been "won" by companies like
Apple: vulnerabilities exist, but they are not a major part of the daily life
of Mac users. Apple provisionally won the malware arms race, maybe they can
win against tracking too.

------
tjpnz
They're essentially one and the same given how ad networks are being actively
utilized as an attack vector.

------
maxekman
Great news, I’ll continue to use Safari as my main browser (have done so the
last 10 years). I’m becoming more and more skeptical to Google, just a shame
that GCP is such a nice cloud platform.

------
germinalphrase
Online privacy for average people will never be a fair fight. Someone needs to
draw tighter lines.

~~~
bboygravity
Privacy for average people will never be a fair fight in limited democracies.
The people need to demand a more direct democracy to be able to draw tighter
lines.

FTFY

------
bluepnume
The point where this becomes annoying is, when you're building a third party
app or experience that is designed to be embedded in an iframe. Not a hidden
iframe to track users, or for advertizing, but as a first-class experience,
which can be embedded and displayed on a page on a different domain, and
interacted with by users.

I wish the latest round of privacy restrictions (which I think are overall a
decent idea) would take these use cases into account, or at least allow a
mechanism to request the user's permission to use third party cookies for
sites they trust.

Native apps have pretty robust permissioning systems. Why shouldn't websites?

(For context, these are some of the things we use at PayPal to build
embeddable cross-domain components:
[https://medium.com/@bluepnume/introducing-paypals-open-
sourc...](https://medium.com/@bluepnume/introducing-paypals-open-source-cross-
domain-javascript-suite-95f991b2731d))

~~~
hombre_fatal
> Native apps have pretty robust permissioning systems.

They really don't, though. No better than websites. I was astounded when I
first used Little Snitch and saw how often random apps were making network
requests. For example, Translate Tab (a simple language translation app) sends
every translation to Google Analytics. And you need a relatively sophisticated
tool / expertise just to see this.

It made me rethink the superiority of native apps since all this is so hidden.
I prefer websites over native apps because I can run uBlock/uMatrix. Native
apps can do whatever they want when it comes to tracking. People aren't even
talking about it.

Not only do native apps get off scot free, HN glamorizes them as superior with
no questions asked.

~~~
bluepnume
That's a fair point. I wonder if 'make network calls' was ever considered as
an app permission, or if it was just considered so ubiquitous that it would be
granted by default. Or if there was any thought made around 'same domain' and
'cross domain' restrictions for apps.

------
gnicholas
One thing I've experienced with Apple's tracker blocking is that the WSJ guest
pass doesn't persist across sessions. It's supposed to last for 7 days (and
does on Chrome), but on Safari I have to enter it fresh every time. I wonder:
if the WSJ took steps to make their guest pass persist, would Apple view this
as a security vulnerability?

~~~
sitharus
If the tracking is done by a site you directly visit, no. Only cross-site
tracking, like Google do to build ad profiles, is targeted for blocking.

I guess the next step for advertisers will be to enlist the websites
themselves to send through more user data.

~~~
zaidf
I’ve been thinking that SaaS companies that provide JS code to embed could
work around this by letting you attach a subdomain; so instead Of the js
pointing to say adroll.com, it would point to ads.adrollcustomer.com (with dns
set up to goto adroll.)

~~~
firloop
This could probably work, but remember that there’s a lot of tracking that
happens by programmatic ad exchanges. To get a sense of this, look at the
dozens of sites in a media company’s ads.txt, e.g.
[https://cnn.com/ads.txt](https://cnn.com/ads.txt)

A big player like Facebook could ask media companies to set up fb.cnn.com or
similar, but I imagine this is where we start to enter “security
vulnerability” territory, where Apple uses different heuristics to ban this
approach.

------
freehunter
I supposed this doesn't bode well for the chances of getting AWS Cloud9
working properly on Safari, since it relies on some shifty third-party cookies
to work properly.

------
envolt
Guys, it might be possible that our people consider us an anti-privacy
practicing company, given that we were listening to anonymized audios similar
to what Google has/had been doing

Marketing - Might be. Let's put up a banner about it in every corner

Tech - Find the most sensitive/concerning topic, and let people debate.

------
ErikAugust
This article without JavaScript and other tracking:
[https://beta.trimread.com/articles/98](https://beta.trimread.com/articles/98)

------
rhaksw
Has anyone seen this error [1] before? A user reported seeing it the other day
and I can't figure out if it was an issue with Safari, his ISP, or what. It
only happens for him when connected via WiFi on mobile. My SSL certs are auto-
updating and I manually refreshed them, yet he still sees this a day later.
Thanks in advance!

[1] [https://imgur.com/j63UaIR](https://imgur.com/j63UaIR)

~~~
mopsi
Looks like DNS-level blocking from the WiFi gateway or ISP. When a blacklisted
domain is requested, it gets IP pointing to the site with that notification,
not the actual IP of the requested domain.

This can be overridden by manually setting DNS servers on the phone or
computer to non-filtering public DNS servers, eg. 1.1.1.1 or 8.8.8.8.

~~~
rhaksw
Thanks! I didn't know American ISPs would blacklist domains so easily. I'm
also going to try contacting Comcast as I can't figure out what is "dangerous"
about the site. It's just client-side javascript that queries content from
reddit's API.

~~~
mopsi
It's probably blacklisted because it is only a single typo away from
reddit.com.

You can expect domains like revddit.com or hotnail.com to get blocked by anti-
phishing filters.

~~~
rhaksw
I can prove that's not a typo people make, nobody visited the site for weeks
when I first set it up =)

------
droithomme
It's a reasonable perspective to treat it as a security issue because it is a
security issue.

~~~
perl4ever
What about _offline_ tracking? I went to a big box store today, and after I
got home, I got an email asking me to review my visit. Now, I'm sure that
somewhere I ostensibly consented to any and every form of tracking, but it was
startling to have my nose rubbed in the fact that every time I use my credit
card and everywhere I carry my phone it is being tracked and linked to every
available piece of information about me, which I'm sure is far more than I
would like to be public.

I don't fill out surveys anyway, but I was feeling particularly pissed, just
because it should be socially unacceptable to behave like this, just because
you think you can legally do it and nobody can stop you. So I flagged it as
spam.

Oh, and the chain store that did this has been in the news for data breaches,
not long ago at all.

------
jjtheblunt
Good

------
xtat
Apple: only we can track.

------
ianamartin
I wonder if I can blitz Apple's newly revamped bug bounty program to make a
boatload of money by reporting websites that track?

~~~
saagarjha
That's not what the bug bounty program covers.

------
reilly3000
This is kind of scary, especially with sparse details. I'm always having to
turn off ad blockers to support site's basic functionality, like forms and
even navigation if they rely on ajax requests. What functionality can I
support on which versions of Safari? Can I ensure items that talk to my origin
are never blocked? Since this is now a 'security' issue will its
implementation be opaque?

~~~
saagarjha
> Since this is now a 'security' issue will its implementation be opaque?

Security by obscurity doesn't generally work. FWIW, here's what WebKit has to
say about what it'll block: [https://webkit.org/tracking-prevention-
policy/](https://webkit.org/tracking-prevention-policy/). I hear that a
specific list may also be released at some point.

~~~
reilly3000
Thanks for sharing. That is really helpful.

I work with an enterprise publisher that has literally every item listed as an
essential part of how it does business, from running programmatic ads to SSO
and Google Analytics. The Unintended Impact and No Exceptions parts would mean
a rework of that entire business for all of WebKit. That is true of most web
publishers today. I cannot overstate what a vast impact this will have on web
publishing.

Maybe those things need to change. We want to move towards a member driven
model and move away from ads, but in order to fund that transition ads need to
continue running as the product is developed and user base grows. Even then,
since we use Okta for SSO, that would also break or require a significant
reimplementation to server-side auth, which could also break cache for
authenticated users.

We have a grand, beautiful plan for creating a publishing model that is
trackerless except for a first party event logger that hashes all PII before
it’s stored. We need data to operate, and some of it needs to come from the
client. We would share client data with zero 3rd parties.

For now our pages are a brothel of 3rd party scripts. We hate it, we can’t
survive with our it, and forcing this change could force us and most web
publishers today out of business.

Below is a quote from the link above:

>Unintended Impact There are practices on the web that we do not intend to
disrupt, but which may be inadvertently affected because they rely on
techniques that can also be used for tracking. We consider this to be
unintended impact. These practices include:

Funding websites using targeted or personalized advertising (see Private Click
Measurement below). Measuring the effectiveness of advertising. Federated
login using a third-party login provider. Single sign-on to multiple websites
controlled by the same organization. Embedded media that uses the user’s
identity to respect their preferences. “Like” buttons, federated comments, or
other social widgets. Fraud prevention. Bot detection. Improving the security
of client authentication. Analytics in the scope of a single website. Audience
measurement.

