Hacker News new | past | comments | ask | show | jobs | submit login
A privacy war is raging inside the W3C (protocol.com)
376 points by bpierre 66 days ago | hide | past | favorite | 217 comments



I used to be of the mind that ad tech et. al. weren’t really hurting anyone, and that the more extreme examples of privacy offenses were simple edge cases.

That is until I switched to iOS and was given the option to hide my true email address, tell an app not to track me, and otherwise get visibility into just how much my data is getting sniffed for stupid reasons that have nothing to do with the service I’m using.


Progress. What would be neat is to see how much data Apple is collecting about its customers after purchase. Why wouldnt we want to know this. Could Apple provide option to hide true email address, tell app do not track and give visibility into data being sniffed without also collecting vast amounts of user data itself. We cannot answer that question until we see the data they collect. I used to be of the mind that Apple was not really hurting anyone until it became clear they are competing with Google and Facebook. Even Apple competing with Microsoft is unsettling because that company has been aggressively acquiring user data, also trying to compete with Google. On issues of user data, these companies have more similarities than they do differences. They are all hoovering it up, albeit through different channels.


As someone who just bought their first iPad last week, I wonder the exact same thing. A nice cuddle from Apple telling me how they're protecting me from evil, but you hold all the same shit about me. So now I just trust a _different_ for profit company? Until when? At one stage Google wasn't evil, now it's evil as fuck.


Yes, Apple is a for profit company. On the side they are collecting your data for themselves and blocking others from getting it. Their profits come from products and services.

Google is a for profit company. On the side the offer products and services. Their profits come from selling your data to others.

Yes, I personally trust one over the other in this case. Although I don’t know what “for profit” has to do with anything. If it comes to Google or Government, geez, tough call that one.


> Their profits come from selling your data to others

It is a common misconception that FB and Google sell user data.

E.g. see https://www.facebook.com/help/152637448140583

"Google has also played a leadership role in creating industry standards for transparency and data protection. More than a dozen privacy employees at Google spoke to WIRED about how they make sense of the paradox of their work, insisting that there’s no internal pressure to compromise privacy protections to make a larger profit." -Wired (https://www.wired.com/story/wired-guide-personal-data-collec...)

Google also sells a plethora of physical products (Pixel devices, Nest devices, etc.) and services (Storage[Drive], YouTube premium, Stadia, Nest, Fibit, etc.).

This would be similar to calling Amazon "just a [book]store or a marketplace", whereas they also have their hands in Cloud Computing, logistics, grocery, iot, etc.


They absolutely sell the multi-feature profile of you from that data, and the data merchants absolutely tie it together then resell it to everyone. In turn, a bank can make or break your ability to buy a home with it. Fintechs helping make credit decisions get that from both, directly and indirectly, and even better when doing a bit of correlation for the bank. Microsoft and Amazon no real help, Apple even less.

Note: Those products by and large all permit and enrich surveillance aggregation of the picture of you, and use with/for third parties/ads. It’s creepy how fast and accurate the multidimensional take has become.


So you're saying that by tracking people we can avoid people buying homes they can't afford and causing a market crash?


Yes, so long as we don’t mind machines also getting that wrong.


...more than humans do currently


> They absolutely sell the multi-feature profile of you from that data

I'd like to learn more. Do you have a source for that?


Not without breaking NDAs. Also not saying you’re in the know, but people in the know start source hunting when truth leaks.

FWIW, I’ve seen you comment on Google email and ads. From what I am aware of, your information on what was/wasn’t and is/isn’t done has been… optimistically colored. I stayed out of it. But you could be less confident in some of these and/or disclose more readily that you are coming with a pro-employer lens while (you say) being far enough from it you might not know for sure.


> Google is a for profit company. On the side the offer products and services. Their profits come from selling your data to others.

Google does not sell the data to others. (In fact, much of Google's profits would remain intact even without any user data. That is the great thing about search ads -- the user tells you exactly what they want. There is no need to guess)


No, but a history of what you’ve previously searched massively improves search results in just a few queries.


Fact is despite all the tracking search results for me and many others are significantly worse than they used to.

YMMW and what matters for me might not matter for everyone and weeding spam might be harder than before but:

Double quotes used to work reliably.


At least that's the claim. I don't think that Google's search results are that much better than Duckduckgo's, at least for queries where I'm not searching for local businesses.


And yet…


s/selling your data to others/selling access to you to others/

By collecting data about you, usually without you being consciously aware of it, they can offer access not just to a name/address but to a "profile". You are being profiled.


You are being aggressively profiled. They have taken steps to profile even when safari etc put in hurdles.


A big difference is that Apple makes money by selling me devices. Google and Facebook make money by manipulating me into buying their customer's products.

Incentives matter.


Locked down devices. Then making more money from selling subscriptions, developer certificates, running "app stores", advertising services, etc.

To get the full functionality from the device, it is difficult to avoid obtaining an "AppleID". There is an "incentive" for users to sacrifice privacy and control to Apple. That appears to be intentional. Then the after purchase data collection and storage begins.

I am glad these practices have not spread across the entire hardware industry. Imagine buying an SBC and being asked to purchase an "RPi Developer Certificate" or register a "SiFiveID".


You cannot use 90% of the capabilities of most software-running appliances w/o agreeing to be individual-consumer-behavior tracked and resold to third party marketers. Try to turn on a new Samsung, LG, Sony, read the fine print. This model is not in Apple’s agreements.



Apple finds it increasingly difficult to convince people to upgrade their phones each and every year. I expect that hardware revenue will be declining over time and will be replaced with revenue generated from services like AppStore, Music subscriptions, iCloud, TV, games and more.

You can see this trend quite clearly already: in 2012 Apple generated only 6% of its revenue from services while in 2020 it was 20%. Services tend to be also more profitable compared to hardware.


Your thesis is 1/2 wrong, the hardware slice isn’t declining, they’re baking a bigger pie.

iPhone 12 was biggest super cycle since iPhone 7. It’s not that hardware revenue is declining so much as the flywheel is spun up for the ecosystem.

… [2021] a record-breaking year for Apple, beating the previous full-year record of 231 million units sold in 2015.

Apple is also benefiting from a higher average selling price, with ASPs said to be trending "higher on a positive mix" for the iPhone 12 Pro and iPhone 12 Pro Max.

https://appleinsider.com/articles/21/03/22/iphone-12-supercy...


Isn't it not entirely out of reason to wonder if Apple could also want to monetize their user data ?


No. Apple could change directions. The only way to guarantee data won't be used is to not put it on anyone else's computer.


They already are by selling privacy as a "feature".


As the ad tech person interviewed in the article called it, "privacywashing" (as in "greenwashing" https://en.wikipedia.org/wiki/Green_washing).


Apple already hands your data over to the US and Chinese government.

We wouldn't know about it, but they were caught.

It's just marketing.


But Apple also makes money by selling you access to content. By extension, they are motivated to motivate you to buy said content. Having no goodwill left for any of them, I see no reason to assume that they would not resort to other forms of manipulation. In fact, from their own past, we know they are very happy to employ shady tactics as seen in for example the Apple-Google-Intel-Adobe Collusion case, the Batterygate lawsuits, ongoing right of repair cases etc.


Apple's biggest engine for growth is services. Even they are clear about that.


Incentives indeed matter, and incentives could change quickly once volume and value of Apple's collected data reach a critical point. But no one will be able to take their data back.


“Get a copy of the data associated with your Apple ID account”

https://support.apple.com/en-us/HT208502



Well, good, but you traded one bad apple for another. Apple is in the process of locking down freedom. And while you might not be tracked by Google, your quality of life in a closed ecosystem is just as bad in other ways. How many people have to contend with iCloud endlessly begging for money because they took a few photos of their child?

Isn't iCloud data backed up on Chinese servers? I'm pretty sure that means you're being spied on.

This is not to mention the waste generated by Apple actively fighting the right to repair.

So, good, Google needs to go. But so do the tech giants.


> Isn't iCloud data backed up on Chinese servers? I'm pretty sure that means you're being spied on.

Are you thinking of Apple’s switch in 2018 to storing icloud data in China for users in China?

https://en.wikipedia.org/wiki/ICloud

> In February 2018, Apple announced that iCloud users in China would have their data, including encryption data, on servers called “云上贵州” located in the country to comply with local regulations. This raised concerns from human rights activists who claim that it may be used to track dissidents.

From some quick reading it looks like apple “has six data centers in the United States, two in Denmark, and three in Asia” as well as use of the major cloud providers. I’m not sure if there are restrictions on where or how data is stored for people not located in China though. I am assuming so.


Where on earth are you pulling the 'begging for money' from? I've never seen that happen before.

You are ultimately arguing that a business protecting my data, while also using it themselves to sell me their own products, is just as bad in other ways as a company taking my data and using it to manipulate election results, to sell to shady companies and to market the shit out of me.


When you get close to the 5gb limit they will hassle the fuck out of you by send you notifications and emails again and again. There is no "Please leave me alone, it is fine!" button/setting regarding that.


iOS now hawks iCloud very aggressively. They tricked my iPad-using grandmother into paying for a storage plan she didn't need.


They do indeed. And it’s difficult for people to figure out how to get the number down instead of paying more. Personally, I have iCloud sync entirely turned off, and just manually backup the few things I actually care about.


And because Apple pretends your iPhone or iPad aren't real computers, backing things up off them is a huge pain in the ass.


I don't think I've ever had iCloud "beg me for money". I've had it where iCloud tells me I am about to run out of space and should probably buy more, which seems reasonable.

iCloud data is backed up on Chinese servers? Without being E2EE to boot? Do you have a source on this?

If consumers seriously want easily repairable devices, it seems like such a phone would compete easily in the free market.


> Isn't iCloud data backed up on Chinese servers?

Honestly, this sounds like you are lying intentionally to spread misinformation.

You are clearly informed and have a strong opinion. I find it hard to believe that you don’t know that only Chinese users data is backed up on Chinese servers.

If I’m wrong and you didn’t know this, please accept my apology in advance.


My tipping point was noticing that about 30% of my DNS traffic on my home network was Android devices calling out to tracking and advertising networks. Moving to iOS has dropped that dramatically, more than an order of magnitude.

The fact that we're now seeing multiple lawsuits, PR campaigns, and lobbying to damage Apple since they put a requirement to disclose privacy details in the App Store shows how much surveillance capitalism has twisted the world.


An alternative to giving your money to one of the largest tax-dodgers on the planet is a $30 raspberry pi with "pi-hole" installed.

Browsing on my phone at home with all those ad networks blocked okay... until you go outside your home network and get all the ads again. It's almost made my stop using my phone outside of my home network.


Apple's effective tax rate is actually higher than many of its peers, and higher than the sector on average.

All multinationals need strong tax enforcement, but this isn't actually one where Apple is really any worse than others (and better than many).

https://finbox.com/NASDAQGS:AAPL/explorer/effect_tax_rate


Apple has also banned more Apps to protect a Chinese dictatorship than many of it's peers.


That's fine. There just seemed to be an unnecessarily large amount of tugging of Apple's dick in the top of the thread, and I wanted to suggest an alternative.


I used to run a Pi-Hole for a long time, but then I realized I was trading my day to day tech job, to screwing around with Pi-Hole (along with other RPi's in my house) on my personal time. And yes, I run a WireGuard VPN too and could/have turn on WG to tunnel back to my Pi-Hole.

Switched over to NextDNS, so that my ad blocking is on the macro network too. I'm satisfied. My wife is not, since her trashy "click here" links don't work half the time. :) Tells me it is working just fine.

https://nextdns.io

My NextDNS dashboard - https://i.imgur.com/bjJ9OZH.png (My garage door opener is a chatty bastard)


Isn't that just shifting the tracking to another site? Now nextdns.io knows everything that you're doing.


And the SDK in your device knows, the hardware manufacturer knows, your cell carrier knows, etc.... just trying to clean up my experience in lessening ads on in my UI.

Until an EMP takes us back to the Stone Age, it is really hard not to be tracked on the internet.

Source - I used to work for a company that does the tracking.


I set up Tailscale on Android to use my Pihole from anywhere. Works pretty well.


That is why I have an IPSEC connection back to my home from work, so I can use my internal DNS with DNSBL blocklist. (be careful, few employers will allow such a setup).

The top list seems like a reflection of market share: fls-eu.amazon.de, sessions.bugsnag.com, googleads.g.doubleclick.net, data.mistat.intl.xiaomi.com, app-measurement.com, in.treasuredata.com ..


For ad blocking outside the home, install WireGuard on the RPi and configure it to use pihole as its DNS server. Install script should prompt you to do this automatically if it detects pihole is installed.

Then just connect your WireGuard client on your phone to the endpoint

Use something like freedns.afraid.org for dynamic IP address support


If you already own a domain, you can also pretty trivially (<10 lines of bash) implement your own dynamic IP address support with your DNS providers (my solution uses Cloudflare).

In a nutshell: `update-dns get-my-current-external-ip-address $MY_DOMAIN_NAME`

You can have a subdomain like `vpn.yourwebsite.com` point to your residential IP. It may take a bit of fussing to get the ports and such right. But otherwise it's "just worked" for me, for the last 6 months.

Useful if you want to remove the dependency on yet-another-service-provider that can go out of business (the dynamic-dns people).


Don’t worry, DoH will fix that pi hole loophole


Yep. This is the problem - DoH (using Google or CloudFlare) is just privacy-washing even more intrusion. The aversion that companies have to merely being required to label their fuckery shows what a problem we have.


Or you can use nextdns and have DNS protection on any network you’re on.

They have a paid option that gives you a higher query quota.


> An alternative to giving your money to one of the largest tax-dodgers on the planet is a $30 raspberry pi with "pi-hole" installed.

Try to be more condescending, kid. It'll make your point so much more effective if you think I don't know what DNS filtering is.

Trying to spackle over social, economic, and political problems with technical hacks doesn't solve the underlying issue.


You can just use an adblocking DNS server I think?


Ive installed pihole at home and it reports hundreds of thousands of blocked requests a day. And this isn't counting everything the browser adblockers are stopping. We are a family of four, with really only the adults using the network an average amount. It's insane.


Out of curiosity what about having those features changed your opinion? I'm in a similar camp to your original viewpoint and what stood out from your story is that it doesn't seem like you discovered any significant damage so much as just gained new features to limit what others labeled as damage on the off chance they're right. Not trying to be confrontational but I feel like, when I lurk here, my view is the minority and so I think it's interesting to hear the thought process of a convert from my camp.


Where does this option to hide my email address appear? Twice I've tried to use Apple Pay and Apple said they'd share my email address if I continued. There was no option to opt out.


At least one place: If you use "Sign-In With Apple", you'll get an option use a proxy e-mail address to register for the relevant service or website.

Related, but different: There's a new proxying web browsing service for Safari called "Safe Browsing": https://www.macrumors.com/2021/02/11/ios-14-5-beta-safe-brow...

(edit: clarity)


Careful. Your Apple data is being given away to Chinese dictatorships and the US government.

You don't actually know if your data is given away. We only learn after Apple is caught.


> Your Apple data is being given away to Chinese dictatorships

Only if you live in China, which is well known to be a surveillance state with access to all personal data.

> and the US government.

Yes, but only by court order, rule which applies to every US company. This is a problem, but not one with Apple.

> You don't actually know if your data is given away. We only learn after Apple is caught.

True for every company in the world.

You make this sound like a problem with Apple, but these are problems with the US and Chinese governments.


‘Can I get a lick of your ice-cream’. Their ads have gotten good all of a sudden again (the irony of that being the whole ad is to stop other ads).

https://youtu.be/8w4qPUSG17Y


I don't care much about tracking, but this ad is very effective. It's kinda dishonest about what tracking is (it's not bunch of people making job and purchase decisions for you, come on). But effective.


No one made any decision for the main character. A shop employee recommended an anti itch cream. It looked like he asked her to. The others snooped and gave out his information.


It's easy to mock the pettiness of all parties described here, and it's common for people on this forum to take absolutist stances with regards to privacy/advertising, but it's also important to recognize that these arguments will actually define the future of the internet for the average user.

There are trillion dollar companies on both sides of the argument, and their eventual compromise will establish the defaults for billions of users.

There are also two fundamental components of the Big Tech debate at odds with each other here - privacy and competition. Increasing privacy decreases competition by strengthening the Big Tech companies that engage with users at the platform/browser/OS/hardware level. See: Google's removal of third-party cookies from Chrome in the name of privacy was just blocked by EU competition regulators, because it would cripple competing advertising companies[1].

[1] https://arstechnica.com/tech-policy/2021/06/eu-antitrust-reg...


In regards to your third paragraph, to me none of that matters. Mass surveillance on the Web is wrong, period. Meanwhile, all parties involved in this drama, except for non-profits like the EFF, are instead debating how people ("users") should be best exploited online for profit, while regulators arrive late to the party and focus on other less consequential matters such as antitrust and miss the forest for the trees.


There aren't trillion dollar companies that advocate for privacy. Private data is a market, I think you know that with that username.

Increasing privacy doesn't decrease competition, it would force businesses to not deal with private data. There is no conflict here. There is no net loss here aside for specialized advertisers.


It could even enable competition. Small companies have no chance to compete with the huge data collections of Google and friends.


> Google's removal of third-party cookies from Chrome in the name of privacy was just blocked by EU competition regulators, because it would cripple competing advertising companies[1].

That's not what the article is saying. The referenced EC PR[0]: "Antitrust: Commission opens investigation into possible anticompetitive conduct by Google in the online advertising technology sector".

Nothing has been blocked. Restriction of third-party cookies is only one of 6 points that will be particularly looked at. This investigation may rightly so have launched at this or a later point regardless of third-party cookie restrictions in Chrome.

[0]: https://ec.europa.eu/commission/presscorner/detail/en/IP_21_...


> Increasing privacy decreases competitions, strengthening the Big Tech companies that engage with users at the platform/browser/OS/hardware level.

What about products that people actually pay for directly instead of products that are "free" but funded under the table through surveillance and manipulation? Why can't those compete just fine?


Would be nice but they'd have to compete as beggars on gated app stores. Face it, big tech is robber baron territory.


> There are also two fundamental components of the Big Tech debate at odds with each other here - privacy and competition.

The article explicitly talks about how this is a false dichotomy.

> Regulators in the U.K., he said, had bought the ad industry's argument that privacy and competition are on a collision course. That, he said, is a false choice. "They could have required everyone to not access that data, Google included, which would have been a net benefit for competition and privacy," Soltani said.


Users pick browsers and their OS. They don't pick the latest iteration of Bonsai Buddy.


For the average users there's only two choices, Windows or Mac, and Chrome-based or Firefox (or if they're on a Mac they get Safari as a 3rd choice).


And who is going to click the "let random companies I've never heard of know every site I visit online" button?


The average user doesn't exist. It's an abstraction used by techies to make arguments they cannot defend.


The average user are all those people that are yet to bother with GNU/Linux desktop, despite the exodus migrations being profethized at each macOS or Windows version.


The average person has a fractional amount of children, friends, parents, even limbs. The average person exists no more than a spherical cow does.


Examples of average person as per Cambridge dictionary.

https://dictionary.cambridge.org/example/english/average-per...

Apparently they exist.


As the saying goes: The average human has 1 testicle.


Funny how there is no (meaningful) user representation at W3C. Perhaps Wendy Seltzer is the closest to a user representative. A lawyer who is a Perl programmer, according to her Wikipedia profile.

The arguments against Big Tech the smaller ad tech folks are raising sound legit, but obviously they are not being made in good faith. Big Tech has no more respect for user privacy than companies like Rosewell's. They are all a threat to user privacy. Companies that make browsers should not also be taking in online ad services revenue. It is a clear conflict of interest.

51degrees provides the public with a CSV list of user-agents, e.g., for use in browser fingerprinting (or perhaps user defence against browser fingerprinting). What does Google provide. We know they are fingerpringing on a mass scale. There is zero transparency.

https://raw.githubusercontent.com/51Degrees/Device-Detection...

Just for fun, I periodically compile w3c-libwww. It still compiles and it still works today. I use it through a TLS-enabled proxy. It reminds me of all the potential for experimetation the www once had. Today the web just looks like a Big Tech-led surveillance dystopia slowly coming together. Unless someone stops it. Lina Khan, godspeed.

The disputes described in the article with lawyers from W3C and IAPP looking on reminds me a little of the formation of ICANN back in the 1990's and the disputes over domain names versus trademarks.


> What does Google provide. We know they are fingerpringing on a mass scale. There is zero transparency.

Interesting. I work at Google ads and I am not aware of fingerprinting on a mass scale. AFAIK, all the tracking is done with cookies. Not a lawyer and purely my opinion but IIUC, DoubleClick acquisition made it practically impossible to do fingerprinting since Google is not allowed to join first party and third party cookies and fingerprinting imposes significant risks to violate that condition.


> What does Google provide. We know they are fingerpringing on a mass scale.

Why do you say that? I'm not aware of any situations where Google targets ads based on fingerprinting, and if they did I probably would have come across it. And in March, Google Ads committed that "once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products" -- https://blog.google/products/ads-commerce/a-more-privacy-fir...

(Speaking only for myself)


“Instead, our web products will be powered by privacy-preserving APIs which prevent individual tracking while still delivering results for advertisers and publishers.”

Still unacceptable. This implies psychological manipulation, price discrimination, automated racism, etc, are all still in scope.

Also, if you log into google, they’ll still track you for ad targeting. Finally, this wording implies the privacy preserving profile can be linked to your primary identity if you momentarily log in.


s/browser fingerprinting/device fingerprinting/

s/device fingerprinting/device detection/

s/defence against browser fingerprinting/control over "UI" selection/

A simple example of where Google uses device detection is Gmail. However the process is non-transparent as Google does not share the list of user-agent strings utilised, like the sample list provided by 51degrees.

I was sloppy with the terminology in the original comment and I apologise for that. I meant "device detection" not necessarily "fingerprinting".


What do you mean by device detection? You mean web browser detection? Because lots of WebUIs do user-agent detection to work around browser specific bugs, the most classic being serving up different implementations for IE8/10/etc

I used to work on GWT and we baked user agent detection into the very framework and compiler itself so that each application is compiled into multiple optimized permutations.

This has nothing to do with ads or fingerprinting, it’s purely about writing code that works on legacy vs newer browsers.


I thought Korean soap operas were good until I read this article. What a whole bunch of unnecessary drama. The W3C always appeared to be one of the most dysfunctional entities in existence, and now the article leaves no question as to why.

Funny this Rosewell guy. "Should web browsers really become implementation mechanisms of specific government regulation?" -- Isn't everything a mechanism of specific government regulation? We seem to have an autocrat in the making here who would prefer the Web existed in isolation of civilization and where he could squeeze out that ad cash unhindered by government regulations. Given that he likes to ask philosophical questions, perhaps he could ask himself why the Web is being regulated in the first place.

It's also funny how in the article, the only people who seem to actually care about privacy are the non-profits advocating for it and the government regulators fighting antitrust.


> Isn't everything a mechanism of specific government regulation?

Um, no?


Sorry, I did not mean that literally. Point is Rosewell wants to preserve the status quo for his own personal benefit and, unsurprisingly, any kind of legislation that attempts to constrain his greed appears to him as an inconvenience.


> Point is Rosewell wants to preserve the status quo for his own personal benefit and, unsurprisingly, any kind of legislation that attempts to constrain his greed appears to him as an inconvenience.

I agree with this.


GDPR?


Ah yes that is everything !


> We seem to have an autocrat in the making

We already have autocrats in Facebook and Google. What they're fighting is an attempt to put them back under civil oversight.


"I thought Korean soap operas were good until I read this article. What a whole bunch of unnecessary drama. The W3C always appeared to be one of the most dysfunctional entities in existence, and now the article leaves no question as to why."

Can I introduce you to the IETF (https://www.ietf.org/)? :-)


The IETF isn’t so bad. There’s bikeshedding everywhere but they consistently pump out RFCs for all manner of things.


"who would prefer the Web existed in isolation of civilization"

Honestly the internet was a better place when THAT was the situation sorry if I sound like a deluded man but the internet being so close to the world, or at least as much as it is now, is part of the problem.

And even if I do not agree with this guy and his pretensions, at least we would have better ways to combat guys like him in the old internet, but company owners like him at the end of the day have much more power thanks to the internet being so prevalescent and hyperreal, as the same authorities and entities that protect unbalanced power holders, can arrest you and fight you because of things that happen on the internet.


Wait, what ways did we have to combat the likes of Rosewell? I agree the old, 90s Web was much better overall than what we have today. But its openness and diversity seems to have been a temporary illusion; it was only a matter of time for it to fall to greedy, unethical corporations. Given that the W3C is run by these same corporations and that they won't be limited by their own moral constraints, it seems to me that half-assed regulatory attempts like the GDPR, while imperfect, seem like a good step in a not-completely-unoptimal direction.


>companies that use cross-site tracking for things like website optimization

OK, I was hoping someone already addressed this, but apparently not. What "website optimization" requires cross-site tracking? Is there any real application for cross-site tracking besides advertising? I honestly would like to know.


It's referring to things like analytics, hotjar etc.

Optimisation as in conversion optimisation.

Imo, a lot of this stuff ends up being just as bad.


Considering many of those read first party auth tokens they are particularly bad.


Yes, when one website relies on the fact that you're logged in somewhere else.

Thing easily being able to add embedded Youtube videos to your watchlist, adding favorite articles to Pocket, being able to pay with 1 click using a payment method saved somewhere else, and so on.


I'm thinking that there are better ways to do this than relying on potentially fragile or hackable cross-site cookies. Certainly for payment, I'd prefer that communication to be handled server-side.


Optimize you buying things.


CDNs maybe? Back when people used jQuery, an enormous amount of traffic went to Google, ripe for tracking, and you got the small benefit of not having to download the same version of jQuery so often.


> One of Google's proposed standards — Federated Learning of Cohorts, or FLoC for short — would eliminate the ability for advertisers to track specific users' web behavior with cookies.

No, Floc will not "eliminate the ability for advertisers to track specific users with cookies", the phase out of third party cookies on Chrome will do that, Google needs something to replace the current tracking method for his ad business and is trying to push Floc to do that. But this are two separate things that OP seems to mix up, Google needs something to keep tracking and is painting the notion that third party cookies can not be phased out without implement Floc before, and is not the case.


They're not really separate things: Chrome has said removing third party cookies is dependent on finding good replacements. This goes back at least to https://blog.chromium.org/2020/01/building-more-private-web-...:

After initial dialogue with the web community, we are confident that with continued iteration and feedback, privacy-preserving and open-standard mechanisms like the Privacy Sandbox can sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete. Once these approaches have addressed the needs of users, publishers, and advertisers, and we have developed the tools to mitigate workarounds, we plan to phase out support for third-party cookies in Chrome.

(Disclosure: I work on ads at Google, speaking only for myself)


> have developed the tools to mitigate workarounds

Well, that’s ominous. Presumably the plan is to close source Chrome or do some DRM thing to prevent sites from rendering if the Privacy Sandbox has been tampered with?

Great.


Reading the rest of the post, they're talking about fingerprinting:

"By undermining the business model of many ad-supported websites, blunt approaches to cookies encourage the use of opaque techniques such as fingerprinting (an invasive workaround to replace cookies), which can actually reduce user privacy and control."

"At the same time, we’re developing techniques to detect and mitigate covert tracking and workarounds by launching new anti-fingerprinting measures to discourage these kinds of deceptive and intrusive techniques"


"Workarounds" is also the wording they use on the Privacy Sandbox page: https://www.chromium.org/Home/chromium-privacy/privacy-sandb...

("Mitigating workarounds: As we’re removing the ability to do cross-site tracking with cookies, we need to ensure that developers take the well-lit path of the new functionality rather than attempt to track users through some other means. ...")


they are connected by policy, not by technological neccesity.


Sure. But the article isn't wrong to link them.


What do you call it when a company makes a change to its product in one market where it has large market share that drives its competitors in another market out if business? Or put another way, do you really think Google could get rid of third party cookies tomorrow and not get sued out existence?

IANAL, but even I can see that making changes to Chrome that impact advertising is risky even if you ignore Google's own advertising interests. So far they're trying to push things along, but they need buy-in from most of the rest of the advertising industry before they feel they can do anything too radical.

So as far as Google is concerned the elimination of third party cookies (and bounce tracking protection, browser fingerprinting, etc) is definitively tied to something that replaces it. One of those things is FLOC.


> do you really think Google could get rid of third party cookies tomorrow and not get sued out existence?

Considering that ad blocking extensions still exist, yes. The browser (user agent) is supposed to act on the behalf of the user, not the remote server. It's not required to use cookies, display ads or run malicious code.

On what grounds would an ad company sue Google for a change in Chromium that enhances the user's privacy, while they can still display ads (just not track the users as much)?


Look, you can go into Chrome today and disable third party cookies via a setting. There may be a way to create an extension that does this change automatically.

Almost anyone other than Google can make this change without major legal worries, but because Google is in both the ads market and a browser vendor they can't rock the boat.

On what grounds? There are businesses whose only product is targeting information for ads. If they can't get the data they need then they can't produce a product and will go out of business.

Hopefully Mozilla and Apple can start pushing some of the tracking replacement technologies since they don't have their hands tied like Google.


> could get rid of third party cookies tomorrow and not get sued out existence?

I don't think people abusing cookies have a standing as I see it. On what grounds, that their predatory business model is obsolete?

On the contrary, even if many web services are financed by ads, most customers of advertising just care about having the same possibilities to advertise their products. So a more healthy ad world would remain.

"Legal" advertising has eclipsed spam with its toxicity.


> do you really think Google could get rid of third party cookies tomorrow and not get sued out existence?

Not disagreeing, but ad companies attempting to sue Google out of existence would be worth watching.


The trick is the ad companies can use anti-trust to get the governments of the world to foot the bill. See the recent issue with the CMA in the UK: https://www.gov.uk/government/news/cma-to-have-key-oversight...


> Federated Learning of Cohorts

What a scary name. Feels like the only thing GAFA use machine learning for, it's pretty worrying...


It seems only fair that big tech engineers also feel the pain of idyllic places on the internet being overrun by commercial interests.


Another thing are all kinds of standard boards, and committees like IETF, W3C, IEEE becoming very secretive themselves.

A decade, or more ago IEEE had a rule that anything said in a standard board meeting cannot be be expected to not be public, or be subject to any disclosure limit post-factum.

In 2019, after years of relentless pressure from Google, Cisco, Amazon, the rule was effectively reversed, and now IEEE standard board meetings can be made super duper secret, so members can now conspire to break antitrust laws in every imaginable way in complete privacy, free of recordings, and stenography.


> On the other side are companies that use cross-site tracking for things like website optimization and advertising, and are fighting for their industry's very survival. That includes small firms like Rosewell's, but also giants of the industry, like Facebook.

The Rosewell guy may not be a saint, but omitting Google from the list as the ones standing to win from privacy features, through ga and the usage they have over the Web via Chrome anyway is completely missing the point of a single party having monopolistic control over click data.

Can't also agree with the characterization of the W3C in TFA.


How does Google win? Their business is search -- advertising on other sites is more of a side gig for them, and from their own description of their privacy sandbox, even they would not be able to track people across sites.

The changes to the web platform necessary to protect user privacy will require reinventing the industry (which will naturally pick winners and losers).

I expect that Google will come out in the end doing well, but that's not because they have a competitive advantage here, but instead because these changes don't really affect their core business (at least no where near as much as the proliferation of paywalls and app-ification have).


Googles business is advertising.. take away their ad revenue and see what happens to them.


Yes, but their business is search advertising. You can get really good targeting with just 1st party data (what the current user has searched for).

That's completely different from display advertising. For most sites on the web there's not enough information about a user's interests on that site alone to get a lot of different bidders for the ad slot. Fewer bidders generally means the a list auction price, so less money for the publisher.


It's not just search advertising, that was in the early 2000s. Their business now is to profile you anywhere, anytime. That's why they bought Youtube, Android, Fitbit, and the reason for their every move.


Google does a hell of a lot more than search advertising. Why do you think they bought YouTube? They also power in-app ads, too.


It's expensive to collect, maintain and collate data yet they're making a profit on it. If they didn't want the data they wouldn't collect the data.


Regarding Google's business model; this problem gets fairly complicated in fact when it comes to the question that "what makes Google search alive?". Yeah, people go Google to search something and this loses its point without the open web ecosystem. Google's Display ads business certainly contributes to only a small fraction of its overall revenue but that's not the point of this business. Instead, its very existential reason is to remove paywalls from the web so Google search can remain useful.


‘Perhaps it should have been a clear sign Do Not Track was doomed when, Tene wrote, the group tried to settle its dispute over the definition of tracking by seeing which side could hum loudest. "Addressing this method, one participant complained, 'There are billions of dollars at stake and the future of the Internet, and we're trying to decide if one third-party is covered or didn't hum louder!'" Tene wrote.’

I thought this had to have been a joke or some sort of analogy, but no they were literally humming.



I recently bought my first Android device and found Google Play infested with apps that want my location, access to network, list all my apps AND send adverts.

Google is assisting them by adding extra steps to find out what permissions app requests. Also, it appears, that Android is opting you in, unless permissions are configured before starting the app. Because of that, there are apps with sole purpose of tricking you into installing it so it can get your data.

I found that many Android apps, that are also available on IOS, insist on location data and refuse to run, whereas they run fine w/o it enabled on IOS.


> want my location

Location access attempts result in a prompt, asking whether you want the app to have access to your location. You can give it access once, only when it's active, or even in the background (the latter might make sense for a fitness app/ mileage tracking app/ that sort of thing). It's your choice.


I had an app (that did not need location to function) that refused to continue if location was not enabled fully.


Was it a Google app? If not I hardly think Google's to blame for that. There's a lot I'm concerned of with Google and I'm not happy with a lot of ways they're doing things, but it's really up to ourselves not to use such apps. At least they have to explicitly ask for your permission.

If you buy a Pixel, I don't think there should be such crap? A lot of times it's the manufacturers. Samsung is a terrible offender in this category, I regret my most recent Galaxy phone and will not make that mistake again.

Unless you run a self-flashed OSS OS, the least invasive choices for mobile seem to be Apple, followed by vanilla Android on Google Pixel (but then you might as well run GrapheneOS).


In this story: engineers can't come to a conclusion because they are trying to solve a political problem instead of an engineering problem.


Better summary: Browser companies try to implement X individually. Browser developers get together and try to standardize a way to do X. Other people come and complain why they aren't doing Y or Z instead. Eventually all the extra people are talking so loudly that no one can work on X.


It's the song that never ends/ it just goes on and on/ my friend...


The so called small players abused their power, and the users had enough of being exploited. Now that the big players are mitigating this with the old American tradition of self regulation and kicking away the ladder, the same small players who abused our freedom to choose who to share our information with, are whining about freedom of choice.

Bah


A small side note in case anyone from protocol.com is reading: In chrome, with adblock disabled, unable to click the button to sign up for email list.


This must be the most positive HN comment about sign up CTAs ever.


I have Firefox, ghostery, adblock, and no 3rd party cookies and I get a completely blank page.


One thing that was a surprise to me when I looked into this was that these changes to promote privacy (which seem pretty good to me) will also affect federated identity on the web.

Things like single sign-on are done with the same tech (cookies, redirects) that are used by advertisers, and in some cases are indistinguishable. This is a common use case, though of course small fry compared to the privacy vs ad tracking folks.

If you'd like to learn more about this aspect, here's a video from one of the Auth0 folks: https://identiverse.gallery.video/detail/videos/architecture...

(The video is from 2020. He gave an update at the same conference in 2021, but they haven't posted those videos yet.)

There's also a Federated ID Community Group at the W3C on the same issue: https://www.w3.org/community/fed-id/


Yep, we're seeing the same challenges with Solid [1], where users bring their own backend. That said, that just means there's a problem to solve here: we need to enable such use cases while combating undesirable tracking.

[1] https://solidproject.org


> Apple decided to "blow up" the world of web advertising and only started "thinking about what to replace it with later."

https://i.imgur.com/eIzXgaL.png


Feels like if Chrome isn’t operated and controlled by Google, some of these problems would go away.


I'm glad we're finally humanizing the metaphorical David in the online privacy debate. The guy who built his business on [checks notes] tracking your online behavior.

Where would we be if not for this stick-it-to-em person, who wants to defend his life's work of fingerprinting our web browsing to assist in targeted advertising?


Does the W3C even matter anymore? I thought WHAT-WG did most of the standardization nowadays, and W3C was left deciding what to rubber stamp and what not to.


Actually Google does most of the standardization nowadays, and then Apple adopts what it feels like.


"one one side is google, apple, microsoft" on the other side "companies that use cross-site tracking for things like ... advertising" .. I had to stop reading at this point.


I don't care how big this man's business is, Rosewell is a parasite bent on preserving the established order of datamining the shit out of everyone for his own personal profit. He is gumming up the works with pointless philosophical bloviating, using the anti-big-tech argument as a cudgel of convenience for bludgeoning a nascent privacy movement that has taken decades to get off the ground.

I've sat in a large audience hall listening to assholes like these guys talk about their businesses, and when they are called out publicly for not caring about individual privacy and desire not to be tracked, and they shrug their shoulders.

He and the rest of this datamining gold rush needs to be stopped.


For what it is worth, it is refreshing to see a raw comment like this one on here. So many times have I seen inflammatory stories, or distressing news posted, only to be met with a collective emphasis on neutral reasoning ("assume good faith").

Everything has its time and place, and this certainly fits the sentiment for many.


He simply follows the steps of much bigger parasites, the ones who developed complex methods to soothe the itching, or even to mimicry as “giant tech companies”.


Absolutely. This guy is a grab-bag of red flags.

There's a wide swath of libertarians like this (yes, I know... not all libertarians)... they want to reduce regulation and give people more freedom so they can swindle them.

He doesn't disagree with FLOC because it's wrong, he disagrees with it because it's not his proposal.

Soltani has it right:

> "I'm very much concerned about the influence and power of browser vendors to unilaterally do things, but I'm more concerned about companies using that concern to drive worse outcomes,"


[flagged]


>but the vulgarity dilutes the weight of the message

Actually vulgarity was invented (and has historically been used) to improve the weight of such messages. It works too:

"Writing in the journal Social Psychological and Personality Science a team of researchers from the Netherlands, the UK, the USA and Hong Kong report that people who use profanity are less likely to be associated with lying and deception." [1]

Can't argue with fucking science.

[1] https://phys.org/news/2017-01-links-honesty.html


They used a survey of 276 people and then examined some Facebook surveys about "those who used more profanity were also more likely to use language patterns that have been shown in previous research to be related to honesty, such as using pronouns like "I" and "me"."

I don't disagree with you but that study seems like fucking bullshit.


>> don't disagree with you but that study seems like fucking bullshit.

Using the tactic you disagree with to drive your point home. Well played.


It helps IMHO to use it sparingly for emphasis, rather than just being a general potty mouth.

A calm well spoken person grabs a lot of positive attention with an F-bomb carefully dropped. The step out of character alerts people that something must be serious.


Vulgarity was is descended from the inappropriate use of existing sacred words. It evolved into a comparative tone device. But it was always a cheap trick (just like the magic words it corrupted).

...

That report doesn't say what you want it to.

"Honesty" is not necessarily reality. Someone who is moved to high expressiveness is plausibly sincere, but they are not necessarily rational, reasonable, or correct.

Appealing to emotion works but it is still a cheap trick. If that's what we do here nowadays, well OK, but it's a loss.


>Vulgarity was is descended from the inappropriate use of existing sacred words. It evolved into a comparative tone device. But it was always a cheap trick (just like the magic words it corrupted).

No, that's a puritan misconception.

Not only is a powerful (and culturally significant) method (as opposed to some mere trick), it also has evolutionary and psysiological benefits.

Among tons of other things:

https://en.wikipedia.org/wiki/Hypoalgesic_effect_of_swearing


> inappropriate use of existing sacred words.

You're thinking of blasphemy. "Vulgar" means "coarse" or "unrefined". It used to mean "concerning the common language", i.e. as spoken by ordinary people; not the literary language, or the legal language, or the clerical language.


I've got to agree. If anything, the pretension of using bloviating and nascent in the same sentence is counterbalanced with a well placed asshole.


My vulgarity is an expression of frustration in their overall apathy to the consequences of their actions. Forcing people to smother their feelings in the name of 'genteel' discussion does a disservice to those who feel oppressed or misheard. Some things in this world are quite ugly and it is important to portray them as such.

Perhaps you should evaluate why you let mere words affect you so much.


I agree with you on vulgarity but life isn't really fair about this. Just like how wearing a suit unfairly makes a presentation more potent than casual wear. It is what it is.

Being vulgar (even if technically justified) weakens the message for many people, especially when the other party is very polite and professional in return. edit: I would prefer if people weren't like that, but that's just one of the many flaws that humans have. Trying to change that instead of acknowledging it and adapting is an exercise in frustration.

I'm not "affected by mere words", but I do prefer well worded arguments to mere expletives. And I'm not alone in that.


I understand your point but I think that emotional suppression is a much greater crime than failing to be polite. After all, politeness has quite a storied history in being used to suppress and control people that are used to being 'othered', many of which feel things that are much stronger than I am expressing here


Agreed. If these folks are assholes, I want to hear the truth.


Great, politeness is racist now?


I don't think that politeness is inherently racist, but it has been used as a tool of racial suppression, and as a way of keeping itinerants in line

https://www.ferris.edu/HTMLS/news/jimcrow/question/2006/sept...


The segregated South was a culture of total racial oppression. So yes every aspect of the culture reflected and reinforced racial oppression, all backed by the threat (or reality) of violence. This doesn't cast doubt on the value of politeness, any more than it casts doubt on the value of signs, schools, water fountains, restaurants, or laws.


It shouldn't cast doubt on the value of politeness, but it does cast doubt on its application and where and why it is appropriate. Are you saying that this legacy has not cast any shadows on modern culture?


This was really important for me to read. Thanks for sharing!


...


"politeness has quite a storied history in being used to suppress and control people"

As I said, it's not fair. I agree with you that it shouldn't be that way. But I also accept the fact that that's how things are, unfortunately. Life isn't fair.

Maybe someday humans will be better, but I think not. And this is getting off-tangent from dealing with the problem at hand.


I can afford not to care. Sure in situations resembling servility I might have to revert to a more polite manner of speaking, but I make great effort to avoid them as they are debasing.

A lot of the folks here on HN are responsible for the current reality of tech. A nice polite discussion is great but I want to express strong feelings and make people feel bad for their choices. And politely debating the merits of something does not do that.


> Perhaps you should evaluate why you let mere words affect you so much.

Ironic. You just made it clear that you fully intended for these words to affect people strongly. The problem is that the second order effects are can vary and are out of your control.

Vulgarity is often just a verbal tic for the inarticulate. If this doesn't apply in your case, then you and your message will be disadvantaged by association.

It's all about knowing your audience. I'd like to think that HN readers don't need the carefully-placed emotion markers to get your message.


> Vulgarity is often just a verbal tic for the inarticulate. If this doesn't apply in your case, then you and your message will be disadvantaged by association.

This is incorrect. Vulgarity is the strongest possible choice when evaluating one's choice of words for emotional impact. I don't know what makes otherwise intelligent folk so damn afraid of them but that is not a part of the world I understand.

Why would otherwise chaste people shout "FUCK!!" when they stub their toe? My mother, for example, is super conservative and would never cuss in polite company. But she has been known to let them slip in extreme circumstances, like stubbing her toe.

There is an overall thread amongst "polite" circles of emotional suppression: don't show anger, don't be negative, couch all your words in disgustingly flowery language, etc etc etc. I don't understand why this particularly disgusting aspect of Victorian prudery and toxic positivity have managed to last so long, but it has. And I'm doing what I can to smash it.


> There is an overall thread amongst "polite" circles of emotional suppression: don't show anger,

Because showing emotions to ones who are not interested in them often leads to net-negative outcomes?

If one person shows anger, people around feel threatened, and based on their nature respond with fear or anger. If people need to have a discussion to find some solution to the conflict, it is much better if they do not feel threatened.

Even if there is no conflict showing unwelcome emotions is like throwing garbage to neighbors' gardens. You would feel better, but then other need to deal with that.


> Why would otherwise chaste people shout "FUCK!!" when they stub their toe?

Because in a moment of pain, people are emotional and inarticulate. Obviously.

Vulgarity serves many purposes, but the fact that the words can be used almost anywhere, in almost any grammatical form, makes them substitutes for the more specific expressions that they replace. "Vulgarity is often just a verbal tic for the inarticulate." (Emphasis added)

> Vulgarity is the strongest possible choice when evaluating one's choice of words for emotional impact.

It really isn't. And again, often the emotional impact you elicit is not the one you are looking for.

> I don't know what makes otherwise intelligent folk so damn afraid of them but that is not a part of the world I understand.

So, the thing is, I'm on your side on this. Magic words are stupid. But that isn't what this discussion is about. Yes some people have major visceral reactions against the magic words, (and FWIW your approach does zero to change that) but more importantly, poor word choice and self-identifying as an untrustworthy interlocutor destroys your message.

The people you communicate with have to trust you to not waste their time. People in the throes of emotional hostility might need psychological support, or medical attention, but they are not at the height of coherence. So readers might be attentive to your well-being, but they are devaluing your perspective on the situation because you have none.

I'm not afraid of vulgarity at all. I'm as vulgar as they come, in person -- but in written communication, the reader is not keeping up with your emotional flow like they do in person. Peppering in the carefully-placed "jolt" (this is not my reaction, but is your stated intention though this is not a quote) sends the message that writer and reader are not sharing the same conversation. It's distracting at fnord best.

> I don't understand why this particularly disgusting aspect of Victorian prudery and toxic positivity

This is a deeply simplistic take. I don't think you are in a position to label other peoples thoughts. I am not (and I don't generally associate with anyone who is) prudish, positive, polite, or repressed. Nothing against them, it's just not my social scene.

> And I'm doing what I can to smash it.

Smashing is for patriarchies, pumpkins, and web design. We're just talking about the W3C here.

My message here is that your message loses people with its laziness. You claim to think you're being impactful, but you are not. You might be categorizing yourself as a high-emotion-low-content sort of person, but if your message is worthwhile, that would be a bad thing. Intelligent people resist emotional persuasion, or at least try to.

Do with that message as thou wilt, it makes no difference to me. If you value effective communication, it's worth giving some thought. Audience is everything.


You are right, audience is everything. I liked the original comment and wouldn't change a word of it.

Not every statement is to be boiled down to intellectual delivery devoid of emotion. We're expressly humans, not computers.

The idea that "Intelligent people resist emotional persuasion, or at least try to." is for the consumer to apply, when and how they like.

Communication with vulgarity is not to make you emotional but to succinctly communicate the emotion of the poster.

Depending on your perceived relationship with the poster you may feel something yourself.

Similarly, if you are not the desired audience for this comment, you are free to move along with no further thought.


> Depending on your perceived relationship with the poster you may feel something yourself.

Exactly. And unless you have a bias toward agreement, or you are already spun up like the poster, a stranger's dissonant communication style is more likely to be alienating than persuasive.

And re: knowing one's audience, the consensus position seems to be that I do not, here and now. So I concede the issue, in this context at least! Alas. :)


Nobody cares wether you're offended by bad language when the fucking house is on fire.


I used to care about this, Apple and Google changed my mind.

Fuck 'em.


The vulgarity of the choosen life path of some people can not be matched by any words.


It really seems that online privacy will trigger some sort of second internet bubble. There is soooo much money involved with online advertising, but it's not popular among consumers, so it seems that something is going to break in this business model.

One technical solution would be to decentralize internet even more, but it's pretty complex to do.


I'm still convinced that the internet would benefit from a standard for (micro)payments straight from the browser, without all the friction that comes with current online payments. "Read this article, pay €0.05 [OK] [Cancel]".

And for everything else, I really wish we would go back to smaller websites which are run out of a desire to share. I don't get why every blog has to have ads and affiliate links. Web hosting is cheaper than dirt in 2021. I colocated a server out of my allowance when I was 13, simply because I had a desire to share some of the things I was tinkering with. If you can't afford the €1/month it costs to host something in 2021, maybe you just shouldn't.


I suspect the answer will be paying a bit more for internet and having ISPs forward that fee onto websites.


You do realize that your answer is based on the premise that your ISP knows what and when are you visiting and the duration of that, right?


I mean for websites to get paid at all this has to be the case. It could by your browser, os, whatever.


Honestly, this makes me wonder if the browser manufacturers will just "take their ball and go home."

It's probably easier for them to just get together outside of the W3C and make up a new standards committee. From what I understand, nothing in the W3C is binding, so there would be no repercussions whatsoever.


They already did that, forming WHATWG.


But the browser vendors are actively participating in the W3C. That's clearly described in the article.

What I'm referring to is the browser vendors leaving the W3C and forming an alternate group.


A slightly orthogonal way to see this debate is that the standards that became dominant (tcp/ip, http, html, cookies, smtp, js, etc) became that way specifically because they were inferior in specific ways, such as privacy. This gave the opportunity to build varying levels of user exploitation into any desirable application without explicit consent or decision to pay for it. An Internet built on superior user-empowering technologies (there were and are plenty) would never have attracted the amount of investment that the exploitive web did. If the main metric that matters is growth, it doesn’t matter where it comes from; even highly exploitive use cases like spam and scams were some of the most aggressive accelerators of early usage.


Ding, ding, ding.

Go to a convention. ask people about why we don't make software im a way that empowers users without a crippling dependence being created, or inflicting on users a leaky or otherwise insecire experience, and watch the room clam up.


W3C being basically Google and a couple of other 10000-pound gorilla companies at this point...


Well, the gorillas chose to come to a table and open a discussion.

These decisions might as well be made in closed rooms at Google and Mozilla, and there wouldn't be much you could do about it. By the power of browser market share, they could just skip W3C and implement whatever they want. What they'd get away with is only limited by the point where someone with a different agenda starts funding their own browser fork (and can convince users to use it.)


Is Mozilla also one of the 10000 pound Gorillas?


Wait till you find out where most of Mozilla's funding comes from!

(Hint: it starts with a G and rhymes with frugal.)


In comparison, Mozilla is just a 1,087 pound Gorilla.


Really? I've been following along some of the W3c work on privacy and they seem to have about as much political power there as Apple. Part of that seems to be from their first-mover advantage in the privacy space relative to Microsoft or Google, but the rest seems to be because they aren't seen as acting in their own interests (like say Google or Apple).

As an aside: In some ways it's kind of funny to hear a bunch of engineers talk about technology while all casting shade at the other participant's motivations.


What it says: "a privacy war is raging inside the W3C.

What I read: "why you should keep your ad-blockers and script-blockers properly configured and updated".


Murphy's law on the web: what can be tracked, will be tracked.


W3C surrendered to Google during the EME fight. So there is not war... it is Google way, or Google renders W3C irrelevant...


>It was January 2020, and Google had just announced key details of its plan to increase privacy in its Chrome browser by getting rid of third-party cookies and essentially breaking the tools that businesses use to track people across the web.

Good one. Google doesn't care about privacy, it just wants to monopolize the tracking with FLOC.


The W3C is not a relevant institution anymore so this raging privacy war will be wholly inconsequential. Google and Apple decide what desktop and mobile browsers will behave like.


Their petty war for how to exploit people online is pathetic to watch. The more general fight for privacy _is not_ inconsequential. It would indeed be mistaken to think that these corporations are the ones carrying the privacy fight. That is what the likes of Apple are basing their PR on these days; pure marketing trash.


Want a Web run by human beings again? Want tracking methods impossible to implement in any meaningful fashion by design? Try Gemini. Gemini is here and can be used TODAY.

https://gemini.circumlunar.space/

The only thing standing between you and the next web is... a lot, but try it anyway, things have to start somewhere.


Do you have a list of sites on Gemini that are interesting or useful? I don't use the web because it uses HTML or because it has JS or really any particular technical feature. I use it because it has sites like HN and Google, and I think the same thing applies to Gemini. I love the ideas behind Gemini, but I'm not sure why I'd use Gemini if there are not interesting sites.


Well, Gemini is the best place to read about Gemini :)


What prevents Gemini from being taken over and utilized just like the current web has been?


The Gemini protocol is intended to exclude features that could be used for tracking. It has no cookies, user-agent, referer, etc and the protocol is not extensible enough that such features could be easily added.

Also, frankly, the spartan design of native Gemini pages (very limited formatting, no scripts or even inline images!) means that the circle of nerds who use Gemini will almost certainly remain too small to catch the eye of ad-tech. It's hostile to commerce in a way I find kind of delightful.

https://gemini.circumlunar.space/docs/faq.gmi


> It has no cookies, user-agent, referer, etc and the protocol is not extensible enough that such features could be easily added.

For now.

The original HTTP (now retroactively called HTTP/0.9) also had none of these, and also wasn't extensible enough; it had no headers at all, just the verb (GET) and the path. Yet somehow, it was later extended to include all of these.

> very limited formatting, no scripts or even inline images!

The original HTML was also like that, even inline images came later.


Governance is the only thing that can. There are no technical measures that can prevent it.


my favorite client is Lagrange. The experience is nice and the codebase is sane




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: