IPA now allows these companies to track users across multiple IP addresses, and regardless of the user's cookie settings, via a unique tracking identifier. It is also proposed that the operating system provides the unique tracking identifier which can then be used by all applications or browsers on a device, allowing different devices behind a single IP address to be distinguished.
Any more info on IPA? That link doesn't even say what the acronym stands for. I couldn't figure out how it's supposed to work, too complicated. Wikipedia doesn't seem to have heard of it, and a cursory websearch didn't offer an explanation.
> Mozilla is one of the authors.
Mozilla as a company, or is it that there are Mozilla developers contributing? If Mozilla are planning to introduce a built-in tracking system to Firefox, doesn't that imply shooting off your one remaining foot?
So it looks like Interoperable Private Attribution is mostly Meta people; there's one guy from Mozilla, Eric Rescorla. Eric is not notable for adtech achievements; he's notable for his contributions to internet privacy, and security and cryptography.
Apparently the proposal is to store the match key in browser local storage; which means that you can block it by setting local storage to zero, or by regularly cleaning-out local storage.
That article doesn't mention once the privileges that should be granted to the user. It does mention the powers of the user agent, but that really means the browser manufacturer.
I don't understand how this can work. What is to prevent combining the new ostensibly privacy-preserving attribution with existing tracking technology for enhanced identity tracking?
Mozilla has disabled privacy controls in the past without informing users. For example, they removed the “prompt when setting a cookie” (so that you could reject/accept/accept for this session only) without a replacement. Newer versions just accepted all cookies as persistent, non-session cookies automatically. There are other examples like this.
It's difficult to deal with because as the code evolves, so do the configuration settings. The rate of change is high, and it's not always obvious what is relevant to users (and whether a new feature increases or decreases privacy!), so it's hard to communicate this in release notes.
I would argue that it is better, but not as much better as Firefox. The further you can get away from Google Chrome the better, but any distance is beneficial.
I think Brave hews closely enough to upstream that even if they leave out a feature like this, they still help enforce Google's control of the web by enforcing Chrome's status as "the standard," that many devs target.
But, otoh, maybe perfect is the enemy of good here.
> ... you don't need to worry that toggle will get mysteriously turn back on.
Using Firefox Developer edition and toggle(s) will get mysteriously turned back on all the time. And Mozilla is not immune to this practice at all for standard Firefox.
Use chromium-ungoogled [1] if you want chrome(ium) without Google-specific stuff.
Using these sort of downstream patch set browsers is rarely a good idea. If it has multiple full-time developers from a respected org dedicated to it, then it can be justifiable (Tor Browser, Brave), but take a look at the gaps in time for these two pages:
I don't understand why someone hasn't just setup an automated build system that patches out google/previously-unseen URLs in each new chromium release, and posts builds. That's all you really need to disable telemetry, surely?
I use Safari all the time on my M1 Air but it’s definitely less capable than Firefox for adblocking. Firefox is the only browser that can run uBlock Origin or uMatrix.
AdGuard on Safari seems a reasonable replacement for uBlock Origin. I also recently learned about https://arc.net/ and https://browser.kagi.com/ as better alternatives, though I haven't tried them out and do not know how they compare in terms of tracking.
Mozilla actively supports online ads and tracking. Without their partnership with Google, they could not continue as a going concern for very long.
The deception is to make people believe that studying them as ad targets through their internet use can be "private". Many will believe this nonsense. Including regulators. "It's OK, folks. Privacy is preserved." Green light to keep on tracking, collecting data and serving ads.
But the study of people's internet use to enable programmtic advertising _is_ the problem. There will be more ads. They will be more personal. The www will become even more annoying. Perhaps moreso than any other medium that has come before it.
To Mozilla, there can be no www without advertising. The truth is that there can be no so-called "tech" companies, monopolisng intermediaries, without programmatic internet advertising. The www does not need it and the original www did not have it.
First Mozilla partners with Yahoo. Then Google. Perhaps Meta will be next. Mozilla is no different than so-called "tech" companies in at least one regard: it cannot find a "business model" besides internet advertising.
Yeah, that is my understanding as well. While many promote Firefox as an alternative to Google Chrome, it simply lacks adequate proof that Firefox is any better than Chrome at tracking. Else, how does Mozilla survive?
What do you do if websites are "best viewed in Chrome"?
Embrace: Embrace the open web, create an excellent product and aggressively promote it until you take over the market
Extend: Chrome experiments and advanced features that improve the user experience and developer experience through Chrome only API and Google services. Even provide these services to everyone who wants to use them free or charge so that the user expectations are elevated to that point and web businesses depend on these by building their products around them. Maybe make developers depend on this "topics" feature even.
Exterminate: Cut off or degrade the free services to 3rd party browsers, remove or tame extensions that harm your business and recoup the costs of the free services. Since you no longer have viable competition, reduce the development of Chrome any further, optimize only for profit. Developers who depend on you ad tech can choose to refuse serving users using another browser or opt out of Google verification or account services? The users will stay like they sat with IE.
Don't use them unless you must. The internet is a big place. Any piece of information of value can be found at its origin and no less than 10 copycat sites, one of which inevitably will work in Firefox with uBlock enabled.
There is a huge difference between the “best viewed in Chrome” I was replying to there, and “simply won't work without Google services” that you are now asking about.
My personal answer to the goalposts in this new position: If a site refuses to work without a Google account, or if Google Ads are blocked, or without some other Google service, they are simply making it clear that I am not the target audience for their broken creation and I should mosey on elsewhere. Much like sites that refuse to work because my stalker blocking measures at home block their adverts (accidentally or, more likely, because those ads are from source that is trying to stalk me across the Internet).
As I said above: this attitude might not be practical for all, or for some all of the time. But it hasn't done me any harm thus far.
Also note that Chrome on my home machine has asked me more than once to enable the new feature. Each time I've said no, I find it has turned on other related features. This may be the final irritation that makes me pull my finger out and switch to Chromium or back to FF¹. I used to switch back & forth every year or two, as one of them did something to irritate me⁴ I switched to the other.
--
[1] I switched to Chrome a few years ago when FF went through a period of being unstable²
[2] and because certain extensions didn't have good FF alternatives, because they never were or because some were crippled by the changes in ~2017³, but that latter point is fairly moot as Google is now taking their turn to work towards crippling useful extensions
[3] at least FF's change here were mostly due to massively misreading the room while trying to streamline their platform, where Google's seem to be more malicious when you consider most of the affected extensions are ones that go against their primary business of tracking people & selling adverts.
[4] things breaking after updates, periods of general instability, not keeping up in the performance race for a while, etc.
In descending order of significance (i.e. most important objective first):
1. ungoogled-chromium is Google Chromium, sans dependency on Google web services.
2. ungoogled-chromium retains the default Chromium experience as closely as possible.
Unlike other Chromium forks that have their own visions of a web browser, ungoogled-chromium is essentially a drop-in replacement for Chromium.
3. ungoogled-chromium features tweaks to enhance privacy, control, and transparency.
However, almost all of these features must be manually activated or enabled. For more details, see Feature Overview.
Terrible is a strong word for UX in an area where all products have 95% the same interface, and distancing means changing the appearance of the titlebar slightly...
I like Ctrl + Shift + P for private mode. Since Ctrl + Shift + N, is inconsistent with ctrl + shift + T, where it open last closed tabs. It should open last closed windows.
So FF just needs to tighten their Tab UI and allow custom keys. Not sure why there isn't a fork of FF that just looks as much as (legally) possible like Chrome.
Why should anyone care about Firefox when not even their parent company cares about it? Mozilla exists solely at the whims of Google anyway. The fight is long over, people on here just haven't accepted it yet.
Fair question. I think in the long run it does. Chromium development is supported by Google and could be closed any time, leaving Chromium based browsers unable to pick up the slack. Without viable alternatives to Chromium people would return to Chrome.
Google also could cut off Mozilla's funding in a heartbeat. Since their management is incompetent (but their engineers are awesome and I love them), they haven't done any serious attempts to diversify their sources of income, or at least to put some of that cash away for a rainy day. Firefox is just as dependent on Google as are any of the Chromium rebuilds. (I am writing this as someone who has been using Firefox since about 2006 non-stop, seeing its market share drop by a factor of ten in that time).
Google does some stupid things, but Chromium is "too big to fail" at this point and it's too essential to products like Android which are also at that same point.
But hypothetically if Google stopped contributing to Chromium the project would be forked and it would live on. Frankly, Google removing themselves from Chromium would fix the one major complaint a lot of people have with it.
I wonder how that works if Google wants to kill the forks. There are a bunch of important components like widevine that can be withheld to put pressure on the project.
Yes, let's ignore all of the contributions from the vast and varied team of smart people that also contribute to a product that is no longer directly tied to "bro".
I have hundreds to thousands of tabs at any given time. If Firefox has issues with those, then one of my plugins must be fixing it well enough for me not to notice.
Our research group does work in this space[1], so I’ll claim some familiarity.
This article has multiple problems:
1. Privacy Sandbox is a project, consisting of many proposals. To pitch it as some cohesive product is misleading.
2. Related: FLoC and Topics are completely separate things, aside from existing under the same project.
3. Topics is reducible to (implementable using) third-party cookies. While the proposal has issues and doesn’t resist tracking as well as Google claims (see below article), Ars’ implication that this is somehow making Chrome less privacy-preserving is patently false.
Although the source article here is clearly opinionated in one direction, I’m not impressed with your claims about actual problems in it. (For reference, I agree with the direction it takes and would make only minor adjustments to it if I were writing it—the only of any substance would be not calling the Privacy Sandbox an “ad platform” just because in a way it’s a little more like a shop that sells picks to ad platforms.)
> 1. Privacy Sandbox is a project, consisting of many proposals. To pitch it as some cohesive product is misleading.
Look, that’s how Google are branding it. It’s an initiative which has turned into a cohesive brand. Just look at how https://privacysandbox.com/news/privacy-sandbox-for-the-web-... speaks of it all. That’s pretty much how it’s being presented in the browser, too.
> 2. Related: FLoC and Topics are completely separate things, aside from existing under the same project.
They’re about as completely separate as Chrome 17 and Chrome 117, or StarOffice and OpenOffice.org. OK, these are both very imperfect comparisons, but although FLoC and Topics work in somewhat different ways, Topics is for all practical purposes just a fork that continues FLoC. They even treated it that way in the browser (at the time at least, no idea if it’s still so). https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts#... seems overall a fair enough portrayal. They simply rebranded the basic concept.
> 3. Topics is reducible to (implementable using) third-party cookies. While the proposal has issues and doesn’t resist tracking as well as Google claims (see below article), Ars’ implication that this is somehow making Chrome less privacy-preserving is patently false.
The first and last claims here are obvious nonsense. Third-party cookies only let you track stuff where your code runs, whereas the Topics API uses the entire browser history, so it’s not reducible to third-party cookies unless you mean something very different from me by that word. Ars’ implication is by no means patently false; as far as the current status is concerned, where they’ve added this and not removed third-party cookies, it’s patently true. In the longer term, it’s less clear, better in some ways and worse in others, but “patently false” is still an unreasonable characterisation.
>whereas the Topics API uses the entire browser history
It doesn't use the full history. If a site is using the Topics API it will only get back topics that it has observed from sites in the last 3 epochs. For site X to observe a topic from site Y. Site Y must either:
* Be site X
* Embed site X in an iframe on the page with a special attribute on the iframe element
* Send a fetch request to site X with a special header and site X must respond with a special header
Your description claims that Google sends topics to site X only from history related to site X.
Which makes this useless from advertising point of view. Which also means that Google is using the whole history to come up with "rough tooics".
Let's see:
--- start quote ---
With Topics, your browser determines a handful of topics, like “Fitness” or “Travel & Transportation,” that represent your top interests for that week based on your browsing history.
With the Topics API, the browser observes and records topics that appear to be of interest to the user, based on their browsing activity. This information is recorded on the user's device.
> API callers only receive topics they've observed
> A design goal of the Topics API is to enable interest-based advertising without sharing information with more entities than is currently possible with third-party cookies. The Topics API is designed so topics can only be returned for API callers that have already observed them, within a limited timeframe. An API caller is said to have observed a topic for a user if it has called the document.browsingTopics() method in code included on a site that the Topics API has mapped to that topic.
This doesn't say that topics only come from the same website. It only says that if a website has "observed" any of the thousand or so topics, one will be provided to that site based on user activity.
Edit. Literally last link:
> Map browser activity to topics of interest. With the current design of the Topics API, topics are inferred from the hostnames of pages the user visits.
The original claim was that Topics API doesn't use the whole browser history, and that sites inly get topics for that site.
Whereas the description clearly states that topics are derived from the entire browsing history, and they will get topics derived from the test of the history because while coarse, there are still a bunch of them.
A site with a narrow site like a site on fresh-water aquatic plants will probably only get a handful of topics. What will Amazon get? Or Google for that matter? Or a news site? Given that they are likely to "observe" every single topic?
The original discussion was comparing the Topics API to third party cookies.
The way that the Topics API works is that a website that could have set a third party cookie will instead be able to observe a topic, and will then be able to get that topic in the future.
The comment I responded to claimed that Topics API doesn't use the full history and that a site X won't get topics derived for site Y: https://news.ycombinator.com/item?id=37429447
That's true, or rather no site gets access to the full history, or to topics that are derrived from the full history, but only to that part of the history that it "observed".
> a site X won't get topics derived for site Y
Unless site Y allowed them to, which of course site Y can also do by allowing them to set a third party cookie.
The top 5 topics for an epoch is calculated using all of your browsing history in that epoch.
A site observing a topic in the last 3 epochs unlocks the ability for document.browsingTopics() to return that topic from your top 5.
Every epoch each site has a 95% chance to be assigned 1 topic out of your top 5 topics and a 5% chance that it is assigned a random topic. When browsingTopics is called it gets the topics it was assigned for the last 3 epochs. Real topics are not returned if the site did not observe that topic in the last 3 epochs as mentioned in the previous paragraph.
It's on a per-tracker basis. For an ad provider to see a given topic it must have been embedded in a site with that topic. In GP's comment "site X" is referring the site being embedded, not the top-level site. Again, this is reducible to third-party cookies.
I didn't read the Ars article as saying FLoC or Topics make Chrome less privacy-preserving than it was before, but rather that, once Chrome disables third-party cookies, they make Chrome less privacy-preserving than other browsers with third-party cookies disabled. What the author would prefer is that Google also disable third-party cookies and also not ship FLoC or Topics.
> What the author would prefer is that Google also disable third-party cookies and also not ship FLoC or Topics.
That's not an option now thanks to multiple antitrust regulatories. Google actually tried to get rid of 3p cookies to use it as an advantage against competitors as well as privacy friendly PR but this has been blocked. One example from CMA (but not limited to): https://assets.publishing.service.gov.uk/media/62052c52e90e0...
Sorry for responding 12 hours later, but I felt I should actually read the ruling here before I replied.
It's certainly interesting. The CMA seems to be attempting to balance interests of multiple parties, including both user privacy, healthy competition in the ads space, and the ability for digital publishers to generate revenue from displaying ads.
However, most of it appears to focus on the way Google's superior access to information could distort competition. It's not just about cookies. For example. Google could mine synced history data from Chrome.
Now, I'm not so naive as to think this would actually happen, but again, the Ars author's solution here could solve that particular problem: If Google ceased all behavior-based advertising in favor of, for example, subject-based advertising, there would be no distortions to competition. Google can't track you, and neither can other advertisers. Everyone has a level playing field.
Of course, that would drop revenues for digital publishers and advertising networks, including Google, but it would solve the problems of user privacy and distorted competition.
The one thing this ruling makes very clear though, is that it's very difficult to balance these concerns while Google makes a browser. There's a conflict between Google running a behavior-based advertising network and shipping a browser, and these regulatory bodies seem to be bending over backwards to try to find a solution where both of these things can exist. They could most certainly have taken the much easier road of forcing Google to discontinue Chrome.
> If Google ceased all behavior-based advertising in favor of, for example, subject-based advertising, there would be no distortions to competition.
That still doesn't work. Google already has built dominant ad network/serving infrastructure as well as exclusive access to billions of its first party user data which gives asymmetric power to Google against any other competitors. Probably the only advantage that those competitors have is their own "secret sauce" on user data and removing 3p cookie effectively eliminates this edge and gives Google unilateral power.
The core problem is that privacy and antitrust regulations usually don't work very well together unless it's carefully designed. EU tried it for GDPR (which took 4 years to design) and it only has strengthened big-tech's position.
> They could most certainly have taken the much easier road of forcing Google to discontinue Chrome.
It's much easier said than done. What's the legal basis of doing this? The only applicable law is too general and requires intervention from the Judiciary. And this level of landmark antitrust cases usually takes several years with extremely high level of uncertainties. And it's worth noting that the US congress has failed to introduce a basic level of digital antitrust laws such as AICOA or OAMA, so good luck with any new direct regulations.
And even if assuming that everything works in your favor, the result is almost guaranteed to be other big guys (likely MS) taking the share and doing something worse since the market is already strongly incentivizing this behavior. To apply the same "correction", it will take another multiple years of trial against more well prepared defendant. Regulators and legislators are not that dumb and they actually care about all those unintended consequences.
I mentioned this in another reply, but I was imprecise with my language here. I meant that regulators could decide it's not OK for Google to have both a dominant ad network and a dominant browser. Discontinuing Chrome would be one remedy here, but there are also other remedies, such as spinning off Chrome development to a separate company.
As for the legal basis for doing that, I'm not as familiar with UK or EU law as I am with US law, but this was in response to the linked UK ruling by the CMA, where I was expressing my awe at how much effort they were going to in order to try to balance competing interests. I don't think regulators are dumb or lazy, but the report very clearly identifies that the core of the problem is that Google has both a dominant ad network and a dominant browser, but they still went through a lot of trouble to try to find a workable solution.
As for US law, Judge Jackson did rule that Microsoft should be split into two separate companies, one for the OS, and the other for apps, but was overruled on appeal. However, that appeal was muddied by other issues as well, and the case never came before the Supreme Court.
You're right about the US congress, but Europe does seem more eager to go after big tech companies.
Regarding the option of Google ceasing all behavior-based tracking to avoid competition issues: I doubt they could do that to the ad industry unilaterally. Even if they would then be following the same rules themselves, I don't think they'd be able to get away with choosing how all other advertisers must operate by doing that.
Regarding the "easier road" of having Google discontinue Chrome:
WTF
That would not be easier and would affect so much more.
By "easier", I mean it would be easier for the regulators to say, "you can have a dominant ad network or a dominant web browser, but not both."
But I was a bit imprecise with my language there. There are other regulatory remedies to a ruling like that besides discontinuing Chrome. For example, it could be spun off into a separate company, one which does not share any data with Google.
As for the fantasy scenario where Google stops behavior-based tracking, reading that ruling, I think they could get away with it, but there would be some grumbling. Let's say Google stopped tracking on its end, and then six months later, decided to block third-party cookies by default. Regulators could insist that Google keep third-party cookies on, but what leg would they have to stand on? Yes, it would affect their competitors in a big way, but it wouldn't give Google a distorting advantage over them.
And with every other browser blocking third-party cookies, if regulators tried to force Google to keep them, Google could just stop developing Chrome. Without behavior-based tracking, they have no business reason to develop it anymore, and how could regulators possibly say, "You have to keep making a browser, even though your competitors don't"?
Ron Amadeo has such a consistently snarky anti Google stance that I no longer read his articles. I haven't seen any other tech company get such dismissive treatment on Ars.
Agreed. I think he crossed the line way beyond being skeptical about Google, and into partisan politics level biased reporting against Google. E.g. his coverage of passkey was so bad - misleading half truths and outright incorrect claims - that made a subsequent article on the passkey by another Ars reporter look completely opposite from what he wrote.
Isn't that much like how reporting of Microsoft during the 90s wasn't "sceptical", but just calling the pot black? At a certain point — i.e. given enough history — it's a given that a company acts against your best interests. I don't see judging a company on their actions as bias.
Google is a corporation that does terrible things. That's not bias, it's observation.
Having said all that, what were his half truths and incorrect claims on passkey? genuinely interested to educate myself.
is the article. The title is already misleading - Google doesn't support passwordless account, and there is no way to get a passkey only account. So factually incorrect title. Anyway, read that and contrast that with:
As an aside, I think this is the source of his confusion about password-less accounts. From Google's help page:
> When you create a passkey, you opt in to a passkey-first, password-less sign-in experience
That comma right there reads; "you opt in to a passkey-first _and_ password-less sign-in experience". I understand what they mean, but that kind of marketing speak is often misunderstood by more technically focussed people.
Sure, Google botched some of their communication on their end for sure. But the job of a journalist is to give clarity and pass along as accurate information and valid pros and cons by doing some basic research, so that the readers end up more informed after reading an article. His article did the opposite - see the comment section of the second article for how a lot of people were more confused / misinformed by Ron's article. Of course, not all of that was due to his article, but it's very clear his article made the confusion meaningfully worse.
Oh yeah, I'm not defending the journalism on that piece, just pointing out where he probably got confused. I think I only read it correctly because of all the context in this thread.
What are you upset about, that he's reflexively anti-big tech which includes Google, or that he's anti-Google out of all the big tech? Because personally I don't give any of the FANG+ the benefit of the doubt on anything now.
> Topics is reducible to (implementable using) third-party cookies.
Yes, but aren't 3rd party cookies going to get banned? That seems to be the common assumption in the adtech space. If that's true isn't topics just google's mechanism to continue the kind of tracking that lawmakers are trying to ban by banning 3rd party cookies?
Search for "death of third party cookies" and you will find a huge amount of material about it. It's basically a trend that everyone in marketing expects. Here's a tiny sample but I've tried to draw on a wide swath of different sources.
As far I can tell, none of those links are talking about "lawmakers banning 3rd party cookies". They're mostly about Google wanting to remove 3p cookies from Chrome. A couple of them reference laws, but it's just talking about general privacy law trends by giving examples of laws that are already passed like GDPR and did not in fact lead to a ban of 3p cookies.
Since none of your links provided any evidence for this, I'm going to guess that the waste swathe of material doesn't actually exist.
I didn't say anything about lawmakers. I said 3rd party cookies are expectetd to be banned (by google and other browser makers only other browser makers have already done that).
No, you very specifically wrote about "lawmakers" being the ones who are "trying to ban 3rd party cookies", not about Chrome.
"If that's true isn't topics just google's mechanism to continue the kind of tracking that *lawmakers* are trying to ban by banning 3rd party cookies?"
If you really didn't think you were talking about lawmakers but about big tech (seems like an odd mistake), you could at least have replied right away that you had no idea of why I was bringing laws up. Would have saved us both some time.
Going by GDPR any tracking that isn't necessary for your service to work has to be optional and the site operator has to list and explain every bit of data he tracks.
Moving that tracking directly into the browser seems like a cheap attempt at trying to bypass the GDPR.
Huh. I did not detect such an implication. The gist of the article for me was Google is using a new system. Perhaps there is an implication that based on the deceptive use of the term "privacy" some users might believe that Chrome is now more privacy preserving. That would of course be patently false.
But it seems this comparison to third party cookies ignores the fact that now one company, Google, gets a maximum amount of tracking data without having to cooperate with any other entity. That potentially could be a loss for privacy because the concentration of personal data at one entity, i.e., Google, requires less cooperation, e.g., data sharing. It's easier.
It's less privacy preserving in that it is anti-competitive, so now google gets a monopoly on this form of tracking. I assume they'll eventually combine all the data from their other monopolies, and continue to use lobbyists to block improved laws or even enforcement of the existing laws they break.
I'm kind of torn on this. The general idea that the user's browser tracks him by itself instead of utilizing cookies or fingerprinting seems like a step up for privacy. Obviously the devil is in the details - Google controls that whole algorithm, and there obviously is a conflict of interest.
But the alternative that the people who are against it are proposing is either to keep the status quo or kindly ask Google (and other ad companies) to stop existing, which is not gonna happen. They seem to ignore the fact that ad-tech is a huge industry and a large part of the internet relies on it. Basically the only way to make it go away would be to outlaw it.
(Also so nobody accuses me as being pro-ads: I hate ads and tracking, but sort of in a way like I hate being sick. I can reduce my exposure to ads and tracking (adblock, not using certain apps, etc.), but I know that complaining about it won't make it go away)
> I hate ads and tracking, but sort of in a way like I hate being sick
What if the illness you hoped to avoid were leaking all your private behaviours to the world as though the sickness were the proper state of existence?
> ad-tech is a huge industry and a large part of the internet relies on it.
The Internet is not going away and advertising is not the Internet that we want.
They seem to ignore the fact that ad-tech is a huge industry and a large part of the internet relies on it. Basically the only way to make it go away would be to outlaw it.
Not necessarily. It will also go away - or more usefully, change its behaviour - if its current model becomes less cost effective. Apple restricted what apps could spy on and Facebook complained like a spoiled child but the sky did not fall. The evidence of effectiveness for all these tracking-based "personalised" ads is limited at best anyway. If you're running a search engine where users have literally just told you what kind of thing they're interested in right now or you're hosting videos where you know which video a user is about to watch or you're serving ads to be included within someone else's web page and you can tell what the content of that page is then you already have very useful information to help you choose which ads might be relevant without needing any additional user tracking at all.
Thank you for this. There seems to be layers of delusions throughout this comment section where it seems many people simply cannot imagine a functioning world sans some bit of questionable tech and its derivative marketing strategies that are barely 20-years old.
Context-based advertising, AKA “advertising”, has been around forever, and respected privacy to the extent that Gatorade only needed to know that people at gyms might be thirsty. Still sold a ton of slightly salty sugar water, and didn’t even suggest that they should be allowed to rummage through every customer’s gym bag, follow them home, take notes on their dinner choices and television habits, watch them sleep while taking their pulse, and then slip random notes to them throughout the day reminding them that their electrolytes were dangerously slightly on the lower side of average (code RED).
This API wont remove or deprecate the already existing tracking methods, third party cookies can be disabled but alternative practices have been developed a good while ago (and new ones are actively being found). Advertisement networks _will_ find a way (avoiding fingerprinting is impossible, unless all browser companies decide to merge; exposing hardware to the web is the new trend for web technologies, and hardware can be extremely unique especially when combined with an IP yada yada) without depending on Google, their competitor in advertising, for their own product. Google, however, will hand your search history out to any website for free(?)
The existence of this APIs will be very useful to argue that server-side data collection is not reasonable under GDPR anymore.
I hope it gets implemented because it will give significant ammunition to us in Europe to make server-side behaviour tracking marked as unreasonable under GDPR provisions.
The one that's now moving to the client when it comes to Ad serve. This makes a case for an Ad network tracking data collection much weaker since GDPR demands minimum data collection to satisfy a given business goal.
This will make it much easier for is to argue that server side behaviour data collection is outright unnecessary and thus illegal for many ad services.
I heard about this the other day and didn’t think much of it.
I got the actual update today on my work laptop and… just wow. How did the folks at Google ship this with a straight face? The changeboarding modal basically lies to your face.
I’ve always felt a little weird about Google’s tracking, but this takes it to another level. Creepy as heck.
> How did the folks at Google ship this with a straight face?
You have been doing 60-70 hours a week for a few years at startups that never took off. You tried to go into some big companies but got rejected several times. You managed to pass the first screening to the process at being hired at Google. You go through all the process. It’s long and tiring. Somehow you went through it after several weeks and so many steps. After several years in your career of not so successful job/startups this is like a huge thing. You can say to all your family and friends and girlfriend that you work at Google. The pay is great but the work is bad. They ask you to code more stuff to track people into Chrome. You evaluate what quitting would be like and what other opportunities like this you could have. And then I guess they are like hmm no. Let’s code this things from now on.
I’m convinced at least 75% of devs consider working at a FAANG to be the absolute apex of a career, regardless of what’s worked on. Which, to me, says it’s purely about prestige.
It’s impossible to say for sure, but there’s a certain pervasive collective worship of these employers that will just not quit.
If by “prestige” you mean “enough money to work for 4 years and retire anywhere that’s not the Bay Area and never work another day” then yea, it’s prestige.
> enough money to work for 4 years and retire anywhere that’s not the Bay Area
Four years is probably optimistic, unless you got lucky with stock growth.
I searched for "average cost of living map" and found a site[1] that says cost of living at Santa Clara County is $138K. I then did a search for "average salary at Google" and one website[2] says it's $124K, which suggests saving enough money in 4 years on salary alone would be difficult.
You might think that working for Google while living somewhere outside of Bay Area would be a good way to save, but because compensation is dependent on where you live, this doesn't always work out.
> The cost of living for a two-parent, two-child family
The typical case is more likely single or DINK.
Manage the money well, throw in a couple of bonuses and a favorable liquidity event around y4 and it's plausible enough to become a motivator or rationalization, I assume.
The people building this ad tech nonsense make well over $124k. I'd wager that number comes from nation/worldwide salaries, and the folks that the original comment described aren't data center janitors or whatever. These folks get paid very well to insure Google dominance – in salary and in stock.
Thank you for bringing data to the discussion. I’m not sure that average salary is the right metric, however. The people inventing new adtech projects are being paid 4-5x that number based on my experience. Although anecdotes can only be trusted so far I guess…
Oh, crap. You put an actual number in your comment, and now there's going to be a whole subthread debating the accuracy of it, completely ignoring the relevant point of the comment.
Is there? I'm happy to not be making hiring decisions these days but if I was I'd definitely think twice about hiring somebody who was ok spending their days making the web worse.
In fairness, if they're applying to work elsewhere, it wouldn't be safe to assume they were ok with what their current or former employers are doing. That might be why they're leaving. I don't give points or demerits for working at Google, personally.
> there’s a certain pervasive collective worship of these employers that will just not quit
That's my observation as well. And I think this applies especially to Google: for some reason it still has the reputation of this cool tech company here on HN, even though it's an advertising and user tracking/profiling company at this point, and there is really nothing "cool" about it anymore. But criticize Google on HN and you'll get downvoted really quickly.
I think this would actually be bad for their careers. I believe this is all open source and in public and you would get really bad rep for building this. If it was me I would ask for a transfer to a different team.
Nah. You do this kind of dirty work at Google for a few years. Then you say that "after working at Google, you have decided to fight for users" or some other noble goal.
Now you have it both ways. You have the resume prestige of working at Google and the faux prestige of being a "virtuous person" who is willing to forgo the comfy Google life to "do what is right."
There are also a lot of Googlers who got in on their first or second try and genuinely do not understand end-users, do not WANT to understand end-users, and thus are very happy to implement this stuff. Also PMs who are extraordinarily metrics-focused and will buy the koolaid 100%
It's a government mandated bullshit as a replacement for third party cookies.
When all other browsers disable third party cookies, everything is fine. Apple for example has disabled it for years. When Google does it, antitrust regulators fear that this could benefit Google ads more than non-Google ads. Hence this bullshit to "restore competitiveness" between Google and non-Google ad networks.
My recommendation is to both disable third party cookies and this new thing. You don't need either of them.
This is definitely what Google would like you to believe. Considering indeed all other browsers have killed third party cookies, Google legally very well could as well. But they'd love you to believe they must provide a way to invade your privacy.
The issue regulators had was Google retaining special access to user tracking, they have no problem with Google removing their own ability to track as well. Of course, that doesn't buy Larry and Sergey's next yacht or private island remodel.
> The issue regulators had was Google retaining special access to user tracking, they have no problem with Google removing their own ability to track as well.
I don't think you understand the issue. Without third party cookies Google still has search ads while adtech competitors without a search engine are decimated. That's the antitrust concern.
Some government regulators used to primarily focus on natural persons (i.e. citizens/consumers) and prioritize them above all else.
Then neo-liberalism took over and they took a page out of the US’ playbook, and started prioritizing businesses.
But unlike in the US they aren’t comfortable outright stating that they’re prioritizing business interests over consumer interests, so instead they do this weird thing in their communications where they act like they’re standing up for small businesses.
Problem however is that their definition of “small” business is everything below a trillion euro market cap.
It’s kind of jarring really, to hear them talk about having to protect those poor advertisers, like it’s some UNICEF donation ad.
Oh my god, how will I live my life knowing the parts of the web pages I tune out give pennies to certain companies instead of others. It's FOMO for ads!
Oh wait, I use uBlock Origin, so this doesn't affect me at all! I'm stealing all that data from servers that give it to me when doing an unathenticated GET.
You're perfectly free to use an ad blocker as you always have. But for the people who don't block ads, it's obviously preferable to see ads relevant to them than totally arbitrary stuff.
That isn't obvious at all. There are various reasons why someone would not be blocking ads but not all of them include actually wanting to see the ads or caring about the content.
google likely tracks you anyway through your search, youtube, browser history synced to your account, so yes, you take pennies from little competition google still have to actual google.
That's a fine choice by me. In the rare scenarios I turn off my ad blocker, I want to see generic badly targeted ads, not ads precisely engineered to cause me to make a purchase or change my worldview.
Exactly! Ad companies literally pay psychologists to convince people to buy stuff they don't need. Everyone loves to say "those tricks don't work on me!", but the reality is that they absolutely do. You see an ad for Coke a thousand times, and you're at the store and thirsty, hey, there's a refrigerator full of Coke and I haven't had one in a while...
I'm certain a company could convince me to buy a new mechanical keyboard or nice mouse or some app I don't need but that looks pretty cool. That kind of targeting might just separate me from my money. On the other hand, no one's ever going to convince me to buy any brand of tampons.
We could have privacy protection as the default, and then you can opt-in to sharing your personal life with hundreds of companies so they can show you more relevant ads. Since everyone loves relevant ads, they'd be sure to opt-in, right?
But if I block ads in my browsers, at the router level through Ad Guard, route all my personal devices through Tailscale, and use Firefox then I won't see those either.
Context? That whole project was kind of a cluster when I was involved with it, how does this help? Or is it more, without a replacement for 3p cookie tracking they couldn't break it (useful uses of 3p cookies be damned)?
Regulators in the US, EU and UK have made it clear that Chrome can't remove support for 3p cookies without building a replacement feature that works for non-Google ad networks.
I’m still not sold on your take here. All of that stuff was from no later than mid-2021, back when Google was close to leading the way with this stuff, whereas now they’re just aligning with what everyone else is doing, and if Google isn’t using their privileged position with Chrome to give themselves (google.com or similar) more info than anyone else gets, there can be no credible antitrust argument any more (I say this with a straight face as a technologist). And the fact that other browsers refuse this Topics API would call it into question as a replacement for third-party tracker cookies anyway.
Whether you're convinced or not, this is the reality. Antitrust regulatories have done their homeworks and made it clear that Google alone cannot deprecate 3p cookie.
> Which is weird since apple did that like three years ago? Just no one cared much since it was Safari.
Because Apple is not running competing ad network. Their only ad network is running on their own app store. Apple does not get any competitive benefits from 3p cookie deprecation for its ad networks.
> The linked document is about _replacing_ 3pc,not simply eliminating them, which seems a crucial distinction.
I don't know why you're getting the impression that the doc is only about replacing 3pc, but Google which tried to remove 3p cookies drew significant attentions from competing ad network and eventually antitrust regulatories. I know this since some of my work closely depends on this timeline.
Even if Google did not have the privacy sandbox features, they would still have first-party cookies and enough data from the services they run (Search, YouTube, etc). This puts Google in a different position than what Apple did and means they can't just do the same thing (for competition reasons):
3.34 The Privacy Sandbox Proposals aim to replace TPCs with alternative
solutions, while leaving first-party cookies unaffected. TPCs are currently
the principal means of achieving common identification of web users on web
pages and are therefore a fundamental building block of the open display
advertising used by publishers and ad tech providers. While publishers and ad
tech providers depend on TPCs to collect information about web users and
provide it to advertisers to target advertising and carry out related
functionalities such as measuring conversions, the CMA is concerned that
Google could use first-party cookies to perform these functionalities in
competition with publishers and ad tech providers.
3.35 Although rivals can also use first-party data to provide digital advertising
services (as the CMA found in the Market Study), their reach and the quality
of their data is in many cases much more limited compared to that of Google.
The extensive reach of Google’s user-facing services and its ability to connect
data with greater precision (because of its large base of users logged into their Google account) provides Google with a significant data advantage over
others.
When I saw that dialog, I didn't know which button to click. I knew I didn't want to share the topics I am interested in or have personalized / more relevant ads of any kind, but the text was so confusion and mixing so many things (like activate the privacy feature when in fact you are activating the tracking feature).
In the end, I reverted to clicking the non-primary button (which you are not supposed to click) and checked in the settings everything was in order.
Maybe they are talking a leaf out of Zuck's playbook. Two steps forward and one step back conditional on backlash. Reddit did this recently. Outrage can be managed until things cool down.
I’m thoroughly impressed how HN also buried this story so quickly; usually something so dramatic would stick on the front page for days. Speaks a lot about Google-biases in the content moderation of HN.
All this focus on cookies and FLoC feels like smoke and mirrors from Google.
Modern adtech can track users regardless if cookies are enabled or not, and whether they enable this new Chrome feature or not, via browser fingerprinting. They've been doing this for years.
So this new "privacy sandbox" is a diversion to the public, and particularly to law makers, that signals "see, we care about user privacy". When in fact it ultimately makes no impact on their revenue.
The public and law makers are barely starting to get an understanding about cookies, and there's a growing concern about them, so this is Google being proactive towards the blowback. Fingerprinting is much more complex to understand, and concern about it is so under the radar, that it will take many more years for the focus to catch up to these nefarious practices.
The frog is being boiled[1], make no mistake about that.
This is a take from someone who’s clearly not a domain expert. The purpose of finger printing is to identify individual users - which is pointless if you’re able to use third party cookies, unless you want to do cross-device tracking or get around as blockers. If third parties cookies are not a targetable Id in the bid stream (in a post cookie world), there is nothing to match a fingerprint to, so fingerprinting is useless. You can talk about ID5 and IDLs in this same discussion, but they are explicitly opt-in.
Additionally fingerprinting is not a tactic that advertisers want to use - anyone spending real money bets their vendors and wants to stay away from sketchy bs vendors who do that. Google doesn’t want it, TTD doesn’t want it, xandr doesn’t, cococola doesn’t, Nike doesn’t, etc. We all want a technology that is truly privacy focused for users, but still enables functionality that is critical to advertising like brand safety, frequency caps, and some semblance of targeting (even via context). That doesn’t even get into retargeting/dynamic retargeting.
Way to ad hominem, but you're right, I'm not a domain expert. Just a web user who refuses to be tracked and manipulated by advertising, and highly skeptical that any of these changes are done to benefit the user.
> there is nothing to match a fingerprint to, so fingerprinting is useless
Huh? A fingerprint doesn't need to match _to_ anything. It just needs to be consistent across browsing sessions for a profile of visited sites and interests to be built.
> Additionally fingerprinting is not a tactic that advertisers want to use
Really? Citation needed. All advertisers want their ads to be highly targeted to a consumer who is most likely to make a purchase. The reason web advertising is much more appealing than advertising in traditional media is precisely because it allows microtargetting on a level not possible via traditional means. Advertisers are always chasing a higher conversion rate, and microtargetting is proven to yield better results than showing ads to a large and generic cohort of consumers. Advertisers aren't happy about the Topics API, and many will choose the technology that allows them to continue to target ads more accurately. Fingerprinting is so far the most foolproof method of doing this, since it avoids pesky cookie blockers, and is difficult to detect.
> We all want a technology that is truly privacy focused for users, but still enables functionality that is critical to advertising like brand safety, frequency caps, and some semblance of targeting
I call BS on the first part. Ad targetting goes directly against user privacy. There's no reconciliation of the two. Advertisers can go back to buying ad space in context-relevant places (e.g. show fishing ads on fishing-related sites), but none of them want to lose a _substantial_ part of their revenue by not taking advantage of user tracking.
How you can be so defensive about this is beyond me, and leads me to believe you work in the ad industry.
I work at a DSP and directly manage a few million a month in ad spend. I talk to digital marketing managers, vps of marketing, heads of analytics, etc of household e-commerce and cpg brands weekly. All of them have extremely strict vetting practices to ensure their vendors are not fingerprinting or using any mildly questionable tactics. Literally all of them want privacy focused advertising, some of them are even requesting audits of environmental impacts of our server usage/etc.
Their is a world that is privacy focused and gives advertisers what they need - that’s what the privacy sandbox is trying to achieve. My employer works with Google directly on topics and other solutions to achieve what we want and create privacy.
Do their vendors, or your DSP, even have the information of where user profile data originally came from? If it was exchanged on multiple data brokers and part of 2nd or 3rd party data, is the original source even known? And if so, does your platform give advertisers the filters to exclude profile data based on method of acquisition?
And you're saying that all of those big brands refuse to use profile data acquired by fingerprinting, even if it would allow them to microtarget their campaigns? So they're essentially valuing people's privacy over their own profits? Somehow I highly doubt that.
I'm not saying that what you're saying is false. I just think that in an industry with highly shady and consumer hostile practices, built on the core ideas of psychological manipulation, that needs to be regulated to stop violating people's right to privacy, and even then finds ways to tip toe around regulations, it's quite unbelievable that all of a sudden they have a change of heart and actually claim to care about consumers. I mean, you're a part of it, so forgive me if I instinctively distrust your claims, and the claims of your clients.
> Literally all of them want privacy focused advertising
So they're running ad campaigns without targeting user profiles at all, in the same way advertising is done on traditional media? Because that's the only "privacy focused advertising". I highly doubt this as well.
Again, privacy and advertising are part of a zero-sum game. Advertising profits increase at the expense of user privacy, and the more targeted campaigns are, the more profitable they are. It would be foolish to think advertisers and adtech companies would be willing to sacrifice their profits out of the goodness of their hearts. This is why we need regulation in the first place, because they're not capable of self-regulation, and will pursue profits at all costs. But this is nothing new, and big business has been exploiting people since the dawn of industry. So please don't try to frame advertisers and adtech as some kind of benevolent actor.
> Modern adtech can track users regardless if cookies are enabled or not, and whether they enable this new Chrome feature or not, via browser fingerprinting. They've been doing this for years.
One of the explicit goal of "privacy sandbox" is preventing browser fingerprinting by limiting informational entropy from user environment. https://github.com/mikewest/privacy-budget
But the implicit goal is that _Google_ now owns fingerprinting in Chrome, versus the various other actors and tech in the space. Same as Apple owning fingerprints in iOS (and thus disrupting Facebook).
For anything “privacy tech” you must divorce the adversarial case (an actor maximizing an attack vector) with the average case (a monopolistic company using the tech to control overall opportunity costs). The latter has under-funded public study because Google et al will both throw gobs of money against it and throw shiny privacy tech problems out there to distract researchers.
Google's justification for this was after all that it's a nerved alternative to persistent user identifiers (like 3rd party cookies), because you have to give the poor, starving advertisers something in exchange if you take away their ability to identify users.
So far, so bad, but if advertisers can in fact still identify users, then FLoC will just be another, relatively high-quality signal that they can add to the profile. (In fact, fingerprinting isn't even needed yet as Google apparently feels it's fine to activate FLoC long before they disable 3rd party cookies. How that squares with the presentation as a privacy feature is a lection in corpospeak I guess)
So especially in that situation, you should turn off FLoC.
They have to set up the replacement (topics API) before they get rid of the previous solution (third-party cookies). Sites need time to adjust and implement the new systems.
They also need to not make sweeping changes to the ad industry that could be described as anti-competitive or monopolistic. I doubt they'd get away with just turning off third-party cookies in their browser.
In the EU, as far as the ePrivacy Directive (cookie law) is concerned, fingerprinting is similar to using a tracking cookie, even if no cookies are actually involved. And as far as GDPR is concerned, fingerprinting can identify a visitor, it counts as personal data, therefore you need a legal basis for processing it.
Not sure what the point you're trying to make is.
Also, Google under Privacy Sandbox has been exploring ways to introduce a fingerprinting limitations and a budget. Which may as well be smoke and mirrors, but if you watch their marketing materials, they talk of fingerprinting in general.
Sites that use tracking cookies rarely comply with the law as it is, and even then skirt around it via "legitimate interests" and other dark patterns. What makes you think they would disclose a behavior that is even more difficult to detect?
We can't assume good will and behavior from an industry that is built on deceiving and manipulating the user. The GDPR is a good first step at regulating these practices, but it's too vague, and it's applied far too leniently. It also obviously only applies to EU citizens, and not to the global industry.
I wasn't familiar with the privacy "budget", but it sounds like Google is trying to define privacy as a scale, where some amount of fingerprinting is OK. Users can be identified with just a few data points, and some are more valuable, depending on the context. Some might even be required for the site to function, so will there be "legitimate" exceptions to the budget in those cases? It sounds like a backwards approach that will be difficult to manage, so I'm not sure it will be a win for protecting privacy.
More importantly, I don't trust that an adtech company will go out of its way to implement solutions that go against its bottom line. These companies have a track record of abusing user data, and the only reason they take these initiatives is for good PR, which is again protecting their bottom line. The entire industry needs much broader and stronger regulation for any of this to actually improve.
The parent complains that lawmakers don't understand fingerprinting, or that companies like Google are trying to avoid the regulation of fingerprinting by focusing on cookies. Such statements are false.
You're moving the discussion towards law enforcement.
Well, DPAs in EU are overwhelmed, but lawsuits and rulings are progressing. For instance, Facebook found out that they can't force behavioral advertising via their ToS or via legitimate interests:
That's not a lawful basis under GDPR. There are only 6.[1]
(a) Consent
(b) Contract
(c) Legal obligation
(d) Vital interests
(e) Public task
(f) Legitimate interests
What a lot of companies are trying to do right now is weasel through under "legitimate interests" (eg a lot of scumbag seo-monkey websites have cookie consent dialogs stuffed with "legitimate interest" switches even though that doesn't work the way they think), but it's not clear that "improving my services at the expense of people's privacy" would pass the "legitimate interest" test if that ever goes to court. Legitimate interest requires them to pass "purpose", "necessity" and "balancing" tests. The "balancing" test in particular balances the companies interests against the interest of the user in maintaining privacy. Here's more about "legitimate interest" under GDPR.[2] it's not the get-out clause that people seem to think.
It doesn't matter what the law says if it's not being enforced. Much more blatant GDPR breaches are still going unpunished, so do you really think they are going to audit every single website to make sure they comply?
My hope is that with recent rulings against Google, Meta etc. we might see an improvement across the board. Like there's some improvement with reject buttons: https://noyb.eu/en/where-did-all-reject-buttons-come
Absolutely and I have to say one of the problems with the (vast) ambition of GDPR in tackling what is a huge problem is that enforcement is a massive undertaking especially when the (alleged) transgressors are these massive multinational corporations who have practically infinite resources to put into evasion.
> Chrome's invasive new ad platform, ridiculously branded the "Privacy Sandbox,"
Ars seems to be confusing the topics API with the privacy sandbox as a whole. Most features are early, like client hints, while others like privacy budget haven't even been released yet.
And if Steve Gibson is to be believed Topics is not only an improvement, it's an unqualified good. (I'm not yet convinced though if Google didn't have so many other harvesting avenues I'd see it as better for privacy too.)
> Topics is not only an improvement, it's an unqualified good.
It's still sending interest information to advertisers, so it's an unqualified negative. Stop sending information to advertisers. Kill third-party cookies, and anything purporting to replace them.
Looking at 'Ad topics' in Chrome settings, they seem extremely generic and barely count as targeting. If disclosing these topics to a bunch of websites harms me, I don't see how? I don't care who knows them.
Here you go:
* Arts & Entertainment
* Computers & Electronics
* Internet & telecom
* News
* Online communities
Seems reasonably accurate, but so what? What am I missing?
Those are only some of the top categories, the taxonomy file currently has ~600 more detailed entries and it is rapidly growing. The goal seems to be well in the thousands.
I think Google is being reasonably transparent here:
- When this was introduced, Google asked my if I permit using those topics. I declined and now in the settings the toggle is switched off, just as it should be.
- Your topics will be listed when you open the ad settings.
- Instead of disallowing topics, you can also block individual topics.
Is it true Chrome keeps third party cookies while all other major browsers have disabled them long time ago? And disabling in Chrome isn't even scheduled, right? Then this is in addition to cookies.
Second, if you have a bunch of parameters attached to you, then you can be tracked. What exactly those parameters are doesn't matter, as long as the set is more or less stable and unique.
Third, do you really want to disclose your interest to every website? Without a way to opt out.
It does matter what is tracked, because advertisers need to be able to match on-site behavior to what they can identify and target in a bid.
You’re not disclosing your interest to every website. Your allowing your browser to store a list of your interests and then advertisers can target users who have those interests. This is miles more privacy focused than the current solution where any vendor can place pixels all over the web to build any audience they want, small or big. They can track really any data they want, combine it with any offline data see they want, and sell it to anyone they want.
At the end of the day, I think the categories are very broad and better respect people's privacy compared to what we had before. Some people in the privacy community seem to think advertising and tracking in any form should not exist and will always make a stink about whatever incarnation they take.
These proposals were made directly because of legislation like GDPR. It's not as if Google got up one day and said "Let's make our job harder."
> Some people in the privacy community seem to think advertising and tracking in any form should not exist and will always make a stink about whatever incarnation they take.
I don't think I'm in the "privacy community". It's my opinion that advertising will always exist, but tracking is complete horseshit and should be abolished ASAP. I don't think this is a very unpopular opinion either. There seems to be an attempt to Stockholm us all into thinking tracking is a necessary evil we must accept.
I'm not apologizing for google, but think many people who are against all forms of this aren't really thinking the problem through. The same way newspapers said "stop linking headlines to us" and then once some popular service did and all their traffic disappeared they came back and said "oh, wait, no, you can link to us"
For the ads, a large portion of the internet that people want (maybe not you in particular but lots of people in general), run on ads. Arstechnica runs on ads, theverge runs on ads, slashdot runs on ads, the register runs on ads, kotaku runs on ads, tech crunch run on ads. To name a few sites that might be popular here
If those sites can't support themselves they'll more than likely disappear. If all those sites disappeared I feel like plenty of people (maybe not you but more people than not) would realize that they thought they wanted (zero disclose) lead to outcomes they didn't want
I feel like Google is genuinely trying to do something positive here. Provide a way of those sites to still target ads, still check if an ad was effective, still try to check for bad actors making fake clicks, but also be practically un-attributable to a single user.
Going through the actual specs, they really are trying to make it so you can't track and individual but sites can still function based on ads.
Is it in Google own interest? Yes. But it's also in the interest of sites people want which means it's also in the interest of the people who want those sites.
Apple on the other hand, would prefer you be tracked directly by having you download an app for each site where that app can track you way more than a browser with these features can track you.
> If those sites can't support themselves they'll more than likely disappear.
Newspapers and television (pre-digital) managed to survive just fine on advertising before tracking was feasible. There are also subscription services. Content is not going to simply disappear if tracking goes away. Sites that depend on tracking for their survival will adapt or die, but that's fine, businesses fail every day, and I'm certainly not sympathetic to businesses who depend on what I would call unethical practices.
The problem is when regulators ignore an industry for years upon years (capture). Entire industries can grow out of practices that would otherwise have been restricted. The longer it takes, the harder it becomes to implement sane regulation. Instead we just get used to what's most likely a shittier society (the political impact of tracking and nudging).
> For the ads, a large portion of the internet that people want (maybe not you in particular but lots of people in general), run on ads.
The internet I want is one with sites run by individuals doing it because they are passionate about certain topics, NOT because it can be profitable when you slap ads on it. Today, the former has a hard time gaining visibility because the latter has much more incentive to make sure you land on their content farm before other sites. Many people don't even know that the former exist. But that doesn't mean that we need the latter. The internet does NOT depend on ads.
> Arstechnica runs on ads, theverge runs on ads, slashdot runs on ads, the register runs on ads, kotaku runs on ads, tech crunch run on ads. To name a few sites that might be popular here
And Somalia runs on piracy so we need to make sure piracy remains possible? Fuck no. Those sites run on ads because that's currently the path of least resistance. They have alternatives.
> If those sites can't support themselves they'll more than likely disappear.
And for a lot of sites, that's OK. There will be replacements.
> If all those sites disappeared
They won't (at least not without replacement) as long as people have a use for the content they provide.
> I feel like Google is genuinely trying to do something positive here.
Are you perhaps interested in buying a bridge?
> Going through the actual specs, they really are trying to make it so you can't track and individual but sites can still function based on ads.
Anything that supports ads is decidedly bad. Slightly less bad is still bad.
> means it's also in the interest of the people who want those sites.
Nope.
> Apple on the other hand
is irrelevant. I can avoid apple devices but there is only one Internet.
When a large, publicly traded ad-company (that relies on collecting data and tracking users for most of it's income), creates a product that costs them quite a lot of money to make, and then gives that product to you for free...
Do you expect them:
A.) to be taking a loss on that product because they really just want to gift it to you from the goodness of their heart with no ulterior motives?
B.) to actually have another way to make money from that product, which makes the whole endeavor financially worthwhile to them?
People are bending over backwards to justify why they should continue using a browser that is actively hostile to them made by a company whose sole revenue comes from collecting the entire world's data at all times.
I don't mean to trivialize it but it seriously reads like an abusive relationship. Or an addiction or something. Just leave, man.
I read a very apt quote[1] on HN a month ago, about how much Google values Chrome users thoughts:
> Chrome user opinion to them is important to their business in about the same way meatpackers care about what cattle think of the design of the feeding stations. As long as they keep coming to eat, it's just mooing.
It 100% is an abusive relationship. And it's the same as with Microsoft and Windows. People struggle a lot against it, but at the end of the day, they are completely vulnerable to Windows, as they depend on it.
I don't use Chrome as my main browser but I can see one reason why people continue to do so despite the problems with it: there are simply no good alternatives, only slightly less bad ones. Mozilla absolutely does not care about your privacy as anything other than a marketing tool or they wouldn't keep pushing adding a million different ways the browser phones home and in some cases executes remote code each release. They are also funded by Google. Brave is mired with crypto and also involved in ads. Edge is Microsoft, enough said. Same for Apple's walled garden browser.
If you have to chose one devil over another anyway it becomes easier to put your convenience first and ignore the rest.
We can ignore everything except the last sentence because convenience is all it boils down to. Protecting yourself is annoying. It's annoying in part because companies like Google make it annoying on purpose. They make so much insane money from preventing people from protecting themselves (from Google) that they fund their competitors to buy public goodwill.
Even if you somehow think that Mozilla is as bad as Google, which, to me, is a ridiculous notion, you can still choose the lesser of two evils. At the end of the day Mozilla is a foundation, a legal entity which is driven by its mission[0], and Google is a corporation, a legal entity which is driven by profit and data collection. And there are also tons of other browsers that are less bad than the worst one.
To choose Chrome is, again, to bend over backwards to justify continual use of an abusive tool, in the name of convenience.
I'd expect the government to step in because that is a highly anti-competitive distortion of the market. Microsoft once got punished pretty badly for including a free Internet Explorer with Windows, to the detriment of Netscape. I'm not sure Google pushing a free browser to the detriment of Mozilla is much different.
Not the best example though, as Windows these days is pushing Edge as anti-competitively as ever.
Windows now comes with three built in browsers: IE, Edge(Blink), Edge(Webkit) - none of which can be uninstalled.
Every other update users will bugged about switching to Edge again (exact amount varies by version and locale).
System apps will ignore default browser settings and use Edge to open all links (except in the EU they very recently went back to using the default browser again).
Browser-choice dialogue is gone, instead Edge will pester you if try to use it to download another browser.
Point being, all those punishments did absolutely nothing to stop or curb the anti-competitive behavior.
“Not the best example though, as Windows these days is pushing Edge as anti-competitively as ever.“
I'd say that makes it an excellent example because it clearly shows that government enforcement of those rules used to have teeth. But since lost them.
They changed from I-Can't-Belive-It's-Not-Trident to Blink, yes. Not from or to WebKit unless you count Blink as WebKit, but ggp already lists Blink separately.
I’d expect them to consider Chrome a loss-leader to get people online since the vast majority of their advertising is online. So giving people the best possible web experience will increase the amount of ads they’ll see.
Everyone already have built in browsers. If chrome was shutdown tomorrow its not like people would all go offline because they cant access the internet.
what argument are you trying to make here? something about the current state of the webkit engine, or more like the long-term resilience of the ecosystem?
My theory is not just giving people a browser but giving them the best possible experience. Chrome has an enormous market share given every OS and device comes with a free web browser. Further the developer experience using Chrome is also superb!
I am a live long firefox user that also uses chrome. The difference between the two in term of performance is so small and differenciated between various areas, it doesn't even matter.
Usability is a very subjective topic, but for me there are things in firefox or it's addons that I cannot have in chrome.
And in the end I need to trust my browser for daily (non-developer) use. Trusting google is naive. I don't say Mozilla is deserving of unquestioned trust either, but out of the two it is the better choice.
Firefox runs at about half the performance of Chrome for our use case and other people doing similar stuff report similar results. I wish it wasn’t so clear cut.
All the developers tayloring their applications to chrome has its inpact for sure. But in daily use you will also find cases where Chrome is slow and clunky and Firefox fast and smooth.
In the end my (very subjuctive) judgement is that the performance difference in daily use doesn't outweigh the benefits of not using the browser of the monopolist that makes their money with data collection.
That doesn't mean I don't use the browser or it's engine in other ways tho.
Hah, no, Chromes market share is an obvious fact but the developer experience bit is just my opinion and admittedly my use is probably different to the average webdev.
I also think this recent change sucks so it’s not all roses.
Google aren't doing it out of the kindness of their hearts. Dominating the browser market means de facto free reign on setting standards. Chrome isn't a nice freebie, it is the most important moat Google has for its AF business.
Without Chrome, Google has no control over its product (your eyeballs as you browse) at all.
My understanding is that DDG relies on selling "keyword match" type ads based on what you searched for.
For example: if you search for "standing desk", it will include one or more paid ads that are keyed for some combination that matches with the search query. Those ads aren't targeted at you based on your gender, or your home address or where you eat lunch on Tuesdays or how many devices you regularly use or any number of other creepy shit Google tracks about it's flock of willing cattle.
It's a good point but also not that cut and dry. Chrome started as Webkit, which forked from KHTML, which was part of the very open source KDE.
Has Google benefitted more from other people's open source contributions, or have we benefitted more from Google's open source contributions? The answer is not obvious to me.
If (as was stated) Google's Chrome is based on KDE, than any user of Google Chrome is necessarily impacted by KDE. Meanwhile there could in theory be some user of KDE who has never used Chrome.
So the set of lives affected by KDE is the same or larger than the set affected by Chrome.
Your argument works only if we consider being affected by something to be very broadly applicable and unconditionally transitive. Someone who uses Chrome from version 100 onwards might be using something with traces of KDE code, but those traces are probably so small after all these years and forks that I wouldn't count them.
Google is definitely no stranger to shutting down and killing unprofitable products - often pretty early even. They have a long history of doing just that.
And being a publicly traded company - they would have to shut down Chrome as well, if it actually were unprofitable/not worthwhile.
And they do have the data needed to actually get a relatively accurate picture of how Chrome affects their bottom lines overall. They know what they are doing, giving it away for free.
Honestly I never quite understood why most folks switched so easily and unquestioningly to Chrome.
Maybe I'm just an open source purist. However, I will say that in almost all tests with websites I am actually using Firefox is faster.
(Maybe not that much of a purist: I do use Chrome at work as we're using various Google products... docs, meet, etc, and those work better on Chrome. Go figure.)
When it first came out, Chrome was much, much more performant than Firefox, and had better standards compliance than Safari. It was just a better browsing experience. V8 was a big deal performance-wise.
Firefox has since largely caught-up from a performance perspective, although there is still some functionality inconvenience.
Of course the stated attitude toward the user is night and day - I switched back to Firefox about the same time they started integrating Gmail / Google accounts into Chrome.
When it first came out, it really was so much faster than every other option that even ordinary users would immediately notice a difference. 2008 Google also had an incredibly positive reputation. If you tried to tell someone in 2008 that Google was an advertising company, you might convince them to agree that it was technically true, but they'd tell you that it was a stupid and reductive view of the company. Everyone was on board with the idea that Google's goal in creating Chrome was to help grow the web because obviously google search was reliant on the open web doing well.
I wouldn't underestimate the impact the Chrome TV ads had on regular computer users. The banners atop Google search results encouraging people to switch also played a big role. by the time Chrome launched, I think there were a ton of people who were sick to death of hearing one extended family member or another who was into tech cajole them to drop Internet Explorer. Switching to Chrome was easy. Just click the link that Google gave them, and plus, they were familiar with it from TV.
Chrome also stealth installed itself with Adobe flash and reader updates with a default check. I remember it in antivirus software and who knows what else.
I'll admit this traditional installer dark pattern seems quaint compared to what OSes regularly attack users with these days but this was the behavior of most pay-to-pack-in crapware at the time.
Let’s not forget the bubble we’re in here. Google are aiming for Jane and Joe Muggle who click on that icon to get the internet. Google have done a really effective marketing job there, Chrome in that sense is almost like a virus in the way it has propagated for no other good reason.
Firefox also can display images correctly if the site happens to not include a web optimized version in the correct resolution. I don't know the web you visit, but that is pretty common in a lot of places.
Chrome users looked at worse versions of images on the web for years. It is a completely bonkers performance optimization.
Chrome did kick Firefox off in web development tools though, so I can understand some people. But today I don't think there is much difference anymore. I am not web dev though. On the other hand webdevs should know about image quality on websites.
Following this launch I've been test-driving both Firefox and Vivaldi. I'm surprised how few issues I've encountered browsing with Firefox, despite it not being part of the Chromium borg.
I dare say it's actually a nicer experience overall than Chrome, with the caveat that I haven't looked into battery life impact yet.
There are a few replies on performance here: I didn't notice at the time, I just did it because Google was still a 'cool' company.
In the intervening years I bounced between the two depending on which made the most asinine UI decisions but settled on Firefox when my FOSS sensibilities and distaste for Google hardened.
Google sites and services where constantly nagging users to "upgrade to Chrome" and some even broke on Firefox (unless you changed the user agent string to chrome). It was also bundled on nearly every software download site, so you got it even if you never explicitly asked for it.
I use Chrome in development on a Windows box. Here is my experience with this upgrade:
1. Upgraded manually from 116.0.5845.179 to 116.0.5845.180 through About dialog.
2. Restart. No notification that anything has changed.
3. Go to settings, privacy and security, privacy guide, and on the 4th page (only 3 pips!)
Or go to settings, privacy and security, Ad privacy (the new element)
4. The privacy guide blurb: Privacy Sandbox trial
Chrome is exploring new features that allow sites
to deliver the same browsing experience using less of your data
Under Ad privacy:
5. Ad topics: Site-suggested ads.
Based on your activity on a site. This setting is on.
6. Site-suggested ads.
Based on your activity on a site. This setting is on.
7. Ad measurement.
Sites and advertisers can understand how ads perform.
This setting is on.
This roll out is filled with dark patterns. At (2) there is no notification that anything has changed. If not for this article, I would not have known about this at all. At (3) the feature seems intentionally hidden. At (4) the description of these features misleads the user that the purpose is to "use less of their data". This is false, or at least badly misleading. At (5,6,7) they've defaulted all new "features" to "on".
This is all so shady, and very un-Google like. I have such high regard for the Chrome team: was there push back on this? Do they realize what a bad look this is?
Let's say that they do realize it. The 0.x% of users that are aware of, understand, and will do anything other than just blindly continuing to use the software is an acceptable number of lost users. In other words, everyone reading HN could stop using Chrome right now, and Googs would not notice the blip
I was expecting this response, and let me say: it fills me with distaste. You cut off any possibility of improvement, on their part, because no matter what they do, you won't accept it. It is the opposite of constructive criticism: it is an ideological stance.
I'm having a difficult time trying to remember the last time Google benevolently made a change to improve user privacy without trying to further entrench their status.
This doesn't seem fair to wholly categorize skepticism of Google's motives as an "ideological stance" if Google hasn't demonstrated any willingness to change.
New privacy features that ship less finger printing data? Part of some nefarious plot to harm their competitors ability to harvest data. Won't anybody think of the poor third party tracking/finger printing providers?
They are definitely acting in far more ethically concerning ways than they used to, but as for literally ditching the phrase “don’t be evil”, most of the internet conventional wisdom on that is incorrect.
When they reorganized to have Alphabet as a new parent company, Alphabet’s code of conduct said “do the right thing”, but the subsidiary Google that still makes everything we usually discuss as Google kept “don’t be evil” in its code of conduct. At a later point Google did move that sentence out of of the most prominent position in the preamble, but it’s now in the second-most prominent place, right at the end.
But, yes, as I said at the start of this comment, they do a lot more awful or potentially evil things than they used to.
Disclosure: I worked for Google years ago, but I left before all the changes I discuss in this comment and had nothing to do with any of them. I am sad to see Google decline to roughly the level of being at least as ethically good as most of their major competitors, instead of far better as they used to be.
On the first launch of a given profile I'm getting a modal pop-up window that says this:
> Enhanced ad privacy in Chrome [this is bold, centered, and larger font]
> We’re launching new privacy features that give you more choice over the ads you see.
> Chrome notes topics of interest based on your recent browsing history. Also, sites you visit can determine what you like. Later, sites can ask for this information to show you personalized ads. You can choose which topics and sites are used to show you ads.
> [a graphic]
> To measure the performance of an ad, limited types of data are shared between sites, such as the time of day an ad was shown to you.
> More about ads in Chrome [V]
> You can make changes in Chrome settings
> ["Settings" and "Got it" buttons]
Clicking the V-looking thingy next to "More about ads in Chrome" expands that to add this:
> More useful ads [that is in bold]
> Sites can ask Chrome for information to help personalize the ads you see.
> • Chrome notes topics of interest based on your recent browsing history.
> • Sites you visit can also determine what you like based on your activity on the site. For example, if you visit a site that sells long-distance running shoes, the site might decide that you’re interested in running marathons.
> Later, a site you visit can ask for this information — either your ad topics or ads suggested by sites you’ve visited.
> Chrome auto-deletes topics and sites that suggest ads within 30 days. Or you can block specific topics and sites you don’t like.
> Measuring how well an ad performs [that is in bold]
> Sites you visit can ask Chrome for information to help them measure the performance of their ads. Chrome lets sites collect limited types of data, such as the time of day an ad was shown to you.
> Learn more about how Google protects your data in our Privacy Policy.
It's nefarious how they ask you if you want to turn on "ad privacy", indicating that this feature increases your privacy when in reality it does the opposite.
Technically they’re correct: the privacy offered by this new system is superior to that which is offered by the web with no tracking protection.
Thinking about it in a very abstract way I find the whole thing fascinating. Google is clearly terrified that the tracking protection offered by other browsers is going to become the norm and they’re trying to head that off at the pass by implementing this compromise. But I’m not sure why they’re all that worried about it, they still have the lions share or the browser market. Maybe they’re worried about incoming legislation?
If I'm understanding correctly, they're not turning on some other tracking prevention when you enable this "feature". It's strictly a privacy downgrade.
Not yet but they can't just turn off third party cookies arbitrarily in their browser without giving time for sites and advertisers to update their systems to account for the removal. They're already facing anticompetitive/monopoly scrutiny on many other fronts, they don't need to shoot themselves in the foot in the advertising space as well. Thus the first step is to implement a replacement technology first and then make the change.
> Not yet but they can't just turn off third party cookies arbitrarily in their browser without giving time for sites and advertisers to update their systems to account for the removal.
This is a good example of anticompetitive/anti-monopoly regulation not only not protecting consumers, but in fact making things actively worse.
A better regulatory response would have been "having an advertising/analytics product and a browser product in one company is anticompetitive, split one of them into a separate business from the other, and then the browser product must not privilege the advertising/analytics product". Then the browser could, in fact, just disable third-party cookies without giving advertisers and analytics companies another alternative.
> Not yet but they can't just turn off third party cookies arbitrarily in their browser without giving time for sites and advertisers to update their systems to account for the removal.
No, they literally can't. The UK Competition and Markets Authority made Google promise they won't remove 3rd-party cookies from Chrome before adding alternatives.
You are assuming reasonableness on behalf of the regulators in question. In an ideal world, they hopefully said "you cannot give information to your own advertising/analytics division that you don't give to others". However, they could just as easily have said "you must provide either third-party cookies or a replacement for them", without offering the much more reasonable alternative of turning both off and not giving Google advertising/analytics any information either.
So, what did the regulators actually say, and does it in fact allow Google to turn off third-party cookies without any replacement? If it does, then this is Google's fault for adding this feature in Chrome. If it doesn't, then this is the fault of bad regulation.
They could also not run a global surveillance panopticon so that there wouldn't be an unfair competitive advantage. Or telling the UK to get bent and that they won't offer Chrome there is apparently a viable strategy given recent developments with encrypted communication there.
In any case, this is still strictly a privacy downgrade to turn on. It's still deceptive to imply turning it on improves privacy.
After the launch of this feature they plan to disable third party cookies. It's not happening simultaneously because they would get hit with antitrust suits by adtech companies if they gave no time to transition.
They’re planning on turning off one tracking system they use on us and turning on another, that’s not “tracking prevention”. Every other browser just turned off the old and didn’t replace it, and users are better off for it.
> this feature increases your privacy when in reality it does the opposite
My clarification is that their new tracking system does increase your privacy compared to the old. It just doesn’t increase it as much as other browsers. We’re not in disagreement about what is better for users.
We’re in agreement on the relative privacy, too. My point was just to challenge this “protection” / “prevention” framing. If somebody regularly mugs you then announces they’re going to start taking half as much when they mug you, and that only in response to people increasingly fighting back, framing that as “mugging protection” or “mugging prevention” is not just inaccurate, but pushes an assumption that this person is actually helping us and that demands of no mugging at all are unreasonable.
Third party cookies can do everything the topics API can do and more. Third party cookies lets sites collect granular data about what exact site you on and any data they want from it. This API just gives them some topics which may even be a random chosen one and not a real one.
Precisely. The article (and seemingly everyone else) fails to realize that topics is reducible to TPC. If you have TPC then topics provides no additional tracking capability.
Topics is a mess (see a great analysis from a colleague of mine[1]), but it’s a hard sell to call this current step nefarious.
Can you give me a source that enabling the topics API disables third-party cookies? And once Chrome has phased out third-party cookies the topics API will strictly decrease my privacy, not increase it.
> And once Chrome has phased out third-party cookies the topics API will strictly decrease my privacy, not increase it.
You are free to disable topics, sites, or even the entire system altogether. While it does decrease your privacy in return you can get more relevant ads. With 3rd party cookies if you disable them all you will break things even if those things are unrelated to ads.
Then bringing up third party cookies seems like a red herring. They're worse, but for example I have a pi-hole at home. This prompt will probably mislead my wife into accepting it as an improvement, while it will presumably undermine the tracking mitigations I've set up for her until I go fix it.
This is unambiguously a privacy downgrade, regardless of what third party cookies may also be able to do.
I think the Ars writer here is very uninformed. Floc is completely different from Topics, and if you actually read the Topics spec, it seems to be significantly better than 3rd party cookies? At least to me. Maybe I’m missing something.
Topics is a refinement of FloC… no third-party cookies and no Topics would be significantly better but Google is an adtech company and there’s anti-competitive concerns from other ad tech providers
He's faced enormous challenges due to Google's "privacy" policies... Google is removing nearly all access to user data, they don't even like you looking at the user agent string (which issues a warning)... not to mention its impossible to know about search traffic and even referring urls.
Meanwhile Google has access to all this data, so he tells me all this is just gaslighting so they can illicitly protect their monopoly on web data.
Seeing this all go down, it feels like this is exactly Google’s master plan.
1. Roll out stuff they brand as “privacy respecting” that actually collects data for their own use.
2. Brand anything that would give competitors access to that data (third party cookies, user agent strings, etc) as a threat to user privacy.
3. Lock all of that stuff down so that nobody can access it (“we’re protecting you!”)
4. I don’t think we need the ???, it’s just straight to profit, via monopoly over the data.
The brilliant/terrible thing about this is that third party cookie tracking is not great so it’s hard to set up a defensible argument where leaving things as they are is the better alternative. Apple and others have been waging a war on third party tracking for years now, and pushing public opinion in that direction, and it seems to me that Google is playing 4D chess here and using it against them (and frankly, the entire internet).
The solution is very easy for consumers looking for a real privacy solution:
Use a browser that is not made by an advertising company.
In other words, just drop chrome. It has never been easier to do, with Edge and Safari readily available on all major platforms and Firefox for those who prefer it, and of course the many other chromium forks that are around.
There is no reason to be dependent on chrome today. There was a few years where it was overly dominant and very hard to avoid for compatibility and performance reasons, but that is just not true today.
Personally I use Firefox on android and desktop and I don't miss chrome at all. I uninstalled (technically, disabled) it on mobile as Google widgets like to open links in it otherwise.
I have chrome on the desktop as I work in software so I need to test compatibility with it, but that's it.
Isn't Brave basically what Google is trying to turn Chrome into? I use Brave on my mobile phone, but honestly I'm kinda turned off by the weird advertising it shoves on me despite theoretically protecting my privacy.
I just go with Firefox on any actual computer since I can lock it down with whatever extension/config I want.
On Brave many of their ads can be permanently disabled in various settings menus. I use Brave on my phone and laptop and can't recall the last Brave ad I've seen.
Ahh ok - I think what I kept seeing were "Sponsored Images" on the new tab page. Finally found a setting that can be toggled to "Default Images" - hopefully that removes the ads. Some of them have been close to the line of appropriateness for me (i.e. weird anime mobile game ads with suggestive visuals - not something I want a full screen image for).
> Use a browser that is not made by an advertising company.
Personal opinion we need to tweak business incorporation rules to firewall ad business from all other types of businesses. Meaning General Motors can't sell ads. And ad companies can't sell cars.
And as someone on this site suggested extend antitrust dumping laws to services.
and/or make it illegal to gather consumer information without explicit, periodic consent. Make it doubly-illegal to sell data or rent it. (If "rent" doesn't cover it, also outlaw whatever thing google claims it does when it monetizes user profiles for ads.)
I’m so hurt by how Edge has turned out. I was ready for a tier-1 browser experience on Windows comparable to Safari on Mac. Microsoft has utterly wasted its leadership opportunity here, cramming in scammy garbage.
Firefox, god love it, is a rough and clunky browser by comparison. Sure you can make it what you want, but it’s an investment. As the only viable noncommercial cross-platform option though, what else are we gonna do
Yeah it works amazingly well. And offers some great features like offline translation and container tabs.
I have absolutely no issues with it. Websites all show perfectly, if I ever have an issue it's down to my many adblocking plugins blocking a little too much.
You know, I shouldn’t malign it. It’s really not bad at all in and of itself. I just wish it was as well integrated and as polished as some of the others can be.
On Apple OS also two alternative browsers rising: Arc https://arc.net and Orion https://browser.kagi.com Both making nice progress with their own strong points.
I really really love Arc. But I don't understand how they will make enough money to support the amount of work they've done. Their website seems to say nothing about this, and everything I've found about it so far is hand waving and speculation.
Arc is fantastic. Their product team is really well focused - the PIP view for google meet that dropped out of nowhere has been a game changer for getting through my day.
Going back to the alternatives from Arc for browsing and Hey for email management is always jarring. They aren't massive UX changes, but they sure are well thought out and impactful.
At least it anti-trust laws are hard at work! Glad it's not like the dark ages, when your operating shipped with a default browser that could be used to install any other browser you wanted.
> stuff they brand as “privacy respecting” that actually collects data for their own use
The kool-aid is in their definition of the word "privacy." You and I might think "privacy" means "other entities aren't observing you" but Google in their benevolence knows that it really means "Google will keep your data safe from third parties." Their newspeak doesn't even allow the concept of "data that Google does not collect."
(A friend of mine was involved in the launch of Google Allo. I asked them if it would be possible to use the virtual assistant features offline without sending everything to Google. They never spoke to me again.)
I don't think there's any 4D chess going on here. Nobody is buying Google's "privacy" argument. This is a simple case of other browser vendors improving actual web privacy and Google undermining that effort.
That is Apple's plan, too, except for the collecting data or profiting part. They still have a monopoly on your data, it's just locked on your devices.
In what sense is this Apple having a monopoly on your data? If it's "locked on your device" then they don't have it. This is literally what we're asking for, or at least half of it. I agree it'd be nice if we could retrieve everything from the device ourselves, but I'll settle for this (and ensure I never give my iPhone the last copy of anything I care about) over carrying a hostile observer everywhere I go.
This doesn't make sense. The browser provides the user agent as a header in HTTP requests. They can't detect if or how the server is using that information.
Or do you mean your friend's product is a browser plugin? In which case, um, yes, I don't want it having access to any more information than it it needs to do it's job (and honestly, probably not even that.)
Excellent. Sites shouldn't know what user agent we're using anyway. Pretty much the only thing they use this for is to lock us out when we use "unsupported" browsers. The less information they get, the better. Hopefully they'll get rid of referrer too and weaken fingerprinting methods.
I have no doubt Google has self-serving motivations here but the result is still a win for us. I wish Firefox had enough leverage to force decisions like this down people's throats whether they like it or not but it just ain't so. Reality is imperfect so I'll take what I can get.
Can't trust you either. Are you a bot? Well it's good to assume you are by default, since it's the majority of internet traffic anyway. And for your privacy, you're not exactly forthcoming with data to now prove otherwise.
So sorry, until you pay with a unique individual bank account to prove identity, you can't post on future social media sites. You are a bot after all.
Even if I was a bot, what of it? Your site should serve bots just as well as it serves humans. Only people who care about that are those who want to monetize our eyeballs by selling our attention to the highest bidder.
If it's costing you money, have your HTTP server return 402 Payment Required instead of the free page. That's how it should be.
There are vast reasons to prevent brigading, false information, information manipulation and any other number of malicious inputs that otherwise in a forum for people require trust to maintain community quality. Even for free reasons, especially say nice interest groups like one I used to be on for small satellites that got destroyed by uncontrolled bot spam.
I do not agree that every piece of the internet "should be" behind a paywall because bad actors exist. That world is the literal death of the "open" internet, putting everything behind a paywall.
Not something any one person should be the arbiter of.
> and any other number of malicious inputs that otherwise in a forum for people require trust to maintain community quality
Trust is how you solve this. Forums shouldn't be letting randoms sign up and post. Just like we developers don't let randoms commit to our git repositories.
But they want that mass market appeal, don't they? They want everyone to have input access, to be able to comment and participate. Usually because they're pushing ads and the more eyeballs the better. They're hopelessly dependent on "engagement".
> That world is the literal death of the "open" internet.
Not really. It might mean the death of the "free" internet but not the "open" one. The open internet is the one where we get to use whatever software we want to interoperate without restriction. It's the one where we get to use a Python script to scrape your site if we wish to do so. It's the one where we get to download videos with yt-dlp.
The project I'm currently working on is a community data aggregator for an upcoming election to improve election transparency. I will not be requesting user sign up or registration because the average age of the users will be over 45 and for a single day without getting into GDPR issues.
But I do intend to arbitrate if the election information being input from multiple geographical locations is valid data or not. Otherwise I'm not doing the project and the existing system of it only being owned by the largest political parties who have their own organization doing the tabulation. Others who have attempted this work have seen active manipulation campaigns over the course of their validation and speak to the only way to counteract the manipulation was bot control.
I do not want mass market appeal. I want the thing to get adoption for a day by people that would otherwise be casual at best internet users.
> The open internet is the one where we get to use whatever software we want to interoperate without restriction. It's the one where we get to use a Python script to scrape your site if we wish to do so
Sorry, Error 402, please provide payment. You're a bot until proven otherwise.
> But I do intend to arbitrate if the election information being input from multiple geographical locations is valid data or not.
How are you going to do that?
I live in a country whose supreme court routinely orders censorship of "fake news" and other kinds of "harmful" information, something not seen since the days of our military dictatorship. This year our government essentially created a ministry of truth. They censored "fake news" which literally turned out to be true after our current president was elected, it's comical.
How do you plan on being any different?
> Sorry, Error 402, please provide payment. You're a bot until proven otherwise.
The same way it's organized among the political parties. Word of mouth, social media and good will among interested parties who trust each other for a common goal of maintaining democratic principles. I don't come from a country that censors such work. Their main problem is it's all pen and paper by people that are usually schoolteachers and farmers on a normal day and they need the tech help.
> OK. Do you accept credit cards?
No I do not accept credit cards. I'm neither a business nor a payment processor. Please contact the administrator. Don't expect a reply. If you have to cold call, you're not in the existing trusted network where others vouch for additions to the network and will be two-factor geo-IP verified. Good luck with your python scraping in your world.
A good democracy will have access for whoever requests it to validate and learn about their peers more, not forced behind a paywall. Hopefully by enabling my ethos, it marginally feeds towards culturally maintaining that my country doesn't have a Ministry of Truth and other forms of democratic deficits.
A core of Democracy is indeed preventing ballot stuffing when people go to upload the vote results they see. We're just not talking about electronic means than paper ones. You say "me", why is your script different from a Russian-style nation state trying to put weight on the scales? Or trying to DDOS the site? And if you are indeed different, to make the distinction in any way, some form of meta information must be monitored and acted upon. You may be innocent, I can not know that in the technological future you propose. Without information, as per security best practices, the wire defaults to closed, not open. The cost is the loss of ease of use and access, but the data integrity is more important than your scripting convenience. The data can at least represent the historical record. Without that historical record, scripting of false data is worse than useless and actively dangerous and not worth putting into the world.
> A core of Democracy is indeed preventing ballot stuffing when people go to upload the vote results they see
> You say "me", why is your script different from a Russian-style nation state trying to put weight on the scales?
Don't accept votes from unknown, untrusted randoms. Even in my country where the election is fully digital, they check my ID before letting me vote. There are ways it could go wrong but that isn't one of them.
> Or trying to DDOS the site?
They can't DDoS you if you have them pay for the resources required to serve them.
> Don't accept votes from unknown, untrusted randoms.
Trust can be built from metadata. You stop it from being unknown, by shock, building up knowledge through recording it.
> They can't DDoS you if you have them pay for the resources required to serve them.
Not a payment processor. Not a business. Nobody is going to pay for membership. This is not on the table.
> That's fine.
I deeply disagree and you're not changing my position on that nor am I likely to change yours. But I'm the implementer, so guess which way it's going. See: Not accepting your money.
What I have though gotten out of this conversation is that I'm now aware of how much more complex feature set I need to put into the first party tracking to get it right in a shifting tech environment. So food for thought.
> But I'm the implementer, so guess which way it's going.
You're an implementer operating in a deeply adversarial environment where everyone is your enemy. Everything you do can and will be circumvented, especially by the Russia-style attackers you mentioned. See the copyright industry's fruitless attempts to curb copyright infringement. If it actually looks like you succeeded, it's only because people didn't care enough.
Unless the free computing we enjoy today is completely destroyed to the point we can only run government signed software, there's little you can do to defend against these things. To stop this, you will need tyranny the likes of which will destroy everything the word "hacker" stands for. I presumed you cared at least a little about that since you're posting on Hacker News.
Everything can be circumvented. I but this isn't some SaaS service, I don't need to survive forever, just about twelve hours. I can achieve that.
Yeah, I grew up and realized that there's more to the world than mere developer convenience above all else. If Hacking means siding with the developer over everyone else in humanity and societal benefit, let it burn. Luckily, that's not my definition.
I've always advocated for feature detection. If you test for typeof Object.assign !== 'function' you can be sure you have a reasonably recent browser. If you want fetch, test for window.fetch.
This sort of thing always feels like it's going against the grain, with someone always asking "why wouldn't you do this properly. You know, build an allow list of user agents and match against them". I fully support people being forced into detecting the features they want and doing away with this nonsense,
I don't think web developers should be able to detect stuff like that either. Their ability to detect stuff provides identifying bits for fingerprinting. As far as I'm concerned, all the browsers should normalize the return values of those typeofs and all related functions so that Javascript can figure out exactly zero bits of information about the environment it's running on. Just like browsers will lie to Javascript when it tries to figure out your browsing history by checking the color of links.
The web platform gave web developers way too much freedom and they're abusing it. God giveth and god taketh away.
There's simply no way that can ever be built though. "Browser v2 provides X which will call argument 1 in 2 seconds" -> how would browser v1 possibly hide that it is not v2? Anyone can build a thing that checks for that behavior, and now you have a piece of information.
Or for more useful stuff, "X gets you data from URL Y". Either you get that data or you don't. Voila, data about the browser.
The only alternative is that you never ever release any new features or fix any bugs.
How does cryptography software avoid such side channels? Normalize the performance somehow.
If I remember correctly, Firefox's fingerprinting resistance will actually slow down functionality to achieve that. Reduces the precision of performance timers or something. Makes CAPTCHAs exponentially more obnoxious.
It hides that by being incredibly restricted in what you can do with it, lest you leak side channel information. To the point that you can't do much of anything useful, much less general computation. They're finely crafted Faberge eggs that break if you sneeze near them now or discover a new way of sneezing in the next few decades, not broad tools.
So... yes, you could build a "browser" like that. It would effectively have no scripting at all though, nor could it ever introduce new semantics that send data to another site, directly or transitively. You can do some stuff with that kind of system, but it's limited enough that most people don't choose it.
Gopher exists I guess? Lynx too, though lynx supports css, and that largely can't be allowed either.
Sounds good to me. Javascript is too powerful and should be limited. I shouldn't have to worry that my browser is executing remotely downloaded code that could exfiltrate an unbounded amount of information about me. They should either they get it right by doing it in a way that doesn't harm us, or they shouldn't get to do it at all.
The web should be fully declarative and permissions/capabilities based. If they can't do something that way, they shouldn't get to do it at all.
Yes, it is too much power for them. Power which they abuse by fingerprinting us. Browser vendors agree with me: they reduced the power of developers by lying to Javascript when they tried to check link styles.
Huh. Now I'm not sure Javascript should be able to do any of those things either. Now that you mentioned it, I remember reading about how sites fingerprint users by timing keystrokes and mouse movements and numberless other things.
Maybe the ultimate conclusion is Javascript should not actually exist at all. The web should be declarative, not executable. Developers tell the browser what they want and the browser does it. If it can't be done that way, it isn't done.
Just like Chrome's Manifest V3 making extensions more declarative and limited. My only problem with it is the fact it cripples uBlock Origin. I actually do want those restrictions applied to 100% of all the other extensions, it's just that uBlock Origin is too important and trusted and should be an exception. Honestly, uBlock Origin should be literally built into the browsers at this point. The only reason we can't have that is the massive conflicts of interest involved: can't trust an advertising company to maintain an adblocker.
Using an Abortcontroller with fetch for example is only recently supported. I like to use it where I can, but I don't want to crash on a slightly older browser. Feature detection is absolutely practically useful.
I have no doubt that it's useful. My point is it enables abuse towards us and that the potential for abuse overrides the utility.
Road to hell is paved with good intentions. When you propose a law, you must also think about the numberless ways it could be abused and misused to cause harm. Same principle applies here. The code shouldn't just fail, it should fail in ways that prevent the developer from even knowing it failed much less why. Simply because that would leak information.
It doesn't matter. Actually those plugins are straight up counterproductive.
The best user agent is the one that offers them the fewest identifying bits. In other words, the user agent of the most popular version of Chrome. The ability to set it to "anything we want" is actually a trap. What we really want is for everyone to use the exact same user agent so they can't tell us apart.
If everyone has the same user agent, it's nothing but a waste of bandwidth and it should be removed. Google is actually achieving our objective here.
Pointless. Firefox should just pretend to be Chrome by default without the user having to install plugins or even do literally anything. As should all the other browsers. Anything that leaks out the fact it's not Chrome should be considered a bug and fixed.
I'm all on board calling Google out for slowly implementing a user data protection racket, where Google owns all the data and everyone else is squeezed out and has to go through Google as The central data broker. At the same time this user agent reduction thing seems like a decent idea at first blush and good for users privacy.
Referer is not quite the same as how it was. In recent years, the default behavior in most cases is for the browser to either send just the origin, or no referer at all.
"Origin" means no path, so the referer might tell me which search engine the user used, but not what search query was done. It's much better than in the old days, where I might even see someone's session ID in the referer.
YouTube got around this in the earlier days since the referer header didn’t sent query strings. Maybe if referer hadn’t existed, YouTube urls would look like /watch/ViDeOID
My web development knowledge is very limited. But isn't this the main method where simple websites (most static generators) used to decide if the user is browsing from a mobile or not and serve a version based on that?
I would appreciate it if someone explain what other things people do to tackle this, or if I'm completely wrong?
Although really they should be using a pointer media query. Lots of sites I see randomly turn into mobile versions on desktop as soon as you resize the window narrow.
The modern solution is to use CSS with media queries. You tell the client how the site is supposed to look on various screen sizes. The client applies the rules without leaking any information about which rules it chose to apply.
The server now needs to respond with the Accept-CH header specifying it wants the client to send the mobile client header by including the "UA-Mobile" value. A compliant client will then send the Sec-CH-UA-Mobile header in its next request with either the value "?0" or "?1".
You have to do a split approach. Last I knew only Chrome-based browsers support the new UA headers. Firefox and Safari only support the User-Agent header which you have to check for the presence of "Mobi".
I agree that user agent is not the best idea but it helps endlessly when you need to find out what browser a non techy person is using - just ask them to go to one of the endless sites that tells you what browser you're using based on the user agent string.
Yes, you shouldn't assume consistent intentions from a behemoth like Google. However, in large and fragmented companies, leadership's moral compass often faces numerous pressures, and on average will trend downward in an economic system with perverse incentives such as the one we have today.
I’m loathe the defend Google but I don’t think this is the case. The replacement for user agent sniffing (client hints? I forget) is a universal thing and I don’t think Google has a secret back door tracking mechanism their ad network is able to use. It would certainly be a big story if they did.
> I don’t think Google has a secret back door tracking mechanism their ad network is able to use.
they have 80% population using search, youtube, storing browsing history etc while logged into google account, so they have lots of data about most of the people.
> you're the one who introduced the concept of it being secret
There is no publicly known method by which Google’s ad network is able to siphon extra data from Chrome users for targeting etc. If there is one, as OP’s friend suggested, definitionally it must be secret.
A while ago now I booked a room on Expedia, which ended in me getting a confirmation email with an itinerary to my Gmail backed address. Lo and behold, few minutes later a CTA pops up on my Android phone offering to create a matching trip in Google's trip planning product. I'm sure it's all above board once you got into the fine print but it was not a pleasant experience.
google "has access to all this data" in exactly the same way any other website does. you request the information you need from the client, and the client can choose to provide it or not. clients provide it by default.
hate on google all you want, but UA reduction is objectively a good thing. "my friend jacob wants to slurp up everything from the user-agent string on the first request" is not a good argument.
> Meanwhile Google has access to all this data, so he tells me all this is just gaslighting so they can illicitly protect their monopoly on web data.
To throw them in the same pit, they're taking a page from Apple's playbook: the privacy benefits for the user will justify any market effect from closing the platform and keeping all user data internals. Platform owner gets to protect the user from some of the abuse, while gaining a critical edge on the competition.
In the current climate, I'm not sure there is any good angle to solve this, short of strong regulation limiting the advantage they get from doing these "privacy first" moves (basically find a way to forbid the platform owners from using their own users' data...I'm not holding my breath)
> In the current climate, I'm not sure there is any good angle to solve this, short of strong regulation limiting the advantage they get from doing these "privacy first" moves (basically find a way to forbid the platform owners from using their own users' data...I'm not holding my breath)
Well, you could also look into removing some rules, in addition or instead of piling on new ones. Eg you could weaken intellectual property rights, to make it easier for upstart competitors to take on the established giants.
Or you could make it easier for foreign competitors to enter local markets. (As an example, the US has become more protectionist of their tech markets. And the EU has a lot of red tape that's even harder to follow, if you are from outside the area.)
> make it easier for upstart competitors to take on the established giants
No specific regulation is stopping this. If anything, all the regulation that are getting added have as a goal to reduce the red tape around smaller players and limit the extent of the giant players' monopoly.
If you were thinking about the rules forbidding dark patterns to suck client infos and accelerate growth, it would be a tough sell to be honest.
> If anything, all the regulation that are getting added have as a goal to reduce the red tape around smaller players and limit the extent of the giant players' monopoly.
No?
Lots of regulation just adds red tape in general, and there are clear economics of scale in compliance: larger companies have proportionally an easier time affording the legal experts they need to make sure they are compliant.
I took it more as an anecdote to show how Google is intentionally using its size and influence to engage in anticompetitive practices by forcing the adtech industry to standardize on technologies that only Google can use effectively.
More of a "be upset with Google" than a "feel bad for my friend" kind of thing
The privacy preserving ads tech has been around a while and a lot developed outside of Google and Meta. I made a stab at it while an intern at Mozilla, and we basically succeeded at the very easy part of accounting. Training the bandit is a lot harder.
Also the adtech industry in it's current form is harmful to users. First of it exploits tracking vectors. Secondly it's a malware distribution technique second to none.
it's not stifling any competition. the data that used to be in the user-agent header is now in the sec-ch-ua header. servers can set response headers to request more information if they want it, assuming the website makes more than one http request, which every website does.
We don’t need browser ballots. No desktop operating system comes with Chrome installed. Every desktop user who uses Chrome, willingly goes and downloads it. They explicitly made a choice.
If you do have browser ballots , you’re going to be able to “choose” which Chromium skin you want to use.
Most people know about Firefox and they still choose Chrome.
And if they choose Firefox - they are still downloading a browser where most of its revenue comes from…Google.
No one is going to pay for a browser. Any browser you choose is going to end up supporting itself via ads
OEMs bundle Chrome and for years so did other common apps like Adobe Reader. Android defaults to Chrome on mobile, which is increasingly important for non-technical users who may not even own a laptop or desktop.
These days sites often instruct users to install Chrome, especially Google properties that billions are already accustomed to.
Have we learned nothing from the IE era and the Microsoft anti-trust case?
You’re going to have a hard time convincing regulators that Google is acting monopolistic because it’s forcing less than 4% of the population to use Chrome
Regulators are asleep at the wheel in the US. Companies with a overwhelming market share of search and email can and do leverage that to push users to their browser, then their browser to track users.
It's becoming about control of eyeballs and defaults in several dimensions. Lazy and captured regulators are easily convinced to scope the definition of any given 'market' in whatever way their former or soon-to-be employers demand.
> not to mention its impossible to know about search traffic and even referring urls.
I think it was the migration to https everywhere that killed that. Not sure why it went down that way, or if Google was responsible.
But yeah, when I ran a blog, I would look through the referrer URLs to see what people were actually searching for and write articles about that because it was obviously an untapped void in the market.
That's exactly what it is. Google spends a fortune on lobbying Brussels to let the natives know that they have their best interests at heart. That's proof of the opposite as far as I'm concerned. Check out the ads on Zaventem airport (right next to Brussels) if you're ever passing through there, it's comical.
Or check this video if you can't make it in person:
Years ago I remember having a very similar reaction to many online platforms switch to https. It was pitched as protecting people from isp packet based ads but it always felt more motivated by locking the competition out of the data stream
No offence, but your friend Jake can go fuck himself.
I have very little trust for Google and other megacorps like it, but I have even less trust for parasitic entities like Jake that just piggyback on top of Google's already horrid practices to extract wealth from, so you'll find no sympathy for Jake from me.
Such is the issue with any business connected to a single large and private infrastructure provider. Of course this is, in part, why we have anti-trust laws.
It's arguably not, depending on how you slice "worse."
Google's philosophy on this sort of thing has been pretty consistent for over a decade: they trust themselves with user data. It goes in a vault, it's very hard to access inappropriately, and they have some of the best security possible on the modern web. Practically speaking, yes, it's still a risk; if the data collections get breached, that's all the data. But they don't see themselves as more of a risk than anything else out there, so for them it's not philosophically inconsistent to claim other companies doing what they are doing should be considered a privacy threat.
... And honestly, I think there's a good case to be made that if you don't trust Google to respect your privacy and secure your data, You shouldn't be using Chrome period, because the organization you don't trust controls the source code of that browser.
>this feature will track the web pages you visit and generate a list of advertising topics that it will share with web pages whenever they ask
This is factually incorrect. It works like third party cookies, but with privacy. A web page can only retrieve a topic if that site has already observe you visit pages of that topic. In order for you to observe a site that site must send a fetch request to you or embed you in an iframe.
If a random site calls document.browsingTopics() they get no topics as not enough data has been observed by them.
Everything I'm seeing is that it is Chrome doing this, not Chromium. If the Googs decides to add features on top of Chromium in its Chrome release, that does not mean that other Chromium based browsers will have those changes automatically as well. It totally makes sense to me that Googs would not want these in the base Chromium as it's the secret sauce just for the Googs
I would think Google would want this in Brave and Edge also. Google will want to advertise to the users of these browsers even though they aren't using Chrome.
My friend who was the biggest Google evangelist 10yrs ago who went through a round of interviews there (stellar Kotlin programmer) has completely written off the company after this announcement some months ago.
He's committed to deGoogling his life now and is even migrating off Gmail this weekend - I think I'll be joining him.
Opera, Brave, and Vivaldi are just Chromium with an extension or two added and a Chrome feature or two disabled. They're not legitimate browser competition.
There are only 3 real browsers today that meaningfully compete and control their own destiny: Chrome, Safari, and Firefox. Everything else is mostly just a fresh coat of paint on one of those browsers.
Apple, which owns Safari, is the largest company in the world. Alphabet, which owns Chrome, is the 4th or 5th largest company in the world.
Mozilla is a small non-profit that exists to provide meaningful choice. Those others are small businesses trying to make a buck riding Google's treadmill or surfing their wake.
What makes you think Chrome's market share will decrease? Google has a strong hold of their position, and other browsers are barely competing.
If anything, it wouldn't surprise me if Mozilla announces that they're discontinuing Firefox. Those alternative browsers you mention don't even register on the usage radar to be relevant in a browser "war".
Everything seems to indicate that we're heading towards an even worse single-browser dominance than IE had in the 90s.
It was lightweight and fast, but still managed to have a built-in mail client, RSS reader, and IRC client.
All with a consistent and clean UI that treated the user like an adult. Maybe I'm just old, but I hate the flat "everything looks like a webpage" UIs in today's browsers.
That's not the original Opera. That's middle-aged Opera at best, maybe even over the hill Opera.
I was there for nearly all of it.
I first played with the original Opera when it came out of beta in '96, as an attempt at an alternative to my regulars of Netscape and Thomas Bruce's Cello. It had none of that email or RSS or IRC, just a clean and simple MDI browsing experience.
It was great. By '97 and '98, their capabilities (they added JS, cookies, and image blocking) and performance were solid enough that Opera became my primary browser.
Opera, during '98 and '99, was absolutely the best browser UX around, for me anyway. MDI made up for Windows 95's and later 98's windowing UI which never anticipated that users might have dozens of web pages open at once completely destroying the utility of the Taskbar.
Opera's MDI, like Excel's MDI had done for accountants a decade earlier, was great for "power users" like me, while everyone else making browsers (mostly Netscape and Microsoft but there were a few others) seemed to be targeting newbies or "the enterprise". (The Web was early then, and bringing in new people faster than just about any tech had ever done before, but it didn't have much of the value it does today, so I guess it was reasonable to target new and casual users on the road to critical mass, but after MDI there was almost no going back for me.)
Opera 4, in mid 2000, soon after I joined staff@mozilla.org to help lead the Mozilla project, was the last version I used with any regularity, mostly because I really disliked the redesign and they began cluttering things with each new release while I was trying to convince Mozilla to do the opposite and simplify.
Opera did introduce an MDI switching toolbar then, which is sort of like tabs but really isn't, and that was a good step. But I'd used an actual tabbed browser in the late 90s on occasion, Adam Stiles' Netcaptor, and Opera's MDI toolbar wasn't that. It helped the MDI experience some, but it didn't transform it into tabbed browsing in any meaningful way.
Then Opera 5 introduced the banner ad later that year, just as Mozilla's browser component from the larger internet suite was starting to get decent, good enough that I stopped calling myself an Opera user/fan/booster and started identifying as a Mozilla user.
(The integrated search box on the Opera 5 toolbar did inspire us though, so about a year later we put one in the young Firefox toolbar.)
I checked in with most new Opera releases for many years, but by 2002 Blake and I were deep into working on Firefox and so I was able to help design in some of Opera's earlier simplicity, but with tabs rather than MDI. Rather than wait for Opera to get things back on track, I simply started building the browser I wanted with Firefox.
By the time Opera added email in 2003 and RSS and IRC in 2004, Opera was 8 and 9 years old. Jón S. von Tetzchner's original Opera browser was EOL in 2012 when Presto got cancelled, and was probably dead a year earlier when Jón was forced out (and perhaps even a year before that, when he stepped down as CEO) so yeah, email and RSS and IRC are almost exactly mid-life features in my book. Considering that Opera never recovered after those features were added suggests it was probably over the hill already. Today, and for the last 7 years or so, Opera is little more than a Chinese equity firm's mostly meaningless plaything.
> Would a VPN do what I need? Where are instructions that a n00b can follow?
Never used them myself but lots of HN commenters think highly of the VPN services offered by Mullvad [0]. In fact, right now, Mullvad is currently on the HN frontpage [1], from a blog post by Tailscale.
I’ve been waiting for years for Safari to support multiple profiles so I can have a work and personal profile, instead of using Chrome for work. Finally this year we’re getting that, goodbye chrome, it’s been a fun 10 years. Unfortunately Chrome turned into a bloated mess over time, even before this news I was waiting to switch.
Google was playing 3D chess when they started developing Chrome, and when they started making moves to strip away things like user agent strings, they were really just making the final moves of a campaign set years before to create a walled garden of ads data.
As much as I hate what Google has done with Chrome and I choose not to use it, the comparisons to the IE6-8 dominance are even more acute when you consider that Chrome is also successful in the enterprise due to its support for both typical group policy/Mobile Device Management configuration as well as its integration into Google Workspace.
Edit: I had initially said “dominant” in the enterprise, but I imagine that title still goes to Edge?
It would be impressive if it wasn’t so depressing and gross.
How so? I still fail to see any benefit for me from being spied on by the likes of Google only to show me adds that, despite all the profilong they do, fail to have any relevance for me. And browser choice is still up to me.
If Google and Chrome are mandatory for work, well, tough luck. But I do have the feeling that the enterprise versions are much less intrusive. And even if, I never do private stuff at my work machines and devices anyway.
Congratulations to everybody who's been working overtime to simp for Chrome for so long.
Firefox has had its ups and downs, but it and its progenitors have been great daily drivers for me over 20 years now. It's not too late. The best time to switch was, well, forever ago -- but today is also a great time to switch. Get on the fucking bus.
Like most companies, Google has a mission statement or "philosophy." Google's philosophy is divided into 10 points; each point is one sentence long. The first and most interesting is quoted in the title of this part of the book. Unlike most corporate mission statements, this phrase did not come about through long committee discussions: This statement is Larry Page's mantra. Early on, when people asked him about financing his projects, he always replied with something like, "Don't worry about it. If our users are satisfied, if we give them all they want and more, we'll be able to find some money.""
Wonder if there is a "Gentoo for browsers," where you specify certain parts of the stack: layout engine, HTTP engine (cURL), JS engine (V8, none) and conveniences (password management, bookmarks), and the script builds it for you.
The conceit is the ability to view responses as nodes in a graph, and laying filters on top. The tradeoff for performance being introspection and control.
I stopped using Chrome and uninstalled it from all my devices a year ago. It was hard at first, but you get used to other browsers pretty quickly (took me two weeks).
Safari on macOS works like a champ, and if I'm doing web development I switch to Firefox which has excellent developer tools (remember firebug?)
Didn't the very initial release of Chrome, many years ago, already create a unique, identifiable ID per user, and open a connection to phone home to Google servers (using that unique ID) on every single key-press and mouse click done anywhere in the browser?
I just want to say that I’m glad Apple does the exact opposite with Safari of what hostile things Google, Microsoft, and sometimes even Mozilla do to their browsers. Call me an Apple fanboy all day long but they proved for years that they care about speed, privacy, and even simplicity.
I found about https://librewolf.net/ from a web search. Has anyone here tried it or can recommend any other alternative firefox build without telemetry?
lol just updated my chrome before I saw this, I instantly got what it's about and didn't allow, why would I want any ads at all, I have a blocker, it doesn't matter, but that's sneaky from them and unhumane to push for that.
Why do people still use Chrome? I can kind of understand Google search, Gmail and Maps(though search kind of sucks nowadays), but chrome is turning into one of the most user hostile pieces of software.
And there are perfectly fine alternatives that do not sacrifice features or convenience in the slightest. I don't see a legitimate use case for Chrome.
Because Firefox exists. And anyone can use Chromium to compete with Chrome fairly rapidly.
It’s not the new IE. In my mind it’s worse than the new IE because it achieves similar goals as the IE abuse but without necessarily doing anything illegal.
Mozilla and Opera existed at the time, as well as a bountiful amount of IE shells which essentially acted as the Chromium derivative equivalents. Outside of Chrome (technically) shipping the same binaries across all the platforms it supports, and using scope creep in a more subtle way compared to 90s-era IE, I don't see how the situation is materially different between now and then.
This is not exactly right. Netscape Navigator was the original browser. Microsoft invested a lot of money to bring IE up to par and exceed Netscape’s capabilities. And once they wiped out Netscape they coasted and used IE as a Trojan horse to control the web. It was after IE6’s stagnation that Firefox was spun out of Netscape and took some time to compete. Firefox was first released in 2004 and IE6 in 2001. Opera which had been around was proprietary. To the extent they were interested in making the internet a better place it was only to serve their company interests.
Thars very different from the situation we have now where Firefox is well known and open source, and even Chromium’s open source so it can be leveraged by better stewards of the internet.
Don’t get me wrong. My argument is not that Google is better than Microsoft. My argument is simply that the situation we’re facing right now is very different from the IE era. If anything, I’m arguing that the Chrome era is worse because of how much more insidious Google’s actions are.
It was easy for the EU to essentially eliminate the IE threat by forcing MS to unbundle IE and for Firefox (and later chrome) to replace IE purely on the basis of providing a better software. Replacing Chrome on the other hand is a very different kind of problem that is possibly much harder.
Firefox is barely surviving. Skinning Chromium hardly counts as competing with Chrome.
I agree with you that Chrome is even worse than IE ever was. Mostly because Google is much smarter than MS was when it comes to ensuring market dominance. It will be much harder to dethrone Google, simply because Chrome is a much better product.
Maybe not yours, but it's baked into the operating systems used by billions of phones (Android) and millions of kids/others with generally lower tech literacy who may not have great context on the privacy implications of these changes (ChromeOS)?
Hey guys, please stop giving market share to Chrome. Firefox is not only an objectively better browser but you're supporting an open web instead of a terrifying data behemoth.
I think here on hn many people us Firefox, with Chrome as backup for institutional sites that won’t work on FF(at least it’s the case for me). Or other alternativies or all of them interchangeably based on purpose. What makes the real market share is the rest of world outside of hn
It is really hard to fight the advertising and luring of The Google machine. I never mind being annoying to my friends and relatives and talk about how Firefox is a safer and better alternative. People are often surprised that a choice even exists. To many just outside my circle, browser == Chrome , mail == Gmail, phone == Android, maps == Google Maps, payment solution == Gpay, and instant communication == WhatsApp.
It is hard to beat free.
My own 74 year old dad says.. be practical, I don’t care if Google wants to profile me as a 74 year old man interested in watching my regional language news and religious videos. Nor do I care if Google knows that I spend the little retirement money of mine buying these medicines or paying for the taxis. They can try targeting ads to me all they want, but good luck to them, I’m not going to book an expensive holiday in the Himalayas, nor am I going to buy something I don’t want to buy. I just want something that works in a way I have gotten used to. I don’t want change at my age.
I can sympathize with his argument. I just wish young people don’t find an argument like his..
We have regulations preventing some rich dude flooding the market with free product to gain a monopoly and then charge exorbitant prices. Why not the same for digital services in this internet age?
I wish we regulated internet services the same way. No “free” email, chat, social services paid for by creepy ad companies. The real cost of these services at the scale of the number of users is minuscule anyway. The field Google, Amazon, Meta and Apple plays at should be leveled for new competition - that is a Government’s duty to enable.
The biggest issue isn't that behemoth companies will try to do bad things. It's in their nature to do as much as they can get away with - even illegal ones - even at a short term loss. The biggest problem is apathy from others. Freedom isn't guaranteed - it's something you always have to fight to protect. It's not a choice.
> They can try targeting ads to me all they want, but good luck to them, I’m not going to book an expensive holiday in the Himalayas
I don't know if this argument is deliberately understating the issue. I'm going to assume it's not. The real cost of pervasive tracking and ad isn't forcing you to buy something. It's much deeper - like increased insurance premiums, denied insurance (based on data that insurance companies buy from data brokers), locked down and unrepairable devices (to force you to consume ads), massive scale political manipulation (like in case of FB and CA), suppression of labor rights and free-market employment (based on racial profiling, search trend analysis etc) and similar. It's going to cost you more than a ticket to the Himalayas - it's just not very obvious.
> Why not the same for digital services in this internet age?
It isn't hard for large companies to capture regulatory bodies. It isn't even effective in open market or even in cases where lives are at stake (recent cases of air crashes is an example). No regulatory body or the government is going to protect your rights unless you demand it. It's their duty, but it isn't going to happen without your insistence.
I can understand how such fights can be very tiring. However, dissuading others is irresponsible. Everyone has the right to ask for a non-dystopian future.
I know you understand this but Google doesn't care about the data insofar as they can sell it to the highest bidder in their literal real-time ad placement auctions. 4th and 5th parties are using thousands of behavioral signals to influence the reality that your father consumes in his regional language news and religious videos over years and decades.
Firefox is mostly paid for by Google, so I wouldn't suspect it's a threat to their goals. I think a 'dumb' protocol or partition of the web might be the best we can do.
Alternatively, go to this URL https://www.mozilla.org/firefox/ to fix this permanently.