Hacker News new | ask | show | jobs
by fumar 1823 days ago
> We believe the web community needs to come together to develop a set of open standards to fundamentally enhance privacy on the web, giving people more transparency and greater control over how their data is used.

> In order to do this, we need to move at a responsible pace. This will allow sufficient time for public discussion on the right solutions, continued engagement with regulators, and for publishers and the advertising industry to migrate their services.

> By ensuring that the ecosystem can support their businesses without tracking individuals across the web, we can all ensure that free access to content continues.

This proves Google's consumer privacy strategy is all smoke and show. It should come to no ones surprise they choose to follow the money (ads). Apple continues to improve privacy on Safari with every major update and Google is still sitting on the sidelines.

https://blog.google/products/chrome/updated-timeline-privacy...
3 comments
rektide 1823 days ago
news in the past two weeks has been of eu antitrust actions over issues including this 3rd party cookies change, and uk demanding their regulators get veto power over changing 3rd party cookies.

google is trying to escape a colossal regulatory hellfire that has sprung up in the last two weeks over this attempt to do the right thing, that other browsers already do. shit has just gone defcon4 & they are adding time to the doomsday clock that various national & supranational powers have just set ticking. set ticking for doing the right thing. scratch that, for having said they would be doing the right thing, hereby rescinded.

mark Nottingham wrote up some of these new regulatory regimes being imposed on Google on Monday: https://www.mnot.net/blog/2021/06/21/standards-competition-g... https://news.ycombinator.com/item?id=27578618

link
tristor 1823 days ago
Regulators aren’t concerned with Google blocking third party cookies, they’re concerned about it in conjunction with FLoC providing Google an anti-competitive moat in the adtech space where it also holds a dominant position.

If Google blocked third party cookies absent FLoC, regulators wouldn’t care.

link
loudtieblahblah 1823 days ago
Google is not doing the right thing.

They're solidifying control over the web.

link
fooey 1823 days ago
This is Google admitting FLoC is dead, so they're going to just leave things as they are instead.
link
fumar 1823 days ago
Are you saying all of Privacy Sandbox APIs are dead or just FLoC?
link
fooey 1823 days ago
Personally, I don't think the concept is a problem the industry can solve on their own.

If Google wasn't having anti-trust worries, maybe they could force it to happen, but it's too blatant now.

My assumption is 3rd party cookies die to regulation, and nothing gets enough consensus to replace them.

link
jefftk 1823 days ago
Why don't you think the browsers can agree on replacements? Most of the major browsers have proposals for replacing some piece of advertising-related third party cookies [1][2][3].

(Disclosure: I work on ads at Google, speaking only for myself)

[1] Safari: https://github.com/privacycg/private-click-measurement

[2] Edge: https://github.com/WICG/privacy-preserving-ads/blob/main/Par...

[3] Chrome: https://www.chromium.org/Home/chromium-privacy/privacy-sandb...

link
fumar 1823 days ago
I see this as a natural evolution of the web. The existing web standards and protocols no longer meet security or privacy user needs. Ideally, we do create better open standards. Apple’s Private Relay is great, but its gated off to paying customers.
link
listmaking 1823 days ago
I'd like to comment about this part from the Google blog:

> By ensuring that the ecosystem can support their businesses […] we can all ensure that free access to content continues.

Internally, Google believes that with Ads they are doing good to the world: the mission of Google Ads literally starts with "power the open and free internet…" (you can find it online). The idea is that for every site online that carries ads on it ("publishers"), it's the website that has chosen to put ads there, to make money. So the assumption is that if websites couldn't make money from ads (or if they made significantly less money, because of worse ads) they'd either stop hosting the website or put it behind a paywall, and users wouldn't get "free access to content".

Of course this applies only to those sites on the internet that have ads at all (doesn't apply to HN, Wikipedia, government/academic websites etc), but then again, ad-tech third-party cookies are also only present on such sites anyway.

-----

(I work at Google in Ads but not on anything related to any of this; this is all my own opinion posted from an alternate account. I find ads annoying and use an adblocker personally, so I was surprised to encounter this point of view.)

-----

Rather than "Google's consumer privacy strategy is all smoke and show", the sense I get internally is that Google is serious about "as much privacy as possible without seriously affecting our revenue". A couple of examples:

- [Edit: Added this point later.] In 2019 most (all I think? It's hard to tell) of "what Google knows about you" was consolidated into a single "My Activity" page (https://myactivity.google.com/), with user controls for turning things off or individual items. This was a lot of effort (Sundar at TGIF spoke proudly of it; see also the blog post https://blog.google/technology/safety-security/putting-you-i...), and personally as a user I feel better having control and visibility over what exactly what Google knows about me, but I don't remember much media coverage or discussion of this; maybe not everyone finds this exciting. :-)

- In 2020, they changed the default for new users to auto-delete this "Web and App Activity" after 18 months. Probably, this doesn't hurt Google's revenue much because data older than this is not very useful for Ads anyway, but it is still an increase in privacy compared to Google remembering everything about you forever (just not as good for privacy as defaulting to Off).

- FLOC is their answer to "how can we have the same level of user-targeting in ads, with more privacy?" The idea is that to decide whether to show me ads about shoes it doesn't need to know every site I've ever visited; it just needs to know roughly what kind of person I am. The old model is that every site carrying ads by Google would have a third-party Google cookie that would record your visit; the new FLOC model is that your browser privately builds up a profile about you and just reveals which bucket you fall into. Obviously your browser tracking you isn't as much privacy as no tracking at all, but if you start with the assumption that well-targeted ads ought to exist and try to maximize privacy under that constraint, then FLOC is a reasonably good answer to that question. (I know some smart privacy/crypto engineers—not from the Ads org—who've worked hard on developing/analyzing it…)

- [Edit: Added this point later.] You can see this Chrome blog post https://blog.google/products/chrome/privacy-sustainability-a... where they say "Overall, we felt that blocking third-party cookies outright without viable alternatives for the ecosystem was irresponsible, and even harmful, to the free and open web we all enjoy" — this is something Apple can afford to do because they make money from users using Apple products and iOS apps; they don't benefit from content existing on the web. (See below.)

A couple of other points:

- Google makes a significant chunk of its revenue from ads on its own sites (Google Search, YouTube, etc), where third-party cookies or FLOC are irrelevant. So all this is only about ads on other websites, where Google keeps a fraction of the advertiser money and the rest goes to the "publisher", i.e. the website (I've seen a number like 68% somewhere, not sure whether it applies to all websites). So if all users suddenly started blocking third-party cookies today, the (ad-carrying) websites will together lose more money than Google does, and (for many of them) a greater fraction of their revenue.

- Well targeted ads ("show my ads to people who are likely to buy my product") are worth a lot more (as in, advertisers pay more, as they can measure more conversions) than ads based on nothing more than, say, the content of the web page/site you're visiting (or even worse, completely generic ads: remember "punch the monkey"?). So if ads stopped being personalized, each website would have to carry even more ads to continue making the same amount of money. (Though frankly… there are some websites that seem to have hit physical limits by filling every inch of space with ads, those cannot possibly get worse I imagine.)

- Google stands to profit if there's more content on the web. If every ad-supported site chose to (shut down or) move its content to (say) apps instead, Apple would be ok. Google benefits from content staying on the web because those websites will carry Google (and other) ads, but also indirectly because the web itself becomes more useful and people will continue to use Google Search rather than expect content not to exist on the web (and ads on Search make even more money for Google than ads on other websites). In fact, one thing common to many of Google's products is that they increase the value of the web: Search makes the web more useful; Gmail was the start of web mail being a significant alternative to Outlook etc; similarly Maps; Chrome when it first appeared pioneered tab-isolation and seemed to cause fewer frustrations from browser crashes (remember the comic? https://www.google.com/googlebooks/chrome/); even the much-hated AMP was intended to fix the problem of websites being too slow on mobile (the popular consensus on HN seems to be that it made things worse).

So while it indeed seems true that Apple can afford to pursue the user-privacy angle in Safari harder than Chrome can (Apple doesn't have publishers and advertisers among its constituents), it's also arguable that Google's approach helps keep content on the web and is aligned with user interests that way. (Though personally as a user, I wonder: how many ad-supported websites are really useful to me anyway? I'd be fine and possibly happier if most of the ad-supported websites disappeared and only non-commercial content remained on the web… may not be true for many people though.)

----

Edit: Also, note that (as the article says) this delay is because the U.K.’s Competition and Markets Authority forced it. (Their page is here: https://www.gov.uk/government/news/cma-to-investigate-google... — my understanding is that they thought blocking third-party cookies would make it harder for other ad-tech companies.) Left to itself, Google would like to charge ahead with replacing third-party cookies with FLOC.

link