[esteth]

Can anyone explain to me why this is worse than third-party cookies?

*If* this lets chrome remove third-party cookies, doesn't it effectively increase your privacy by putting that tracking data on the user's machine instead of having random third-parties involved in every page load to harvest that tracking info?

I understand that you can currently turn off third-party cookies, but a bunch of the internet breaks if you do that. If chrome is able to turn off third-party cookies for a large swathe of people, I expect that most sites will be forced to make themselves work without third-party cookies.

I don't know a huge amount about it, but naively I'd rather have my machine present this kind of data than have a network of unknown third-parties collaborate by sharing bits about me to build a profile.

[latexr]

> I'd rather have my machine present this kind of data than have a network of unknown third-parties collaborate by sharing bits about me to build a profile.

That’s a bit like saying you’d rather have cameras inside your house streaming your every move than have paparazzi at your door.

In the current model, the third parties have to fight and spend resources to get an imperfect profile of you, while you can make their life harder every step of the way. But your browser has access to information those third-parties could never have; it can make a profile from real data without you having the chance to block it.

Both are bad for privacy, but the new method is way worse and has the potential to become even more invasive. What if Chrome decides to share your bookmarks? Or settings from your extensions? Or specific pages you visit, including private GitHub repositories for your company? Or full URLs with sensitive keys in them?

[esteth]

I don't think it's fair to compare what might happen in the future.

In my mind the metaphor is more like "instead of having paparazzi at your door following around, you show everyone a card saying that you like dogs and video games and the steelers, and you tend to shop at big box stores out of town".

I'd rather know exactly what I'm presenting, which is possible in this model, than have the paparazzi all over me figuring most of it out imperfectly anyway.

[lemper]

> I'd rather know exactly what I'm presenting,

well, do you trust this company to only give those advertisers what you think you're presenting?

[dspillett]

> Can anyone explain to me why this is worse than third-party cookies?

How about thinking the other way around:

Can you, or anyone else for that matter, explain to me why this is better than commercial interests not following us around at all?

> turn off third-party cookies, but a bunch of the internet breaks if you do that

Most of what breaks is just tracking for ad serving purposes. I'm fine with that breaking.

Some authentication services have trouble, but there are other ways of implementing that, so they could be fixed without needing to keep 3rd party cookies enabled.

> I expect that most sites will be forced to make themselves work without third-party cookies

As they should, if competently designed.

> … but naively I'd rather …

Call me dogmatic, but I'd rather not be followed around at all, even as a group. I don't trust that the data cannot be de-anonymised in any way, and I don't trust a company that would gain from that to do its best to make sure it can't happen.

[esteth]

I totally appreciate the desire not to want an advertising profile build for you at all! I think that in practice, interest-based-advertising is going to happen, and I think if chrome can provide a way for it to be done without involving so many sketchy third-parties then I'm for that.

I don't know a huge amount about the wider ecosystem here, but I can imagine that if chrome were to disable third-party cookies without providing an alternative, then advertisers will go to fairly great lengths to fingerprint you to build a profile.

Right now my guess is that Firefox users benefit from the fact that it's probably not worth investing all that much in alternative tracking techniques since you capture the vast majority of people with techniques which work in chromium browsers.

Again, I really don't know that much about all this, but my feeling is that this is moving in the right direction, even if it's not the solution I'd ultimately prefer as an individual user.

[kjkjadksj]

I think a big flaw of interest based ads is that my interests rarely line up with what I am in the market for. Say I am interested in some hobby. I probably have all my gear already, and if I buy new gear it means doing enough research to breach through the fog of marketing to see it for what it is. I might spend all my days reading about hobby x online, when I really ought to be advertised the differences of some other products y and z that I actually will buy, which I only see when I visit a physical store and see them together on a shelf.

[josho]

What is lost in this discussion is that now my browser, software on my machine, using my resources is the agent that is acting against my own interests.

[tantalor]

Your browser has been serving ad banners since 1994, nothing new here.

[dspillett]

The simple display of a sponsored banner and the systematic tracking of people throughout their online activities are not the same thing.

[tantalor]

> not the same thing

Never said they were, only that they both using your browser & resources "against your own interests", and this is not a good argument against tracking.

[jpadkins]

> Can you, or anyone else for that matter, explain to me why this is better than commercial interests not following us around at all?

Because people prefer free, ad supported content on the internet.

Once you accept that premise, then it's a matter of balancing privacy, volume of ads, and payments to creators (ad tech companies are going to get theirs). Do you think the majority of people would prefer fewer, better targeted / higher yielding ads as long as it is tracking them anonymously? Or more ads, with worse targeting? Or neither and less payments to creators?

[Ajedi32]

I can see both sides of this. There's the side of me that looks at advertising and sees it as a necessary annoyance. It's the primary funding source for the open web today, and thus far that model has been very successful. Advertising has enabled the development of well polished, incredibly useful software like YouTube, Google Maps, search engines, etc without requiring users to directly pay a single cent for those services.

Then there's the Stallmanesqe, crypto-anarchist side of me that says it's my machine and it shouldn't do anything that doesn't directly benefit me. Tracking and ads don't directly benefit me, so my machine shouldn't cooperate in running them and if your business can't survive under those conditions then it doesn't deserve to.

I'm not 100% on how to resolve that tension, but I can't really fault Google for the way they're handling it. (As an optional, yet on-by-default feature that cooperates in serving relevant ads in a way that's more private than cookies but less private than just blocking everything.)

[edoceo]

There is no paid-internet without ads -- so it's not that people prefer free we don't really have a group to test against. Maybe it's like the choice between water and no-water -- results show that humans like water.

But choices like: free water with punch-in-the-face VS paid water without punching would be better indicators of choice.

When there are few/no options then choice is an illusion.

[dspillett]

> Because people prefer free, ad supported content on the internet.

I have no objection to adverts based on what I am looking at at the time, or more random blanket advertising⁰, as long as they are not too obtrusive or intrusive: flashing ads, auto-playing audio, and so forth, are out.

Unfortunately modern ad tech is apparently inseparable from following us around our online existence logging everything we do, which is on the list of things I consider to be too intrusive.

> as long as it is tracking them anonymously

Yes. But call me a cynic if you will: I don't trust that the proposed system is as guaranteed to be anonymous as is claimed (or at least implied).

> payments to creators?

Remuneration for creators is why I don't use sponsorblock and such. Sponsor segments aid the creators without having to track me wherever I go online.

--

[0] though I am getting tired of seeing adverts for Temu everywhere, anything broadcast en-mass to the point of annoyance¹ well never result in me buying a product or using a service

[1] I could name several others, Temu is just the most recent example

[raxxorraxor]

If there was only a single choice for advertisers to place a completely static banner on the page, they would still be happy. As long as no other advertiser had more capabilities.

Restrict them all and the money would still flow as the ads would increase sales just as much.

[imiric]

It boils down to greed. Targeted ads are proven to have larger profits, which increases the more precise the targeting is.

No advertiser wants to go back to dumb ad campaigns like they used to run on traditional media, simply because they're far less profitable.

Which is why they're concerned about the restricted and more general profiles the Topics API will give them. They want even more granular topics[1], and Google can do this at any point once the controversy has died down, and this feature gains traction.

Make no mistake that if this turns out to be less profitable, many advertisers will still resort to cookie tracking, fingerprinting, and any other shady mechanism, as long as the browser and lack of regulation allow them to do so.

[1]: https://searchengineland.com/googles-topics-api-advertisers-...

[vxNsr]

> Some authentication services have trouble, but there are other ways of implementing that, so they could be fixed without needing to keep 3rd party cookies enabled.

not to mention that if the goal is to remove 3PC, this new ad tracking doesn't solve the auth problem at all.

[madeofpalk]

Other browsers have shown this is a false dichotomy. You can disable third party cookies + surveillance AND not have this data still harvested by your browser.

Is this better than third-party cookies? Yes, probably. Does Firefox and Safari go better without surveilling your browsing history to serve you ads? Also yes!

[exitheone]

Not saying that you are wrong, just mentioning that Safari has the attribution API, which serves a similar goal:

https://searchads.apple.com/help/reporting/0028-apple-ads-at...

[Someone]

This means that your browser starts spying on you, whereas currently, ‘only’ sites do.

If you use Chrome, it will use information about all pages you visit, even ones without tracking cookies to categorize you for advertisers.

Google says that will happen locally, but even if you trust them, I don’t think that makes much of a difference. You could even see it as “now I pay the bill for getting myself categorized for Google’s ad business”.

Soon, Chrome also will start blocking third-party cookies to protect you from evil Meta and its ilk (all because Google wants to protect you from them, not because Meta competes with Google in the advertising space, of course)

So, as before, Google won’t be able to see what users do inside Meta’s apps (Facebook, WhatsApp, etc.), but now Meta won’t be able to see what Chrome users do outside them.

> but naively I'd rather have my machine present this kind of data

It won’t all stay on your machine; a summary of it will be sent to Google so that they can sell targeted ads to advertisers.

I expect they’ll have quite a few different tags, including age, gender, and location, and shopping preferences.

[Phemist]

Remember when the :visited modifier on an <a> tag was a thing?

https://developer.mozilla.org/en-US/docs/Web/CSS/:visited

And third-party tracking websites would load their websites up with a bunch of hidden anchors and then through JS read the visited state of these websites to get an accurate fix on a person's identity, or at least of their (relevant) browser history?

And how this modifier was removed ASAP once people realised its abuse potential?

Basically Google thought this was a good idea after all, and is bringing a "coarse-grained" version of it back.

[ShowalkKama]

>but a bunch of the internet breaks if you do that.

not really, no. From my experience most stuff works fine (the thing that breaks websites the most is webgl and even then, only the few websites that really need it use it)

[dbbk]

You would be surprised at what breaks. It also prevents local storage (not just cookies) from working at all when inside an iframe. That took me a long time at work to debug.

https://stackoverflow.com/questions/67645164/cross-domain-lo...

[sneak]

More importantly, instead of silently failing like localStorage should, the attribute on the window object is missing, causing page scripts that don't catch the exception (ie all of them) to crash and usually break the page.

I'm pretty sure Google is making disabling cookies as painful and breakage-inducing as possible to make sure people don't flip the switch.

[cm277]

It's MUCH worse, because if this catches on in any significant way, it makes Google the main (eventually only?) provider of demographic data for audiences/tracking. Google already owns the browser market and almost owns the advertising market, but if you want to try to play outside with your own SEO/direct marketing strategy you may be able to make it work. But in a world where cookies/independent tracking is dead and the only provider is Google? you'll have to go through AdSense.

Google needs to be broken up and ground to dust --well, judiciously regulated by a democratically-elected legislature, but in the absence of that, I would take anything. I can't believe this is the "Don't do evil" company.

[jsnell]

But the only provider isn't "Google". The browser will provide this data equally to any site asking for it, i.e. all the ad networks that the site is using. Not just to Google.

If anything, it is leveling the playing field. All ad networks will get the same interest data, rather than the ones with a higher reach 3rd party cookie having more information.

[datavirtue]

Wow, you are spinning this as a universal good? "Leveling the playing field." Ridiculous. Nothing to see here folks, move on, Google is protecting you.

[jsnell]

No, "universal good" is something you made up.

I'm saying that the specific complaint you had was obviously false.

[toddmorey]

This is a really good point. And I think the specific lists of interests will basically be used as a fingerprint.

[denton-scratch]

> but a bunch of the internet breaks if you do that.

I hadn't noticed, although I've heard this many times. I mean, I notice some broken pages, but nothing so important that I'd bother working out what's wrong with them.

If it's really that the site is checking that the 3d-party cookie they set really got set, and failing to load otherwise, that's an abusive site that I don't want to use anyway.

[jorams]

There are a few (not that many) things that break on the internet if you turn off third-party cookies, but "I'm no longer being tracked without consent" is not one of them. It's one of the big reasons to get rid of third-party cookies, not an unfortunate side-effect.

[HeckFeck]

The third party tracking was dependent on someone else's processing power and system, this is sinisterly making the user's own software work against his best interest and instead work for a morbid advertiser's interest. Since it is all done in the browser and locally using much more of my data, that data being even more 'relevant' to advertisers, with its results presented as an API to every bloody page I visit, this will only make the tracking problem worse.

A related reason is my bookmarks are very much a private affair and this method feels much more intrusive. I dread to think of the security implications.

The only upside is that third party cookies will be less of a problem in other browsers, if this new API kills them.

[indymike]

> I don't know a huge amount about it, but naively I'd rather have my machine present this kind of data than have a network of unknown third-parties collaborate by sharing bits about me to build a profile.

I don't want either.

[paholg]

I've had third party cookies disabled for years. I can't remember the last time a website broke as a result.

[dbbk]

You're correct, it is objectively better than third-party cookies.