[jauntywundrkind]

Google genuinely built an attempt to make the web tracking free. To everyone but browsers. It's a neat attempt & I pour out libations to the attempt.

If the commentariat hadn't been so persistently snipey about Google throughout (assuming only worst faiths), maybe the broader advertising industry might not have achieved the obstructionist regulatory capture that really slammed on the brakes for doing anything different and maybe perhaps possibly better.

Instead we all get tracked forever.

[3-cheese-sundae]

Can you help me understand how Privacy Sandbox was going to make the web tracking-free?

[jsnell]

Sure. First, what is tracking? The definition of tracking in this case would be something along the lines of being able to correlate two un-authenticated requests to different domains as coming from the user.

It was going to remove or restrict features in the web platform that can be used for both tracking and for important non-tracking tasks, and replace them with features that can't be used for tracking but can be used for achieving those tasks. In some cases it meant making sure that data that could be used for tracking was never received ambiently, but had to be requested explicitly. That's why we have the new mess with User-Agent.

You could not just remove the tracking vectors entirely with no replacement, because then you'd be breaking critical workflows that are actually needed for practical operation of websites. That is why Apple for example included a remote attestement mechanism in Safari when adding features to mask IP addresss. (Though they only permit a few of their favored partners to use that attestment mechanism, and these days are being very quiet about it hoping that nobody remembers they did this.)

So, you want to remove the possiblity of using the web API to do tracking? How do you prevent that? The Privacy Sandbox solution was to give each domain a budget of how much entropy they could extract (this is why e.g. moving from the User-Agent header including data by default to the site having to request it was supposed to make sense). In some cases they were going to remove the feature entirely, but instead have the browser achieve the same effect, and provide a verdict or attestation with so little entropy or so little consistency that it could not be used as an effective tracking vector.

It was a doomed program, but they did have good intents, and never deserved the abuse that was heaped upon them. And I will be dancing a little happy jig on the grave of their "IP protection" feature.

[BizarroLand]

Google also shot itself in the foot with manifest v3 killing ublock origin. I almost liked Chrome for a while until they got rid of the only thing that made it usable for me.

I don't care if Google was trying to do something good. Good things accomplished through evil means are evil.

After all, it isn't as if Google isn't already tracking us itself, selling the data it has gleaned from us to advertisers, and then helping the advertisers specifically target us based on its insane amount of data on each of us.

So whinging about how one thing that might have been a little better died due to their evil overlords's middle managers mismanaging it is a waste of energy.

[Scoundreller]

> Google also shot itself in the foot with manifest v3 killing ublock origin.

Yeah, I’m migrating away from Chrome over that.