A shocking new follow-up admission from Google, which has yet to make the headlines, should be a serious warning to Chrome’s 2.6 billion users. If you’re one of them, this nasty new surprise should be a real reason to stop.
Behind the marketing and feature updates, the reality is that Chrome is in deep trouble when it comes to privacy and security. He has lagging behind rivals by protecting users from tracking and data collection, its plan to ditch nasty third-party cookies was awkwardly postponed, and replacement technology that he says would prevent profiling and user tracking turns out to have made matters worse.
“Pervasive surveillance … harms individuals and society,” warns Firefox developer Mozilla, and “Chrome is the only major browser that doesn’t offer meaningful protection against cross-site tracking … and will continue to leave unprotected users. ”
Google readily (and ironically) admits that such ubiquitous web tracking is out of control and has resulted in “an erosion of trust … [where] 72% of people think almost everything they do online is tracked by advertisers, tech companies, or others, and 81% say the potential risks of collecting data outweigh the benefits.
So how can Google continue to openly admit that this tracking infringes on user privacy, while still allowing such tracking by default on its flagship browser? The answer is simple: follow the money. Restricting tracking will drastically reduce ad revenue from targeting users with sales pitches, political messages, and opinions. And right now, Google doesn’t have a Plan B – its big idea of anonymized tracking is in disarray.
“Research has shown that up to 52 companies can theoretically observe up to 91% of the average user’s web browsing history,” a senior Chrome engineer said on a recent call from Internet Engineering. Task Force, “and 600 companies can observe at least 50%.
Google’s Privacy Sandbox is supposed to solve this problem, to meet the needs of advertisers looking to target users in a more “privacy-friendly” way. But the problem is, even Google’s staggering level of control over the internet advertising ecosystem is not absolute. There is already a complex spider web of trackers and data brokers. And any new technology only adds to this complexity and cannot exist in isolation.
It was this unfortunate situation that led to the failure of FLoC, Google’s self-advertised attempt to deploy anonymous tracking on the web. It turns out that building a wall around just half a chicken isn’t particularly effective, especially when some foxes are already hanging out inside.
Rather than targeting you as an individual, FLoC assigns you to a cohort of people with similar interests and behaviors defined by the websites you all visit. So, you are not Jane Doe, 55, a sales assistant, residing at 101 Acacia Avenue. Instead, you’re presented as a member of Cohort X, from which advertisers can infer what you’re likely to do and buy on common websites that group members visit. Google would inevitably control the whole process, and advertisers would inevitably pay to play.
FLoC was immediately under fire. The privacy hall pointed out the risks that data brokers would simply add cohort identifiers to other data collected about users – IP addresses or browser identities or any first-party web identifier, giving them even more knowledge about individuals. There was also the risk that the cohort identifiers betrayed sensitive information – politics, sexuality, health, finances, …
No, Google assured at the launch of its controversial FLoC trial, telling me in April that “we strongly believe that FLoC is better for user privacy than the individual cross-site tracking that prevails today.”
This is not the case, Google suddenly admitted. telling the IETF that “today’s fingerprint surface, even without FLoC, is easy enough to uniquely identify users,” but that “FLoC adds New fingerprint surfaces. Let me translate this – just as the privacy lobby warned, FLoC does it right worse, not better.
Google ended the FLoC trial last month, saying it needed to be redesigned before anything went into production. “It has become clear,” the company said, “that it takes more time in the ecosystem to get it right.”
This moratorium included this reprieve for tracking cookies – everything goes hand in hand. Google “will continue to track and profile users through cookies until at least 2023,” warned rival Brave at the time, “but online privacy is a growing wave. Google is already under water and seems to be in desperate need of major reforms well before 2023. “
from google delay was dressed in the regulatory concerns that had also been triggered by FLoC, and whether that would lead to undue control for Google over the advertising ecosystem. But the reality for you as Chrome users is much more serious. With third-party trackers still in place, with FLoC’s failure and no clear plan to improve the technology, there’s no tangible end in sight for fingerprints on Chrome.
“We are always exploring options to make the Privacy Sandbox proposals more private, while supporting the free and open web,” Google told me, when I asked about the IETF’s surprising admission. “Nothing has been decided yet.”
But what To has been decided is that third-party cookies are here to stay, at least for the next two years, possibly longer if Google can’t find a way out. Google is “hiding and buying time to regroup,” says Brave, “to consolidate its control over web tracking.”
It’s not as easy as giving up Chrome of course, Google’s browser and its search engine are not the same thing. Google “has trackers installed on 75% of the top 1 million websites”, Several times more than Facebook, which is the next worst. Likewise, one need only look at recent reports suggesting that Google will pay Apple some $ 15 billion this year to be the default search engine on its devices.
The problem with Chrome is that the browser, search engine, and trackers all come from the same source. If your browser is a privacy keeper and these trackers are data poachers, you probably don’t want them all sporting the same logos.
On FLoC and Privacy Sandbox, Google says it’s exploring ideas for a watered-down solution. Users assigned to subjects instead of cohorts, manual audit of subjects to hide sensitive areas, false subjects to confuse profiles. “We believe these mitigation measures could significantly reduce the usefulness of FLoC for cross-site fingerprints,” Google told the IETF. But it’s a lot of what, ifs and maybe, and “nothing has been decided yet”.
“The pragmatic point of view,” Cyjax CISO Ian Thornton-Trump told me, “is that FloC was yet another attempt to“ target ”digital marketing within the Google browser system instead of a third-party cookie, to ensure “no loopholes” to be “mostly if not completely” tracked. As usual, any business that wants to “improve your privacy,” but makes billions from digital media and needs your data to be effective, is deeply problematic. ”
Chrome is one of Google’s primary platforms for profiling user data, although you can add Maps, Mail, Android, YouTube and its multiple other platforms, apps, and services. And so, as the browser market is late starting to prioritize user privacy, Google can only do so if it can find another way to sell these ads.
“If you use Chrome, you are giving up your privacy,” my STC colleague Kate O’Flaherty warns this week. “There won’t be something that preserves privacy, but nonetheless continues to serve advertisers. They need to know things about you.
If you’re an Apple user, Safari is a much better option – preventing cross-site tracking by default, a more usable and extensive private browsing mode, a browser from a tech giant, not a tech giant. The advertisement. Apple’s private relay is also a big step forward for your privacy, breaking the chain of identity between your device and the sites you visit. Although boot issues mean it will only be a beta after iOS 15 launches.
If you’re using a non-Apple platform, Brave, Mozilla, and DuckDuckGo all offer better, more private options. And although you can use Chrome in incognito mode, despite recent legal work, you should be aware of its limitations. He is not a good alternative to a browser which is more private by design.
Chromium is an excellent browser—technically. But as with all platforms, apps, and services, you still need to follow the money. Once you ask yourself is this a product that I paid for or am I I the product, do others pay to access me, then you can start making clearer choices. And it is only by making these choices with privacy in mind that you send the message that your data is not a fair game to be harvested at will.
There’s a perfect illustration of this when you compare the privacy label for Chrome with other top browsers on the Apple App Store. Chrome is clearly out of step with the rest, both for the data it collects and the fact that it all points to user identities.
“Regardless of FLoC, fingerprints are real and we see it happening,” Google told the IETF. “We would like to stop this very widespread user tracking on the web. “Excellent. Well, stop it then. Follow the example of Safari. Turn off default tracking, reduce your data collection related to user identities, and then if you find a truly privacy-friendly option, you can add it again. users to make the decision instead.
Is it dramatic to suggest that you ditch Chrome for an alternative? It depends on your point of view. The original FLoC trial enrolled millions of you without accepting or declining in a secret trial that Google now admits to having added additional fingerprint surfaces. This means that you have been more easily identified and profiled. It’s not good. Likewise, after promising to ditch tracking cookies, Google changed its mind – again, disagree.
Yes, Google must find a way to present your data to his paying customers – advertisers, if its surveillance business model is to survive. But you don’t.