On Thursday, Google reminded everyone who might have forgotten that "privacy is paramount to us" and announced an initiative called "Privacy Sandbox" that proposes paving over a few privacy pitfalls without suffocating its ad business.
It takes a certain chutzpah for a company with such a lengthy history of privacy scandals to insist that privacy is "paramount" – more important to the company than anything else. Note that the company's avowed mission is "to organize the world's information and make it universally accessible and useful." Surveillance capitalism depends on the absence of privacy.
Things have changed since then, at least outside Google. Europe's GDPR now has to be taken seriously. US regulators, after years of inconsequential wrist-slaps and petty-change fines, are scrutinizing the company's business practices more closely.
Google, like the other major online ad company Facebook, still wants to identify people online for targeted ad delivery. But its current leadership, having seen Facebook raked over the coals for the Cambridge Analytica data spill, now understands it has to moderate the data hunger exhibited by its developers, marketers and partners.
Time for a change
In early 2018, Google launched Project Strobe, "a root-and-branch review of third-party developer access to Google account and Android device data and of our philosophy around apps’ data access."
The first casualty of this privacy and security audit was the shutdown of Google+ because the company gave developers access to the data of 500m Google+ profiles and only later recognized the privacy implications. If anyone had actually been using Google+, it could have been a real scandal.
The APIs for Gmail, Drive and Chrome extensions have come under scrutiny too, resulting in additional restrictions to limit how developers can access and use customer data.
Google's Privacy Sandbox consists of a related series of proposals, teased at Google I/O, to address web privacy and security concerns related to HTTP cookies and their role in online tracking.
The proposals cover: privacy-preserving ad conversion measurement; tokens for preventing fraud without personalized tracking; limiting browser fingerprinting; interest-based advertising based on group rather than individual behavior; and an identity model for the web that works without cross-site tracking.
"Some ideas include new approaches to ensure that ads continue to be relevant for users, but user data shared with websites and advertisers would be minimized by anonymously aggregating user information, and keeping much more user information on-device only," explained Justin Schuh, director of Chrome engineering, in a blog post. "Our goal is to create a set of standards that is more consistent with users' expectations of privacy."
Google's goal is also to keep the web safe for advertising. As Schuh put it, "We want to find a solution that both really protects user privacy and also helps content remain freely accessible on the web."
Master and servant
Therein lies the problem: Google wants to serve two masters, the user and the advertiser. It wants a world where privacy means something other than its dictionary definition: "the state or condition of being free from being observed or disturbed by other people." It wants a world where privacy applies to everything outside the data points enumerated in its data use policy.
One aspect of its plan is to redefine first-party and third-party, concepts that remain critical to the browser security model. When an internet user visits, say example.com, that site is considered a first-party site and can set a first-party cookie. If example.com's webpage code includes a Facebook Like button, Facebook could set a third-party cookie, which might be blocked or removed more readily than a first-party cookie.
Google's identity proposal, "A Potential Privacy Model for the Web," calls for redefining first-party status so third-parties can be treated as first-parties. With Apple and Mozilla now blocking third-party cookies by default, Google's proposal looks like an attempt to throw a lifeline to the third-parties thrown overboard by rival browser makers.
Critics were quick to kick Google's Privacy Sandbox to the curb, suggesting its proposals represent an attempt to redirect the technical momentum that has been moving the web toward meaningful online tracking protection.
The industry isn't impressed
"There's a giant elephant in the room you're not acknowledging," said Ben Adida, executive director of Voting Works, via Twitter. "Every other browser vendor is working on hard cookie blocking. You've got a conflict of interest about doing that very thing, and you don't even mention it."
Adida goes on to ridicule the conceit of privacy-preserving advertising. "We're going to be in an everlasting fight between privacy and targeted advertising," he said. "If you want to find a magical win-win, you're gonna have to kill, or at least greatly hamper, the golden goose first."
Plot twist: Google's not spying on King's Cross with facial recognition tech, but its landlord isREAD MORE
Aram Zucker-Scharff, ad engineering director for the research, experimentation and development team at The Washington Post, via Twitter said, "The problem, according to Google, is that users want privacy but 'publishers' economic viability' (how they make money) is dependent on tracking users in a way that is similar to assigning them a web-wide global identity."
He said he's not convinced that cross-site tracking has to be saved, pointing to The Washington Post's plan to develop an ad targeting system that doesn't depend on third-party tracking.
Brendan Eich, CEO of Brave, a Chromium-based Chrome competitor, via Twitter said, "In conjunction with obstruction of privacy work at W3C, this looks like weak sauce in a misleading 'privacy matters' bottle, from a conflicted superpower that dominates the W3C."
Eich added, ""Speaking for Brave, you cannot serve two masters. There is no 'halfway tracked' position on the dial…" ®