Google's 'Ask me anything' on Privacy Sandbox was more about questions than answers

FLoC is not for our benefit, says Chocolate Factory, it's for everyone else


Google conducted an "Ask me anything" panel on its controversial Privacy Sandbox proposals at its online I/O event.

The company talked a lot about privacy at I/O and keynote attendees heard the phrase "private by design" repeated many times; a claim that merits scepticism bearing in mind the extraordinary amount of data collected by the tech giant and its insistence that it cannot get by without it. Google has one giant privacy policy to cover all its services and it is not negotiable: users are asked to agree, or not use the services.

That said, there is pressure to improve user privacy from several sources – some regulatory, some from competitors who use improved privacy as a selling point, and some from users who prefer not to be tracked and profiled by multiple companies as a result of their internet activity.

Big changes are on the way, not least the plan to phase out third-party cookies, widely used by advertisers for ad personalisation and measurement. Google has come up with a bunch of proposals collectively called Privacy Sandbox which aim to reshape the ways in which personal data is shared between websites.

It has also encountered resistance to many of the proposals, partly because of questions over whether specific proposals are desirable or harmful, and partly because of the suspicion that the company will protect its own interests ahead of those of other companies or users. Google is dominant in a number of areas, including search, the Chrome browser, maps, and the Android mobile operating system, which means it collects a ton of data as a first party in ways that others cannot match.

Certain Privacy Sandbox proposals are especially controversial. First-party sets let multiple domains declare themselves as one domain for the purpose of privacy controls, such as youtube.com, google.com, and google.co.uk. The W3C Technical Architecture Group declared the proposal to be "harmful to the web in its current form."

Another hot topic is FLoC (Federated Learning of Cohorts), which groups users for targeted advertising on the basis of shared interests. This has been opposed by many groups including the Electronic Frontier Foundation, other browser vendors like Brave and Vivaldi, and by the developers of popular content management systems like WordPress and Drupal.

Another FLoC sceptic appears to be Apple, whose WebKit Privacy and Security engineer John Wilander said on GitHub that FLoC cohorts could create cross-site tracking IDs over time, and more recently that FloC could be used in user-harming ways such as higher prices for those more likely to pay, and "targeted malvertising".

In an I/O session, Chrome developer relations lead Rowan Merewood chaired a panel with Michael Kleber, tech lead for Privacy Sandbox, accompanied by Kaustbha Govind, tech lead for cookie-related proposals, and Barb Smith, who works on global partnerships. Merewood opened by warning that not all questions would be answered. "We are an implementation-focused team, if you've got questions on the 'how' of Privacy Sandbox we can cover those," he said.

Kleber said Privacy Sandbox is all about "partitioned identity," adding: "We're trying to transition to a web in which the site you are visiting might have its own personal notion of some information about you like what you've done while visiting that site in the past but there's not a way to take one site's notion of what it knows about you and another site's notion of what that site knows about you and join them together."

Then came the question: "What if other browsers wouldn't support these functionalities (like Brave and Vivaldi wouldn't support FLoC)?"

"All of the functionalities that we are talking about as part of the Privacy Sandbox are going through an extensive discussion and evaluation process mostly in the W3C," said Kleber. "Everything that we do is something that we want wide cross-browser support for eventually."

Govind added: "Sincerely all us do want to move towards a web, keep the web as interoperable... we're all having spirited discussions in the W3C but our hope is that we eventually converge."

Google's Rowan Merewood, Barb Smith, Michael Kleber and Kaustbha Govind field an awkward question about web standards

Google's Rowan Merewood, Barb Smith, Michael Kleber and Kaustbha Govind field an awkward question about web standards

The question not answered here is the extent to which Google is willing to modify or even withdraw specific proposals, and whether it might go it alone with Chrome-specific features, bolstered by its large market share.

Another FLoC question asked was: "Are there plans to inform users about what's happening behind the scenes with these new proposals? For example, which traits their cohort might represent?"

"FLoC is about... ways to do ad targeting when third-party cookies and the profiles built based on them are not available any more," said Kleber. "FLoC is in Origin Trial and we're just in the early stages of things, and everything about how FLoC works is still very much subject to change... so yes, it definitely will be possible, there will be information available in the browser or in some other way to understand... what information we're holding onto about you, and information on how ads are able to be targeted in this new post-third party cookie future but we don't have that ready yet because we don't even know what the answers are."

Another non-answer, but one that illustrates how Google veers from sometimes implying that its Privacy Sandbox plans are well advanced, which is why it is hyping the topic at I/O, but at other times deflecting criticism by saying that is early days and subject to change.

The GitHub discussions on Privacy Sandbox are worth close reading for what they reveal about Google's pitch. Kleber made the claim that technology like FLoC is mainly for the benefit of other companies. He said "Chrome believes that preserving the open web has substantial benefits" and takes the view that targeted advertising is essential to its business model.

Answering a user who advocated a web without personalised advertising, he said: "Google makes most of its money from the ads that appear on Google Search. Those ads are based on what people just searched for. So while most of the sites in the world would lose 50-70 per cent of their revenue in the alternative you're advocating for, Google is not one of them." ®

Similar topics

Broader topics


Other stories you might like

  • DuckDuckGo tries to explain why its browsers won't block some Microsoft web trackers
    Meanwhile, Tails 5.0 users told to stop what they're doing over Firefox flaw

    DuckDuckGo promises privacy to users of its Android, iOS browsers, and macOS browsers – yet it allows certain data to flow from third-party websites to Microsoft-owned services.

    Security researcher Zach Edwards recently conducted an audit of DuckDuckGo's mobile browsers and found that, contrary to expectations, they do not block Meta's Workplace domain, for example, from sending information to Microsoft's Bing and LinkedIn domains.

    Specifically, DuckDuckGo's software didn't stop Microsoft's trackers on the Workplace page from blabbing information about the user to Bing and LinkedIn for tailored advertising purposes. Other trackers, such as Google's, are blocked.

    Continue reading
  • Despite 'key' partnership with AWS, Meta taps up Microsoft Azure for AI work
    Someone got Zuck'd

    Meta’s AI business unit set up shop in Microsoft Azure this week and announced a strategic partnership it says will advance PyTorch development on the public cloud.

    The deal [PDF] will see Mark Zuckerberg’s umbrella company deploy machine-learning workloads on thousands of Nvidia GPUs running in Azure. While a win for Microsoft, the partnership calls in to question just how strong Meta’s commitment to Amazon Web Services (AWS) really is.

    Back in those long-gone days of December, Meta named AWS as its “key long-term strategic cloud provider." As part of that, Meta promised that if it bought any companies that used AWS, it would continue to support their use of Amazon's cloud, rather than force them off into its own private datacenters. The pact also included a vow to expand Meta’s consumption of Amazon’s cloud-based compute, storage, database, and security services.

    Continue reading
  • Atos pushes out HPC cloud services based on Nimbix tech
    Moore's Law got you down? Throw everything at the problem! Quantum, AI, cloud...

    IT services biz Atos has introduced a suite of cloud-based high-performance computing (HPC) services, based around technology gained from its purchase of cloud provider Nimbix last year.

    The Nimbix Supercomputing Suite is described by Atos as a set of flexible and secure HPC solutions available as a service. It includes access to HPC, AI, and quantum computing resources, according to the services company.

    In addition to the existing Nimbix HPC products, the updated portfolio includes a new federated supercomputing-as-a-service platform and a dedicated bare-metal service based on Atos BullSequana supercomputer hardware.

    Continue reading

Biting the hand that feeds IT © 1998–2022