- Mar 29, 2018
A shocking new tracking admission from Google, one that hasn’t yet made headlines, should be a serious warning to Chrome’s 2.6 billion users. If you’re one of them, this nasty new surprise should be a genuine reason to quit.
Behind the slick marketing and feature updates, the reality is that Chrome is in a mess when it comes to privacy and security. It has fallen behind rivals in protecting users from tracking and data harvesting, its plan to ditch nasty third-party cookies has been awkwardly postponed, and the replacement technology it said would prevent users being profiled and tracked turns out to have just made everything worse.
“Ubiquitous surveillance... harms individuals and society,” Firefox developer Mozilla warns, and “Chrome is the only major browser that does not offer meaningful protection against cross-site tracking... and will continue to leave users unprotected.”
Google readily (and ironically) admits that such ubiquitous web tracking is out of hand and has resulted in “an erosion of trust... [where] 72% of people feel that almost all of what they do online is being tracked by advertisers, technology firms or others, and 81% say the potential risks from data collection outweigh the benefits.”
So, how can Google continue to openly admit that this tracking undermines user privacy, and yet enable such tracking by default on its flagship browser? The answer is simple—follow the money. Restricting tracking will materially reduce ad revenue from targeting users with sales pitches, political messages, and opinions. And right now, Google doesn’t have a Plan B—its grand idea for anonymized tracking is in disarray. “Research has shown that up to 52 companies can theoretically observe up to 91% of the average user’s web browsing history,” a senior Chrome engineer told a recent Internet Engineering Task Force call, “and 600 companies can observe at least 50%.”
Google’s Privacy Sandbox is supposed to fix this, to serve the needs of advertisers seeking to target users in a more “privacy preserving” way. But the issue is that even Google’s staggering level of control over the internet advertising ecosystem is not absolute. There is already a complex spider’s web of trackers and data brokers in place. And any new technology simply adds to that complexity and cannot exist in isolation.
It’s this unhappy situation that’s behind the failure of FLoC, Google’s self-heralded attempt to deploy anonymized tracking across the web. It turns out that building a wall around only half a chicken coop is not especially effective—especially when some of the foxes are already hanging around inside. Rather than target you as an individual, FLoC assigns you to a cohort of people with similar interests and behaviors, defined by the websites you all visit. So, you’re not 55-year-old Jane Doe, sales assistant, residing at 101 Acacia Avenue. Instead, you’re presented as a member of Cohort X, from which advertisers can infer what you’ll likely do and buy from common websites the group members visit. Google would inevitably control the entire process, and advertisers would inevitably pay to play.
FLoC came under immediate fire. The privacy lobby called out the risks that data brokers would simply add cohort IDs to other data collected on users—IP addresses or browser identities or any first-party web identifiers, giving them even more knowledge on individuals. There was also the risk that cohort IDs might betray sensitive information—politics, sexuality, health, finances, ... No, Google assured as it launched its controversial FLoC trial, telling me in April that “we strongly believe that FLoC is better for user privacy compared to the individual cross-site tracking that is prevalent today.” Not so, Google has suddenly now admitted, telling IETF that “today’s fingerprinting surface, even without FLoC, is easily enough to uniquely identify users,” but that “FLoC adds new fingerprinting surfaces.” Let me translate that—just as the privacy lobby had warned, FLoC makes things worse, not better.
Google ended the FLoC trial last month, saying that it needed a rethink before anything was put into production. “It's become clear,” the company said, “that more time is needed across the ecosystem to get this right.”
This moratorium included that reprieve for tracking cookies—it all goes hand in hand. Google “will continue to track and profile users via cookies until at least 2023,” rival Brave warned at the time, “but online privacy is a swelling wave. Google is already under water and appears to be in desperate need of major reforms well before 2023.”
Google’s delay was dressed up in the regulatory concerns that had also been triggered by FLoC, and whether this would lead to undue control for Google over the advertising ecosystem. But the reality for you as Chrome users is much more serious. With third-party trackers still in place, with FLoC’s failure, and with no definite plans for improved technology, there is no tangible end in sight to fingerprinting on Chrome.
"We are always exploring options for how to make the Privacy Sandbox proposals more private, while still supporting the free and open web,” Google told me, when I asked about the surprising IETF admission. “Nothing has been decided yet.”
But what has been decided is that third-party cookies are here to stay, at least for the next couple of years, probably longer if Google can’t find a way out. Google is “hiding and buying time to regroup,” Brave says, “to consolidate its control over web tracking.”
If you persist with Chrome, you can ensure you’re not secretly enrolled into the next FLoC-like trial by either manually selecting to block third-party cookies or by turning off the Privacy Sandbox trial features in your Chrome privacy settings. Google has said that it will introduce more transparency and controls in the future, but it hasn’t said it will actually ask users before enrolling them in any future trials, unlike with FLoC V1.
This isn’t as easy as just ditching Chrome of course, Google’s browser and its search engine are not the same thing. Google “has trackers installed on 75% of the top million websites,” several times as many as Facebook, which is the next worst. Similarly, just look at the recent reports suggesting Google will pay Apple some $15 billion this year to be the default search engine on its devices.
The issue with Chrome is that the browser and search engine and trackers all originate from the same source. If your browser is a privacy gamekeeper and those trackers are data poachers, then you probably don’t want them all sporting the same logos.
On FLoC and the Privacy Sandbox, Google says it’s exploring ideas for a watered-down solution. Users assigned to topics instead of cohorts, manual auditing of topics to mask sensitive areas, bogus topics to confuse profiles. “We think these mitigations could dramatically reduce the usefulness of FLoC for cross-site fingerprinting,” Google told IETF. But that’s a lot of whats, ifs and maybes, and “nothing has been decided yet.”
“The pragmatic view,” Cyjax CISO Ian Thornton-Trump told me, “is that FloC was yet another attempt to ‘target’ digital marketing within the Google browser system instead of a third-party cookie, to ensure ‘no escape’ from being ‘mostly if not completely’ tracked. As usual, any company that wants to ‘improve your privacy,’ but makes billions from digital media and needs your data to be effective, is deeply problematic.”
Chrome is one of Google’s primary platforms for user data profiling—although you can add Maps, Mail, Android, YouTube and its multiple other platforms, apps and services into the mix. And so, while the browser market is belatedly starting to put user privacy first, Google can only do so if it can find an alternative way to sell those ads.
“If you use Chrome, you give up your privacy,” my STC colleague Kate O’Flaherty warns this week. “There isn’t going to be something that’s privacy-preserving, but yet still services advertisers. They need to know stuff about you.” If you’re an Apple user, Safari is a much better option—preventing cross-site tracking by default, a more usable and extensive private browsing mode, a browser from a tech giant not an advertising giant. Apple’s Private Relay is also a huge step forwards for your privacy, breaking the identity chain between your device and the sites you visit. Albeit teething problems mean this will only be beta come iOS 15’s launch.
If you’re on a non-Apple platform, then Brave, Mozilla and DuckDuckGo all offer better, more private options. And while you can use Chrome in Incognito Mode, notwithstanding recent legal travails, you should be aware of its limitations. It is not a good alternative to a browser that’s more private by design. Chrome is an excellent browser—technically. But as with all platforms, apps and services, you always need to follow the money. Once you ask yourself is this a product I have paid for or am I the product, are others paying to access me, then you can start to make clearer choices. And only by making those choices with privacy in mind, do you send the message that your data is not fair game to be harvested at will.
There’s a perfect illustration of this when you contrast the privacy label for Chrome with other leading browsers on Apple’s App Store. Chrome is starkly out of step with the others, both for the data it collects and the fact it all links back to user identities.
“Regardless of FLoC, fingerprinting is real and we’re seeing it happen,” Google told IETF. “We’d like to stop this highly pervasive tracking of users across the web.” Excellent. Well, just stop it then. Follow Safari’s lead. Turn off tracking by default, reduce your data harvesting linked to user identities, and then if you find a genuinely privacy-preserving option, you can add that back in. But you won’t—there’s too much money involved, and so it’s down to users to make the decision instead.
Is it dramatic to suggest you ditch Chrome for an alternative? That depends on your perspective. The FLoC trial enrolled millions of you without asking you to opt-in or out into a secretive trial that Google now admits added additional fingerprinting surfaces. That means you were more easily identified and profiled. That’s not okay. Similarly, having promised to ditch tracking cookies, Google changed its mind—again, not okay.
Yes, Google needs to find a way to present your data to its paying customers—advertisers, if its surveillance business model is to survive. But you don’t.