There is a lot of misinformation being shared in this thread.
A good excerpt from Steve Gibson covering Topics on SecurityNow #935
What I do know, though, is that user profiling via tracking represents the height of privacy intrusion. As far as I know, an immutable record of every website I have ever visited is squirreled away in multiple massive hidden and inaccessible-to-me profiling databases. And I have zero control over that. That’s the world we’re in today. But if Topics succeeds, and Google would appear to be in the position to singlehandedly deliver its success, it is a far less intrusive profiling technology. And in addition to being a much weaker information gatherer, Google has chosen to provide its users complete control over the Topics their browser presents to the world, including turning it off altogether for full anonymity. I’ll explain that further in a minute.
So if only on that basis, Topics at least represents a huge step in the right direction. Yes, by default some interest profiling remains. But the means of obtaining those significantly weakened profiles is no longer tracking. And users have complete visibility into their online profile and are able to curate, edit, and even delete any of it or all of it as they choose. So it’s a compromise. But there are many websites begging for our support. My feeling is, if voluntarily letting them know something about who we are allows them to generate, as they claim, significantly more revenue from our visit, is that too high a price to pay? Again, it’s an individual decision. But now, in a world with Topics, at least, it’s one we’re able to make.
…
Okay. So here’s how Topics works. The essence of Topics are individual topic tokens - zero, one, or many - which are assigned to individual websites. For example, my GRC.com site might be associated with Computers and Electronics/Network Security, and Computers and Electronics/Programming, and Networking/Internet Security. So when someone visited GRC.com, their own web browser would record their interest in the topics associated with GRC.com, those topics, those three. But their visit to GRC.com itself would never be recorded other than in their regular local browser history as is always done. The only thing retained by the browser to indicate their interest in those topics would be those three numbered parameters.
For example, in Google’s current 349-topic list, which they refer to as a “taxonomy,” there’s “Arts and Entertainment” as a general topic if nothing more specific is available. But then there’s “Arts and Entertainment,” and then under that “Acting and Theater,” and “Comics,” “Concerts and Music Festivals,” “Dance,” “Entertainment Industry,” “Humor.” And under “Humor” is the subtopic “Live Comedy.” And it goes on like that with “Arts and Entertainment” having a total of 56 token entries before we switch to “Autos and Vehicles,” which has 29 subcategories, which brings us to “Beauty and Fitness” and so on. You get the idea.
So here’s how Google’s specification explains this. They said: “The topics are selected from an advertising taxonomy. The initial taxonomy proposed for experimentation will include somewhere between a few hundred and a few thousand topics.” They said: “Our initial design includes around 350.” And I counted them, it’s 349. “As a point of reference, the IAB Audience Taxonomy contains around 1,500 individual topics and will attempt to exclude sensitive topics.” And they said: “We’re planning to engage with external partners to help define this. The eventual goal is for the taxonomy to be sourced from an external party that incorporates feedback and ideas from across the industry.”
…
Google explains: “The topics will be inferred by the browser. The browser will leverage a classifier model to map site hostnames to topics. The classifier weights will be public, perhaps built by an external partner, and will improve over time. It may make sense for sites to provide their own topics via meta tags, headers, or JavaScript, but that remains an open discussion for later.”
It seems unlikely, though, that advertisers will give up on the nuanced tracking they can get by other means, right? Whether to show you the $2 rip off umbrella that works for a single rainy day, or the $52 Proposal Pink ™ ultra-certified umbrella that keeps the rain off for a single rainy day.
They won’t be given the choice. The point is giving them some compromise in order to disable other tracking abilities from the browser. The big question with all of this isn’t whether it improves on the user’s privacy from the status quo. It’s what happens when Google effectively monopolizes most of the access to advertising data. I’m not crying for third party ad companies, I think there might be some unforseen consequences for users down the road.
But how so? Just that Google will stop feeding them personal data the ways it currently does? Or that Chrome would actively work to block fingerprinting and trackers the way and blockers and Firefox do?
Because fingerprinting happens whether the user’s browser ‘allows’ it or not.
Google effectively monopolizes most of the access to advertising data.
Ok, so you mean most of what most companies get is fed from Google’s tracking? So most would lose most of their data. But not that rely on Amazon/Meta/etc who are doing their own dirty work.
Or that Chrome would actively work to block fingerprinting and trackers the way and blockers and Firefox do?
I think they’ll do this.
Ok, so you mean most of what most companies get is fed from Google’s tracking?
Today everyone installs cookies and what not and tracks however they can. Once Google goes the Firefox route disabling and mitigating tracking abilities in Chrome, the only gateway to tracking data will be the data gathered by Google via Chrome and exposed via some Google-controlled API to third parties. So I think that eventually what most companies get fed by will be Google’s tracking.
So most would lose most of their data. But not that rely on Amazon/Meta/etc who are doing their own dirty work.
Yup. And probably.
So better than the status quo, unless you’re a smaller ad company.
Yeah - this is the privacy model that ad targeting should have always taken. People are grabbing pitchforks not really knowing why.
Moving profiles to the edge and only letting ad servers know what to send rather than connecting the ads to profiles of centrally located browsing data and history would be a huge step forward in privacy for the average user.
The even better version of this would be the ad server sending “ad options” and the browser selecting what to show based on the internal profile, so even category data isn’t sent, just the potential linking of which ad is shown to which user (but not knowing if that correlated to an actual preference or if the other options were just equally poorly targeted).
Within the context of the subject matter, that was a quick excerpt. And, in fact, the transcript from which that excerpt was extracted can probably be considered a relatively quick excerpt from the entire system.
Sometimes it is just not possible to simplify further or be more concise without just saying “trust me, it’s better than what we had up to now.” That is especially true when we have all learned, I hope, that “trust me, I saw it on the internet” is a really lousy way to make decisions.
tl;dr There are valid reasons to not use Chrome, and to be suspicious of Google. This, specifically, is not one of them and the fear is mostly overblown by people who have done zero research.
There is a lot of misinformation being shared in this thread.
A good excerpt from Steve Gibson covering Topics on SecurityNow #935
…
…
SecurityNow #935 transcript
It seems unlikely, though, that advertisers will give up on the nuanced tracking they can get by other means, right? Whether to show you the $2 rip off umbrella that works for a single rainy day, or the $52 Proposal Pink ™ ultra-certified umbrella that keeps the rain off for a single rainy day.
They won’t be given the choice. The point is giving them some compromise in order to disable other tracking abilities from the browser. The big question with all of this isn’t whether it improves on the user’s privacy from the status quo. It’s what happens when Google effectively monopolizes most of the access to advertising data. I’m not crying for third party ad companies, I think there might be some unforseen consequences for users down the road.
But how so? Just that Google will stop feeding them personal data the ways it currently does? Or that Chrome would actively work to block fingerprinting and trackers the way and blockers and Firefox do?
Because fingerprinting happens whether the user’s browser ‘allows’ it or not.
Ok, so you mean most of what most companies get is fed from Google’s tracking? So most would lose most of their data. But not that rely on Amazon/Meta/etc who are doing their own dirty work.
I think they’ll do this.
Today everyone installs cookies and what not and tracks however they can. Once Google goes the Firefox route disabling and mitigating tracking abilities in Chrome, the only gateway to tracking data will be the data gathered by Google via Chrome and exposed via some Google-controlled API to third parties. So I think that eventually what most companies get fed by will be Google’s tracking.
Yup. And probably.
So better than the status quo, unless you’re a smaller ad company.
Yeah - this is the privacy model that ad targeting should have always taken. People are grabbing pitchforks not really knowing why.
Moving profiles to the edge and only letting ad servers know what to send rather than connecting the ads to profiles of centrally located browsing data and history would be a huge step forward in privacy for the average user.
The even better version of this would be the ad server sending “ad options” and the browser selecting what to show based on the internal profile, so even category data isn’t sent, just the potential linking of which ad is shown to which user (but not knowing if that correlated to an actual preference or if the other options were just equally poorly targeted).
No they should use context ads like duck duck go
They should ad an option to pay for the service with not tracking nor ads.
Max that’s a wonderful comment, but could you just tell me what to do, I ain’t reading all that.
You should really practice reading more if something that long is difficult for you.
Reading is a crucial life skill that everyone should practice daily.
Right? “Here is a quick excerpt”. Then proceeds to post a whole article.
Within the context of the subject matter, that was a quick excerpt. And, in fact, the transcript from which that excerpt was extracted can probably be considered a relatively quick excerpt from the entire system.
Sometimes it is just not possible to simplify further or be more concise without just saying “trust me, it’s better than what we had up to now.” That is especially true when we have all learned, I hope, that “trust me, I saw it on the internet” is a really lousy way to make decisions.
Damn bro, my bad. I must have been cranky when I left that comment. Totally understood!
No problem! If that’s as nasty as we ever get, then I’d say we’re doing pretty damn good!
TL;DR: If you want to use Chrome then don’t be worried about Topics. It’s better privacy than third party cookies and other tracking methods.
Stop using Chrome either way. Topics are still tracking, just a different kind.
tl;dr There are valid reasons to not use Chrome, and to be suspicious of Google. This, specifically, is not one of them and the fear is mostly overblown by people who have done zero research.
Steve is the best.