Google's Privacy Sandbox Accused of Misleading Chrome Browser Users (theregister.com) 40
Richard Speed reports via The Register: Privacy campaigner noyb has filed a GDPR complaint regarding Google's Privacy Sandbox, alleging that turning on a "Privacy Feature" in the Chrome browser resulted in unwanted tracking by the US megacorp. The Privacy Sandbox API was introduced in 2023 as part of Google's grand plan to eliminate third-party tracking cookies. Rather than relying on those cookies, website developers can call the API to display ads matched to a user's interests. In the announcement, Google's VP of the Privacy Sandbox initiative called it "a significant step on the path towards a fundamentally more private web."
However, according to noyb, the problem is that although Privacy Sandbox is advertised as an improvement over third-party tracking, that tracking doesn't go away. Instead, it is done within the browser by Google itself. To comply with the rules, Google needs informed consent from users, which is where issues start. Noyb wrote today: "Google's internal browser tracking was introduced to users via a pop-up that said 'turn on ad privacy feature' after opening the Chrome browser. In the European Union, users are given the choice to either 'Turn it on' or to say 'No thanks,' so to refuse consent." Users would be forgiven for thinking that 'turn on ad privacy feature' would protect them from tracking. However, what it actually does is turn on first-party tracking.
Max Schrems, honorary chairman of noyb, claimed: "Google has simply lied to its users. People thought they were agreeing to a privacy feature, but were tricked into accepting Google's first-party ad tracking. "Consent has to be informed, transparent, and fair to be legal. Google has done the exact opposite." Noyb noted that Google had argued "choosing to click on 'Turn it on' would indeed be considered consent to tracking under Article 6(1)(a) of the GDPR."
However, according to noyb, the problem is that although Privacy Sandbox is advertised as an improvement over third-party tracking, that tracking doesn't go away. Instead, it is done within the browser by Google itself. To comply with the rules, Google needs informed consent from users, which is where issues start. Noyb wrote today: "Google's internal browser tracking was introduced to users via a pop-up that said 'turn on ad privacy feature' after opening the Chrome browser. In the European Union, users are given the choice to either 'Turn it on' or to say 'No thanks,' so to refuse consent." Users would be forgiven for thinking that 'turn on ad privacy feature' would protect them from tracking. However, what it actually does is turn on first-party tracking.
Max Schrems, honorary chairman of noyb, claimed: "Google has simply lied to its users. People thought they were agreeing to a privacy feature, but were tricked into accepting Google's first-party ad tracking. "Consent has to be informed, transparent, and fair to be legal. Google has done the exact opposite." Noyb noted that Google had argued "choosing to click on 'Turn it on' would indeed be considered consent to tracking under Article 6(1)(a) of the GDPR."
Motto change (Score:5, Insightful)
"Do No Evil" became "Do Evil", as was inevitable for a megacorp.
Re: (Score:2)
It was "Don't be evil", and it was changed to "Do the right thing" in 2015. The issue is with the new moto is "For whom?".
Not that the old moto meant much by 2015, I left the company in 2009 when it was still commonly mentioned and we were encouraged to "drink the kool-aid" (I did get that feedback in a perf review).
Source: "https://en.wikipedia.org/wiki/Don't_be_evil"
Re: (Score:2)
Comment removed (Score:5, Insightful)
Re: (Score:3)
The issue here is subtle and TFA doesn't really explain it.
The data that is collected is held locally and never released in full to anyone, including Google. When a site requests it, the browser sends a list of a few items from your list, and some random ones. There are basic protections such as if the site re-requests it gets the same list etc. The browser can also send an empty list if it is a fresh install, in incognito mode, or the user wants to block the functionality. So it is better than e.g. third p
Re: (Score:2)
That seems to adequately sum things up. The GDPR does not allow "privacy light" though and _any_ data collection must have informed consent unless the very collection itself is already strongly anonymized. Tracking in any form cannot be anonymized, unless it is limited to within a single web-site and session-only. Even that may not be enough depending on the details. I guess Google and other US companies still do not understand at all what the GDPR actually requires. Well, noyb is there to change that. Inci
Google lied about tracking - Pikachu shock face!!! (Score:2)
Why does Google still exist? Is there -anything- they -don't- lie about?
Shameless and bold faced.
Re: (Score:2)
You mean why haven't we seen a news announcement from Google saying something like this:
Today Google announced that after X years in existence it has decided to discontinue all operations within 3 years from this date.
After all, it's not like Google doesn't have the experience in doing that with their various products.
Re: (Score:2)
Capitalism that is too much laisse-faire. In it, as soon as you amass enough money and have the right people in your pocket, nothing can touch you anymore and the laws do not apply to you. At least until you grossly overdo it.
"Within the browser" sounds local. (Score:2)
Re: (Score:3)
for others, it is "Within the browser" and have less info... but for google, with uniquely id browsers and access to that info, it is easy to match each profile to each user. So basically for google nothing changed, they just pretend to be a much better. it is a improvement, specially for those not google (or that NOT build their own chrome based browsers, like microsoft and google)... but for those, they could even better, they have a better position vs the others and even vs the current cookie system, as
Re: "Within the browser" sounds local. (Score:2)
Re: "Within the browser" sounds local. (Score:4, Interesting)
Just because Google makes the browser doesn't mean everything in it hits their servers. Local is still local. The summary doesn't make it clear if there is some unexpected phone home here.
The problem as near as I can tell seems to be that a feature labeled "Turn on an ad privacy feature" when enabled actually leaks more information about you than not having it on via Google's harebrained privacy sandbox scheme. It is a classic dark pattern prompt that seems to be explicitly designed to trick people.
Re: "Within the browser" sounds local. (Score:2)
Re: (Score:3)
Leaks where? The entire point of this thing, as far as I can tell, is to take all the stuff websites do server-side to do ad targeting, and do all that right in your browser instead so that sites only see a set of categories. In theory it makes sense. The objection here is unclear.
Lets for the sake of argument ignore all the IP, device fingerprinting and big data re-identification schemes.
Imagine I open my browser and visit a brand new website I've never been to before. With either site isolation enabled or third party cookies disabled tracking bugs can't be used to identify me and blab to the site I'm visiting all the other placed I visited before.
With privacy sandbox ticking "Turn on an ad privacy feature" when I visit that same new website that would otherwise know nothing about
Re: "Within the browser" sounds local. (Score:2)
Re: "Within the browser" sounds local. (Score:2)
The feature has lots of privacy measures.
https://developers.google.com/... [google.com]
Ads are not the main privacy problem on the internet, by a huuuuuge margin. The big problems are how easy it is to voluntarily give up privacy by e.g. posting to social media, and how easy it is to attack someone's privacy by doxxing.
Re: (Score:2)
while most do not care (specially in the US), other do care and be more careful in not sharing private info (many EU people). Even people that care about privacy have a hard time restricting it in chome... but of course, one easy fix is exactly not using chrome or chrome based browsers!
Re: "Within the browser" sounds local. (Score:2)
Google provides excellent privacy features, and always has done ... remember how revolutionary Takeout was? The idea that you should be able to just see all the data on you, download it, delete it ... was totally new. And I don't think anyone forced Google to do it.
Google is one of the good guys in the privacy game, it's a shame people like to muddy the waters to make them look like other companies who very definitely are not on the same side. I suspect a sustained marketing effort from those companies is b
Re: (Score:2)
EU pushed that kind of things, GDPR even enforce that now
sadly there is a workaround, they can have some anonymous IDs (say DRM license in the browser or the unique ID of each browser) and track you indirectly via those IDs. It is not as good as normal tracking, you can switch browsers, several people sharing the computer, etc, but it is still a valid tracking profile... and as it is not identified, you will not he able to download those... but i let to the reader how to map a anonymous ID from a browser to
Re: "Within the browser" sounds local. (Score:2)
Google was pushing for online privacy a long time before the EU was.
You can create a free AdWords account right now and see for yourself from an advertiser's point of view how the tracking works and doesn't work. It's really not that scary, and it's all public because anyone can be an advertiser.
Re: (Score:2)
not all track info goes to adwords, that is already the processed info! google have their own internal usage too... gmail, android and google search have lot of interesting info that google will not share with others directly, just like facebook have their own trackers and create full user profile and networks.
Their protection of privacy is both to try to smoke and mirror the critics (we are good, trust us) and block competition (as few others can get as much info as them, except microsoft and far below, f
Re: "Within the browser" sounds local. (Score:2)
Not really. Google's main business is ads, so that's where the user-specific data is. If they had some other amazing tracking it would be an ads product.
Re: (Score:2)
unless that is too creepy to show.... advertisers do not want to send a ad to one person, they want group of people that are their target... all that info is grouped in targets... it is irrelevant that googles knows that all the details of one old lady lives with several cats in a small town, that have cancer and likes cooking, what matters is those generic info: age, sex, likes cats, cooking, have health issues and grouped with all others that have also those (different) info... but google still know lot
Re: (Score:2)
Google provides excellent privacy features, and always has done ... remember how revolutionary Takeout was?
Do you also believe Google play services has excellent privacy features? Why has Google paid out hundreds of millions of dollars to settle so many of the location stalking privacy lawsuits across dozens of states in recent years?
The idea that you should be able to just see all the data on you, download it, delete it ... was totally new. And I don't think anyone forced Google to do it.
The invention of a brand new way to violate privacy of billions by rolling out features to collect even more data about them without their permission speaks for itself. The icing on the cake was the dark pattern prompting that does exactly the opposite of what any normal user wou
Re: "Within the browser" sounds local. (Score:2)
Google has hundreds if not thousands of engineers working on collecting, maintaining, and providing internal+external APIs over all that ads-relevant data.
Do you really think they have the same setup for creepy data? Which SVP do they report to? What's the business justification? How do they stop the rest of the company / the press finding out about details of it?
There are plenty of valid privacy concerns but they have to tie back to something real. Your relevance as an individual to Google stops after the
Re: (Score:2)
The feature has lots of privacy measures.
The feature is literally a privacy violation.
Re: (Score:2)
Cookies are also stored in the browser.
"Privacy" Sandbox is pure monopolism (Score:3)
Of all the Orwellian parts of the "Privacy" Sandbox API - and there are many, as this lawsuit aptly illustrates - few bother me as much as the brazen monopolism of the whole thing. Having built a search monopoly and leveraged that into a browser monopoly, Google now is openly declaring its desire to be a monopoly on user data collection and calling it a feature.
I get the that FTC is under-resourced and doing its best to fight back against existing monopolistic practices by FAAMG, but this is so nakedly monopolistic that it boggles my mind that it could actually be considered a valid business practice.
Re: (Score:2)
Of all the Orwellian parts of the "Privacy" Sandbox API - and there are many, as this lawsuit aptly illustrates
My absolute favorite is baking malware into the browsers to conduct advertising auctions for access to the user. I guess serving up malware and assorted tracking bugs wasn't quite enough.
https://developers.google.com/... [google.com]
- few bother me as much as the brazen monopolism of the whole thing.
Who would have guessed they would also happen to be the one single organization to centrally control access to it?
https://developers.google.com/... [google.com]
Re: (Score:2)
Given enough lawyers, anything can be considered a valid business practice.
There's a saying in Romanian: a thief not caught is an honest businessman.
Re: (Score:2)
Google now is openly declaring its desire to be a monopoly on user data collection
"Collection" seems like a funny choice of words here, since Google doesn't receive the "collected" data. "Monopoly" is, also, since every other company in the world has exactly the same access to the data as Google does.
Full disclosure: I work for Google (as mentioned in my /. bio). I work on Android security, not anything to do with advertising or data collection, and I'm speaking for myself, not the company. I don't believe the source of my paychecks influences my opinion here, though I could be wron
Re: (Score:2)
It's not a lawsuit, it's a complaint to a GDPR regulator. It had nothing to do with the FTC.
The Privacy Sandbox is actually a decent idea and reasonably well implemented, assuming you accept the premise that some amount of behavioural advertising is necessary. Unfortunately GDPR does allow for it, albeit with opt-in freely given permission.
Re: (Score:2)
And with _informed_ consent. As far as I can see, the core of the complaint is that Google not only withheld information that would be needed for informed consent, they outright lied. And that is a gross GDPR violation.
Turn on tracking by Google? (Score:3)
That should be shown in the popup to comply with GDPR.
Dark Patterns (Score:2)
Hard to see they are. The best at it Google is.
Google privacy... (Score:3)
Jon Stewart pretty much lays it out (Score:2)
As if what is essentially an ad agency is ever going to willingly give us more privacy. WTF were we thinking/smoking?!
H
Re: (Score:2)
Interesting.