If you are among the billions of people using Chrome, you should stop, especially if you are using Google’s browser on an Apple device. Grim Revelations of New Data and Chrome Pages “creepyNew tracking technology should serve as a serious warning that it is time to make the switch. Here’s What You Should Know.
Why it’s time to ditch Chrome
Getty images
While Facebook has been drawing attention to data security and privacy in recent weeks, fighting against Apple for the right to collect data from its usersGoogle has taken a softer, more subtle approach. Postponing privacy labels until Facebook caught the flak, then announcing major new changes to its flagship Chrome browser.
Google says it wants a “privacy first” web. And on the surface, killing the dreaded cookie and tackling cross-site tracking comes across as an important step in the right direction. But as they say in the movies, if you want to know what’s really going on, “follow the money.” And with Google, that means data-driven advertising.
When it comes to data collection, the industry gorillas are Google and Facebook. Both tech giants derive most of their revenue from advertising, although it doesn’t always look that way with Google’s many platforms, services and operating systems. But Google’s more than $ 100 billion in ad revenue tells you what you need to know.
This was clearly illustrated when Google finally released a privacy label for Chrome in Apple’s App Store. Google’s browser collects more data than Safari or Edge or Firefox, and worse, it’s the only one of the four that doesn’t bother collecting data that isn’t tied to user identities. It’s a philosophy, a business model.
Apple Privacy Labels: Chrome vs. Rivals.
Apple Privacy Labels / @UKZak
“You don’t become a billion-dollar company without collecting as much data as you can and then making money,” Cyjax CISO Ian Thornton-Trump told me last month, just after DuckDuckGo (really) first warned on privacy that “Google doesn’t. “They care about protecting their security business model. If they really cared about privacy, they would just stop spying on billions of people.”
Choosing a browser is a very subjective matter. Usability, speed, features, seamless cross-platform options are all factors. And Chrome has spent more than anyone else making sure that the user experience is as sticky as possible. But unlike Apple and Microsoft, the other two tech giants in the browser business, Google doesn’t generate its revenue from products, but from data, your data, targeted ads.
And so you’re about to get confusing and contradictory messages about how this all reconciles. How Google plans to protect your privacy while mining your data to sell you more things, or rather, to enable business customers to sell you more things.
Unfortunately, that is going to get very confusing. Google is replacing cookies with Federated Learning of Cohorts (FLoC), which is now being tested without Chrome users knowing. And while I’m sure this wasn’t meant to be confusing, it does come across to Pythonesque when explained. A FLoC is basically a group of similar users, as judged by an algorithm behind the browsers of those users.
Simply put, that hidden, arcane algorithm tracks the sites you visit and your online activity to assign you to a group. You won’t be tracked as 45-year-old accountant, John Smith, of 101 Acacia Avenue, but the algorithm will be quite specific about your interests and share that easily with websites. Using the Internet, DuckDuckGo warns, will be “like walking into a store where they already know everything about you.”
In response to this story, Google told me that “we strongly believe that FLoC is better for user privacy compared to the individual cross-site tracking that is common today. The FLoC origin trial is an early but important step towards the Privacy Sandbox’s goal of an open web that is both private and economically sustainable by default. “
Through the collection and tracking of data, history teaches us to beware of the unintended consequences of even well-intentioned developments. This week, Facebook has blamed a user-centric convenience for its latest data accident, with the exploitation of that function by ‘bad actors’. And so the fear at FLoC is that the anonymized group IDs will soon be recognized and interpreted, that your IP address will be captured and linked.
And so now the risk is that a third party could associate your unique IP address with your anonymous FLoC ID to know more about you than it should, to take advantage of the power of that secret algorithm running behind the scenes of your browser. works; the FLoC is not on a Google Cloud server, it is in Chrome itself. As EFF warns, “if a tracker starts with your FLoC cohort, it only needs to distinguish your browser from a few thousand others (instead of a few hundred million).”
When you surf the Internet, you give away the most intimate details about yourself. Dating sites, personal services and worse. And while each FLoC only tracks online activity from the past week, you shouldn’t want to be tracked like this before they reset.
Google has already come under fire because of the eclipse around so-called “incognito” browsing, and with FLoC, most of you don’t know about it. EFF warns that “in millions of instances of Google Chrome, a switch has been silently flipped: those browsers are starting to sort their users into groups based on behavior and then share group labels with third-party trackers and advertisers on the Internet.”
And while I’m sure if this rollout hits the mainstream there are easy ways to flip a switch and opt out, it will be exactly the same as with cookies. You are constantly encouraged to keep all trackers working behind the scenes.
EFF warns that “the Chrome native trial for FLoC has been rolled out to millions of random Chrome users without warning, let alone permission. Although FLoC is ultimately intended to replace tracking cookies, it will allow trackers to access even more during the trial. information on topics. “
Google told me that “as implemented in the original trial, FLoC uses significantly less data than what is already accessible through third-party cookies, and that FLoC is designed to prevent websites from reverse engineering a person’s browsing activity.” But privacy advocates were downright dismissive of this.
And so for Apple. There is a stark irony right now that we have never again had information about the exploitation of our private information, the good and bad actors when it comes to tracking us down, the tools we can use to protect ourselves. And yet, as proven with FLoC, the other side of that equation is that data harvesters have never been more advanced. It’s an ongoing battle.
Next year, Chrome will ditch the traditional cookies that have been used for years to track users around the web. This will confuse the ad industry. The problem is, Google is on both sides as a platform and ad sales machine. There is a risk that this will give Google too much control.
Apple is on the good side of this battle – it has no direct interest in feeding the ad industry, although it is clearly not immune to data collection and advertising itself. But Apple has adopted privacy as a USP, and has joined forces with Facebook and the ad industry to crack down on browser and app trackers and those privacy labels.
And so we have reached a fork in the road, a pivot point. Most of the people reading this aren’t going to want to opt for the uber-private apps and platforms – I acknowledge that. As good as DuckDuckGo is, as good as Signal, as good as ProtonMail is, you’ll want to use a regular browser, WhatsApp or iMessage, and default email apps.
And that’s okay. Because Safari is a perfect compromise. Using the Apple ecosystem, it works seamlessly across devices and has anti-tracking technology already built in. Plus, it will even save your passwords and alert you when one has been reused or breached. And since this is Apple, you will likely trust this more than other platforms and use it more than a dedicated password manager.
There’s no point in Apple securing your data and your privacy and creating a walled garden around your online experience if you then install and use Chrome on your iPhone or iPad or Mac. Simply put, don’t leave the fox in the chicken coop. At the moment, says DuckDuckGo, “FLoC is only available on Google Chrome, and no other browser vendor has expressed the intention or even expressed interest in implementing it. “
As I noted earlier, Google CEO Sundar Pichai has assured that “we don’t use information in apps where you mainly store personal content, such as Gmail, Drive, Calendar, and Photos, for advertising purposes, period.” But Chrome isn’t on that list. And so you need to be aware of its true value to Google.
Using your digital trail to identify you as a unique user is called fingerprints. EFF warns that “fingerprinting is notoriously difficult to stop. Browsers such as Safari and Tor have been engaged in years of war of attrition against trackers, sacrificing large chunks of their own feature sets to reduce fingerprint attack surfaces. EFF warns that FLoC is “a new fingerprint risk” and that Google should not introduce that risk “until it knows how to deal with existing risks.”
EFF has launched a website where you can check if your Chrome browser has FLoC enabled. Obviously, this is only relevant to Chrome, and even if it’s not enabled now, it could happen at any time without you realizing it.
FLoC test for Chrome
EFF
Hopefully, with enough pressure, Google will make sure to add some protections to its FLoC implementation. The company told me that “if a user has chosen to block third-party cookies with the current version of Chrome, they will not be included in the original trial version. In April, we will be introducing a control in Chrome settings that allows users to opt out of recording in FLoC and other Privacy Sandbox proposals. “
As I’ve said several times, if we don’t reward the apps and platforms that secure and respect our data and move away from those that don’t, we’ll send a message saying it’s okay to harvest at will. If Google’s data collection disclosure didn’t push you from Chrome to Safari (or Firefox or DuckDuckGo or Brave or even Edge), then the covert deployment of this hidden FLoC should do it now.