Google Chrome Enables More Spyware; Calls It “Ad Privacy Feature”.
Google Chrome has enabled Federated Learning of Cohorts, or FLoC.
As Ars Technica describes it, Google implemented this “ad topics” feature as a “solution” to third-party tracking cookies. But Apple Safari, and Mozilla Firefox, have blocked these cookies for years. It’s only Chrome that isn’t blocking them now. Google hasn’t even turned off third-party cookies and says they won’t for at least another year.
Might be a good idea to mention that Brave (which uses the Chromium rendering engine) doesn’t have FLoC or third-party cookies, and is one of the few browsers that actually has an ad and tracking blocker (a real one) built-in.
This is really just the latest reason to leave Google Chrome. There’s really no special rendering capabilities that it has that Brave doesn’t. It just has a lot of spyware in it.
Google has been doing a lot of sketchy things, at the browser level, in Chrome, to circle the wagons around its ad and tracking business.
Brendan Eich, CEO of Brave, correctly said that they are not just a skin for Chromium, they are a fork and always have been, and that they “disable lots of junk already”, and that includes FLoC.
Their “Shields” mean that Google’s ManifestV3 neutering of privacy-based extensions matters less to Brave because it has full support for uBlock-Origin style content blocking lists anyway, built-in, at a level where Google is powerless to stop you.
Mozilla-based browsing engines have other implementations than Firefox that do a lot more for the user’s privacy, such as LibreWolf and GNU IceCat.
There’s nothing preventing people from grabbing IceCat and turning off the extensions like LibreJS and the others if they don’t want them.
What makes Brave, LibreWolf, IceCat, or the SeaMonkey Internet Suite possible is that with open source software, if the upstream “Goes bad.” then anyone is free to take the code and alter it to remove that malicious feature and create an alternative version which doesn’t do that.
Fundamentally, Google FLoC is just another way that Chromium has “gone bad” and has been fixed by the forks. Users deserve privacy, which turning off third-party tracking cookies helps with.
What they do not need is some “Google alternative” which preserves the worst aspects and makes third-party tracking even more powerful than it already was.
With third-party cookies, only the server that set them could read them back and figure out who you were and which domains you’d been on that this server had loaded resources into.
That alone was bad enough, but with Google FLoC, the browser itself tracks which ads you “might be interested in”, and this fundamentally creates a huge “fingerprint” that is not quite unique, but is broadly available to any site that asks for your FLoC data, and can be mixed in with other data that your browser is leaking to create a strong fingerprinting vector.
In other words, in isolation it’s not globally unique, to you, in the world, but when sites start logging FLoC plus your time zone, language preferences, features your browser exposes, Canvas readout data, etc., suddenly all this data is unique to one person in the entire world. Plus, for at least one year, they have third-party cookies as well.
Google has continued making your online privacy worse than it has ever been, basically every year. Sometimes more than once a year. They didn’t even wait for Europe to decide if FLoC is even legal there under the GDPR and other laws. They just put it in.
Google is not a solution. They are a disease.
Brave and LibreWolf are already fighting fingerprinting vectors to make you less identifiable while keeping the Web platform working. We do not need Google rowing us towards the waterfall.
What about Microsoft Edge?
LOL!
Oh wait, well, I guess this merits explaining.
Microsoft has a “tracking protection” feature, but it’s a lie. Theirs is basically designed to screw up everyone’s ad and tracking servers but Microsoft’s, and when I tried Microsoft Edge on Windows, I found that Microsoft (at least with the EdgeHTML version) was neutering uBlock-Origin for Edge so that it couldn’t block any ads on Bing even if you installed an ad blocker.
This sort of “exempt yourself” thing is exactly what Google is trying to achieve by abusing the fact that they have an ad network, and a browser. Same shit, different assholes.
Except that Microsoft Edge is even more rapacious than Google Chrome. Hard to believe anything could be even more of a privacy invasion than Chrome, I know.
Google is at least subtle about their abuses. Microsoft Edge is very in your face about it.
You can barely open a new tab without it screaming about some online shopping thing or demanding you get Microsoft Office 365.
Fleeing Windows, which hectors its users to come back to Edge or demands that they change the search engine in their other browsers to Bing, and ignores the default browser, only to install it on Linux, where it can act this bad, but only when you have Edge open, is a lot like successfully escaping state prison so that you can break into a cell in the country jail.
But on a strictly “privacy” level, Edge is worse than Chrome. It’s another step in the wrong direction.
Nevertheless, Flathub “claims” it’s been downloaded over a million times.
Who uses this nonsense on Linux? Really? The number one feature Windows users wish for is an uninstaller program for it.
Personally, I think that even having a Linux version of Microsoft Edge that almost nobody uses (even counting Windows and Mac users, they can only get to 3.37% of Web browser market share) is sort of like the North Korean propaganda village that nobody lives in, in the demilitarized zone.
The entire point of the thing is they plant a really big flag and have a huge bullhorn blaring propaganda at the other side, and the officials claim it’s a modern city with people living in it, but then you look through the binoculars and all you see are empty concrete slabs, and a few caretakers walking around at night to flip the lights on and off.
People need to be mindful that the Web is only getting worse.
Yesterday, in Techrights IRC, I said,
“Everything that makes the Web browser “better” is something that takes away from the Web platform something that the Web browser allowed it to do to begin with,”.
“Ad blockers, JavaScript blockers, Brave putting in “random garbage” in an API readout so the site can’t follow you around everywhere. Overriding cookie and local storage handling…”
“In the 90s, they called it the “World Wide Wait”, because it was over a phone line and you had to wait minutes sometimes for a site to load. And now it’s because you go to read the news and they want to pull in 600 MB of data, and part of that is a video you didn’t want to see. Pretty much the only thing you can do with the Web is turn a bunch of crap off and use it in a partially-working state. Otherwise there’s just going to be too much junk loading.”
“Gemini pods [sic] aren’t like Web sites because they don’t have a way to FORCE the user to do anything, even load an image if they don’t want to. This Fediverse thing is sort of a lie. Because ideally there wouldn’t be a way to run a server for tons of users. Every user would be in a Peer-to-Peer system. There would be no way to block a user at a server level, only on a user-to-user basis. Then it would be up to the users to decide who they want to see. The Fediverse is federated between clusters of users on someone else’s server. So it’s like “FEDRA Colonies” from The Last of Us. Maybe it would be humorous to call it the FEDRAverse. Small groups of people living under the control of a local tyranny. In the game/TV show, pockets of the former United States government, forcing starving people to “earn their keep” incinerating plague victims and digging latrines.
“The Fediverse lie is that because it’s a lot of tyrants [each] in control of a small cluster, that’s better somehow than one great big tyrant running Twitter. You run into more interesting stuff on Mastodon by looking at the public list of servers that the administrator decided to ban. A lot of times they don’t even give a reason. It’s just that nobody using his server can see that other server because the administrator didn’t like it and won’t tell you why.”
–Me on Techrights
The Open Web is basically dead. The one where people sat down and wrote documents for you to read is dead. This one is just, grrrrrrr.
I’ll finish by giving you an example of the liberties that modern Web sites take.
I was looking in my Brave browser on my phone this morning, and I visited Ace Hardware’s Web site once months ago, and it left 97 MB of Local Storage data in my browser. 97 MB for Ace Hardware while I was looking for a tool a couple of months ago.
They all think they can just dump an unlimited amount of crap on your phone and walk away, and in a way they’re right. Nobody making a browser will put in a feature that lets you stop them. (Unless you only browse in Private Mode.)
The Mobile version of Brave appears to have had less effort put into it than the desktop version, which is sadly still true on Mobile Web browsers in general, although it is better than Chrome. ⬆