The company behind privacy-centric web browser Brave has hit out against Google’s latest plan to replace third-party cookies, which it says will do little to minimize the opportunity for violations of privacy.
Introduced earlier this week, Google Topics (a substitute for the controversial FLoC proposal) offers a way to serve up ads to people based on broad interest categories, such as travel or fitness, instead of using granular and often sensitive data hoovered up by cookies.
The system relies on three weeks’ worth of browsing data, which is stored locally on-device, to place people into a variety of different buckets, which in turn determine what types of ads the person will receive. Web users can opt out of any particular topic via their browser at any time.
According to Brave, however, Topics “only touches the smallest, most minor privacy issues in FLoC, while leaving its core intact”. The new proposal pays “lip service” to protecting the open web, but in reality is yet another tool designed to preserve the Google monopoly, the company claims.
The post-cookie era
Google is set to phase out third-party cookies in Chrome (by far the world’s most popular browser) by the end of 2023, in the face of a backlash from critics who say the technology enables flagrant breaches of privacy. Many alternative browsers, such as Firefox and Safari, have already blocked third-party cookies outright.
However, given the Google business model is predicated on collecting vast quantities of data to facilitate targeted advertising campaigns (also called surveillance-based advertising), the company faces a race against time to develop new systems for supporting its customers' marketing efforts that do not compromise user privacy to the same extent.
The first proposal, FLoC (which stands for federated learning of cohorts), was a system designed to preserve the anonymity of the individual by aggregating data, while still providing advertisers with the ability to target people based on their interests. It worked in a similar way to Topics, collecting users into cohorts based on browsing activity.
However, FLoC attracted plenty of criticism when it was unveiled last year from organizations like the Electronic Frontier Foundation (EFF), which dismissed the system as a wolf in sheep’s clothing. Essentially, privacy advocates claimed FLoC would simply give advertisers a different arsenal of tools to play with, it would just be about learning how best to harness them.
Google Topics backlash
As noted in the Brave blog post (opens in new tab), the Topics proposal differs from FLoC in two ways. First, Topics only provides advertisers with interests data from sites on which they are present, instead of all sites the user has visited. Second, Topics makes fingerprinting-based identification more difficult by adding a level of randomness to information shared with advertisers.
However, neither proposal does anything “to address the core privacy harms”, says Brave. At the heart of the company’s objections is the idea that Google shouldn’t get to decide what data is classified as sensitive.
“Google says it will take care to share only ‘non-sensitive’ interests with sites. But there is no such thing as categorically non-sensitive data; there is no data that’s always safe and respectful to share,” wrote Peter Snyder, Senior Director of Privacy at Brave.
“Things that are safe to share about one person in one context will be closely guarded secrets to another. Meaningful privacy is inherently specific to both context and person. People should decide what they consider sensitive. Not Google.”
The only light in which Topics can be considered an improvement is in comparison to the standard set by Google today, Snyder argues. He says Topics represents a grievous violation of individual privacy by any other definition.
“Both FLoC and Topics are unambiguously harmful. Both systems are designed to share information about you with advertisers and organizations that you don’t know, and that are outright hostile to web users’ privacy, without active permission or consent,” wrote Snyder.
“Google’s proposals are privacy-improving only from the cynical, self-serving baseline of ‘better than Google today’”.
Google claps back
In a statement provided to TechRadar Pro, Google has responded to the accusations levelled by Brave.
"We agree that people should decide on what they consider sensitive; this is why we’ll introduce a control for users to remove topics or disable Topics completely within their browser settings. The topics revealed by the Topics API should be significantly less personally sensitive about a user than what could be transmitted using cookies or covert tracking," said Vinay Goel, who heads up the Google Privacy Sandbox project.
"The taxonomy is human-curated and does not include topics generally considered sensitive. For instance: health, race, and sexuality topics are not permitted in the taxonomy. The full list of eligible topics is publicly available, and is continually under discussion. The list is based on our taxonomy and the IAB’s content taxonomy, which is a recognised industry list."
Goel also noted that the eventual intention is for the list of topics to be curated and maintained by a neutral third party "acting on behalf of the web ecosystem", although he did not provide a timeline for this transition.
With respect to claims that Google Chrome is the "most privacy-harming popular browser on the market", Goel had the following to say:
"Other browsers have taken a blunt approach to prevent [third-party] cookies, which could lead to to other intrusive techniques such as fingerprinting."
"Google's approach is addressing the privacy concerns with innovative proposals that not only protect users as they browse the web but supports publishers, advertisers and the business models that keep the web healthy by making content free and accessible online."
Something tells us Brave and Google will never see eye-to-eye with respect to these issues.
- Preserve your privacy online with the best VPN services, best proxy services and best privacy tools around