On Mozilla's blog, engineer Martin Thomson explores Google's “privacy sandbox” initiative, which proposes sharing a subset of private user information, but without third-party cookies.
The blog post concludes that Google's Protected Audience “protects advertisers (and Google) more than it protects users.” But it's not all bad. Theoretically it would look like this:
The idea behind Protected Audience is to create something like an alternate information dimension within the (Chrome) browser…any website can push information into that dimension. We typically avoid mixing data from multiple sites, but the rules have changed to allow it. The site can then process that data to select advertisements. However, no one can see this dimension except you. The site can only open a window to peek into that dimension, but it can only display selected ads…
Protected Audience may have flaws, but it shows real potential. If this were possible, people might have more say in how their data is used. Rather than having someone watch your every move and use that information to do whatever they want, you might be able to specify what that person can and cannot do. This technology has the potential to ensure that your choices are respected. Advertising probably won't be the first thing to do with this newfound power, but as the advertising industry actively funds investments in new technology that can eventually be used by others, If so, that might be a good thing.
However, some of the blog post's main criticisms are:
- ”[E]Companies with large sites like Google may be less reliant on information from other sites. Losing the information gained by tracking people might have a much smaller impact if people had access to information collected from a variety of services… [W]There are companies that dominate both the advertising and browser markets, and while they are proposing changes with clear privacy benefits, they are also seeking to further their dominance in the hugely profitable online advertising market. It will make sure…”
- ”[T]His proposal fails to achieve its own privacy goals. Protected Audience's technical privacy measures do not prevent sites from abusing the API to learn what you do on other sites. Google has relaxed privacy protections in many places to make it easier to use. Of course, the current proposal provides no privacy by weakening protection. In other words, to make Protected Audience easier to use, we made the design even more leakable…”
- “Many of these leaks are temporary. Google even has plans and timelines to plug most of the holes added to make it easier for advertisers to use Protected Audience. Leaks embedded in Protected Audience's architecture…Failure to meet its own privacy goals makes Protected Audience a current, and perhaps future, addition to the web. It's not suitable. ”