Google has rolled out "Privacy Sandbox," a Chrome feature first announced back in 2019 that, among other things, exchanges third-party cookies—the most common form of tracking technology—for what the company is now calling "Topics." Topics is a response to pushback against Google’s proposed...
Because it doesn’t protect your privacy (Google still tracks everything), but it gives Google an even stronger monopoly to make taking other actions to protect your privacy less viable.
The end game is still their web DRM pretending to be “security” to make it impossible for you to choose how a page is displayed to you.
Google doesn’t track everything. The browser determines your interests locally; the only information shared with Google (and advertisers) is which broad topics you’ve recently shown an interest in.
It’s an underhanded way of implementing a browser supported foolproof adblock detector. Even its stated goal of “give advertisers a unified, browser backed, ‘private’ way of tracking you for advertising” isn’t especially appealing or useful when you get something better than that from adblock anyway. Turning it off will be reflected in telemetry sites gather about feature availability and hopefully low adoption numbers discourage them from taking advantage of this “feature”.
Hmm, not having read up on the tech, what’s stopping someone from making a Firefox plugin that just spoofs fake data back? It’s all done client side if I’m understanding, so everything necessary to do so must be available. Only wrinkle I could see is if they have signing and ship the cert with Chrome and regularly rotate it. It’s still not impossible in that case, just more annoying.
My understanding is vague but the sandbox environment is cryptographically integrity checked in some fashion that makes the spoofing you’re suggesting difficult or impossible.
Well, I did a little digging, and while parts of the stuff proposed by Google might be tricky, the actual topics portion of the API looks pretty easy to spoof. It seems like there’s really only two things that need to be done. The first is to spoof the feature detection logic to return true for calls to document.featurePolicy.allowsFeature('browsing-topics'). The second would be to return randomly selected topics from all available topics from calls to document.browsingTopics() (care might need to be taken to return a consistent set of random topics to a given page, otherwise clever sites might poll the API many times to detect randomness). That really seems to be all there is to the topics API part of this. As for spoofing the rest of the web DRM parts, that’s going to be a lot trickier, but with control of the browser I can’t see how it could be made insurmountable.
I read this article from top to bottom and didn’t find a clear explanation of why you should disable this feature.
Because it doesn’t protect your privacy (Google still tracks everything), but it gives Google an even stronger monopoly to make taking other actions to protect your privacy less viable.
The end game is still their web DRM pretending to be “security” to make it impossible for you to choose how a page is displayed to you.
Google doesn’t track everything. The browser determines your interests locally; the only information shared with Google (and advertisers) is which broad topics you’ve recently shown an interest in.
It’s an underhanded way of implementing a browser supported foolproof adblock detector. Even its stated goal of “give advertisers a unified, browser backed, ‘private’ way of tracking you for advertising” isn’t especially appealing or useful when you get something better than that from adblock anyway. Turning it off will be reflected in telemetry sites gather about feature availability and hopefully low adoption numbers discourage them from taking advantage of this “feature”.
Hmm, not having read up on the tech, what’s stopping someone from making a Firefox plugin that just spoofs fake data back? It’s all done client side if I’m understanding, so everything necessary to do so must be available. Only wrinkle I could see is if they have signing and ship the cert with Chrome and regularly rotate it. It’s still not impossible in that case, just more annoying.
My understanding is vague but the sandbox environment is cryptographically integrity checked in some fashion that makes the spoofing you’re suggesting difficult or impossible.
Well, I did a little digging, and while parts of the stuff proposed by Google might be tricky, the actual topics portion of the API looks pretty easy to spoof. It seems like there’s really only two things that need to be done. The first is to spoof the feature detection logic to return true for calls to
document.featurePolicy.allowsFeature('browsing-topics')
. The second would be to return randomly selected topics from all available topics from calls todocument.browsingTopics()
(care might need to be taken to return a consistent set of random topics to a given page, otherwise clever sites might poll the API many times to detect randomness). That really seems to be all there is to the topics API part of this. As for spoofing the rest of the web DRM parts, that’s going to be a lot trickier, but with control of the browser I can’t see how it could be made insurmountable.Because spying on you is bad. They mention the privacy implications in the article.