back to article Google puts Chrome on a cookie diet (which just so happens to starve its rivals, cough, cough...)

Google, the largest handler of web cookies, plans to change the way its Chrome browser deals with the tokens, ostensibly to promote greater privacy, following similar steps taken by rival browser makers Apple, Brave, and Mozilla. At Google I/O 2019 on Tuesday, Google's web platform director Ben Galbraith announced the plan, …

  1. JohnFen Silver badge

    Crocodile tears

    "while Google's cookie changes will benefit consumer privacy, they'll be devastating for the rest of the ad tech business."

    Boo hoo.

    Anything that is devastating for the ad tech industry is a good thing in my view. My only problem with Google's move here is that it won't hurt Google as well.

    1. DougS Silver badge

      Re: Crocodile tears

      Since Google is the biggest and most dangerous player in the ad tech industry, killing the competition is bad for everyone especially those who hate advertising.

      They are going to try to make the case that using Chrome gives you just as much privacy as other browsers, even though all your browsing data goes direct to Google. If the FTC ever does anything to Google (I'm not going to hold my breath) they ought to force them to split along client side vs server/cloud side, to prevent such abuses.

      1. JohnFen Silver badge

        Re: Crocodile tears

        "Since Google is the biggest and most dangerous player in the ad tech industry, killing the competition is bad for everyone especially those who hate advertising"

        How so?

        In a sense, it's better for me if that does happen -- then I only have to worry about a single large attacker instead of the large number of attackers that I have to worry about now. (That's just for the sake of argument, I don't actually think it matters much either way).

        Also, I don't hate advertising. I hate the ad tech industry because they are so insistent about spying on me. There's a significant difference there.

        1. DougS Silver badge

          Re: Crocodile tears

          How will you prevent Google from spying on you when they control pretty much all advertising, and exercise a great deal of control of actual or defacto web standards through having the dominant browser?

          You don't really think that they won't have multiple alternative ways of tracking you through standards or defacto standards that all browsers will be forced to support, that will break something if they are disabled so even if you use a pro-privacy browser you are screwed?

          Saying "a monopoly is good because then only one company is out to get me" is like saying that rather than having a dozen small dogs and one medium sized dog chasing you and nipping at your heels, that you'd prefer it if the medium sized dog ate the rest and grew bigger because you somehow believe it would be easier to avoid one enormous dog chasing you and trying to bite your legs off.

          1. BinkyTheHorse
            Alien

            Re: Crocodile tears

            Adding to DougS' post, take a look at the top-right corner of the RFC in question. Do you really think that Google would propose such a thing if it was going to adversely impact them in the long run?

            Monopolies are especially dangerous because a) they arise naturally in an unregulated market, and b) a monopolist will eventually be compelled to try everything to remain one, while c) every other actor on the market suffers, even if the monopolist's actions don't appear detrimental at first.

            1. JohnFen Silver badge

              Re: Crocodile tears

              "Monopolies are especially dangerous because [...]"

              This is all true, but we're talking about the adtech/martech industry specifically here. As I said, I think that those industries as a whole are bad actors. I don't see how it affects me one way or another if it devolves into a monopoly. It doesn't change a thing for me if the industry consists of one company or a thousand -- the industry is still a malicious attacker and the defenses that I have to engage in aren't affected.

          2. JohnFen Silver badge

            Re: Crocodile tears

            "How will you prevent Google from spying on you [...]"

            The same way I do now. Right now, Google+Facebook pretty much control all advertising anyway, and have an undue influence over browser standards (both official and de facto). In my view, the situation you're describing in your comment has already been reality for a while.

          3. Anonymous Coward
            Anonymous Coward

            Re: Crocodile tears

            Out of a list of scummy companies, Facebook, Microsoft, Apple, Google,. I trust Google the most, their privacy policy is clear, what I give up is clear, they stick to it, and I get alot of product in exchange for that. The other companies are worse and give you much less.

            That said, I really don't care if they track me, I have nothing I really care about, I l often actually find thing like location history useful. My issue is giving out this but getting little or nothing back in return.

            1. JohnFen Silver badge

              Re: Crocodile tears

              "Out of a list of scummy companies, Facebook, Microsoft, Apple, Google,. I trust Google the most"

              Not me. Of that list, I trust Apple the most, but I don't really trust any of them. I put Facebook and Google at about the same trust level.

              1. DougS Silver badge

                Re: Crocodile tears

                Then what you really mean is that you "distrust Apple the least". None of those companies deserve trust, but some deserve more distrust than others.

                And I say this as an iPhone owner for a decade and an Apple shareholder for longer. I like Apple, but giant multinational tech companies do not deserve the trust of any individual! The only reason Apple deserves less distrust is because at least I know I am their customer since they make their money from me and others like me who buy their products. With Google and Facebook I'm not the customer, I'm a commodity for them to sell to the advertisers because that's who they make their money from by selling ad impressions they want me to see.

                1. JohnFen Silver badge

                  Re: Crocodile tears

                  "Then what you really mean is that you "distrust Apple the least"."

                  Yes, that works just as well.

        2. illiad

          Re: Crocodile tears

          too right - I love ads - B U T they MUST have the **same** restrictions it has on printed media!! :)

      2. Ian Michael Gumby Silver badge

        @DougS Re: Crocodile tears

        I agree with you but I also have to wonder what would happen if you are an advertiser and there is no competition in ad flinging. Do you look towards another medium?

        Seems like a double edged sword.

        1. Donn Bly

          Re: @DougS Crocodile tears

          if you are an advertiser and there is no competition in ad flinging. Do you look towards another medium?

          If I am an advertiser (and as a small business owner, I suppose I would qualify) then I am ALWAYS looking at other mediums. Nobody smart puts all of their eggs in one basket.

          A few years ago there weren't any targeted ads and advertisers still advertised. A few years before that there weren't any web ads at all and advertisers still advertised. The shape of the market changes and evolves all of the time.

          However the Internet is not like past mediums. It changes quickly and radically, and whomever is on top can be on the bottom or completely gone in a matter of years. A kid in a dorm room can come up with an idea, put together a prototype in a few caffeine-fueled weeks or months, and for better or worse turn the entire market upside down.

          It doesn't do you any good to try to predict the market because any prediction you make will be so wrong it isn't worth the effort -- so you just diversify and go with whatever is the "in" thing this week.

          The only thing you can assume is going to be steady is the cost. Cost is driven by demand and not by technology or supply, because in internet advertising the supply is so elastic that it might as well be infinite. You and your competitors are going to have a budget, and if the budgets don't change then the spend remains the same, and thus the costs remain the same.

          As the "ad flinger" market consolidates as an advertiser I don't really care. I know that if the price per ad goes up then I will place less ads, and so will my competition, thus the ratio of my ads to theirs will remain the same. If the costs exceed return, then another avenue will always present itself.

          So, when google makes "privacy" changes like this it affects other ad-flingers, but it doesn't really affect the advertisers. If the ad-flinger market was a level playing field then it wouldn't matter but we all know that it isn't, but while the other ad-flingers cry foul remember that it was Google that pretty much INVENTED the category of targeted advertising and that as such they have been playing in Google's sandbox since the beginning and had to expect that things would change to their determent at some time or another.

      3. Anonymous Coward
        Anonymous Coward

        Re: Crocodile tears

        "Since Google is the biggest and most dangerous player in the ad tech industry"

        How so? Didn't the Facebook Cambridge Analytica scandal teach you ANYTHING?

        Facebook are the true evil ones, they do whatever the hell they want with their data, I also wouldn't be suprised if Doug.S, Dan 55 and the handful of very vocal Google haters are just paid shills distracting attention from the true evil on the internet.

        Posted AC, as I know what Facebook can do when you upset them and call them out.

        1. JohnFen Silver badge

          Re: Crocodile tears

          "I know what Facebook can do when you upset them and call them out."

          What can they do? I talk about how terrible Facebook is all the time, but they've never sent any goon squad to my door or anything.

        2. DougS Silver badge

          Re: Crocodile tears

          It is a lot easier to avoid having anything to do with Facebook than it is to avoid having anything to do with Google. Especially as they extend their reach into phones, then TVs, then cars...

          To avoid having anything to do with Facebook you just have to not use Facebook, Instagram or Whatsapp. Sure they have those 'like' button trackers but if you never login to them they can't link that activity back to you (and you can always block their domain completely if you are paranoid)

          They don't have the dominant browser and thus no influence over web standards. They don't have the dominant mobile OS. They aren't getting built into "smart" TVs, if you go to someone's house they won't have a "Facebook Echo" listening to you, if you rent a car there's zero chance it will have "Facebook Auto" installed...

          1. JohnFen Silver badge

            Re: Crocodile tears

            "they have those 'like' button trackers but if you never login to them they can't link that activity back to you"

            This is not exactly true.

            Also, aside from the Like buttons, Facebook also has web beacons and all the other sorts of trackers. Just not using Facebook (or even not having an account) does not protect you from Facebook's tracking.

  2. LeoP

    Looking forward to "the Facebook brwoser", "the Amazon browser" and friends

    Maybe we will get some browser competition after all?

    Welcome to the advent of "Apps" on your general purpose computer. Except it won't be any longer.

    1. RyokuMas Silver badge
      Devil

      Re: Looking forward to "the Facebook brwoser", "the Amazon browser" and friends

      "Maybe we will get some browser competition after all?"

      Unlikely. After all, how will people know about it? It's not like they can put a thumping great link all over the highest traffic page of the internet, that happens to be owned by a company whose name has now become a verb in common parlance for "search the internet"...

    2. pavel.petrman Bronze badge

      Re: Looking forward to "the Facebook brwoser", "the Amazon browser" and friends

      Two points: right now the choice is poor - variously branded Chrome (which is getting ever harder to separate from Google's interest, regardless of name under which it goes), Safari (for which you need expensive dedicated hardware of limited use for other purposes) and Firefox (which has become more of a vehicle for politics and feminism than a browser-focused effort recently). Remember Opera and their switch to Google's engine, and the months and months of technical fight to tame the Google inside the beast? That was years ago and the situation is not getting better.

      Second, many 'apps' available in their respective app-shops are in principle a browser window with notifications and an icon, nothing more (which goes for traditional GUI programs as well, on all platforms, although in slower pace). In iOs, the only allowed web renderer is Safari (with both Chrome and Firefox, along with all other web browsers and web-based apps being only GUI shells for Safari's web engine). Although the landscape and priorities are different*, there is nothing stopping Google from enforcing similar rule in the near future (if they haven't done so already.

      Coupled with decline in PC usage in favour of touchy slabs in general population there is no easy (or reasonably priced) escape from Chrome's domination in the upcoming period of browser wars.

      * Apple at the beginning cared very much about fluency and responsiveness of the UI, now seem to be selling a bit of human sanity and data security, and have optimised Safari accordingly, whereas Google aimed at app count and availability at first and now they plan to overhaul the whole system extensively to better suit their main business which is highly efficient and thus perfectly targeted advertising.

      1. Anonymous Coward
        Anonymous Coward

        Re: Looking forward to "the Facebook brwoser", "the Amazon browser" and friends

        "Firefox (which has become more of a vehicle for politics and feminism than a browser-focused effort recently)"

        Twat.

        1. teknopaul Silver badge

          Re: Looking forward to "the Facebook brwoser", "the Amazon browser" and friends

          Word. FireFox is our only hope.

          Shame its such a bitch to fork.

          1. pavel.petrman Bronze badge

            Re: Looking forward to "the Facebook brwoser", "the Amazon browser" and friends

            Only hope? Yes. Much of a promise? Sadly no. Time to get ready for another monopoly time, only this time not on the desktop but in the Web. Google will be very hard to beat for some time, just like Windows used to be on the desktop one or two decades ago (when desktop computing still was the thing). Alternatives? Yes, many, but difficult and active fought against.

          2. stiine Silver badge

            Re: Looking forward to "the Facebook brwoser", "the Amazon browser" and friends

            If you have any information that would make it easier, I'd love to get my hands on it. I don't want to fork it, so much as add 'disable this shit' options for the crap that they've been adding, like Pocket. And that annoying zoom percentage display in the /address bar/...

            1. Doctor Syntax Silver badge

              Re: Looking forward to "the Facebook brwoser", "the Amazon browser" and friends

              "If you have any information that would make it easier, I'd love to get my hands on it. I don't want to fork it,"

              I think the original comment might have been ironical given the existence of PaleMoon, WaterFox and others: https://en.wikipedia.org/wiki/Category:Web_browsers_based_on_Firefox

          3. jelabarre59 Silver badge

            Re: Looking forward to "the Facebook brwoser", "the Amazon browser" and friends

            Word. FireFox is our only hope.

            Shame its such a bitch to fork.

            Firefox has had their head so deeply embedded up their ass as of late I don't hold out much hope for them Our best hope is alternate-browser projects like Waterfox and PaleMoon (the latter of which already has it's own raft of problems).

            It would *REALLY* have been nice if Microsoft hadn't been so brain-dead stupid to decide to move Edge to a Chromium-base. Should have gone with a Mozilla/Gecko base, if for nothing else but to stick it to Google. A sad situation when you can't even rely on one evil warlord to adequately go to war with another. (And would really have liked MS' help in developing Thunderbird).

      2. teknopaul Silver badge

        Re: Looking forward to "the Facebook brwoser", "the Amazon browser" and friends

        If you write an app in android that does not use webview. Do Google still spy on network traffic?

        1. pavel.petrman Bronze badge

          Re: Looking forward to "the Facebook brwoser", "the Amazon browser" and friends

          Nobody will tell you whether they do or not, but most certainly they can (in the same manner they can solder a microphone into your WiFi-connected thermostat, if you know what I mean). You can't reasonably shield your app against the operating system it runs on. And even if you did, your app wouldn't be of much use in most cases without the OS and ecosystem services (geolocation, notification services), requesting which provides the OS vendor with important metadata as well.

        2. Anonymous Coward
          Anonymous Coward

          Re: Looking forward to "the Facebook brwoser", "the Amazon browser" and friends

          "If you write an app in android that does not use webview. Do Google still spy on network traffic?"

          Why would they bother? Far more efficient to monitor the keyboard, microphone, cameras, GPS and other more direct inputs than filter web traffic. Google owns the whole phone, not just the browser. That's why it's such an issue. And you put your whole life on your phone, in increasingly high resolution, for them to sift through and sell to literally the highest bidder.

  3. Doctor Syntax Silver badge

    I've taken to using three browsers none of which are Chrome-based. One of them is configured to delete all history including cookies on closing. That one gets fired up for any site that seems likely to want to make a nuisance of itself and closed down as soon as the site's finished with.

    1. Neil Barnes Silver badge

      This is close but not quite right, I feel.

      What is required is that a browser should automatically delete all cookies (and any other nasties it can think of) set by a domain as soon as the site is left; either by navigating to a new site or by closing the tab. A white list can exist to allow persistent cookies pertaining to login or other required data.

      It should not be necessary to close the browser, particularly when the worst offenders are likely to be closed down pretty quickly anyway (say, by having found them through a search, had a quick look to discover it wasn't what you were seeking, and immediately backing out).

      1. Anonymous Coward
        Anonymous Coward

        Re: But what about just plain crap?

        Check out Firefox's Temporary Containers addon, particularly its "automatic mode".

      2. Doctor Syntax Silver badge

        "It should not be necessary to close the browser, particularly when the worst offenders are likely to be closed down pretty quickly anyway (say, by having found them through a search, had a quick look to discover it wasn't what you were seeking, and immediately backing out)."

        The offenders do include sites I might well have been seeking my local paper's site which has a list of over 100 friends to whom it wants me to allow them to send data (on a totally illegal opt-out basis). Making the exclusion permanent also requires me to allow the paper to set their own permanent cookie.

        It's easier to have a standard browser fairly tied down with NoScript etc. that gets used for most of the time including with, say, elReg and another which is just used as needed and then (satisfyingly) blow away whatever the bastards were up to.

    2. macjules Silver badge

      And there's me just using Firefox private and Focus mobile browser.

      Completely off-topic, why do Salesforce's banner ads on El Reg look like they have just been completely ripped off from GitHub?

    3. Anonymous Coward
      Anonymous Coward

      Same approach here.

    4. Anne-Lise Pasch

      FOr the worst places on the internet, I use a VMware with the hard drives in Independent/NonPersistent mode. Every time the VM is restarted, the hard drive is reset so no nasties get through.

    5. Mystic Megabyte Silver badge

      In Firefox try typing Ctrl+shift+delete to zap the cookies. There's a cancel button so you can always back out without doing anything.

    6. Fungus Bob Silver badge

      Does anybody else remember the olden days when you just needed to make Netscape's cookie file read-only?

  4. arctic_haze Silver badge

    The right move but wrong motivation?

    I applaud Google for doing the right thing even if they do it from selfish reasons. That said, I have privacy add--ons which already do the same thing.

    1. A.P. Veening Silver badge

      Re: The right move but wrong motivation?

      I have privacy add--ons which already do the same thing.

      Add-ons can be disabled (see the latest Firefox problem with that), I suggest you also get yourself a Pi-Hole.

  5. Anonymous Coward Silver badge
    Big Brother

    Why not

    Why can't they have a policy where a cookie can only be SET if it's from the first-party website, but is USED even in third-party. That is prevent a third-party site from setting a cookie.

    Basically, I'm never going to visit the ad broker's website directly, so they can never set a cookie to track me.

    Combine that with a forced expiration within a relatively short time (eg 30 days) just in case I get one and don't clear the cookies myself.

    Apply the same policy to local-storage etc

    .

    What am I overlooking? Sure, google won't have a problem with setting a cookie, but they have so many avenues of tracking that it's essentially irrelevant. The other networks can all FOAD

  6. MJI Silver badge

    doubleclick lives in my

    HOSTS

    1. A.P. Veening Silver badge

      Re: doubleclick lives in my

      HOSTS

      Way too much work, doing manual maintenance on the hosts file. Just get yourself a Pi-Hole, that comes with complete block-lists and a friendly user interface to manually add things. As an additional benefit, it protects all devices on your home network instead of only your computer.

      1. MJI Silver badge

        Re: doubleclick lives in my

        One text file, no problem.

        Don't want too many devices anyway between PS4 and internet.

        1. Anonymous Coward
          Anonymous Coward

          Re: doubleclick lives in my

          > Don't want too many devices anyway between PS4 and internet.

          PiHole is a local DNS server that blocks lookups on known ad domains. It won't be 'between' your PS4 and the Internet.

          1. Hstubbe

            Re: doubleclick lives in my

            With dns-over-https, another one of those great google inventions, your dns is bypassed and sll dns requests are sent over an https tunnel directly to google. Not much your pihole is going to do about that. And even firefox promotes this (but with cloudflare instead of google).

            1. JohnFen Silver badge

              Re: doubleclick lives in my

              Although you can run your own DoH server and configure Firefox to use that.

              Or, if you're more technically capable, you can do what I do: run a man-in-the-middle proxy to inspect the HTTPS traffic and drop DoH exchanges entirely.

          2. MJI Silver badge

            Re: doubleclick lives in my

            HOSTS on the PC works fine and does the job.

            Do I need to do anything else?

            My wife made me take facebook out

    2. Rich 2

      Re: doubleclick lives in my

      For the uninitiated, you can find a pre-baked hosts file here...

      http://winhelp2002.mvps.org/hosts.htm

      To this, I also add...

      0.0.0.0 facebook.com

      1. stiine Silver badge

        Re: doubleclick lives in my

        I'm curious, why did you choose 0.0.0.0 intead of 127.0.1.2?

        1. A.P. Veening Silver badge

          Re: doubleclick lives in my

          I'm curious, why did you choose 127.0.1.2 instead of 127.0.0.1?

        2. doublelayer Silver badge

          Re: doubleclick lives in my

          Because 0.0.0.0 means unroutable, and the system won't try to do anything with it unless it has a bug. If I use 127.0.0.1, it will start trying to make connections to services on my machine. If I have a webserver running, that will add junk to my logs and return random 404s from that. Even if I don't have that, there will be some overhead as the browser/application initiates TCP connections that aren't going to work. Why bother? As for 127.0.1.2, I'm not sure why that was suggested. Yes, it's not localhost so it avoids the TCP overhead and local service problems, but it doesn't have any intrinsic benefits (as far as I know) over any other 127.* address, and is less likely to be checked than a proper unroutable 0.0.0.0.

          1. A.P. Veening Silver badge

            Re: doubleclick lives in my

            As for 127.0.1.2, I'm not sure why that was suggested. Yes, it's not localhost

            For IPv4, the loopback interface is assigned all the IPs in the 127.0.0.0/8 address block. That is, 127.0.0.1 through 127.255.255.254 all represent your computer. For most purposes, though, it is only necessary to use one IP address, and that is 127.0.0.1. This IP has the hostname of localhost mapped to it.

            1. doublelayer Silver badge

              Re: doubleclick lives in my

              That is true, but I have never seen a system elect to use 127.0.1.2 for an additional service, whatever that might be in this case, and almost every system only bothers to resolve 127.0.0.1 to the local machine unless specifically instructed otherwise. If the addresses were used for multiple internal interfaces, one would need 257 to reach 127.0.1.2. So I'm still not sure why that was suggested and I think I'll stick to 0.0.0.0 until I hear more.

  7. Missing Semicolon
    Unhappy

    Chromium next

    At some point, not this year, but soon, the license on Chromium source will become not-quite-floss. Enough so that publishing a un-Googled version will be impossible.

    1. doublelayer Silver badge

      Re: Chromium next

      They don't have to do that. They control the core, so they can keep adding things to it that are difficult to rip out of the code, and enforce their control that way. That means that some other browsers will, by using chromium, be forced to choose to stay with an old and insecure version, fork and reimplement all of that, or run Google code without protection.

  8. anonymous boring coward Silver badge

    Don't use Chrome if you can avoid it (i.e when not on Android).

    1. Anonymous Coward
      Anonymous Coward

      There's no need to use it on Android either, whether it's full googly spy-mode or an AOSP alternative

  9. Cynical Shopper

    Starving rivals

    Aside from the vague "ways to reduce browser fingerprinting", this is all in the name of security (mainly protecting against CSRF), not preventing tracking. The only way rivals will be hobbled is if they don't add SameSite=None onto their cookies before the new Chrome setting becomes live.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019