undefined | Better HN

0 pointsjefftk4y ago0 comments

> Google's position is ... Everyone else's position is...

I don't think this categorization is accurate. For example, Apple built https://webkit.org/blog/8943/privacy-preserving-ad-click-att...

> if the data isn't required to operate, you don't need it

This is simple, but it's also wrong. Some counterexamples:

* Learning from implicit feedback: dictation software can operate without learning what corrections people make, or a search engine can operate without learning what links people click on, but the overall quality will be lower. Each individual piece of information isn't required, but the feedback loop allows building a substantially better product.

* Risk-based authentication: you have various ways to identify a user, some of which are more hassle for them than others. A login cookie is lowest friction, asking for a password adds more friction, email / SMS / OTP verification add even more. You don't want to ask all users to go through the highest-friction approach on every pageview, but you also don't want to let a fraudster who gets access to someone's cookiejar/leaked password/old device/etc impersonate the user. If you have a small amount of information about the current user's browsing environment, in a way that's hard for a fraudster to imitate, you can offer much lower friction for a given level of security.

* Incremental rollouts: when you make changes to software that operates in complex environments it can be very difficult to ensure that it operates correctly through testing alone. Incremental rollouts, with telemetry to verify that there are no regressions or that relevant bugs have been fixed, produces better software. You're writing as if your position is Firefox's but even they collect telemetry by default: https://support.mozilla.org/en-US/kb/telemetry-clientid

> the position of every non-Google-browser is that they want to give sites as close to no data at all as possible ... Every single browser developer that doesn't own an Ads and Analytics suite is opposed to Privacy Sandbox.

I cited Apple's conversion tracking API above, but another example of this general approach is Microsoft's https://github.com/WICG/privacy-preserving-ads/blob/main/Par... I don't know where you're getting that they're trying for "close to no data at all", as opposed to improving privacy and preventing cross-site tracking?

(Still speaking only for myself)

0 comments

barneygale4y ago

> Learning from implicit feedback: dictation software can operate without learning what corrections people make, or a search engine can operate without learning what links people click on, but the overall quality will be lower. Each individual piece of information isn't required, but the feedback loop allows building a substantially better product.

That sounds cool. How do I opt into it?

ocdtrekkie4y ago

I would highlight that both Microsoft and Apple (to a lesser extent, mind you) also operate their own ad platforms. Don't get me wrong, I'd be happy to see a blanket ban on web browsers and ad companies being related, and have it apply to all three. I'm an equally opportunity antitrust breakup advocate. ;)

Regarding risk-based authentication, I see a lot of value in it, but I think the cost may be too high, and often less robust methods it uses are a poor metric anyways. I gave an example elsewhere that someone might be using a wired PC and a wireless phone on two different carriers with vastly different user agents at the same time, for instance.

I think there's some merit in some very rough Geo-IP based RBA, but I'm not sure how many other strategies for that I find effective. The fact that Outlook and Gmail seem equally happy to let someone who's never signed in from outside the United States get logged into in Nigeria seems like low-lying fruit in the risk-based authentication space. ;)

jefftkOP4y ago

> I would highlight that both Microsoft and Apple (to a lesser extent, mind you) also operate their own ad platforms.

Do you mean that before when you said "every single browser developer that doesn't own an Ads and Analytics suite" you meant to exclude nearly all the browser vendors? Google, sure, but also Apple, and Microsoft. And then Opera, UC Browser, Brave, DDG, ... I think maybe everyone but Mozilla and Vivaldi has an ads product?

ocdtrekkie4y ago

Perhaps it would be best to say companies support privacy in web browsers inversely correlated with their dependence on ad revenue. So Google is worse than Microsoft, which is worse than Apple, etc. I think it'd be fair to assume if you gave all three a choice to keep their ad products or their browser, Google would keep ads, and both Microsoft and Apple would keep their browsers, because of their relative value to their core business.

j / k navigate · click thread line to collapse

0 pointsjefftk4y ago0 comments

> Google's position is ... Everyone else's position is...

I don't think this categorization is accurate. For example, Apple built https://webkit.org/blog/8943/privacy-preserving-ad-click-att...

> if the data isn't required to operate, you don't need it

This is simple, but it's also wrong. Some counterexamples:

(Still speaking only for myself)

0 comments

barneygale4y ago

That sounds cool. How do I opt into it?

ocdtrekkie4y ago

jefftkOP4y ago

> I would highlight that both Microsoft and Apple (to a lesser extent, mind you) also operate their own ad platforms.

ocdtrekkie4y ago

j / k navigate · click thread line to collapse