Google is the master of fake Privacy features
Google started out with a "don't be evil" motto when it launched its first product, Google Search. Today, Google is a different company. It has created numerous products and abandoned a lot.
For the past couple of years, Google pushed "privacy" features in its products, especially Google Chrome. The two main products that have come out of this is the Privacy Sandbox and IP Protection.
Privacy Sandbox is highly controversial. Google claims that it improves privacy for all users that use Google Chrome. The main idea behind it is to move tracking from the user level, using cookies for the most part, to the group level.
To achieve this, Google baked technology into the Chrome browser that analyses the user's browsing history. The data is then used locally on the user's device to assign interest groups.
Browse lots of car, sports or knitting websites? Chrome will assign you to matching groups. These groups are then used by advertisers and publishers to display ads. Google, being the dominant advertising company in the world, benefits the most from it.
Apart from keeping some form of tracking alive on the Internet, Google is also holding the key to the technology. It is in the browser and Google controls Chromium and Chrome. In other words, Google controls the entire feature.
Is the Privacy Sandbox good for user privacy? It depends on your perspective. If you already block third-party cookies, then it won't have a positive effect. In fact, you will be tracked again when it launches, unless you turn it off.
Google's main argument for improved privacy is that Privacy Sandbox does away with third-party cookies. However, it replaces one form of tracking with another. It may not be as individual as before, but it is still tracking in the end.
Privacy Sandbox is available for all Chrome browsers, and also for Android.
Chrome users who want better privacy, and not change to a privacy-friendly browser, may turn off the entire Privacy Sandbox feature to improve their privacy significantly. Kick third-party cookies to the curb as well, and you have improved privacy to a level that Google will never reach.
You can check out my guide on disabling Android's Ads Privacy feature here. If you use desktop Chrome, check out my guide on turning off the advertising features in Chrome.
IP Protection
IP Protection is another new feature that Google is rolling out in the Chrome web browser. It is designed to protect the IP address of user devices, so that websites don't get access to it anymore.
Google achieves this by tunneling all user requests through its own servers. What the company failed to mention during the announcement was that this feature gives it access to the entire activity of the user.
Proton calls the feature Privacy Washing, and it is. Google gets a "God’s-eye view of every website you visit at all times while using Chrome". Google gets another access point to user data, which is invaluable in the advertising world.
Chrome users may want to keep the feature disabled. There are better options to protect your IP address, including using a reputable VPN service, such as Mullvad's. Tor Browser, a free Firefox-based web browser with a focus on anonymity, may also be used to protect the IP address.
Closing Words
Google uses words like privacy or protection deliberately to influence public opinion. This doesn't influence privacy-minded individuals and groups, but it may persuade the general use base that this feature is indeed beneficial to one's privacy and protection.
Now You: what is your take on this development?
I decided to get either the 990 Pro or the 850X. Now, the first ad on YouTube is about SSDs. Supposedly I have everything disabled, and the features you have to disable are too many and yet… Still happens.
On properly setup Firefox, this doesn’t happen at all.
IP Protection sounds like it’s supposed to be Google’s answer to iCloud Private Relay, which is also (Safari) browser-based. So the main motivation could be competitiveness with Apple.
I’d be more worried about Google’s free VPN service, which seems aimed at giving Google access to user DNS requests since there’s no other obvious motivation to offer a VPN for free.
But not worried about the “God’s-eye view” of Google. Seems kind of pointless to try hiding from Google if you use Android, Gmail, Google Chrome, Google Docs, Google Fi Wireless, Google Pay, Google Play, Google Translate, or YouTube, where they’re already tracking you. Anything with a Google ad, Google analytics, or embedded YouTube video is also helping Google track you. This website apparently embeds DoubleClick ads, so it’s making money off of Google tracking you…
You forgot to mention Google Play.
Firefox (configured for privacy) + Mullvad VPN user.
I don’t use Google apps or services. Yes, some are excellent. But they’re free for a reason.
Choose who you trust wisely.
@upp
Can you tell the class what ‘weaker’ adblocker means and how is MV3 weakening it?
I am sure you don’t, you are just parroting what others say.
What do you think adblockers do? they don’t do anything you can’t do in Devtools today, MV3 actually is good because it does it natively = faster, as can be proven by anything native, for example :has() vs procedural cosmetic :has().
Yeah Procedural :has() allows for more, but I would rather create a longer rule that works faster, than a simpler rule that is slower.
While this is not the exact case of Adblocking, it is a good way to show how native will be faster and better than extensions doing all the work, especially when extensions don’t measure performance impact.
What is weaker?
Network request filtering? no, it will do the exact same.
Cosmetics? no, not really, because cosmetics is all adding ‘display: none !important’ to html elements, Adguard MV3 already supports procedural filtering as well.
Scriptlet injections? they already work, just like redirections and other features.
Regex works too, it doesn’t support lookahead feature, but that’s not bad, uBlock uses many rules with it, but rules can be rebuild and be adapted without lookahead features.
The only things that get weaker and non adblocking related features, or features that are so advanced they are not even used in any list and I doubt you use them either.
Also lists, since MV3 doesn’t allow lists, that can change a little how many rules are loaded, but for example, uBlock has 140k rules already as default today… do you think you need 140K which are full of duplicates, invalid, old/outdated rules and useless ones? no, you pretty much don’t even need more than 10K to be honest, because most of the rules are about google scripts that run in many websites.
So, maybe it is time to properly research things and don’t just say stuff because you read it on the internet. There are many extensions like to modify headers that are better and faster in MV3 than modheader or requestly.
Yeah, obviously devs will complain about features missing here and there, and having to re-write already existing extensions to be in Chrome extension store.
But no, adblocking will work pretty much 99% the same.
Adblockers don’t do anything magical, like I said, you can do everything inside Devtools already, all you do is use the same Web technologies they use to create websites, against websites to remove features, annoyances and all that.
Safari on iOS uses a similar but weaker version of MV3, and native adblockers like Brave already have most feature parity with Desktop and Android versions, including Scriptlet injections.
Scriptlet injections are what it is needed for all Youtube adblocking, and used for the unblockable cookie notices.
Developers also will always find workarounds, even Adguard talked about finding the workarounds to have a nice logger like they do today, but do you really need the logger?, I doubt you and others who complain about MV3 make custom rules, so… what’s the issue? it will work fine, so again, maybe it is time to research, instead of saying what has been proven a FUD.
If adblocking was ‘so advanced’ technology it can only be with MV2 and WebRequest API, then why you can do 85% in the devtools of what you can do in the adblocker?
Also, I doubt you have compared adblockers technologies to know what is there or missing, adblockers features is what matters, not the rules, if a feature allows to write the same rule and have the same result, then that’s all that matters. Of course, lists are important, but unsupported rules don’t mean a feature with the same result doesn’t exist in the adblocker.
First, MV3 limits the number of static and dynamic rules which can be enabled at a time.
The second problem is the inability to load rules to the filtering engine from the extension’s server. AdGuard has to define a set of declarative rules and let Chrome handle the network request filtering process.
Because the new syntax for the rules is very limiting, not all existing rules can be converted, including Cookie rules that block certain trackers.
“negative lookahead” is often used in filters. A quick search showed that there are currently 43 rules with this expression in AdGuard filters. At first glance, this is not many, but keep in mind that most of these rules are supposed to work on many different domains, so I’d say this limitation alone cripples ad blocking on 1000+ websites. – AdGuard
The inability to refresh rules directly from the server will also cause delays in updating them and responding to new blocking requirements from website changes. AdGuard estimates these rule updates will now be “several days” apart.
The third issue ad-blockers face with Manifest V3 is that users can no longer look at the filtering logs (present in manifest V2) because the browser is now blocking the ads.
The only workaround is to unpack and install the extension in Developer Mode, which gives the software access to debugging options required to accept statistical data from the browser.
Finally, replacing the background page with a service worker causes performance issues, as the latter goes dormant when there’s no browser activity.
Once a new page loads, the worker requires up to two seconds to wake up. While the declarative rules will still work to block the ads, there’s a delay in applying the cosmetic filter to make the ads disappear.
@Adam
A lot of people here are completely misguided. MV3 finally(!) fixes the issue that extensions can directly intercept and redirect(!!!) browser traffic. That’s how most extensions that spy on your behavior for profit, or maliciously try to redirect you to malware-laden websites work. The uBlock Origin developers are crying “Muh I need access to all URLs muh!!!!!”, and I am sure the extension uses this capability for good, but that does not mean it should be available in general, to all extensions lol. This measure will reduce malicious extensions in the stores significantly.
The rule limit is an issue, I am not disputing that. However the general idea is the correct one, extensions should not have this type of access. Safari extensions have had this limitation for ages and their adblocking is decent enough.
I myself am not relying on any extension anyway, as I’m using Brave.
@Iron Heart,
> “(…)the issue that extensions can directly intercept and redirect(!!!) browser traffic”.
Indeed! I’ll refer to Firefox given it’s the only browser I use. You may already know what follows.
No extension can act on another extension, yet there is a setting I use for uBO that allows at least to have control of extensions’ connections.
1- In uBlocko / Dashboard / Trusted sites : replace ‘moz-extension-scheme’ by ‘#moz-extension-scheme” : this disables whatever extension to have the ‘Trusted site’ attribute hence may be controlled by uBO (to a certain degree).
2- In uBlocko / Dashboard / My rules : add: moz-extension-scheme * * noop
3- Go to another uBO Dashboard page and you should have uBO with the top-right logo NOT blinking given you’ve disabled the ‘moz-extension-scheme’ in Trusted sites: BE SURE to click on the logo to have uBO consider itself as trusted (otherwise it wouldn’t update!).
I had set this when I discovered that RSS dedicated extensions would sometimes connect to a server I had told uBO to block, i.e.Facebook (I block Facebook and others system-wide anyway yet there may be servers I agree to connect with by myself but not let an extension do so). With the above workaround no connection to Facebook (be it blocked by uBO). Another example is YouTube videos : I redirect them to a front-end with an extension called REDIRECTOR but this extension will be ineffective for YouTube videos included in RSSs handled by another extension. This can be controlled as well with the above setting by adding dedicated rules to UBO’s ‘My rules’ , not that it will allow REDIRECT to redirect, but at least it will allow to set a dedicated rule in uBO/My rules to block the RSS extension from accessing YouTube servers. (this is an example, not a declaration!).
Proton was created by 3 letter agency
Also they are as much fake and privacy scheme as any other company promoting Privacy in the Technology era where everyone has a phone.
Thanks, Martin. What’s my take?
Whether it’s by a nation’s legislation or a corporation’s policy, we no longer have any privacy.
In the former, citizens vote for it, others are subjugated to it.
In the latter, every time one installs an app and/or creates an account, free or not, one agrees to the use of it at the source’s discretion and conditions the moment “continue” or “OK” is selected.
Infrastructure and its technology is so complex, we are at its mercy. While a handful might recognize “what’s going on” and take some measures, the unwashed masses wallow in ignorance.
Considering the overwhelming spectrum of google android mobile devices spanning versions (supported and unsupported), manufacturers, SoCs and comm protocols, how exactly is anyone going to tame all that? Don’t gaslight with that delusion of flashing the ROM with “something else” and downloading apps from “somewhere else.”
apple is its own story and all under one globalist roof. Discipline that, anyone?
Some of us are fortunate to have the expertise and live under a rule still allowing the use of tools to ensure some privacy/anonymity (domain blockers, anti-trackers, encrypted services, et al). But even for those who can still bend a MS or Linux PC to our will, somewhat, those days are coming to an end.
Do you blame the people that are ignorant or people that are profiting from that ignorance?
@Tachy, that is a very important question. I think there is unanimity to blame those who are profiting from others’ ignorance and consequently maybe does the question end up to be : is ignorance blamable?
A child’s ignorance is of course never blamable, blessed they be and blessed be their ignorance which correlates to innocence. Concerning adults, mature minds, in my view ignorance may happen to be tied to a state of mind devoted to assistance, this way of perceiving the world as if, given we are honest ourselves, we should be protected from evil by others, name it the government, dedicated institutions, religious beliefs. I think such a state of mind is blamable, I think that striving for what we consider essential in terms of humanity’s ethical deployment includes for the least our own very behavior and quests. From there on waiting silently for a better world is perhaps blamable. indeed.
“Help yourself and heaven will help you”, if this is the correct translation from french “Aide-toi et le ciel t’aidera”. I do believe in the value and beauty of helping others, not at all in waiting for others to help you without having first tried your best to resolve issues you encounter, and that includes searching. At the end, maybe can we ask ourselves if there is not a drop of evil in not struggling to see when we are blind, but that would lead us far beyond the topic of this article. Responsibility remains IMO a keyword.
We’re just lucky Web Integrity was defeated. Watch them closely though, because it will eventually be back.
“Privacy Sandbox . . . unless you turn it off.”
“IP Protection–Chrome users may want to keep the feature disabled.”
And it takes what? Three to five minutes to turn off “Privacy Sandbox” and “IP Protection.”
If Google intends to deliberately “bake” the features into the browser so it would take a privacy focused user hours of research and dreaded browser manipulations to eliminate, then the “opinion” article may have a molecule of merit.
Google provides a different view of “IP Protection”: it first encrypts the DNS records, and then a third-party network creates a temporary IP address for accessing a site.
Google servers have little to do with the feature.
Completely erroneous misinformation:
“Google gets a “God’s-eye view of every website you visit at all times while using Chrome”. Google gets another access point to user data, which is invaluable in the advertising world.”
It’s almost like it’s not a great idea to let the fox guard the henhouse.
“Chrome users who want better privacy, and not change to a privacy-friendly browser, may turn off the entire Privacy Sandbox feature to improve their privacy significantly.”
I think that users who want a better even privacy should plainly avoid Google products and services and mainly the company’s browser and email service. And I think they do. I just cannot understand the fame and success of a company dedicated to advertisement and its implications by means of tracking by *all* means. This is beyond my understanding. Generally speaking, avoiding, using alternatives to big tech corporations applications and software is the way to go because all of them include users’ privacy violation in the very basics of their development policies.
Clearly all users should be avoiding Chrome and all chromium-based browsers, including Vivaldi, Edge, Opera, and even the really obscure ones like Thorium and Brave.
@Andy Prough
Care to explain why? I don’t trust fake privacy initiatives like Mozilla that promise one thing and deliver another, being funded by the very company you say we should shun.
Despite the massive astroturfing for Firefox the past few weeks, in the wake of Google combatting the add-on uBlock Origin, the needle hasn’t moved in its favor one bit, if you look at the daily usage figures. Looks like Google’s Mozillian side quest is still shrinking and about to implode.
>”I don’t trust fake privacy initiatives like Mozilla that promise one thing and deliver another”
Sounds like you and I are in complete agreement that the only “privacy” browser worth its salt is GNU IceCat. Downloads are available by one of the IceCat developers at icecatbrowser[dot]org.
The laws around the globe are simply 20 or more years behind the stealing of data by corporations.
They can take what lays on the way side because it is not protected by the state as property which by this definition has an owner. Even if there is an owner who would claim, it is almost impossible to get a hand on ones own data because these corporations are not registered in those location were they operate.
One simple way to protect would be a register of ones name, email adress, phone number and birthday for example under which everything else that comes from this legal owner is automatically protected as property…
On the other side, governments do get special access to get a hand on the populations data.
@Benjamin, I don’t believe too much in prohibition, first because it may defeat freedom as well for a noble cause than for an illegitimate one, secondly because such attempts often prove to be efficient only on the short to medium term.
My astonishment, be it with privacy, mainly on the web, be it with all maters which harm each and all of us (narcotics, prostitution, pornography to name major ones) concerns rather people’s addiction, slavery in fact, which demonstrate that when ignorance, easiness, pleasure are of the lot, many of us abandon up to their fundamental principles.
So when I write that I don’t understand some hi-tech corporations’ success when their services are tied to tracking, I should rather evoke my désappointement in human nature. If I am tangent to misanthropy without sinking into it, it is because of and each time I meet honest, strong, talented persons who stay faithful to their principles and moreover often help, by their advice, by their commitment to alternatives (here, in the digital area) others who struggle to use modern tools without loosing their dignity and privacy rights. Be they thanked.
How tracking and following you works… and these are only some fine examples
https://browserleaks.com/
You forget about MV3, weaker adblock = weaker privacy = ez data harvesting ?
Thanks for the tips!