Google is planning to send its Themes API when Chrome 115 arrives on July 12. It is an API that should allow advertisers to search the Internet and ads relevant to their interests without interfering with people’s privacy.
And to avoid privacy issues, the ad chief is asking advertisers to promise not to abuse the ad tracking system.
Last May, Alexandre Gilotte, senior data scientist and software engineer at Criteo, opened a GitHub Issues discussion that describes a fingerprinting attack on the Themes API that can be used to identify people online.
Last Thursday, Google plans to make Themes available next month in Chrome, Josh Karlin, technical director and manager of the Google Privacy Sandbox project, closed the one-year discussion.
“Since that discussion, we’ve added a requirement for Chrome that developers register to use the API and ensure that they don’t abuse the API,” he wrote. “It’s not a technological solution, but I believe it goes a long way to solving the problem. Shutting down for now.”
It remains an open question, however, whether other browser developers will support the API. Both Firefox maker Mozilla and Safari maker Apple have expressed their opposition to Topics’ proposals.
We don’t see a way to make this private
“Honestly, we don’t see a way to do this privately,” said Mozilla’s chief engineer Martin Thomson in January in response to Karlin’s request.
“Although the information provided by the API is limited, we believe that this can reduce the need for information for advertisers more than it protects privacy. Unfortunately, it is difficult to identify the exact ways that it can help.”
Anne van Kesteren, who works on the Internet at Apple, mentioned ten issues with the API and said that iGiant is against it. “We don’t think the content of a website should be exposed in APIs,” he said. “We’ve been working for ten years in a different way, distributing data at a higher level.”
Google, having last year abandoned its interest-based API, Federated Learning of Cohorts (FLoC), is still moving forward with Themes because it needs something that can support interest-based advertising after you’ve already delayed opting out of third-party cookies. Q3 2024.
How the API works
The Topics API is one of several privacy-preserving concepts in digital marketing once third-party cookie support is disabled. Part of what Google has been calling the Privacy Sandbox, Topics provides a way to serve ads that are tailored to the interests of internet users.
Basically, when a user visits a website and the website wants to show ads, the website can run JavaScript code (or see the header of the request Sec-Browsing-Topics) to get a list of three topics, from a tax of several types. hundreds of interest groups, from the previous website traffic. This allows the site to display advertisements that it believes are relevant to the visitor’s interests.
“With Topics, your browser selects a number of topics, such as ‘Fitness’ or ‘Travel & Transportation,’ that represent your favorite things that week based on your browsing history,” said Vinay Goel, executive director of Privacy Sandbox at Google, last year.
“Themes are stored for three weeks only and old themes are deleted. The themes are selected entirely on your device without involving external servers, including Google servers. When you visit a participating site, Mitu selects only three themes, one theme from each brand. three weeks past, so that we can share the site with our advertisers.”
The API can sometimes return a random header. In browsers that support Themes, such as the upcoming Chrome 115, a web page that invokes an API and thus…
const topics = await document.browsingTopics();
…he can bring back a team organized like this…
[{'configVersion': String, 'modelVersion': String, 'taxonomyVersion': String, 'topic': Number, 'version': String}]
…where “Number” equals the tax number of the predefined interests. The value “1” means “/Arts & Entertainment” while the number 277 means “/Jobs & Education/Education/Foreign Language Study.”
Armed with this information, the website can request ads related to the topic, which can lead to the internet visitor making more money because the advertiser pays more to reach the audience.
Gilotte’s concern is that a web publisher could use the Topics API to combine the JavaScript required by multiple websites and then generate a fingerprint based on how the websites react to the user.
The Topics API has a “witness” requirement – it only shows a visitor’s interest in the topic if the site has previously received data on the topic. So articles on a website that sees a user on a news page may know that the user is interested in news, but not that the user is interested in, say, making a purchase.
This rule – which Google calls “filter every caller” and can help Google more than small companies that are not visible on websites – can be used to get information about a visitor: whether the site has been viewed or not. head.
With enough entropy, you get a finger – we’re talking dozens of pages over the course of a few weeks. According to Mozilla’s Thomson, 20 bits allow a difference of one million. And he expresses his concerns in the newspaper [PDF] published in January titled, “Privacy Analysis of Google’s Topics Proposal.”
“We think that Themes has serious and privacy issues that are difficult to fix,” Thomson wrote.
Google’s answer
In an attempt to address the concerns that have arisen, Karlin and others at Google argue that Themes provide better privacy than third-party cookies — which don’t provide much privacy. In April, he and ten colleagues published a paper [PDF] explain the math to evaluate the claim.
And earlier this month, Google announced some changes to the Topics API.
There are 469 new taxonomy of interesting topics, up from 349 previously. This is less than the IAB Audience Taxonomy, which Google says has about 1,500 topics. About 280 business-oriented categories such as Athletic Apparel, Mattresses, and Luxury Travel were added while 160 less profitable categories such as Civil Engineering and Equestrian were removed.
“We decided to limit the size of the taxonomy, to protect against the risk of re-identification,” said Leeron Israel, product manager for Google’s Privacy Sandbox.
Google, Israel said, is also planning to allow users to block certain topics. “This means that users will be able to manage the existing themes they want by removing selected themes,” he said. “This change, coming early next year, will give users more control over their privacy and make API headers easier to use.”
Mozilla remains uncertain.
“We are not happy with architecture that exposes people’s browsing history,” a company spokesperson said. The Register in an email.
“Google is willing to use a small amount of noise to provide private information. Transferring data at the rate of one person in twenty may reduce its influence on marketing, but it is not very comforting for those who are also identified. using the information.”
Obviously, there will be blackouts. ®
#Google #asks #websites #break #shiny #advertising #API
