Google plans to ship its Topics API when Chrome 115 arrives on July 12. That’s the API that should allow advertisers to target netizens with ads tailored to their individual interests without affecting the people’s privacy.
And to help avoid those privacy problems, the ad giant is asking advertisers to promise they won’t abuse this ad targeting mechanism.
Last May, Alexandre Gilotte, senior data scientist and software engineer for ad platform firm Criteo, opened a GitHub Issues discussion that described a potential fingerprinting attack on the Topics API that could be used to identify people online.
Last Thursday, as Google prepared to make Topics available next month in Chrome, Josh Karlin, technical lead and project manager of Google’s Privacy Sandbox, shut down the year-old discussion.
“From this discussion, we added a requirement to Chrome that developers register to use the API and to certify that they will not abuse the API,” he wrote. “That’s not a technical solution, but I believe it goes a long way to addressing this problem. Closing for now.”
It remains an open question, however, whether other browser makers will support the API. Firefox maker Mozilla and Safari developer Apple have both indicated they oppose the Topics proposal.
We just can’t see a way to do it from a privacy perspective
“Basically, we don’t see a way to do this from a privacy perspective,” Mozilla’s chief engineer Martin Thomson said in January in response to a request for an official position statement from Karlin. .
“Although the information provided by the API is small, our belief is that it is more likely to reduce the usefulness of the information for advertisers than it is to provide meaningful protection for privacy. Unfortunately, it is difficult to identify concrete ways where it can be improved.”
Anne van Kesteren, who works on web standards at Apple, cited ten issues with the API and declared that iGiant was against it. “We don’t think APIs should expose cross-site data about user browsing behavior,” he said. “We have been working for ten years in the opposite direction, splitting data at each top-level-site.”
Google, which last year abandoned its previous interest-based API, Federated Learning of Cohorts (FLoC), is still pushing for Topics because it needs something to enable interest-based advertising interest when the delayed cessation of the use of third-party cookies occurs in Q3 2024.
How the API works
The Topics API is one of several possible privacy-preserving measures for handling digital advertising when support for third-party cookies is lost. Part of what Google calls its Privacy Sandbox, Topics provide a mechanism for delivering ads that match the inferred interests of web users.
Typically, when a user visits a website and wants the website to display an ad, the website can run JavaScript code (or see the Sec-Browsing-Topics request header) to retrieve a list of up to three topics, from a taxonomy of several hundred interest categories, derived from the user’s previous website visits. That allows the site to display advertising that is believed to be relevant to the visitor’s known interests.
“In Topics, your browser identifies certain topics, such as ‘Fitness’ or ‘Travel & Transportation,’ that represent your top interests for that week based on your browsing history,” explains Vinay Goel , director of the Privacy Sandbox product at Google, last year.
“Topics are kept for only three weeks and old topics are deleted. Topics are selected entirely on your device without involving any external servers, including Google servers. When you visit a participating site, Topics selects only three topics, one topic from each of the previous three weeks, to share with the site and its advertising partners.”
The API may occasionally also return a random topic. In browsers that support Themes, such as the upcoming Chrome 115, a webpage that uses the API so…
const topics = await document.browsingTopics();
…may return an array formatted like this…
[{'configVersion': String, 'modelVersion': String, 'taxonomyVersion': String, 'topic': Number, 'version': String}]
…where “Number” corresponds to a numbered taxonomy of predefined interests. The value “1” refers to “/Arts and Entertainment” while the number 277 refers to “/Jobs and Education/Education/Foreign Language Learning.”
Using that information, the webpage code can request a topic-related ad, which can better attract web visitors and generate more revenue because the advertiser will pay a premium to reach the desired audience.
Gilotte’s concern is that a web publisher could implement the Topics API by including the required JavaScript on multiple websites and then generate a fingerprint identifier based on how the websites behave for the user.
The Topics API has a “witness” requirement – it only shows a visitor’s interest in a topic if the site has previously received data in that topic category. So a script on a webpage that observes a user visiting a news site might know that the user is news-related, but not that the user is interested in, for example, shopping.
This rule – which Google calls a “per-caller filtering requirement” and may help Google more than smaller companies with less visibility into web visits – can be exploited to gain a little entropy about the visitor: whether or not the site saw the topic.
With enough bits of entropy, you get a fingerprint – we’re talking about dozens of websites in weeks of observation. According to Mozilla’s Thomson, 20 bits allows for a one-in-a-million difference. And he explained his concerns in a paper [PDF] published in January titled, “A Privacy Review of Google’s Topics Initiative.”
“We conclude that the Subjects have significant and structural privacy challenges that are difficult to remedy,” Thomson wrote.
Google responded
In an attempt to address some of the concerns that have arisen, Karlin and others at Google argue that Topics offer better privacy than third-party cookies – which don’t offer much privacy. In April, he and ten colleagues released a paper [PDF] outlines the math to check that claim.
And earlier this month, Google announced some changes to the Topics API.
There is a new taxonomy of 469 topics of interest, up from 349 previously. This is smaller than the IAB Audience Taxonomy, which Google says contains about 1,500 topics. 280 commercially oriented categories such as Athletic Apparel, Mattresses, and Luxury Travel were added while 160 less profitable categories such as Civil Engineering and Equestrian were removed.
“We chose to limit the size of the taxonomy, to protect against re-identification risk,” explained Leeron Israel, product manager for Google’s Privacy Sandbox.
Google, Israel said, also plans to let users block specific topics. “This means that users will be able to curate the set of available topics in which they are interested by removing selected topics,” he said. “This change, coming early next year, will give users more control over their privacy and make the Topics API more user-friendly.”
Mozilla remains unconvinced.
“We’re not keen on building features that show people’s browsing history,” a company spokesperson said. The register in an email.
“Google is content to use low noise levels to offer a sense of privacy. Randomizing data at a rate of one in twenty may reduce its effectiveness for advertising, but this is no consolation for those re-identified using that information.”
Most likely, there will be an off switch. ®
#Google #websites #kindly #break #shiny #targetedadvertising #API
Add Comment