Browser makers debate control of identity sharing — privacy policy, ownership, branding, or common domain URL?

How to change a key element of the way the Internet’s World Wide Web works is being hashed out in a public forum involving engineers for five major web-browser makers, along with Facebook.  The latest session was Thursday (Aug. 27) hosted by the World Wide Web Consortium (W3C)’s Privacy Community Group. 

The underlying question driving discussion as some 70 people listened —  What should (or should not) allow owners of websites to uniquely identify an individual browser-user as they move across other websites?  

That sort of identity management has never been part of standard Web protocols. So the browser “cookie” file became the default approach.  But now in order to extend privacy and block opaque tracking, Google (Chrome), Apple (Safari), Mozilla (Firefox), Microsoft (Edge) and Brave Inc. are looking at several approaches that would prevent storage of cookie tracking data, beyond a “first party.” It would mean a company, or collection of affiliated websites could track their users, but nobody else could cross-identify the same user. 

The approaches are:

• Storage partitioning — Making sure tracking data stays within  separate data storage areas on browser software — with no leakage. (questions)
• First-party Sets — Limiting tracking to a “set” consisting of a common corporate family, or sites with identical branding or privacy policy. (issues)
• IsLoggedIn —  A standard for alerting each website that a user visits as to whether the are currently “logged in” to one or more other websites. 

Thursday’s discussion found Apple and Mozilla in frequent accord. At one point a Facebook representative raised concerns about the IsLoggedIn idea.  Facebook users remain logged in almost constantly across the web, as do users with a Google Account. Making the public more aware of that could have implications for both companies. 

The First-Party Sets discussion turned to debate of whether the top-level domain name, corporate ownership, brand or common privacy policy should be factors in declaring websites to be affiliated as “first parties” and therefore able to share data about user activity and attributes. Deciding that is critical, because it would affect whether federated “Single Sign On” services work conveniently for users. 

“You wouldn’t want to create a policy or standard that would allow unrelated sites to band together,” said Chris Pedigo, a vp at Digital Content Next, representing publishers. He said an earlier W3C group discussed a similar question and concluded a first-party set could include “a collection of domains as long as there was a common privacy policy, ownership and branding.” 

AD TECH AND PRIVACY

• Ad industry experts ponder email address for global ID | Allison Schiff, AdExchanger.com
• Publishers Want Independent Governance of The Trade Desk’s New Unified ID | Andrew Bluestein, AdWeek.com
• Ad agencies worry Google may be exposing phone PII | Laurie Sullivan, MediaPost.com
• How Ad Fraudsters Are Thriving During the Covid-19 Crisis | Rachel Winicov, AdWeek.com
• Verizon Media offers ‘contextual’ targeting to ad clients | Melynda Fuller, MediaPost.com 
•  

PUBLISHING, PRIVACY, PAYMENT

• Publishers seek leverage to force Apple to relax  ‘my way or the highway’ approach | Lara O’Reilly, DigiDay.com
• LiveRamp ad-tech firm asserts a third of publishers have no “identity solution” | Paid content (advertising) via DigiDay.com  (download LiveRamp report)
• CafeMedia’s Paul Bannister says publishers should forgo app stores | Evan DeSimone, Digital Content Next 
• Google can afford a slice of its billions to help sustain journalism, Australian Labor Party says | Amanda Meade, TheGuardian.com
• Gallup-Knight study finds public expectation of media sometimes unmet | John Sands, Knight Foundation website 

WASHINGTON WATCH 

• Merkley/Sanders bill would impose nationwide facial-recognition restrictions | Elizabeth Motabano, ThreatPost.com | (BILL TEXT)
• EARLIER: Ohio’s senators privacy bill rejects “consent” paradigm | Sen. Sherrod Brown website
• WHITE PAPER: How COVID-19 emphasizes need for U.S. privacy law | Huton Andrews Kurth law firm
• Lawmakers worry about ‘bad actors’ within ad-tech ecosystem | Andrew Bluestein, AdWeek.com
• What question about AI should candidates be asked? | Rumman Chowdhury, Acccenture, via Protocol.com
• Silicon Valley could get an easy ride on child privacy if Markey isn’t re-elected | Emily Birnbaum, Protocol.com
• How Kamala Harris Forged Close Ties With Big Tech | Daisuke Wakabayashi, Stephanie Saul & Kenneth P. Vogel, NYTimes.com

Facebook flips out over Apple privacy move; says it will drive business of advertising competitors — to Facebook

A flurry of stories picked up on a Facebook’s developers’ blog post in which the company said a key privacy move by Apple would likely benefit it more than small advertising competitors. As a result Facebook stock surged. 

Apple’s forthcoming iOS14 update for mobile devices is the change Facebook cites.  

“This is not a change we want to make, but unfortunately Apple’s updates to iOS14 have forced this decision,” Facebook said, adding that the update “may render Audience Network so ineffective on iOS 14 that it may not make sense to offer it on iOS 14 in the future.” 

The Audience Network is the Facebook service that third parties can use to place advertising elsewhere on the web besides Facebook.  Facebook cited tests showing that removing personalization led to a more than 50% drop in revenue from the Audience Network to the point where it might close the service for reaching Apple users. Thus the net impact might be to drive advertisers to place more business inside Facebook. 

Here’s a selection of reporting on and reaction to the blog post, “Preparing our Partners for iOS 14.” 

• Apple’s iOS 14 Requires New Opt-in Consent for Advertising Identifiers | Hunton Andrew Kurth law firm 
• Big tech fight: Apple wants to stop advertisers from following you around the web. Facebook has other ideas |  Peter Kafka, Recode/Vox.com
• Facebook’s IDFA Plan: Possible Audience Network Shutdown For IOS 14 | Allison Schiff, AdExchanger.com
• Facebook warns Apple’s iOS 14 could shave more than 50% from Audience Network revenue | Salvador Rodrigeuz, CNBC.com
• iOS 14 privacy settings will tank ad targeting business, Facebook warns | Kate Cox, ArsTechnica 
• Facebook warns advertisers on Apple privacy changes | Sara Fischer, Axios.com
• Facebook stock jumps 5% after it says it will make it harder to place adds outside of Facebook | Barbara Ortutay, The Associated Pres
• Facebook says Apple’s new privacy rules could spare its own apps but hit smaller companies: stock up 8.2% | Stephen Nellis, Katie Paul & Paresh Dave, Reuters PLC
• Facebook isn’t happy about Apple’s upcoming ad tracking restrictions | Anthony Ha, TechCrunch.com
• Facebook Says Apple’s New iPhone Update Will Disrupt Online Advertising | Jeff Horwitz, WSJ.com via Benton.org
• Facebook: Audience Network Advertising To Be ‘Severely Impacted’ By Apple’s iOS 14 Privacy Updates | Gavin O’Malley, MediaPost.com
• Facebook says Apple’s Safari privacy moves will throttle publisher revenue on its Audience Network | Lara O’Reilly, DigiDay.com
• Facebook ‘apologizes’  for Apple’s  efforts to protect its customers’ privacy with iOS14 opt-in permission flag | Kieren McCarthy, TheRegister.com
   

STATEHOUSE WATCH 

• Ad industry urges Texas lawmakers not to require “opt-in” | IAPP Daily Dashboard | (LETTER TEXT)
• Arizona investigation: Google’s own staffers criticized its data privacy controls as a mess | Alfred Ng, CNet.com
• Pittsburgh considers ban on facial recognition, predictive policing | Ryan Johnston, StateScoop.com
   

WORLD PRIVACY

• Palantir warns investors of complex, inconsistent global privacy law risk | Alexis Keenan, Yahoo Finance
• Survey in India: How is artificial intelligence evolving? | Omidyar’s Subhasish Bhadra via Twitter
• Brazil accelerates effect of new privacy law | Angelique Carson, IAPP Privacy Advisor
• Myanmar amends privacy law to protect citizens from state | San Yamin Aung, The Irrawaddy

‘Social Dilemma’ film debuting Sept. 9 cues the question: Could unbridled ‘surveillance capitalism’ lead to civil war? 

Debate over privacy, social media and “surveillance capitalism” will likely ramp up with the Sept. 9 release via NetFlix of a new documentary, “The Social Dilemma,” (trailer) by an award-winning environmental documentarian, Jeff Orlowski.  The 94-minute film, previewed in January at the Sundance Festival, features a set of actor-dramatizations juxtaposed with testimonials and warnings by ex-Silicon Valley engineers. 

“The amount of information that is being collected is a gold rush for data to build more and more accurate profiles around us,” Orlowski says in a Vanity Fair interview this week. “And in many ways, whoever builds the most accurate profile, whoever can predict us better, those are the companies that are going to win out. It is really individualized, personalized data accumulation to build a more and more accurate model that is currently being used to manipulate us.”

The result is increasing political and social polarization, Orlowski says in the interview, quoting one interviewee: “ . . . [T]he natural conclusion to all of this is civil war.”

Included in the film are former Google design ethicist and Center for Human Technology president Tristan Harris, Renee DiResta, research manager of the Stanford Internet Observatory, and Rashida Richardson, former policy researcher at the AI Now Institute, not to mention Soshana Zuboff, author of the book “Surveillance Capitalism and Silicon Valley investor Roger McNamee. 

Harris, DiResta and Richardson join Orlowski at 8:30 p.m. (EDT) on Sept. 16 for a virtual discussion of the film. (Register to watch and pose questions) 

PERSONAL PRIVACY 

• How to destroy surveillance capitalism | Cory Doctorow,  OneZero via Medium.com
• Alexa talks: Police seek records from “smart” speakers | Sidney Fussell, Wired.com
• Why are companies battling to snatch up bankrupt retailers? They want your data | Leticia Miranda, NBC News
• Popular fertility app shared data without user consent, researchers say | Tonya Riley, WashingtonPost.com
• Android 101: How to stop location tracking | Barbara Krasnoff, TheVerge.com
• Amazon’s “Halo” scans your body and voice for fitness | Dieter Bohn, TheVerge.com
• How Apple describes its iPhone user privacy and data practices | Apple Developer Blog 
• Firefox’s New Android Browser: Placebo For Your Privacy Woes? | Soshana Wodinsky, Gizmodo.com
• VENDOR VIEW: “Your privacy and the “internet of things (IoT)” | CaseGuard blog
• CDT and eHI Release Draft Consumer Privacy Framework for Health Data | Elizabeth Seeger & Alice Leiter, Center for Democracy & Technology
• What Years of Emails and Texts Reveal About Your Friendly Tech Companies | Tim Wu, NYTimes.com
   

FACIAL RECOGNITION

•  Macy’s sued over use of Clearview AI facial recognition | Scott Ikeda, CPO Magazine
• Appeals court hands down the UK’s first judgment on automated facial recognition | Osborne Clark law firm 
• German officials ask Clearview AI to explain biometric data processing | Tony Bitzionis, FindBiometrics.com 

COVID 19 AND PRIVACY 

• Lessons from COVID-19 for a New US Privacy Framework | Centre for Information Policy Leadership
• Students pushing back on college COVID-19 tracking | David Jesse, Detroit Free Press
• OPINION: Should Americans give government personal data to track virus? | Jo Guldi & Macabe Keliher, TheHill.com