Connect with us

Technology

Privacy proves elusive in Google’s Privacy Sandbox • The Register

Voice Of EU

Published

on

Google’s effort to build a “Privacy Sandbox” – a set of technologies for delivering personalized ads online without the tracking problems presented by cookie-based advertising – continues to struggle with its promise of privacy.

The Privacy Sandbox consists of a set of web technology proposals with bird-themed names intended to aim interest-based ads at groups rather than individuals.

Much of this ad-related data processing is intended to occur within the browsers of internet users, to keep personal information from being spirited away to remote servers where it might be misused.

So, simply put, the aim is to ensure decisions made on which ads you’ll see, based on your interests, take place in your browser rather than in some backend systems processing your data.

Google launched the initiative in 2019 after competing browser makers began blocking third-party cookies – the traditional way to deliver targeted ads and track internet users – and government regulators around the globe began tightening privacy rules.

The ad biz initially hoped that it would be able to develop a replacement for cookie-based ad targeting by the end of 2021.

But after last month concluding the trial of its flawed FLoC – Federated Learning of Cohorts – to send the spec back for further refinement and pushing back its timeline for replacing third-party cookies with Privacy Sandbox specs, Google now acknowledges that its purportedly privacy-protective remarketing proposal FLEDGE – First Locally-Executed Decision over Groups Experiment – also needs a tweak to prevent the technology from being used to track people online.

On Wednesday, John Mooring, senior software engineer at Microsoft, opened an issue in the GitHub repository for Turtledove (now known as FLEDGE) to describe a conceptual attack that would allow someone to craft code on webpages to use FLEDGE to track people across different websites.

That runs contrary to its very purpose. FLEDGE is supposed to enable remarketing – for example, a web store using a visitor’s interest in a book to present an ad for that book on a third-party website – without tracking the visitor through a personal identifier.

Michael Kleber, the Google mathematician overseeing the construction of Privacy Sandbox specs, acknowledged that the sample code could be abused to create an identifier in situations where there’s no ad competition.

“This is indeed the natural fingerprinting concern associated with the one-bit leak, which FLEDGE will need to protect against in some way,” he said, suggesting technical interventions and abuse detection as possible paths to resolve the privacy leak. “We certainly need some approach to this problem before the removal of third-party cookies in Chrome.”

In an email to The Register, Dr Lukasz Olejnik, independent privacy researcher and consultant, emphasized the need to ensure that the Privacy Sandbox does not leak from the outset.

It will all be futile if the candidates for replacements are not having an adequate privacy level on their own

“Among the goals of Privacy Sandbox is to make advertising more civilized, specifically privacy-proofed,” said Olejnik. “To achieve this overarching goal, plenty of changes must be introduced. But it will all be futile if the candidates for replacements are not having an adequate privacy level on their own. This is why the APIs would need to be really well designed, and specifications crystal-clear, considering broad privacy threat models.”

The problem as Olejnik sees it is that the privacy characteristics of the technology being proposed are not yet well understood. And given the timeline for this technology and revenue that depends on it – the global digital ad spend this year is expected to reach $455bn – he argues data privacy leaks need to be identified in advance so they can be adequately dealt with.

“This particular risk – the so-called one-bit leak issue – has been known since 2020,” Olejnik said. “I expect that a solution to this problem will be found in the fusion of API design (i.e. Turtledove and Fenced Frames), implementation level, and the auditing manner – active search for potential misuses.

“But this particular issue indeed looks serious – a new and claimed privacy-friendly solution should not be introduced while being aware of such a design issue. In this sense, it’s a show-stopper, but one that is hopefully possible to duly address in time.” ®

Source link

Technology

‘I hope the world will be safer’, says Molly Russell’s father after inquest – video | Technology

Voice Of EU

Published

on

Molly Russell’s father has accused the world’s biggest social media firms of ‘monetising misery’ after an inquest ruled that harmful online content contributed to the 14-year-old’s death.

Ian Russell accused Meta, the owner of Facebook and Instagram, of guiding his daughter on a ‘demented trail of life-sucking content’, after the landmark ruling raised the regulatory pressure on social media companies.

The inquest heard on Friday that Molly, from Harrow, north-west London, had viewed large amounts of content related to suicide, depression, self-harm and anxiety on Instagram and Pinterest before she died in November 2017

Source link

Continue Reading

Technology

Google delays execution of deprecated Chrome extensions • The Register

Voice Of EU

Published

on

Google has delayed its browser extension platform transition for enterprise customers, giving those using managed versions of Chrome with the deprecated Manifest v2 (MV2) extensions an extra six months of support.

The Chocolate Factory has also redefined its deadlines for general Chrome users to make the transition to the new platform, called Manifest v3 (MV3), less of a shock to the system.

“Chrome will take a gradual and experimental approach to turning off Manifest V2 to ensure a smooth end-user experience during the phase-out process,” explained David Li, a product manager at Google, in a blog post. “We would like to make sure developers have the information they need, with plenty of time to transition to the new manifest version and to roll out changes to their users.”

Chrome will take a gradual and experimental approach to turning off Manifest V2 to ensure a smooth end-user experience

Developers, in other words, need more time to rewrite their extension code.

Previously, as of January 2023, Chrome was to stop running MV2 extensions. Enterprise managed Chrome installations had an extra six months with MV2, until June 2023.

The current schedule says MV2 extensions may or may not work in developer-oriented versions of Chrome used outside of enterprises. “Starting in Chrome 112, Chrome may run experiments to turn off support for Manifest V2 extensions in Canary, Dev, and Beta channels,” the timeline says.

And then in June 2023, MV2 extensions may or may not get disabled in any version of Chrome, including the Stable channel used by most people.

New MV2 extensions could no longer be added to the Chrome Web Store in June 2022, and that remains unchanged under the new roadmap; MV2 extensions already available the Chrome Web Store can still be downloaded and can still receive updates.

As of June 2023, MV2 extensions will no longer be visible in the store (so they can’t be newly installed, but can still be updated for existing users).

Come January 2024, nothing will be left to chance: the Chrome Web Store will stop accepting updates to MV2 extensions, all MV2 extensions will be removed from the store, and the MV2 usage in enterprises will end.

Li suggests developers make the transition sooner rather than later “because those [MV2] extensions may stop working at any time following the aforementioned dates.”

In recognition of the confusion among developers trying to adapt their extensions to MV3, Li said Google has implemented new APIs and platform improvements and has created a progress page to provide more transparency with regard to the state of MV2-MV3 transition.

Since 2018, Google has been revising the code that defines what browser extensions can do in Chrome. Its outgoing architecture known as Manifest v2 proved too powerful – it could be used by rogue add-ons to steal data, for example – and Google claimed use of those capabilities hindered browser performance. Critics like the EFF have disputed that.

Coincidentally, those capabilities, particularly the ability to intercept and revise network requests based on dynamic criteria, made Manifest v2 useful for blocking content and privacy-violating tracking scripts.

Under the new Manifest v3 regime, extensions have been domesticated. As a result, they appear to use computing resources more efficiently while being less effective at content blocking.

Illustration of the Facebook logo surrounded by thumbs down

Facebook is one bad Chrome extension away from another Cambridge Analytica scandal

READ MORE

Whether or not this results in meaningful performance improvement, the MV3 change has been championed by Google for Chrome and the open source Chromium project, and is being supported by those building atop Chromium, like Microsoft Edge, as well as Apple’s WebKit-based Safari and Mozilla’s Gecko-based Firefox.

However, Brave, Mozilla, and Vivadi have said they intend to continue supporting Manifest v2 extensions for an indeterminate amount of time. How long that will last is anyone’s guess.

Brave, like other privacy-oriented companies and advocacy groups, has made it clear this regime change is not to its liking. “With Manifest V3, Google is harming privacy and limiting user choice,” the developer said via Twitter. “The bottom line, though, is that Brave will still continue to offer leading protection against invasive ads and trackers.”

With Manifest V3, Google is harming privacy and limiting user choice

Google, on its timeline, suggests MV3 is approaching “full feature parity with Manifest V2.”

Extension developers appear to be skeptical about that. On Friday, in response to Google’s timeline revision posted to the Chromium Extension Google Group, a developer forum member who goes by the pseudonym “wOxxOm” slammed Google for posts full of corporate lingo about safety and security and pushed back against its statement about feature parity.

“[T]his definitely sounds reasonable if you don’t know the context, but given the subsequently plotted timeline it becomes a gross exaggeration and a borderline lie, because with the progress rate we all observed over the past years it’ll take at least several years more for MV3 to become reliable and feature-rich enough to replace MV2, not half a year or a year,” wOxxOm posted.

“Neither the issue list nor the announcement acknowledge that MV3 is still half-broken and unusable for anything other than a beta test due to its unreliable registration of service workers that break extensions completely for thousands of users, soon for millions because no one in Chromium has yet found out the exact reason of the bug, hence they can’t be sure they’ll fix it in the next months.”

This may not be the last time Google revises its transition timeline. ®



Source link

Continue Reading

Technology

Irish Research Council pumps €27m to fund next generation of researchers

Voice Of EU

Published

on

A total of 316 awardees of the IRC’s Government of Ireland programme will receive funding to conduct ‘pioneering’ research.

Postgraduate and postdoctoral researchers in Ireland are set to get €27m in funding from the Irish Research Council (IRC) through its flagship Government of Ireland programme.

In an announcement today (30 September), the IRC said that a total of 316 Government of Ireland awards will be given to researchers in the country, including 239 postgraduate scholarships and 77 postdoctoral fellowships.

Awardees under the scheme will conduct research on a broad range of topics, from machine translation and social media to protecting wild bee populations and bioplastics.

“The prestigious awards recognise and fund pioneering research projects along with addressing new and emerging fields of research that introduce creative and innovative approaches across all disciplines, including the sciences, humanities and the arts,” said IRC director Louise Callinan.

Awardees

One of the science-focused postgraduate awardees, University of Galway’s Cherrelle Johnson, is working on the long-term sustainability of bioplastics as an alternative to fossil fuel-based plastics.

Another, Royal College of Surgeons in Ireland’s Tammy Strickland, is studying the role of the circadian rhythm, or the sleep-wake cycle, of immune cells in the brain in epilepsy.

Khetam Al Sharou of Dublin City University, one of the postdoctoral researchers to win the award, is looking into the use of machine translation in social media and the associated risks of information distortion.

Meanwhile, Robert Brose from the Dublin Institute for Advanced Studies is investigating the particles and radiation that are emitted by high-energy sources in our milky way to try and find the most likely sources of life.

Diana Carolina Pimentel Betancurt from Teagasc, the state agency providing research and development in agriculture and related fields, is looking for natural probiotics in native honeybees to mitigate the effect of pesticides.

“Funding schemes like the IRC’s Government of Ireland programmes are vitally important to the wider research landscape in Ireland, as they ensure that researchers are supported at an early stage of their career and are given an opportunity to direct their own research,” Callinan said.

53 early-career researchers across Ireland got €28.5m in funding last month from the SFI-IRC Pathway programme, a new collaborative initiative between Science Foundation Ireland and the IRC. SFI and IRC are expected to merge to form one funding body in the coming years.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!