Connect with us

Technology

Google has second thoughts about cutting cookies, so serves up CHIPs • The Register

Voice Of EU

Published

on

Last week, third-party cookies received a stay of execution from Google that will allow them to survive until late 2023 – almost two years beyond their previously declared decommission date. But the search-ads-and-apps biz is already planning a resurrection of sorts because third-party cookies are just too useful.

The Chocolate Factory envisions a lesser form of third-party cookie, one that in theory won’t be used for tracking but will be able to support other more acceptable use cases. Google software engineer Dylan Cutler and engineering manager Kaustubha Govind call their confection “partitioned cookies” in a Web Platform Incubator Community Group proposal called “CHIPs.”

Cookies are files that web applications can set in web browsers to store data. They have legitimate uses, like storing data related to the state of the application (e.g. whether you’re logged in), and they can also be used for tracking people across websites.

Third-party cookies – set by scripts that interact with third-party servers – track people by storing a value on one website and then reading that value on another website that implements a similar third-party script. The third-party service in this case then knows all the websites running their script that were visited by the tracked individual.

That’s the sort of privacy-invading behavior that led browser makers like Apple, Brave, Mozilla, and others to block third-party cookies by default. But doing so has created problems by interfering with applications that rely on third-party cookies to deliver services across domain contexts.

The browser security model is based on the distinction between first-party and third-party contexts. When an individual visits a specific web domain, that domain operates in a first party context; services available at other domains are considered third-party and face various limitations on what they can do.

Google’s CHIPs proposal – Cookies Having Independent Partitioned State – calls for cookies that can be set by third-party service but only read within the context of the first-party site where they were initially set, as opposed to other sites also running the setter’s third-party script.

For example, Cutler and Govind describe a scenario where the site retail.com wants to work with a third-party service support.chat.com to embed a support chat box on its site.

“Without the ability to set a cross-site cookie, support.chat.com could instead rely on retail.com passing along their first-party state (or some derived value of it),” the Googlers explain in their proposal. “However, if the users have not yet created an account and the support widget is helping them sign up, then retail.com would have no notion of identity to forward to support.chat.com.”

There are other plausible uses too, like third-party content delivery networks that use cookies to serve access-controlled content, front-end frameworks that rely on remote hosting and remote procedure calls to interact with services, and embedded code designed to support software-as-a-service apps.

Firefox and Safari have each taken steps toward implementing their own versions of partitioned cookies, so Google’s approach has conceptual support from other browser makers even if the implementations currently differ.

Hold on a minute

But privacy advocates have taken issue with Google’s approach – declaring intent to prototype the technology without much consultation.

“The tech has been talked about for awhile, it works when combined with other techniques to slightly reduce the harm from third-party cookies, but it’s not the same as deprecating third-party cookies,” said Zach Edwards, co-founder of web analytics biz Victory Medium, in a message to The Register.

“Google is proposing this shift without even acknowledging how it fits into larger plans, and thus making people guess and try to work out the calendar for upcoming Chrome additions and deprecations,” he said. “It’s an outrageously impossible task if the company making those decisions doesn’t keep a running list of changes that impact global businesses, and also flippantly suggests new additions on non-Google websites and via a regularly rotating group of largely unknown Google developers, who when challenged about proposals often fall back on, ‘All opinions are my own.'”

Such concern is widespread among those involved in ad tech and marketing because Google is in the midst of changing the rules by which online advertisers operate. The effort to phase out the third-party cookie is part of the company’s ongoing Privacy Sandbox initiative, which aims to implement multiple technical specifications that change how online advertising works in the browser. And no one – not Google, its allies, its competitors, regulators, or internet users – is certain how these works-in-progress will eventually work and interoperate.

In January, the UK’s Competition and Markets Authority (CMA) began poking around in Google’s Privacy Sandbox to see whether the contemplated changes would disadvantage competitors. In response, Google made a set of commitments to be more forthcoming about its technologies and the viability of competing alternatives.

“The CMA seemingly told Google that they need to change their process and communicate more clearly how data supply changes are being made in Chrome and in Google’s advertising systems,” said Edwards.

“But if this new proposal is how Google perceives the CMA-mandate, then the folks in the UK should schedule a bit more tea time because they are spinning their wheels during office hours on demands that are being ignored.”

Even seemingly minor proposals like CHIPs can be complicated because they don’t exist in isolation. They have to be considered in the context of all the other technologies they may touch in deployment.

For example, Google has a proposal called First-Party Sets that would make different domains (e.g. apple.com and icloud.com) owned by the same company function as a single first-party domain for the purpose of cookies. Privacy researcher Lukasz Olejnik has expressed concern about how CHIPs might expand the tracking possibilities when used in conjunction with First-Party Sets.

What’s more, the proposal itself acknowledges that partitioned cookies cannot currently be defended against Chrome extensions.

“Extensions’ background contexts can query and store cookies across partitions, meaning they could store a cross-site identifier across partitions,” explain Cutler and Govind. “Unfortunately, this type of attack is unavoidable due to the nature of extensions.”

“Even if we block partitioned cookies (or even all cookies) from extensions’ background contexts, an extension could still use content scripts to write cross-site identifiers to the DOM which the site’s own script could copy to the site’s partitioned cookie jar.”

And there are other potential problems that need to be ironed out, like the risk of making sites more prone to cross-site scripting (XSS) attacks and increasing the risk of denial-of-service attacks through cookie proliferation that exceeds Chrome’s 180-cookie-per-domain limit.

None of these issues are insurmountable. But perhaps Google’s decision to treat the technical foundations of web advertising – a business upon which it and so many companies depend – as a set of experiments needs to be reconsidered in light of the company’s market power. Moving fast and breaking things may work well for a nimble startup but when giants do so there’s collateral damage. ®



Source link

Technology

Elon Musk sells Tesla shares worth $6.9bn as Twitter trial looms | Elon Musk

Voice Of EU

Published

on

Elon Musk has sold $6.9bn (£5.7bn) worth of shares in Tesla after admitting that he could need the funds if he loses a legal battle with Twitter and is forced to buy the social media platform.

The Tesla CEO walked away from a $44bn deal to buy Twitter in July but the company has launched a lawsuit demanding that he complete the deal. A trial will take place in Delaware in October.

“In the (hopefully unlikely) event that Twitter forces this deal to close *and* some equity partners don’t come through, it is important to avoid an emergency sale of Tesla stock,” Musk said in a tweet late on Tuesday.

In other comments on Twitter on Tuesday, Musk said “yes” when asked if he was finished selling Tesla stock. He also said he would buy Tesla stock again if the Twitter deal does not close.

Musk has committed more than $30bn of his own money to the financing of the deal, with more than $7bn of that total provided by a coterie of associates including tech tycoon Larry Ellison, the Qatar state investment fund and the world’s biggest cryptocurrency exchange, Binance.

Musk, the world’s richest person, sold $8.5bn worth of Tesla shares in April and had said at the time there were no further sales planned. But since then, legal experts had suggested that if Musk is forced to complete the acquisition or settle the dispute with a stiff penalty, he was likely to sell more Tesla shares.

Last week Musk launched a countersuit against Twitter, accusing the platform of deliberately miscounting the number of spam accounts on the platform. Twitter has consistently stated that the number of spam accounts on its service is less than 5% of its user base, which currently stands at just under 238 million. Legal experts have said that Musk will find it hard to convince a judge that Twitter’s spam issue represents a “company material adverse effect” that substantially alters the company’s value – and therefore voids the deal.

Musk sold about 7.92m Tesla shares between 5 August and 9 August, according to multiple filings. He now owns 155m Tesla shares or just under 15% of the electric carmaker.

The latest sales bring total Tesla stock sales by Musk to about $32bn in less than one year. However, Musk remains comfortably ahead of Jeff Bezos as the world’s richest man with an estimated $250bn fortune, according to the Bloomberg billionaires index.

Tesla shares have risen nearly 15% since the automaker reported better-than-expected earnings on 20 July, also helped by the Biden administration’s climate bill that, if passed, would lift the cap on tax credits for electric vehicles.

Musk also teased on Tuesday that he could start his own social media platform. When asked by a Twitter user if he had thought about creating his own platform if the deal didn’t close, he replied: “X.com”.

With Reuters



Source link

Continue Reading

Technology

Iran reveals use of cryptocurrency to pay for imports • The Register

Voice Of EU

Published

on

Iran has announced it used cryptocurrency to pay for imports, raising the prospect that the nation is using digital assets to evade sanctions.

Trade minister Alireza Peyman Pak revealed the transaction with the tweet below, which translates as “This week, the first official import order was successfully placed with cryptocurrency worth ten million dollars. By the end of September, the use of cryptocurrencies and smart contracts will be widespread in foreign trade with target countries.”

It is unclear what Peman Pak referred to with his mention of widespread use of crypto for foreign trade, and the identity of the foreign countries he mentioned is also obscure.

But the intent of the announcement appears clear: Iran will use cryptocurrency to settle cross-border trades.

That’s very significant because Iran is subject to extensive sanctions aimed at preventing its ability to acquire nuclear weapons and reduce its ability to sponsor terrorism. Sanctions prevent the sale of many commodities and technologies to Iran, and financial institutions aren’t allowed to deal with their Iranian counterparts, who are mostly shunned around the world.

As explained in this advisory [PDF] issued by the US Treasury, Iran has developed numerous practices to evade sanctions, including payment offsetting schemes that let it sell oil in contravention of sanctions. Proceeds of such sales are alleged to have been funnelled to terrorist groups.

While cryptocurrency’s anonymity has been largely disproved, trades in digital assets aren’t regulated so sanctions enforcement will be more complex if Iran and its trading partners use crypto instead of fiat currencies.

Which perhaps adds more weight to the argument that cryptocurrency has few proven uses beyond speculative trading, making the ransomware industry possible, and helping authoritarian states like Iran and North Korea to acquire materiel for weapons.

Peyman Pak’s mention of “widespread” cross-border crypto deals, facilitated by automated smart contracts, therefore represents a challenge to those who monitor and enforce sanctions – and something new to worry about for the rest of us. ®



Source link

Continue Reading

Technology

Edwards Lifesciences is hiring at its ‘key’ Shannon and Limerick facilities

Voice Of EU

Published

on

The medtech company is hiring for a variety of roles at both its Limerick and Shannon sites, the latter of which is being transformed into a specialised manufacturing facility.

Medical devices giant Edwards Lifesciences began renovations to convert its existing Shannon facility into a specialised manufacturing centre at the end of July.

The expansion will allow the company to produce components that are an integral part of its transcatheter heart valves. The conversion is part of Edwards Lifesciences’ expansion plan that will see it hire for hundreds of new roles in the coming years.

“The expanded capability at our Shannon facility demonstrates that our operations in Ireland are a key enabler for Edwards to continue helping patients across the globe,” said Andrew Walls, general manager for the company’s manufacturing facilities in Ireland.

According to Walls, hiring is currently underway at the company’s Shannon and Limerick facilities for a variety of functions such as assembly and inspection roles, manufacturing and quality engineering, supply chain, warehouse operations and project management.

Why Ireland?

Headquartered in Irvine, California, Edwards Lifesciences established its operations in Shannon in 2018 and announced 600 new jobs for the mid-west region. This number was then doubled a year later when it revealed increased investment in Limerick.

When the Limerick plant was officially opened in October 2021, the medtech company added another 250 roles onto the previously announced 600, promising 850 new jobs by 2025.

“As the company grows and serves even more patients around the world, Edwards conducted a thorough review of its global valve manufacturing network to ensure we have the right facilities and talent to address our future needs,” Walls told SiliconRepublic.com

“We consider multiple factors when determining where we decide to manufacture – for example, a location that will allow us to produce close to where products are utilised, a location that offers advantages for our supply chain, excellent local talent pool for an engaged workforce, an interest in education and good academic infrastructure, and other characteristics that will be good for business and, ultimately, good for patients.

“Both our Shannon and Limerick sites are key enablers for Edwards Lifesciences to continue helping patients across the globe.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!