Root Causes 229: Browsing Collectives and the 80/20 Rule of Browser Privacy

Hosted by

Tim Callan

Chief Compliance Officer

Jason Soroko

Fellow

Original broadcast date

June 8, 2022

In this follow-on to our two previous podcasts, we elucidate additional potential schemes for preserving consumer privacy. We discuss data aggregation, the power of the default, decentralized blockchain identities, the death of cookies, browsing collectives, privacy browsers, and the 80/20 rule of browser entropy.

Podcast Transcript

Lightly edited for flow and brevity.

Tim CallanWe recently discussed in a pair of Podcasts the potential trouble with browser tracking through cookies and other mechanisms, browser fingerprinting and Google’s response to that, first in the form of FLoC and then later on in the form of Topics which are technology approaches to provide some of the benefits of tracking while still preserving the anonymity of the individual. Then we teased that at the end by pointing out that Google is only part of the whole browsing universe and the whole consumer facing internet universe. I think what we wanted to return to today is say, okay, that’s well and good but what else might be going on in other quarters of the consumer facing internet.

Jason SorokoAbsolutely. I don’t know what to entitle this podcast, but I think it comes down to it’s a more generally wider subject such as what’s the future of your trackability, future of privacy or even the future of individual identity as you're browsing around on the World Wide Web? And interestingly, I think Google Topics, which still at this point is a proposal. I don’t think it’s something that really does exist right now, within Chrome. Maybe they are doing certain things like that unbeknownst to us but wouldn’t put anything past anybody, but the thing is, I want to point out the fact that in the world that is not Google, the rest of us, there are competitors in this space who have been following this very closely. They followed what was good about FLoC and then failed, and then what was good about Topics and is being debated, and they’re saying, hey, Google’s gonna do this, Google being Google, they’re going to put that into Chrome. What about the other browsers and isn’t there opportunity for the rest of us, you, know the rest of the world, to come out with the technology that’s similar but is more browser agnostic? Therefore, let’s break down really what these other competitors to Topics and what was FLoC are doing. Basically – I don’t want to repeat everything I said in the previous two podcasts, but keep in mind what we really are talking about here is what’s gonna make Europe happy? What’s gonna allow them to not be angry at, alright, you’re tracking, privacy problems, too granular, etc. Where here’s the thing. What happens if whatever this technology is for tracking, if you allowed it to be opt in. In other words, take a look at right now the nightmare of browsing around European websites where essentially your “reject all” is an opt-out-ish type of concept. Allowing the cookies is you opting in to being tracked. Who knows, if you even really understand what that means or not. Therefore, what would make a European commission happy is something that is more of an opt-in type of scenario to being tracked. And maybe you could give incentives. Maybe you could, who knows what business models are around opt in. In other words, rather than saying something really spooky like we’re tracking you, you could say things such as hey, we are gonna give you some free functionality, we’re gonna give you all these things that today’s social media has done such a good job at doing and allowing people to ultimately decide in a very clean, clear understandable way to opt in to all the positive benefits to giving away some piece of information about yourself.

The other thing that would make Europe happy, Tim, is the ability to manage your profile. In other words, if you happened to be – machine learning, Tim, learned something about you and I that we didn’t really want to be remembered for. Let’s say, I often go off and do purchasing for relatives of mine who aren’t as handy on the World Wide Web, and then forever more, I’m gonna be receiving ads about those things. And it’s like, man, I’m not that interested in that. I just bought it the once. So, therefore, wouldn’t it be nice for me to go manage my tracking profile and say, look, please take me off this tracking list.

Tim CallanYes, I, indeed, I did buy toys for my young nieces and nephews, but I’m not a young person, and don’t keep sending me advertisements for toys. Got it.

Jason SorokoThis is just kind of a continuation here of what are the things that makes Europe happy. And these competitors to Topics for example, being a lot more forthright, open about your granularity and the Topics and not only that, but I guess, like I just said, allowing people to manage that profile. Allowing people to say, hey, that’s a subject that’s very sensitive to me. I want to opt out of this particular topic and as well, sometimes I might want to just say, no. You know what? Yesterday I was fine with all this, but today, I’m rejecting it. And therefore, I want to be private, until I don’t want to be.

Tim CallanOne of the things that occurs to me as you’re describing these schemes is what I will call the power of the default. I’m just making that up right now, but basically, I started my career in UX, and one of the things that you can measure over and over and over again, and it always happens, is that whatever you default to in any kind of machine or system or computer environment is almost always what is preserved. If you give people a set of defaults that work better for them, then they’ll keep them. If you give them a set of defaults that work badly for them, they’ll keep them too, because it requires some amount of discovery and some amount of proactivity and people are distracted, and people are in a hurry and nobody who is not designing your technology and platform or solution or system ever understands it as well as the people who are working on it day in and day out. If I’m a privacy hawk, you say to me, well, don’t you worry, I’m gonna give them a console where they can go in and look at their settings and decide what they want to forget and remember and turn their own dials, maybe, I’m alright with that but one of the things I’m gonna be cognizant of is almost nobody’s going to actually do it. In particular, your relatives who are not very savvy about the World Wide Web or extra special to people who aren’t going to go in and do it. I find it very credible that Jason Soroko is going to go figure out what these things are and is going to go work on them and turn the dials and whatnot. But, Jason Soroko’s non-tech savvy relative, much less so. That strikes me as a limitation on the value of this kind of solution. Maybe it's better than nothing, but that is a limitation.

Jason SorokoIt absolutely is, which is my own kind of thinking through this said to myself, well, maybe they’ll handle it through things such as incentives. Maybe that’s what it’s all about. Like, I don’t think people realize, but even things like loyalty programs, loyalty programs, why in the world would you ever get involved with a loyalty program unless there was something in it for you because what people don’t realize is that, man, there is probably no better way to track you than to get involved with a loyalty program and then stop shopping around with it. Because then the profile about you is just being created. You’re opting in because there is a profile. Because there is a real tangible incentive to do so, I’m thinking there might have to be something here. I don’t know if that’s true. Maybe there’s somebody way more clever than me who could tell me otherwise, but that’s the only thing I can come up with right now, Tim.

Tim CallanSo, that’ll be interesting to see. I get why you might say, well, this is better than nothing. But the question that I would wonder is, again, are these people who are in positions of power, who care very much about this privacy, going to feel that something like this is sufficient?

Jason SorokoThat’s a good question. That’s what’s going to end up having to play out. But I want to introduce just one more idea to how the rest of the world that’s not Google Chrome will enable this, and this is what’s being talked about. I’ve actually seen some vendors out there who are looking at creating something similar to Google Topics, as an example. And say, well, it’s obviously not going to be Google Chrome specific. It’s gonna be more or less browser agnostic. And the idea being, instead of a cookie, Tim, it will be a decentralized identity. Isn’t that interesting? So therefore, there will be some level of machine learning that will be occurring - is my assumption - and therefore, your attributes will be stored on a blockchain. And then your ability to manage what attributes you release about yourself, the blockchain technology will be what you're using to be able to say, hey, these attributes about me that you’ve figured out, these are okay, but these other ones aren’t. And so, therefore, as you browse, even if you're using different browsers, potentially, if you’ve opted in to some marketing program, regardless of how you use the Web, some profile about you could be created that, while sufficiently aggregated so that it’s not, they don’t know, marketers don’t know it’s you, but your mechanism to manage attributes that you are giving away about yourself to sites that you are browsing to for targeted marketing, you could see how decentralized identities and blockchain could work there. I just wanted to throw that at you, Tim, because that seems to be the way that you could do it browser agnostic.

Tim CallanOkay, and then the browsers would just all have to build in support for something that would be consistent across them, and it would be an open standard that everybody had access to, so they’d be able to go, we’d be able to deal with intercompatibility and all that stuff, and it would go into the standards body process from there.

Jason SorokoSo, think about it, Tim, like, what happens today is, it’s cookies, and hashes of those cookies are stored in some, in multiple databases, and those databases are people who are data experts, are able to look at those multiple lakes of data and say, alright, this person is interested in a bunch of these things. Therefore, there’s really specific website-targeted marketing, and then there’s, okay, we’re figuring out who you really are, and that’s the world we live in today, and that’s the world that you want to avoid by saying, listen, tracking cookies gotta go. Alright, so what we’ve now agreed to is, we’re gonna aggregate it, and we’re gonna put it into, it’s gonna be browser-based, therefore, we’re gonna call it, your fingerprint or your personal profile will be at the edge. It will be at your browser. It won’t be these lakes of data about you that are all aggregated together and figured out. It’s gonna be more controlled and therefore, you have some sort of control about what people know about you. That’s great. Well, what technology are you going to bring in to be able to accommodate that? Well, blockchain. In other words, decentralized identities. And so, that’s interesting.

One of the things that you may say to me at this point, and this is going to be my final point in these three podcasts, which is, alright, Jay, I don’t believe you. I think that cookies will probably live on forever anyway, and therefore you mean FLoC died, Topics is still just a proposal, all these other guys floating around decentralized identity sounds like a pipedream. Maybe it’ll work out but maybe only partially and by the way, Jay, everything else you just said, Tim, which is, does this make Europe happy enough and also, will the users even accept it at all.

Let me just bring up the final point, which I think may end up bringing a final death nail to cookies; therefore, we’re gonna have to shift to something because there’s no way a multibillion dollar marketing industry is just gonna go away quietly. But this could be the final nail for cookies as they were. Imagine, as an example, Tim, enterprises browsing in a virtual environment. In other words, it’s almost like a browsing collective where every single person in your enterprise as they are browsing for work and whatever other reasons they’re doing it.

Tim CallanAre all being aggregated?

Jason SorokoThey’re being aggregated. In other words, through the public internet, your enterprise looks like a single browser. Therefore, information about your individual employees is, it’s very, very difficult to track because every person is going to look like every other person because every person is every other person. I can even see that coming to not just enterprises, because that’s an option for enterprises today. There are virtual browsing environments that will do that at your ingress and egress point, but I can also see that happening from the consumer, the normal consumer non-enterprise standpoint. There could even be, Tim, companies that will say, hey, do you wanna anonymize yourself? Come joint a collective. You could opt out of all this cookie nonsense - and fingerprinting stuff that we talked about on previous podcasts, by basically saying, hey, I will give up some information about myself, or pay money or whatever the mechanism is to join this browsing collective to say, don’t fingerprint me. I just wanna browse the Web, and I don’t want to have targeted ads. Period. Cookie me all you want, but you’re really just cookie-ing some virtual system, and it won’t yield a marketer interesting information.

Tim CallanIt would be, especially in that case, if it was anonymized for people who had very little to do with me than, whether or not I’m interested in recipes for eggplant would be just lost in the vastness of that group.

Jason SorokoSo that’s one. That’s one that kind of new, which is these, I use the term, I haven’t heard anybody else using that, but that’s the term that comes to my mind. And it’s just because everybody looks like everybody else in this virtualized browsing environment. That’s kind of very fresh and for the future. I wanna talk about very, very quick, what the three things that actually exist today to perform very similar functions which is the Tor browser. Tor browser, the idea being, well, no you don’t who I am. Because I’m being obfuscated by having my traffic routed through so many different servers that you don’t know who I am, you don’t know where I’m coming from and any kind of profiling about me is going to be nearly impossible. The Tor browser. And we’ve actually had podcasts about - -

Tim CallanWe did an episode on that. But that’s a very, very niche thing.

Jason SorokoThat’s very niche. Absolutely. So therefore, it’s not like saying, you probably would never say to your enterprise, hey, everybody use Tor browser. You're never going to do that. Therefore, that’s why these virtualized browsing environments are saying, we don’t need what Tor gives you. Therefore, we’re gonna do something that’s just very specific, which is making browser fingerprinting not useful.

There are also, Tim, browser plug-ins and extensions right now that are attempting to obfuscate your fingerprint. I’m not going to go into who and what those are, but that’s just another category of what’s out there for people who want to explore. My grandmother is not going to be doing that, but somebody who is tech savvy probably will. And then there’s another category which is there are privacy browsers out there. I’ll name one of them, Brave, which is a chromium-based browser from what I remember, and basically a lot of – I don’t know if they have a full-blown ability to stop fingerprinting of your browsing, per se. They may. They may not. I haven’t measured it personally, but there’s certainly - just about every single privacy trick in the book, they’re trying to throw at your browsing experience, so there are browsers out there. So, those are four browser fingerprinting obfuscating techniques, Tim.

Tim CallanI might give up - If I’m using these things, I might give up some of the quality of my browsing experience because one of the things that you’ve pointed out in the past is the reason fingerprinting is possible is because the browser is sharing lots of, lots of information with the site in order to provide an optimized experience. It’s talking about things like screen size and fonts and audio settings and things along those lines, which presumably the site can be using to actually give me a better experience on the other end. Once we start obfuscating that stuff, I might expect that there would be a commensurate drop in that rich, well-presented beautifully laid out experience that I might otherwise be receiving. So, is that the trade-off here?

Jason SorokoI think, Tim, what some of these things are doing is basically obfuscating some of it, probably not all of it, and this is why I say something like even the Brave browser, this would be a great time to have somebody who works in the privacy browser industry to be able to tell us what is the balance. What is the balance that your striking? Because I think that that’s not to put words in their mouth, but I think that that’s what their trying to achieve, which is perhaps really what it comes down to, Tim, perhaps what it comes down to – I could be wrong, but it really comes down to those bits of entropy, which is lowering the bits of entropy to the point where your browsing experience is not hit too hard, but on the other hand, you’re sufficiently aggregated and sufficiently your browser profile collides with so many other profiles at that level that it’s unusable for certain kinds of nefarious tracking.

Tim CallanSo, maybe there’s an 80/20 rule here. Maybe there’s some stuff that doesn’t really matter to your experience in any meaningful way, and I’m going to stub that out, and I’m going to keep a smaller number of things like screen resolution. Screen resolution – there’s an awful lot of people who have the same screen resolution that I am. If you’re looking at that, it’s going to be hard to use that to narrow that down to one individual. In that way, you can still deliver a quality experience that most people are not going to notice a difference, but you can blunt the tracking considerably.

Jason SorokoI love the way that you said that because maybe the perfect way to end this podcast and end this series which is maybe the future is 80 20. When it comes to privacy and that’s probably so close to the truth it’s not even funny. That’s my guess.

Tim CallanAnd not only that, I think we had our title. We started by not knowing what to call this. I think we’re gonna probably call it something like the 80 20 privacy. Privacy 80 20. Something like that. You’ll know cause you've already looked at the title of the podcast before you listened, so. We’ll figure it out. Excellent. That’s probably a great place to leave it, so thanks a lot, Jay.

Stay informed with expert insights

Subscribe to Root Causes for engaging discussions on PKI, digital security, and best practices for protecting your organization's critical assets. Don’t miss an episode!