Hepner expects that the DOJ plan may be measured enough that the court may only “be interested in a nip-tuck, not a wholesale revision of what plaintiffs have put forward.”
Kamyl Bazbaz, SVP of public affairs for Google’s more privacy-focused rival DuckDuckGo, released a statement agreeing with Hepner.
“The government has put forward a proposal that would free the search market from Google’s illegal grip and unleash a new era of innovation, investment, and competition,” Bazbaz said. “There’s nothing radical about this proposal: It’s firmly based on the court’s extensive finding of fact and proposes solutions in line with previous antitrust actions.”
Bazbaz accused Google of “cynically” invoking privacy among chief concerns with a forced Chrome sale. That “is rich coming from the Internet’s biggest tracker,” Bazbaz said.
Will Apple finally compete with Google in search?
The remedies the DOJ has proposed could potentially be game-changing, Bazbaz told Ars, not just for existing rivals but also new rivals and startups the court found were previously unable to enter the market while it was under Google’s control.
If the DOJ gets its way, Google could be stuck complying with these proposed remedies for 10 years. But if the company can prove after five years that competition has substantially increased and it controls less than 50 percent of the market, the remedies could be terminated early, the DOJ’s proposed final judgment order said.
That’s likely cold comfort for Google as it prepares to fight the DOJ’s plan to break up its search empire and potentially face major new competitors. The biggest risk to Google’s dominance in AI search could even be its former partner, whom the court found was being paid handsomely to help prop up Google’s search monopoly: Apple.
On X (formerly Twitter), Hepner said that cutting off Google’s $20 billion payments to Apple for default placements in Safari alone could “have a huge effect and may finally kick Apple to enter the market itself.”
Chrome users who declined to sync their Google accounts with their browsing data secured a big privacy win this week after previously losing a proposed class action claiming that Google secretly collected personal data without consent from over 100 million Chrome users who opted out of syncing.
On Tuesday, the 9th US Circuit Court of Appeals reversed the prior court’s finding that Google had properly gained consent for the contested data collection.
The appeals court said that the US district court had erred in ruling that Google’s general privacy policies secured consent for the data collection. The district court failed to consider conflicts with Google’s Chrome Privacy Notice (CPN), which said that users’ “choice not to sync Chrome with their Google accounts meant that certain personal information would not be collected and used by Google,” the appeals court ruled.
Rather than analyzing the CPN, it appears that the US district court completely bought into Google’s argument that the CPN didn’t apply because the data collection at issue was “browser agnostic” and occurred whether a user was browsing with Chrome or not. But the appeals court—by a 3–0 vote—did not.
In his opinion, Circuit Judge Milan Smith wrote that the “district court should have reviewed the terms of Google’s various disclosures and decided whether a reasonable user reading them would think that he or she was consenting to the data collection.”
“By focusing on ‘browser agnosticism’ instead of conducting the reasonable person inquiry, the district court failed to apply the correct standard,” Smith wrote. “Viewed in the light most favorable to Plaintiffs, browser agnosticism is irrelevant because nothing in Google’s disclosures is tied to what other browsers do.”
Smith seemed to suggest that the US district court wasted time holding a “7.5-hour evidentiary hearing which included expert testimony about ‘whether the data collection at issue'” was “browser-agnostic.”
“Rather than trying to determine how a reasonable user would understand Google’s various privacy policies,” the district court improperly “made the case turn on a technical distinction unfamiliar to most ‘reasonable'” users, Smith wrote.
Now, the case has been remanded to the district court where Google will face a trial over the alleged failure to get consent for the data collection. If the class action is certified, Google risks owing currently unknown damages to any Chrome users who opted out of syncing between 2016 and 2024.
According to Smith, the key focus of the trial will be weighing the CPN terms and determining “what a ‘reasonable user’ of a service would understand they were consenting to, not what a technical expert would.”
Matthew Wessler, a lawyer for Chrome users suing, told Ars that “we are pleased with the Ninth Circuit’s decision” and “look forward to taking this case on behalf of Chrome users to trial.”
A Google spokesperson, José Castañeda, told Ars that Google disputes the decision.
“We disagree with this ruling and are confident the facts of the case are on our side,” Castañeda told Ars. “Chrome Sync helps people use Chrome seamlessly across their different devices and has clear privacy controls.”
Google Chrome’s long, long project to implement a new browser extension platform is seemingly going to happen, for real, after six years of cautious movement.
One of the first ways people are seeing this is if they use uBlock Origin, a popular ad-blocking extension, as noted by Bleeping Computer. Recently, Chrome users have seen warnings pop up that “This extension may soon no longer be supported,” with links asking the user to “Remove or replace it with similar extensions” from Chrome’s Web Store. You might see a similar warning on some extensions if you head to Chrome’s Extensions page (chrome://extensions).
What’s happening is Chrome preparing to make Manifest V3 required for extensions that want to run on its platform. First announced in 2018, the last word on Manifest V3 was that V2 extensions would start being nudged out in early June on the Beta, Dev, and Canary update channels. Users will be able to manually re-enable V2 extensions “for a short time,” Google has said, “but over time, this toggle will go away as well.” The shift for enterprise Chrome deployments is expected to be put off until June 2025.
Google has said that its new extension platform was built for “improving the security, privacy, performance, and trustworthiness of the extension ecosystem.” The Electronic Frontier Foundation (EFF) disagrees most strongly with the security aspect, and Firefox-maker Mozilla, while intending to support V3 extensions for cross-browser compatibility, has no plans to cut off support for V2 extensions, signaling that it doesn’t see the big improvement.
Perhaps the biggest point of friction is with ad blockers. Google has said it “isn’t killing ad blockers” but “making them safer,” in an explanatory blog post. Google noted in November 2023 that Manifest V3 allowed for a greater number, and more dynamic updating, of content-blocking rules in extensions, specifically ad blockers.
But one of the biggest changes is in disallowing “remotely hosted code,” which includes the filtering lists that ad blockers keep regularly updated. Ad blockers that want to update their filtering lists, perhaps in response to pivots by platforms like Google’s YouTube and ad servers, will have to do so through the Chrome Web Store’s review process. Ad-blocking coders see it as an intentional gatekeeping and slowing.
Google said before the initial May push toward V3 that 85 percent of actively maintained extensions in its store had Manifest V3 versions ready. Raymond Hill wrote on uBlock Origin’s GitHub page Friday that there will not be a full version of uBlock Origin that works with Manifest V3, but instead a “Lite” version that is “a pared-down version of uBO with a best effort at converting filter lists used by uBO into a Manifest V3-compliant approach.”
Enlarge/ Google, like most of us, has a hard time letting go of cookies. Most of us just haven’t created a complex set of APIs and brokered deals across regulation and industry to hold onto the essential essence of cookies.
Getty Images
Google has an announcement today: It’s not going to do something it has thought about, and tinkered with, for quite some time.
Most people who just use the Chrome browser, rather than develop for it or try to serve ads to it, are not going to know what “A new path for Privacy Sandbox on the web” could possibly mean. The very short version is that Google had a “path,” first announced in January 2020, to turn off third-party (i.e., tracking) cookies in the most-used browser on Earth, bringing it in line with Safari, Firefox, and many other browsers. Google has proposed several alternatives to the cookies that follow you from page to page, constantly pitching you on that space heater you looked at three days ago. Each of these alternatives has met varying amounts of resistance from privacy and open web advocates, trade regulators, and the advertising industry.
So rather than turn off third-party cookies by default and implement new solutions inside the Privacy Sandbox, Chrome will “introduce a new experience” that lets users choose their tracking preferences when they update or first use Chrome. Google will also keep working on its Privacy Sandbox APIs but in a way that recognizes the “impact on publishers, advertisers, and everyone involved in online advertising.” Google also did not fail to mention it was “discussing this new path with regulators.”
Why today? What does it really mean? Let’s journey through more than four and a half years of Google’s moves to replace third-party cookies, without deeply endangering its standing as the world’s largest advertising provider.
2017–2022: FLoC or “What if machines tracked you, not cookies?”
Google’s big moves toward a standstill likely started at Apple headquarters. Its operating system updates in the fall of 2017 implemented a 24-hour time limit on ad-targeting cookies in Safari, the default browser on Macs and iOS devices. A “Coalition of Major Advertising Trade Associations” issued a sternly worded letter opposing this change, stating it would “drive a wedge between brands and their customers” and make advertising “more generic and less timely and useful.”
By the summer of 2019, Firefox was ready to simply block tracking cookies by default. Google, which makes the vast majority of its money through online advertising, made a different, broader argument against dropping third-party cookies. To paraphrase: Trackers will track, and if we don’t give them a proper way to do it, they’ll do it the dirty way by fingerprinting browsers based on version numbers, fonts, screen size, and other identifiers. Google said it had some machine learning that could figure out when it was good to share your browsing habits. For example:
New technologies like Federated Learning show that it’s possible for your browser to avoid revealing that you are a member of a group that likes Beyoncé and sweater vests until it can be sure that group contains thousands of other people.
In January 2020, Google shifted its argument from “along with” to “instead of” third-party cookies. Chrome Engineering Director Justin Schuh wrote, “Building a more private Web: A path towards making third party cookies obsolete,” suggesting that broad support for Chrome’s privacy sandbox tools would allow for dropping third-party cookies entirely. Privacy advocate Ben Adida described the move as “delivering teeth” and “a big deal.” Feedback from the W3C and other parties, Schuh wrote at that time, “gives us confidence that solutions in this space can work.”
Google’s explanatory graphic for FLoC, or Federated Learning of Cohorts.
Google
As Google developed its replacement for third-party cookies, the path grew trickier and the space more perilous. The Electronic Frontier Foundation described Google’s FLoC, or the “Federated Learning of Cohorts” that would let Chrome machine-learn your profile for sites and ads, as “A Terrible Idea.” The EFF was joined by Mozilla, Apple, WordPress, DuckDuckGo, and lots of browsers based on Chrome’s core Chromium code in being either opposed or non-committal to FLoC. Google pushed back testing FLOC until late 2022 and third-party cookie removal (and thereby FLoC implementation) until mid-2023.
By early 2022, FLoC didn’t have a path forward. Google pivoted to a Topics API, which would give users a bit more control over which topics (“Rock Music,” “Auto & Vehicles”) would be transmitted to potential advertisers. It would certainly improve over third-party cookies, which are largely inscrutable in naming and offer the user only one privacy policy: block them, or delete them all and lose lots of logins.
Will Chrome, the world’s most popular browser, ever kill third-party cookies? Apple and Mozilla both killed off the user-tracking technology in 2020. Google, the world’s largest advertising company, originally said it wouldn’t kill third-party cookies until 2022. Then in 2021, it delayed the change until 2023. In 2022, it delayed everything again, until 2024. It’s 2024 now, and guess what? Another delay. Now Google says it won’t turn off third-party cookies until 2025, five years after the competition.
A new blog post cites UK regulations as the reason for the delay, saying, “We recognize that there are ongoing challenges related to reconciling divergent feedback from the industry, regulators and developers, and will continue to engage closely with the entire ecosystem.” The post comes as part of the quarterly reports the company is producing with the UK’s Competition and Markets Authority (CMA).
Interestingly, the UK’s CMA isn’t concerned about user privacy but instead is worried about other web advertisers that compete with Google. The UK wants to make sure that Google isn’t making changes to Chrome to prop up its advertising business at the expense of competitors. While other browser vendors shut down third-party cookies without a second thought, Google said it wouldn’t turn off the user-tracking feature until it built an alternative advertising feature directly into Chrome, so it can track user interests to serve them relevant ads. The new advertising system, called the Topics API and “Privacy Sandbox,” launched in Chrome in 2023. Google AdSense is already compatible.
The UK is worried that Chrome’s new ad system might give Google’s ad division an unfair advantage. Google and the UK CMA are talking it out, and Google says it’s “critical that the CMA has sufficient time to review all evidence, including results from industry tests, which the CMA has asked market participants to provide by the end of June.” Google has a public testing suite for Chrome’s new ad system to allow for feedback. Given all the testing data that needs to be pored over, Google says, “We will not complete third-party cookie deprecation during the second half of Q4.” We’ll check back next year!
We are quickly barreling toward an age of viable Arm-powered Windows laptops with the upcoming launch of Qualcomm’s Snapdragon X Elite CPU. Hardware options are great, but getting useful computers out of them will require a lot of new software, and a big one has just launched: Chrome for Windows on Arm.
Google has had a nightly “canary” build running since January, but now it has a blog post up touting a production-ready version of Chrome for “Arm-compatible Windows PCs powered by Snapdragon.” That’s right, Qualcomm has a big hand in this release, too, with its own press announcement touting Google’s browser release for its upcoming chip. Google promises a native version of Chrome will be “fully optimized for your PC’s [Arm] hardware and operating system to make browsing the web faster and smoother.”
Apple upended laptop CPU architecture when it dumped Intel and launched the Arm-based Apple Silicon M1. A few years later and Qualcomm is ready to answer—mostly by buying a company full of Apple Silicon veterans—with the upcoming launch of the Snapdragon X Elite chip. Qualcomm claims the X Elite will bring Apple Silicon-class hardware to Windows, but the chip isn’t out yet—it’s due for a “mid-2024” release. Most of the software you’ll be running will still be written in x86 and need to go through a translation layer, which will slow things down, but at least it won’t have to be your primary browser.
Google says the release will be out this week. Assuming you don’t have an Arm laptop yet, you can visit “google.com/chrome,” scroll all the way down to the footer, and click “other platforms,” which will eventually show the new release.
Enlarge/ Google’s safe browsing warning is not subtle.
Google
Google Chrome’s “Safe Browsing” feature—the thing that pops up a giant red screen when you try to visit a malicious website—is getting real-time updates for all users. Google announced the change on the Google Security Blog. Real-time protection naturally means sending URL data to some far-off server, but Google says it will use “privacy-preserving URL protection” so it won’t get a list of your entire browsing history. (Not that Chrome doesn’t already have features that log your history or track you.)
Safe Browsing basically boils down to checking your current website against a list of known bad sites. Google’s old implementation happened locally, which had the benefit of not sending your entire browsing history to Google, but that meant downloading the list of bad sites at 30- to 60-minute intervals. There are a few problems with local downloads. First, Google says the majority of bad sites exist for “less than 10 minutes,” so a 30-minute update time isn’t going to catch them. Second, the list of all bad websites on the entire Internet is going to be very large and constantly growing, and Google already says that “not all devices have the resources necessary to maintain this growing list.”
If you really want to shut down malicious sites, what you want is real-time checking against a remote server. There are a lot of bad ways you could do this. One way would be to just send every URL to the remote server, and you’d basically double Internet website traffic for all of Chrome’s 5 billion users. To cut down on those server requests, Chrome is instead going to download a list of known good sites, and that will cover the vast majority of web traffic. Only the small, unheard-of sites will be subject to a server check, and even then, Chrome will keep a cache of your recent small site checks, so you’ll only check against the server the first time.
When you’re not on the known-safe-site list or recent cache, info about your web URL will be headed to some remote server, but Google says it won’t be able to see your web history. Google does all of its URL checking against hashes, rather than the plain-text URL. Previously, Google offered an opt-in “enhanced protection” mode for safe browsing, which offered more up-to-date malicious site blocking in exchange for “sharing more security-related data” with Google, but the company thinks this new real-time mode is privacy-preserving enough to roll out to everyone by default. The “Enhanced” mode is still sticking around since that allows for “deep scans for suspicious files and extra protection from suspicious Chrome extensions.”
Enlarge/ Google’s diagram of how the whole process works.
Google
Interestingly, the privacy scheme involves a relay server that will be run by a third party. Google says, “In order to preserve user privacy, we have partnered with Fastly, an edge cloud platform that provides content delivery, edge compute, security, and observability services, to operate an Oblivious HTTP (OHTTP) privacy server between Chrome and Safe Browsing.”
For now, Google’s remote checks, when they happen, will mean some latency while your safety check completes, but Google says it’s “in the process of introducing an asynchronous mechanism, which will allow the site to load while the real-time check is in progress. This will improve the user experience, as the real-time check won’t block page load.”
The feature should be live in the latest Chrome release for desktop, Android, and iOS. If you don’t want it, you can turn it off in the “Privacy and security” section of the Chrome settings.
Microsoft has fixed a problem that resulted in tabs from Google Chrome being imported to Microsoft Edge without user consent, as spotted by The Verge. Microsoft has kept mum on the situation, making the issued update the first time Microsoft has identified this as a problem, rather than typical behavior for the world’s third-most-popular browser.
In late January, The Verge Senior Editor Tom Warren reported experiencing the puzzling Edge issue. After updating his computer, Edge launched with the tabs that Warren most recently used in Chrome. He eventually realized that Edge has a feature you can toggle, reading: “Always have access to your recent browsing data each time you browse on Microsoft Edge.” The setting is reachable in Edge by typing “edge://settings/profiles/importBrowsingData.” Interestingly, it allows Edge to import browsing data from Chrome every time you open Edge, but data from Firefox can only be imported manually. However, Edge was seizing Chrome tabs without this setting enabled. Others reported having this problem via Microsoft’s support forum and social media, as well.
Enlarge/ The Edge setting as seen on a Windows 11 23H2 system running Edge 122. You can have data continuously imported from Chrome or on demand from Firefox, but other browsers don’t appear.
Andrew Cunningham
Microsoft didn’t respond to The Verge’s initial request for comment, but this week it released an Edge update that seems to address matters. Microsoft’s release notes from February 15 say:
Edge has a feature that provides an option to import browser data on each launch from other browsers with user consent. This feature’s state might not have been syncing and displaying correctly across multiple devices. This is fixed.
Microsoft seems to be saying that the status (enabled or disabled) of Edge’s importing data ability wasn’t syncing correctly across people’s Microsoft devices. However, this doesn’t explain the number of users who claimed they saw the problem without having the feature enabled. Microsoft declined Ars Technica’s request for comment.
With this fix, Microsoft is claiming that the behavior was, indeed, unintentional. But that wasn’t a given. Besides the fact that Microsoft hasn’t provided more details about the problem, the company also has a history of both sneakily and overtly trying to coerce people into using Edge. You’ll see Microsoft pester you with pop-up messages if you try to download Chrome or change your default browser, for example.
Edge and Chrome are both based on the Chromium browsing engine, but Chrome has long maintained a massive lead over Edge in terms of market share. Global Statcounter data points to Chrome having 64.41 percent market share last month, followed by Safari (18.82 percent), and then Edge (5.36 percent). The numbers inch slightly more in Microsoft’s favor when looking at the US market specifically (9.31 percent share in January), although Chrome still dominated (49.06 percent).
Browser market share for the past year globally.
Browser market share for the past year in the US.
Like many web browsers, Edge has a hard time competing with Chrome, which ties in with other popular Google services, like Gmail. Similarly, Edge promotes Microsoft offerings, including coupons, Microsoft accounts, and, as of recently, Copilot.
Edge pulling Chrome tabs seemed to fit in with pushy strategies Microsoft has employed to get people on its browser and other products, like Microsoft 365. Without more information, we don’t know when Microsoft first knew about Edge’s unwanted tab replication or how long it took to make it stop. Regardless, Microsoft doesn’t intend for tab swiping to be part of the Edge experience currently, so at least this particular nuisance should be over.
Apple is being forced to make major changes to iOS in Europe, thanks to the European Union’s “Digital Markets Act.” The act cracks down on Big Tech “gatekeepers” with various interoperability, fairness, and privacy demands, and part of the changes demanded of Apple is to allow competing browser engines on iOS. The change, due in iOS 17.4, will mean rival browsers like Chrome and Firefox get to finally bring their own web rendering code to iPhones and iPads. Despite what sounds like a big improvement to the iOS browser situation, Google and Mozilla aren’t happy with Apple’s proposed changes.
Earlier, Mozilla spokesperson Damiano DeMonte gave a comment to The Verge on Apple’s policy changes and took issue with the decision to limit the browser changes to the EU. “We are still reviewing the technical details but are extremely disappointed with Apple’s proposed plan to restrict the newly-announced BrowserEngineKit to EU-specific apps,” DeMonte said. “The effect of this would be to force an independent browser like Firefox to build and maintain two separate browser implementations—a burden Apple themselves will not have to bear.” DeMonte added: “Apple’s proposals fail to give consumers viable choices by making it as painful as possible for others to provide competitive alternatives to Safari. This is another example of Apple creating barriers to prevent true browser competition on iOS.”
Apple’s framework that allows for alternative browser engines is called “BrowserEngineKit” and already has public documentation as part of the iOS 17.4 beta. Browser vendors will need to earn Apple’s approval to use the framework in a production app, and like all iOS apps, that approval will come with several requirements. None of the requirements jump out as egregious: Apple wants browser vendors to have a certain level of web standards support, pledge to fix security vulnerabilities quickly and protect the user’s privacy by showing the standard consent prompts for access to things like location. You’re not allowed to “sync cookies and state between the browser and any other apps, even other apps of the developer,” which seems aimed directly at Google and its preference to have all its iOS apps talk to each other. The big negative is that your BrowserEngineKit app is limited to the EU, because—surprise—the EU rules only apply to the EU.
Speaking of Google, Google’s VP of engineering for Chrome, Parisa Tabriz, commented on DeMonte’s statement on X, saying, “Strong agree with @mozilla. @Apple isn’t serious about supporting web browser or engine choice on iOS. Their strategy is overly restrictive, and won’t meaningfully lead to real choice for browser developers.”
Today, you can download what look like “alternative” browsers on iOS, like Chrome and Firefox, but these browsers are mostly just skins overtop of Apple’s Safari engine. iOS app developers aren’t actually allowed to include their own browser engines, so everything uses Safari’s WebKit engine, with a new UI and settings and sync features layered on top. That means all of WebKit’s bugs and feature support decisions apply to every browser.
Being stuck with Safari isn’t great for users. Over the years, Safari has earned a reputation as “the new IE” from some web developers, due to lagging behind the competition in its support for advanced web features. Safari has gotten notably better lately, though. For instance, in 2023, it finally shipped support for push notifications, allowing web apps to better compete with native apps downloaded from Apple’s cash-cow App Store. Apple’s support of push notifications came seven years after Google and Mozilla rolled out the feature.
More competition would be great for the iOS browser space, but the reality is that competition will mostly be from the other big “gatekeeper” in the room: Google. Chrome is the project with the resources and reach to better compete with Safari, and working its way into iOS will bring the web close to a Chrome monoculture. Google’s browser may have better support for certain web features, but it will also come with a built-in tracking system that spies on users and serves up their interests to advertisers. Safari has a much better privacy story.
Even though only EU users will get to choose from several actually different browsers, everyone still has to compete in the EU, and that includes Safari. For the rest of the world, even they don’t get a real browser choice; competing in the EU browser wars should make the only iOS browser better for everyone. The EU rules have a compliance deadline of March 2024, so iOS 17.4 needs to be out by then. Google and Mozilla have been working on full versions of their browsers for iOS for at least a year now. Maybe they’ll be ready for launch?
Enlarge/ The Chrome nightly download page with an important section highlighted.
Ron Amadeo
Chrome is landing on a new platform: Windows on Arm. We don’t have an official announcement yet, but X user Pedro Justo was the first to spot that the Chrome Canary page now quietly hosts binaries for “Windows 11 Arm.”
Chrome has run on Windows for a long time, but that’s the x86 version. It also supports various Arm OSes, like Android, Chrome OS, and Mac OS. There’s also Chromium, the open source codebase on Chrome, which has run on Windows Arm for a while now, thanks mostly to Microsoft’s Edge browser being a Chromium derivative. The official “Google Chrome” has never been supported on Windows on Arm until now, though.
Windows may be a huge platform, but “Windows on Arm” is not. Apple’s switch to the Arm architecture has been a battery life revelation for laptops, and in the wake of that, interest in Windows on Arm has picked up. A big inflection point will be the release of laptops with the Qualcomm Snapdragon X Elite SoC in mid-2024. Assuming Qualcomm’s pre-launch hype pans out, this will be the first Arm on Windows chip to be in the same class as Apple Silicon. Previously, Windows on Arm could only run Chrome as an x86 app via a slow translation layer, so getting the world’s most popular browser to a native quality level in time for launch will be a big deal for Qualcomm.
The “Canary” channel is Chrome’s nightly builds channel, so fresh Arm builds should be arriving at a rapid pace. Usually, Canary features take about two months to hit the stable channels, which would be plenty of time for the new Snapdragon chip. It’s hard to know if Google will stick to that timeline, as this is a whole new architecture/OS combo. But again, most of the work has been ongoing for years now. The next steps would be rolling out Windows Arm dev and beta channels soon.
Google is updating the warning on Chrome’s Incognito mode to make it clear that Google and websites run by other companies can still collect your data in the web browser’s semi-private mode.
The change is being made as Google prepares to settle a class-action lawsuit that accuses the firm of privacy violations related to Chrome’s Incognito mode. The expanded warning was recently added to Chrome Canary, a nightly build for developers. The warning appears to directly address one of the lawsuit’s complaints, that the Incognito mode’s warning doesn’t make it clear that Google collects data from users of the private mode.
Many tech-savvy people already know that while private modes in web browsers prevent some data from being stored on your device, they don’t prevent tracking by websites or Internet service providers. But many other people may not understand exactly what Incognito mode does, so the more specific warning could help educate users.
The new warning seen in Chrome Canary when you open an incognito window says: “You’ve gone Incognito. Others who use this device won’t see your activity, so you can browse more privately. This won’t change how data is collected by websites you visit and the services they use, including Google.” The wording could be interpreted to refer to Google websites and third-party websites, including third-party websites that rely on Google ad services.
The new warning was not yet in the developer, beta, and stable branches of Chrome as of today. It also wasn’t in Chromium. The change to Canary was previously reported by MSPowerUser.
“Now you can browse privately”
Incognito mode in the stable version of Chrome still says: “You’ve gone Incognito. Now you can browse privately, and other people who use this device won’t see your activity.” Among other changes, the Canary warning replaces “browse privately” with “browse more privately.”
The stable and Canary warnings both say that your browsing activity might still be visible to “websites you visit,” “your employer or school,” or “your Internet service provider.” But only the Canary warning currently includes the caveat that Incognito mode “won’t change how data is collected by websites you visit and the services they use, including Google.”
The old and new warnings both say that Incognito mode prevents Chrome from saving your browsing history, cookies and site data, and information entered in forms, but that “downloads, bookmarks and reading list items will be saved.” Both warnings link to this page, which provides more detail on Incognito mode.
We asked Google when the warning will be added to Chrome’s stable channel and whether the change is mandated by or related to the pending settlement of the privacy class-action suit. Google didn’t provide specific answers but offered this statement: “We’re pleased to resolve this case which we’ve long disputed, and provide even more information to users about Incognito mode. Incognito mode in Chrome will continue to give people the choice to browse the Internet without their activity being saved to their browser or device.”
The litigation in US District Court for the Northern District of California began in June 2020. On December 26, 2023, Google and the plaintiffs announced that they reached a settlement that they planned to present to the court for approval within 60 days. A jury trial was previously scheduled to begin on February 5.
Chrome has finally announced plans to kill third-party cookies. It’s been almost four years since third-party cookies have been disabled in Firefox and Safari, but Google, one of the world’s largest ad companies, has been slow-rolling the death of the tracking cookie. Ad companies use third-party cookies to track users across the web, and that web activity is used to show users relevant ads. Now that Google’s alternative user-tracking ad system, the “Privacy Sandbox,” has launched in Chrome, it’s finally ready to do away with the previous form of ad tracking. The new timeline to kill third-party cookies is the second half of 2024.
Google’s blog post calls the rollout “Tracking Protection” and says the first tests will begin on January 4, where 1 percent of Chrome users will get the feature. By the second half of 2024, the rollout should hit everyone on desktop Chrome and Android (Chrome on iOS is just a reskinned Safari and is not applicable). The rollout comes with some new UI bits for Chrome, with Google saying, “If a site doesn’t work without third-party cookies and Chrome notices you’re having issues—like if you refresh a page multiple times—we’ll prompt you with an option to temporarily re-enable third-party cookies for that website from the eye icon on the right side of your address bar.” Since other browsers have been doing this for four years, it’s hard to imagine many web admins not being ready for it.
Enlarge/ Chrome’s new third-party cookies controls.
Google
Google says the rollout is “subject to addressing any remaining competition concerns from the UK’s Competition and Markets Authority.” Chrome’s Privacy Sandbox switch represents the world’s most popular browser (Google Chrome) integrating with the web’s biggest advertising platform (Google Ads) and shutting down alternative tracking methods used by competing ad companies. So, some regulators are naturally interested in the whole process.
Google says its choice to offer this privacy feature four years after its competitors is a “responsible approach” to phasing out third-party cookies. That responsibility seems to primarily be about responsibility to Google’s shareholders since turning off tracking cookies was previously seen as an attack on Google’s business model. Google’s position as the world’s biggest browser vendor allowed it to delay the death of tracking cookies long enough to create an alternative tracking system, which launched earlier this year in Chrome. With the ad business secured, it’s now acceptable to phase out cookies. So far, everything is going to plan.
