ip-blindness
turtledove
Our great sponsors
ip-blindness | turtledove | |
---|---|---|
7 | 26 | |
115 | 502 | |
- | 3.2% | |
0.7 | 9.5 | |
about 1 year ago | 3 days ago | |
Bikeshed | ||
- | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ip-blindness
-
Intelligent Tracking Prevention is getting even stronger by also hiding the user’s IP address from trackers on IOS 15
More here: https://github.com/bslassey/ip-blindness
-
3rd party tags - Chrome
Yes, but have in mind that in a future it may not be possible. Take a look to the Gnatcatcher proposal: https://github.com/bslassey/ip-blindness
-
I Work on Ads at Google
> at the very least, the ad network will be able to see your IP and know that you like athletic shoes and visited www.wereallylikeshoes.com. If you visit some other domain first-ad-network.com owns with the same IP it within a small window of time, it can be pretty confident it's the same person and even store some client side data at that point. It feels like they can construct a reasonably good profile about their users by using that technique.
Yes, there are a lot of user identifying bits in an IP address. Chrome has two proposals: https://github.com/bslassey/ip-blindness I'm not sure what other browsers are thinking?
> That's considering the browser doesn't leak out any other potentially identifying information.
Which they definitely do. All the browsers are working on figuring out how to thwart fingerprinting, and it's really hard. I am glad, at least, that we were able to get Google Ads to publicly commit to not fingerprinting.
> when you click on the ad, they know one interest about you and, if you clicked in ads from other campaigns they run, they may reconstruct your profile well
Yes, when people click on ads in Turtledove the advertiser does learn something. This is a huge improvement to the status quo where advertisers learn things just by bidding, or an intermediate stage where advertisers learn things when they win an auction -- users don't click on ads very often, so the amount of information leaked this way is very low.
Exactly how much information the advertiser is able to learn on a click is still very much up in the air, so if you have views on this you might consider participating on the repo?
-
AdGuard publishes a list of 6K+ trackers abusing the CNAME cloaking technique
"Near-path NAT"[1] has been suggested as a mechanism that browsers can use to proxy requests through an intermediate server, similar to what you suggest.
[1] https://github.com/bslassey/ip-blindness/blob/master/near_pa...
-
Google to stop selling ads based on your specific web browsing
> and you know my IP address
https://www.chromium.org/Home/chromium-privacy/privacy-sandb... links to https://github.com/bslassey/ip-blindness for how they intend to handle this.
(Disclosure: I work on ads at Google, speaking only for myself)
-
Google says it may have found a privacy-friendly substitute to cookies
If you want to prevent fingerprinting, you need to look at where the identifying bits are coming from. (ex: https://coveryourtracks.eff.org/) The IP address provides enough bits to uniquely identify many users, and when combined with just a few more bits, to identify almost anyone.
TOR is one solution here, which you could potentially also describe as "adding forced MitM to every connection". The proposals in https://github.com/bslassey/ip-blindness/blob/master/near_pa... and https://github.com/bslassey/ip-blindness/blob/master/willful... have different tradeoffs than TOR, with the "TOR is painfully slow" problem being a big one.
If you have better ideas, though, I would be very interested in reading them!
turtledove
- Relaxing the Same-Origin Policy to allow for subdomains
-
Google has been rolling out Chrome's “Enhanced Ad Privacy” via a popup
it's unfortunate that the sour response to this impressive privacy work (https://github.com/WICG/turtledove/blob/main/FLEDGE_k_anonym...) will likely lead to people turning it off, and buried in their is the switch for Private State Tokens (https://github.com/WICG/trust-token-api/blob/main/README.md)
-
iOS 17 automatically removes tracking parameters from links you click on
It'll be interesting to see how this goes. Google and Mozilla+Meta each have competing standards.
https://github.com/WICG/turtledove
https://blog.mozilla.org/en/mozilla/privacy-preserving-attri...
To my knowledge, Mozilla's design is the only one where someone other than the browser collects & reports on click activity, and with a fairly trustless anonymizing double blind strategy for those intermediaries.
-
Partnering with Fastly–Oblivious HTTP relay for FLEDGE's 𝑘-anonymity server
https://github.com/WICG/turtledove/blob/main/FLEDGE_k_anonym...
-
Apple, FedEx and the Cookie Apocalypse
you can target an Economist reader a week later on a different website. If FLoC works, you can still do that.
https://github.com/WICG/floc won't really let advertisers do that, this is what https://github.com/WICG/turtledove is for
(Disclosure: I work on ads at Google, speaking only for myself)
-
iOS 14 tracking changes sees big ad spending drop, tumbling prices
The issue is that the replacement that are currently in the works (https://github.com/WICG/floc and https://github.com/WICG/turtledove/blob/main/FLEDGE.md) are extremely complex, will still dramatically impact adtech performance and only improve privacy for a very contrived definition of the concept which incidentally benefits once again big tech vendors...
As to the effectiveness of advertising, removing tracking will have a huge impact. And this affects all players in the value chain, not only adtech providers but also publishers and more importantly advertisers which will see their return on ad spent severely impacted. There is a real of loss "social welfare" (I mean in a game-theoretic sense, but also for real if you believe in capitalism) if tracking is disabled.
-
Audience Extension After 3rd Party Cookies
Check FLEDGE initiative for this case. The mechanism has not been settled yet, but moves in the needed direction: https://github.com/WICG/turtledove/blob/main/FLEDGE.md#11-joining-interest-groups
- I Work on Ads at Google
-
GitHub blocks FLoC across all of GitHub Pages
I think advertising is positive [1] and the role of ads in funding freely-available sites is very important. My current work is primarily on how browsers can allow more private and secure advertising [2][3][4] which I think most people will agree is valuable even if they are less in favor of advertising in general.
At a lower level, I do this job because I'm paid, which allows me to donate. [5] But I wouldn't do this work if I thought it was harmful; there are lots of different kinds of jobs I could take.
[1] https://www.jefftk.com/p/effect-of-advertising
[2] https://github.com/google/fledge-shim
[3] https://github.com/WICG/turtledove/issues/161
[4] https://github.com/WICG/webpackage/issues/624
[5] https://www.jefftk.com/donations
-
What is going on with "birds" names for the new generation of ad targeting technologies?
Why do Google's FLoC, TURTLEDOVE, Dovekey, Criteo's SPARROW, Magnite's PARRROT, NextRoll's TERN and Microsoft's PARAKEET all have similar bird-related names? This feels very cruel considering that in most cultures birds often symbolise freedom.
What are some alternatives?
FTL - The Pi-hole FTL engine
challenge-bypass-extension - DEPRECATED - Client for Privacy Pass protocol providing unlinkable cryptographic tokens
privacy-preserving-ads - Privacy-Preserving Ads
floc - This proposal has been replaced by the Topics API.
bypass-paywalls-chrome - Bypass Paywalls web browser extension for Chrome and Firefox.
cname-trackers - This repository contains a list of popular CNAME trackers
sparrow
ads-privacy
afwall - AFWall+ (Android Firewall +) - iptables based firewall for Android
stealth - :rocket: Stealth - Secure, Peer-to-Peer, Private and Automateable Web Browser/Scraper/Proxy
pigin - PIGIN: Private Interest Groups, Including Noise