#[1]Protocol — The people, power and politics of tech

  (BUTTON) ____________________
    * [2]Home
    * [3]Bulletins
    * [4]Newsletters
    * [5]Protocol | Fintech
    * [6]Protocol Gaming
    * [7]Protocol Index
    * [8]Protocol | Enterprise
    * [9]Protocol Pipeline
    * [10]Source Code
    * [11]Protocol Next Up
    * [12]Protocol | China
    * [13]Protocol | Workplace
    * [14]Protocol | Enterprise
    * [15]About Protocol | Enterprise
    * [16]Protocol | Workplace
    * [17]About Protocol | Workplace
    * [18]Protocol | China
    * [19]About Protocol | China
    * [20]Protocol | Fintech
    * [21]About Protocol | Fintech
    * [22]Protocol | Policy
    * [23]Tech Employee Survey
    * [24]People
    * [25]Power
    * [26]Politics
    * [27]Braintrust
    * [28]Braintrust — Fintech
    * [29]Braintrust — Enterprise
    * [30]Braintrust — Work and Productivity
    * [31]Braintrust — Policy
    * [32]Manuals
    * [33]CES 2021
    * [34]The New Enterprise
    * [35]The Small Business Recovery
    * [36]Quantum computing manual
    * [37]Protocol Manual: Health Care
    * [38]The Retail Resurgence
    * [39]Reinvention of Spending
    * [40]Transforming 2021
    * [41]The Rise of Retail Investing
    * [42]The New Database
    * [43]Careers
    * [44]Source Code
    * [45]Events
    * [46]Virtual Meetups
    * [47]Tech Hearing
    * [48]Section 230 Hearing
    * [49]Election 2020
    * [50]Post-election hearing
    * [51]Alerts
    * [52]Apple Epic Trial

    * [53]Log in

  IFRAME: [54]https://www.googletagmanager.com/ns.html?id=GTM-TBZ76RQ

  x [tr?id=320226945554882&ev=PageView &noscript=1]
  [55][img.png?width=980&height=308]
  [56]Subscribe for free
  [57]Workplace[58]Enterprise[59]Fintech[60]China[61]Policy[62]Newsletter
  s[63]Braintrust[64]Podcast[65]Events[66]Careers[67]About Us

  Source Code: Your daily look at what matters in tech.
  ____________________
  [X] (BUTTON) Subscribe
  ____________________ (BUTTON)
  [68]Newsletters
  [69]Source Code
  [70]Workplace
  [71]Pipeline
  [72]China
  [73]Enterprise
  [74]Fintech
  [75]Next Up
  [76]Gaming
  [77]Workplace
  [78]Enterprise
  [79]The New Database
  [80]China
  [81]Fintech
  [82]Rise of Retail Investing
  [83]Policy
  [84]Tech Employee Survey
  [85]Manuals
  [86]The New Database
  [87]Retail Investing
  [88]Transforming 2021
  [89]Spending
  [90]Enterprise
  [91]Retail
  [92]Small Business
  [93]Health Care
  [94]Quantum Computing
  [95]Braintrust
  [96]Events

  To give you the best possible experience, this site uses cookies. If
  you continue browsing. you accept our use of cookies. You can review
  our [97]privacy policy to find out more about the cookies we use.
  [98]Accept
  source-codesource codeauthorIssie LapowskyWidescreen - w/out sidebar
  March 10th updateWant your finger on the pulse of everything that's
  happening in tech? Sign up to get David Pierce's daily
  newsletter.64fd3cbe9f
  ×

Get access to Protocol

  Email Address ____________________
  [X]
  (BUTTON) Sign Me Up
  [X] I also want to receive Protocol Alerts on the biggest breaking news
  stories and special reports.

  Will be used in accordance with our [99]Privacy Policy
  I’m already a subscriber
  Subscribe to
  Want to better understand the $150 billion gaming industry? Get our
  newsletter every Tuesday.
  Are you keeping up with the latest cloud developments? Get Tom Krazit
  and Joe Williams' newsletter every Monday and Thursday.
  David Wertime and our data-obsessed China team analyze China tech for
  you. Every Wednesday, with alerts on key stories and research.
  Want your finger on the pulse of everything that's happening in tech?
  Sign up to get Protocol's daily newsletter.
  Do you know what's going on in the venture capital and startup world?
  Get the Pipeline newsletter every Saturday.
  Do you know what's coming next up in the world of tech and
  entertainment? Get Janko Roettgers' newsletter every Thursday.
  Hear from Protocol's experts on the biggest questions in tech. Get
  Braintrust in your inbox every Thursday.
  Get access to the Protocol | Fintech newsletter, research, news alerts
  and events.
  Your guide to the new world of work.

  [100]Issie Lapowsky
  July 13, 2021
  two hands pulling a wire like a tug-of-war rope
  [101]privacy
  [102]Protocol | Policy

Concern trolls and power grabs: Inside Big Tech’s angry, geeky, often petty
war for your privacy

  Inside the World Wide Web Consortium, where the world's top engineers
  battle over the future of your data.
  Image: Christopher T. Fong/Protocol

  James Rosewell could see his company's future was in jeopardy.

  It was January 2020, and Google had just [103]announced key details of
  its plan to increase privacy in its Chrome browser by getting rid of
  third-party cookies and essentially breaking the tools that businesses
  use to track people across the web. That includes businesses like
  51Degrees, the U.K.-based data analytics company Rosewell has been
  running for the last 12 years, which uses real-time data to help
  businesses track their websites' performance.

  "We realized at the end of January 2020 what Google was proposing was
  going to have an enormous impact on our customer base," Rosewell said.

  Under the banner of a group called Marketers for an Open Web, Rosewell
  [104]filed a complaint with the U.K.'s Competition and Markets
  Authority last year, charging Google with trying to shut out its
  smaller competitors, while Google itself continued to track users.

  But appealing to antitrust regulators was only one prong in Rosewell's
  plan to get Google to delay its so-called Privacy Sandbox initiative.
  The other prong: becoming a member of the World Wide Web Consortium, or
  the W3C.

  One of the web's geekiest corners, the W3C is a mostly-online community
  where the people who operate the internet — website publishers, browser
  companies, ad tech firms, privacy advocates, academics and others —
  come together to hash out how the plumbing of the web works. It's where
  top developers from companies like Google pitch proposals for new
  technical standards, the rest of the community fine-tunes them and, if
  all goes well, the consortium ends up writing the rules that ensure
  websites are secure and that they work no matter which browser you're
  using or where you're using it.

  The W3C's members do it all by consensus in public GitHub forums and
  open Zoom meetings with meticulously documented meeting minutes,
  creating a rare archive on the internet of conversations between some
  of the world's most secretive companies as they collaborate on new
  rules for the web in plain sight.

  But lately, that spirit of collaboration has been under intense strain
  as the W3C has become a key battleground in the war over web privacy.
  Over the last year, far from the notice of the average consumer or
  lawmaker, the people who actually make the web run have converged on
  this niche community of engineers to wrangle over what privacy really
  means, how the web can be more private in practice and how much power
  tech giants should have to unilaterally enact this change.

Two sides

  On one side are engineers who build browsers at Apple, Google, Mozilla,
  Brave and Microsoft. These companies are frequent competitors that have
  come to embrace web privacy on drastically different timelines. But
  they've all heard the call of both global regulators and their own
  users, and are turning to the W3C to develop new privacy-protective
  standards to replace the tracking techniques businesses have long
  relied on.

  On the other side are companies that use cross-site tracking for things
  like website optimization and advertising, and are fighting for their
  industry's very survival. That includes small firms like Rosewell's,
  but also giants of the industry, like Facebook.

  Rosewell has become one of this side's most committed foot soldiers
  since he joined the W3C last April. Where Facebook's developers can
  only offer cautious edits to Apple and Google's privacy proposals,
  knowing full well that every exchange within the W3C is part of the
  public record, Rosewell is decidedly less constrained. On any given
  day, you can find him in groups dedicated to privacy or web
  advertising, [105]diving into conversations about new standards
  browsers are considering.

  Rather than asking technical questions about how to make browsers'
  privacy specifications work better, he often asks philosophical ones,
  like whether anyone really wants their browser making certain privacy
  decisions for them at all. He's filled the W3C's forums with concerns
  about its underlying procedures, sometimes a [106]dozen at a time, and
  has called upon the W3C's leadership to more clearly articulate the
  values for which the organization stands.

  His exchanges with other members of the group tend to have the flavor
  of Hamilton and Burr's last letters — overly polite, but pulsing with
  contempt. "I prioritize clarity over social harmony," Rosewell said.

  To Rosewell, these questions may be the only thing stopping the web
  from being fully designed and controlled by Apple, Google and
  Microsoft, three companies that he said already have enough power as it
  is. "I'm deeply concerned about the future in a world where these
  companies are just unrestrained," Rosewell said. "If there isn't
  someone presenting a counter argument, then you get group-think and
  bubble behavior."

  But the engineers and privacy advocates who have long held W3C
  territory aren't convinced. They say the W3C is under siege by an
  insurgency that's thwarting browsers from developing new and important
  privacy protections for all web users. "They use cynical terms like:
  'We're here to protect user choice' or 'We're here to protect the open
  web' or, frankly, horseshit like this," said Pete Snyder, director of
  privacy at [107]Brave, which makes an anti-tracking browser. "They're
  there to slow down privacy protections that the browsers are creating."

  Snyder and others argue these new arrivals, who drape themselves in the
  flag of competition, are really just concern trolls, capitalizing on
  fears about Big Tech's power to cement the position of existing
  privacy-invasive technologies.

  "I'm very much concerned about the influence and power of browser
  vendors to unilaterally do things, but I'm more concerned about
  companies using that concern to drive worse outcomes," said Ashkan
  Soltani, former chief technologist to the Federal Trade Commission and
  co-author of the California Consumer Privacy Act. Soltani likened the
  deluge of procedural interjections from Rosewell and others to a
  "denial of service attack."

  James Rosewell and Ashkan Soltani James Rosewell, left, and Ashkan
  Soltani, right, are on opposite sides in this debate.Photo: James
  Rosewell; New America/Flickr

  But what is perhaps more alarming, Soltani and Snyder argue, is that
  the new entrants from the ad-tech industry and elsewhere aren't just
  trying to derail standards that could hurt their businesses; they're
  proposing new ones that could actually enshrine tracking under the
  guise of privacy. "Fortunately in a forum like the W3C, folks are smart
  enough to get the distinction," Soltani said. "Unfortunately,
  policymakers won't."

  The tension inside the community isn't lost on its leaders, though they
  frame the issue somewhat more diplomatically. "It's exciting to see so
  much attention to privacy," said Wendy Seltzer, strategy lead and
  counsel to the W3C, "and with that attention, of course, comes
  controversy."

  And with that controversy comes a cost. Longtime members of the
  organization said that at its best, the W3C is a place where some of
  the brightest minds in the industry get to come together to make
  technology work better for everyone.

  But at its worst, they worry that dysfunction inside the W3C groups may
  send a dangerous and misleading message to the global regulators and
  lawmakers working on privacy issues — that if the brightest minds in
  the industry can't figure out how to make privacy protections work for
  everyone, maybe no one can.

Do Not Track 2.0

  If any of this sounds like history repeating itself, that's because it
  is. About a decade ago, the W3C was the site of a similar industrywide
  effort to build a Do Not Track feature that would allow users to opt
  out of cross-site tracking through a simple on-off switch in their
  browsers. The W3C created an official working group to turn the idea
  into a formal standard, and representatives from tech giants —
  including Yahoo, IBM and Microsoft — as well as a slew of academics and
  civil society groups signed up to help.

  Separate from community groups, interest groups and business groups,
  all of which facilitate informal conversations among developers inside
  the W3C, working groups are supposed to be where actual technical
  standards get written, finalized and, hopefully, adopted by key
  companies sitting around the virtual table. Working groups are, in
  other words, where ideas for new standards go when they're ready for
  primetime.

  "This seemed like the game," Justin Brookman, director of consumer
  privacy at Consumer Reports, said of the Do Not Track working group. He
  briefly chaired the group while he was working for the Center for
  Democracy and Technology. "The browsers were going to implement it, and
  the browsers have a lot of power," he said.

  But the [108]Tracking Protection Working Group, as it was called, ended
  up being where Do Not Track went to die. Over the course of years,
  members — who, in keeping with the W3C tradition, were tasked with
  reaching decisions by consensus — couldn't come to an agreement on even
  the most basic details, including "the meaning of 'tracking' itself,"
  Omer Tene, vice president of the International Association of Privacy
  Professionals, [109]wrote in a 2014 Maine Law Review case study.

  Perhaps it should have been a clear sign Do Not Track was doomed when,
  Tene wrote, the group tried to settle its dispute over the definition
  of tracking by seeing which side could hum loudest. "Addressing this
  method, one participant complained, 'There are billions of dollars at
  stake and the future of the Internet, and we're trying to decide if one
  third-party is covered or didn't hum louder!'" Tene wrote.

  But both Tene and Brookman seem to agree that what really put Do Not
  Track underground was Microsoft's decision to turn the signal on by
  default in Internet Explorer. Ad-tech companies that had banked on only
  a sliver of web users actually opting out of tracking resented a
  browser unilaterally making that decision for all of its users.
  Suddenly, Brookman said, they lost interest in participating in
  discussions at all. "They totally made a meal out of it," he said,
  comparing their response to soccer players flopping on the field. "They
  totally exaggerated for effect to try to get out of doing this."

  Because the W3C's standards are voluntary, no one was under any real
  obligation to heed the Do Not Track signal, effectively neutering the
  feature. Browsers could send a signal indicating a user didn't want to
  be tracked, but websites and companies powering their ads didn't (and
  don't) have to listen.

  In his post-mortem on the ordeal, Tene summed up the Do Not Track
  effort succinctly: "It was protracted, rife with hardball rhetoric and
  combat tactics, based on inconsistent factual claims, and under
  constant threat of becoming practically irrelevant due to lack of
  industry buy-in."

  For anyone participating in today's privacy discussions inside the W3C,
  it's a description that sounds eerily familiar.

Enter the Privacy Sandbox

  After the Do Not Track debacle, Soltani dropped out of the W3C for
  years, focusing instead on helping draft and pass the California
  Consumer Privacy Act, or CCPA. That law — and its [110]successor, the
  California Privacy Rights Act — actually requires websites to accept a
  browser signal from California users who want to opt out of the sale of
  their information. The global privacy control, as that signal is
  called, effectively paired the essence of Do Not Track with the force
  of law, albeit only for Californians.

  When Soltani returned to the W3C in spring 2020, he wanted to turn the
  [111]global privacy control into a W3C-approved standard, hoping that
  would lead to more industry adoption among leading browsers. Already,
  privacy-conscious browsers like Brave and DuckDuckGo have implemented
  the control, and major players including The Washington Post, The New
  York Times and WordPress are accepting the signal. But Soltani believed
  the standard could be improved with the W3C treatment. "Every technical
  standard is worth discussing in an open forum," Soltani said. "It
  exposes bugs, issues and unforeseen edge cases."

  But his reentry into the community gave him deja vu. "Having not
  engaged in the W3C for years, it was very apparent I was walking back
  into what my experience was with Do Not Track, but 10 times worse,"
  Soltani said.

  One reason for that: Google had chosen W3C as the venue for developing
  an array of new privacy standards that were part of its Privacy Sandbox
  initiative. "We provide Chrome to billions of users, so we really have
  an immense responsibility to those users," said Google's Privacy
  Sandbox product manager Marshall Vale. "One of the reasons that we are
  engaged in so many parts of the W3C is to really make sure that that
  dialogue and evolution of the web really happens in the open."

  One of Google's proposed standards — [112]Federated Learning of
  Cohorts, or FLoC for short — would eliminate the ability for
  advertisers to track specific users' web behavior with cookies, but
  would instead divide Chrome users into groups based on the websites
  they visit. Advertisers could then target those groups based on their
  inferred interests.

  That proposal spurred a backlash from both privacy advocates and
  companies that rely on third-party tracking. The privacy side
  [113]argued individuals' interests might be easy to reverse-engineer,
  and that targeting groups of people based on their interests would
  still enable discriminatory advertising. The other side accused Google
  of trying to kill their companies and hoard user data for themselves.
  And browser vendors by and large [114]rejected the technology
  altogether.

  The Privacy Sandbox announcement inspired a flurry of newcomers,
  including from the ad-tech world, to join W3C in response. "It was
  supposed to be my task to find out what's going on with FLoC and build
  a bridge so we could connect to it," said one ad-tech newcomer who
  asked for anonymity, because he didn't have permission to speak on his
  company's behalf. "It looked like the real conversation was the one
  happening at the W3C, and by real, I mean the one where Google was
  actually listening."

  In fact, Google wasn't just listening, it was responding. The basic
  rules of etiquette within W3C hold that participants don't just get to
  have their say, they get to have a dialogue. "Our process starts by
  assuming good faith and engaging with all of the participants as they
  address the concerns they're raising," W3C's Seltzer said.

  That can promote useful exchanges when members are offering
  constructive criticism. But the policy of hearing everyone out can also
  grind progress to a halt.

A war of words

  That's what Soltani said happened when he tried to present the global
  privacy control proposal to W3C's privacy community group. His most
  vocal detractor? Rosewell.

  Rosewell jumped into the conversation to challenge not the specifics of
  the technology, but instead the very idea in which it was grounded. He
  objected to the notion that the W3C, which is a global community,
  should be turning policy from a single U.S. state into a technical
  standard, arguing that members might not be so thrilled if the W3C
  wanted to standardize policies from countries like China or India.
  "This is a Pandora's box," Rosewell [115]wrote of the global privacy
  control in one October message. "Should web browsers really become
  implementation mechanisms of specific government regulation?"

  Before conversation about standardizing the global privacy control even
  moved forward, Rosewell argued the W3C Advisory Committee should step
  in to first determine "if there is an appetite among W3C members" to
  continue.

  The suggestion stunned long-time members, who said taking such a vote
  and foreclosing an entire category of proposals runs counter to the way
  the W3C has always operated. "It's not how any of this stuff works. The
  W3C is not a Senate of the web. It's a standards body for people who
  want to build things and collaborate with each other," Brave's Snyder
  said. "It's not the kind of thing that anybody has ever voted on
  before."

  Indeed, while Seltzer wouldn't comment on any specific altercations,
  she said W3C leaders are aware of general concerns about these tactics.
  "There is no process for calling work to a halt," Seltzer said.

  [116]Tug-of-war wire snapping The World Wide Web Consortium is caught
  in a tug-of-war within its community of engineers and developers.
  Image: Christopher T. Fong/Protocol

  But Rosewell's certainly not alone in trying. Almost anywhere you can
  find a browser putting forward a new privacy proposal within the W3C,
  you can find profound philosophical opposition from members whose
  companies rely on third-party data. "At least some of this seems aimed
  towards legislation," Snyder, who co-chairs the W3C's Privacy Interest
  Group, said. "Which is to say, if they can make the waters muddy so it
  looks like there's no agreement on the web, quote-unquote, then
  [regulators] shouldn't be enforcing these things."

  One particularly contentious fight broke out this spring in a wonky
  [117]discussion about a technique called bounce tracking, which is a
  workaround some companies use to circumvent third-party tracking bans.

  John Wilander, a security and privacy engineer at Apple, wanted the
  privacy group's thoughts on how browsers might put an end to the
  practice. The conversation caught the attention of Michael Lysak, a
  developer at ad-tech firm Carbon, who began raising concerns about how
  Apple tracks its own users.

  Wilander politely told Lysak his comments were out of scope, which is
  W3C-speak for: Take your bellyaching elsewhere. "Please refrain from
  discussing other things than bounce tracking protection here since
  doing so makes it harder to stay focused on what this proposal is
  about," Wilander wrote.

  Lysak continued on with another jab at Apple's motives: "If a proposal
  kills tracking for some businesses and not others, that is in scope as
  it violates W3 rules for anti competition, especially if the proposer's
  company directly benefits."

  Wilander shot back again: "I filed this issue and the scope is bounce
  tracking protection."

  Others were piling on too. Robin Berjon of The New York Times cited a
  study about users' privacy expectations, writing, "It's overwhelmingly
  clear that users expect their browsers to protect their data." Lysak
  replied with a study of his own — one published by the ad industry —
  that argued differently. Erik Anderson of Microsoft, who co-chairs the
  group, chimed in asking everyone to focus on the topic at hand.

  Wilander responded with a thumbs up emoji. And round and round they
  went.

  Rosewell was there too, largely co-signing Lysak's arguments about
  competition. "You make some interesting points," he wrote to Lysak.

  But Rosewell was also there to promote and explain a proposal of his
  own, another avian-themed standard called SWAN. Unlike FLoC, SWAN would
  allow publishers and ad-tech companies that join the SWAN network to
  share unique identifiers about web users. Those users could opt out of
  personalized ads from any companies in the network, and SWAN member
  companies would be bound by a contract to abide. But those companies
  could still use their unique IDs for other purposes, like measuring
  responsiveness to an ad and optimizing ad content.

  To Rosewell, SWAN presents a sort of middle ground, giving web users
  the choice to turn off personalized ads, but giving ad-tech companies
  and publishers the data they want as well. But Soltani called SWAN and
  other industry-led proposals that preserve some level of data sharing
  "privacy washing," because they would allow for data sharing even in
  browsers that have sought to prevent it.

  "[They're] saying: We're going to define privacy as profiling for ads,
  but we're going to collect your information for all these other
  purposes, too," Soltani said.

No, you're privacy washing

  If the privacy advocates inside the W3C have been put off by Rosewell's
  approach, he hasn't exactly been charmed by theirs either. "I've been —
  I don't know what the right word is — somewhere between upset and
  shocked at just how much of a sort of vigilante group the W3C truly
  is," Rosewell said.

  From his perspective, browsers have too much power over the community,
  and they use that power to quash conversations that might make them
  look bad. In fact, he charged Apple itself with "privacy washing."
  Apple, he said, has forged ahead with third-party privacy protections,
  but has taken in [118]billions of dollars a year from Google to feature
  its not-so-private search engine on iPhone users' phones.

  "Google doesn't pay [Apple] $12 billion a year just for the kudos of
  having their logo on an Apple phone. They do it for the data that the
  deal generates," Rosewell said.

  Rosewell rejects the idea that he is pushing for weaker privacy
  protections. "I am absolutely on the privacy side of things. I would be
  aggrieved if I was characterized as anti-privacy," he said, pointing to
  SWAN as an example of how he's trying to advance the cause.

  The problem, as he sees it, is that privacy has been ill-defined within
  W3C. "Until you define privacy, until you define competition,
  everything becomes an opinion," he said. "And what happens is it's
  those with the most influence that end up dominating the debate."

  He believes it's a "crap argument" to say that philosophical or even
  legal questions like this are out of scope in a technical standards
  body. If the W3C only talked about technical standards, he argued, its
  members wouldn't be so focused on a fuzzy concept like privacy. "We are
  interested in the impact of technical standards and technical choices
  in practice, and we should be. Of course we should be. Otherwise
  unintended consequences occur," he said. "But what gets to be talked
  about is very self-serving."

  The ad-tech newcomer who spoke with Protocol was similarly frustrated
  by the community's culture. "When you're going up against powerful
  companies that are very entrenched in the W3C, and you're saying
  something they don't want said, it can feel as though you're being
  gaslit, given contradictory information on rules that aren't applied
  later," he said.

  Rosewell said he's taken it upon himself to be vocal about these
  concerns inside the W3C primarily because few other people can be. One
  concern shared by both Rosewell and the people who disagree with him is
  that the W3C's membership fees and the time commitment these
  conversations require make it so giant companies with thousands of
  employees can pack W3C groups with members and float endless proposals,
  while smaller companies or individuals working on these issues
  part-time struggle to keep up.

  "The advantage Google has in numbers is not so much the number of
  participants, but the sheer size of the teams they have on these
  projects," said one privacy advocate, who was not granted permission by
  his company to speak on the record. "I can get maybe 20% of two
  people's time, that might be enough to produce one or two drafts per
  quarter. Google could ship a spec every week, and that means they can
  take up a lot of space."

  Indeed, 40 of the 369 members in the [119]Improving Web Advertising
  business group work for Google. Vale, of Google, rejected the idea that
  this might make the community lopsided in Google's favor, arguing that
  when it comes down to actually finalizing a specification, every
  company gets just one vote. "That's how the W3C operates and makes sure
  that the voices of the various constituents and the members are really
  represented," Vale said.

  Still, there is an awful lot of conversation that happens before a
  standard gets to that stage. Those are the conversations happening
  right now. So when Google introduced the Privacy Sandbox, Rosewell
  figured he had the time, the freedom and the motivation to dive head
  first into those conversations. "As far as the tenacity is concerned,"
  he said, "if people are acting in good faith, then there should be a
  debate."

Facebook's fate

  Rosewell's "tenacity" has certainly been convenient for Facebook, a
  company that relies on third-party tracking to sell ads but is in no
  position to publicly challenge any other company's privacy proposals
  after its own seemingly endless parade of privacy scandals. Instead,
  while Rosewell lobs bombs and takes the brunt of the fire from other
  W3C members, Facebook's generals are busy negotiating peace treaties.

  Just last month, Facebook engineer Ben Savage drafted a [120]proposal
  that would give web users more choice over the interests their browsers
  assign to them. The idea, which Savage [121]presented to members of the
  privacy community group, was so well-received even Soltani walked away
  thinking it just might work. Savage has also [122]worked closely in the
  W3C with Apple's Wilander to nail down new fraud prevention techniques
  for Safari, peppering his comments with smiley faces, as if to say, "I
  come in peace."

  But emoticons aside, it's clear Facebook has as much riding on the
  outcome of these discussions as anyone. Among the tech giants at the
  table, Facebook is the only one that doesn't have its own browser or
  its own operating system. But it does collect boatloads of data on
  billions of people around the world. As Apple [123]takes direct aim at
  Facebook in public, people like Savage are working behind the scenes to
  push Apple engineers on technical remedies that might preserve
  Facebook's existing business.

  In April, Facebook Chief Operating Officer Sheryl Sandberg more or less
  admitted as much, saying on the company's quarterly [124]earnings call
  that Facebook was working with the W3C community on a way through some
  of the "headwinds" posed by Apple's mobile privacy updates.

  It was a blink-and-you-miss-it moment, but Soltani didn't miss it,
  viewing it as yet another example of an ad-reliant tech company trying
  to sway the W3C. "Telling that @Facebook's @sherylsandberg cites
  opportunities in @w3c when discussing their 'regulatory roadmap' on
  today's Q1 earnings call," he [125]tweeted at the time. "#Bigtech has
  long known they can leverage standards groups to benefit their business
  goals."

  This year, Facebook put forward a candidate to serve on the W3C's
  advisory board, and in a recent meeting, Facebook [126]volunteered to
  chair a possible working group on privacy-enhancing technologies. "In
  the last six months they've become a lot more vocal on these subjects,
  which is fantastic," Rosewell said, noting that Savage in particular
  has "done a great job in articulating an alternative voice."

  Still, despite Savage's attempts at collaboration, there are times his
  frustration with powerful players inside W3C — namely Apple — has
  boiled over. In a lengthy Twitter thread last week, Savage [127]accused
  Apple of "egregious behavior," saying that while Google has been
  developing alternatives to tracking out in the open, Apple [128]decided
  to "blow up" the world of web advertising and only started "thinking
  about what to replace it with later."

  He [129]charged Apple with trying to push app developers away from
  advertising business models and toward fee-based apps, "where Apple
  takes a 30% cut," striking a note about anti-competitive practices that
  sounded not unlike Rosewell. "Using the pretext of privacy to kill off
  the ads-funded business model, in order to push developers to fee based
  models Apple can tax doesn't stop being anti-competitive if they lower
  their cut," Savage [130]wrote. "And their own apps will always have a
  0% tax."

  Apple did not respond to Protocol's request for comment.

  Facebook also declined to make Savage or any other engineer available
  for comment, but in a statement, the company said of W3C, "These forums
  allow us to submit and debate new approaches to address common industry
  issues like how to measure ads and prevent ad fraud while still
  protecting people's privacy. All of our suggestions are public and we
  encourage people to take a look at them."

Here come the refs

  Vale of Google also said the W3C has been instrumental to working out
  new privacy proposals. He gave W3C members credit for the development
  of one proposal in particular, called [131]FLEDGE. "We've really shown
  that we've taken the input here from many members, whether it's on the
  privacy side, or the browsers, or ad tech, and incorporated them into
  our ideas and proposals," Vale said. "We're listening."

  Of course, it's also in Google's interest to appear collaborative — now
  more than ever. Earlier this year, the U.K.'s competition authority
  took Rosewell's group, Marketers for an Open Web, up on its complaint,
  agreeing to [132]investigate the Privacy Sandbox for anti-competitive
  behavior.

  At that, Google blinked, announcing last month that it would [133]delay
  its plans to kill off third-party cookies another year, in order to
  "give all developers time to follow the best path for privacy," a
  company blog [134]post read. As part of its negotiations, the U.K.'s
  CMA [135]said it would play a "key oversight role" in reviewing Privacy
  Sandbox proposals "to ensure they do not distort competition."

  Google also said last month that once third-party cookies are phased
  out, it would no longer use browsing history to target or measure ads
  or create "alternative identifiers" to replace cookies. That blog
  [136]post was signed not by Vale or another engineer, but a member of
  Google's legal department.

  "Good news. Google won't kill the open web this year," Rosewell's group
  [137]wrote in a press release following the recent announcement. But
  the group also vowed to power on, arguing that Google's commitments so
  far only cover a small subset of the data it uses to track people. "The
  proposed settlement agreement is hollow because it does not actually
  remove data that matters," Rosewell said.

  To him, the CMA's announcement was, in other words, just a solid start.
  But to Soltani and others, Google's decision was the predictable
  conclusion of a drama they'd watched play out inside the W3C, which is,
  in some ways, just a microcosm of the larger debate happening in
  countries around the world.

  Regulators in the U.K., he said, had bought the ad industry's argument
  that privacy and competition are on a collision course. That, he said,
  is a false choice. "They could have required everyone to not access
  that data, Google included, which would have been a net benefit for
  competition and privacy," Soltani said.

  But regulators appeared to overlook that option and are now using their
  power to pressure Google to put off changes that would make the world's
  most widely-used browser a little more private. "Sigh," Soltani wrote
  in an email last month, linking to Google's announcement. "James & Co
  succeeded."
  From Your Site Articles
    * [138]California Privacy Rights Act: How Google, Facebook and others
      ... ›
    * [139]Google has a plan to 'fix' online privacy. Everybody hates it
      ... ›

  [140]Issie Lapowsky

  Issie Lapowsky ( [141]@issielapowsky) is Protocol's chief
  correspondent, covering the intersection of technology, politics, and
  national affairs. She also oversees Protocol's fellowship program.
  Previously, she was a senior writer at Wired, where she covered the
  2016 election and the Facebook beat in its aftermath. Prior to that,
  Issie worked as a staff writer for Inc. magazine, writing about small
  business and entrepreneurship. She has also worked as an on-air
  contributor for CBS News and taught a graduate-level course at New York
  University's Center for Publishing on how tech giants have affected
  publishing.
  [142]w3c [143]privacy
  Latest Stories
  See more

  [144][json]
  [145]About Us[146]Careers[147]Contact Us[148]RSS feeds
  [149]Privacy Statement[150]Do not sell[151]Terms of Service
  [152]Get access
  © 2021 Protocol Media, LLC

  To give you the best possible experience, this site uses cookies. If
  you continue browsing. you accept our use of cookies. You can review
  our [153]privacy policy to find out more about the cookies we use.
  [154]Accept

References

  Visible links
  1. https://www.protocol.com/feeds/policy.rss
  2. https://www.protocol.com/
  3. https://www.protocol.com/bulletins/
  4. https://www.protocol.com/newsletters/
  5. https://www.protocol.com/newsletters/protocol-fintech/
  6. https://www.protocol.com/newsletters/gaming/
  7. https://www.protocol.com/newsletters/index/
  8. https://www.protocol.com/newsletters/protocol-enterprise/
  9. https://www.protocol.com/newsletters/pipeline/
 10. https://www.protocol.com/newsletters/sourcecode/
 11. https://www.protocol.com/newsletters/next-up/
 12. https://www.protocol.com/newsletters/protocol-china/
 13. https://www.protocol.com/newsletters/protocol-workplace/
 14. https://www.protocol.com/enterprise/
 15. https://www.protocol.com/enterprise/about/
 16. https://www.protocol.com/workplace/
 17. https://www.protocol.com/workplace/about/
 18. https://www.protocol.com/china/
 19. https://www.protocol.com/china/about-protocol-china/
 20. https://www.protocol.com/fintech/
 21. https://www.protocol.com/fintech/about-protocol-fintech/
 22. https://www.protocol.com/policy/
 23. https://www.protocol.com/policy/tech-employee-survey/
 24. https://www.protocol.com/people/
 25. https://www.protocol.com/power/
 26. https://www.protocol.com/politics/
 27. https://www.protocol.com/braintrust/
 28. https://www.protocol.com/braintrust/braintrust-fintech/
 29. https://www.protocol.com/braintrust/braintrust-enterprise/
 30. https://www.protocol.com/braintrust/braintrust-work-and-productivity/
 31. https://www.protocol.com/braintrust/braintrust-policy/
 32. https://www.protocol.com/manuals/
 33. https://www.protocol.com/manuals/ces-2021/
 34. https://www.protocol.com/manuals/new-enterprise/
 35. https://www.protocol.com/manuals/small-business-recovery/
 36. https://www.protocol.com/manuals/quantum-computing/
 37. https://www.protocol.com/manuals/health-care-revolution/
 38. https://www.protocol.com/manuals/retail-resurgence/
 39. https://www.protocol.com/manuals/reinvention-of-spending/
 40. https://www.protocol.com/manuals/transforming-2021/
 41. https://www.protocol.com/manuals/retail-investing/
 42. https://www.protocol.com/manuals/the-new-database/
 43. https://www.protocol.com/careers/
 44. https://www.protocol.com/podcasts/source-code/
 45. https://www.protocol.com/events/
 46. https://virtualmeetupprotocol.splashthat.com/
 47. https://www.protocol.com/tech-hearing/
 48. https://www.protocol.com/section-230-hearing/
 49. https://www.protocol.com/election-2020/
 50. https://www.protocol.com/post-election-hearing/
 51. https://www.protocol.com/alerts/
 52. https://www.protocol.com/apple-epic-trial/
 53. https://www.protocol.com/login
 54. https://www.googletagmanager.com/ns.html?id=GTM-TBZ76RQ
 55. https://www.protocol.com/
 56. https://www.protocol.com/newsletters/
 57. https://www.protocol.com/workplace/
 58. https://www.protocol.com/enterprise/
 59. https://www.protocol.com/fintech/
 60. https://www.protocol.com/china/
 61. https://www.protocol.com/policy/
 62. https://www.protocol.com/newsletters/
 63. https://www.protocol.com/braintrust/
 64. https://www.protocol.com/podcasts/source-code/
 65. https://www.protocol.com/events/
 66. https://www.protocol.com/careers
 67. https://www.protocol.com/st/about_us
 68. https://www.protocol.com/newsletters/
 69. https://www.protocol.com/newsletters/sourcecode/
 70. https://www.protocol.com/newsletters/protocol-workplace/
 71. https://www.protocol.com/newsletters/pipeline/
 72. https://www.protocol.com/newsletters/protocol-china/
 73. https://www.protocol.com/newsletters/protocol-enterprise/
 74. https://www.protocol.com/newsletters/protocol-fintech/
 75. https://www.protocol.com/newsletters/next-up/
 76. https://www.protocol.com/newsletters/gaming/
 77. https://www.protocol.com/workplace/
 78. https://www.protocol.com/enterprise/
 79. https://www.protocol.com/manuals/the-new-database/
 80. https://www.protocol.com/china/
 81. https://www.protocol.com/fintech/
 82. https://www.protocol.com/manuals/retail-investing/
 83. https://www.protocol.com/policy/
 84. https://www.protocol.com/policy/tech-employee-survey/
 85. https://www.protocol.com/manuals/
 86. https://www.protocol.com/manuals/the-new-database/
 87. https://www.protocol.com/manuals/retail-investing/
 88. https://www.protocol.com/manuals/transforming-2021/
 89. https://www.protocol.com/manuals/reinvention-of-spending/
 90. https://www.protocol.com/manuals/new-enterprise/
 91. https://www.protocol.com/manuals/retail-resurgence/
 92. https://www.protocol.com/manuals/small-business-recovery/
 93. https://www.protocol.com/manuals/health-care-revolution/
 94. https://www.protocol.com/manuals/quantum-computing/
 95. https://www.protocol.com/braintrust/
 96. https://www.protocol.com/events/
 97. https://www.protocol.com/st/privacy_policy
 98. https://www.protocol.com/policy/w3c-privacy-war#toggle-gdpr
 99. https://www.protocol.com/st/privacy_policy
100. https://www.protocol.com/u/issielapowsky
101. https://www.protocol.com/tag/privacy
102. https://www.protocol.com/policy/
103. https://blog.chromium.org/2020/01/building-more-private-web-path-towards.html
104. https://marketersforanopenweb.com/marketers-for-an-open-web-calls-on-uk-competition-and-market-authority-to-block-googles-privacy-sandbox/
105. https://github.com/privacycg/proposals/issues/10#issuecomment-708311334
106. https://github.com/w3c/w3process/issues/created_by/jwrosewell
107. https://www.protocol.com/brave-search-engine
108. https://www.w3.org/2011/tracking-protection/charter
109. https://digitalcommons.mainelaw.maine.edu/cgi/viewcontent.cgi?article=1090&context=mlr
110. https://www.protocol.com/inside-california-privacy-law-redo
111. https://globalprivacycontrol.org/
112. https://wicg.github.io/floc/
113. https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
114. https://www.bleepingcomputer.com/news/security/vivaldi-brave-duckduckgo-reject-googles-floc-ad-tracking-tech/#:~:text=FLoC has been criticized by,being a privacy-preserving technology.
115. https://github.com/privacycg/proposals/issues/10/
116. https://www.protocol.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8yNjk0NTg4Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTY2MzY1MDY1NH0.zTAtrzQCU_w2vmKwHtazISH7Vwh2JB_gB9gcPkW-J7w/image.png?width=980
117. https://github.com/privacycg/proposals/issues/6
118. https://www.nytimes.com/2020/10/25/technology/apple-google-search-antitrust.html
119. https://www.w3.org/community/web-adv/participants
120. https://github.com/privacycg/proposals/issues/26
121. https://github.com/privacycg/meetings/blob/main/2021/telcons/06-24-minutes.md
122. https://github.com/privacycg/private-click-measurement/issues/27
123. https://www.protocol.com/apple-facebook-privacy-fight
124. https://s21.q4cdn.com/399680738/files/doc_financials/2021/Q1/FB-Q1-2021-Earnings-Call-Transcript.pdf
125. https://twitter.com/ashk4n/status/1387517599848665089?s=20
126. https://github.com/privacycg/meetings/blob/8d6c1bcecbe9b01b7ae2c2cc27f6a710e373bdd5/2021/05-virtual/05-20-minutes.md
127. https://twitter.com/BenSava78155446/status/1413412124488093696?s=20
128. https://twitter.com/BenSava78155446/status/1413411617530916865?s=20
129. https://twitter.com/BenSava78155446/status/1413426914006650886?s=20
130. https://twitter.com/BenSava78155446/status/1413428521242927104?s=20
131. https://blog.google/products/ads-commerce/2021-01-privacy-sandbox/
132. https://www.gov.uk/government/news/cma-to-investigate-google-s-privacy-sandbox-browser-changes
133. https://www.protocol.com/bulletins/google-delay-cookies
134. https://blog.google/products/chrome/updated-timeline-privacy-sandbox-milestones/
135. https://www.gov.uk/government/news/cma-to-have-key-oversight-role-over-google-s-planned-removal-of-third-party-cookies#:~:text=News story-,CMA to have key oversight role over,removal of third-party cookies&text=The CMA is to take,whether to accept Google's commitments.
136. https://blog.google/around-the-globe/google-europe/our-commitments-privacy-sandbox/
137. https://marketersforanopenweb.com/good-news-google-wont-kill-the-open-web-this-year/
138. https://www.protocol.com/inside-california-privacy-law-redo
139. https://www.protocol.com/newsletters/sourcecode/google-floc-wordpress
140. https://www.protocol.com/u/issielapowsky
141. https://twitter.com/issielapowsky
142. https://www.protocol.com/tag/w3c
143. https://www.protocol.com/tag/privacy
144. https://www.protocol.com/
145. https://www.protocol.com/st/about_us
146. https://www.protocol.com/careers
147. https://www.protocol.com/st/contact_us
148. https://www.protocol.com/where-to-find-us
149. https://www.protocol.com/st/privacy_policy
150. https://www.protocol.com/st/do_not_sell
151. https://www.protocol.com/st/terms_of_service
152. https://www.protocol.com/newsletters
153. https://www.protocol.com/st/privacy_policy
154. https://www.protocol.com/policy/w3c-privacy-war#toggle-gdpr

  Hidden links:
156. https://www.protocol.com/newsletters/
157. https://twitter.com/protocol
158. https://www.linkedin.com/company/protocol-media/
159. https://www.facebook.com/protocol/
160. https://www.instagram.com/protocol/
161. https://slack.protocol.com/
162. https://www.protocol.com/u/issielapowsky
163. https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.protocol.com%2Fpolicy%2Fw3c-privacy-war%3Fxrs%3DRebelMouse_fb%26ts%3D1626220609
164. https://twitter.com/intent/tweet?url=https://www.protocol.com/policy/w3c-privacy-war&text=Concern%20trolls%20and%20power%20grabs%3A%20Inside%20Big%20Tech%E2%80%99s%20angry%2C%20geeky%2C%20often%20petty%20war%20for%20your%20privacy&
165. http://www.linkedin.com/shareArticle?mini=false&url=https://www.protocol.com/policy/w3c-privacy-war&
166. mailto:?subject=Concern%20trolls%20and%20power%20grabs%3A%20Inside%20Big%20Tech%E2%80%99s%20angry%2C%20geeky%2C%20often%20petty%20war%20for%20your%20privacy&body=https://www.protocol.com/policy/w3c-privacy-war
167. https://www.protocol.com/core/3partyapi/post_to_slack/start?message=Concern%20trolls%20and%20power%20grabs%3A%20Inside%20Big%20Tech%E2%80%99s%20angry%2C%20geeky%2C%20often%20petty%20war%20for%20your%20privacy+@+https%3A%2F%2Fwww.protocol.com%2Fpolicy%2Fw3c-privacy-war
168. https://www.protocol.com/u/issielapowsky
169. https://twitter.com/protocol
170. https://www.linkedin.com/company/protocol-media/
171. https://www.facebook.com/protocol/
172. https://www.instagram.com/protocol/
173. https://slack.protocol.com/

You are viewing proxied material from 1436.ninja. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.