army judge
Super Moderator
Google Admits Just Can't Quit Third Party Cookies, Yet!!!
Posted: July 23, 2024 by Pieter Arntz
For more than a year, Google has said it would phase out the third-party tracking cookies that power much of its advertising business online, proposing new ideas that would allegedly preserve user privacy while still providing businesses with steady revenue streams.
This week, Google tossed much of that work aside.
In an update about Google's Privacy Sandbox, the tech giant said that due to feedback from authorities and other stakeholders in advertising, it is looking at a new path forward in finding the balance between privacy and an ad-supported internet.
The underlying grounds for the difficulty in finding the balance are not hard to understand. The effectiveness of advertising is determined by whether you're able to reach your target audience, but the processes involved in determining whether a website visitor belongs to your target audience or not often means that the website publisher gathers information about said visitor, which can quickly become a privacy issue.
The common method to track a visitor's online behavior was and still involves third-party cookies. You can look at them as small files that your browser drags along the internet while sites record your interests and online behavior in them. They are the reason why you suddenly see advertisements for an article you have looked at in an online store.
When the advertising industry collectively decided they needed something better than cookies, Google introduced the Privacy Sandbox as a "secure environment for personalization that also protects user privacy." The idea was to get rid of third-party cookies altogether.
Later, Google started experimenting with FLoC, or "Federated Learning of Cohorts." FLoC aimed to become a privacy-focused solution intent on delivering relevant ads by clustering large groups of people with similar interests. This way, user behavior would be processed as anonymized accounts, grouped by interests. Most importantly, user information would processed on-device rather than broadcast across the web.
The idea was to get rid of third-party cookies by 2022, but the implementation of FLoC caused so much push-back from privacy experts that Google abandoned the idea.
Then Google came up with Topics, an idea based on Privacy Sandbox where the user does not get tracked based on the sites they visit, but where each site displays contextual advertising, which means the ads match with the content on the page. But Google had to ask websites not to abuse the topics API and other browser developers showed no interest in adopting the API.
Despite Google Chrome's browser market share (>60%), it does not have the influence needed to persuade its competitors. And the pressure is on, since other browsers like Safari and Firefox went ahead and already started blocking third-party cookies. Ironic, because the push to eliminate third-party cookies was set in motion by Google and now it's lagging behind.
So, Google is back with a new path for the Privacy Sandbox. It proposes:
Strengthened with a new feature called IP Protection in Chrome's Incognito Mode, this should protect the user from being identified by third parties as a potential target IP address for web-wide cross-site tracking.
Does that mean there will be yet another prompt asking the user what they want? It looks like it. But first, Google intends to put out its feelers to find out what regulators and the advertising industry have to say about this new approach.
We have a feeling that this will not be the end of this saga, and we will keep our readers informed about new developments.
NEWS | PRIVACY
Number of data breach victims goes up 1,000%
Posted: July 19, 2024 by Pieter ArntzNope, that headline's not a typo. Over one thousand percent.
The Identity Theft Resource Center (ITRC) tracked 1,041,312,601 data breach victims in Q2 2024, an increase of 1,170% over Q2 2023 (81,958,874 victims).
The ITRC is a national non-profit organization set up with the goal of minimizing the risk and mitigating the impact of identity compromise. Through public and private support, it provides no-cost victim assistance and consumer education.
The vast majority of that rise in numbers in due to a few very large compromises. The ITRC mentions Prudential (2.5 million people) and Infosys McCamish Systems (6 million people) as main contributors.
Because both of these breaches were announced/updated in the second quarter of 2024 they have a huge impact on the numbers. When we compare the number of data breach victims in the first half of 2024 (H1 2024) then we see an increase of 490 percent compared to the first half of 2023. Which is still significant and worrying.
The ITRC broke down some of the numbers to show them in an infographic.
Some notable statistics we can derive from the infographic:
- Almost 90% of the compromises in H1 2024 are due to data breaches.
- Financial services had the most breaches, followed by healthcare.
- The largest data breaches in number of victims are Ticketmaster, Advance Auto Parts, and Dell.
- 80 supply chain attacks accounted for 446 affected entities and over 10 million victims.
The number of data breaches where driver's license data was stolen totaled 198 instances in pre-pandemic, full-year 2019 compared to 636 in full-year 2023 and 308 through June 30, 2024.
Most of the data breaches are not the result of negligence but of targeted cyberattacks. This explains the rising demand for data deletion services. Not only does it play a significant role in safeguarding privacy rights on the business side, it also helps avoid or lessen the legal consequences of a breach.
ITRC president and CEO Eva Velasquez summarized the report like this:
Protecting yourself after a data breach
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.- Check the vendor's advice. Every breach is different, so check with the vendor to find out what's happened and follow any specific advice they offer.
- Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don't use for anything else. Better yet, let a password manager choose one for you.
- Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can't be phished.
- Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims and verify the identity of anyone who contacts you using a different communication channel.
- Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
- Consider not storing your card details. It's definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
- Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.
Check your exposure
Looking at the numbers in the ITRC report, it's likely you've had other personal information exposed online in previous data breaches. You can check what personal information of yours has been exposed with our Digital Footprint portal. Just enter your email address (it's best to submit the one you most frequently use) to our free Digital Footprint scan, and we'll give you a report.
