Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Google is Exploring an Alternative to Cookies for Ad Tracking (nytimes.com)
91 points by stfu on Oct 6, 2013 | hide | past | favorite | 95 comments



I've used chrome because it was faster than Firefox ( and didn't crash so often ).

I've switched to Firefox a few weeks ago and couldn't be happier. It seems that all the stability issues were resolved.

I urge everyone to do the same.


I've been using Firefox as my main browser for a couple of years now. It's really getting better in every build. And Vimperator is not available for Chrome. Nowadays my biggest reason to stay with Firefox is that I trust Mozilla more than I trust Google.


> I trust Mozilla more than I trust Google.

No company working with the NSA can ever be trusted. That only leaves Mozilla.

Plus, are there any other companies that are not-for-profit, like Mozilla? Because this point gives them a huge credit.


What makes you think that Mozilla are obliged to cooperate with the NSA any less than Google are?


For now:

a) The fact that they didn't appear in Snowden's documents like the other companies,

b) the fact that companies like Google (and Facebook, Yahoo, Microsoft, etc.) have it as their mission to build as precise user profiles as possible ("data hoover"), for example because the rely on advertising revenue. (Google is a 1-trick-pony, advertising being its trick.)


For the most part, Mozilla concentrates on releasing software rather than storing copious amounts of data about users. (Perhaps their "startup" Persona service is an exception to this, but I doubt it.) NSA is more likely to target all that juicy user data that Google has. They might also seek to undermine the security of software, but Mozilla aren't going to make that easy for them.


I switched from FF when it was sluggish. Funny, the reason I don't switch back is the opposite of yours: I don't want to miss Vimium... how does Vimperator compare to Vimium?


I was in the same boat. I tried to switch back to Firefox a while back. Some people prefer Vimperator and Pentadactyl, but after using Vimium for a while, I found them to be a little too complicated and, well, different from what I was used to. It's possible I could have adjusted, but I didn't bother at the time and quickly returned to Chromium.

Later I discovered a Firefox addon called VimFX that basically aims to be "Chromium for Firefox": A very simple set of Vim-like shortcuts, configured in almost exactly the way Chromium is. Once I started using it, I felt right at home in Firefox, and I haven't looked back since. It's got a few warts (delay when using gg, Ctrl-F rebound to PageDown by default), but all things considered I'm pretty happy with it.

https://addons.mozilla.org/firefox/addon/vimfx/

https://github.com/akhodakivskiy/VimFx


thank you! :)


Much more features. If I try to use Vimium, it feels like Sublime's vim mode compared to the Emacs' evil-mode...


> Google could create an anonymous identifier, tied to users of its Chrome browser on a specific device

That certainly is in the interest of the NSA as well.


I too used Chrome because it was simple enough to seem to get out of the way, but Firefox has gotten so much faster that I can't remember how there was an advantage.

Now, I can't stand that there is never a sidebar in Chrome for things like Todoist, and you have that annoying pop-down menu instead. Firefox even lets you use extensions that radically alter the interface, such as the really convenient Tile Tabs[1], without any noticeable slowdowns.

I used to switch back and forth, using Firefox if I was using a extension for some specific task, then back to Chrome for everything else, but now Firefox just never seems to slow down much, so there's no reason.

[1] https://addons.mozilla.org/en-US/firefox/addon/tile-tabs


I just switched today. After installing the omnibar extension and removing the ugly bar in the bottom, if feels just as comfortable as Chrome.


I use Chrome for google apps because it works better. I use Firefox for everything else.


...and besides this allows you to surf without google registering every fart of yours. Good idea.

Uh, also I suggest to everyone the "self-destructing cookies" extension. I think it's the best cookie solution so far: basically it deletes the cookies after a certain "grace period" unless they are into your white list. This means that (1) your session is forced to last only for slightly more than the time you are on the website (2) you don't stand out as tinfoil-hat (https://panopticlick.eff.org/)


fwiw the address bar does most of what Chrome's omnibar does, out of the box. It's just a bit hidden because they include the search field by default.


Except that it won't search for things that look roughly like an URL or a hostname.


Not sure what you mean. If I type "youtube" it starts autocompleting as "youtube.com", but the search results below the bar include youtube.com videos, a random news article with 'youtube' near the end of the URL, etc. If you want to search google or whatever from there just hit spacebar or backspace to reduce it to a bare word, and hit enter.

Tbh I prefer this over what Chrome tends to do to me. In Chrome, if I type "youtube" and hit enter it searches for youtube, despite having many such URLs in my history, including youtube.com. Firefox will just take me to youtube.com immediately.


Try doing a search for "foo.bar". When it's a run of non-spaces with a dot Firefox will never do a search and always try to interpret it as a URL. Chrome will instead search for the things it cannot resolve (at the very least don't tell me that no server could be found at something that doesn't even use a registered TLD).


Aah, yeah, it does do that. I can see that being annoying. And somewhat surprisingly, it doesn't fall back to search if you prefix with a space, so you're practically stuck adding a fake search term or some other annoying kludge...

Fwiw that has also been (generally) preferable for me: going to .local domains is a PITA on Chrome because it tries to search for it first.


You can start with ? (which works in IE and Chrome too to force a search), but then you first have to remove the www. that Firefox helpfully adds ;)

And agreed that Chrome is a little unhelpful there too; I always have to remember prefixing a non-domain hostname in our network with http://. Although by now I resorted to a bookmark.


I did the same a few months ago. I hesitated to move because I was put off by Firefox's design but I found UX Nightly[1]. A few bugs here and there because it is a nightly build but overall smooth.

[1] https://people.mozilla.org/~jwein/ux-nightly/


What is this UX nightly thing exactly? Is it a fork or the actual future layout?


It is building towards an actual future layout. IIRC, once the changes are stable enough they're pushed to the main nightly builds.

Edit: Sorry, I was unclear, it is an official branch and not just a personal fork.

Some links: http://msujaws.wordpress.com/2012/03/15/mozillas-ux-nightly-... https://wiki.mozilla.org/UX_Branch


You can download from: http://nightly.mozilla.org


That isn't the same build. Those are features that don't focus on the UX or the design. I think that build is labeled Aurora? I could be mistaken. UX Nightly includes those features but it is focused on user experience.


>Those are features that don't focus on the UX or the design. I think that build is labeled Aurora

Nope, Aurora is something else. It's the build after Nightly. Nightly includes pre-alpha releases, Aurora includes alpha releases.

You are however correct that Nightly and Nightly UX are not the same thing. Although if I'm not mistaken the only difference between two of them is that Nightly UX also gets pre-alpha UI changes as well as under the hood changes that Nightly normally gets (almost daily). It's a bit confusing.

To sum it up, the release cycle goes like this:

Nightly (pre-alpha) > Aurora (alpha) > Firefox Beta (beta) > Firefox (stable)


Which one would you recommend I get? Am currently using Chrome and wouldn't mind switching to FF.


I'm currently using Nightly UX. I've been using it for quite awhile and I haven't had any problems with it. That being said, you should keep in mind that this is a pre-alpha release and it wouldn't be surprising to run into some problems. If your browsing experience heavily depends on extensions, I'd recommend you not to use Nightly, though. I only use NoScript and AdBlock Edge as my extensions, but if you install 10+ extensions, you're not gonna like Nightly.

In any case, you can just install it and experience it yourself. If you're like me who started using Chrome because you were sick of how slow and unstable Firefox was, you'll be amazed how good it is now.


I've used Firefox all my life because of Firebug. Then after a while it just got so slow that it was unusable and the experience became terrible. And then I switched to Chrome. I'm not fond of their developer tools as much. Not as good as Firebug. I guess I'll give FF another shot.


I switched for the same reasons but kept FF around mainly for Firebug. After using and getting use to Chrome Dev Tools, it is actually no different and in some cases better. I don't do as much front-end dev as I used to though... But I do remember reading that the FF team worked with developers of popular plugins like Firebug to help make those plugins run better, use less memory and cause less memory leaks. You may find those plugins a lot better now.


I've been using UX on Mac and Linux for a few months – love the tabs in the titlebar on Mac – and rarely have problems. A few extensions aren't compatible, and occasionally a build is unstable, so I also have Firefox (stable) and Aurora installed. I just restart into a (more) stable release if there is an issue. They all use the same profile, so settings and tabs are shared. Lazy-loading for tabs make restarting not much of an issue, even with a couple dozen tabs open.


Which Chrome release channel do you currently use: Canary, Dev, Beta, or Release? I haved used Firefox Nightly as my primary browser for almost two years and have only hit a few major problems. Aurora is a nice balance between stability and new features and optimizations.


Ah, thanks for the explanation. The process has been somewhat unclear to me for a while now.


I also made the switch after many years with Chrome. Chrome becomes very sluggish when you have too many tabs open, I guess this is why so many people like OneTab.

Today it's normal to have 10+ tabs open, to read the articles and then leave the best ones open for a later usage. That said I can easily have about 400 tabs open in various Tab-Groups, which is a killer feature.

But honestly, one Firefox addon is so important that I believe that it should be a core feature, it's called UnloadTab [1]. This addon frees up the memory unused tabs allocate, after a defined period of time. It helped a friend with a slow 800MHz Laptop with just a little RAM to finally start clicking links without being afraid that the machine locks up.

People who enjoy the TabGroups feature like I do, should definitely checkout the TabGroups Menu addon.

---

[1] https://addons.mozilla.org/en-US/firefox/addon/unloadtab/

[2] https://addons.mozilla.org/en-US/firefox/addon/tabgroups-men...


Likewise. I've since been pretty disappointed in Firefox's networking backend. Something in DNS resolution or page-fetching occasionally goes out to lunch and then ... no more loading webpages. I'm on 24.0. I should probably make some effort to actually track this down, but I don't even know where to begin.

Edit: doh! Maybe just network.dns.disableIPv6=true solved it...


Those with speed problems on either Chrome or Firefox should try getting rid of Adblock (Plus). It makes many sites very slow, even though those sites are reasonably fast and fluid without the extension. It's to the point that viewing ads is less irritating.


The worst part of Google software is the included always running updater program which in addition to using unnecessary resources, probably does other unknown tasks (spyware related).


does the scrolling feel a bit weird on Firefox? to me it felt a bit too smooth or animated


You can turn off "smooth scrolling" to fix this. Makes the scrolling feel more responsive to boot.


I bet that this is a preventive PR diversion for something else.

Google is anything but stupid. Given current post-Snowden climate they surely realize that something as obnoxiuos as built-in browser tracking is going to raise a storm of discontent. But they have decided to realize this information anyway. So they let this stew a little and suggest some alternative, probably as nasty, but it will look mild in comparison, and everyone will be happy. It's your good old anchoring - start with something completely obnoxious so that the thing that you actually want will look benign against it.


Releasing this information is bad for their consumer uptake, but good for their advertising business, and their advertising business is where they make all their money.

When it comes down to it for consumers, they'll just make it optional to help with complaints, and the masses will never dig down into their preferences to turn it off, so it won't matter that it is optional as far as advertisers are concerned.


I don't think appearing extremely shady just to be a little less shady than initially thought is a smart PR move. Yes, it may make the initial shit storm go away, but most people will be left with the impression that Google tried something shady and if they didn't go through with it now they will do so whenever they can sneak it in.


I may be wrong but isn't this very limited unless other major browsers adopt it?

I hope Mozilla doesn't cave to their corporate sponsor, and MS will not do just to hurt Google.


The problem are not the cookies. The problem is the tracking and the privacy invasion. I don't want some body following me at every step to know every thing I do using cookies or any alternative method.


Then that's the problem for you, not the problem in general.


You're most likely right, in that most people don't care about being tracked, but Google still isn't solving the basic problem, they are just working around the cookie restrictions.

The focus should be on making a profit, while respecting peoples privacy.


I honestly don't mind being tracked. I don't know if it's just me but I prefer targeted advertising than just generic one. It's always more relevant and I do end up purchasing. Without tracking, there would be no targeted advertising.


You're assuming that advertising is the correct or only business strategy. I wouldn't mind getting tracked, if I felt that I could trust the companies collecting data about me, or perhaps just get access to it.

Honestly I don't see the value of tracking though. I tried running my browser without Ghostery recently. The "tracked" ads are generally pretty poorly targeted. I got a lot of ads for TransIP after browsing their price plans, but that's sort of the wrong time, at this point I'm already aware of them.

Amazons recommendations are pretty good for books, but not much more than that and that's despite them having huge amounts of data.

So why the need to track me, if you can't do anything useful with it?


And it's getting better and better. Recommendation for books is much easier in that context since you have a hard sale and can compare to other hard sales.. and not assumptions based on visits.


I know the suggestion for Katy Perry on Netflix was dead on. The irony is that there is nothing more that I hate than Katy Perry.


There are ways to do targeted advertising without tracking. For example, you could identify clusters and then have users' browsers do the lifting to determine what cluster they belong in.


Exactly! Or for that matter have clients develop handles for themselves on topics they want, and the advertisers just Multicast the relevant information to the users that have those tags. No need to GUID tracking.


How would feel about the data being shared with a prospective employer, perhaps sold to them as part of a recruitment service?


The problem is with privacy and privacy laws. If you read the laws about privacy (like http://www.ico.org.uk/for_organisations/privacy_and_electron...) you are going to see that they are targeting cookie-like tracking systems.

It's not a technical problem at all. Tracking is as easy to solve as to put a UID to each device (problem solved).

e.g. Apple some time ago forbid developer to use such an unique id (http://www.tuaw.com/2011/08/19/ios-5-deprecates-udid-as-iden...) probably on privacy laws grounds.


Remember the huge controversy that erupted when Intel wanted to put a program-readable unique serial number into its CPUs (in 1999)?

https://www.schneier.com/essay-187.html

http://slashdot.org/story/00/04/27/1021245/Intel-To-Drop-CPU...


Wow. "Don't be evil" is really dead and buried isn't it?


How exactly is this more evil than a tracking cookie? To me it sounds pretty much the same.


The reason, at least here in Europe, is legislation: cookies are written by the website to the user's PC. As far as I understand, this alternative doesn't write anything to a device, thus circumventing the law.


They can't be deleted or blocked. They are not confined to one device.


After reading the article, I fail to see how these are not confined to one device. basically, the article suggests that they'll add a random unique ID to the browsers' identification (I assume they're talking about the user agent). How would this spread across devices?


My mistake. But they are trivial to correlate and I would expect them to be correlated.


Correlating seems very easy & likely indeed, I didn't think about that.


If it's tied to some "anonymous identifier" in the browser it's also possible to follow you in incognito mode.


I imagine that incognito mode would use a different anonymous identifier.


It was dead from day 1.


Read the article. This is the same thing as the IDFA but on the Chrome browser. Pretty sure you'll be able to reset its value or turn it off entirely.

Most advertisers don't want to reach you if you don't want to be reached.


Doesn't mean we can't start looking for alternatives...


Duh, it stopped when organic growth stopped. But we were stupid to have believed it in the first place.

Now they are desperate: ads everywhere, penalties everywhere (makes you advertise to replace lost traffic) and so on. They still make north of 95% of their income on ads with all their supposed innovation. I don't trust them at all. On anything. I wonder what Google Search "Quality" has in store for 2013th fourth quarter.


I don't believe most of these claims, but I am linking to this:

http://slashdot.org/comments.pl?sid=3891677&cid=44076497

An important information from the "confidential" studies here for example would be what kind of monitors were tested.


This is not news. The article is about 2 weeks old and seems vague about details.

There are more articles on the topic on the net. This identifier has been dubbed "AdID". Read more here: http://m.spectrum.ieee.org/tech-talk/telecom/internet/google...


We believe that technological enhancements can improve users’ security while ensuring the Web remains economically viable

Alternatively, it maybe time for some creative destruction.


Microsoft or Apple could get away with this, since their browsers are bundled. Google could get away with it on Android.

But on the desktop? Nope. In a world where most users don't know the difference between a search engine and a web browser, Chrome's success relies on the tech savvy (through first person usage and recommendations to friends).

Add this "feature", and roughly 100% of that marketing force gets redirected back to Firefox.


I hope they go with this nonsense. It's almost as easy to kill as cookies and it's going to be a PR disaster, maybe even a legal nightmare for them. Browser/system fingerprinting would scare me a lot more because it doesn't require anything on the client side.


I thought this was well known, the "cookie" is known as RLZ

> http://blog.chromium.org/2010/06/in-open-for-rlz.html

RLZ gives us the ability to accurately measure the success of marketing promotions and distribution partnerships in order to meet our contractual and financial obligations. It assigns non-unique, non-personally identifiable promotion tracking labels to client products


The RLZ string isn't unique per user, and AFAIK it isn't used at all by Google's ad systems. It's used to measure the effectiveness of Google's marketing of their own software.

http://code.google.com/p/rlz/wiki/HowToReadAnRlzString


BTW, if anyone is looking for alternative web browsers that you can truly control, and have some of the defaults set for privacy:

Web Browsers GUI: Dooble, GNU IceCat, Luakit, NetSurf, Web/Epiphany (Galeon), Dillo, Amaya (for authoring), Swiftweasel, Conkeror, Arora, Midori, rekonq, Kazehakase

My GUI picks: xombrero, Uzbl, surf (with tabbed, it is amazing), dwb, jumanji

TUI Web browsers: w3m, elinks, links2, Links, Linkx, lynx, cURL, ed browser, wget

Relevant Threads: http://crunchbang.org/forums/viewtopic.php?id=13661&p=1 https://bbs.archlinux.org/viewtopic.php?id=116165

In the future, I wish to have a browser that maps all the cached files, per page you are viewing, with each of the domains, IP address, and the WebSockets connections it makes. Whether it be tree mapped, or tabular, it would be awesome to have a browser monitors all network event and files live, while you are viewing a page, maybe in a tile/window somewhere. For now, we have Jails we can open on the fly, with a new browser instance on each, connected to the custom firewall rules, that opens a page per domain. When done with the page, we get rid of the jail instance.


This has been talked about for a while and sounds like what Apple does on iOS.


You can do a hack with ETags - that was the first thing I came up with after 30 seconds of brainstorming how you would do it, and it looks like sites are already using them for that purpose. http://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags


Well, what could they do? Google is not making enough money :P

I think in 10 years we'll all be buying ad-supported Google PCs for free and they'll have a little window that you cant get rid of - that will show you ads. And probably have eye tracking that will blank the monitor every hour if you dont look at the ad.

Chrome has already turned into a keylogger than can also browse the internet. I remember watching a really old screensavers episode with Patrick Norton discussing how cookies were evil and how websites voilated user privacy by saving their IP addresses !. Hell.. Netscape was sued 13 years ago just because they captured what links you clicked.

http://www.wired.com/politics/law/news/2000/07/37435


A computer in 10 years, by Google, that can black out your screen. Google Glass?


What about a google helmet? You cant look away or mute when they show you ads :P


Does anyone know how the IDs can be anonymous? What's stopping anyone from associating the ID (presumably sent as a header?) with an account on my site?

Is it maybe like an OTP based where google and chrome generate a new ID for every request, opaque to the intermediary but google can correlate them later?


In Apple's system, at least, each app gets a different ID for the same user. So supposedly you can't track a user across sites/apps since the user will have a different ID for each.


I believe it's each set of apps from the same developer. Apple's developer docs say the device identifier changes if a user deletes all of your apps, not just the current one.


short answer is that you can never be 100% sure you are remaining anonymous on the internet. The best you can settle with is that you trust the companies operating with the data not to abuse their power and stick to their word.


This is what you get when you let Google track you with ads - less privacy for all:

http://news.cnet.com/8301-1009_3-57606178-83/nsa-tracks-goog...


I always thought they should be called crumbs instead of cookies.


In a sense this could be good news. If advertisers were using a different technology rather than cookies that could make our lives as developers a lot easier since we wouldn’t have to bother building alternatives for the lack of cookies in our web apps. Ads are what gave cookies a bad name. If in the years to come cookies can be disengaged from ads that would make users more reluctant to disable them.


Embrace, extend, extinguish.


the info in this piece about Mozilla following safari suit on third party cookies is out dated i think. https://brendaneich.com/2013/06/the-cookie-clearinghouse/


Good thing chromium is open source. I'll make my 'anonymous' GUID simply: googlebot


I don't get the alarmist tone of that piece: it's very preliminary, they are consulting with interested parties, building an opt out mechanism.

Oh and Apple already deployed an identical ad id a while ago.


I think "it's opt-out" is a very poor excuse. When something of this type is going to be implemented, opt-in should be the default. If you can't convince the people who will be affected by this that they are going to want it, then you are probably in the wrong.


Just because someone else is already doing it doesn't make it right.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: