A bit off topic but I'd love to see a sort of ML/AI feature where "related discussions" can be added automatically for added context, I appreciate you do this manually and I find it very useful to get more of an idea of the relevance/importance of a topic!
(Maybe even a "HN search found 3 possibly related threads")
The definition of what counts as ML/AI can be fuzzy, but I don't think the original PageRank algorithm would qualify as ML/AI under any definition: http://infolab.stanford.edu/~backrub/google.html
The goal with those 'related' lists is to get something more meaningful and interesting than HN Search results (which are pretty good already). That's a high enough bar that it takes judgment and taste to know what to include.
For sure we want to get beyond "mods do it manually" as the strategy. I'm not averse to trying out an ML/AI approach—the nice thing is that all the relevant data is public, so anyone could build it and we could all try it out. But my personal inclination is to build something that would rely more on the community.
I don't see how the entire FLoC concept can succeed.
There is zero incentive for Chromium forks, let alone any other browser vendor, to implement/leave-in this technology. For other browser vendors, it is zero-effort to not support it.
For Chromium forks, implementing it is zero effort but also comes with the same negative gain it would have for other vendors (that end-users are blind to). Unless you consider "more relevant advertisements" a win for users.
Although Chrome/Edgium have enough market share to make advertisers happy with this change, I see this entire concept as something that could further erode that given enough negative publicity. Which is fine by me.
>There is zero incentive for Chromium forks, let alone any other browser vendor, to implement/leave-in this technology.
Chrome has a 60-70% market share on its own. Most people don’t even know the difference between “the internet” “the www” and “chrome” So, there is zero incentive for the 30% of non-chrome browsers, but most of the people who don’t use adblockers anyway will be sucked into this.
Why'd they go out and download another browser if they don't understand the concept of a browser? Only Android comes with the Google browser as default browser as far as I know.
I think whatever the setupper of the computer dictates whatever Internet is, and secondarily the OS vendor if the new user doesn't have a tech friend.
I don't think Chrome is somehow == Internet for these people specifically. (Personally I call the shortcut "Internet" so it's consistent across devices and they don't have to recognize Lightning on their phone and Firefox on their laptop.)
Most Chrome users didn't actually install it. That's the case on desktops/laptops, but not on mobile, which is the segment that bought a lot of new people to the internet in the past few years.
Android is the most popular mobile OS (+70% of market share[0]) and most Android phones sold outside China come Google Apps/Chrome pre-installed. That's a lot of Chrome installations.
And now Chromebooks are selling like hot cakes (30M in 2020[1], a huge increase mostly because of the pandemic) and Chrome is the default browser there too.
Old folks don't download Chrome, their sucker children do. Those who are too frail to lift the koolaid cup to their mouths shall be aided by their brethren.
But also Chrome isn't super hard to install anyway and the dark patterns "help" with the process. Go on Google.com with MS Edge and it'll tell you Chrome will give you a faster, more betterer Internet. It must be pretty convincing to hear that from the de facto arbiter of the world wide web and all you have to do is follow the pretty blue buttons. I was able to install Roblox when I was 10 with less guidance.
Yeah. If I open Google docs with Gnome Epiphany, I get a message that says IE is no longer supported. IE? And until recently, Vivaldi had all sorts of issues on google websites, even though it’s chromium.
> We also often encounter websites that block the exact string “Vivaldi”, with no contact or warning to us. This is particularly problematic when the larger technology behemoths (some of whom we directly compete with in the browser space) do this
To be fair, Edge is also "pushed onto" people, being a default install in Windows.
Not saying it's right how Chrome is pushed though. IMO, ideally there would be regulation requiring Windows to offer a fair choice of browser downloads (none preinstalled) when you set up the computer, and google wouldn't pull it's "faster, better browser" thing when visiting their search site.
Only Chrome on Android alone accounts for a big percentage of web traffic. Android is the most used mobile operating system, and nowadays there are more users that browse with a mobile device than users that use a PC.
Beside that, a lot of people is induced by Google to install Chrome. A lot of Google services doesn't work so well in browsers that are not Chrome. One of them is Google Meet, that is used in my country by a lot of schools. This is of course by design, there are no reasons Google couldn't make a software that works in all browsers.
In addition to the various Google pages telling the user to install Chrome, it's also sometime bundled in the installer of other free (as in beer) software, with the default option installing chrome and setting it as default web browser.
>Most people don’t even know the difference between “the internet” “the www” and “chrome”
I mean it used to be that most people didn't know the difference between IE and the internet, and some time in the last ten years I guess it changed to Chrome instead of IE.
Now of course there have been more people coming on to the web during that time as well, but I have to think that there is a significant number of people who by this time must have some idea that the browser itself is not the internet.
And I don't use adblockers, but I don't use chrome either.
> I mean it used to be that most people didn't know the difference between IE and the internet, and some time in the last ten years I guess it changed to Chrome instead of IE.
Right and there was a reason for that. IE's monopoly didn't fall from the sky. Netscape was flying high and they decided to rewrite the whole browser while IE kept adding features. The end result was that yes, Firefox was born, but its market share collapsed.
Now you have a lot of browsers deciding that the most important thing they can do is remove features and break websites. Maybe those features aren't very good from a privacy point of view, but when the other guy's browser works and yours doesn't, that's not a recipe for gaining market share. Chrome is the other guy, and unlike Safari which is disabling cookies right and left and refusing to load resources, Chrome is willing to do it and sites work with Chrome. So in that dynamic, there is little reason to think that Chrome is going to lose market share to browsers whose main raison d'etre is that they will refuse to load/send resources. If it wasn't for iOS banning non-safari engines, Chrome's market share would be much higher, which is pretty sad given that it's become so bloated. But users care more about stuff working.
From memory it looked more like MS bundled their browser with the OS, and back in the day discoverability of software was practically zero, so MS just sort of won through inertia.
Mozilla did start writing firebird (phoenix?) which then became firefox, but I think by then MS already had the de facto monopoly.
I may be misremembering history there of course...
It took ~ ten days to convince my family to move from IE to Firefox. I was about 11 years old at the time. People do not have strong attachments to their web browser. If you show them a viable alternative with tangible benefits, they might switch to it.
The other day I got a message from a website something like "this site is no longer supported on Internet Explorer, please try Chrome for best experience".
That was before bookmark and passwords sync, which now act as significant moats. You used to be able to import bookmarks from another browser, but you can't do that with passwords.
I don’t know the story about browser import today, but Chrome has a CSV export of passwords to presumably there is some mechanism to migrate passwords, no?
Google will find a way to punish other browsers in the same way they punish browsers like Epiphany or Falkon: by locking users out of Google properties for "security" reasons.
Brave runs their own ad network. So does Edge. Firefox makes their money through search engine placement and donations. I don't think these browsers being less valued on another company's ad network is actually a loss for them.
Microsoft’s as network isn’t really relevant nor a significant driver of business decisions at Microsoft. Disclaimer: former FTE SE, and I worked on Internet Explorer briefly in 2015.
Chromium-Edge was forked after I left MS, but from what I gathered the higher-ups were aware of how far-behind MSHTML+EdgeHTML was, and it was getting worse with each Chrome release. One major problem was the rise in the popularity of NodeJS and Electron: both of which trounced Windows’ Chakra engine and legacy HTA platform (and no-one was building for “Windows Store HTML” for obvious reasons), especially on ARM (IIRC, Chakra didn’t JIT on ARM).
Anyway, Microsoft’s problem is they don’t want to lose the web to Google because they recognise the web is now “the platform”, including desktop “web” apps running in Electron. Any business knows it’s a liability to have dependencies on your competitors. The plan, originally, was to base Edge on Chromium, then built it into the OS, so desktop apps can use modern Chromium features in a build optimised for Windows and the user’s computer without needing 200MB+ Electron packages and 400MB RAM and dozens of separate processes for what should be a trusted application.
...however that still hasn’t panned-out yet. Which I find concerning because I thought Microsoft would treat Chromium the way Apple treats Safari: a browser that puts the user - and their privacy - first, because Microsoft isn’t Google and doesn’t significantly benefit from tracking users over the web.
...but they have been. Edge’s privacy stats are almost as bad as Chrome’s. I’m guessing some GP or VP from the Bing org had a word with OSG’s VPs and convinced them to compromise Edge to benefit Bing despite the overall damage to the Microsoft brand and eliminating possibly the most important advantage Edge had over Chrome.
> One can easily imagine a future where Firefox must implement FLoC to continue receiving that money.
I can see them getting a good offer from Bing...
Does Mozilla have an endowment? I would hope that they’d keep at least $10m in endowment so that they can sustainably continue to fund minimal development to keep the engine and browser up-to-date w.r.t. security and W3C spec changes.
MS has no incentive to make any such deal. FF marketshare numbers having been tanking so bad, even the newer Edge browser might overtake them in a few years.
Assuming they would still make Firefox an offer, good would be far from an apt description of it.
> 100% of a browsers revenue comes from advertising. Nobody pays $24.95 for a boxed copy of Netscape Navigator anymore.
I know Opera got their revenue from licensing their engine to Nintendo and other OEMs, as well as with Opera Mini. But since they switched to WebKit (like everyone else...) they can’t license-away their browser, so what’s their business model?
What is the market share of chromium forks? Chrome - not chromium - has 65%, Safari has 20%, then you drop to 3.5% for Edge -- basically people accidentally launching Edge when they try to search for stuff in what used to be the windows start menu -- along with Opera and Firefox. Combined, Edge, Firefox and Opera have about 10% market share, and then far below them are browsers like Brave, with 1% market share, and far below that are browsers like Vivaldi.
> I don't see how the entire FLoC concept can succeed.
It probably doesn't need to. What is important is that Google can show authorities that they tried to track less, honest guv! It's the market that won't let us!
I’m sure there has to be a better way to introduce the audience to FLoC. I’m over five paragraphs in and the article hasn’t properly articulated what is FLoC and _why_ it is bad. Just that it is bad.
I'll take a stab. Suppose your browser told every website you visited that you had the identifier "FAANG", and your friends web browser told every website they visited: "FAA_G" (b/c obviously they don't have netflix).
Per the linked article, the browser is filling in the blanks "___N_" as you visit each website, but it's telling each website not _what_ site you visited, but that you are in the groups of "FAA_G" vs. "FAANG".
The browser manufacturer is effectively seeing every user for what they are (all the letters of the alphabet, as it were), and each site is only seeing a hash/digest/cohort/group, but those group segregations are not coming from particular "networks of websites", but instead from the browser itself.
The end result is that you can't trust the browser b/c it might be (ed: it is!) spying on you.
Google started removing the URL bar and replacing it with the omni-box. Instead of https://google.com/ => ?q=guitar, you would simply type "guitar" into the URL bar.
The lesson here is to reduce the number of intermediaries between you and your customer. Own the hardware, the screen, the operating system, the network, _everything_ between your CPU's and the user's eyeballs. (or in amazon's case, the manufacturer, the boxes, the website, the shipper, the TV, etc.). (or in netflix's case, the content, the edge-cache storage tank, the TV, the remote control, the pixels, etc.)
If I am reading this right (and you seem to have read it the same way) it ends up creating a browser fingerprint. Visit 1 FLoC and they have no real idea who you really are. But if you visit several they could easily tell. Which is similar to how they use your installed list of fonts to identify you. But more formalized?
You only ever belong to a single FloC. So let's for a second assume the non-adversarial use case. The advertiser isn't using any additional tools to track you. Then the only thing the advertiser has is your FloC. This doesn't identify you individually, but it might correlate with various interests.
If your FloC changes, which it will periodically, the advertiser doesn't have any history, so the correlation changes and you're given different ads.
Now let's assume that they have some additional information, like an IP address. Then they can say ah you had this FloC on this date, and this different FloC later. Its not more identifying (they already have your IP, which we assume is identifying enough). The FloC might let them infer things about your interests on other sites, so they have precise information on your browsing interests on this site, but only partial information on other sites.
As opposed to today, where 3rd party trackers mean they have full information on the other sites too.
Instead of fingerprinting out of millions of browser users a company now just has to have a rather small set (Floc) + old school finger printing to 100% uniquely identify a user.
I wonder how this feature even passed an internal Google privacy sniff test...
> Instead of fingerprinting out of millions of browser users a company now just has to have a rather small set (Floc) + old school finger printing to 100% uniquely identify a user.
A company can already fingerprint you with 100% certainty with a third party cookie. The idea is to replace those with FLoC. It's at worst a lateral move, and usually an improvement.
It's not the same as third party cookies! Third party cookies works only if:
a) every site you visit loads some Google/Facebook/whatever JavaScript to track you. That are not all sites.
b) you didn't disable these scripts with extensions like UBlock (that to me is essentials these days) or use a browser that value your privacy (like Firefox) that blocks them by default.
This system not only is deeply integrated in the browser and thus impossible to block with extensions (without modifying the source code of the browser, that in case of a proprietary browser like Google Chrome you can't), but also track all your browsing history, meaning that they catch even sites that doesn't include Google trackers inside.
Another bad thing about this system is that is integrated inside the browser, meaning that for a closed source browser like Chrome only Google knows how it works and what exactly it does. While classical tracker scripts that uses third party cookies are implemented in JavaScript, minified and obfuscated, but still you can in theory read the source code and understand what they do.
This is far worse for privacy than how things are now!
> a) every site you visit loads some Google/Facebook/whatever JavaScript to track you. That are not all sites.
Right, but it is, to a first approximation, all of the sites that are going to be showing you personalized ads.
> Another bad thing about this system is that is integrated inside the browser, meaning that for a closed source browser like Chrome only Google knows how it works and what exactly it does. While classical tracker scripts that uses third party cookies are implemented in JavaScript, minified and obfuscated, but still you can in theory read the source code and understand what they do.
I'm not quite sure what you're getting at here. The setting and reading of a cookie by a client, yes, will be written in JS. That doesn't mean that you can know what its doing (there are likely cookies on your system that contain encrypted payloads that you can't read). The system that "actually" reads those cookies is hidden behind an API, so you don't have access to even the binary code.
From that perspective, FloC is no worse, and is usually better, as the payload itself is generated and managed on your machine.
Tangentially, FloC is similar to but probably more privacy preserving than the way Brave Browser does advertising today, and that was heralded by many on HN as a huge privacy improvement.
yes, but i can have addon that will clean that cookie everytime i leave that sit and that cookie is only relevant for that site that set it.. i also can disable third party cookie at all so a site cannot see cookies for other sites.. and they can only track what sites you go that have their ad or their social media buttons..
afaik you cannot disable floc with an addon and you do not have any control over the floc id is assigned to you.. the floc id is calculated once a week based on the sites you visit on the previous 1 week.. so it leak information of what sites you have being visiting if anyone is able to reverse the sites that generated that floc id even if the site does not have adds or social media button on then or you use add blockers..
and i bet all the major tracking players will have farms calculating all possible floc ids from all the popular sites..
maybe do an addon that load randon stuff from randon domains in the background to taint the floc id so it makes harder to reverse the actual sites you are visiting.. or just use an browser that does not have it..
but beside floc, browser fingerprinting already allow tracker to identify people almost uniquely even without using cookies, there is already work on how to fingerprint someone without using either cookies or client side scripts, just by analyzing the timing when accessing several random subdomains using hundreds of redirects..
floc is just one more info they will have on you with no added benefit..
That compromise would require knowing who someone actually is between site and site - you could collect the full list of cohorts but you'd need additional information to be able to marry all that data together - let's say something like facebook injecting JS into every page on the internet to harvest cohort information and then gleefully reselling that information.
> but those group segregations are not coming from particular "networks of websites", but instead from the browser itself.
Wait, I thought the whole point was that third parties could define what a "cohort" is, and the browser would handle determining whether or not you belong in them?
no, the browser that generate your cohort based on all the sites you visited on the last week.. it refresh it every week..
and it will include all sites from the last week, whatever you used adblocker to prevent tracking or if the site did not had any social media buttons that would allow then to track you there in the first place..
I wonder if that's because there's no short way to describe FLoC in a way that makes it sound bad for users. They'd need one paragraph to introduce FLoC, then another three making nuanced arguments about how it's actually worse than the status quo, and only then could they get to the core post about not supporting it.
Better to avoid that fire and just let the reader infer FLoC is bad, whatever it is.
FLoC is a granular identifier that groups users into cohorts of a few dozen thousand based upon their recent browsing history, allowing advertisers to uniquely identify users with only a few additional bits of information _and_ more easily collaborate to identify a user's browsing history.
>FLoC is a granular identifier that groups users into cohorts of a few dozen thousand based upon their recent browsing history, allowing advertisers to uniquely identify users with only a few additional bits of information _and_ more easily collaborate to identify a user's browsing history.
> That wasn't hard.
It also doesn't explain why that's worse than the current practice of directly identifying individuals. Which is the hard bit.
they will still be able to identify you individually.. floc actually might make it easier by first assigning you to group of just a few thousands other people.. that mean they just need a few extra bits of fingerprinting to identify you uniquely from there..
also previously they could only track were you had being if there was an ad in that page or if it had a social media button basically they could store a cookie or run a script in a specific context of a specific site and now they knew you visited that site..
now with floc they can track you everywhere, even sites that do not have ads or buttons will be included when calculating your floc..
I just don't like how FLoC was implemented. No opt-in or opt-out consent. Written completely by Google employees. Not approved by Privacy Interest Group, Web Technical Architecture Group, or WICG. No control over which cohort you are in, despite being able to add this feature.
If it was complemented with a Privacy Budget API– each privacy-losing API call costs budget and there is a limit– to eliminate other factors for fingerprinting and IDing that you can combine with FLoC to unique track people– thus giving advertisers complete browsing history– then I'd reconsider.
Another thing is webmasters can opt-out of FLoC through a header. But many webmasters don't control headers...
And on top of the practical consequences of its implementation.... not good.
How exactly could it be implemented though? EFF and Firefox immediately started a session attacking anything similar to it and demanding that ALL targeting ads stop.
There doesn't seem to be space for dialog or a common standard here, either Google does it or they fail and Firefox and privacy wins the world!
What ever happened to non-tracking contextual ads?
If I browse stackoverflow I'm probably looking for some saas, or tech related, or a react training course on a react question. If I browse game sites maybe I want a MMORPG promo or time card sale.
I don't want to see an ad to buy more toilets after having purchased a toilet once a month ago that is supposed to last decades. On every single site. For the next year.
The primary intended audience for this article is people Googling either "does vivaldi use floc" or "what browsers don't have floc." The secondary audience is giving Vivaldi fans an easy way to answer when someone asks those same questions on social media. So it's mostly targeted at people who have at least a vague idea already what FLoC is. And for that audience, the content flow is ideal: the article leads with a direct at straightforward answer to the question at hand.
Please RTFA before commenting, they explain it very well further down. The subsection literally has the header "How does FloC work?", not exactly hard to find.
"Please switch to a browser that supports FLoC to view this page." [Links to Chrome, etc.]
"This website requires a browser that supports FLoC. Please install one of the folllowing compatible browsers: " [Links for Chrome, etc.]
"We've detected you are using a browser that does not support FLoC. Please update your browser to use this website." [Links to Chrome, etc.]
"Your browser is outdated! Please upgrade." [Links to Chrome, etc.]
"Browsehappy" [Links to Chrome, etc.]
As someone who routinely uses a browser that does not support Javascript, I see "warnings" like this once in a while. There are so many. Apologies if I remember the wordings incorrectly. Of course, 99% of the time the lack of a Javascript engine has zero effect on the ability to retrieve the information I need from the site. And I still get the info in the 1% cases anyway, if I really want it.
With FLoC, will web developers be able to make claims that a site "will not work" without FLoC. How will they get users to use Chrome or other browsers that enable FLoC by default.
At this point, the only browser that could ignore FLoC without being blocked by website is Safari. If Safari chooses not to implement FLoC, it might be sufficient to prevent web developers from blocking other non-FLoC browsers.
All of this rest on Apple standing up for privacy through.. so watch for any announcements from Apple.
iOS is too lucrative of a market to ignore. It is like not selling cars in California. Every car manufacturer conforms to California emissions standards because California is too lucrative to ignore.
Of course the FLoC team would want browsers to throw an exception, since that wouldn't damage the perceived legitimacy of FLoC. But as a user I'd rather feed them false data if possible.
There are quite a few ways for a site to distinguish private/incognito from normal browsing, and IMO these differences should be treated as bugs. Indeed, these differences often break sites (including a vaccine registration site) that should work fine. We don't need even more ways for sites to break in private/incognito mode.
I've been using NoScript with block-all by default (on a laptop - not mobile) for about two years now and I really appreciate how many sites I can visit and immediately close due to the sheer number of scripts that would be require enabling to actually render the page.
It's a nice way to screen for better browsing experience pages.
I use Firefox Android uTorrent's manual Javascript toggle (under "More"). I've found NoScript to be too much work but an easily accessible manual toggle works for me.
Nah, tbh i dont even add adblocker-blockers. I think many publishers (most, i would say) are disgruntled with the way google totally dominated the market, and we'd rather stop feeding their monopoly this time. I added a referral link to brave browser on all my sites instead.
anecdotally i rarely see adblocker-blockers anymore
This would be boring if it weren't so serious. It's damn time that the Googles of this world were brought to heel with legislation that has real teeth — i.e.: the levying of fines worth 20% upward of annual turnover as well as heavy fines levied on employees who concoct, design and or deliberately participate in introducing or maintaining these scams.
Once employees are also targeted and held responsible for their actions at law then we stand a chance of getting at least some of our internet back.
Google, Facebook and their cohorts are outrageous, they have been stealing our internet with complete impunity for over two decades like a metastasizing cancer. We users really do need to get proactive over this, if not then soon the internet will be effectively dead for many of us—we'll be left ghettoized in some outpost or alternatively we'll be forced to abandon it altogether. We may even need to resort to street demos or marches to convince politicians that the rotten, monopolistic behavior of Big Tech is no longer to be tolerated.
It's also time we banned non-human entities (aka corporations) from lobbying politicians in private. Any lobbying by them ought to be done at public hearings specifically held for the purpose (corporate lobbying has probably done more damage to our Democracies since the Civil War or even earlier than any single other factor.)
"As someone who routinely uses a browser that does not support Javascript,<...>"
Likewise, my browser has JavaScript turned off by default. 1vuio0pswjnm7, what you failed to mention was how much faster webpages render without JavaScript, when it's switched off the speed improvement is enormous, also all that jerkiness and unevenness of presentation disappears. (As I've posted many times, it's not JavaScript that's the main fault-it's the enormous abuse websites commit using it. It's nothing nowadays for a webpage to be anywhere between 2 and 5MB in size, and on inspection a huge percentage of that code is devoted to serving up you private data to surveillance capitalism. Reality check: remember a standard page of text is only 2kB!)
"Javascript engine has zero effect on the browser's ability to display the information I need from the site. And I still get the info 100% of the time anyway, if I really want it."
Exactly right! Take note website owners who present blank pages when JavaScript is turned off: I used to find it a challenge to get your pages which I then proceed to do anyway. Now I no longer bother, as I've learned that websites that use such scummy lowdown tactics aren't worth visiting anyway. From my observation there's a remarkable correlation between such behavior and the [lack of] quality of the material on the website.
If I do a search on https://www.google.com without sending SNI, I get a terse message placed in the CN X.509 attribute of the returned certificate: "Fix your client". It feels like arrogance and it seems like they have acquired a remarkable sense of entitlement. (The search still works.)
As for speed, it would be interesting to have a "surfing contest", i.e., a web surfing contest that is a "browser challenge", pitting a team of users using a no-Javascript user agent versus a team using a "modern browser". The objective might be something like a race to interactively extract a given item of textual information from a selection of Javascript-heavy websites.
"As for speed, it would be interesting to have a "surfing contest"
Indeed it would be and as far as I know it's not been done recently either (anyway not with openly published results). Nevertheless, I would like to see say the top six browsers tested on heavy JavaScript websites that use lots of advertising. I'd reckon 100 sites would be plenty to get a definitive outcome of the speed differences.
Of course, it's unlikely happen given the fact that JavaScript is now so ubiquitous along with the all-too-common assumption that the web cannot cope (or would cease to work) without it—the logic being that there would be little point to the exercise. Moreover, if a such a test were conducted and nuking JS showed that most sites would be much faster without it then it'd still receive negative publicity as the many naysayers would point to website features that didn't work. And that's absolutely true some features will not—and with some, albeit still fewer again, will not work at all.
(Remember, this used not to be the case 20 years ago. So it's time we examined why JS is so critical now when it once wasn't. I'd make a substantial bet that the real or most substantive reason has little to do with improving the experience of website visitors (that is unless one considers that slowing websites down as a benefit) - and it's much more to do with benefiting website owners and their advertisers. One thing is for certain, we really do need to put a proper measure on this. Then, like limiting the advertising on television (as most counties already do with (essentially) the exception of the US), with accurate stats legislators could apply appropriate limits on advertising and data collection, etc. to web services. As things stand at present, it's nothing other than the Wild West.)
Of course, the test sites would have to be selected fairly and with care to provide a representative sample. I tend to gravitate to sites where JS is minimal and where killing JS makes little or no difference to viewing the core material (many technical sites fall into this category). Therefore, taking say the last 100 websites that I've visited would not be a representative sample. Incidentally, of the sites I visit about 95% work very well without JavaScript—so my default experience is to browse without JS enabled. Of the remaining 5% I've a choice of what to do, I can either toggle JS on and refresh the browser or instantly get out of there. On average I'd back out of about two-thirds of that 5% and toggle JS on for the remainder (all up, that's around 2% with JS).
This is where the naysayers miss the point. Whilst it's possible to default JS to off at the beginning of a new session I usually don't bother, so it's not unusual for me to start a new day's browsing with JS still toggled on from the previous session without me initially realizing it. However within a second or so I know that JavaScript has been left on by the way the browser responds (anyone who does what I do will know this experience well). Even if no JS content is obvious or visible on the page, if it's running tasks in the background then I will almost certainly notice it immediately as the browser is less responsive, paging becomes slower and there's a jerkiness to it that's not dissimilar to running programs under a Virtual Machine). I know JS aficionados either won't believe me or that they'll claim I'm exaggerating. Moreover, I know that me saying that I'm not exaggerating or attempting to prove it won't convince them one iota whatsoever, so there's no point in me trying—and then I don't have to prove anything anyway! If anyone really needs to know then he/she needs to do a quick survey of others who don't use JS and they'll soon find that those non-JS users will support what I'm saying.
"they have acquired a remarkable sense of entitlement. (The search still works.)"
Right, this is a good indication that the code that's actually been killed is the monitoring or spyware stuff and the coders/website owners are indignant about the fact that it isn't working (after all, given various error messages we get in these circumstances, we know they're checking to see whether the code in this section is running as intended or not). I regularly get messages such as 'Please turn on JavaScript to get the full benefit of this site [and or] certain features of this site will not work without JS' - and that's true—but they are the very ones that I do not want to work!
You often see the same nonsense with Android apps. Like the PC, I turn off as much Google as I can. I do not use any of Google's services, so on my rooted smartphones this means removing all Google apps (Google Play Services, Play Store, etc.). When the Google apps are removed many Android apps will complain to the effect: 'XYZ app will not run until you update Google Play Services' but they still work anyway (there are many exceptions that won't run and how to get around the problems is too off-topic to discuss here). Anyway, when apps still work but complain about Google Play Services it's almost a certain bet that it's the data gathering aspect of the Play Services that's relevant here—so I just ignore it (most people, even diehard Google fanatics, would prefer that data-gathering didn't work). FYI, always keep your old APK app files before you upgrade (and don't overwrite APK backups, as often that message doesn't pop up in older versions). That's to say, often Android updates contain nothing other than more highly refined code for spying, ipso facto, with Google Play Services and Play Store updates. (Of course, you'll get the security spiel/reason—as that's always the mandatory excuse/justification. Let me put it this way, you'll likely get both security updates and told so, what you won't be told is that Google's Android's Google Play Services 'receivers' schema has also been revamped to collect even more user data than previously (Android experts, I know that's a shortcut explanation/oversimplification but it'll have to do).
In my opinion a better and much more relevant and informative test would be to do a survey of a larger number of websites, say perhaps in excess of a 1000 or more of the most popular ones. Then analyze exactly what JavaScript is being used for on each site—that being to do a detailed statistical breakdown of JS's various functions on a per site basis then
average this breakdown analysis across the whole web.
I've not conducted a rigorous test like this myself as it's a great deal of work to get meaningful statistics but I know from the number of times I've looked at the code from heavy JS sites that a very large percentage of the scripting goes into alerting every dog and sundry about what users are viewing and or doing. Whether one analyzes the website code or logs the destination IP addresses these pages call home to, one will see the huge amount of feedback that's being sent to many, many dozens of data-collecting websites. It's quite horrifying to watch it happening (I've been so alarmed that it's not the first time I've pulled the RJ-45 plug out of the PC socket to stop it continuing).
A better strategy would be to pretend to be in favor of FLoC until 3rd-party cookies are all eliminated. Since the FLoC ID is generated on the client side, it then becomes super easy to return fake ones to the website. :-D
The problem with blanket disabling third party cookies as an individual user is some sites use them for non-tracking/advertising reasons and subsequently you find yourself wondering "why is this page not loading right" at inconvenient times like ordering food during a meeting only to realize it was trying to use 3rd party cookies to complete the ordering process.
I don't agree with the argument that "no tracking" is better than semi-anonymous tracking because I believe "no tracking" is effectively impossible. Only in some fantasy world are you going to get browsers to become the lowest-common-denominator place with no JavaScript. Not even Firefox nor Apple (privacy first) are pushing for that world.
I think possible one argument is if FLoC is good enough it will slow the tracking arms race. I suppose that is also a fantasy though.
> I believe "no tracking" is effectively impossible
The problem is cross-site tracking. You can't prevent a single site from tracking you on itself. But it should be possible to block third-party (tracker) content by default.
Anyone using Vivaldi full-time? As a Firefox user, I find I have to install a number of third-party extensions to get some basic functionality that Vivaldi has out of the box (ad-blocking, note taking). Anyone made the switch, and, if so, can you share your experience?
I jump between Vivaldi and Firefox, and I love both browsers. Currently I use Vivaldi more than Firefox. Here's what I like in both:
Firefox:
- Multi-account Containers extension is amazing. I only use it for a handful of accounts, but it is very simple to use. This is probably the feature I miss most in Vivaldi.
- The interface integrates better with my DE (Cinnamon), and overall feels less cluttered. Vivaldi has some kind of bar on each edge of the window. Toggle UI (Ctrl+F11) helps to hide this, but Vivaldi does take more space away from the webpage.
- I use uBlock Origin for adblock which seems to block more than Vivaldi by default. Vivaldi's built-in blocker is really great though, and I haven't felt the need to install an extension for adblock in Vivaldi.
Vivaldi:
- I love the recent addition of a second tab bar[0], though I was skeptical at first. I can quickly stack tabs by host to declutter, and then see all the tabs on a second row with full details when I select the stack.
- The experimental builtin RSS[1] and Email panels are wonderful. Still some rough edges, but it is nice to not rely on another tool or service for RSS, and it is my favorite RSS reader I have used so far because it is simple and stays out of my way.
- Many more tab management features. Saving tabs as a session, tiling, stacking, periodic reload, etc. Not all features I use daily, but handy when I need it.
Overall, I've settled on using both browsers now. Each has strengths and weaknesses and I will use whichever helps me best in the moment. I'd say give it a try, and don't think about it as a switch, rather as a new tool.
There's the profiles in Vivaldi. That's what I use and I found it to be better than Firefox's multi account containers because I don't have to choose the container each time I open the site.
Vivaldi has been my daily driver on Linux, Windows and Android for years now. It's just super efficient to work with.
- vertical tabs
- tabs tiling, stacking & 2nd tab-bar
- full page screenshots
- notes
- page actions (including a very useful CSS debugger, focus & hover highlighting, a freaking PAGE MINIMAP)
- sync
- mouse gestures
- all Chrome extensions work
- easily disable any Google services
- ad-block (i'm using it in addition to uBlock origin, uMatrix and Pi-Hole)
- no serious performance issues yet
What I DONT care about is the Email client they are working on. I'd rather see them focus on the browser features.
I don't use Vivaldi for any Google services, except search sometimes, for that I keep a Chromium instance around instead.
> What I DONT care about is the Email client they are working on. I'd rather see them focus on the browser features.
Like you, I've used Vivaldi for years. I downloaded because of the email client. Opera's M2 was a great mail client. I'm probably in the minority of users who don't use the usual suspects for webmail, and having an integrated mail client is nice. M2, in particular did some nice things:
* Fast full-text search through mail
* No organization: automatic mailing list aggregation; easy contact management; easy email filter by contact or thread
* Keyboard navigable.
* Doesn't default to top-quoting.
* RSS integration.
The M3 client had to be rewritten, one presumes, as a Chrome extension. This had to be pretty awful, considering, and probably explains part of the reason that everything took so long. I've been driving M3 for awhile, and what I really miss is suitable keyboard shortcuts. For the most part I've been very happy with it, though.
I despise webmail as well, Thunderbird all the way, but it has become a bit of an annoyance lately for some use-cases, so I am willing to look at alternatives.
However, some Thunderbird extensions have even become essential to me, most importantly Cardbook, which I use to manage Contacts across devices (shared via carddav on a selfhosted Nextcloud). Does M3 support carddav properly?
Also, can I add multiple mail accounts easily?
Are mails part of Vivaldi sync?
I might actually try it just to get a look at the current state. RSS client is nice, too.
No. This would actually be a pretty killer feature, and if they've implemented sync properly(?) maybe that's something they'll add in the future.
> Also, can I add multiple mail accounts easily?
Yes. I've had no issues here, although I've been using IMAP rather than POP3 for the interim while I decide how well it's going to work for me. (On the other hand, I haven't been back on M2 for several months, so maybe it's time for the switch?)
> Are mails part of Vivaldi sync?
No. Contacts make sense to me, but mail across sync would be basically implementing IMAP for sync purposes, right?
There are things still missing:
* mail import for those of us who still prefer POP to IMAP and have a ton of emails on our system
* highlight-to-quote
* more configurable keyboard shortcuts
* default bottom-quoting
* tighter calendar integration
But on the balance, it's a pretty decent client. I'll look forward to improvements as they have time to commit, but working it into Chromium has been a much more significant challenge than they originally anticipated. The devs/testers talked often about it not being ready for prime time, but I think that had much more to do with the extension development than it did with protocols (for example). I would also suspect that they're significantly understaffed compared to other teams.
And, to be honest, I doubt there's really even a big market for mail clients these days at all: we're mostly on Gmail or Outlook or some other web-based IMAP with integration across all devices. In-browser mail clients without some kind of super-sync feature ... just aren't likely to gain any traction.
Vivaldi is very feature-rich and smooth, but I cannot in good conscience use a proprietary browser as long as good open-source alternatives exist. Also, I'm just used to my custom firefox setup, I guess. I find it worth the initial time outlay to set it up, and of course there is the option of just carrying over your profiles to the new device.
Yes. I used Opera before, and Vivaldi is as close as one could get to that Opera <=12 experience (unfortunately including them taking years to fix minor bugs that annoy you).
It leaks memory for me on macOS. Not sure whether it's its own bug or if it's the Nvidia driver.
On the built-in ad blocker, I don't use that on my computer (uBlock Origin is way better) but I do use it on my phone. I don't use notes either, IMO there's no good reason this should be part of a web browser.
The tab grouping is a cool feature. The ability to screenshot the entire page is also a cool feature, but there's a bug that causes it to capture anything with border-radius without anti-aliasing, I reported that as VB-56521 on 26/08/2019 and it still isn't fixed.
Overall, there's this lack of attention to detail that permeates all their products and sometimes drives you crazy, but it's still way better than all other browsers that redesign their UIs every several years for no benefit to the user.
I have tried shifting to Vivaldi several times (I very frequently tend to hop browsers, just for the sake of it).
For me, Vivaldi's best feature is that it allows you to sideload extensions without kicking up a fuss about them with popups each time you start the browser. AFAIK no other Chromium-based browser apart from ungoogled-chromium allows that.
But on the other hand, it tries to do so many things altogether and shoves so many options and settings to the user it feels overwhelming. It feels bloated, and using it after you've been used to the minimal design on Chrome (and Firefox that has copied it), it just .. doesn't feel right.
I've been using Vivaldi since their first betas and it's been my primary browser ever since.
It was only logic: I was a long term Opera user, and Vivaldi became the spiritual child of Opera after Opera became another Chrome.
Vivaldi has always been great on features and garbage on performance/resource usage. Every once in a while they have a new release where they say they've really cleaned up performance so I try it out for a bit and it still has the same memory issues and same rendering performance issues compared to any other chromium based browser or Firefox.
But if the performance/resource usage isn't a problem for you and you don't mind using a close sourced browser it's top notch compared to Firefox.
- it is able to debug the web application I work on developing. (Trying to make it easier to debug under Firefox is on my todo list).
- it has mouse gestures, and they work everywhere (even on blank tabs).
I've been using Vivaldi full-time for a few months and I find it very pleasant. It took me a while to get used to the sidebar but now I appreciate having it. Ditto with how it reopens your last session's tabs by default.
Vivaldi and Brave both have built-in ad blockers. FLoC is a feature specifically designed to support advertising. Regardless of the privacy qualities of FLoC, it would be kind of pointless in these browsers anyway?
(Disclosure: I work on ads at Google, speaking only for myself)
Does FLoC include anti-tamper features or could one of Chrome's competitors "support" FLoC by populating the FLoC user profile with fabricated user data?
What I have not seen described is how how advertisers will select which FLoC cohort IDs to advertise to, i.e. which ID is for baseball fans or which is for luxury travelers. The cohorts are generated independently by clients, so Google and others must recreate their own directory of IDs based on their own site lists.
> The FLoC component in Chrome needs to call Google’s servers to check if it can function since Google is only enabling it in parts of the world that are not covered by Europe’s GDPR.
Well then, why do we keep looking for technical solutions to non-technical problems.
Please make the GDPR part of US law and we can move on. :)
The article links to FLoC[0] but the site gives me a 404. I used Google, a popular web search engine, to discover what FLoC stands for[1].
> Federated Learning of Cohorts
> a new way to make your browser do the profiling that third-party trackers used to do themselves: in this case, boiling down your recent browsing activity into a behavioral label, and then sharing it with websites and advertisers
I can't answer for anyone else, but I suspect they already knew. It was a bit tongue-in-cheek, putting a spin on what Google really is (a monopolistic internet advertising empire, profiting off detailed information about as many internet users as possible.)
Doesn't Vivaldi allow 3rd party cookies by default? Because if they do it seems a bit hypocritical to dislike a potential for abuse of FLoC when the ability to abuse 3rd party cookies is far simpler and more direct.
Disabling third party cookies apparently still has the potential to break certain websites, in particular those having to do with external authentication providers and authorization flows.
It took me w while to find out what FLoC is. It stands for "Federated Learning of Cohorts". Both this post and the one from brave never expands this abbreviation.
I just cannot see how this is anything other than a naked attempt by Google to get itself broken up. There's literally no reason someone writing a web-browser should be building spyware for advertisers. It's like if Microsoft had decided to start building those scummy Internet Explorer Toolbars in the 2000s.
I still think that any kind of user tracking should be illegal. It is no different from stalking.
You visit one site, maybe enter something in a search box about your health problem or similar. Visit next site and you have all sorts of ads trying to help with your problem.
This is wrong.
Instead of fingerprinting out of millions of browser users a company now just has to have a rather small set (Floc) + old school finger printing to 100% uniquely identify a user.
I wonder how this feature even passed an internal Google privacy sniff test...
I like vivaldi, however I feel like the added UI features even though great and beneficial contribute to the browser crashing a lot. I like the vertical tabs feature so much, but having vivaldi crash on me has made me go to brave.
> The FLoC component in Chrome needs to call Google’s servers to check if it can function since Google is only enabling it in parts of the world that are not covered by Europe’s GDPR
Except there may be perfectly benign reasons for doing this, not "this is totally illegal in the EU but let's just push it on everyone else".
For example, the lawyers may believe the technology is legal, but haven't worked through all the implications with respect to the GDPR. So the end goal may be that it is launched in the EU, but they aren't ready to do so yet.
It's not. For non-essential stuff you need permission from your user. So don't track and you don't need to show a cookie banner even if you use cookies.
It is not really about the cookie banner though. It is more about user info that is saved anywhere, so for things with accounts etc. it is really relevant.
I think that's the whole point of GDPR. Linda like the Windows alerts, if they are made/forced to be made obnoxious enough, the ux suffers and companies just learn to play nice instead.
I don't see what you mean. It's very easy to be GDPR compliant, just don't track your users. In fact, it's more work to be non-compliant than to be compliant.
Is not using the shipping address for any other reason than shipping an order really that much more effort?
Sure, protecting that information is more effort, but you should be doing that already, right? not just from a GDPR perspective but a business perspective too - if a competitor can get a list of all your clients and send them brochures with 10% discount on your prices, you'll close down pretty quick.
I agree all systems should have better support for autocompletion so that users configure address only once for device, not for each service. Not only is this more private, it is also more convenient. Alas, until support is in place, remembering address is significantly more convenient for users.
> not just from a GDPR perspective but a business perspective too - if a competitor can get a list of all your clients and send them brochures with 10% discount on your prices, you'll close down pretty quick.
Actually if someone trustworthy could take care of developing the browser engine everyone else could develop the browsers around it.
Not sure if it would be a good idea, but absolutely an interesting one.
My biggest issue with the idea is how we can ensure that a single browser engine isn't manipulated into a tool for power hugry politicians and the increasingly problematic media industry.
> My biggest issue with the idea is how we can ensure that a single browser engine isn't manipulated into a tool for power hugry politicians and the increasingly problematic media industry.
With a single engine diversity is already dead. But one can argue you can still build shallow or deep skins on top, but the problem of default bundling with devices is harder to solve. That's really where Chrome got the clinching edge over Firefox.
The problem is when they have abused their power for 5 years and have all but killed all competition.
Then they need to be published just like Microsoft was.
There's nothing to be worried about: Google will survive, just like Microsoft did despite some serious punishment. If anything Microsoft learned and came out (somewhat) nicer and more agile.
You seem to insinuate that such rules would disincentivize the creation of interesting things, but I cannot imagine someone deciding not to create something simply because there is an unfathomably high ceiling on how successful it can be.
People, sovereign, elected congress which passed antitrust law. You are not allowed to keep it because law passed by duly elected representatives of sovereign people says so.
Can you help me connect the dots re: the Sherman Antitrust Act of 1890 and Google Chrome's 64% global market share (47% in the US, the country being discussed)? I'm having a hard time seeing how those two things are related.
US Government needs to actually represent interests of citizens more than interests on corps bribing them to allow abuse of people rights and privacy to continue.
Implementing GDPR like regulation in US will solve a lot of issues.
You can't just point fingers at a specific company and say, yes that giant monopoly out of the other 50 monopolies is the bad one. The others are perfectly fine.
The solution to this is to hold them all accountable for anti-competitive behavior, and not to ignore anti-competitive behavior of one company just because another got away with it at one time.
Microsoft doesn't own 95% of the ad market, pretty much the entire search market, the browser market (and thus web standards pretty much), and also email, storage, etc.
Google owns the internet.
But hey, you are right. Split MS up as well. All of these companies have gotten too damn big.
Presumably splitting up the company would also involve restrictions about other large tech companies gobbling up the resulting Google-chunks. Anti-trust law is a thing that the US could enforce if they so chose.
The difference between efficient price discovery and advertising is roughly equivalent to the difference between efficient sexual reproduction and rape.
Advertising is a kind of persuasive technology. I use "persuasive technology" as a neutral term to include both its weak form (advertising) and its strong form (mind control).
Brave disables Chromium FLoC features - https://news.ycombinator.com/item?id=26765084 - April 2021 (335 comments)
Am I FLoCed? - https://news.ycombinator.com/item?id=26755313 - April 2021 (33 comments)
Google’s FLoC Is a Terrible Idea - https://news.ycombinator.com/item?id=26344013 - March 2021 (348 comments)
I know there have been others - if anyone finds them, I'll add to the above list.