Email spam is still a great problem on today’s Internet. Most users who have email accounts receive spam regularly. While most of the spam is detected by mail filters, at least when it comes to most providers, there is still enough spam that slips through the cracks.
Google launched a new text classifier on Gmail that promises better detection rates, less false positives and also improved performance. Called RETVec — Resilient & Efficient Text Vectorizer — it is improving spam detection on Gmail by 38% and reducing false positives by almost 20%.
Google says that RETVec achieves this “combining a novel, highly-compact character encoder, an augmentation-driven training regime, and the use of metric learning”.
Its architecture makes RETVec compatible with any language out of the box and all UTF-8 characters without the need for text processing.
Spammers and malicious actors use different methods to bypass spam filters. Frequent methods include the use of homoglyphs, characters that look very much alike, or the use of invisible characters.
Google claims that Gmail’s new anti-spam system is better suited to identify these tactics and deal with them accordingly.
The company trained the new model internally at Google for a time to better understand its effectiveness. Google says it found it “highly effective for security and anti-abuse applications” as a result of its internal tests.
RETVec in detail
RETVec is released as open source. You may visit the GitHub project website for access to the source. There, you will also find more information, including the paper and links to demos.
Google describes RETVec in the following way on GitHub to a development-focused audience:
RETVec is trained to be resilient against character-level manipulations including insertion, deletion, typos, homoglyphs, LEET substitution, and more. The RETVec model is trained on top of a novel character encoder which can encode all UTF-8 characters and words efficiently.
Google notes that RETVec may also be a choice for “on-device and web use cases”. The technology is supported natively in TensorFlow Lite and there is also a custom JavaScript implementation.
Closing Words
Gmail users benefit from the new anti-spam filter on the site. A reduction by 38% is a massive improvement, especially considering Gmail’s daily mail volume. Google benefits from the deployment as well, as performance improves significantly thanks to the lightweight nature of the new text vectorizer.
This year has seen a fundamental shift on YouTube regarding advertising and adblockers. Not only is YouTube showing popups to some users who use adblockers, to get them to uninstall them or buy YouTube Premium, Google is also working on making adblockers in Chrome less effective.
Without going into too many details. Chrome’s system for extensions will be updated in 2024 to only allow extensions that follow a new rule set. Called Manifest V3, Google claims that it improves privacy of users and combats rogue extensions. At the same time, it is also limiting legitimate extensions, many of which impact Google’s bottom line.
Most content blockers work fine right now. While you may get the “ad blockers are not allowed on YouTube” popup message, it is easily dealt with by updating the filter list of the extension.
The change impacts other Chromium-based browsers to a degree. Some, like Brave or Vivaldi, include native adblockers that will continue to work.
Those that are updated need to follow the new rules. Besides imposing certain limits on extensions, Google is also enforcing all updates through its Web Store.
Content blockers rely on frequent updates to deal with an ever changing advertising landscape. Advertisers may rename scripts or move them, and content blockers need to update filters before these are blocked.
Most content blockers rely on filter lists. These lists are updated directly at the moment. Once support for Manifest V2 is dropped, these updates need to be pushed through the Chrome Web Store.
One problem here is that updates take anywhere from a few hours to days or even weeks. Google is in control of these updates, and the situation will worsen only if everything is forced through the Web Store’s review process.
Imagine the following scenario: Advertiser A makes a change on the site. Filter lists are updated. Updates are pushed through the Chrome Web Store. The review takes hours or days. Until it passes the review, ads may be displayed on the advertisers property.
Now imagine an advertiser that constantly changes scripts and tactics.
Remove Adblock Thing
Extensions are not the only option that users have to combat advertising and privacy invasions on the Internet. There are several other options, including DNS-based solutions and also userscripts.
Remove Adblock Thing is such a script. You need to install an extension in your browser of choice that supports scripts. A popular option is Tampermonkey, which is available for Chrome, Firefox and many other browsers.
The userscript blocks YouTube’s anti-adblocker popup. Besides that, it will also mute, skip or speed up ads on the site to improve its usability.
Here is how you install it:
Download Tampermonkey for your web browser. The official website has links to all stores.
Load https://github.com/TheRealJoelmatic/RemoveAdblockThing/blob/main/Youtube-Ad-blocker-Reminder-Remover.user.js next in your browser.
TamperMonkey should identify it immediately as a script and display its install option.
Select install to add it to the extension.
The script works automatically on YouTube and it includes an update URL as well.
Closing Words
The main benefit of the script is that it offers another option to skip or bypass ads on YouTube. Even if adblockers stop working temporarily or permanently, you may use Tampermoney with this script instead.
You may have heard it a thousand times already, but here it comes again: protecting accounts with strong and unique passwords, and using a second form of authentication is essential to security.
While the main focus seems to be on this recommendation, many guides fail to mention other essentials. One example: while strong passwords and 2FA keep attackers out, they won’t help you if you get locked out of an account.
What happens to your data if you get banned? What if your desktop computer, laptop or mobile device gets stolen?
There is more to security than strong passwords. This guide looks at these, often neglected, security options.
Encryption is key
Encryption protects data against unauthorized access. Encrypt data on all of your devices to make sure that it is protected. Encryption helps when devices are turned off. While it is still possible to create a dump of the storage device or try to brute force the encryption, this is a futile attempt if the password is strong.
Encryption is enabled automatically on Android and iOS devices when you pick a PIN. It is important to select a strong PIN, not the four-digit number that is convenient to type. Yes, that makes unlocking the device painful, but it is essential when it comes to protecting data on it.
On Windows, data gets encrypted, but only for Microsoft account users. While you may use Bitlocker on Pro, Education and Enterprise devices to protect the entire system, I recommend using a different encryption software. VeraCrypt is open source and can encrypt the system drive and any other storage device.
Recovery Codes
Recovery codes help you get back into accounts or devices if you forget your password or lose access to something else that you need to sign-in. This can be a Titan security key, a hardware key used for 2-step verification, or access to an email account.
The main idea behind recovery keys is to use them in emergency situations. You lose access to the dedicated two-factor authentication method and can’t sign-in to your account anymore. Setting up multiple methods helps against this, but you may also use recovery codes instead.
Recovery keys may be used to regain access to the account. Many online services that support two-factor authentication support recovery keys.
These are highlighted most of the time when you set up two-factor authentication for the account. It is a good idea to keep these codes secure, for instance as notes in your password manager.
Backups are essential
Backups are a burden as long as you don’t require them. They help you recover data that may not be accessible anymore. If a device breaks or gets stolen, when you forget your password or delete something accidentally.
Creating local backups regularly is an essential security precaution. Whether you keep all backups in one place or spread them is up to you. It depends on the device as well.
If data is important, you may want to store backups separate from the actual device.
Computer users may want to use external storage devices to create backups. These come in different shapes and form factors.
I recommend the free Paragon Backup & Recovery software for the task on Windows, but there are lots of other options available.
Android and iOS devices support backups to Google’s or Apple’s cloud infrastructure. You may also connect your device to your PC or Mac, and transfer important data, which often means images and videos, to the device.
Content Blockers
Content blockers prevent certain types of attacks. Extensions such as uBlock Origin don’t just block advertisement, they may also block known malware sites, improve your privacy online and much more.
Advertisement is used regularly for attacks. This can be as simple as placing an ad for a program download to lure users to a site where malware is offered.
Using content blockers protects you while you are browsing the Internet. You may want to disable the blocker for sites that you value though, as they rely on the revenue and may shut down otherwise.
Antivirus and Firewall
On PC, you need to make sure that you have a proper antivirus solution and firewall installed. Most Windows users may find Windows Defender adequate.
Advanced users may install third-party antivirus solutions, such as BitDefender Free, to protect their PCs.
No antivirus solution is perfect. Thousands of new threats emerge daily and while most users will never notice most of them, there is always the chance that one slips through defences.
Common sense is important as well. The best antivirus solution can’t protect you if you allow malware to run on your devices.
Firewalls, when properly configured, control incoming and outgoing traffic. They may block certain threats outright, by refusing connections.
Windows comes with its own firewall, which is fine for most use cases. Most advanced antivirus solutions come with firewalls.
Google launched an updated Titan Security Key last week. The new hardware key supports FIDO2, which means that it is compatible with a wide range of services. While you may use it exclusively for Google accounts, you can store up to 250 entries using it.
Titan Security Key works similarly to other hardware keys, including latest generation YubiKey products. Google promises state of the art encryption and protections. For users, it is an option to protect their accounts with two-factor authentication. You’d use the hardware key instead of an authenticator app or other means to provide the second form of authentication.
I bought a Titan Security Key of the latest generation last week to check it out. This guide includes step-by-step instructions to set up the hardware key to protect your Google account and others. It includes important information also, for instance, how you can protect yourself to avoid locking yourself out.
The box includes the selected hardware key — there are two versions that have different USB ports, USB-A or USB-C, but are functional identical otherwise. It also includes a small getting started booklet, which simply tells you to go to this Google website to get started. There is also a bigger Safety & Warranty booklet that no one reads. The USB-A version includes an USB-C to USB-A adapter, the USB-C version of the hardware key none.
Protecting the Google account with the key is a simple process that requires the following steps:
Open this Google Security page in a modern browser, e.g., Firefox, Microsoft Edge, Google Chrome, Safari, Vivaldi, Opera or Brave.
If you prefer to go there manually, open this Google Account Help page instead and click on “Enroll your security key” under Step 2.
A prompt asks you to keep the key disconnected from the device for now. Select the Next button to continue.
A set up request is displayed as a prompt. Select OK to continue the process.
Another prompt explains that Google will see the make and model of the security now if you continue. Select OK to proceed.
Connect the security key to the device when prompted to do so.
Type a name for the key on the “Security Key registered” page and select Done.
This is the entire process.
Word of Caution
The Security Key becomes the default two-factor authentication option. It is advisable to make sure that there is at least one additional option enabled. This can be an authenticator app, voice or text message, another security key, Google prompts or backup codes.
If you lose the Titan Security Key and don’t have another option enabled in the account, you will be locked out of the account.
Signing-in with the Hardware security key
The first sign-in step is exactly the same as before. You need to supply your Google email address and password to continue.
The 2-step verification prompt lists the email address. Make sure it is the right one. There is a menu to switch to another email address; useful if you set up more than one account.
Select Continue to authenticate using the Titan Security Key. You may also select “Try another way”, which you need to do if you don’t have the hardware key with out. The option “Don’t ask again on this device” should only be used on personal devices.
You are now asked to touch your security key. It contains a small area that reacts to touch. This acts as local confirmation to proceed.
You should now be logged-in to the account.
The same option is also available on mobile devices. Just connect the security key to the mobile device and follow the instructions to sign-in.
Non-Google accounts
Non-Google accounts can be saved to the key. It supports up to 250 keys, e.g. passkeys, that you may add. Numerous services and companies support passkeys already and more will follow in the coming years.
Generally speaking, all you need to do is open the 2-step verification preferences at the service and follow the instructions to protect the account using a hardware key.
Other useful resources
Here is a list of Google resources that you may find useful:
Passkeys Management – this page lists all devices linked to the Google Account. You can edit or remove them, and create new passkeys on the page.
Security Keys Management — similarly, this page lists all security keys associated with the Google account.
There are other keys besides Google’s. I already mentioned Yubico keys as an alternative, but there are many more. To name a few: Onlykey, Feitian, or Thetis. All support FIDO2 and offer similar functionality.
Trust plays a role, but so may other factors, including price or the built-in security. There is no clear answer to that question. If you use a Google account and want to protect it, there is nothing wrong with using a Titan Security Key to do so. Similarly, you may use other hardware keys for the same protections.
What would you do, if you were in control of the world’s most used search engine and web browser, and also the world’s largest advertising company? Would you keep things strictly separate, even if it would mean leaving billions of Dollar on the table?
Google’s control of advertising, to a large degree at least, and the Chrome web browser is a problem. The company has made several attempts in the past to push technologies that favor it through Google Chrome.
The oddly named Privacy Sandbox is just one attempt. Google uses the name to portrait an image of improvement for users of the Chrome browser. While not totally wrong, as it is a better system in some regards than the currently used third-party cookie tracking system, it is not the Holy Grail of privacy efforts Google portraits it as.
See, privacy sandbox is still about tracking. What sets it apart from cookie-based tracking are two things: first, that users are associated with interest groups instead of individual interests. Chrome looks at the browsing history and assigns groups to the user. Browse lots of car, sports or knitting sites? Chrome picks these as your interests and advertisers may use the information to display advertisement that falls into the groups.
Second, because it puts Google at the center of control of the feature. Google controls Chromium by and large, and also Chrome. If the system is baked into the browser, Google is in control. It can make adjustments and other changes, and everyone has to play ball to avoid being shut out entirely from the system.
Manifest V3
Privacy Sandbox is not the only attempt that mixes Google’s core interests, advertising, with the development of Internet browsers.
Manifest V3 is a new ruleset for extensions. Google had to postpone the release multiple times as protests sounded loud and clear throughout the Internet.
Apart from some technical issues, missing APIs and the like, Manifest V3 is clearly aimed at making content blockers and other privacy tools less useful. It would go too far to dive deep into technicalities, only this much.
Content blockers, such as uBlock Origin, reign freely under Manifest V2 rules. When they are active, they tell the browser what to do with certain requests. The browser then acts accordingly, for instance by blocking advertisement or allowing a video to play.
Under Manifest V3, that power moves to the browser. The browser controls the blocking and extensions may only make “declarations”. The extension would tell the browser to block or allow a certain element, and the browser would act accordingly.
Google’s explanation for this is improved privacy. Extensions are no longer able to access “potentially sensitive user data”, which in turn makes extensions safer to use.
The argument is flawed, as extensions still have access to the data. They may still use the old API, but only with read access. This means, that they can still access all the data, which in turn means that nothing is won or lost in regards to privacy.
Google announced this week that it will go forward with Manifest V3. Old extensions, those based on Manifest V2, will be disabled automatically for most Chrome users by mid-2024. Enterprise users may get a 1-year extension through a special policy.
Closing Words
There is a conflict of interest at work. Google depends on the advertising business and will go through great lengths to expand it and keep its dominance in the sector. To be fair, the vast majority of changes that are made to Chromium and Google Chrome have nothing to do with Google’s advertising business.
Still, some of the changes appear to favor the business over the interests of users of the browser.
It remains to be seen if the changes will lead to a mass exodus of Chrome users to other platforms. It is too early to tell, especially since the changes affect a sizeable but still relatively small part of the entire Chrome population.
Tools like Bing Chat, Windows Copilot, ChatGPT, Claude or Google Bard have seen a rise to prominence this year. These advanced chatbots promise to deliver information to users who chat with them. While you can’t ask them anything, as some content is locked down, you can get answers and information about lots of things.
Ask about the Mona Lisa or the Hallgrímskirkja and you get a good overview of these items, usually. You may get instructions on fixing PC issues or your car, and even medical advice is not out of the question.
There is always the chance of hallucination, which more or less refers to it returning content that is not true. Still, many tech companies are pushing AI like crazy. Microsoft, for example, added Bing Chat to Windows and several other company products.
Google Bard and Human Reviewers
Google confirmed on the Bard Help website that human reviewers may look at conversations. Feedback from Bard users plays an important role in improving Bard, but Google says that this is not enough. Human reviewers are “a necessary step of the model improvement process” according to the company.
The reviews, ratings and rewrites of human reviewers helps Google improve the quality of its generative machine-learning models”.
Google explains that conversations that human reviewers access are unlinked from Google accounts. Furthermore, random samples are picked for human review and “only a portion of all Bard conversations are reviewed”.
While that sounds reassuring, it is clear that input from human users of Bard may reveal their identity. Google recommends to users that they don’t reveal anything in conversations with Bard that they don’t want human reviewers to potentially have access to.
To Google’s credit, it highlights the fact that human reviewers may access conversations on the Bard website prominently.
What Human Reviewers do
Reviewers look for “low-quality, inaccurate, or harmful” Bard responses according to Google. Once identified, evaluators suggests higher-quality responses. These are then used to “create a batter dataset for generative machine-learning models”.
In other words, Google is using human reviewers to improve Bard’s responses to user queries.
How to prevent the sharing with reviewers
Google Bard users have just one option to prevent the sharing of their conversations with human reviewers. This requires disabling the Bard Activity. Here is a step-by-step guide on disabling Bard Activity:
Open the Bard Activity website on Google’s My Activity hub.
Activate the toggle to turn off Bard Activity on the page that opens. Note that you may also delete existing conversations while there.
Note that Bard activity won’t be saved to the Google account anymore. In other words, you can’t access conversations from one device on another when the feature is disabled.
The deletion doesn’t affect conversations that has been reviewed by human reviewers already. Google retains that data and related data for up to three years according to the privacy information on the Bard Help website.
Related information may include the language, device type and location info according to Google.
Closing Words
The advice to never include personal information that could be traced back to you is as old as the Internet. While this limits some conversations with AI, it is still sound advice.
Bard users who want to include personal information in their conversations may want to turn off Bard Activity first, as this prevents access for human reviewers.
Starting with apps in the VPN category, Google’s Play Store is soon highlighting apps with independent security reviews.
The company announced the change on the official Google Security blog. Google Android users who visit Google Play to browse for apps may open the data safety section for security and privacy information.
There, they will soon find the new independent security review label. Google plans to roll this out to apps in the VPN category first.
Google explains that VPN apps handle “sensitive and significant amount(s) of user data”. This makes them an excellent category to introduce the functionality.
Independent Security Reviews banner on Google Play
A new Independent Security Review banner is already displayed to Android users who search for VPN apps on Google Play. The banner, displayed beneath a list of advertisement for VPN apps, informs users about the security feature.
The banner lists the associated badge and includes the following description:
VPN apps with this badge in the Data safety section have been independently validated against a global security standard.
A link opens the website of the App Defense Alliance that lists all VPN apps with the badge. Only eight VPN apps are on the list currently. They are:
Aloha Browser + Private VPN
ExpressVPN: VPN Fast & Secure
Google One
NordVPN: private & secure VPN
Private Internet Access VPN
SkyVPN – Fast Secure VPN
Tomato VPN | VPN Proxy
vpnify – Unlimited VPN Proxy
A tap on any app and the selection of Data safety displays the new badge, provided that the app has undergone the security validation by App Defense Alliance’s global security standard. Those without it have not, but that does not mean that they have not passed other security audits.
What this means
Google highlights VPN apps that have passed the security validation on Google Play. The badge is not displayed on the apps’ main page, however, and it is easily overlooked in the data safety section.
Apps that passed validation meet “industry mobile security and privacy minimum best practices” according to Google. The badge does not “imply that a product is free of vulnerabilities” though.
To sum it up: the badge highlights that apps have passed independent security reviews, which is a good thing. Other apps, without the badge, may also have passed security audits. Some of these audits may have been more thorough than the one required to get the badge on Google Play.
Verdict
The new badge is a welcome addition to Google Play as it may help users pick a VPN app. While there are other criteria, such as features and performance, security is without doubt important.
That Google displays ads for VPN apps before the Independent Security Reviews badge is a problem. The listing in Data Safety makes sense, but Google might want to consider adding the badge to an application’s main page as well.
All in all, it is a welcome addition on Google Play. Users may still want to research VPN providers before installing any of them on their Android devices.
Now You: do you use VPN apps on your mobile devices?
Mozilla’s Firefox web browser maintains its own root certificate store by default. The browser uses these as “trust anchors” and the functionality is essential for making sure that only trusted SSL/TLS certificates are used by the browser.
Starting in Firefox 120, Firefox will automatically trust operating sysdtem certificates installed by the user or an administrators.
The beta release notes offer the following explanation:
By default, Firefox now uses TLS trust anchors (e.g., certificates) added to the operating system by the user or an administrator. This works on Windows, macOS, and Android, and it can be turned off in the “Privacy & Security” section of Firefox settings, under “Certificates”.
Administrators may add certificates to the operating system for a number of reasons. Some applications and devices may require them to work properly, and they may also be required in development environments. Antivirus solutions on Windows may try and register with Firefox to monitor data.
Blocking Firefox from trusting OS certificates
Firefox users may disable the functionality in Firefox 120 and newer versions. It is enabled by default. To modify this setting, follow these instructions:
Load about:preferences#privacy in the Firefox address bar to open the Privacy settings.
Scroll down to the Security section.
Locate Certificates there.
Remove the checkmark from “Allow Firefox to automatically trust third-party root certificates you install”.
You can undo the change at any time by checking the box again.
Another certificate preference
Firefox supports an Enterprise root preference already. When the browser runs into a TLS connection error, it will enable this Enterprise Roots preference automatically. This imports “any root certificate authorities” that users or administrators have added to the operating system.
Firefox tries to connect again to the site that threw the error. If successful, Firefox will keep the preference enabled and thus also the imported certificates.
Here is how this automatic behavior gets disabled:
Load about:config in the Firefox address bar.
Click “Accept the Risk and Continue” if the warning page is displayed.
Search for security.certerrors.mitm.auto_enable_enterprise_roots.
Change the value from True to False with a double-click or by using the button.
Search for security.enterprise_roots.enabled.
Change the value from True to False.
Restart the Firefox web browser.
Closing Words
Most Firefox users may want to keep the default as these are designed to minimize connection errors and issues. Users who want to be in full control may disable the functionality, on the other hand.
O&O ShutUp10++ is a free tool for Microsoft’s Windows operating system to improve privacy. Designed initially for Windows 10, the program is now also available for Windows 11.
While its main focus is on blocking the operating system’s data hunger, it is also a helpful tool for managing other Windows settings.
First, the basics. You can download the free tool from the official project website. Just run the program after download, an installation is not required. Note that elevated privileges are required to modify settings on the system.
The main interface looks like this on start.
O&O ShutUp10++ groups settings for better recognition. You may disable that under View > Group by Categories if you prefer a long list. There is also a search to find settings that match search terms quickly.
Using O&O ShutUp10++ to improve Windows Privacy
All tweaks use a color coding to indicate whether a feature is enabled or disabled. Each setting has a toggle to turn a feature on or off. A short description and a recommendation is also displayed.
Note that you may hover over any description and click with the left mouse button to display additional information. Excellent if you need to know more about a setting.
Many options are self-explanatory, but some may require additional research. “Disable People icon in the taskbar” is quite clear, but “disable input personalization” or “disable automatic receipt of updates” may not.
You can modify individual options with a click on the switch next to a setting. The program prompts you to create a system restore point, which you should accept. It allows you to restore the system to the previous state. The settings do not have the capacity to break the system, but it is still better to have a restore option.
The Actions menu at the top lists bulk options for the most part. You may use them to apply all recommended settings among other things. These are safe changes that should not impact usability on the device.
Options to apply “somewhat recommended” or all settings are also available, but this is not recommended. It is better to go through the remaining settings manually to make changes.
The two other options let you reset everything to factory defaults and to create a system restore point manually.
Administrators may also switch between the user and machine tabs. User settings apply only to the logged-in user, machine to all users on the system.
Verdict
O&O ShutUp10++ is a useful tool for Windows users. It is easy to use, free for personal use and includes major privacy settings. The settings don’t have the capacity to break a system, but some of the advanced options may impact certain settings or features on the device. It is easy enough to restore these, should you ever run into any issues in this regard.
All in all, O&O ShutUp10++ is an excellent program that every Windows user should run after installation and major upgrades. O&O Software updates the program frequently to include new options, which is another major plus.
On today’s Internet, data is as precious as gold was in the Ancient world. Browsing data is data that is created automatically when you browse the Internet.
Whenever you visit a website, lots of things happen in the background. Requests are made, cookies and site data may be saved to the local system, and the cache is filled with data. The browser adds a record to its browsing history and maybe to other logs, e.g., when files get downloaded.
Data stored on third-party servers is not considered browsing data, but it may be generated as well.
This browsing data reveals a lot about you. What you like or your interests. It may reveal how old you are, if you are ill or looking for companionship. It may reveal what you plan to buy next or have bought, what you may need or needed.
Browsing data is personal data. This makes it desirable for nearly everyone on today’s Internet.
Who wants it and why: advertising
When asked, most Internet users would probably mention advertising first. Today’s advertising on the Internet relies to a large degree on information. The more information about a user, the better the chance to display targeted adverts and produce sales.
Tracking plays a large role in this. Most Internet users would probably disallow tracking if there was an easy switch integrated in browsers. There is none.
Google would be in an excellent position to create such a switch: it controls Chromium, the world’s most widely used browser source and Chrome,, the world’s most widely used browser. It also operates some of the world’s most visited websites.
Google is, however, an advertising company. Most of its revenue comes from advertising, which means that it benefits from the system that is in place.
But Google is ending third-party cookies in 2024, I hear you say. This is true, but this is not done without introducing another system that works in its place beforehand.
Built-into Google Chrome directly, it analyzes the browsing history locally to assign interests groups to the user. Websites may also suggests interests based on your visits.
Sites and advertisers may use the information for displaying ads based on your interests.
Google calls these “Interests estimated by Chrome” and “sites you visit that define your interests”.
Granted, Google Chrome includes controls to turn all of this off. There is also a popup with information about this in Chrome.
As is often the case in life, the wording matters. Google calls this Privacy Sandbox, which is an euphemistic term. It may be better than tracking via third-party cookies, but it is still tracking in the end. By the way, you can already disable third-party cookies in your browser, no need to wait for Google to do so in 2024.
Quick Tip: disabling Chrome’s Privacy Sandbox
All you have to do is the following:
Load chrome://settings/privacySandbox in the Chrome address bar.
Disable “Trials” on the page that opens.
Note that this page is not final and that Google will likely make changes to it. You may also want to click on every option there to expand it and make sure it is turned off as well.
These are at the time of writing:
Browser-based ad personalization
Ad measurement
Spam & fraud protection.
AI wants it, too
AI has taken a big leap in 2023. New products release on a weekly basis. All of these have in common that they require data, lots of data.
It is used for training for the most part. A current trend is the integration of AI services into browsers and other programs. Even Windows 11 has its own AI integration, called Windows Copilot now.
These work best if they got access to user data. Personal data usually requires giving consent in these cases, for instance when the request comes from a user.
Microsoft is testing a new option in Edge Canary currently that gives Bing Chat Microsoft access to all page content. It is disabled by default, as it sends all browsing data to Microsoft “to make AI-generated answers and suggestions more relevant on Copilot”.
Not all AI products require access to personal data. The basic chat AI tools act on user input. Personalization, on the other hand, gets better with data. If an AI knows your interests, it may be of better service.
Take holiday planning as an example. If you ask AI for 5 sights in Barcelona, it may look like this: Gothic Quarter, Sagrada Familia, Casa Batlló, Casa Amatller and Park Güell.
If the AI knew more about your interests or personal information, it may have suggested different sights. Say, you love football or are travelling with young children or dislike crowds.
Users who like this may opt-in and maybe improve their experience with the AI. Whether that is also giving Microsoft more information and also better options to display targeted ads should be clear from the previous paragraphs.
Closing Words
Browsing data is valuable and it should be protected. Not everything is opt-in in today’s world and that is a problem. An upcoming tutorial will provide guidance on protecting browsing data.
What about you? Do you allow services to use your browsing data?
