Google Launches Open-Source Browser Extension for Ad Transparency | Threatpost

Google is launching an experimental, open-source browser extension aimed at increasing transparency around online advertising by displaying information about the ads that are shown to users.

The browser extension is an integral part of a new Google initiative announced Thursday to develop a set of open standards, dubbed Privacy Sandbox. The standards aim to help internet browsers strike a delicate balance between protecting web users’ privacy – while also ensuring that advertisers who collect browser-based data aren’t being completely shut out.

“To aid with this dialog and help explore the feasibility of this proposal, Google will launch an early, experimental, open-source browser extension that will display information for ads shown to a user and will work across different browsers,” said Google in its proposal.

“We plan to start with the ads that Google shows on our own properties and on the properties of our publishing partners. We will also be providing open protocols to enable other advertising companies to use the browser extension in order to disclose similar types of information to their users, if they choose,” it stated.

While there has been consumer pushback when it comes to browser data privacy, Google explains that the content consumed by users of Chrome and other browsers is free only because it’s supported by data-driven advertisers. With this in mind, Google’s Privacy Sandbox initiative bridge the gap between consumers exploring online content for free while keeping private data secure. The move would also allow advertisers to gather a non-invasive amount of data on consumers without turning to shady practices such as browser fingerprinting.

A large part of the initiative revolves around users having more control over what they’re able to see and control in terms of data being collected. That’s where the experimental extension comes in.

The extension, which will work across different browsers, aims to detail more information and give users better insights around why ads are being launched, who is responsible for ads and what caused an ad to appear.

“We want to find a solution that both really protects user privacy and also helps content remain freely accessible on the web,” Justin Schuh, director with Chrome Engineering, said Thursday in a post. “At I/O we announced a plan to improve the classification of cookies, give clarity and visibility to cookie settings, as well as plans to more aggressively block fingerprinting… Collectively we believe all these changes will improve transparency, choice, and control.”

Privacy Sandbox will also look to at other privacy data issues on the internet.  The initiative for instance will address what browsers could do to allow publishers to show relevant ads to consumers – while protecting consumers’ private browsing data as much as possible. Google said one idea being explored, for instance, is delivering ads to a large group of similar types of web browsers – without letting advertisers identify individual’s data.

“New technologies… show that it’s possible for your browser to avoid revealing that you are a member of a group that likes Beyoncé and sweater vests until it can be sure that group contains thousands of other people,” said Schuh.

Other aspects that will be explored by Privacy Sandbox include how to address the measurement needs of the advertiser without letting the advertiser track a specific user across sites; as well as how to fight fraudulent behavior online such as false transactions or fake ad activity designed to rip off advertisers.

Over the past few years, web browsers have looked at various ways to help consumers better protect their data – including limiting or even fully blocking cookies. A year ago, for instance, Mozilla announced plans to disable cross-site tracking by default in its Firefox browser.

However, Google argues that attempts like large-scale blocking of cookies – without another way to deliver relevant ads – may  significantly reduce publishers’ primary means of funding, “which jeopardizes the future of the vibrant web.” For instance, it said, recent studies show that when advertising is made less relevant by removing cookies, funding for publishers falls by 52 percent on average.

Cookie blocking could also encouraging developers to turn to shady techniques such as browser fingerprinting. Browser fingerprinting, or canvas fingerprinting is when websites harvest the browser data to produce a single, unique identifier to track users across multiple websites without any actual identifier persistence on the user’s machine.

“With fingerprinting, developers have found ways to use tiny bits of information that vary between users, such as what device they have or what fonts they have installed to generate a unique identifier which can then be used to match a user across websites,” said Schuh. “Unlike cookies, users cannot clear their fingerprint, and therefore cannot control how their information is collected. We think this subverts user choice and is wrong.”

In May, Google announced that future versions of Chrome will modify how cookies work so that developers need to explicitly specify which cookies are allowed to work across websites — and which could be used to track users. “Collectively we believe all these changes will improve transparency, choice, and control,” said Schuh.

Google in September 2018  sought to clarify its data privacy initiatives after several critics panned issues in  Chrome 69 – including cryptographer and professor at Johns Hopkins University Matthew Green, who blasted Google for what he said were questionable privacy policies. He noted that Google automatically signs users into the Chrome browser when they sign into any other Google service.

On the heels of that, browsers have sought to make strides in better protecting users’ privacy; in June, Firefox and Chrome received updates to add security and privacy tools that help with password management and help block sites that track users. For instance, Google Chrome 75 implemented a way to addresses weak passwords by porting its Chrome’s built-in password manager to the Android OS version of its browser.

Browser tracking methods have also come under scrutiny over the past year:  The Electronic Frontier Foundation in a report issued in June decried websites participating in sneaky tracking methods like browser fingerprinting, which the organization claimed were trying to skirt privacy regulations like GDPR.

Moving forward, Google hopes to follow the web standards process by seeking industry feedback on its initial ideas for the Privacy Sandbox.

“While Chrome can take action quickly in some areas (for instance, restrictions on fingerprinting) developing web standards is a complex process, and we know from experience that ecosystem changes of this scope take time,” said Google. “They require significant thought, debate, and input from many stakeholders, and generally take multiple years.”

Interested in more on the internet of things (IoT)? Don’t miss our free Threatpost webinar, “IoT: Implementing Security in a 5G World.” Please join Threatpost senior editor Tara Seals and a panel of experts as they offer enterprises and other organizations insight about how to approach security for the next wave of IoT deployments, which will be enabled by the rollout of 5G networks worldwide. Click here to register.