Technology

58012 readers

2962 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

[email protected]

441

How To Turn Off Google’s “Privacy Sandbox” Ad Tracking—and Why You Should (www.eff.org)

submitted 11 months ago by [email protected] to c/[email protected]

78 comments fedilink hide all child comments

Google did it again.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 4 points 11 months ago (1 children)

Hmm, not having read up on the tech, what's stopping someone from making a Firefox plugin that just spoofs fake data back? It's all done client side if I'm understanding, so everything necessary to do so must be available. Only wrinkle I could see is if they have signing and ship the cert with Chrome and regularly rotate it. It's still not impossible in that case, just more annoying.

[–] [email protected] 3 points 11 months ago (1 children)

My understanding is vague but the sandbox environment is cryptographically integrity checked in some fashion that makes the spoofing you’re suggesting difficult or impossible.

[–] [email protected] 7 points 11 months ago* (last edited 11 months ago)

Well, I did a little digging, and while parts of the stuff proposed by Google might be tricky, the actual topics portion of the API looks pretty easy to spoof. It seems like there's really only two things that need to be done. The first is to spoof the feature detection logic to return true for calls to document.featurePolicy.allowsFeature('browsing-topics'). The second would be to return randomly selected topics from all available topics from calls to document.browsingTopics() (care might need to be taken to return a consistent set of random topics to a given page, otherwise clever sites might poll the API many times to detect randomness). That really seems to be all there is to the topics API part of this. As for spoofing the rest of the web DRM parts, that's going to be a lot trickier, but with control of the browser I can't see how it could be made insurmountable.