Google Chrome pushes ahead with targeted ads based on your browser history

Google has been gradually rolling out Chrome's "Enhanced Ad Privacy." That's the technology that, unless switched off, allows websites to target the user with adverts tuned to their online activities and interests based on their browser histories.

A popup announcing this functionality has been appearing for some folks since the July release of Chrome 115, which included support for Google's Topics API, which is part of the tech titan's Privacy Sandbox project.

It would appear more and more people are now seeing this popup as those not keen on Chrome mining their browsing histories to support Google's advertising profits have been speaking up. We understand a small percentage of Chrome's users are being pulled into the Topics API regime at a time, so you may not have noticed or been offered or alerted to anything. And how the Chocolate Factory asks you to agree to or accept the ad targeting depends on where you live, or rather, the laws of where you live.

Google next year aims to drop support for third-party cookies, which store browser data that ad companies use for tracking and analytics – to the frequent detriment of user privacy. The US mega-corp has developed a variety of replacement technologies, such as the Topics API that will allow ad targeting to continue without cookie-based tracking and – it's claimed – no privacy consequences.

Topics essentially works like this: rather than using cookies to track people around the web and figure out their interests from the sites they visit and the apps they use, websites can ask Chrome directly, via its Topics JavaScript API, what sort of things the user is interested in, and then display ads based on that. Chrome picks these topics of interest from studying the user's browser history.

So if you visit lots of financial websites, one of your Chrome-selected topics may be "investing." If a site you visit queries the Topics API, it may learn of this interest from Chrome and decide to serve you an advert about bonds or retirement funds. It also means websites can fetch your online interests straight from your browser.

Some people presented with the notification of the new regime complain it's a dark pattern – a term Googlers consider unfairly provocative – as Chrome users may think they're accepting or enabling "enhanced" privacy from ads when in actual fact the Topics API is already enabled, and will remain enabled, and has to be disabled in the browser's settings. That is to say: the popup is a notice that you've been opted in with a little link to your settings to disable the tech if you so wish.

Will Dormann, a security researcher with the Carnegie Mellon Software Engineering Institute's CERT Coordination Center, noted last week that Google's popup provides a default "Got It" button that dismisses the popup pane and does "the exact opposite of what the title text describes" – it leaves Chrome's ad targeting based on browsing history active.

It's worth noting that this popup does explicitly say, "you can make changes in Chrome settings," and that you can switch off the Topics API support using those linked controls. It otherwise doesn't change the status quo. Where third-party cookies were previously used to deliver targeted ads, Chrome users also had to take steps to disable them.

Nonetheless, there's more push back now against the norms preferred by Google and other ad industry firms.

Matthew Green, a cryptography professor at Johns Hopkins University in the US, just encountered the popup and expressed his dismay.

I definitely don’t want my browser sharing any function of my browsing history with every random website I visit

"I don’t want my browser keeping track of my browsing history to help serve me ads, and I definitely don’t want my browser sharing any function of my browsing history with every random website I visit," he said via Twitter.

And VC Paul Graham has derided ad targeting tech as spyware.

Google has offered repeated reassurances that its Topics API does not allow companies to identify those whose interests inform its ad API. But some developers claim Topics may be useful for browser fingerprinting and both Apple and Mozilla have said they won't adopt Topics due to privacy concerns.

Google's popup appears to have regional variations that make the call to action and the button labels clearer and more consistent. One version that's been reported is titled "Turn on an ad privacy feature" and there's a button that says, "Turn it on."

• Privacy Sandbox, Google's answer to third-party cookies, promised within months
• Google ready to kick the cookie habit by Q3 2024, for real this time
• Google asks websites to kindly not break its shiny new targeted-advertising API
• Maker of Chrome extension with 300,000+ users tells of constant pressure to sell out

Unlike the highlighted "Got It" button cited by Dormann and its unadorned "Settings" companion that defers any decision until the linked menu is loaded, "Turn it on" in this variant menu is the same color as the "No thanks" alternative and performs the action suggested by the popup title.

This variation reflects different legal regimes. Unlike America, where opt-out is acceptable and opt-in requirements are broadly opposed by marketers, EU data privacy rules are more demanding in the way data choices are presented.

So if you see a pop-up with "Got It," you've probably been opted-in, based on where you are, and you need to turn off the Topics API support in your Chrome settings if you don't like it; and if you have the option to "Turn it on," you're being asked to opt in or out as you're in a region that requires it.

Depending on what Chrome version you're using, and whether you've been selected to start using Topics API, you can switch this functionality off and on by visiting chrome://settings/adPrivacy and/or chrome://settings/privacySandbox – cut'n'paste these URLs into your address bar to jump straight to the controls.

"Users in the UK, EEA, and Switzerland who have not already opted out of the Chrome trials will be presented with an invitation to participate in Topics, and manage their participation in Measurement and Protected Audience (formerly FLEDGE)," Google explained to The Register.

"All users will have robust controls, and can make individual choices, per API, at any point. Chrome will continue to evolve the user controls carefully and in consultation with regulators, and will have more to share once they've evaluated this initial rollout to a small percentage of users. All users will have robust controls, and can opt out of eligibility for the trials at any point." ®