jwrosewell
commented
1 year ago Relates to #320 which needs to be re-opened for the reasons explained in this issue and elsewhere.
Open Tim-Cowen opened 1 year ago
jwrosewell
commented
1 year ago Relates to #320 which needs to be re-opened for the reasons explained in this issue and elsewhere.
Movement for an Open Web (“MOW”) is an action group founded to advocate for a competitive, open internet. Many members were involved in the Competition and Markets Authority (CMA) Online Platforms and Digital Advertising inquiry in 2020. MOW is the chief complainant in Google’s Privacy Sandbox case, and we initially applied to the CMA for interim measures to prevent Google’s proposed changes to the browser. Whistle-blower protections are recognised in law the world over and play a vital role in helping the authorities gather necessary evidence from key witnesses, whose identity must be protected to reduce the likelihood of retaliation. We note that the CMA’s Privacy Sandbox case team have agreed to protect the identity of our members.
We are submitting the following issue in the W3C forum at the request of the CMA and Google’s recommended procedure for filing issues with their Privacy Sandbox, according to section 12 of Google’s Commitments.
The design of Google’s User Agent Client Hints increases latency for users when visiting all publisher properties, but disproportionately impacts their use experience when visiting new sites as opposed to sites they visit frequently (such as Search). We note that the Commitments mention user-agent reduction and states that “information on the earliest anticipated date for availability” and development must be made available quarterly. The information contained in User Agent String is useful for other business purposes, such as fraud prevention, user experience optimisation, analysis, and website page optimisation. In I. Grigorik and Y. Weiss’s explainer of user UACH these benefits are scarcely mentioned. Indeed, the current system is described (we would argue unjustifiably) as ‘expensive’ and impractical to maintain. UACH is presented as a security and privacy positive solution with no practical downsides. In reality UACH has no reasonable basis for users or the vast majority of industry stakeholders.
The CMA’s Decision to accept Google’s binding Commitments ensures Google’s own Ad Systems or business solutions will not retain access to input data that it restricts from rivals. Google’s Marketers Playbook highlights how its own Ad Systems continue to rely on “device type, browser, country” and other "observable signals” to inform its modelling when no addressable identifiers are present. [1]
Google’s current Proposal affects the sequence with which data is transmitted and received, with the order in which data is sent in the HTTP protocol. That change will increase delays for everyone but Google. Google will not be subject to such delays because they will in practice always receive the necessary information and be able to rely on user identity from authentication for cross-site data transfers (e.g., “Sign in with Google”, and their O&O properties) as well as the same addressable account identifiers for exchanges of information across their digital services and solutions (e.g., YouTube, Search, Chrome and Android).
Should Google not account for the reduced latency in its design, the latency for Google’s own Ad Systems will be lower than for rivals, who do not interact with the same people’s web-enabled applications as frequently or as often. Without modification, this loss of first request User Agent String information will distort competition.
The CMA mentioned the matter of user agent string in their second quarterly report, stating ‘some stakeholders have raised concerns that User Agent Client Hints (UACH) might be overly prescriptive compared with the flexibility the User Agent string offered’ and that a stakeholder flagged that it ‘may be costly for companies to migrate to UACH’.
We welcome responses from @yoavweiss, @miketaylr, @mikewest, @domenic, @recvfrom, @wintermelons, @cwilso, and @jyasskin on this matter. Likewise, any response from another representative from another Google in this forum would be appreciated. Of course, we would welcome Google substantively addressing this issue in their next quarterly update report.
[1] Google, Marketer’s Playbook (June 2022), pages 16-17.