michaelkleber
commented
1 year ago Hello Scotty, just to be sure we share a common understanding of the Topics API:
If you created the webpage that you're describing, then it would always say "You have chosen to not share your interests with me". That's because only callers that observed the user visit a site about the topic in question within the past three weeks can receive the topic. The API does not grant you access to any "private information that was previously inaccessible to me" — it's only a kind of very reduced post-processing of information you've already had the ability to observe for as long as the web (with 3rd-party cookies) has existed.
That said, I believe we are indeed doing all of the things you're asking for: We're telling people about the new API and giving them a way to turn it on or off whenever they want, and there is a way to see and curate all of your Topics.
To be honest, I'm not sure that anything about how computers work would would meet your proposed "nobody would be surprised to learn X" standard. But this work is definitely trying to make the web more like that than it is today.
theScottyJam
I know many people are concerned about the privacy implications of this proposal. I'd like to put in my own voice as well (and I'm sorry if much of this has already been hashed out).
In general, on the web, we really need to make sure we're limiting the privacy surprise factor - that moment when you see a webpage do something, and you're left thinking to yourself "Wait, I didn't know my browser (sometimes) shares where I'm coming from when I click a link", or, "Wait, how did this webpage know what I googled to get here?" - these sorts of unexpected realizations are what get people upset about privacy.
Imagine, after this API is released, I made a small webpage that displayed in a large banner "You are interested in ___". How many people would get surprised by this webpage? How many people would get upset and fired up about privacy because of it? This proposal talks about how it will make things more private, but the solution its proposal has actually granted by webpage access to private information that was previously inaccessible to me (I'm not some large advertisement company that's capable of tracking people across the web with third-party cookies).
With that background in mind, I do want to make it clear, I'm not opposed to this proposal. In fact, I'm perfectly ok with targeted advertising and with my areas of interest being shared with webpages if I know it's happening, and I have consented to it in some way or other. I am not ok with personal information being shared without my knowledge or consent. I think many people would agree with this general sentiment.
So, basically, what I'm asking for is for browsers to please make sure to be transparent about all of this, and to do their due diligence to inform their users that they (the browsers) will be guessing at their interests based on browsing history and then sharing this information to any webpage who wants it. If this bothers the end-user, this should be presented with the option of opting out. Additionally, the end users should have the option to know what the browsers are telling webpages about them, and they should have the power to curate this information.
After this proposal comes out, if I were to create a webpage displaying either "you are interested in ___" or "You have chosen to not share your interests with me", then if I asked in some form below how many people were surprised that I (the webpage) knew this information, I sincerely hope that every single person responds with a "yeah, I already knew this was happening, this is a boring page".