Google blocked a privacy push at the main organisation that decides how the World Wide Web works, according to a recent vote that isolated the Internet giant from others involved in the process.
The Alphabet unit was the only member of the World Wide Web Consortium to vote against the measure to expand the power of the organisation’s Internet privacy group, according to a tally of the results. Twenty-four organisations voted for the idea in a recent poll.
The W3C, as the group is known, makes decisions by consensus, so Google’s objection was an effective veto. The two sides are still negotiating an alternative, but if they can’t make a decision the issue will pass to W3C director Tim Berners-Lee, one of the founders of the Web. Wendy Seltzer, a W3C lawyer, declined to comment on the vote but said the organisation welcomes all member contributions to the privacy discussion.
The incident shows how Google is pushing its own version of what digital privacy should look like. The company makes billions of dollars a year by hoovering up online consumer data and using that for targeted advertising. Changes to the foundation of the Web that potentially limit such information gathering could be a major threat to this lucrative business.
Google says privacy is important and the company works hard to protect the user data it collects. But it also argues that targeted ads powered by all this information are necessary to keep the Web free and accessible. Other technology companies, such as Apple and rival search engine DuckDuckGo, have developed services that don’t need as much user data.
Such differing priorities came to a head within the W3C in recent months. Standards bodies like these ensure the Web keeps functioning by developing common guidelines for developers. Their recommendations aren’t legally binding, but a developer that ignores the standards could find their website can’t be loaded by popular browsers such as Google’s Chrome, Mozilla’s Firefox and Apple’s Safari.
Standards are proposed and refined in working groups within the W3C, which then send them out to the broader community for debate and eventual approval. For most of the northern hemisphere spring and summer, the W3C’s Privacy Interest Group discussed ways to make privacy a bigger priority for the organisation, according to meeting minutes posted online. Some members were concerned that other working groups, such as the one focused on the Internet of things, weren’t taking privacy seriously enough and ignoring their recommendations.
In late June, the Privacy Interest Group, known as Ping, sent out the poll to W3C members asking them to approve a new charter. One paragraph said Ping could ask the W3C to give it the power to block any projects that the group felt undermined user privacy. A draft proposal to that effect was in the works at the time, too.
The vote closed on 4 August and revealed that Google objected to the change. “We are primarily concerned that the Ping is attempting to insert itself as a required step for all specifications,” Google wrote. “Simply establishing themselves as an authoritarian review group without formally establishing self-serve guiding principles will cause significant unnecessary chaos in the development of the Web platform.”
A Google spokesman referred to a blog published late on Monday by Chris Wilson, a developer advocate at the company.
“Google believes a core need for the Ping charter is to establish a formal model of privacy concerns, which should be a living, growing framework expressing best practices and understanding of privacy concerns,” Wilson wrote. This should help identify problems “before getting to the review stage”, he added. Wilson also stressed that Google does not have concerns with the group reviewing Web platform specifications.
The debate hasn’t been confined to the W3C. The Safari and Firefox browsers now block third-party tracking cookies — little bits of code that let advertisers follow users around the Web with targeted ads. But Google decided not to do this, opting instead to give Chrome browser users more control over which cookies can track them. Google executives have spoken at length about privacy and developing better controls through its Web browser. Last May, CEO Sunder Pichai wrote a New York Times opinion piece outlining the company’s position on privacy and committing to giving users control over the data Google collects on them.
In August, the Internet giant proposed new ideas for improving Web privacy without getting rid of targeted ads completely, such as lumping big groups of people with common interests together, or limiting the amount of user data a particular site can request from browsers. Google said it wanted its ideas to be debated at the Internet standards bodies, a sign the company wanted them adopted by the entire industry.
The proposals were panned in some quarters. Bennett Cyphers, a staff technologist at the nonprofit Electronic Frontier Foundation, called Google’s plan “a mess” and said some of the ideas were actually bad for privacy. By saying it was working for privacy but refusing to block cookies, Google was being disingenuous, argued Princeton University privacy researchers Jonathan Mayer and Arvind Narayanan.
“We’re calling this move privacy gas-lighting, because it’s an attempt to persuade users and policymakers that an obvious privacy protection — already adopted by Google’s competitors — isn’t actually a privacy protection,” Mayer and Narayanan wrote in a blog post. — Reported by Gerrit De Vynck, (c) 2019 Bloomberg LP