Google Reveals Plan to End Third-Party Cookies

Google wrote a post updating its plans for its Privacy Sandbox project. Its goal is to make third-party cookies obsolete.

we are confident that with continued iteration and feedback, privacy-preserving and open-standard mechanisms like the Privacy Sandbox can sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete.

Once these approaches have addressed the needs of users, publishers, and advertisers, and we have developed the tools to mitigate workarounds, we plan to phase out support for third-party cookies in Chrome.

I don’t know what the new “open standards” will be, but I’m definitely skeptical given the nature of Google’s advertising business. Will there be a new first-party tracking technique? Update: Here’s why the EFF thinks it’s a terrible idea.

Chrome OS Passes macOS to Become Second Most Popular Desktop OS

New data shows that Chrome OS has overtaken macOS to become the second most popular desktop OS. Chrome OS rose from 6.4% in 2019 to 10.8% in 2020.

Despite the fact that macOS landed in third, viewing this as an example of Google beating out Apple directly might not be accurate. Rather, it’s likely that Chrome OS has been primarily pulling sales and market share away from Windows at the low end of the market. Mac market share actually grew from 6.7 percent in 2019 to 7.5 percent in 2020.

Google Photos for iOS Adds Video Editing, New Photo Editing Features

Google has added new editing features to its Photos app on iOS, including video editing. New editing features will be available exclusively to Google One members.

Starting today, we’re bringing some of the editing features currently available on Pixel to Google One members as a part of their membership. These effects transform your portraits using machine learning: with Portrait Blur, you can blur the background post-snap, and with Portrait Light, you can improve the lighting on faces in portraits. Both features work for photos just taken or images from the past — even if the original image wasn’t taken in portrait mode.

Android Could Mimic iOS 14 App Tracking Transparency

A report from Mark Gurman suggests that Google could add the App Tracking Transparency privacy feature to Android. But it wouldn’t be as private since Google is ultimately an advertising company.

A Google solution is likely to be less strict and won’t require a prompt to opt in to data tracking like Apple’s, the people said […] To keep advertisers happy while improving privacy, the discussions around Google’s Android solution indicate that it could be similar to its planned Chrome web browser changes.

In other words, why even bother?

How Apple Improved iMessage Security in iOS 14

Project Zero, Google’s security team, reverse-engineered iMessage to see how Apple improved it in its latest OS 14 releases. Specially, how it has gained new protections against zero-day attacks using BlastDoor, resliding of the shared cache, and exponential throttling.

One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed “BlastDoor” service which is now responsible for almost all parsing of untrusted data in iMessages (for example, NSKeyedArchiver payloads). Furthermore, this service is written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base.

Google Still Doesn’t Have iOS 14 Privacy Labels

I’ve been hesitant to keep sharing these stories. At the time this news first appeared I was skeptical, saying that we just got over the holidays so give Google a break. But as the days turn into weeks, this is when it does start to look damning and now it’s time to give Google some heat.

On January 5, Google told TechCrunch that the data would be added to its iOS apps “this week or the next week,” but both this week and the next week have come and gone with no update. It has now been well over a month since Google last updated its apps.

Bug Lets Audio, Video be Transmitted Without Consent in Apps Like Signal

Google’s Project Zero security team found a bug that lets audio and video be transmitted without user interaction in five messaging apps. These are Signal, JioChat, Mocha, Google Duo, and Facebook Messenger. All bugs have been fixed.

I investigated the signalling state machines of seven video conferencing applications and found five vulnerabilities that could allow a caller device to force a callee device to transmit audio or video data. All these vulnerabilities have since been fixed. It is not clear why this is such a common problem, but a lack of awareness of these types of bugs as well as unnecessary complexity in signalling state machines is likely a factor.

Even Facebook Submitted Privacy Labels. How Bad Could Google’s Be?

The last update for Google’s iOS apps was on December 7, one day before App Store privacy labels went into effect. Is Google delaying the inevitable?

As for why Google might be trying to delay revealing its privacy label information, it’s possible the company saw all the bad press Facebook got when the social media giant was forced to reveal all the ways its apps track users, and the press and social media reactions spooked the company. Facebook Messenger’s privacy labels are horrifyingly long, for example.

For this one I’m going with a modified version of Hanlon’s Razor: “Never attribute to malice that which is adequately explained by the holidays.” I haven’t gotten updates for a bunch of other apps, either.

Google Faces Major Antitrust Lawsuit From Texas

Google is facing a major antitrust lawsuit from Texas and other states, Politico reported. If successful, the search giant could be hit with trillions of dollars worth of fines.

The lawsuit, which also includes eight other states, accuses Google of rigging online ad auctions to increase its own profits at the expense of website publishers, who have struggled to make the same kind of money from web ads as from television, print and radio. The states have asked the court to force the company to sell off pieces of its business to take away its power to control such auctions. But there are other allegations that could cut Google even more deeply. Texas also alleges that Google violated state laws that forbid unfair or deceptive business practices — laws that mandate steep fines for each violation. The attorneys general plan to argue that every online bid allegedly manipulated by Google violates state laws, which would lead to a massive pileup of fines.

EU Lays Out New Search Ranking Guidelines For Google And Other Tech Firms

Google, Microsoft, and other tech firms will have to provide more transparency about how they rank online search results. Reuters reported on new EU guidelines forcing the change that were released on Monday.

The guidelines, which take immediate effect, will be followed up next week by the publication of draft rules that could eventually impose further restrictions on the tech sector… The Commission said the guidelines require online platforms to identify the algorithmic parameters that determine ranking and to share them with companies. “These guidelines set the standard for algorithmic ranking transparency and will increase fairness in the online platform economy, which drives innovation and welfare for millions of Europeans,” European Competition Commissioner Margrethe Vestager said in a statement.