A Potential Privacy Model for the Web

&gt; The identity &quot;Me while I&#x27;m visiting nytimes.com&quot; is distinct from the identity &quot;Me while visiting cnn.com&quot;.<p>Trying to solve this through purely technical means is futile. If you block it at the user-agent, sites will share data at the back-end to create a super-profile.<p>Right now it&#x27;s really convenient for advertisers to run an ad auction right in the user&#x27;s web browser because all the context is there -- take that away and you&#x27;ll see user data aggregated on the back-end instead.<p>Absent some type of regulation and enforcement, I really don&#x27;t see how this puts a dent in the &quot;reads a lot of articles on NY times about dogs, sees a lot of ads on cnn.com for dog food&quot; profile aggregation.

A similar idea has occurred to me. I imagine a browser plugin that allows third-party cookies, but associates them per-domain visited. That is, the cookie that google analytics gets would be different when I&#x27;m visiting siteA.com vs siteB.com.<p>I don&#x27;t share the author&#x27;s optimism that dialogue will result in &quot;a new identity end state that works for everyone.&quot; I believe on-line privacy has to be protected through non-negotiable mechanisms, against the interests that stand to profit from taking it away.

Few problems that Web has for privacy:<p>- IPs don&#x27;t usually rotate often enough.<p>- Browsers can share user data however they want.<p>- User cannot by default choose what website is allowed to run or download. There are adblockers and such, but normal user doesn&#x27;t know what needs to be allowed so that site works and it doesn&#x27;t leak your data. And if developers choose to pass analytics data with actual content requests there is no way of preventing that while keeping site functional. - User agents and other metadata (resolution, browser features, cookies, latencies to servers, etc.) are shared without user consent.<p>Browser vendors could make lot of information available only after explicit consent, but that would break a lot of websites. And its hard to say when and what should you consent. This is same problem as for Android and iOS.<p>There are also valid reasons to share data between services and domains: SSO, social media, etc. How to make that easy?

Some of that seems OK, but a lot of it still seems unacceptable to me. Particularly, I disagree with these assertions:<p>&gt; It is reasonable for the browser to relax its identity-sharing controls within that expanded notion, provided that the resulting identity scope is not too large and can be understood by the user.<p>&gt; It may be OK for a site to learn the fact that a user has earned trust on another site<p>But, as always, my attitude about this sort of thing as that everything hinges on informed consent. If I have not given my explicit informed consent, then there is no sharing of data about me that is acceptable.

I seriously can&#x27;t see any dialog working while one of the sides has a strong vested economical interest in keeping the status quo.<p>Even with all JS and cookies disabled, servers can still collect your IP and infer if it is indeed you visiting by analysing your usual visit times -- and likely a lot more other metrics.<p>Unless the browsers use Tor-like visitor source obfuscation, I don&#x27;t see anything changing in favour of privacy.

&gt; Third Parties can be allowed access to a first-party identity<p>The problem with this, is that third parties can also be first parties and have their own data. The obvious examples are Facebook and Google today, when you use any service where they act as a third party, they may mix your identity with their first party id.

On top of all the things people mention here there is a huge vulnerability in Chrome that is undermining the whole thing. They mine data at the browser level and sell it to advertisers. This is in addition to what tons of advertisers do on individual web pages. So irrespective of what we do as long as Google and other browser manufacturers mine user data there is not much progress.<p>I should add that Safari and Firefox (?) seem to be the only exception.

This all seems like part of the tracking arms race.<p>The way to end it is to stop tracking in the first place.

we designed www.abine.com&#x27;s Blur to enable users to implement some of these &quot;compartementalization&quot; techniques in practice. web traffic, fingerprinting, and tracking is one layer, but stateful registration, login, and payment is a whole other layer. tldr: it is a tough problem to deliver a simple experience on.