Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Ben Adida Profile picture
@benadida
Aug 22, 2019 12 tweets 2 min read Read on X
1/ Hello Google Friends: a few bits of feedback on this post.
blog.google/products/chrom…
2/ Put bluntly, there's a giant elephant in the room you're not acknowledging. Every other browser vendor is working on hard cookie blocking. You've got a conflict of interest about doing that very thing, and you don't even mention it.
3/ this concern for small publishers, when you don't acknowledge Google's own interests, sounds really hollow.
4/ and this idea that we have to take things slow and standardize because otherwise we wont be able to have targeted advertising that everyone loves so much.... What? Come on.
5/ when you want to be bold and move the Web, you're bold. You forced SSL on everyone, damn the consequences to small publishers who couldn't easily upgrade. I applauded you then. It was the right thing for users, damn the other consequences.
6/ you are taking steps to dramatically constrain chrome extensions, even if it breaks a number of use cases, again to protect users. I applaud you for this. It is the right thing for users, damn the other consequences.
7/ but here, when it comes to tracking and privacy, you want to take it slow, lest it disrupt the fragile ecosystem.... which just happens to be your bread and butter.
8/ and it leads you to really questionable claims. Ad networks will move to fingerprinting so we shouldn't block cookies? Come on. Of course they will, and of course we'll have to fight them on that turf too. Would you not patch an XSS because then attackers would turn to 0days?
9/ I get it, many of Google's billions depend on targeted advertising that depends on tracking. I realize this makes things tough. But please don't pretend that's not the issue. It's condescending.
10/ you already know change comes from bold action. Block the cookies. Fight the fingerprinting. If you want to create a new world of respectful advertising, there's nothing like creating a strong incentive to force that outcome.
11/ we're not going to gently transition to privacy-protecting advertising. We're going to be in an everlasting fight between privacy and targeted advertising. If you want to find a magical win-win, you're gonna have to kill, or at least greatly hamper, the golden goose first.
12/ or, you can say that that's not something your business model lets you do. I get it. But truly, honestly, from someone who admires Google for a lot of what you do, this blog post sounds hollow and weak.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Ben Adida

Ben Adida Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @benadida

Ben Adida Profile picture
Oct 15, 2022
The last few years, and indeed the last few days, have seen cases of private emails publicly disclosed, where DKIM signatures for anti-spam are abused to allow for public verification that these private emails are authentic.
Fun fact: some colleagues and I wrote up a technique, 17 years ago, to practically achieve the same goals as DKIM while preventing this kind of privacy abuse.

people.csail.mit.edu/rivest/AdidaCh…
We even talked to the DKIM standardization committee at the time about the importance of repudiability, right as they were locking in the standard, but they did not find the use case compelling.
Read 6 tweets
Ben Adida Profile picture
Oct 15, 2022
Thanks Braden for engaging in this debate with thoughtfulness! I disagree with many points, but it's good to discuss these things respectfully and seek mutual understanding.
Of the points you made, I'm most sympathetic to the issue of modifying CVR records in secret fanning the flames of conspiracy theories.

To me, it doesn't rise to the level of making public disclosure the right option, but I agree it's a concern.
One major question on my mind is what state election directors thought when you contacted them. Because that would be the obvious point of coordination, and it seems relatively straight-forward to do private disclosure to a dozen entities.

Read 10 tweets
Ben Adida Profile picture
Oct 14, 2022
I'm really happy to see leading academic research groups analyzing voting systems, disclosing issues, and engaging with election administrators. Kudos to the whole team.

At the same time, I think this public report, 4 weeks before the election, is misguided. A few thoughts🧵
When disclosing a vuln, one has to weigh the benefits vs. the harms.

In my opinion, this vuln is not likely to be widely exploitable. Patching this vuln could have been achieved through private disclosure. And the harm done by public disclosure *now* could be meaningful.
Key thing: this is a relatively involved attack in that it requires observing the order in which voters cast a ballot, and then having access to matching CVR files for that county -- which is not at all a given.
Read 9 tweets
Ben Adida Profile picture
Oct 12, 2022
So, a few thoughts on this announcement from @signalapp. High-level: I understand this decision, but I still think a better approach would be almost the opposite: doubling down on interop.
2/ the points raised by the Signal team are very legitimate. I've occasionally been confused about whether someone I'm talking with is over e2e or SMS. I think it would be a mistake to dismiss their concern.
3/ I'm also very sympathetic to the issue of careful allocation of limited engineering resources. You gotta pick your battles. These features don't come for free, nor are they maintained for free.
Read 12 tweets
Ben Adida Profile picture
Sep 4, 2022
1/ Spent a lovely two weeks in Portugal with family, half in Lisbon. Some thoughts, though I'm sure I won't be fully doing Lisbon or Portugal justice.
2/ almost everyone speaks English, most people quite well. I picked up zero Portuguese because it's just too easy to speak English. Not complaining! Just interesting.
3/ Lisbon is a really fun city. A lot of restaurants, overall food quality very high. I enjoyed non-Portuguese food more than Portuguese specialties. Had some excellent Italian, Israeli, Argentinian.
Read 13 tweets
Ben Adida Profile picture
Jun 13, 2022
1/ I just voted in the French legislative runoff elections… online.

A couple of weeks ago, for the first round, I detailed out the whole process:


In this thread, I want to show much more concretely why I worry about verifiability. 🧵
2/ Here I go picking a candidate, and confirming
3/ What’s happening under the hood: my choices are being recorded and encrypted.
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(