Privacy analysis of SWAN.community and United ID 2.0
Earlier this summer, we started a series of blog posts analyzing the technical merits of the various privacy-preserving advertising proposals out there. Our goal is to advance the debate and help break down this complex topic. In this new addition to this series, we look at the SWAN.community and United ID 2.0 proposals. We have conducted a detailed analysis and this post provides a summary.
The conclusion of our analysis is that, from a purely technical standpoint, these proposals are a regression in privacy in that they allow tracking of users who are presently protected against tracking.
- SWAN and Unified ID 2.0 each describe a new approach to web tracking. They provide a service which assigns a pseudonymous identifier to each user that can then be used for tracking or ad targeting. While these proposals do not depend on third party cookies, they rely on other technical mechanisms, like redirect tracking (aka bounce tracking) in the case of SWAN or the use of primary identifiers like email addresses in the case of UID2, to bypass browser anti-tracking mechanisms.
- These proposals depend heavily on policy controls: asking the user for consent before tracking them and then restricting the use of tracking data. However, it is not possible for the user to verify that these policies are being followed and it is unclear whether it will be practical to enforce them. Even if these policies were to be stronger and clearly enforceable, the end result would be a large number of entities possessing user browsing history, which is precisely the situation which browsers are currently trying to fix.
Advertising is central to the internet economy. But it is very intrusive. It is powered by ubiquitous surveillance and it is often used in ways that harm individuals and society. As a browser maker and as a nonprofit-backed organization driven by a clear mission, we want to ensure that the interests of users are represented and that privacy is a priority.
With the current debate on privacy-preserving advertising, we have a real opportunity now to challenge the status quo and improve the privacy properties of online advertising—an industry that hasn’t seen privacy improvement in years. Attempts by the advertising industry to improve privacy through voluntary and policy-based initiatives have demonstrably failed. These proposals rely on those same failed mechanisms.
As we continue to explore privacy preserving advertising proposals, our plan in the Firefox browser is to ratchet up the privacy and security protections we offer, with the goal of eliminating cross-site tracking from the browser entirely. That is the work we started with the launch of Enhanced Tracking Protection in 2019 and that work will continue.
Check out our analysis of SWAN and Unified ID 2.0.
For more on this:
Building a more privacy-preserving ads-based ecosystem
Mozilla responds to the UK CMA consultation on google’s commitments on the Chrome Privacy Sandbox