> We conducted a user study with 30 Web users, recruited over social media, and presented them each with 20 pairs of websites. Website pairs were randomly selected from both the Related Website Sets list (i.e., sites Google designates as “related”, and so warranting reduced privacy protections), and the Tranco list of popular websites. Each user was presented with different pairs of websites, asked to view the sites, and then decide if they thought the two sites were operated by the same organization. This resulted in 430 determinations of whether unique pairs of websites were related.
> In our study, the large majority of users (~73%) made at least one incorrect determination of whether two sites were related to each other, and almost half (~42%) of the determinations made during the study (i.e., all determinations from all users) were incorrect. Most concerning, of the cases where both sites were related (according to the RWS feature), users guessed that the sites were unrelated ~37% of the time, meaning that users would have thought Chrome was protecting them when it was not.
> ... We conclude from this that the premise underlying RWS is fundamentally incorrect; Web users are (understandably, predictably) not able to accurately determine whether two sites are owned by the same organization. And as a result, RWS is reintroducing exactly the kinds of privacy harms that third-party cookies cause.
> Lest anyone judge the study participants for being uninformed, or not taking the study seriously, consider for yourself: which of the following pairs of sites are related?
1. hindustantimes.com and healthshots.com
2. vwo.com and wingify.com
3. economictimes.com and cricbuzz.com
4. indiatoday.in and timesofindia.com
> (For the above quiz, if you chose “4”, then, unfortunately that is incorrect. That is in fact the only pair of the four that isn’t considered “related” to each other.)
If anything it sounds like "related" is not what they are actually doing. Rather they are looking at ways to uniquely fingerprint users through optimizing how they split "related" sites.
Reminds me of the research that shows that 87% of people in the US can be uniquely identified with only three pieces of information: date of birth, gender, and zip code [1].
Only 50% of the time, but that’s 50% better of a guess than you’d make without knowing gender.
ZIP codes contain maybe 40K residents [0] (many contain fewer) and there have been around 25K days in the last 70 years. Sure births are not evenly distributed, but still...
I think you're making the assumption that all three data points are needed for all 87%. But obviously some people can be uniquely identified based on just {zip, date or birth}, such that gender isn't necessary.
So the distribution could e.g. be 8% same, 8% opposite, 5% both, 79% neither, and explain the original numbers without triggering the paradox.
Really? That's odd.
The typical zip code has a population of about ~9000. Dates of birth are about evenly distributed, so you'd still get about 24 people/birthday, or around 12 men or women per birthday per zip code.. I might be off by a fair amount in either direction, but I don't think I'd be twelve times off.
Also, the difficulty of identifying someone probably looks like a power-law curve, meaning that most of the "total difficulty" is concentrated in a small group, the ~13% that can't be identified.
In other words, even if one person is extraordinarily tricky to find [0], their share of the total un-findable-ness does not diffuse outwards to help anybody else.
Oh, ok, I didn't realize that the data included the year. Never mind, I don't know the US age distribution well enough to have any idea of how plausible it is; I withdraw my comment.
> In our study, the large majority of users (~73%) made at least one incorrect determination of whether two sites were related to each other, and almost half (~42%) of the determinations made during the study (i.e., all determinations from all users) were incorrect. Most concerning, of the cases where both sites were related (according to the RWS feature), users guessed that the sites were unrelated ~37% of the time, meaning that users would have thought Chrome was protecting them when it was not.
> ... We conclude from this that the premise underlying RWS is fundamentally incorrect; Web users are (understandably, predictably) not able to accurately determine whether two sites are owned by the same organization. And as a result, RWS is reintroducing exactly the kinds of privacy harms that third-party cookies cause.
> Lest anyone judge the study participants for being uninformed, or not taking the study seriously, consider for yourself: which of the following pairs of sites are related?
1. hindustantimes.com and healthshots.com
2. vwo.com and wingify.com
3. economictimes.com and cricbuzz.com
4. indiatoday.in and timesofindia.com
> (For the above quiz, if you chose “4”, then, unfortunately that is incorrect. That is in fact the only pair of the four that isn’t considered “related” to each other.)