Talking Drupal #373 - Performance, Privacy, and the Open Web

• What is the Open Web and what does it have to do with performance and privacy
• What do we mean by web performance
• What are the core vitals
• What are the non core vitals
• What is the benefit of performance
• Performance is usually granular for a developer, what is different when looking at industry trends from a browser side
• What does d.o do
• DA and Google at DrupalCon
• What is privacy
• What is the privacy sandbox in chrome

Nic L  
This is talking Drupal, a weekly chat about web design and development from a group of people with one thing in common. We love Drupal. This is Episode 373, performance, privacy and the open web. welcome to Talking Drupal. Today we are talking about performance privacy and the open web with Andrey Lipattsev and Tim Lehnen. Andre is the Strategic Partner Manager for privacy and chrome at Google, a longtime admirer of the open web and an aspiring friend of the Drupal community. Welcome to the show. And thank you for joining us.

Andrey L  
Thank you. Thanks for having me here

Nic L  
And Tim is the CTO of the Drupal Association returning guest and he's here to represent Drupal's perspective. Welcome back to the show. Tim.

Tim L  
Good to be back.

Nic L  
I'm Nick Laflin, founder at Enlightened development and today my co hosts are as usual John Piccozi, Solution Architect at EPAM.

John P  
Hi, everyone.

Nic L  
And joining us again, Randy Oest the Creative Director for kitchens and product lead of Emulsify. Thank you for joining us again.

Randy O  
Thanks for having me. Okay,

Nic L  
so we do have a community update. So elections are in everybody's mind today, because today is election day in the United States. But we have the resolution of another election, the Drupal Association at large board election winner was Nikki Flores. So thank you for everybody that participated, and looking forward to see what ideas she comes up with.

Tim L  
It's going to be great having her on the board. I'm looking forward to one of my, let's see, this is another 1/14 of my bosses. Joining in should be a lot of fun.

John P  
Now, do you keep track Tim, do you have like a board of how many of bosses you've had, like 114 bosses you've had?

Tim L  
Well, when you go through when you go through boards and executive directors and all those things, it's better not to keep track. Fair enough.

Nic L  
We also have a quick announcement NedCamp is going to be

John P  
this coming weekend. Yeah, yeah,

Nic L  
week that this comes out. So definitely looking forward to seeing everybody.

John P  
If you're listening to this, and it's a Monday, Tuesday, Wednesday or Thursday, go buy your tickets, Nedcamp is happening on Friday and Saturday, the 18th and 19th. There's a training day on Friday, a session day on Saturday. We have a fun community event Friday nights open to the public, you can come you don't have to have a conference ticket. And then sessions and an after party on Saturday. Come to that camp.

Nic L  
Awesome. And we have a new module of the week that I'm looking forward to hearing about what do you got first, Martin.

Martin A  
So this week, we're going to be talking about Entity Autocomplete Anchor which is actually a module that was nominated by one of our listeners and a previous guest on the show, Matthieu, who is himself a maintainer of a number of interesting and useful modules. So entity autocomplete anchor really provides a widget that allows a content author to basically add an anchor to an entity Reference link. It's a module that was just created earlier this year in April of 2022. Currently, it has a 1.0 beta three release that supports Drupal 9, and the most recent release was was released in May 24. It's not widely used it's currently shows nine sites using it. But it does list the United Nations as a supporting organization Arthur

Tim L  
Coyle graphically clue about the element of sites that are probably isn't

Unknown Speaker  
exactly, exactly so in terms of how it works. It it basically has your sort of standard autocomplete entity reference field, but it adds a field to specify an anchor. So a destination within the page, where user will be taken when they click on that link. It's also worth noting that if someone is already using the Linkit module, which was mentioned briefly in last week's show, and was actually covered, I think is module of the week in Episode 327. There actually is a RTV see issue about adding anchor support to linkit. So if your site is already using that module, then then you might be able to sort of add some of this capability there as well. So maybe you just opened it up to the group here. Has anybody had to use this kind of, you know, anchor linking strategy with entity reference links or maybe had other sort of very specific, you know, Link needs in Drupal

Tim L  
seven. The funny thing is, we don't do anything like this from a technical point of view. But it could be potentially pretty useful. Because, you know, on drupal.org documentation system, we're automatically generating these anchor links across documentation sections and groups. And all these groups, of course, are based on entity reference. So when we're moving people around the contributor guide, or module documentation or things like that, I feel like something like this actually could be, could be a big time saver. So that could be cool. Yeah, that's neat. It seems like such as, it's one of those great examples of something that seems like such a small feature, but it's actually super, super useful. So

Nic L  
yeah, I mean, it solves like, I have worked around solutions for this for a lot of clients where like, just the template outputs, like the ID and some sort of thing so that they so that the customer can create anchor links to things when they need to, but that you're using the ID in that case, which is a messy, like, you never want to go to an anchor link that's like comp dash 14772, right? This allows the end, you're outputting that for every single component on the page when this template level, right, whereas this allows you like, if they need the anchor link, they can create it, and they can put some marketing behind it, they can name it, whatever they need to name it. So it looks nice. So I will actually be looking at installing this for a couple of clients right away. It's also got more unknown when he wrote these notes, but he's got 13 websites now. So it's almost a 50% increase.

Randy O  
Some additional nations saw that the UN was using it and decided like, you know, like, hey, let's, let's add this to the ireland.gov site.

Tim L  
Honestly, I'm not sure. It really could be just because one of the things I really wished we had in our stats was the size of the sites and not just the number of sites. These days, that's often a more important indicator with with the scale that some of these Drupal sites are at.

Randy O  
In the support, I can say like, you know, I'm absolutely going to use this I've got a client right now who was asking about like making internal links, to be able to link deep on a page, and we're like, well, we can totally do that. But it's gonna be a little bit janky. And like this might make it a lot less janky. So looking forward to being number 14.

John P  
This may be a dumb question. So brace yourselves listeners and everybody else. Does it allow you two kind of link to kind of any ID on the page? Or is it specifically just do you need to place an anchor within your content in order to go to that point?

Martin A  
Excellent question. I mean, to my knowledge, it's really a text field. So potentially, you could maybe try and do like sometimes in Google search results, it uses this weird sort of very custom format that I don't know if if other browsers besides Chrome, work with it. But basically, it allows linking to like specific text within a page. So theoretically, you might be able to get that to work. But I think it's really designed for sort of more traditional.

Tim L  
Yeah, there's a list of supported attributes from the link attributes widget, which I assume would all be compatible with this. And that's got ARIA labels and titles and accessing and all sorts of more obscure stuff.

John P  
So wonder if you're using this going back to our show last week with the CK editor, guys, I mentioned, the anchor widget within CK editor. I'm wondering if like you would necessarily need this in order to complement this module to be able to put anchors into your content as you were writing it.

Tim L  
Yeah. site number 14 will tell us right.

John P  
Very, very go.

Nic L  
Awesome. Well, well, thank you, Martin, for this suggestion. I actually might watch the usage statistics on this one for the first time just to see to watch it take up. But yeah, excellent. Excellent module we appreciate.

Unknown Speaker  
Yeah. And if any listeners have other modules that they want to nominate, by all means, drop them in the talking Drupal channel on Drupal slack.

Nic L  
Awesome. Alright. So moving on to our primary topic this week. So Tim, there's, you know, performance and privacy in the open web is a big topic. You know, it's something that's been on our minds a lot. And the idea for the show actually came up when you were a guest host a few weeks ago. Can you tell us a little bit more about what's behind performance privacy and the open web?

Tim L  
Yeah, as you said, it's potentially a really huge topic, because these are all really important things that I think are on everyone's mind. And, you know, we'll dig into some of the details here. But I think frankly, this is something that we can have an ongoing conversation about here on the podcast, in the community at large in the Drupal space, but also in the open source community at large. I think it's going to be really important. But more specifically, let me break down sort of for each of those three categories into some problem spaces that we want to talk about. So when it comes to performance, one of the ways to frame the conversation is, we're really talking about performance as it impacts sort of user experience, as it affects our end users of Drupal, as it affects people in developing world using the web, as it affects kind of the ability of applications to interoperate with each other. And one of the things that we really need to think about is not just necessarily sort of raw back end performance, but also front end performance, sort of that perceived snappiness and ease of use that app like behavior. Because one of the threats to the open web is that everybody moves to app ecosystems, they use their Facebook pages, instead of building a website, they you know, all these different kinds of things, where they could kind of opt out of sort of participating and sort of the more the more open web. And believe it or not, that just the pure performance of how a website works can have a big impact on that. So that's one area where we want to talk about this. On the privacy side, that's obviously on everyone's minds, particularly since the GDPR, regulations went into effect. And then other nations and states began adding their own regulations to manage privacy, but also, again, just to respond to kind of, I don't want to say, dystopian future that we could be facing. But But this notion that we want to control our data and control our experience, and and how do we do that on the web? How does that compare to what we're currently doing in application ecosystems and other places? And how do people who want to promote an open web ecosystem work together with folks who have a lot of control over the the space like, like folks at Google? And then lastly, speaking of the open web in general, I think we're all aware of kind of the implosion currently going on at Twitter, which brings to mind the all these questions about well, we had all of our eggs in a proprietary social media basket, what are the consequences of that things can change very rapidly? So where can we have robust and strong Open Web Solutions, not just in social media, but also in publishing and with CMS solutions, like Drupal or whatever else it may be? So that we have a variety of more independent voices more sort of controlled and self published voices? And how does the technology impact the adoption of that because I go back to my earlier example, if your open web solutions are hard to implement, and janky, people will still opt for the proprietary stuff, because in the end, the ease of use will will trump those greater concerns, until there's that kind of implosion. So, yeah, I think that sets the stage.

John P  
Interesting. Okay. So let's break that down into into its three buckets. Right. Let's start by talking about web performance. This is going to be kind of an easy, I think, an easy question, because we all kind of know about web performance. But Andre, what's meant by web performance?

Andrey L  
Thanks for setting me up like that was an easy one. Well, first of all, I'm gonna say that web performance probably doesn't mean what you think it does. And I will also just ruin everything, including the name of the episode by saying it's not actually performance. And team has alluded to this. It's about its user experience, of which performance is about what we really care about here. Although However, depending on how you want to approach it, we can move on my call. Performance just applies to really everything. And every website that is performing is a website that delivers the users the information and the services and the products that they came looking for. And so in that sense, we can probably use that as a coverall term as well, just equivalent to user experience. However, you will want to get a little bit more technical than this. I would say that. Let's start with let's you know, there's no single place to start. But let's start with this. The Chrome team uses over 200 metrics to track user experience, and has been for years tweaks the browser's code itself, to optimize to compress, to predict and do other interesting cool things to improve the overall user experience on Chrome. However, a huge chunk of that experience is in the hands of the developers and the owners of the websites. So for the longest time, it was felt necessary to come up with a way to share this measurable approach with web developers. You In a way, that's not overwhelming, because if you start asking everybody to track 200 different metrics, you're not setting yourself up for success. So one approach was chosen to select a few that are reasonably all. But say all encompassing, and then I caught myself, not all encompassing, but reasonably broad and cover the widest possible range of aspects of user experience. Somewhat mutually independent. They're all interrelated, but at least somewhat mutually dependent, where changing one shouldn't necessarily affect the others. And therefore, all of them combined, give you a good overall picture without being too detailed, and yet being detailed enough to give you meaningful information and quantifiable. And that's how the Chrome team landed on the concept of core vitals. This is the first time that we mentioned that what are the I mean, this, first of all, the word core right implies that there's also an encore. And that's true, right? There's a bunch of web vitals metrics, this probably about just showed up a dozen of them, we're gonna cover them all in the detail, you can look them up and drop some links in the show notes as well. But the core ones are three for now, right. And that is can also change. And that's important, we'll come to this as well. The three that were chosen, cover, visual stability, I'm actually starting at the end. But let's do this. And most of this backwards, covers visual stability, which is an essential element of what we experienced, it's easy to understand for anybody in the most layman's terms, if the webpage you're on is jumping all over the place without your control, it's not a great experience. And it's the interactivity of the page. And that's a tricky one to measure. For example, right now we're using something called first input delay. There's other attempts in the works, to see if there's a better way to approach this measurement. But you clearly understand that we need to we need to measure this somehow, we need to understand how quickly the content on the page, the page itself, how well it leaves like it's a living entity needs to respond to the user makes the user feel engaged. And so we need to measure that somehow. And we'll try and sort of, for now, when we try with Fit is basically measuring how long it takes from a button has been pressed or clicked to do something more or less. There's a technical definition to this, you can dive into this. And then since I'm going backwards, the appearance, the first visual appearance of the content, actually, that you actually dream for to the page is probably an essential element of the experience. Because if it's not seeing what you came there to see, then you're not having an experience at all. So these three things the taint and appearance of the content, the interactivity of the content, and the stability of the experience that you're having, ah, what is covered by core vitals, and is supposed to be representative over large enough as a large enough slice of user experience, to be meaningful to track and improve and can be quantified with user data.

John P  
It's really interesting because like, everybody always talks about performance, right? My website needs to be fast. Google's looking at my website and needs to be fast, because it's going to help my SEO, but very rarely do they think it maybe this is changing, right? Hopefully, it's changing, because what you just said makes a lot of sense, right? Like, hopefully, it's changing to like, hey, if my website isn't usable button clicks take a long time, it loads slowly. As you said, things are moving all over the screen, they'll realize that like the bigger performance picture is is super important, as opposed to just like PageSpeed PageSpeed PageSpeed.

Nic L  
Yeah, I think that's really interesting. Because that you bring that up, I was actually talking about this with a client earlier when we were talking about some usability issues. And IMDb has, I think, a really good example of a performance page that that like the what you would traditionally say this to perform it because it loads quickly, but isn't performing from usability perspective. So if you ever have used their episode guide, it is a frustrating experience. Because what happens is, you click on a season, and the list of all the episodes load. And you say oh, I want to click on episode four, right? You move your mouse down on the screen to click on episode four. And then IMD in the IMDB in the background was loading details about all these episodes. And just about the time you get your mouse to Episode Four to click on it, it loads in those details and the entire list runs away from you. And then you end up clicking on Episode Two, which isn't the episode you wanted to look at. So then you have to go back and then you have to wait for the list to load again, then you have to wait for the details to load so that you can actually click on the episode you want. Whereas if you just if they just had that delay and just loaded everything at once, it might actually take longer for the page to paint. But it's more performance site because you're not clicking first of all you're not clicking twice or three times on the wrong thing. You're not waiting you know you're not waiting 10 seconds looking at the screen waiting for the thing to load that you know is going to load So it's an interesting thing when you tie that back to accessibility or usability rather, you know, that can be performance, like it probably would take half, you know, 200 milliseconds longer to just load that in the first request. versus, you know, doing it as as an AJAX call. But it did make that page way more way more performance.

Randy O  
And there's, you're saying

that you don't like the IMDB adventure games that they gave you like, like you make a selection, they make it jump like, you know, it's hard game pitfall you know, like jumping over crocodiles to get to the IMDB information you need?

Tim L  
Well, and what's interesting, right is there are techniques that don't have to. And now I'm borrowing from some of the stuff that Andrey has talked about at the workshop at Drupal con, which we'll get into a little bit too. But there are techniques that you can use where it's like, it's not that you necessarily even have to delay your payload payload for a full page pain. You can create layout stability, where effectively you have enough placeholder spacing for where those details will load. So if you do go ahead and click, you want to go in and click, click episode four, before the details have loaded, you can do that. But also, if you wait, it's not going to jump because that now that dev spacing is already in place, and it's already ready to go. So you can there's ways you can have the best of both worlds. And this is really interesting to me also, right? You can go to web dot Dev, where the correlate vitals are documented, and you can put it in a site and get, right so there's there's multiple ways people can measure this if they want to write Andry. So one is you can just do a Site Audit right from that site. And then you can use a variety of tools that that the Chrome team and others have provided if you want to install sort of more robust options. But I welcome folks to feel free to put in drupal.org, it's not a great example, on the performance side, although I will say our accessibility scores extremely good. But but it's it is an interesting way to to get a sense of what some of these metrics are, and compare against the site that maybe you're used to using from a usability perspective, and see how this lines up. Because, you know, in the end, as as engineers, we often think, okay, measurement of performance. Like, it's like we're racing servers against each other. And we're forgetting that the ultimate purpose of this is to the, you know, foster a good experience of the people using it. So just just remembering which metric we're putting first, in your

Andrey L  
defenses is we're focusing on CLS so much, which i By the way, I love this is my favorite metric. If you've ever seen me talk about this before, you know that this is my metric of joy, right? This is the one that people tend to ignore drupal.com at the origin level has a CLS of zero. You respect your users. And I thank you for

Nic L  
it sorry. For listeners, CLS stands for what?

Andrey L  
That's exactly what we've been talking about. So they are describing is the layout ship, hopefully it's in the name, right? It's the layout is shifting without the use of doing something and it's actually there's some math behind it, you can read up exactly how long does it have to be between an interaction and the shift for it to be considered a user generated interaction versus non user generated one. And so what you've been describing is exactly that. It's layout shifting, and Smokey the calculation is so simple. I don't know why we haven't done it before. Right? Actually, it's been some years, I wasn't there from the status literally, by how much by how much has the content on the on the screen shifted with by respect with the size of the screen, and that's it, right? And so you can, it's simplistic on the one hand, but it's something you can really zoom in on another hand also allows you to think, well, you know, what, if I'm in the area of like a 1% shift, which is almost imperceptible, maybe slightly annoying, but not too critical? And then when I'm okay, if I'm starting to get into the sort of the double digits of percentage shift shifts, they can cause exactly the experience that you've been referring to where you miss clicking on things. Yeah.

Randy O  
Yeah, so so I'd like to kind of like come back around, you went through and mentioned some of the core vitals that the Chrome team looks at. I'm kind of curious what some of the non core vitals look like, what what are some examples of those, I mean, I'm not looking for a list of all the like 197 that you didn't list. But

Andrey L  
just know the initial is about eight or nine that I considered with vitals, but are not part of the core in terms of because, again, it's back to the concept of not expecting all developers everywhere to be able to optimize with multiple things at once, which is probably also impossible. But to give you one example of a thing that is closely looked at, but it's not considered one of the core is, as opposed to the less content footprint that we talked about, like the main piece of content by screen size, more or less, that the user came to the website for you can also look at the first Contentful paint. So when did anything get painted on the page, which is also interesting, right? You got the time to first byte as well, which is when did the first byte arrive? And when was the this first byte actually one of these for some bite brought to the screen. But both of these are interesting. But then again, the more interesting, to some degree, maybe from a sort of back end and engineering perspective. Like how quickly Am I communicating device to device? Not so much yet with the eyeballs of the user? Or maybe not even the eyeballs, right? We can think about accessibility. So with any means through which the user is interacting with the page, how quickly am I delivering that. So that's the difference here. So we have some other ones, which also can may be feeding into it, because you can have a legit Contentful paint without the first Contentful paint, right, and you can have both, and maybe it's your server loading time, that's actually slowing everything down. And if you bring down your TTFB, your time to first byte, you'll prove your largest content for pain. But maybe in many cases, your TTFB is amazing. And you're you're doing great on time in terms of server responses, but you're loading a nine gigabyte dng image as your main content, right.

Randy O  
As a designer, I would never ever do that.

Andrey L  
Again, like five seconds ago, it's like, yeah, never happened.

Nic L  
I cut I cut.

John P  
Randy, I think what Randy was saying there, is it okay to do it onces. Yeah,

Randy O  
I mean, right, just, you know, like, oh, no, it's fine. 999 megabyte image.

John P  
Remember, people, people hold first impressions for a long time, Randy, even even if it's a nine megabyte PNG, um, Andre, let's talk a little bit about benefits, right? So obviously, there are obvious benefits to like, web performance and having good core vitals, right? Like, Hey, your users are happy, because your site loads faster, you know, its performance, so on so forth. But what are what are some of the benefits that aren't obvious? Right, so one that I keep coming thinking of? And feel free not to answer this question, because, you know, but like, do these things help? Your ranking in Google? Is that something that Google is looking at when it's saying like, Oh, this website's like a reputable source, or like somebody that should be higher in the in the, you know, page ranking, and so on, so forth.

Andrey L  
You really make me torn between being a little bit facetious, and also respectful. And I'm gonna try to tread the middle ground between those.

John P  
I mean, we like facetious. Yeah. Well, do you do you?

Andrey L  
Disclaimer, right? I'm not from the search team. So not qualified, not authorized to talk about search rankings at all. Even in private life, I try to avoid it. Because I'm also interested in maybe tidbit about me. I did that for six years, and then moved on. And it's been a while. So you might know me from my previous life as a search politician that was no longer in Great job, where I'm not doing it anymore, because then you get to talk about things like this. Well, I'll say I'll say what's publicly available, what's out there on this topic. So it's clear. Google search, uses core viral scores, as measured in the wild, sort of not measured by Googlebot, or anything as collected from real users, anonymized and so on. So there's no personal information leaking there. So Google Search uses that as part of their page experience, algorithm elements. So you can look that up, we'll put that in the show notes. I think there's a blog post about it, which explains what other elements are present another variable. Importantly, it's not like core vitals are somehow the end all and be all all of a sudden of ranking number one, and number 101. Just, you know, read the blog post, what I will also end at the show notes, and what I'm a lot more excited to talk about is the direct business impact. Because I mean, again, was talking about physicians, like, who cares which position you're ranking in, who cares how many users you get to your website, if nobody's buying anything, it's nobody's doing anything? Well, you might, you might be the United Nations, and you're not selling, you know, bicycles. You still selling something you're selling yourself, you're gonna be selling things. You don't want to call it selling, or whatever you want, you are engaging the users in some meaningful way to subscribe to your blog to donate to your cause to participate, to engage. In fact, you know what, I would even say this is more critical for non commercial organizations that are trying to engage people. Because if you really, really want to buy a bicycle, maybe you'll stick around to buy a bicycle. But if you're looking to just maybe have been tangentially engaged in an in a sort of in a benevolent cause, and you're not sure, hitting an horrible experience, when you tried to get in, there might be the thing that puts you off, right? I don't know like this is an example of the top of my head. But basically, you'll see a study in the show notes, which draws correlation causation, but it's seems to strongly indicate a very strong relationship between the overall user experience on the site as measured by core vitals, and business indicators. And we have multiple case studies on website that where you can get to go. I drove that up, my bounce rate went down mine engagement rates are that people read more pages, people maybe add more stuff to the cart, maybe people reengage with the cart and so on. That's what you need to care about. Yes, you need to care about SEO and bringing people to your resource. But you, you also must care about keeping them there. And getting them to do it together.

John P  
First. And I think that's a, that's a great point. Because I, I mean, we've all heard, right. And this is like, for ages, right? People that have been doing ecommerce have heard like, hey, like, a frictionless experience is gonna help you sell more of x, whatever x is, right? And like, it makes sense, like, hey, if if two vendors are next to each other, and one vendor has like a huge problem, right? With their website that causes people pain, they're not going to go there. Right? So I think the fact that you have statistics to back this up, and you can look at the data and say like, Hey, this is like, obviously true, but it's also statistically true. And here's how, and then you can quantify that to people that may have similar sites, right to say like, well, your competitor here, maybe you're probably not sharing that data, but like, they could look it up. Maybe your competitor here is doing this better than you. No, no.

Andrey L  
You know what, let me just sort of point people in the right direction here talking about competitors. Yeah, absolutely. As much as Chrome can meaningfully share publicly and with respect to user privacy and anonymity. Let me run you through some of the details. I mean, not just you, everybody who's listening to us. So what do we got here? Every Google session, if the user has opted into that gets logged, so all the things that are firing off all the events firing off on the page, get logged, right? If we use it as a permission, then if there are enough user sessions on any given page, or any given time period to be able to provide this data back with unlimited. So there's been basically this above some threshold, which allows us to introduce enough models for this to be viable. You have a dataset of all the pages known the chrome, all the sessions and all those pages over time. And it's publicly available. First of all, it's publicly available as raw data, jump into BigQuery, knock yourself out, find competitors, find platforms, whatever. We also make it somewhat easier for everybody, hopefully, first of all, teams already mentioned this page speed with dot web dot Dev, where you can just input any URL, your URL, anybody's URL and see the results right there if they're available, right. For some sites with some pages, and some sites with lower amounts of traffic, you might not see it there for exactly the reasons I explained. But for larger websites, definitely you'll see yourself you see your competitors, you'll see your grandma's website, anything you like, right? It's number one, and then number two on a platform level. And we'll drop that in the show notes as well. For those who are interested, we are publishing a core vitals Technology Report, which compares platforms. So it compares to what I mean, the comparison you do yourself. But there's data available per CMS framework, even specific plugins on certain in some of the ecosystems, right, so you can do comparisons, when you compare Drupal with wiks or, you know, a particular

module comparison.

John P  
works. Yeah, sorry.

Andrey L  
I brought it up as the first thing that popped in my mind anything. The reason I picked that up is because I mean, there's other open source CMS. And it has an interesting dynamic between them. And there's a really interesting thing, from my perspective, because I'm an outsider looking in, there's an interesting dynamic and perspective and the changes in the developments between the open source and sort of commercially owned entirely on CMS as well and how they've been developing and what changes have been happening there. And you can check it out check, definitely check out that webinar psychology report, and see some of the dynamics there and how the some ecosystems have been really shooting up in terms of performance. And you can also trace the history a little bit of how and why that happened. And some, some others didn't. And we will be interesting to see over the coming years, what impact this has on the usage. I mean, Drupal, for example, is doing really good.

Nic L  
So Andre, there's something that I'm extremely curious about. So as a web developer, at least for the last 10 years or so, performance has always been very important for me. And you know, one of the things is, you try to identify school pages, you know, for whatever definition of slo that we're using, and make them more performant. But it's always kind of a site by site or page by page project, you know, so I might take some learnings from one project and apply them to the next right. But I'm curious from a platform level like Chrome, how is how is the Chrome team approaching performance? Because you can publish something like, Hey, this pattern in JavaScript is very slow. You shouldn't follow that. But there's also decide like, hey, maybe there's a way to, you know, when you're talking about the JavaScript pension, for example, maybe you can interpret that pattern differently and make it faster. You know how Hey, how was performance approach from a platform or browser level? On the Chrome team? How do you try to? Is it all just measuring it and trying to publish the stuff? Or are you guys also saying like, how can we make this interpretation faster?

Andrey L  
I think the short version of the answer here is definitely yes, both. For sure. Right. So Chrome, over time has introduced a whole range of optimizations to the way pages are being rendered. So they can be delivered. So the bytes can be delivered faster. And we this is this is exactly what, maybe, yeah, this is exactly related to where we started the conversation about core vitals, where they came from all the internal metrics that chrome looks at. First and foremost, we're introduced to understand what Chrome can do about that. What Chrome can do to help the delivery of Contentful paints and processing of JavaScript and all that. The to me, though, then keep in mind, I'm not a developer on the Chrome team, right, so maybe have to fall back to some of my engineering colleagues and look up some of their talks, try to find some good ones on this. For you in the show notes. I think the realization is that we need to be in this together. And I think this is, in fact, you know what this is a great tie in and where we can talk about the work we've been doing together with Drupal and why. Because you don't want to push the entire load of development, the entire load of improvement onto developers, our certain things are certainly in their hands. Where we feel there's an opportunity to balance this balance this responsibility and balance this load is by working with platforms that enable developers and Drupal is certainly an amazing example of that, right? When you have areas that require attention, and could ostensibly be dealt with by an individual developer, or a great example of this specifically, is lazy loading, like you could theoretically dive into your Drupal code and manually change things. But what you could also do is, you could think of ways to improve this at the platform level for everybody. Right in there, we've been investing in this together with some amazing workforce from tech, one in Drupal and some others over the past year, to make it available just for everybody. And again, this is going to be there's a link to the GitHub repo, the site we've been working on in the show notes, and you can see for yourselves, the kind of things we've now made, more generally available as tooling for Drupal developers. And this is the approach and this is part of the approach. So you got to you got the part of where the browser itself is trying to improve itself while competing with other browsers. But I think more essentially, since Chrome is not the only browser in the world, right? That's amazing. You need to be ups up leveling the entire web platform. And you do that by working with platforms like Drupal, so that it becomes easier to do the right thing.

Tim L  
Yeah, I think what was remarkable to me was, I think it goes back to maybe 2018p, I can't remember the the Google hosted for the first time a CMS Leadership Summit, a

Andrey L  
Forum

Tim L  
yes, CMS Leadership Forum, like four or five years ago, they hosted one for the first time. And it was really interesting, because they brought together there's about 50%, open source platforms and about 50% proprietary commercial platforms. And that wasn't based on that deliberate, you know, we want half and half as I understood it, it was based on Google knowing that these were the platforms that were publishing up to 50% of what was being indexed in Google of the web, and brought those people together to actually talk about problem solving. And to me, that was a remarkable sort of sea change in the kind of interaction and collaboration between open source projects, like Drupal. And between an organization like Google, which kind of is is at the browser end and the search end of this experience, right. And there was a there was a lot that we did in the past to that was, you know, two ships passing each other in the night where it's like, well, we're doing what we think our understanding of Google was. And Google does things so that they think their understanding of open source projects and these platforms do and we got into a real dialogue and, and I just want to echo what Andrew said, it makes so much sense to collaborate on the things that will empower people to do the two input in place the best practices most easily. And those are not just developer practices, because we go back to Hey, you added that, you know, nine megabyte ping file, right like updating you know, dribbles Drupal is modern versions now have image styles that can be predefined to help prevent your regular content editors from accidentally posting images that to large and now can have those be lazy load by default and, and all sorts of other things. So it's a little bit of a way of just how do you how do we make this experience based Performance Engineering, not a specialty discipline, but something that can be more easily built in and shared across every little thing that we're doing. So that, you know, you don't, you don't evaluate it as a separate task. It's just part of each component of your platform.

Andrey L  
And I have an example I was furiously Googling, just to make sure that I'm not talking out of some inappropriate part of my body. What web P does an example for your web P was introduced by Google back in 2010. And I did not know the date, so I had to find it out. But yes, the web P has an image format, that helps us move away to some degree from PNGs, where it's appropriate, was introduced, it's not enough to introduce a format and say, hey, you know, there's a much better way to put images on the web, you need to get people to be able to use it. And the work that folks on Drupal did to implement support for Web, it was critical for this, right, and you just see adoption of web be going up and up with more and more platforms, making it easier to use this type of images. So that's the synergy, right that

Tim L  
defending in an in an open source spirit, we've worked with people at WordPress at type of three Joomla, like a number of these people. And in several cases, even though they were open source projects, I hadn't had the chance to build relationships with them, until we were together at the Leadership Forum. Because we were finally in a room together. And so you know, when we talk about web p or A VF or some of these other image optimization, things like the project that started as an early collaboration with Google to say, hey, can we provide that support in the Drupal ecosystem actually turned into, can we get that support upstream in PHP, because PHP itself needed it. And so now, the whole PHP ecosystem, in the latest versions supports these new, much more highly optimized image formats, thanks to the work that the Drupal community wanted to do to implement this. And that will go into all of these platforms. So like, those are the kinds of collaborations that I think are so crucial. Yeah,

Nic L  
and I just want to call it to that this kind of collaboration is, is a bit unique in that it's one of those things that it truly helps every party, right? Yeah, I mean, making more performant and accessible sites helps Google because, you know, if they're, if they're providing those results, people, people are more likely to use Google as their platform of choice, right? Having a more accessible and performance site for the user is, I mean, by definition,

by definition, a win for them.

For the user, you know, having a more performance CMS, like Drupal or more accessible, CMS, like Drupal is better for, you know, developers and for client, like, it's less effort as a developer to make it accessible, if it's more accessible out of the box, better for our customers, because, you know, they're the experience that their customers are going to have will be better. So it truly is one of those collaborations that every level way down, this type of collaboration, it helps. It just helps make the world a better place. You know, on some level, it's

Andrey L  
collaboration all the way down.

Tim L  
Yeah, exactly. And it's just one of those things where it can't be overstated how valuable it is for us to not be, right. It's very much in the spirit of open source. And this goes back to the larger open web kind of admission. What kind of web do we want? Do we want the sort of web where oops, 25% of the internet that people use was actually one service that was just bought by one billionaire? Who's having a bad mental health day? And now, wow, that's, that's going to be tough? Or do we want a web that's like, built on really solid foundations and that people can independently partake in. And I just find it really interesting that this sort of collaboration allows open source projects to collaborate with each other to collaborate with proprietary ecosystems as well to just again to say, hey, we want web P to be a thing. So we want that to be a thing for everybody, not just us. But but also in some ways it gives, it helps open source as a movement, participate beyond its specific project, right. This is a kind of collaboration where we're not just talking about Drupal. We are making Drupal more competitive on the web as a result of this, but we are, this is an area where we're working with Drupal as part of a larger open web movement. And that's, that's really gratifying.

Randy O  
I love to hear all of this. And this is something that like I personally use the term nutritious work, you know, it's like work that feeds the soul. I want to kind of focus a little bit like take, you know, all the hand holding through all the ecosystems is great, but Tim, I'd like to kind of know a little bit more about the performance tuning that D.O does and like how the hell is that helped?

Tim L  
Yeah, that's a great question. Because there's first of all, there's a lot more for us to do. And there's more things that drupal.org itself can do. So, as some of the folks on this call may know, drupal.org, it's still in the midst of our upgrade front to modern Drupal, we're still a Drupal seven site. And we have three sites that are pre production ready for Drupal nine, and probably actually 10 By the time they launch, and some other things going on. And you know, drupal.org, primary focuses have been on, you know, robust caching configurations, CDN configurations. And then, in particular, focusing on the kind of mobile first accessible first user interaction patterns that are like clean, simple, we don't have layout shift, as Andrew mentioned earlier, right? Those sorts of things. That said, we do still have a lot that we can do, right, we still have a lot we can do in terms of page renders, and image optimization, especially. Those are like major areas that affect your first first Contentful. Paint. And it's time to interactive, those kinds of things are still issues with drupal.org itself that I think will get significantly better with our next launches. So one of the nice things is, again, if anybody out there wants to use drupal.org, as a guinea pig, or punching bag or anything like that, when they're checking out web dev, it produces a list of opportunities, right? So it says, Hey, here's the, here's the thing that we think is it will be most impactful. Like deferring the loading of images that are off screen, we have a lot of fairly long landing pages, especially on the sort of front end marketing areas of drupal.org. Where like until you scroll, but there's a bunch of images that don't need to load all sorts of things. It's next Mecca recommendation is next gen image formats, like this AVF and web P support that we've been working on. So it'd be cool to use a

Randy O  
Teletubby lazy load, like just there's a lazy load attribute in HTML. No.

Tim L  
Yeah, there is. And in fact, I'll link it in the show notes as well. I just dropped it down there.

Nic L  
That was triple core. Yeah,

Tim L  
I buy this collaboration with with the Google team. So when that'll it's in there. By default. Once we're we've got our nine upgrades. So if there's a lot of really cool stuff in there, and it'd be nice to make datadot Sort of a case study for that stuff.

Nic L  
So you guys kind of alluded to this a little bit earlier. I mean, you were talking about the lazy loading, collaboration, but it sounds like there's some new collaboration that's been happening too, as recently as the most recent Drupal con. Can you tell us a bit about that as well? Like, what's what's coming up? What can we look forward to?

Tim L  
Yeah, well, let me let me start with a couple things. And I'll hand it to Andre, because unfortunately, literally, like five days before Drupal, con Prague, I got COVID and couldn't get on the plane. So he can talk more specifically about what happened there. Because I heard it was standing room only kind of situation. But speaking more generally about the collaboration. We've been trying to do a number of things like between the Google team and the Drupal Association, we've been trying to identify high impactful areas that improve the experience of Drupal and the web for everybody, just like we've just said. And so that's been things like image OPT, lazy load, we've been talking about other potential performance areas, we've been exploring some things around privacy, we'll get to those a little bit in later topics. But basically just trying to create that sort of hit list of potential areas. One of the things we'd like to do is we'd like to engage the community further in issues of privacy and performance to say, hey, just the Drupal community, which has done some really cool projects with some really important web properties around the world. Are you aware of Do you are you out there listening? Do you have key ideas for things that are important to the web? That would be good for everyone at large? So that's a part of it as well. But speaking of Drupal, con, Andre, why don't you talk about? Well, first of all, I think it was your first Drupal con. So maybe your general experience and then specifically what we were doing there?

Andrey L  
Well, no, first of all, he was an absolute pleasure being there. And you know, I can't thank you all enough for having me there. It was, look, as you say, intense, but also lovely at the same time. One of my favorite types of events, our open source web developer events, where everybody is so friendly and involved and really passionate about what they do. And to give you one example, if you guys aren't using web profiler yet, you should go check it out, first of all, because it's an amazing country. And Luca Lusso, who's behind it literally had a coffee, I think, on Tuesday morning or something and we talked about covered vitals, it wasn't hearing about them for the first time or it can didn't really know what that was all about, and how to get them into the module for developers to check them out on the page. They showed him like a piece of JavaScript that was done for something else that just helped you handle the events. But Thursday, he was tweeting me saying, Hey, look at this early prototype. What have you been doing? Right? So first of all, you know, big props to Luca  at the rest of his team for that. But as Tim said, this is just one example. This is exactly the kind of contribution and collaboration and ideas exchange that leads to meaningful and measurable improvements in processes, but also end user outcomes that we're looking for. And then, in terms of the collaboration more and more detailed, I think, Tim, you covered this all really well, we need to identify key areas of focus. One, for example, really interesting one I've been talking about quite a lot is Drupal is automated QA system, and integrating performance checks based on Coronavirus fundamentals for now at least into Drupal skate. So in my simple understanding, you cannot launch a slower page or a less performant page like Drupal will tell you wait, what you just did, slowing it down, don't do that, do some other things. Like here's some ways you can achieve what you're trying to achieve without hurting user experience and do that in an automated way. For everybody like that. That's a very ambitious and goal will probably take a few steps to get there. But that's one example of where I feel we can do a lot of work together,

Tim L  
updating Drupal, CI and get our GitLab CI configurations to include corporate Vital testing at the point of contribution to core and at the point of contrib module testing. Right. So it's again, we're not pushing the problem to individual shops, agencies, developers, when they're working on an individual client site. We're trying to do it in fundamentally in the platform. So I think that'll be powerful.

John P  
So Tim, are you saying like, looking at a modules output? Or how it affects kind of like the Drupal front end and valuating it based on the core vitals?

Tim L  
Yeah, basically, there's a variety of ways that we can do that kind of stuff. So I mean, there's already you know, there's there's, there's something like 99,800, PHP assertions in our test, core testing, we do some front end testing with Nightwatch, we do some JavaScript stuff. But what we don't have is a targeted artifact in the output. That is, here are three simple metrics, in this case, the core web vitals that tell you if you have improved or degraded this performance based user experience with this change. And doing something as simple as that, I think could make a big difference on an ongoing basis, just making it more present. So that it's again, it's it doesn't have to be a separate initiative, to say, hey, we're going to spend six months making things faster. And then maybe gradually, they'll they'll slowly creep and get slower. Again, we're going to do something that'll be sort of ever present.

Andrey L  
One thing if I may bring in this way talking about Since Tim gave me implicit permission to talk about this by bringing up our fellow open sources, across the absolutely the experience we've had collaborating in the WordPress ecosystem, where after some initial trial and error and different approaches to how this can be even handled, because Google is Google, and the Chrome team in particular, me as part of it, I've learned a lot, since we first started trying to engage with the open source development community is spinning up eventually, in not so long ago, a dedicated WordPress performance team for WordPress, right. It just wasn't the thing that existed before. And it's not comprised solely of Google's. It's some Google's plus a lot of people from the community and different agencies and hosting providers and so on collaborating together. And I think that model has been tremendously successful. And I personally am very much invested in looking forward to us being able to spin up either a mirror image, or some Drupal flavored approach to this where multiple companies, independent developers, larger entities are coming together to do exactly what Tim was talking about, but only on a regular basis would be

Nic L  
interesting. So so so it could possibly be something that not it's not an exact analogy, but it could be something like the security team, right? Where there's a group of people focus on user experience and performance. And so if there's a module that maybe like, a good example might be, you know, with the tech, it's kind of related to the testing to like, imagine views just added a random, like, let's wait for 10 seconds before giving the results, right, that that would immediately be seen by everybody that updated there. But that but that's the kind of thing that the testing could catch. But if it's a more nuanced update, or let's say, let's say there's a MySQL update, like MySQL eight is coming out now. And, you know, let's say that there's a performance degradation between five and eight for Drupal, having a dedicated performance team that can help work through some of those gnarly issues really could help the community and the web at large, because it just means that sites are going to be more performance. We're not not degrading performance. And what

Tim L  
I think is interesting is we have the opportunity to extend, first of all, to extend the pattern that Andre and his folks have managed to establish through a lot of trial and error and hard work with a WordPress team and has been successful doing. But also to extend some of the stuff that we already do in Drupal, it is very common, I don't know how much this is visible to other folks, because it's kind of a core group of people who notices this. But almost every time there's a new version of PHP, it's actually the Drupal project that identifies several regressions or optimizations during the alpha, beta and RC phases of those new versions of PHP, like almost every release of PHP in the past eight years, the Drupal community has wound up identifying something crucial before it got to its stable release. Because we do have some eyes in that way. Not quite as formal as this not quite as, like, scoped in its goals, but, but it shows that there's opportunity.

John P  
Can Can one of you guys just take a minute to explain to our listeners, what is this word press, you keep bringing up?

Randy O  
Well, it's, it's for writers who like to make coffee, they put the coffee in the press, and then they write their words. It's a Word Press.

John P  
Listen, we appreciate all technologies and CMS is equally but you know, that for okay. We're gonna leave that one alone. I'm

Tim L  
gonna get so much crap for this afterwards. Okay.

Andrey L  
logician, by the way.

John P  
Let let's switch topics, because the show title is performance privacy in the open web. Obviously, we've been talking about performance in the open web. Let's switch to privacy and the open web. Andre, can you? You know, obviously, privacy is like a huge topic, right? Again, we're talking about big topics here. But can you can you just give us an idea? Or an overview of how privacy impacts the open web?

Andrey L  
Oh, where do I begin? Just merely kidding. So let's start with the, with the scary stuff. And then we'll talk about some of the amazingly promising stuff. On the one hand, we've let ourselves I was gonna blame it on some third party, but there isn't really a third party here, we all building the web together. So we will let ourselves over the past few decades, kind of do silly things with the web, just because the web lets you do a lot of things. And we've ended up building castles in the sand, playing on something that's coming later, we build a bunch of castles in the sand. And we build a bunch of houses of cards. And whatever the analogy, you want to you want to build this on, where the foundations of the technologies that we're using right now, some of them quite shake, in terms of how robust they can be, as users become more aware and more present in the ownership of their online presence, right? Because what I mean by this is a bunch of really happy words. I'm surprised they haven't managed to put them all together. What am I saying? Like initially, our model of consuming the web was a bunch of words, somebody talking about words, and press and coffee and all that stuff, you just put a bunch of words on the page, you upload it to a server, somebody comes and reads it, they can't even interact with the cabinet even give you a like, right. So the best you can do is maybe they send you an email saying how great or how poor it was. That was like 30 years ago or more. Definitely, you know, that's not the Kansas that we're in anymore. Where in a world that's very interactive, where users expect the interactivity and the personalization, right, don't get selected. Start talking to users about privacy concerns and sort of persistent advertising. And people might be a little bit wary of it. But you take away the personalization that they use to even your favorite example of IMDb, you know, still go there, right? Because you have your wish list. And then this is like you used to consuming that kind of cotton in your particular way. People want it. But people also want to understand how it's done. And the way it's done right now, both in terms of advertising, but also fraud prevention, for detection and spam prevention. And all of that is building a few really poorly matched technologies. polymers for this purpose are really good for the purposes they were introduced for. And by them. I mean, specifically really here in this case, it's cookies, right? It's user agent string delivered by the browser. And to some degree, it's the IP information about the user's IP address those essential building blocks in some ways, or how the web works in one hand, but what you built using those building blocks now resemble was very little what what they were initially intended for is supposed to be useful. So how do we empower the users and developers to deliver the same level of personalized and useful solutions as people are accustomed to, and maybe you weren't expecting it at a high level of that, while preserving privacy and without breaking everything. That's, that's where we started. That's, that's where we started several years ago, Google and Chrome in particular, and Android has joining on that effort as well. And came up with this initiative that is called the privacy sandbox. You can read up more using the link in the show notes. Which is, in my head, I simplified to sort of three areas, right, I think the simplest way to think about it. First, is this conceptual, almost philosophical level that I just talked about is this desire to dramatically improve user privacy and controls over privacy for users, because they deserve it. And many of them wanted actively. And some of most of them wanted to passively when they even though they might not think about this every day. Second part of it is because that philosophy is important, because everything that is done in this space is driven by that like if it doesn't match up to that standard, then it gets discarded. And the second element is old technologies, older technologies, I would say, that are not being fit for purpose being either phased out entirely, and third party cookies and promo one example, or they use for specific purposes, is being looked at again. And here we come to the user agent string and maybe IP information. That's number one. And at the same time, the browser is looking to produce solutions. API's, but not only some of them are more conceptual, we might get into a few examples. But okay, let's focus on API's even here that give the developer the functionality to deliver the personalized, targeted and useful experience while maintaining user privacy while retaining control over privacy in the users hands without violating it and making it sustainable. So that's those are the three three things here. First, is why is this all happening, which is critically important, because what we have right now isn't quite sustainable on any level. Two things that are going away three things that are being brought in. So what this means for web developers right now is keeping track of what's going away and how the current solutions are being disrupted by that. And how are they being broken? And in what ways will they break if nothing is done? And then if they are being broken, if you had been disrupted seeing that actually IT folks here and you I wish you could see my hands, but hey, this is so it folks here. So imagine a fork, on the one hand, what new solutions do you need to replace the previous functionality, but also and even more importantly, for me, because this is where new money can be made? How can you use the new functionality to brain that is being brought in to be even more effective to be even more profitable in what you do? So yeah,

John P  
it's, it's interesting, because like, it feels like one of those age old age old conundrums, right, like we develop technology, and like, and these these things, right, and we're like, hey, they have this one purpose, right? And then somebody says, well, actually, we can use that thing for like, this purpose. And then it turns into, like, I feel like everything boils down to this, but it's like a battle between good and evil, right? Like, hey, I have all this data. Now I can use it to do like, creepy personalization on somebody to sell more widgets, or I can't, and I can try to use it, you know, for, quote, unquote, air quotes. Good. Right. So, you know, it's an interesting, interesting problem. Really, the things that

Randy O  
I think is at the core of this is making sure that users know what information about them is being tracked and what's and what purpose it's being used for. I think that that's kind of the first big challenge is to surface that.

Nic L  
Yeah. And I think that's what I was gonna that's what, right in line with what I was gonna say, Randy, to like, you need to define what privacy is, right? And for me, that means knowing who has what information, knowing, having control over who they share that information with, like, it's one thing to give some information to, you know, your medical providers app and then you know, but if they then share that somewhere else, that's a privacy violation. But if you are like, Okay, I want to share it with this particular app. That's okay. Having the ability to revoke that access, and purge. I think that's what it is, like you said, Randy, like you need to privacy is about knowing what they're collecting, where they're collecting it, what they're using it for, and then having the ability to manage that yourself, right, having the ability to be like I don't use this service anymore, remove my information, or say like, you can use my information, but only you can you're not allowed to share that to surface XYZ.

Andrey L  
You know what I mean? It wasn't I was gonna like if I if I may, right. Just real quick. I think I have two points. That could be interesting here. Number one is that a little bit like, unsurprisingly, it's similar to the approach to user experience through the lens of core vitals. The Privacy sandbox isn't trying to solve for all the privacy everywhere, for everything, even on the web, right? It's saying, Okay, this like, as you say, this whole bunch of different permission models and different sharing models that might or might not be affected specifically by the sandbox, but let's say, Okay, we know the three things that we're looking at. And we know like a couple of dozen API based and other solutions that we're introducing. That's the scope, right? The scope can change, but it is the scope right now is transparent. And everybody understands what exactly we're dealing with. If there's other additional aspects that need to be addressed, they might or might not come into the scope, or they might be solved elsewhere. That's number one. Right? It's important, because I had those conversations a couple of times life as well. With the privacy sandbox, it's important to go and figure out look at the website, basically and look at the overview and see what is what are we dealing with here? And what are we not dealing with here? That's number one. And the second point that you really got me thinking about, but now I completely lost the track. I'll come back to that when you go make your point.

John P  
So I guess my last thought there, which a good one or a bad one is like on the web, is there really a expectation of privacy for users? Like I feel like a lot of this is like, there are two schools of thought, right? There are people that like, No, I want my privacy on the web, I want to be able to like be a voyeur and watch and see and not, like have any data captured about me. And then there are other people that are like, Yeah, whatever, like, I don't care, you're gonna know what you know about me. And like, I'm on Facebook, talking about my dog and like all this other stuff. Right. So it's interesting, because I don't like, I guess there's a middle ground somewhere. But to me, it kind of feels like maybe there is.

Nic L  
There's a I mean, I mean, there isn't a middle ground, the middle ground is the choice needs to be with the user on some level, I think, right? Yeah. Like, if you want that information to be shared, that's fine. Like nobody's saying that you can't share that. But right now that that choice isn't given to most consumers, right? That That choice is in the United States. And even if you try to remove your information from sites like you don't know where that was sold to where it was used, so like that choice doesn't exist, it's just the information is tracked, vary.

Tim L  
And I'll add one more thing that I do think is important, though, because, and Andrew said this, and I don't think we should gloss over it. We talk about personalization. And we often point to sort of the creepy examples. But there's a there's a feature under the umbrella, or there's a number of features under the umbrella of personalization that are very desirable for users, that even feel like part of owning their experience is dependent on that. So right if I'm on a social media platform, and I am suddenly and I'm being and I have no information being fed back to that platform, about my interests, then I may start to feel that I am being fed political information that does not align with my views, that I'm being fed advertising that is random and irrelevant that I am, I start having a degraded experience when in a context where I'm specifically looking for community, which requires tailoring and understanding shared interest. And so there is this. It's not just that, hey, you can use it for good ads and bad ads. It's also that there's this element of curation and moderation, that can be done in part using some of these personalization tools. And when we talk about some of these spaces becoming, quote, free speech platforms, which become unmoderated and uncurated. It's not exactly the same. But there's this interesting parallel, where when you talk about, if we eliminate all opportunity for curation and personalization, we also get an experience that may not be what users desire. So just two things

John P  
interesting. Tim, that like personalization, to me feels like something that should going back to the top of the show should enhance like performance and usability, right? It may not be the data and the numbers, but like, it should make people want to use your website, your service, whatever it should help them through whatever process you're trying to get them through whatever you're trying to get them to understand.

Randy O  
So I want to kind of back up a moment. And I want to I'd like to know, what is the Google Chrome privacy sandbox? And how can I get in there and play with like my little bucket and race cars

Andrey L  
Yeah, totally Exactly. And thanks for bringing this back up again, hopefully we've covered what it was just a few minutes ago. So don't need to go over that again, but very quickly, but it's this philosophy about maintaining the success of the open web while enhancing user privacy. And user privacy controls, then focusing on removing certain things or decreasing the availability of certain other signals, right. And you can see the details again, not that many you can can list quickly as cookies, its IP information and its user agent string in the browser. Right? And it's the new solutions that are being introduced to maintain exactly what was missing was new API's and other adjacent solutions. Now, how do you get to play this is the critical question, which I'm really happy, we got to in the end, right? Because, like with everything, like we what we discussed just a few minutes ago, on the performance side of things, like web p is a format. And it's not privacy, backhand performance, and web p as a format gets introduced out in the wild. The proposal apparently has existed for 12 years. But it takes developers to implement the adoption that somebody must come in and say, Okay, now as we'll build in the code, to make this image format available for my users, as opposed to some other in like in parallel with some other format, it is now critically important for us, across all ecosystems, in particular open source, and in this case, in particular, in Drupal to start understanding how are we going to bring the new functionality into Drupal? A sale first step is to understand what exactly inside Drupal itself in all the websites might get affected, let's say by third party cookie application, or the user agent string reduction, right? So that we need to do an audit across the board, how are our websites and our platform effective? And then we need to also look at the new solutions that are proposed getting on those and say, okay, are they because first of all, this is all being discussed fully in the open, you can see that in the privacy sandbox website, links to all the proposals they will out there on GitHub. So you can come in, come and do whatever you like with them. Open issues, make suggestions, first of all, at the very basic level saying okay, conceptually, I believe that this solution should work like this. But after this conceptual level, comes the implementation level. And let's say you have an API, right? That is out there, you need a contrib module, or you need to put it into Drupal core for it to be available to Drupal users. And this is where my largest request of the community comes in. This is where in a similar way that we just discussed with performance, we need privacy minded people, security minded people in the community to come together and start looking at these things, what's available, how it can be brought into the platform, what's not available, it should be created to exist on the platform, and so on. And this is the critical moment.

Nic L  
So to clarify, the privacy sandbox is something that a user of Chrome enables, like they opt into it, right?

Andrey L  
No, like, I'm not gonna talk over it again and again. So again, this, even though is not the right answer. Sandbox, the sandbox, although it's a sandbox, called the sandbox, but it's an initiative. Right? So it's not an actual sandbox that you enable,

John P  
to set a rules basically, right?

Andrey L  
Yes. Well, but also, I mean, it's what are the guidelines? What is the name of the initiative within which within a browser is doing certain things, it's saying, like third party cookies, that's an example. So the fact that third party cookies on Chrome are being phased out, is part of the privacy sandbox initiative, gotcha, initiative. It has an element. And that's one of the elements. And then another bunch of elements are the different API's that are being introduced and then as to what the user enables and disables, and we can talk about this for hours. But this is similar to most other development tools now. Right. So you got, for example, you got API proposals, that might have a you add an element of user controls, they might not need to, but some of them do, where there will be like a new option in the browser for a user to do something or see something that they haven't been able to do or see before. And on the other side, they will also have a developer element where the developer will have to implement this API for the user to be able to see something or do something, and so on, or maybe in some cases, if a developer doesn't do anything, then a user making a choice will impact what the developer, what kind of experience the developer is delivering. So it's complicated. Okay. All right. And it depends, because we have so so many aspects of the web experience effect that we have advertising technologies, measurement technologies, and all sorts of other things affected. And so there's no one single way to explain this. But the sandbox itself, to make it simple, is the initiative that encompasses all these chaps

Nic L  
make sense?

Randy O  
Excellent. I'm really glad I asked that question. Thank you.

Nic L  
Well, well, Andre and Tim, thank you for joining us. This has been an extremely enlightening show. I mean, we I've I personally learned so much about how Google and in kind of the Drupal project are thinking about both performance and privacy. So I appreciate both of you joining us today.

Tim L  
Thank you so much for having us.

Andrey L  
Absolutely thank you so much. It's been a pleasure and I really enjoyed my time with you guys.

John P  
Do you have questions or feedback reach out to talking Drupal on Twitter with the handle talking Drupal or by email with show at talking drupal.com You can connect with our hosts and other listeners on Drupal slack in the talking Drupal channel.

Nic L  
And you can promote your Drupal community event on talking Drupal. You can learn more at talkingdrupal.com/tdpromo.

John P  
Get the talking Drupal newsletter for show news, upcoming Drupal camps, local meetups and much more. Sign up for the newsletter talkingdrupal.com/newsletter.

Nic L  
And thank you patrons for supporting talking Drupal, your support is greatly appreciated. You can learn more about becoming a patron at talking drupal.com and choose to become a patron. And Andrey if our listeners wanted to get in touch with you will be the best way to do that.

Andrey L  
Find me on Twitter. Find me on LinkedIn. Just my first and last name. It shouldn't be that difficult. I'm just at AndreyLipattsev . Full both.

Nic L  
Awesome. And Tim, how are you?

Tim L  
You can find me on drupal.org and Drupal slack as hestenet or email me directly tim@association.drupal.org. And if you're not a Drupal Association member, I'd love to encourage you to sign up at drupal.org/association.

Nic L  
And Randy, how about you?

Randy O  
Sure you can find me on Twitter, at least for now as AmazingRando. And you can also find me on drupal.org and Drupal slack. Also as AmazingRando

Nic L  
and John about you.

John P  
You can find me on all the major social networks and drupal.org at JohnPiccozi and you can find out about EPAM at epam.com.

Nic L  
And you can find me pretty much everywhere at nicxvan

John P  
and if you've enjoyed listening, we've enjoyed talking. Thanks everyone. See you guys next week.