50 votes

Google’s ad policy changes to allow device fingerprinting

15 comments

  1. [3]
    X08
    Link
    A reminder to use adblockers not just to remove seemingly inescapable ads but also the whole data harvesting that comes from it. Even bigger step is to not use Google products and services at all....

    A reminder to use adblockers not just to remove seemingly inescapable ads but also the whole data harvesting that comes from it.

    Even bigger step is to not use Google products and services at all. But I'll be quickly reminded that other brands are also doing the exact same thing just maybe to a lesser extend.

    https://www.privacyguides.org/en/

    31 votes
    1. [2]
      NoblePath
      Link Parent
      Adblockers aren’t enough tonstop fingerprinting though, right? You have to use a browser that reports only generic or null information to the requestor. Which means no javascript, and not even...

      Adblockers aren’t enough tonstop fingerprinting though, right? You have to use a browser that reports only generic or null information to the requestor.

      Which means no javascript, and not even slashdot looks ok without javascript these days.

      12 votes
      1. Dangerous_Dan_McGrew
        Link Parent
        I'm blocking java script right now so tildes is functional with out it and slashdot certainly worked just fine for me blocking scripts when I was there earlier.

        I'm blocking java script right now so tildes is functional with out it and slashdot certainly worked just fine for me blocking scripts when I was there earlier.

        5 votes
  2. [3]
    elfpie
    Link
    I believe this is a relevant test for those who want to start understand the issue better. You'll see all the information you don't realize is being used and would never think of hiding....

    I believe this is a relevant test for those who want to start understand the issue better. You'll see all the information you don't realize is being used and would never think of hiding.

    https://coveryourtracks.eff.org/

    17 votes
    1. [2]
      Minori
      Link Parent
      I had no idea about the HTML5 Canvas fingerprinting! I think of myself as semi-privacy conscious with UBlock and Privacy Badger on Firefox, but there's apparently a huge amount of possible data...

      I had no idea about the HTML5 Canvas fingerprinting! I think of myself as semi-privacy conscious with UBlock and Privacy Badger on Firefox, but there's apparently a huge amount of possible data for fingerprinting...

      6 votes
      1. tauon
        Link Parent
        Yeah, my web-browser-adtech wordview got shattered quite a bit when I ran the Am I Unique test and found out I had a literally one of one unique profile (and 1 in like 1.8k for another browser...

        Yeah, my web-browser-adtech wordview got shattered quite a bit when I ran the Am I Unique test and found out I had a literally one of one unique profile (and 1 in like 1.8k for another browser instance)…

        5 votes
  3. skybrian
    Link
    I’m wondering how often advertisers violated this policy before. How would Google find out if advertisers were using fingerprinting? Did Google do anything to enforce it?

    I’m wondering how often advertisers violated this policy before. How would Google find out if advertisers were using fingerprinting? Did Google do anything to enforce it?

    11 votes
  4. [5]
    kingofsnake
    Link
    I'm blindly hoping that PrivacyBadger is doing all things behind the scenes since it regularly breaks my Firefox browser's access to some sites on mobile. I'm out of the loop on alternatives to...

    I'm blindly hoping that PrivacyBadger is doing all things behind the scenes since it regularly breaks my Firefox browser's access to some sites on mobile.

    I'm out of the loop on alternatives to Google's pre-installed OS on my phones. Is Lineage Android still a thing? Does anyone know whether it has privacy in mind at the OS level?

    9 votes
    1. [4]
      mild_takes
      Link Parent
      It sounds like Lineage is a little more focused on supporting more devices. GrapheneOS is the far more ...paranoid... option but only supports a limited set of devices, only the Google Pixel...

      It sounds like Lineage is a little more focused on supporting more devices. GrapheneOS is the far more ...paranoid... option but only supports a limited set of devices, only the Google Pixel phones and not once they get too old.

      IMO if you have a Pixel then do Graphene. Just be aware that it's totally stripped out: no calendar, no email client, no Google Play store, no Android auto... just the absolute basics plus a web browser. You can install the Google Play store and most other Google services/apps, you could just use your phone as only a phone + the web browser, or do something in between.

      10 votes
      1. kingofsnake
        Link Parent
        That is for the advice - that's great. I'm not at the point where I'd make the switch yet, but it's nice to know that there are options.

        That is for the advice - that's great. I'm not at the point where I'd make the switch yet, but it's nice to know that there are options.

        3 votes
      2. [2]
        kjw
        Link Parent
        Somewhere in between GrapheneOS and LinegageOS lies DivestOS, which afaik is a LOS fork focused on security, hence deblobbed, with many privacy and security features, degoogled with smooth monthly...

        Somewhere in between GrapheneOS and LinegageOS lies DivestOS, which afaik is a LOS fork focused on security, hence deblobbed, with many privacy and security features, degoogled with smooth monthly upgrades. Worth looking at in my opinion: https://divestos.org/
        It contains Mull web browser:

        Mull is a browser based on Mozilla technology that is hardened against fingerprinting techniques thanks to the Tor uplift project and arkenfox-user.js project.

        1 vote
        1. jamfox
          Link Parent
          Can confirm that DivestOS was a wonderful option (kept my OP 5T alive for quite a while), but unfortunately it was recently discontinued.

          Can confirm that DivestOS was a wonderful option (kept my OP 5T alive for quite a while), but unfortunately it was recently discontinued.

          6 votes
  5. [3]
    ThrowdoBaggins
    Link
    I was just brainstorming ideas for how it might be possible to circumvent tracking, and basically what I came up with is kinda what TOR already is, kinda? The only thing I can think of to...

    I was just brainstorming ideas for how it might be possible to circumvent tracking, and basically what I came up with is kinda what TOR already is, kinda?

    The only thing I can think of to genuinely avoid fingerprinting is to have the entire browser operate from a central system, and I guess screen share to my local device, so that there’s physically nothing running on my local device that can be fingerprinted. But then you’d need that central browser server also doing the same for a bunch of other people otherwise it’s just one step removed, and if you’re doing that then really you’re putting more trust in the central server than you should, especially given it suddenly becomes such a honeypot (look at this central server that’s currently logged into all these accounts! Juicy target!)

    Alternatively I might think of a whole new kind of browser that does incognito to an extreme degree — every time you enter a new URL, the local machine spins up a virtual machine that spoofs everything there is to spoof, caches nothing ever, and doesn’t allow information to pass from one page to another. I think this would mean the time to load a webpage goes back to dial-up speeds, while also putting so much demand on your system that a cheap laptop would no longer be able to browse the web.

    It sucks and I hate it, the fact that we’re even in a world where I’m considering these thoughts demonstrates the absolute blight that modern advertising has become.

    4 votes
    1. [2]
      first-must-burn
      Link Parent
      I think in the link @elfpie posted there are some links to fingerprint resistant browsers, and also blacklists of domains that serve the tracking software. From a technical point of view, you'd...

      I think in the link @elfpie posted there are some links to fingerprint resistant browsers, and also blacklists of domains that serve the tracking software.

      From a technical point of view, you'd want to inject noise into all those measurements so that each reading is different. But I think that requires a high degree of knowledge of the tracking techniques, so it's probably an arms race more than a static strategy.

      Or we could just find their offices, cut the power lines, and weld all the doors shut. (Not serious, but making the point that there are non technical mitigations available).

      4 votes
      1. ThrowdoBaggins
        Link Parent
        Oh yeah, what I would give for some more heavy handed regulation on this stuff… (or really, just enforcing privacy laws that already exist, just interpreting in a tighter fashion than the loosey...

        (Not serious, but making the point that there are non technical mitigations available)

        Oh yeah, what I would give for some more heavy handed regulation on this stuff… (or really, just enforcing privacy laws that already exist, just interpreting in a tighter fashion than the loosey goosey wild west we currently have)

        4 votes