FineCoatMummy@sh.itjust.works
on 15 Apr 20:06
nextcollapse
Article talks about cookies still being set when user opts out of those.
That’s bad, sure. But TBH I worry so much more about fingerprinting. Cookies, easy to delete in your browser, easy to block. Fingerprinting is done behind the scenes on the server, you can’t block their attempt to. There are “resist fingerprinting” options in some browsers now like firefox, but limited in effect, and much of the fingerpinting is not even something the browser can stop. Things like TLS fingerprints, or exact timings between your system making a request, and the serving system. Or things you can spoof but which cause problems if you do. Even Tor Browser doesn’t spoof some of those things b/c it causes problems to do.
The identity broker companies have a massive financial incentive, and they employ very smart data scientists. Even “opting out” of cookies, I think it’s about 0% chance we have any way to opt out of these behind the scene techniques they use. They will use every shitty weasely trick in the book like the slimeweasels they are.
Honestly. I think if tracking is disabled it should do the following:
anything screen dimension related including available height/width -> blocked (realistically java-script should never need to disclose this information outside of an internal function anyway)
User Agent: generalized (this usually already is the case)
Cookie status: kept the same as needed for functionality.
addon/plugin info: blocked
buildID: blocked
hardware concurrently: generalized instead of a set number (low end being < 4 middle being < 12 high anything else)
any hardware characteristics(such as gyro, battery state, etc) -> request for permission by default
Like there are many steps that can be done to help mitigate fingerprinting, its just getting vendors to actually do it.
being said I had never known about the TLS fingerprinting option, I generally don’t see that shown on the fingerprint detector sites, that’s interesting.
FineCoatMummy@sh.itjust.works
on 15 Apr 23:17
nextcollapse
its just getting vendors to actually do it.
Good ideas… and yeah… the browser vendors have a financial incentive to build mechanisms to collect anything and everything. Javascript itself exposes so much more fingerprinting possibilies.
That’s also why I think it’s so terrible for Google’s Chrome to have like practically all the market share. G can now drive the whole web in a way that’s good for them and bad for us.
being said I had never known about the TLS fingerprinting option, I generally don’t see that shown on the fingerprint detector sites, that’s interesting.
There’s also things like the SNI field which is a non-encrypted field which contains the requested domain name. Even if you use DNS over HTTPS to keep your information from leaking via ISP controlled DNS servers, they can still get the destination domain names from the SNI during the TLS handshake.
favoredponcho@lemmy.zip
on 15 Apr 20:43
nextcollapse
quick_snail@feddit.nl
on 16 Apr 13:14
nextcollapse
Google can’t track you if you don’t have gapps installed.
Also, this is going to be necessary in 2027, so might as well do it now
yellerbadger@piefed.social
on 17 Apr 14:55
collapse
Lots of sites and Android apps (even the non Google ones) phone home to Google behind the scenes. I’d recommend using a tracker blocker/DNS blocking just to be sure..
mic_check_one_two@lemmy.dbzer0.com
on 17 Apr 15:10
collapse
Even worse, browser fingerprinting means they can track you even if you have tracker blockers. Your tracker blocker extension just becomes another unique part of your fingerprint.
More than just opt-out. There is a class action lawsuit presented to U.S. District Court, Northern District of California, San Francisco Division on the 23 jan this year saying that
[The privacy of] “WhatsApp users’ communications is false. As the whistleblowers here have explained, WhatsApp and Meta store and have unlimited access to WhatsApp encrypted communications, and the process for Meta workers to obtain that access is quite simple” That’s the content of the messages not just the metadata
Meta, unsurprisingly, deny the allegations
threaded - newest
Opt-out not working ? I’m stunned !! /s
<img alt="" src="https://lemmy.world/pictrs/image/67853fed-0b70-403e-b509-0e8e3b4e7c15.gif">
<img alt="image" src="https://media.piefed.social/posts/Im/Ox/ImOxUJygKPr0f8q.jpg">
I opted out of using their products
That doesn’t actually stop them
Article talks about cookies still being set when user opts out of those.
That’s bad, sure. But TBH I worry so much more about fingerprinting. Cookies, easy to delete in your browser, easy to block. Fingerprinting is done behind the scenes on the server, you can’t block their attempt to. There are “resist fingerprinting” options in some browsers now like firefox, but limited in effect, and much of the fingerpinting is not even something the browser can stop. Things like TLS fingerprints, or exact timings between your system making a request, and the serving system. Or things you can spoof but which cause problems if you do. Even Tor Browser doesn’t spoof some of those things b/c it causes problems to do.
The identity broker companies have a massive financial incentive, and they employ very smart data scientists. Even “opting out” of cookies, I think it’s about 0% chance we have any way to opt out of these behind the scene techniques they use. They will use every shitty weasely trick in the book like the slimeweasels they are.
Honestly. I think if tracking is disabled it should do the following:
Like there are many steps that can be done to help mitigate fingerprinting, its just getting vendors to actually do it.
being said I had never known about the TLS fingerprinting option, I generally don’t see that shown on the fingerprint detector sites, that’s interesting.
Good ideas… and yeah… the browser vendors have a financial incentive to build mechanisms to collect anything and everything. Javascript itself exposes so much more fingerprinting possibilies.
That’s also why I think it’s so terrible for Google’s Chrome to have like practically all the market share. G can now drive the whole web in a way that’s good for them and bad for us.
There’s also things like the SNI field which is a non-encrypted field which contains the requested domain name. Even if you use DNS over HTTPS to keep your information from leaking via ISP controlled DNS servers, they can still get the destination domain names from the SNI during the TLS handshake.
They need to track you to know you opted out
.
Google can’t track you if you don’t have gapps installed.
Also, this is going to be necessary in 2027, so might as well do it now
Lots of sites and Android apps (even the non Google ones) phone home to Google behind the scenes. I’d recommend using a tracker blocker/DNS blocking just to be sure..
Even worse, browser fingerprinting means they can track you even if you have tracker blockers. Your tracker blocker extension just becomes another unique part of your fingerprint.
More than just opt-out. There is a class action lawsuit presented to U.S. District Court, Northern District of California, San Francisco Division on the 23 jan this year saying that [The privacy of] “WhatsApp users’ communications is false. As the whistleblowers here have explained, WhatsApp and Meta store and have unlimited access to WhatsApp encrypted communications, and the process for Meta workers to obtain that access is quite simple” That’s the content of the messages not just the metadata Meta, unsurprisingly, deny the allegations