- cross-posted to:
- privacy@lemmy.ml
- cross-posted to:
- privacy@lemmy.ml
While I once hoped 2017 would be the year of privacy, 2024 closes on a troubling note, a likely decrease in privacy standards across the web. I was surprised by the recent Information Commissioner’s Office post, which criticized Google’s decision to introduce device fingerprinting for advertising purposes from February 2025. According to ICO, this change risks undermining user control and transparency in how personal data is collected and used.
just a step or two removed from what’s probably their ultimate goal: a unique guid for every device, that you can’t change, can’t remove, can’t decline, and is always with you–including linking multiple devices when you log-in to the same account somewhere across googleland from them.
Surely it does this already?!
You don’t need to.
By using metrics like IP address , age, gender, race, religion, city, workplace, application, website, favourite song, colour and flavour, throw in a few more questions and you can lucratively target specific groups of people.
By COMBINING those metrics you can target extremely small groups of people, groups with precisely ONE member.
No need for a unique GUID at all.
Microsoft already does this with Edge. Google has advertising ID. Similar in principle.
I’m so happy I don’t use any Google products or services
oh yeah this will totally not affect you or any future devices you use, you’re safe
I will continue to not use any Google products or services in the future
Your browser is likely Firefox (which I believe is heavily influenced by google’s demands on the web), and your phone OS is likely Android (open source, but influenced heavily by google devs) or iOS (in which case you have other problems). You can’t escape the reach of a giant by pretending you don’t see its footsteps
Bro that hits hard
cool
Well always be able to install our on software that doesn’t do that.
Google’s idea of privacy seems to always be we will protect your privacy by having all your data and making sure we are the only ones who can profit off of it. Its not that they care about privacy they care about them having exclusive rights to your data.
Yet another corporate self-serving move that should highlight the need for de-googling, but with a monopolist controlling information flow how many will notice, and if they do, how many will recognize there are counter options, even if made difficult by the dominant web player…I would like to say it is blatantly time to break up big tech, but realistically I can’t see that happening, given regulatory capture of US politics, on both sides, as an outside observer.
Who’s going to get rich making the app that actively trashes this data before it can be read by fingerprinting-ware? Because shut up and take my money.
Not an exhaustive solution which results in easier unique fingerprinting. Plus Firefox already randomizes Canvas noise with both FPP or RFP modes (FPP is default).
There are online tests for it to determine whether you become more or less unique. The defaults in the extension are carefully set to minimize uniqueness, based on my research and per the docs. You’ll note it ones or fakes more than just the canvas API.
I was using this before ff added it’s own noise system or of necessity.
Online tests of uniqueness are skewed by the population who uses them, aka privacy-conscious aren’t the typical user even if a dataset overrepresents.
My point was introducing Canvas noise isnt going to make you less fingerprintable, actually quite the opposite. Firefox’s RFP is much better at normalizing fingerprintable metrics and is native. Canvas is one of many many other fingerprinting vectors.
If you go the route of trying to protect against fingerprinting through randomization, use the extension JShelter which seems to do much more noise than Canvas blocker does. I am still very skeptical of it (and other anti-fingerprinting extensions) because of how complex fingerprinting is.
So I’ve heard and read. Fwiw, I was reading into the state of the art many years ago when fingerprinting was more nascent, I expect it’s matured and gotten yet more advanced in the time since (unfortunately).
Guess I gotta pause working on interesting, net-positive work for a little bit to see where things are, and how to properly combat it, lest I give out poor advice again.
Fingerprinting is a complex beast and nearly impossible protect against. RFP (created and upstreamed by Tor Browser) protects and normalizes most fingerprintable metrics (timezone, display viewport dimensions, user agent, audio devices, installed system languages/fonts, etc) to a stable value for each Firefox version. Canvas is the only metric which is randomized. The purpose of this is to create a shared stable browser fingerprint for all RFP users, creating a crowd for people to blend in with each other.
While RFP is strong, its anti-fingerprinting strategy was created for Tor Browser, which users are not supposed to customize. The same can not be expected of all other Firefox users, resulting in most users being much easier to distinguish from each other. RFP also can cause some site breakage and doesnt offer a granular way to toggle specific features per website (eg. Canvas protections breaks your webcam in conference calls).
There is no good solution. Best options are use Firefox (or a fork like Librewolf) for casual use, and Mullvad/Tor Browser for more critical situations. Always use uBlock Origin (except with Tor).
On the Chromium-side, Cromite and Brave randomize some fingerprintable metrics, but they aren’t as exhaustive and aren’t upstreamed to Chromium (for obvious reasons).
I dropped it after years of use because apparently it’s redundant to native mechanisms now while causing more issues.