this post was submitted on 15 Dec 2023
245 points (98.8% liked)

Technology

59298 readers
4608 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
all 36 comments
sorted by: hot top controversial new old
[–] [email protected] 119 points 11 months ago* (last edited 11 months ago) (4 children)

If google is doing this, they have a much better way to track them. Maybe fingerprints or something called evercookies. Which is harder to protect against.

The good thing is there are some software and browsers who are tackling this issues.

https://en.wikipedia.org/wiki/Browser_fingerprinting https://en.wikipedia.org/wiki/Evercookie https://en.wikipedia.org/wiki/Canvas_fingerprinting

[–] [email protected] 46 points 11 months ago* (last edited 9 months ago) (2 children)
[–] [email protected] 40 points 11 months ago (1 children)

I feel fuckin dirty even reading that last paragraph. It's so detached from any sane reality.

[–] [email protected] 16 points 11 months ago* (last edited 9 months ago)
[–] [email protected] 2 points 11 months ago

I thought privacy as per Google meant that it will trade your data with everyone interested, just will not show them your name/phone number/address (which also quite conveniently makes Google the single point of contact with you and allows to charge more)

[–] [email protected] 30 points 11 months ago (1 children)

Browser fingerprinting is nasty and easy. There are ways to push back but it's still awful.

[–] [email protected] 33 points 11 months ago (4 children)

I believe that firefox is one if the few who has at least some sort of protection against it. But you should always use different browser profiles for anything you do online at least on computer and especially if you use vpn.

[–] [email protected] 23 points 11 months ago* (last edited 9 months ago) (1 children)
[–] [email protected] 2 points 11 months ago

This is also a good and better idea, thank you for pointing that out.

[–] [email protected] 10 points 11 months ago (1 children)

I know people are passionate about their love / hated of Brave, but it along with LibreWolf (and Firefox) all offer strong fingerprinting protection out of the box. With Firefox, just make sure you add uBlock Origin.

[–] [email protected] 4 points 11 months ago* (last edited 11 months ago) (1 children)

Never tried LibreWolf yet, but i will. Thank you.

[–] [email protected] 5 points 11 months ago* (last edited 9 months ago) (1 children)
[–] [email protected] 2 points 11 months ago

Very nice, thanks for sharing this.

[–] [email protected] 2 points 11 months ago

I believe that firefox is one if the few who has at least some sort of protection against it.

Pretty much everything that's not Chrome does.

[–] [email protected] -1 points 11 months ago (2 children)

Wait Firefox sends fingerprint info?

Why is there not an open source browser that doesn’t send this shit?

[–] [email protected] 9 points 11 months ago (1 children)

Firefox does not "send" it, fingerprinting is done by tagging your hardware configuration from various values and create a unique key from that - independent of being logged in or any cookies - which can be used to track you. Things like browser & device user agent, browser window size, feature support (to determine browser version), etc. All of which are passively gathered by anything you could send a request to. There are ways to reduce this that Firefox and others do (such as reducing unique values in user agent, etc) but they're not opting in to some privacy invading reporting mechanism.

[–] [email protected] 1 points 11 months ago (1 children)

But the “various values” are sent, like you mention user agent, etc. I wonder if it makes sense to have a browser that doesn’t send all of that.

[–] [email protected] 3 points 11 months ago

That's the tricky part. If you just don't send anything then they'll use THAT information to profile you, because no one else is doing that.

Also it can cause the page not to load properly.

So what most browsers do is spoof the information such that every user of that browser is sending the same information, when possible, regardless of whether it's accurate.

[–] [email protected] 1 points 11 months ago

Wait Firefox sends fingerprint info?

Ehhh there's really no such thing as "fingerprinting info". Your browser sends info about your PC to every webpage you visit so the page can load properly. Some of them just send more info than others, which makes it easier to fingerprint you.

Check out deviceinfo.me to see what kind of info your browser is sending.

[–] [email protected] 19 points 11 months ago

Yeah they analyze your browser history and then generate labels of things you’re presumably interested in and then share it with any website that asks. Privacy friendly alright.

[–] [email protected] 4 points 11 months ago

If google is doing this, they have a much better way to track them.

They do. It's the new "Ad Privacy" features built into Chrome that tracks every webpage you visited (locally) and then sends your profile out to advertisers when you visit a page.

[–] [email protected] 28 points 11 months ago (3 children)

It would be nice to have the option to not just block your data from being accessible to a 3rd party but also feedback junk data into the system. Pollute the data stream until it's no longer useful to the powers that be while still retaining functionality for the user.

One can dream.

[–] [email protected] 4 points 11 months ago

Yeah it's called data poisoning and you can do it with extensions like AdNauseum and TrackMeNot but I'm very confused why this strategy is not more popular.

[–] [email protected] 4 points 11 months ago (1 children)

Does an extension exist to do this?

[–] [email protected] 3 points 11 months ago (1 children)

If it does I'm not aware of it but I'd love to learn of one.

[–] [email protected] 26 points 11 months ago (1 children)

What about all the other hidden cookies it sets for the right price? ;)

[–] [email protected] 33 points 11 months ago* (last edited 9 months ago) (1 children)
[–] [email protected] 17 points 11 months ago

Right. The sandbox. Silly me. Don’t touch the sand though, it’s full of shit.

[–] [email protected] 14 points 11 months ago (3 children)

So what exactly are 3rd party cookies?

I'm on a.com, that is what's shown in the address bar.

The page includes a resource a.com/image.png. A request the server will include cookies from a.com. That's a 1st party cookie. Correct?

The page includes a resource b.com/image.png. The request will not include cookies from a.com; this was always the case. b.com can however set their own cookies. Since we are on a.com, cookies from b.com are 'third party'. Correct?

It gets interesting when we navigate to c.com and c.com includes b.com/image.png, a tracking pixel we have seen before on a.com.

Without 3rd party cookie protection, b.com sees the cookie they set previously while on a.com. This will now be blocked. Correct?

Now explain this in a Javascript world.

[–] [email protected] 10 points 11 months ago* (last edited 11 months ago)

Open up developer tools and look at the network requests just about any website you visit makes. Logged in to facebook.com and then went to visit a.com? Well, a.com has a Facebook like button and script delivered to your browser when you load their page that allows Facebook to figure out that your logged in Facebook user id visited a.com. Not only did you do that, but you hovered over a button to buy boots for 3 seconds and didn’t click. Now, Facebook calls home with the knowledge user 827027 is a potential boot buyer and can spam them with boot ads.

Interestingly, a.com also loads about 30 other scripts from other ad networks and trackers, including Google, and similarly lets them call home with info stored in their respective third party cookies.

[–] [email protected] 3 points 11 months ago

I am not sure, but I think browsers will block access to third party cookies from javascript. In your example, c.com/script.js will not be able to access b.com cookies. Now, when the browser sends the request to b.com/image.png, browsers will NOT send the cookies associated with b.com when visiting other domains than b.com. BUT, the request might contains a "referer" info set by the browser, hence b.com can still track you. This is something that some browsers block already, but as a web developer, I always see referers in the logs, so it's either not working, or it is opt-in in the options, and normies don't change it...

[–] [email protected] 1 points 11 months ago

This is the best summary I could come up with:


Chrome has finally announced plans to kill third-party cookies.

Google's blog post calls the rollout "Tracking Protection" and says the first tests will begin on January 4, where 1 percent of Chrome users will get the feature.

The rollout comes with some new UI bits for Chrome, with Google saying, "If a site doesn’t work without third-party cookies and Chrome notices you’re having issues—like if you refresh a page multiple times—we’ll prompt you with an option to temporarily re-enable third-party cookies for that website from the eye icon on the right side of your address bar."

Chrome's Privacy Sandbox switch represents the world's most popular browser (Google Chrome) integrating with the web's biggest advertising platform (Google Ads) and shutting down alternative tracking methods used by competing ad companies.

Google says its choice to offer this privacy feature four years after its competitors is a "responsible approach" to phasing out third-party cookies.

Google's position as the world's biggest browser vendor allowed it to delay the death of tracking cookies long enough to create an alternative tracking system, which launched earlier this year in Chrome.


The original article contains 402 words, the summary contains 183 words. Saved 54%. I'm a bot and I'm open source!