A few weeks ago, I was using my mothers PC. Google was erroneously in French, and no language chooser available. So I checked. Firefox sent a HTTP header with a Dutch preference. She was logged in with her Google account, which had a Dutch language preference. Some geolocation providers put her in Dutch speaking cities of Belgium. Still, the Google Algorithm had decided she would speak French. Plenty of other sites make similar errors, especially the biggest ones
So I wonder: Why are we sending out all this info. Fingerprinting is the only actual use. The number of sites using it as it should is minimal. Lets just stop giving it. They don't need a list of audio or video devices. They don't need my installed fonts. They don't believe my language settings when I whack them over the head with it. Let's just fill in defaults everywhere. Maybe provide a whitelist for legitimate sites.
Sites preferring geolocation over Accept-Language as a means of picking the language is one of my pet peeves. Preferring geolocation over a logged in user's stored setting is beyond absurd.
There's a trend in commercial software where folks keep adding epicycles on epicycles, often based on barely stat-sig wins in A/B tests, to the point of systems becoming completely impenetrable. I bet this was a result of that.
With weirdly sticky behavior too once you’ve left that area. My google sign in prompt was in Italian for over a decade after logging in there once on a family vacation. Only with the latest login revamp did that setting finally get purged. Everything else was always english, profile set to english etc.
Prime video is amazing for this; in Germany but only dubs available? Admit defeat that the orig audio is somehow not available but not even English subtitles?!
With video I think that it’s sometimes a licensing thing. As in, the streaming service licenses subtitles from a third party and the rights are limited to specific countries.
One time, I set a self-checkout machine to French to immerse myself in French training in Canada. This happened to set the payment terminal to French as well, which must have set a bit in the on-card chip.
Now, all my pay-at-the-pump interactions at gas stations are all in French. A website I was purchasing from flipped to French when I entered my card info. There were a few surprise interactions where my language preference was clearly derived from my bank card setting.
I’m just hoping that being classed as bilingual is doing wonders for my “social” score at some clandestine data clearinghouse.
You are generalizing. Google and big providers do that, usually (US)services that need to cater to the whole world.
But a huge part of the normal web still uses and _needs_ preferred language. No one wants to be forced to use geolocation.
Just one very common example are info pages for sightseeing, they are usually available in all languages that people commonly visit from and just work if you browse to them. Not to mention that geolocation would be useless anyway in that case.
It would be nice if Google actually used the preferred language. They don't give a shit. I'm still getting maps and other stuff in local language based on IP.
Why anyone would use Chrome blows my mind a bit. Brave is a superior browser in every single aspect of a browser and as of rn - you do not see ads on the Internet.
>“also giving people the privacy protections they expect.”
My expectation is you don't fucking store any data about me to be used for advertisements/AI/etc and everything is opt-in, period. Where is that option?
This article doesn’t explain what change Google is supposed to be making and they don’t link to anything that explains it either. (There is a link to what seems to be to a policy change for the ads platform.) Does anyone know what they’re talking about?
Read it more carefully (it is easy to miss). They’re going to start using and allowing third party device fingerprinting throughout their ad ecosystem.
This is obviously illegal in Europe, the UK and California (no consent), and an unnnamed regulator warns that it intends to take action.
The site you're talking to can still read your data, but most third party sites can be cut off. Privacy Badger will let you block Google Tag Manager, and while it warns you that some sites will break, few do.
Its not clear to me how much this will help; but based on how tags work, it seems like it should help at least somewhat. I use Privacy Badger on both Firefox on PC and Android and haven't run into any sites that break, other than maybe something like Ticketmaster? I'm sure it makes less of a difference on an Android device, where Google has other hooks to track me, but any little bit helps.
- nowadays (iirc) you can serve/proxy those scripts via your own domain (to circumvent ad blocker blocklists)
- there are limitations re the number of blocking rules in Manifest V3
It’s cat and mouse at this stage, we’re getting to the point where blocking ads will be as hard/annoying as, say, installing 3rd party apps on your iPhone. Too much of a hassle even for fairly techie users
> there are limitations re the number of blocking rules in Manifest V3
Use Firefox. uBlock Origin on Firefox also gets around CNAME cloaking to make advertiser domains appear as first party, which Chrome does not give sufficient access to do that.
It doesn't get around actually serving these endpoints mixed directly in with first party endpoints, but these are a hard sell on the advertising side too, from the technical effort from the publisher to implement it to the advertisers reluctance to trust the stats when the publisher gets to be the man in the middle.
I wonder if at this point an AI-based ad blocker that would actually look at the DOM, or maybe even the image, would be viable.
Obviously, this requires significantly more resources. But it feels like a more productive use of the hardware power that we already have, compared to the most recent Electron monstrosity.
Google's philosophy seems to be that intrusive tracking and behavioral advertising are OK as long as they only happen on the user's device.
The result is a worst-of-both-worlds: To an end user, it will still feel as if you're being tracked, with ads following you around, etc, but no worries, your privacy is safe because the advertiser doesn't have access to the data...
So, if I use a device that doesn’t support tracking, and they track it anyway, how do they get it to present the “do not sell my personal information” button?
Also, are there any decent plugins that block all of google instead of just the ads? I imagine they’d need to MITM static font assets, etc.
I also wonder if / when this means Google will start fingerprinting and tracking tenants’ customers on GCP.
What I think is one thing that would be helpful is the ability to define unencrypted proxies for encrypted connections (which is especially useful if the proxy is on the same computer), where the browser does not encrypt the request being sent to the proxy and does not expect an encrypted response; so that the encryption with the server will be handled by the proxy instead. This will save power, as well as allow blocking without needing to encrypt and decrypt the data twice.
This works until you start living with someone who gets frustrated by things like sponsored results not working (completely fair, because they are often highly relevant).
Presumably you set your router to intercept all UDP/53 traffic, but remember the whole point of DoH is to prevent that and ensure nothing gets between the advertising surface and the advert source.
We have kernel level anti cheat systems for games. So how about kernel level anti tracking?
Browsers use system calls to provide the information used for fingerprinting the device, so why not intercept these calls and lie. Have all users present an identical fingerprints and we're back to pre google times. Yes, we lose some important functionality, but maybe it's a price worth paying?
Never mind the other elephants in the room that do worse than track your browsing habits...
It's more complicated than that. You can use subtle differences in hardware and GPU rendering so that syscalls aren't even relevant. And you can never really prevent timing attacks, because you can just use a network request to get the current time from the server.
I've been wondering how hard it would be to make a completely fingerprint-proof browser.
One idea would be to run it in a deterministic emulator. All machine code instructions would be guaranteed to take exactly the same amount of time to execute on every machine, as far as is observable to the browser, and threads would be scheduled in the same order every time. Zero access to the host system through fonts, WebGL etc.
This would mean a massive performance penalty, but modern computers are fast enough that it might be usable for many sites. You could have a small number of discrete speed tiers, where you use the fastest tier that your computer is capable of.
I first read it as a joke, but come to think of it...this would be actually quite awesome for malware isolation and sandboxing. Giving software/apps different fake profiles that look like different identities on the filesystem would be quite the feature.
You would have to have some kind of launcher where you can select the isolated chroot/sandbox you want to run that specific program in.
Implementation-wise this could actually be done with eBPF, as most if not all syscalls can be intercepted and "farbled" (Brave's terminology) there. Features-wise this would probably be a separate filesystem for each program context, plus the things that firejail implements in userspace. Shared libraries would have to be loaded separately into memory, and glibc would have to be changed to not use any environment variables or debugging related function calls.
This is what the Tor Browser is designed to do, and it does it very well (all in userspace no less). The main drawback is that some sites don't render as nicely and occasionally a site simply doesn't work.
The most important anti-tracking feature Tor has other than IP masking is disabling JavaScript by default. That's a complete non-starter for the modern web.
The outcome will be that many sites simply refuse to work on any browser that does this. Users will blame the browser for not working and switch to one that is supported. Most people are happy to trade their privacy for convenience - especially since most people don't even realize they are doing it.
Every browser information leak that can contribute to fingerprinting needs to be plainly considered a security vulnerability in need of fixing/mitigation, period. This class of vulnerabilities has continued to get a huge pass, only being taken seriously by projects like TOR browser and then still only the convenient fixes getting backported.
I do realize this is a tall ask, as many of these vulnerabilities arise from standards promulgated by the surveillance industry itself (chiefly Google, of course), and so are not easily mitigated. For example font lists and ask-to-use-microphone are straightforward to fix for general web browsing, whereas the fix for browser viewport size requires some kind of thoughtful design that subsumes the old model.
In general I'd say that browsers (or at least their operating modes) need to start differentiating into different things for the open [season] web versus app runtimes, so that vulnerability mitigations can be stronger for the open [season] web and sidestep complaints that it disrupts legitimate apps. Of course the two modes need to be indistinguishable by websites, lest every two-bit xitter-summarizing "news" site insists that it's some special snowflake needing app functionality to run its surveillance code.
Also since I'm apparently writing my Christmas list, we desperately need widespread privacy laws in the US. If you want a "value add" feature of your product to be shoving ads in people's faces, fine - people at least get immediate and actionable feedback from that. But persistent tracking supported by pervasive surveillance is completely at odds with individual liberty. And taking away the largest consumer surveillance market would mean much less being invested in new ways to attack users.
I believe Mozilla's funding comes from the search team at Google, not the browser team. (It's nominally compensation for including Google as the default search engine.) If anything, I'd be more concerned about Chrome, since it might be difficult for Google Search to fund Google Chrome to its current levels without raising arm's-length concerns (i.e. "is this a bona fide payment for services rendered?").
good, as long as chrome has such an overwhelming marketshare, reducing its funding sounds like a good idea. the companies that build on chrome can contribute to the funding to keep chrome alive.
Which is, depending on your perspective, either terrifying or just stupid.
Right now anti-fingerprinting security is not very high on anyone's minds, but remember that your digital fingerprints follow you EVERYWHERE. You can't turn them off or disable them on your side like cookies.
It's sort of like the wholesale elimination of privacy as a concept, you might say.
But hence the stupidity! It's too bold a move not to elicit a reaction from developers and users (who have the power to discover just how many bits of information they are leaking about themselves using tools like https://pbtest.org/).
So on one hand I can have websites that offer richer functionality by being aware of my time zone and locally installed fonts, or on the other hand I can have privacy. Hmm, which is worth more?
> but remember that your digital fingerprints follow you EVERYWHERE. You can't turn them off or disable them on your side like cookies.
I'm honestly curious, if you don't mind clarifying a bit more. How do your digital fingerprints follow you everywhere without your being able to erase them? This thread goes into device fingerprinting, but if one rigorously changes devices and certain use/account practices, how can they still be tracked so totally?
> if one rigorously changes devices and certain use/account practices
Your account practices will need to include only using an account on one device. Every time you use an account that identifies you on a device, that device can be associated to you; at that point its fingerprint is your fingerprint. Rotating devices faster just adds more devices to your identity.
TIL about Web Audio, an API that allows any web page to find out about the user's sound setup (e.g. channel count and some kind of transfer function of the audio subsystem?) despite there being no legitimate purpose for that.
> Your browser fingerprint appears to be unique among the 183,020 tested in the past 45 days.
Damn how is this possible when I'm using a stock iPhone? I look at the characteristics and apart from timezone and language, how can they tell the same model iPhone apart?
Tor browser asks you if you want to allow fingerprinting or not when a site attempts to query your HW info. Not sure why other browsers can't do the same.
This isn't new. Most advertising companies have had some sort of "Cross device targeting" or "household targeting" solution for going on almost a decade now. It's also why the suggestion of "repeal GDPR, just use cookie blockers" is so misguided.
I have a script which runs a random browser in incognito mode with a random user agent and a random search website every time I click a shortcut. Then another script changes the DOH dns setting for my connection every hour. Next up I will set a socks proxy setting on each browser via command line params to a ssh connection located in Europe. Oh and I also change my computer name on every logon and have random hw address enabled.
So I wonder: Why are we sending out all this info. Fingerprinting is the only actual use. The number of sites using it as it should is minimal. Lets just stop giving it. They don't need a list of audio or video devices. They don't need my installed fonts. They don't believe my language settings when I whack them over the head with it. Let's just fill in defaults everywhere. Maybe provide a whitelist for legitimate sites.
Even after setting my preferred language on my Google account, Google Search was still speaking Polish to me.
Now, all my pay-at-the-pump interactions at gas stations are all in French. A website I was purchasing from flipped to French when I entered my card info. There were a few surprise interactions where my language preference was clearly derived from my bank card setting.
I’m just hoping that being classed as bilingual is doing wonders for my “social” score at some clandestine data clearinghouse.
You are generalizing. Google and big providers do that, usually (US)services that need to cater to the whole world. But a huge part of the normal web still uses and _needs_ preferred language. No one wants to be forced to use geolocation.
Just one very common example are info pages for sightseeing, they are usually available in all languages that people commonly visit from and just work if you browse to them. Not to mention that geolocation would be useless anyway in that case.
It is a if the web and browser developers lived in an innocent world
It's such a no brainer, I can't comprehend it.
My expectation is you don't fucking store any data about me to be used for advertisements/AI/etc and everything is opt-in, period. Where is that option?
This is obviously illegal in Europe, the UK and California (no consent), and an unnnamed regulator warns that it intends to take action.
(Yes, that’s contrary to the headline. That’s why I find it confusing.)
>You must not use device fingerprints...
Compare to the update: https://support.google.com/platformspolicy/answer/15738904
[no mention of device fingerprints]
>The changes... [are] less prescriptive with partners in how they target and measure ads.
The site you're talking to can still read your data, but most third party sites can be cut off. Privacy Badger will let you block Google Tag Manager, and while it warns you that some sites will break, few do.
I wish HN would support creating snapshots on some sites by default
- nowadays (iirc) you can serve/proxy those scripts via your own domain (to circumvent ad blocker blocklists) - there are limitations re the number of blocking rules in Manifest V3
It’s cat and mouse at this stage, we’re getting to the point where blocking ads will be as hard/annoying as, say, installing 3rd party apps on your iPhone. Too much of a hassle even for fairly techie users
Use Firefox. uBlock Origin on Firefox also gets around CNAME cloaking to make advertiser domains appear as first party, which Chrome does not give sufficient access to do that.
It doesn't get around actually serving these endpoints mixed directly in with first party endpoints, but these are a hard sell on the advertising side too, from the technical effort from the publisher to implement it to the advertisers reluctance to trust the stats when the publisher gets to be the man in the middle.
Which of course was the whole purpose for google pushing for this v3, to benefits ads and hurt users.
Obviously, this requires significantly more resources. But it feels like a more productive use of the hardware power that we already have, compared to the most recent Electron monstrosity.
Https://butter.sonnet.io
(Because you deserve butter.)
The result is a worst-of-both-worlds: To an end user, it will still feel as if you're being tracked, with ads following you around, etc, but no worries, your privacy is safe because the advertiser doesn't have access to the data...
Also, are there any decent plugins that block all of google instead of just the ads? I imagine they’d need to MITM static font assets, etc.
I also wonder if / when this means Google will start fingerprinting and tracking tenants’ customers on GCP.
Browsers use system calls to provide the information used for fingerprinting the device, so why not intercept these calls and lie. Have all users present an identical fingerprints and we're back to pre google times. Yes, we lose some important functionality, but maybe it's a price worth paying?
Never mind the other elephants in the room that do worse than track your browsing habits...
I've been wondering how hard it would be to make a completely fingerprint-proof browser.
One idea would be to run it in a deterministic emulator. All machine code instructions would be guaranteed to take exactly the same amount of time to execute on every machine, as far as is observable to the browser, and threads would be scheduled in the same order every time. Zero access to the host system through fonts, WebGL etc.
This would mean a massive performance penalty, but modern computers are fast enough that it might be usable for many sites. You could have a small number of discrete speed tiers, where you use the fastest tier that your computer is capable of.
You would have to have some kind of launcher where you can select the isolated chroot/sandbox you want to run that specific program in.
Implementation-wise this could actually be done with eBPF, as most if not all syscalls can be intercepted and "farbled" (Brave's terminology) there. Features-wise this would probably be a separate filesystem for each program context, plus the things that firejail implements in userspace. Shared libraries would have to be loaded separately into memory, and glibc would have to be changed to not use any environment variables or debugging related function calls.
Welp, maybe docker+xorg is easier.
I do realize this is a tall ask, as many of these vulnerabilities arise from standards promulgated by the surveillance industry itself (chiefly Google, of course), and so are not easily mitigated. For example font lists and ask-to-use-microphone are straightforward to fix for general web browsing, whereas the fix for browser viewport size requires some kind of thoughtful design that subsumes the old model.
In general I'd say that browsers (or at least their operating modes) need to start differentiating into different things for the open [season] web versus app runtimes, so that vulnerability mitigations can be stronger for the open [season] web and sidestep complaints that it disrupts legitimate apps. Of course the two modes need to be indistinguishable by websites, lest every two-bit xitter-summarizing "news" site insists that it's some special snowflake needing app functionality to run its surveillance code.
Also since I'm apparently writing my Christmas list, we desperately need widespread privacy laws in the US. If you want a "value add" feature of your product to be shoving ads in people's faces, fine - people at least get immediate and actionable feedback from that. But persistent tracking supported by pervasive surveillance is completely at odds with individual liberty. And taking away the largest consumer surveillance market would mean much less being invested in new ways to attack users.
Those "journalists" were living in a bubble ? Google (and Facebook, and Apple, and Microfost) have been tracking our devices for years.
Right now anti-fingerprinting security is not very high on anyone's minds, but remember that your digital fingerprints follow you EVERYWHERE. You can't turn them off or disable them on your side like cookies.
It's sort of like the wholesale elimination of privacy as a concept, you might say.
But hence the stupidity! It's too bold a move not to elicit a reaction from developers and users (who have the power to discover just how many bits of information they are leaking about themselves using tools like https://pbtest.org/).
So on one hand I can have websites that offer richer functionality by being aware of my time zone and locally installed fonts, or on the other hand I can have privacy. Hmm, which is worth more?
I'm honestly curious, if you don't mind clarifying a bit more. How do your digital fingerprints follow you everywhere without your being able to erase them? This thread goes into device fingerprinting, but if one rigorously changes devices and certain use/account practices, how can they still be tracked so totally?
Your account practices will need to include only using an account on one device. Every time you use an account that identifies you on a device, that device can be associated to you; at that point its fingerprint is your fingerprint. Rotating devices faster just adds more devices to your identity.
https://coveryourtracks.eff.org/
Damn how is this possible when I'm using a stock iPhone? I look at the characteristics and apart from timezone and language, how can they tell the same model iPhone apart?
https://xkcd.com/1105/