this post was submitted on 22 Dec 2024
298 points (98.4% liked)

Privacy

32456 readers
662 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

cross-posted from: https://fed.dyne.org/post/343234

Google Starts Fingerprint-Tracking All Your Devices In 8 Weeks

top 42 comments
sorted by: hot top controversial new old
[–] Zerush@lemmy.ml 15 points 9 hours ago (1 children)

The worse, it does not only using Google Apps or Services, but more than the half of existing webpages use one or another Google API (at least googleanalytigs and google-tagmanager.which log and spy the visitors and users.

Hard, very hard to avoid it, Googles eyes are everywhere, even in FOSS.

[–] Luffy879@lemmy.ml 1 points 3 hours ago (1 children)

You can pretty much block those domains in noscript without breaking the Website

[–] Zerush@lemmy.ml 3 points 2 hours ago

Yes, you can easily block the tracking crap being downloaded to your HD and added to your browser, almost everyone do it, but you can't blck the logging of websites which use the Google (mostly) and other APIs. They store your PC and browser data in their server, which you can't access. The only possibility is using a VPN and other which spoof or fake your data, so that is don't have a real value. To use a mail which permits to mask your real mail direction, because your mail is an unique identifier which can be tracked all over the web. Using Image share which delete the EXIF data (vgy.me eg., Read always PP to see with which companies are shared your data, and some protections more to patch the worst privacy holes, but forget 100% privacy in the moment you goes online, it's only a myth to calm the people which intent to stay private with their shitty PC against the tech of the big ones.

[–] DieserTypMatthias@lemmy.ml 10 points 11 hours ago

Time to root and degoogle for the unfortunate.

[–] catloaf@lemm.ee 27 points 19 hours ago (1 children)

What exactly is the change being made? I don't see that the article actually explains it anywhere.

[–] BaumGeist@lemmy.ml 7 points 4 hours ago

They are updating their Platforms program policies

You can read the current version, archived here

And here's the proposed changes

I haven't read it all, but some glaring changes stand out in regards to fingerprinting (no longer prohibited) and device unique identifiers (no longer prohibited from gathering). Basically, Google wants to become even more lax with how users are tracked by their advertising partners

[–] MajorHavoc@programming.dev 165 points 1 day ago* (last edited 1 day ago) (3 children)

TL;DR - Google makes (arguably insane) claim that it previously acted responsibly with regards to fingerprinting, and says they will begin acting irresponsibility with fingerprinting in February.

Practical take-aways you probably already knew:

  • Today's Google may do or say anything to make an extra nickel.
  • Today's Google, while it employs some excellent privacy minded engineers, has not demonstrated an organizational commitment to user privacy.
  • It is probably wise to assume that the next serious data breach at Google will end marriages, get politicians arrested, get famous people canceled, fuel successful scammers, and have every other privacy impact you can imagine. We know the Google data pool is massive, and we have reason to believe it is incredibly personal. I'm aware that Google has anonymozation solutions in play, and I do not believe those solutions will be effective in a breach scenario.
  • I believe that the average person will likely be better off ten years from now if they interact less with Google services.
[–] DankOfAmerica@reddthat.com 6 points 19 hours ago* (last edited 19 hours ago) (1 children)

It is probably wise to assume that the next serious data breach at Google will end marriages, get politicians arrested, get famous people canceled, fuel successful scammers, and have every other privacy impact you can imagine. We know the Google data pool is massive, and we have reason to believe it is incredibly personal. I'm aware that Google has anonymozation solutions in play, and I do not believe those solutions will be effective in a breach scenario.

That would be an interesting experiment. Maybe cancel culture and public shaming will cease whene everyone realizes no one is perfect and lost people do shitty things from time to time.

[–] douglasg14b@lemmy.world 3 points 5 hours ago

It won't only a few will be targeted in the media and the same cancerous culture will continue.

[–] Reddfugee42@lemmy.world 94 points 1 day ago (1 children)

Like Google maps:

we anonymize your data before selling it. So it leaves your address every morning and goes to your office every morning but it's completely anonymous.

[–] MajorHavoc@programming.dev 30 points 1 day ago

Exactly. I don't think I'm alone in feeling that Google's clever privacy engineering isn't enough to keep any of us safe.

Google's expectation that we be okay with these practices feels like corporate gaslighting, to me.

[–] ryan213@lemmy.ca 19 points 1 day ago (1 children)

Thanks! The article was a bit of a tough read for me. Lol

[–] sakuragasaki46@feddit.it 47 points 1 day ago (1 children)

So the e-mail I got with them claiming they will delete my location history is a lie?

[–] MajorHavoc@programming.dev 84 points 1 day ago* (last edited 15 hours ago) (2 children)

To the best of my knowledge - from a spirited but doomed attempt to read Google's privacy policies - Google is committed to deleting your location history after sharing it with 10,000 or so vendor partners.

Each of those vendor partners have pinky promised to comply with the rules outlined in the same privacy policy that I failed to read.

For context, I'm not convinced any living person has read the entirety of Google's privacy policies.

Sadly, I'm quite confident - by the law of averages, human nature, and corporate corruption - that not all 10,000 trusted partners also deletes our location data history.

Google does take privacy preserving steps to anonymyze what it shares.

My educated opinion is that no amount of attempted anonymozation is sufficient for the breadth, scope and quantity of data that Google collections.

Shorter answer for you: yes, I believe that is a corporate lie. True only in technicality, but likely false by any reasonable persons expectation of what "delete" means.

[–] 0x0@programming.dev 5 points 13 hours ago (1 children)

For context, I’m not convinced any living person has read the entirety of Google’s privacy policies.

Their own lawyers, maybe.

[–] MajorHavoc@programming.dev 7 points 10 hours ago

Yeah. Their own lawyers have the best chance, but there's so many pages, combined, I wonder if even one of their lawyers has read everything

[–] ranandtoldthat@beehaw.org 10 points 19 hours ago (1 children)

Not to defend Google because they violate privacy in many ways, but they absolutely do not share that level of data with partners. This is not some ethical decision. The data is just far too valuable to Google. Google is extracting as much value as they can from users, advertisers, and publishers, and if they sold access to the data itself, publishers and advertisers could begin cutting out Google. Instead Google gives advertisers a lot of control over what users to target, and uses the data inside a black box to show those ads.

Google is hoarding your data and using it to show you ads with minimal built-in opt-outs. But they aren't sell your data.

[–] Zerush@lemmy.ml 1 points 3 hours ago* (last edited 2 hours ago)

Google is only one of a advertising and tech conglomerate, Alphabet Inc, which is the owner of Google and a lot of other companies which use your data for their and related advertisings. They control almost everything in the web.

For example

[–] jagged_circle@feddit.nl -2 points 10 hours ago

Just install a ROM without gapps and no they won't

[–] Hirom@beehaw.org 60 points 1 day ago* (last edited 1 day ago)

You should know when and how you are being tracked, and you should have an easy-button to say thanks, but no thanks.

Opt-out!? That's not even close to being a good solution.

Your data should not be collected, and you should not be tracked, UNLESS you agree yo it, ie opt-in, AND data collection is proportional/appropriate for the stated goal.

That's the spirit of GDPR.

[–] Yingwu@lemmy.dbzer0.com 31 points 1 day ago

I didn't see anything about the implications of this on the EU and GDPR?

[–] hellfire103@lemmy.ca 27 points 1 day ago (2 children)
[–] FrostyPolicy@suppo.fi 51 points 1 day ago (1 children)
[–] techt@lemmy.world 7 points 1 day ago (2 children)

Pretty sure Graphene doesn't do much about fingerprinting on its own, it's nearly entirely up to the browser. They mention some of their plans to address that with Vanadium, but make no claims as to how effective it is now (at least on the features page).

[–] jagged_circle@feddit.nl -1 points 10 hours ago* (last edited 10 hours ago)

It doesn't have gapps, so you're good

But, of course, use Tor Browser

[–] FrostyPolicy@suppo.fi 2 points 17 hours ago (1 children)

No google on device no tracking, and I don't use google services anyhow (with first party clients anyhow). I do have google play services installed but no google account so they don't have an identity to connect the data they might be able to collect from the phone. Only google service I use is youtube but that's with third party clients only (FreeTube & NewPipe) over vpn of course.

[–] techt@lemmy.world 6 points 16 hours ago (1 children)

Right -- all privacy-positive methods to employ, but not helpful for fingerprinting. In fact, some things can make you more susceptible to fingerprinting because they make you more unique (like using a custom OS). It's all about your browser and what it chooses to send with HTTP requests, how it responds to queries for you device/browser specs (via Javacript). Your OS, system architecture, hardware details, browser type and plugins, etc combine to make a very unique profile tied to your device. It's especially nefarious because all those bits are cross-referenced over all accounts and devices to make a global profile on you. Even if you've never used Facebook, you probably have a shadow profile. If you've ever logged into the same service or website account on your de-Googled GrapheneOS device as another machine that does have Google services tracking, then your new device is likely already tied to your identity.

Try this with different browsers -- it tests the uniqueness of your device.

[–] FrostyPolicy@suppo.fi 3 points 5 hours ago

All very good points.

[–] squid_slime@lemm.ee 2 points 20 hours ago

*laughs in CalyxOS

[–] bradboimler@startrek.website 12 points 1 day ago (1 children)

Glad I don't use any Google services and no apps on graphene OS then for my main computers I run Fedora silverblue with no Google once again.

[–] Hector@lemmy.ca 8 points 1 day ago (3 children)

Yes but do you use PiHole and a solid VPN? Do you spoof your browser's useragent? Even then, some would argue that you are not safe enough from Google's prying eyes.

[–] jagged_circle@feddit.nl 0 points 10 hours ago

TorBrowser does all of this for you.

[–] GenosseFlosse@feddit.org 5 points 1 day ago* (last edited 1 day ago) (1 children)

Doesn't matter, your browser will be fingerprinted with some embedded JavaScript that works in all modern browsers.

[–] jagged_circle@feddit.nl 0 points 10 hours ago

It doesn't matter if they detect you're on a VPN when that VPN is shared by tens of thousands or millions of others. Thats literally the point. It prevents fingerprinting by IP

[–] datavoid@lemmy.ml 1 points 1 day ago

Map car retreats around corner

[–] Fusty@lemmy.ml 9 points 1 day ago

Ok, if you say so. I have IceCat and Librewolf on computer and FREE Browser on phone.

[–] autonomoususer@lemmy.world 6 points 1 day ago* (last edited 1 day ago) (4 children)
[–] rcbrk@lemmy.ml 4 points 17 hours ago
[–] QuazarOmega@lemy.lol 13 points 1 day ago

I think you put that on your motorbike's tubes and stuff

[–] archy@lemmy.world 6 points 1 day ago