Home ยป Forum ยป Author Hangout

Forum: Author Hangout

Changes to Chrome

Switch Blayde ๐Ÿšซ

Later this year Google (GOOG, GOOGL), through its Chrome browser, will end the use of third-party cookies, technology that can track people across websites to target them with personalized advertising.

Michael Loucks ๐Ÿšซ

@Switch Blayde

Later this year Google (GOOG, GOOGL), through its Chrome browser, will end the use of third-party cookies, technology that can track people across websites to target them with personalized advertising.

Safari has done that for ages! Firefox for quite some time, too. Nice to see Google getting with the program. Of course, you could always disable third-party cookies in Chrome.

The thing is, browser fingerprinting is accurate enough for most purposes, and that doesn't require any cookies.

Replies:   Grant  John Demille
Grant ๐Ÿšซ

@Michael Loucks

The thing is, browser fingerprinting is accurate enough for most purposes, and that doesn't require any cookies.

Yep.
It's not that Google are interested in protecting people from 3rd party advertising cookies, what they want is to control the tracking of people's browsing so they- and only they - can monetise it, and not anyone else.
It's not about your privacy, it's just about them being able push out all the other competition for getting money from advertisers.

John Demille ๐Ÿšซ

@Michael Loucks

The thing is, browser fingerprinting is accurate enough for most purposes, and that doesn't require any cookies.

Google doesn't need any of that stuff in Chrome. It's actually against google's self interest to support 3rd party cookies in Chrome. Google itself gets an action by action report from Chrome about chrome users browsing especially when people are logged into their google account. It's in the terms of use for Chrome. Support for 3rd party cookies in Chrome benefits other advertising companies. Google is beyond this silly tactic. They can even track your IP address activities across the internet even when you're not using Chrome, or any google services directly.

They used to use the google updater on Macs, the one that keeps Chrome updated to report Mac users browsing using other browsers on the Mac. I have Little Snitch installed on my Mac. It's a firewall for outgoing connections from the Mac. It reports on software that uses your internet connections.

Little snitch would report connection attempts by Google Updater to YouTube, Google Translate, Google itself, Gmail every time I used Safari to browse the internet. Of course I blocked all attempts, but they were very persistent.

Replies:   Michael Loucks
Michael Loucks ๐Ÿšซ

@John Demille

Of course I blocked all attempts, but they were very persistent.

Sure, but it's very difficult to block browser fingerprinting, which doesn't NEED cookies. Which was my point.

See: Am I Unique

Replies:   John Demille
John Demille ๐Ÿšซ

@Michael Loucks

Sure, but it's very difficult to block browser fingerprinting, which doesn't NEED cookies.

I blocked all connection for the 'Google Updater' which keeps sending reports to google even when not using chrome.

My whole post was that google is even beyond mere browser-finger-printing when you're using chrome. They probably have a unique ID for you that's even more unique than finger-printing.

Replies:   Michael Loucks
Michael Loucks ๐Ÿšซ

@John Demille

My whole post was that google is even beyond mere browser-finger-printing when you're using chrome. They probably have a unique ID for you that's even more unique than finger-printing.

And my point is that fingerprinting doesn't need Google Updater, or any other thing excapt your browser's response to queries.

Dinsdale ๐Ÿšซ

@Switch Blayde

Something I read recently was that Firefox is either planning to fake certain identifying information randomly or has already started doing so. Obviously this is aimed at browser fingerprinting.

Replies:   Michael Loucks
Michael Loucks ๐Ÿšซ

@Dinsdale

Something I read recently was that Firefox is either planning to fake certain identifying information randomly or has already started doing so. Obviously this is aimed at browser fingerprinting.

The goal is to fuzz some of the results in ways that won't affect the site visually (e.g. a few pixels of dimmension in either direction and a modified version of the agent header, among other things). There are extensions which attempt to do this, but so much information is returned by browsers, it's hard to hide.

Paladin_HGWT ๐Ÿšซ

@Switch Blayde

Perhaps this is an ignorant question (my mind is a bit fuzzy today); does using a VPN prevent Google from tracking my information?

I am mostly, cautious of where I go on the net, since for decades I had the US DOD monitoring my web excursions. (Searching for weapons, and various other things that might attract attention, were not problematic.)

Replies:   julka  Dominions Son
julka ๐Ÿšซ

@Paladin_HGWT

I'm assuming that you use Google Chrome for browsing? A VPN does not prevent the browser from reporting information back to the developer. One way to reason about that is that your web browser is going to be able to report information on what it knows, and it has to know what sites you're browsing to or what searches you make because otherwise, it wouldn't be able to function, right? It has to know the content of what you're viewing so that it can display it.

A VPN allows for secure traffic between two points - it can't do anything about the points themselves, and your browser is one of those points.

Replies:   Dinsdale
Dinsdale ๐Ÿšซ

@julka

There is a Chrome-based browser which addresses these problems, https://brave.com/download/ (note to Lazeez, this is a link to a browser download page, not to a competing story site).

Replies:   julka
julka ๐Ÿšซ

@Dinsdale

Ah, this is always an interesting thing to think about! The short answer is yes, Brave helps with this, but as a jape follow along with me on a thought experiment. Brave is based on Chromium, which is an open-source project maintained by Google that is the basis for many other browsers and applications. You're correct in the sense that Brave claims to not even collect browsing and searching data, and therefore can't share it back to Brave Software, the developer. And Brave is open-source, so you could (if you were inclined) go and audit the entire code base yourself and verify that yes, the code does not collect sensitive data.

But Brave Software is a company, and companies grow and change and their priorities shift - will they always have that commitment to privacy? What if an insider threat makes it into the company and sneaks in a commit that collects data, or maybe a dependency that Brave uses gets backdoored and collects data, similar to what happened with XZ recently - well, you've audited a particular branch of Brave (and all the dependencies) and you know the code is good, so you pin that branch and stop downloading new versions of Brave.

Wait, you were downloading a version of Brave? Well, how do you know the code you downloaded is the same as what's running? Instead, pull the code you audited and compile that - now you know that the code you run is what you audited because you compiled it yourself. And you trust your compiler, right? Surely nobody backdoored the compiler so that it inserts data collection into Brave when you compile it? You can audit the compiler itself, but unless you're inspecting the actual assembly of the compiler, you don't know if the code you're looking at is actually what's running - remember that source code is just an abstraction that gets translated to machine code, and the machine code is what's executed! Backdooring a compiler to backdoor compilers is a classic (and very funny) attack described by Ken Thompson in his essay/speech "Reflections on Trusting Trust". And if you think "okay, i'll write my compiler from scratch to compile my browser and all the open-source dependencies so that I can be guaranteed a private browsing experience", how are you running the compiler? Can you trust the silicon in your computer, and verify that none of the chips you're using haven't been backdoored by the manufacturer? The rabbit hole goes deep!

Like you said, Brave is probably fine! But it can be fun to think about what kind of threat model you are concerned about and where exactly you draw the line at trusting somebody else, plus I can't possibly pass up an opportunity to shoehorn Reflections on Trusting Trust into a conversation that is even remotely related, so thank you for giving me that chance.

Dominions Son ๐Ÿšซ

@Paladin_HGWT

Perhaps this is an ignorant question (my mind is a bit fuzzy today); does using a VPN prevent Google from tracking my information?

A VPN will disguise your physical location and IP address.

It will not help with tracking cookies, browser fingerprinting or your browser phoning home.

Back to Top

 

WARNING! ADULT CONTENT...

Storiesonline is for adult entertainment only. By accessing this site you declare that you are of legal age and that you agree with our Terms of Service and Privacy Policy.


Log In