this post was submitted on 18 Feb 2025
968 points (99.3% liked)

Technology

63010 readers
3485 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
968
Digital Fingerprinting: Google launched a new era of tracking worse than cookie banners | Tuta (tuta.com)
submitted 3 days ago by [email protected] to c/[email protected]
236 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] ricecake 34 points 2 days ago

https://blog.lukaszolejnik.com/biggest-privacy-erosion-in-10-years-on-googles-policy-change-towards-fingerprinting/

This article actually shares what changed, as opposed to just asserting that there was a change.

[–] [email protected] 51 points 2 days ago (3 children)

Yeah, I have an anti fingerprint extension installed in Firefox, and immediately no Google site will work anymore, all google sessions break with it while most other sites just continue to work.

I'm working to rid myself completely from Google, my target being that I will completely DNS block all google (and Microsoft and Facebook) domains within a year or so. Wish I could do it faster but I only have a few hours per weekend for this

[–] [email protected] 3 points 1 day ago

What search engine do you use?

[–] [email protected] 1 points 1 day ago

I want to do this but really the only thing holding me back is my phone.

[–] [email protected] 16 points 2 days ago (1 children)

Mind sharing what extension you use?

[–] [email protected] 28 points 2 days ago* (last edited 2 days ago) (7 children)

Hi, here are the extensions I use in FireFox/Librewolf (all will work in Chromium too, but I don't recommend Chromium browsers):

Privacy and Security-focused

uBlock Origin: A lightweight and efficient wide-spectrum content blocker.

Decentraleyes: Protects you from tracking through free, centralized content delivery. (not recommended alongside uBlock Origin; see the reply below)

CanvasBlocker: Protects your privacy by preventing websites from fingerprinting you using the Canvas API.

Ghostery Tracker & Ad Blocker - Privacy AdBlock: Blocks trackers and ads to protect your privacy and speed up browsing. Also has a handy feature that automatically rejects cookies for you. (not recommended alongside uBlock Origin; see the reply below. You can disable the ad blocking functionality and keep the cookie rejection function).

KeePassXC-Browser: Integrates KeePassXC password manager with your browser.

NoScript: Blocks JavaScript, Flash, and other executable content to protect against XSS and other web-based attacks (note: you will be required to manually activate javascript on each web page that you visit, but this is a good practice that you should get used to).

Privacy Badger: Automatically learns to block trackers based on their behavior. (not recommended alongside uBlock Origin; see the reply below)

User-Agent Switcher and Manager: Allows you to spoof your browser’s user-agent string (avoid creating a unique configuration; opt for something common, such as Chrome on Windows 10).

Violentmonkey: A user script manager for running custom scripts on websites (allows you to execute your own JavaScript code, usually to modify how a website behaves or block behavior that you don't like. VERY useful. Check out greasyfork for UserScripts).

Other useful extensions (non-privacy/security)

Firefox Translations: Provides on-demand translation of web pages directly within Firefox.

Flagfox: Displays a flag depicting the location of the current website’s server.

xBrowserSync: Syncs your browser data (bookmarks, passwords, etc.) across devices with end-to-end encryption.

Plasma Integration: Integrates Firefox with the KDE Plasma desktop environment (for linux users).

[–] [email protected] 1 points 1 day ago

Thanks for this list! Just got off chrome and this helped speed things along!

[–] [email protected] 2 points 1 day ago

Port Authority is a good one too, I think. Need to check that it is still maintained.

[–] [email protected] 2 points 1 day ago* (last edited 16 hours ago)

"Decentraleyes" is such a good name, damn!

[–] [email protected] 10 points 2 days ago

Thanks for the list! Although most of the time it's advised to not use multiple adblocker in tandem, because they might conflict with each other and get detected by the website. For example, uBlock origin has, in its settings, an option to disable JavaScript and in the filter list, an option to block cookie banners "Cookie notices". But if all of these work for you that's great!

load more comments (3 replies)
[–] [email protected] 2 points 1 day ago (1 children)

I wonder how safe is Apple ecosystem from this.

[–] [email protected] 27 points 2 days ago (2 children)

Time for a user agent switcher. Like "Yeah, I swear, I'm a PS5, that has only monospaced comic sans insrelled"

[–] [email protected] 27 points 2 days ago* (last edited 2 days ago) (1 children)

Fingerprinting unfortunately uses more than useragent strings. It takes hashes of data in your browser from a javascript context that is not easily masked or removed. For example, it might render a gradient of colors projected onto a curved 3d plane. The specific result of this will create a unique hash for your GPU. They can also approximate your geolocation by abusing the time-to-live information within a TCP packet, which is something you can't control on the clientside at all. If you TRULY want to avoid tracking by google, you need to block google domains in your hosts file and maybe consider disabling javascript on all sites by default until you trust them. Also don't use google.

[–] [email protected] 1 points 13 hours ago

How must it feel being clever enough to come up with these ideas and then implement them for companies invading everyones privacy for advertisement revenue and malicious information serving or stealing.
I guess they sleep soundly on a fat bank account.

[–] [email protected] 14 points 2 days ago (3 children)

Jokes aside, keep in mind that the idea of fingerprinting is that your computer's configuration is as unique as a fingerprint (e.g., your monitor is x resolution, you are on this operating system, you are using these following extensions in this browser, you have these fonts on your system).

Setting your user agent to something super unique is basically shining a spotlight on yourself.

I recommend this user agent switcher extension (firefox)

load more comments (3 replies)
[–] [email protected] 15 points 2 days ago (2 children)

Google can't fingerprint you very well if you block all scripts from Google.

[–] [email protected] 3 points 1 day ago (1 children)

This breaks all kinds of stuff though. A ton of sites use Google for captchas.

[–] [email protected] 3 points 1 day ago

I just don’t use any sites like that. If a site is using something other than Turnstile from Cloudflare, then I refuse to use it. I haven’t really experienced any inconvenience myself with this policy, but obviously I don’t depend on any sites that require recaptcha.

But you can allow/block any elements per site, or globally, which makes it trivial to block all unwanted scripts except on specific sites. So there is nothing preventing you from only exposing yourself to Google on the few sites you use that need those scripts.

[–] [email protected] 14 points 2 days ago (4 children)

Considering how few people block all scripts, this could also make it trivial for them to fingerprint you.

[–] [email protected] 4 points 1 day ago

I've checked, its true. Linux plus Firefox already puts you in the 2 percent category.

[–] [email protected] 10 points 2 days ago (1 children)

Anyone who uses uBlock blocks Google scripts.

[–] [email protected] 6 points 2 days ago* (last edited 2 days ago)

uBlock Origin + PiHole FTW.

load more comments (2 replies)
[–] [email protected] 28 points 2 days ago (14 children)

It would be nice to hammer a manually created fingerprint into the browser and share that fingerprint around. When everyone has the same fingerprint, no one can be uniquely identified. Could we make such a thing possible?

[–] [email protected] 25 points 2 days ago (2 children)

Not really. The "fingerprint" is not one thing, it's many, e.g. what fonts are installed, what extensions are used, screen size, results of drawing on a canvas, etc... Most of this stuff is also in some way related to the regular operation of a website, so many of these can't be blocked.

You could maybe spoof all these things, but some websites may stop behaving correctly.

load more comments (2 replies)
load more comments (13 replies)
[–] [email protected] 74 points 2 days ago* (last edited 2 days ago) (17 children)

This has been the case for years. I develop fingerprinting services so AMA but it's basically a long lost battle and browser are beyond the point of saving without a major resolution taking place.

The only way to resist effective fingerprint is to disable Javascript in its entirity and use a shared connection pool like wireguard VPN or TOR. Period. Nothing else works.

load more comments (17 replies)
[–] [email protected] 50 points 2 days ago (10 children)

Which is why I had hoped the EU would ban all forms of fingerprinting and non-essential data tracking. But they somehow got lobbied into selecting cookies as the only possible mechanism that can be used, leaving ample room to track using other methods.

load more comments (10 replies)
[–] [email protected] 166 points 3 days ago (21 children)

So I guess for Firefox users it's time to enable the resist fingerprinting option ? https://support.mozilla.org/en-US/kb/resist-fingerprinting

[–] [email protected] 85 points 3 days ago* (last edited 3 days ago) (10 children)

You can also use canvas blocker add-on.

Use their containers (firefox multi-account container add-on) feature and make a google container so that all google domains go to that container.

If you want to get crazy, in either set in about:config or make yourself a user.is file in your Firefox profile directory and eliminate all communication with google. And some other privacy tweaks below.

google shit and some extra privacy/security settings

Google domains and services:

user_pref("browser.safebrowsing.allowOverride", false);
user_pref("browser.safebrowsing.blockedURIs.enabled", false);
user_pref("browser.safebrowsing.downloads.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false):
user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.url", "");
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);
user_pref("browser.safebrowsing.provider.google.advisoryName", "");
user_pref("browser.safebrowsing.provider.google.advisoryURL", "");
user_pref("browser.safebrowsing.provider.google.gethashURL", "");
user_pref("browser.safebrowsing.provider.google.lists", "");
user_pref("browser.safebrowsing.provider.google.reportURL", "");
user_pref("browser.safebrowsing.provider.google.updateURL", "");
user_pref("browser.safebrowsing.provider.google4.advisoryName", "");
user_pref("browser.safebrowsing.provider.google4.advisoryURL", "");
user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");
user_pref("browser.safebrowsing.provider.google4.gethashURL", "");
user_pref("browser.safebrowsing.provider.google4.lists", "");
user_pref("browser.safebrowsing.provider.google4.pver", "");
user_pref("browser.safebrowsing.provider.google4.reportURL", "");
user_pref("browser.safebrowsing.provider.google4.updateURL", "");

Privacy and security stuff:

user_pref("dom.push.enabled", false);
user_pref("dom.push.connection.enabled", false);

user_pref("layout.css.visited_links_enabled", false);
user_pref("media.navigator.enabled", false);

user_pref("network.proxy.allow_bypass", false);
user_pref("network.proxy.failover_direct", false);
user_pref("network.http.referer.spoofSource", true);

user_pref("security.ssl.disable_session_identifiers", true);
user_pref("security.ssl.enable_false_start", false);
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
user_pref("security.tls.enable_0rtt_data", false);

user_pref("privacy.partition.network_state.connection_with_proxy", true);

user_pref("privacy.resistFingerprinting", true);
user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
user_pref("privacy.resistFingerprinting.letterboxing", true);
user_pref("privacy.resistFingerprinting.randomization.daily_reset.enabled", true);
user_pref("privacy.resistFingerprinting.randomization.enabled", true);

user_pref("screenshots.browser.component.enabled", false);

user_pref("privacy.spoof_english", 2);

user_pref("webgl.enable-debug-renderer-info", false); user_pref("webgl.enable-renderer-query", false);

load more comments (10 replies)
load more comments (20 replies)
[–] [email protected] 132 points 3 days ago (2 children)

So, manifest v3 was all about preventing Google's competitors from tracking you so that Google could forge ahead.

[–] [email protected] 67 points 3 days ago* (last edited 3 days ago)

It was never about privacy, it was supposedly about security, which there is some evidence for. There were a lot of malicious extensions. The sensible thing to do would be to crack down on malicious extensions but I guess that costs too much money and this method also conveniently partially breaks adblockers.

load more comments (1 replies)
[–] [email protected] 55 points 2 days ago (2 children)

So I thought this is never going to fly under GDPR. Then the article goes on to say:

Many privacy laws, including the EU’s GDPR and California’s CCPA, require user consent for tracking. However, because fingerprinting works without explicit storage of user data on a device, companies may argue that existing laws do not apply which creates a legal gray area that benefits advertisers over consumers.

Oh come on Google, seriously? I remember a time when Google were the good guys, can't believe how they've changed...

[–] [email protected] 51 points 2 days ago (6 children)

Google were maybe seen as the good guys back in the days of Yahoo search, and perhaps the very early days of Android.

But those times are so long passed. Google has been a tax-avoiding, anti-consumer rights, search-rigging, anti-privacy behemoth for decades now, and they only get worse with each passing year.

load more comments (6 replies)
[–] [email protected] 29 points 2 days ago (2 children)

That time was like 20 years ago, dude

load more comments (2 replies)
[–] [email protected] 15 points 2 days ago

Time for meshnet?

load more comments
view more: next ›