Google allows advertisers to fingerprint you for even better tracking

Google has announced a change to its advertising policies that will allow advertisers to use digital fingerprinting starting February 16, 2025.
Why it is important: digital fingerprinting uses signals, like the IP address, location, language, used software, or operating system, to identify devices and users on the Internet.
Numerous digital fingerprinting techniques exist, some even capable of cross-browser fingerprinting.
Tip: you can test your browser's anti-fingerprinting protections, or lack therefor, on the EFF's Cover Your Tracks webpage.
This tracking technique works well with other methods, but may also stand on its own. It offers several advantages over cookies, but only to the trackers:
- Information may be collected without user consent or the user even knowing that it is collected.
- The data is stored remotely, not on the user's device.
- Unlike cookies, which can be deleted easily at any time, digital fingerprint data cannot.
Google announced the change on its Google Marketing Platform Help support website. According to Google, the updated policies "clarify the activities that we prohibit to better protect the ads ecosystem from harmful activities, while being less prescriptive with partners in how they target and measure ads".
The UK's Information Commissioner's Office was one of the first to react to Google's announcement stating that "businesses do not have free rein to use fingerprinting as they please".
It highlighted that Google was against fingerprinting of users in 2019 stating back then that it subverted user choice and that it was wrong.
What changed? Google's stance is that two advertising ecosystem shifts have happened in recent time.
- Advances in privacy-enhancing technologies.
- Rise of ad-supported devices and platforms.
Privacy-enhancing technologies, short PETs, include on-device processing, trusted execution environments, or secure multi-party computation. Google says that advancements "are unlocking new ways for brands to manage and activate their data safely and securely".
The big policy shift is only hinted at in the main support article. A single sentence in the middle of the text provides it: "The policy also updates the requirements for our partners on the use of data signals.".
The updated policy itself is not linked on that page. You can open it here.
When you compare the current policy to the new, you will notice several changes. For users, an important change is listed under "Identifying users and user consent".
Previously, Google did not allow advertisers to pass any information to it that
- Google could use or recognize as personally-identifiable information.
- permanently identifies a particular device (such as a mobile phone's unique device identifier if such an identifier cannot be reset).
The second rule has been removed in the new policy. In other words, advertisers may identify users based on the devices that they use and may pass the information to Google for tracking purposes.
What can you do about it?
- Content blockers work against many forms of fingerprinting as well.
- Some browsers, for example Brave and Firefox, come with fingerprinting defenses that make it harder for companies to track you using fingerprints.
Now it is your turn. Do you use protections against fingerprinting in your browsers, apps and devices? Are you worried about the policy change? Feel free to leave a comment down below.
@Martin I think you could write an article about do not track. Do not track might be a way to block fingerprints before they happen. Use this link for some good points https://mander.xyz/post/24524978
I thought it might be possible to avoid being fingerprinted by disabling Javascript, but apparently not according to this site which includes a demo. https://fingerprint.com/blog/disabling-javascript-wont-stop-fingerprinting/
Changing the background colour of the page works, but only serves to generate a permanent fingerprint for that specific background and for that particular user.
Thank you for the useful link. It is nice to know about additional fingerprinting approaches.
My advice overall would be to keep using your extensions, including ones which block JavaScript and ones which reduce and report on fingerprinting.
These extensions can make the internet better to use and can notify you about what web sites are doing.
There are tradeoffs with deploying fingerprinting, like the development cost and the execution speed cost against the expected reward. Also the possible perceived angering of your visitors. Not every web site wants to aggressively fingerprint its users. If JavaScript is blocked and ads won’t load, maybe fingerprinting you for targeted advertising has little meaning to the web site.
If possible, it would be nice if you have a way to block your list of extensions from being discovered, and if people know a way, please share your advice. Even if you cannot block the list, I think the value from extensions is much greater than worrying about how you might get fingerprinted by someone able to gather your list of extensions.
Use the extensions. You may have already given yourself away by logging in to your web browser or logging in to the web site or just by having the same IP address all the time. While fingerprinting is an important topic, fear of being fingerprinted should not be a reason to remove your protections. Do not give in to fear.
By continuing to use anti-fingerprinting extensions, we can still be protected from some web sites. If we keep using them, the extension authors have a reason to make them better over time. We might discover combinations of approaches which offer better protection for some web sites. We will not discover these combinations if we just give up on extensions.
I just discovered another Chrome based browser which purports to be privacy orientated. It’s called “Iron Browser” and states it doesn’t have any connection to Google at all.
Also, there’s a portable version as well and it works with Windows 7/8 besides Win 10/11. I just downloaded the Win 8.1 Portable version and although it was a bit slow to fire up I didn’t encounter any problems running it.
It’s actually been around for quite a while and Martin ran a review of it back in 2009 with further comment in 2011: https://www.ghacks.net/2011/08/08/srwware-iron-auto-updater/
Here’s the link to their site: https://www.srware.net/iron/
CreepJS is a great tool that will open ur eyes about the complexity and accuracy of fingerprinting https://abrahamjuliot.github.io/creepjs/
I have CreepJS in my bookmarks, hadn’t checked it for years, its results, until I read your comment.
Astonishing. Just checked its fingerprint analysis with the CanvasBlocker extension installed, checked again with CanvasBlocker set to highest protection, checked once more with the latter together with a VPN : CreepJS delivers the same fingerprinting, even (for the sake of who knows?) with all caches cleaned and after restarting the browser (Firefox). I seldom use the VPN but as far as CanvasBlocker is concerned, I’ve uninstalled it. What’s the point if a smart (creepy) analyzer can prove that the device can be correctly fingerprinted? As far as the VPN is concerned, I may continue to use it as occasionally as before but aware that it’s not because a site seems to be fooled by accepting that my device is in L.A. or Hong-Kong that they won’t know that I may have visited their site when my fingerprinted device was not handled by the VPN …
Thanks for the info/reminder.
Just been reading the Malwarebytes blog this morning concerning criminals buying advertising space on Google Ads and then diverting responses to their own nefarious sites which fingerprint everyone via Javascript and then go on a spending spree at your expense. It’s very sophisticated and well worth a read: https://www.malwarebytes.com/blog/news/2025/01/the-great-google-ads-heist-criminals-ransack-advertiser-accounts-via-fake-google-ads
Excellent, informative article. Advised for Google aficionados. Thanks for the link, TelV.
Just adding a small update here.
It is not really new, I have experienced this for months in FF when you search from google.com instead of from the address or search bar, but anyway here is a recent article.
https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/
It relates because browser fingerprinting is heavily dependent on javascript to pull a lot of the information. While a lot is leaked from the browser without it, things like probing what fonts you have installed and many other parameters is dependent on scripting to make your browser spill the extra details to make a higher detail print.
@Martin,
I tried to post a comment to this article yesterday, but it appeared not to go through. I made a copy of it and tried to post it again today, but now I see a message that says “I’ve already said that…..”. But I can’t see my post anywhere??
It begins with: “I have a 100% unique fingerprint on….”
If there’s a particular reason why it was rejected I would like to know what it is please.
By the way, did my review of your book which I posted on Amazon last year bring about an increase in sales? I sent you an email with a link to it at the time, but didn’t receive a response so I figured you had other things on your mind. ;)
Hi, I just checked the spam folder and it was in there. Not sure how it got there. It should now be visible. Thanks for letting me know.
My results testing with https://coveryourtracks.eff.org/
Firfeox V 134 :
Blocking tracking ads? Yes
Blocking invisible trackers? Yes
Protecting you from fingerprinting? Your browser has a unique fingerprint
—————
Tor Browser V 14.03
Blocking tracking ads? Yes
Blocking invisible trackers? Yes
Protecting you from fingerprinting? Yes
——————–
Librewolf V 134.01
Blocking tracking ads? Yes
Blocking invisible trackers? Yes
Protecting you from fingerprinting? Your browser has a unique fingerprint
————–
Palemoon V 32.5
Blocking tracking ads? Yes
Blocking invisible trackers? Yes
Protecting you from fingerprinting? Your browser has a unique fingerprint
—————
Brave Browser V 1.73.105-1
Brave Browser did not allow any tests.
———
My conclusion: the most secure browsers in terms of tracking are Tor-Browser and Brave (?)
If you are so paranoid don’t use the Internet.
It’s not about being paranoid. It’s about not allowing companies to create a profile with information they’ve collected without my explicit permission. If they want my information, let them pay for it.
@Someone Don’t feed the trolls
I’m concerned that before too long, businesses won’t allow you to use their websites unless they can see your digital fingerprint.
What exactly do they collect that is so valuable and personal to you? The answer to this question is a big NOTHING. They collect what browser you use…IP address, and what websites you go to…WOW so much personal stuff there my identity is reviled and stolen. lol wooo I post on Ghacks.net under anonymous username my privacy is so violated can’t you all see? Martin Brinkmann knows my IP address and what browser I am using…that’s some real scary stuff dude. I didn’t gave him a permission to know this, LOL
@FireFox User There is a reason a monkey prefers bananas over gold you know? It’s called evolution which blue pill prevents you from attaining. So, don’t ask this privacy question because you will not understand the answer.
I have always just used the popular browser in native form. Can’t say I have ever been interested in preventing tracking or attempting to block any of this. After all, we are talking the internet here and at somepoint some information is being collected.
I have a 100% unique fingerprint on https://browserleaks.com/ , but I’m not bothered by it because I’m logged into a VPN (Mullvad). All that’s required to change it is to change my location and I get a new fingerprint.
EFF placed my location as Europe/Berlin which is fine by me since I’m not even in the country at the moment. And what does it matter anyway? I use UBO to block ads and would never use a Chrome browser.
As regards search engines I use Qwant.com which sometimes feeds me a Cloudflare box to tick to clarify that I’m not a bot, but other than that I never see any ads. I tried using Brave a couple of times, but it wants me to switch to their AI engine which I don’t want to do so I eventually removed it from the search engine list.
Other than that I’ve changed my about:config prefs to take care of the remaining annoyances so advertisers are welcome to fingerprint me at their leisure :D
Are we talking about Google Ads tracking, Chrome tracking, Google account tracking or google.com cookie tracking?
If it just Google Ads, I would recommend just block all google ad scripts in content blocker (could prevent few websites from functioning properly). I also from now on will stop using a Google account to leave comments on YouTube. So I do not need Google account on Windows from now on. Google.com cookie is a serious problem. I could not find a working extension that would prevent non-whitelisted cookies from being created or delete them once the tab is closed.
Google is known to track connections to any of its websites, even requests for fonts. We can probably expect tracking from all the Google products you mentioned. Not sure if Google will deploy fingerprinting to all its connections but it might.
If you want to block connections to google.com, using a hosts file might be the easiest way. https://winhelp2002.mvps.org/hosts.htm If you put some Microsoft web sites in your hosts file, Microsoft Defender may delete your entire hosts file and leave you unprotected. Defender Control might help. https://www.sordum.org/9480/defender-control-v2-1/ Putting Microsoft websites in your hosts file then telling Microsoft Defender to allow an exception to its hosts file deletion rule might help, but you probably need to do this twice.
Before blocking google.com, migrate from Gmail to an email service not profiling your every message using AI. Remove your logins with Google on other web sites and replace them with email account logins from a better email provider. Abandon your old accounts if you cannot update your email address in those accounts. Blocking google.com will probably prevent you from logging in to WhatsApp.
Tips for migrating from Google. https://tuta.com/blog/what-does-google-know-about-me
Some web sites use google.com for reCAPTCHA to create an account and sometimes to log in. You can encourage those web sites to migrate to alternatives to reCAPTCHA. https://alternativeto.net/software/recaptcha/?platform=self-hosted
I moved to Firefox 2 yrs ago so I could keep using full force ad blockers, so this does affect me. This only affects the tech clueless, who can’t be bother to a clue.
Firefox users are tech clueless, Brave is the future with built-in content blocking and Blink rendering engine. Firefox is an outdated, unsupported archaic leftover that can’t die any faster. Now down to 2% market share, because it’s garbage.
Ah, the disciples of the Brave Browser are everywhere, spreading their good news. Only to purify, save and protect us all from “evil”, of course. But what they forget: Brave has a dark past, and so does Chrome. The stories are almost exactly the same: while Chrome came as an unwanted bundle with the toolbar back then, Brave also got up to mischief in the beginning. And now a browser based on Chromium is being praised as the savior. When Google snaps its fingers, any customization is impossible – and I’m not just talking about Manifest v3. Or do the lemmings really think that Brave would devote resources to building its own engine? Not at all.
What happens with manifest v2 support? Is Brave going to support this indefinitely or are they going to go with the other Chromium based browsers and drop it? Not sure how well the adblocking will work then…
Well .. they claim to continue Manifest 2 support, but this will require dev work, and depending on what Google is exactly doing, it may require LOTS of dev work, which is costly and will anyhow increase over time, so keeping Manifest 2 support will become more and more expensive as time progresses. It therefore remains to be seen, how serious brave is about keeping manifest V2 support. It would make sense, as “ad protection” is one of their USPs, but otherwise: money is money. So time will tell, how serious they are about this, or if they one day simply drop it.
Uninhibited imperialism is the new U.S. administration’s philosophy and is spreading as such on American companies’ behavior. Meta declares that Europe’s digital defense is censorship and Google, taking advantage of the winds of ‘Liberate yourself from respect to users’ decides to allow advertisers to fingerprint you for even better tracking. No more lies as they carry out their intrusions worse than ever before but also free of any consideration for a basic politeness which lies happen to allow should it be hypocritically. And the people, blind, deaf continue to not only use but worship Google, Meta, X. What a mad world.
Thanks for contributing Tom Hawack. Your albeit cynical perspective is refreshing.
Only sharing my thoughts, as we all do, and these thoughts are not at all cynical. Cynicism would be to believe we are all uncivilized whilst I’d rather think that, as history of mankind reveals it, the best has always had to endure the weapons aimed to control the worst and when it comes to the digital arena, enlightened (brains) honesty (ethics) has to endure moderation. Nothing to do with cynicism; at worst, a certain lack of hope, occasionally. Wouldn’t it be great to live in a world which requires no police, no army, no judge, no referee in soccer, football, tennis tournaments? As you see, no cynicism but rather perhaps idealism, basically incompatible with a sustained misanthropy which, I confess, happens to take a place in my brains my soul refuses it to occupy.
Frankly, arguing whether the EU or the US sucks less is vapid, IMO. I have always assumed data retention from companies like google. Legal issues are an afterthought – it’s the nature of data and the internet. Besides Brave, one of the few add ons with some considerable backing you might like (nlnet foundation, FSF, Brno university) is jshelter.
https://jshelter.org/threatmodel/
Guys please, this is not a politics forum. I know tech and politics sometimes clash, but this discussion is not getting anywhere.
@ Martin B.
Thanks Martin
@Martin, indeed “tech and politics sometimes clash” and they are at this time when the former are deeply modifying the latter, or trying to.
Freedom does not exist in Europe or the EU. Everyone tries to make you believe that there is freedom at all costs, but it is a complete lie. There is no freedom, there is nothing but the lies that the leftist media sells. Fascism is also a lie, there is no fascism at all because everyone is a fascist if you don’t agree. Being agree or not won’t ever become a solid criteria to classify people. Not now anymore. So Google, Meta, X and TikTok are indeed the last resort to achieve freedom.
omg, you are clearly joking.
Lol, lol, haha, well done.
@BocoY, I have to disagree with you. Do you know anything about Europe, about the States, have you lived in both and compare the best and worst of each? I have.
The basis is to know what we understand by the word ‘freedom’. If we disagree on the meaning, on the philosophical sens and implications of the word then we’ll always disagree.
I believe there is no freedom when my freedom negates the freedom of another. I believe that any right implies duties, that the right of freedom implies the duty of respecting the right of freedom of others. I believe that not moderating the speech of one who deliberately or not lies, who spreads words of hatred, of segregation, of racism, of homophobia is imperative, especially when the audience includes millions of users, which may not be required, as imperative when chatting at home with a couple of friends.
Konrad Lorenz, a well-known Austrian zoologist, ethologist, and ornithologist, did state that “Too much order and it’s sclerosis, too much disorder and it’s anarchy.”. I think we must strive to hold a balanced position between both, and I think that the new free world philosophy is dangerously falling towards anarchy. I believe moderation is really the right tool to combine free speech and respect for truth. Of course the problem of biased, or silly moderation may lead to excessive order and as such to sclerosis, but its default is potential when anarchic, uncontrolled freedom is not potential but factual.
We strive in Europe for freedom, but not at all costs. Saying that moderation is censorship is untrue and it becoming the mantra of American companies as they follow a new administration to be as a dog follows his master is not in the tradition of the America we love but only a business surrender to the imperatives of business pragmatism. I know America, “my” America, the one I’ve loved within 6 years of residence there, the one I’ve continued to love — it’s multiple, diverse cultures, its values, its philosophy of life, many beautiful, honorable values … that in my view are disappearing in these winds of ultra-liberalism (in the European sens of the word) that are blowing as a hurricane many far too many American major companies.
We strive for freedom, equality and brotherhood, for all three and not only for the former.
“I believe there is no freedom when my freedom negates the freedom of another. I believe that any right implies duties, that the right of freedom implies the duty of respecting the right of freedom of others.”
If your freedom depends on the freedom (feelings) of others, it’s not freedom. You are not jailing them or putting them into slavery. Its “please let me talk, pretty please”. If your freedom depends on somebody who can possibly be an offended, it is called self-censorship. Internet is not a walled garden. But if we do not want to lose freedom, we should be able to have tough conversations and disagree. For example, I am on the right, but I believe that Tucker Carlson is a complete moron/grifter with an agenda (flip-coin of Rachel Maddow) and Joe Rogan could be honest but is extremely uneducated in a lot of fields: maybe 5th grade knowledge in math and sciences.
Funny, for being a pair (Carlson, Rogan) of uneducated grifters, they sure know how to analyse and discuss issues. And rake in the bucks.
When’s the last time you had a discussion with Putin or Trump?
@efromme
“And rake in the bucks”
That is what grifting is all about.
@boris, you’re slipping into political politics when I have slipped into the impact of politics in the area of our lives, namely digital lives. I do believe with a few others that freedom is a reality starting the moment we all are, free. I’m not free if an innocent is jailed, I’m not free if a weak is persecuted and unable to defend himself, I’m not free if my definition of freedom turns around my belly. In fact there is no freedom without compassion, and I find it amazing that counties around the world seem to be as little committed to it as they are deeply integrated into religion, but that’s another debate.
Tough conversations can and do exist without hatred, insults, segregation, supremacy, racism, homophobia. Those who comply with the worst are not tough debaters but only empty-brains “yellars” (how do you spell that?), and that’s what moderation is all about. Of course a tough conversation is always better than a flat consensus, but you can stand for your ideas within “soft-toughness”, or should we consider that it’s easier to shout and (try to) prove (your) truth with power than with a whisper of arguments? I don’t think so.
Of course it’s not because you participate to a debate that you are meant to be moderated, as well as it is not because you comment on a social website that you’ll be systematically a yellar pushing around everyone and spitting the hate of frustration on others. But these sad clowns do exist and letting them yell without correcting via moderation their uncivilized behavior is nothing but an incentive to let them believe their attitude is correct, that truth and power are linked and that weak but silent people are wrong.
That’s what I meant, and mean.
Tom, your TDS is showing, typical European, accuse, insult, belittle and fault Trump for your incompetence and inabilty to fix problems you caused. Don’t blame America, blame yourself.
Corporations are the same world over, it’s all about the money and nothing more, not lofty social and cultural goals you pretend drives euro commerce.
You’re typical European, reject everything American, yet mimic everything American. You even Americanized your name.
@Wayne Belcheck.
Trump was not mentioned even once in any of Tom’s posts, so it’s ironic that you mention TDS. I guess what they say about every accusation being an admission holds some truth.
Tom is not originally an American name, it originates from Aramaic name Ta’oma, meaning “twin.” It was used in Germany and Scandinavia long before America.
@Wayne Belcheck, keep calm, please :) I don’t think a typical (what is “typical”, average?, What is “average?) European rejects everything American. There has been decades ago what we called “primitive anti-Americanism” but that’s way back. In my experience a wide majority among our European countries in their diversity like America, adopt many American lifestyles, even their junk-food ! Anyway, as I’ve stated in the comment you’re replying to, “I Love America” as Patrick Juvet’s pop hit from the eighties sang it! I’m only, personally with some others, sad the way American politics are shifting to values never known before in America ; chaotic, wild, uncontrolled, quasi hysterical worship of freedom, for the reasons I explained above.
I did not mention any name and insulted even less, but reversing the charges is a typical attitude of those who are condemned on the basis of facts. By the way, it’s not only a Europe-America debate when we know that many American citizens disagree and feel sorry for where their new administration is leading them. I think it’s more a debate between civilized and uncivilized values, worldwide.
Europe has problems and some of them could be fixed by taking America as an example, and vice-versa. That’s not the problem, perfection is nowhere, comparing the pros and cons is the mean to progress. It’s just that European values, if they are for most synchronized with American values remain yet opposed to America when it considers American values it shares are falling apart.
Corporations are not the same world over, they would probably be if they had the power of major America ones, such a power that not only they influence American politics but moreover strive to influence politics of other countries : that is not to be tolerated and,to take a recent example, Elon Musk pleading for far-right German politicians as well as against democratically elected UK’s Prime Minister is relevant of a dangerous uninhibited imperialism this man is showing-off. You see, that’s the America we don’t like. Nothing to do with America as a whole and even less with American citizens.
Lastly, nothing to do with leftists, unless to consider that the values of freedom and justice established by the Americans to be some 250 years ago were leftist values. Again : freedom (mine and yours free of duality), equality (justice), brotherhood (not that of hugs and kisses but that of the helping hand).
Together we can, make this world greater.
Tom, your pseudo-philosophical meanderings are senseless, boring and always off-topic and reek of anti-Americanism.
I agree with Martin, politics has no place on this blog.
Stick to the topic.
“Uninhibited imperialism is the new U.S. administration’s philosophy and is spreading as such on American companies’ behavior.”
So Trump is gonna dominate the world and he’s using google and X to do it by reneging on “basic politeness” Whew ! That’s a whopper for sure Tom.
Tom, you need to reflect seriously on your unique observations. And lay off the mind expanding drugs.
@efromme, no drugs here but vitamins and coffee should wake you up.
You summarize in a half-cynical half-naive way what is probably close to truth. Thanks for saying it in a few words. Except that I’d rather nuance your wording with a “maybe”. Who knows for sure? But for sure he’ll try but perhaps with a touch of hesitation given he’s getting older and less aggressive, less aggressive I hope by wisdom and not bu intellectual fatigue. We have to see further, beyond those four years, try to consider what will be the power of his billionaire world corporations associates once the old man will be off-track, and that is a real problem. But you know how life is, especially in the States, like stock markets, up quickly and down as quick, things move fast in the States, a nation represented by Mercury in astrology whilst China is by Pluto and Russia by Neptune, both with long cycles, both take time to change but change for deeper and longer periods. No drugs, promised :)
Milk, sugar?
Europe has both: digital defense from corporation and severe governmental censorship. Europe’s censorship comes directly from government entities, while US censorship comes from corporations trying to be our Governments’ best friends. I do not see one as preferable to another. What is the difference if it is the King owns you or his Barron?
On the second point, I agree with you. I may like some small business or content creators because I can get almost personal relationship with them. But I do not like any corporations. Corporations are coming in two flavors: extra greedy or politically captured, or both. Neither is good for almost anybody. And I am no socialist or environmentalist. I just hate current corporate culture. It is killing capitalism.
I’m sorry to break it to you, but neither is big tech corporations exploiting people to make money a new trend, nor is it limited to digital technology or North America. The idea of Europe having a “digital defense” is also striking, because you will hardly find a European government that isn’t keen to track and spy on internet users, Stasi-style, which is even more sinister than a private company using every asset it has to make money.
This control Once again why do you need are fingerprints, so much fraud in the world and you are doing this, you have to much time on your hands. Instead rehousing people or catching the real Internet scammers..
Results on EFF: Brave = ‘randomised fingerprint’; Librewolf = ‘nearly unique’.
With canvas blocker extension installed in Librewolf, result became ‘unique’. Obviously, using Librewolf, the extensions you have enable increased fingerprinting accuracy.
@Anonymous
Strange, here it’s the opposite. Librewolf with uBO all filters enabled except regions and languages, no fingerprinting. Brave with shields all filters enabled partial protection. Mullvad browser, with and without Proton vpn free uBO and NoScript, your browser has a non-unique fingerprint. Firefox, enhanced tracking protection strict and off course uBO no fingerprinting.
Maybe you should get rid of the canvas blocker extension, uBO already does that for you.
>” Maybe you should get rid of the canvas blocker extension, uBO already does that for you.”
uBO specifically does not do canvas blocking, and the dev has said he has no intention to do so: https://github.com/gorhill/uBlock/wiki/Does-uBO-protect-against-fingerprinting%3F
Indeed, I was wrong. But at Librewolf they say this
https://librewolf.net/docs/addons/
Canvas Blocker: protects against some fingerprinting techniques. Suggested exclusively to users that disable RFP or enable WebGL.
Impressive levels of Orwellian newspeak.
I cite the part here, it is framing ‘privacy enhancing’ as “new ways for brands to manage and activate their data safely and securely”. Privacy for who then? Certainly not the user.
Except in the sense that, to Google, the advertisers etc. are the users, and the people out there and their devices are mere cattle or shared victims.
——
What changed? Google’s stance is that two advertising ecosystem shifts have happened in recent time.
Advances in privacy-enhancing technologies.
Rise of ad-supported devices and platforms.
Privacy-enhancing technologies, short PETs, include on-device processing, trusted execution environments, or secure multi-party computation. Google says that advancements “are unlocking new ways for brands to manage and activate their data safely and securely”.
—-
In terms of privacy we lost it when the tech companies broke the law with street-view style cars fixing wifi router names to physical locations, then cross-referencing homes with secondary data sources to provide household names alongside their basic device i.d’s.
Even if you change your router name, the tech companies simply use the ancient network cable-break timing methods against a baseline measurement, to re-establish who uses any new router name.
This specific concept is very old and working-out new ways to keep families safe seems like a low priority for governments who are tasked with keeping their people safe ahead of all other considerations.
The only easy solution is for governments to annually fine tech companies progressively more painful amounts until they learn to stop playing god with people’s privacy. The biggest fear is the weaponisation of data exploitation which cannot be too many years away if this continuing crime in progress is allowed to continue.
There will be a toggle in Chrome Settings to limit digital fingerprinting:
https://x.com/Leopeva64/status/1819955987433841014?s=19
I don’t know why you don’t mention this in the article… I guess bashing Google and Chrome all the time generates more clicks, right?
@Leopeva64
Please consider the compatibility between two Google assertions :
1- According to Google, the updated policies “clarify the activities that we prohibit to better protect the ads ecosystem from harmful activities, while being less prescriptive with partners in how they target and measure ads”.
2- As mentioned by Google and displayed in the Twitter link you mention : “Chrome will have a new feature that will “limit your digital fingerprinting,” the description indicates that “this setting makes it harder for sites to identify you using data about your device and browser.”
“Less prescriptive with partners in how they target and measure ads” VS. “Chrome will have a new feature that will “limit your digital fingerprinting,”
How do we resolve this equation?
What stuns me is the blindness of Google aficionados, either totally addicted either totally naive, or both.
Who are Google aficionados, maybe except for some of its developers and ad partners? Have you seen one unrelated to the company? I follow quite a few popular tech content creators on Google platform, but I never heard a good word about Google unless it is a sponsored post. In tech community, nobody likes Google or Meta or Microsoft. They are just forces of nature that has to be appeased and avoided at all cost.
And stop overanalyzing stuff. If a company can track you at reasonable cost, it will, and the same for any government. Whatever they say in public you can though it in the garbage.
@Boris, Google aficionados are those who defend their guru whatever the evidence, in the same way you’ve had this Illuminati guy who insisted for years to assert planet Earth was flat until he decided to drive a test by himself on the lands of Antarctica to finally declare “Yeps, I was wrong, the Earth is indeed round and spherical. My mistake”. Those guys exist. Now that doesn’t mean that technically skilled users are Google lovers. But most of us are not technically skilled, and what is a newbie’s or an ignorant’s attitude in the face of what he doesn’t know or understand? Either humility (but that’s often conceived as weakness in a world where you must have certitudes about everything) either a big-mouth-small-brain repeating everything those wh agree with him say that confirms his hyper-subjective non-thoughts.
See you later, alligators.
@Martin I didn’t mean to start a debate but only an answer, answer which called several answers. We’re off to TV now :)
Google is (unlike most other Tech companies, especially unlike Microsoft, who are a terrible joke) eg fairly competent, when it comes to IT Security. So most people in ITSec have a quite high opinion of Google, well at least from a purely technical point of view.
@Anonymous, no doubt major software companies focus on security, factually but as well in terms of communication when it comes to using this policy to explain inquisition into users’ privacy. Google is an advertisement company and as such is tied to income at the cost of our privacy, aware that bad security means no income. Just like drivers driving without a license who are more careful than others given they know the issues of being caught.
Quoting myself, sorry for that : “no doubt major software companies focus on security” can support a doubt when we realize Google’s little commitment to combat malvertisement, with this latest “incident” :
https://chipp.in/security-privacy/google-needs-to-strengthen-ad-security-after-latest-malvertising-incident/
Perhaps the company considers malvertisement as a collateral default of its big, big, ad business.
If Google and Chrome don’t like people bashing them, perhaps they should stop doing scummy things. There is no reason for a setting, they should not allow fingerprinting.
So, linking to your own Twitter/X post?
They are saints, clearly.
“clarify the activities that we prohibit to better protect the ads ecosystem from harmful activities, while being less prescriptive with partners in how they target and measure ads” George Orwell would be rolling over in his grave. I’m glad I avoid using anything Google as much as possible.
Google needs to be broken up.
Hmm, they changed the name of the site. It used to be https://panopticlick.eff.org/.
That adress does redirect to the one you linked.
Use brave with several privacy extensions. And a VPN. Covered?
The more extensions you add, the easier it is to fingerprint, but Brave seems to be able to alter data to generate randomised fingerprinting. The way to check is not by asking questions, but to test your configuration @ https://coveryourtracks.eff.org/
In my opinion, you can only really defeat fingerprinting by spinning up various different (Linux) virtual machines. Qubes OS may be the OS of choice for that, if your hardware supports it. And even with different VMs AND browsers, you may still have to look out for cross-VM leaks, be it WebGL output or something as simple as your IP address, so you may also have to consider different VPNs or Tor in the process.
I believe anti-fingerprinting as they stand now do not cover every value a very sophisticated adversary like Google could scan for. Your best bet might (ironically) still be your adblocker, if the script can’t run, it also can’t fingerprint you. This might work especially for scripts that are broadly deployed and “make it” to lists like EasyPrivacy.
You can give a preconfigured browser like Tor, LibreWolf, or Brave (in that order) a try in an attempt to combat fingerprinting, but as said, I think only various virtual machines I would say really give sophisticated scripts pause and almost no one is willing to do that. As said, a serious attempt to beat it would have to look like Qubes OS.
What IMHO never works is to try and “harden” a browser yourself, be it by obscure script or by extension (even worse). This especially concerns Firefox, below 1% of its users apply such scripts and many people who apply them, further modify the setup, more or less defeating the purpose. LibreWolf might be your best here still.
The first step starts even before the adblocker: with DNS: if the adserver can’t deliver the script to you, the script can’t run and possibly outsmart your adblocker. In ITSec we call that defense in depth.
So the 1st step is to either: I) use the DNS service from your provider that already blocks ad and tracking sites. Only a few ISPs offer such services, many many DNS providers do it for free), or II) do it yourself, eg with a Pihole, or if necessary using your /etc/hosts file.
You adblocker of choice possible hopefully also support blocking lists, but that’s only the next protection layer thereafter. Using a browser with a proper fingerprint-resistance obviously helps too (eg in Firefox activating RFP via about:config, instead of the custom FFP).
On a mobile device: not using apps, but a local browser, revoking app permissions as rigorously as possible and installing a firewall to control network access on app level helps too, as does not installing every app that people urge you to install.
Have you tested Librewolf and brave (in that order)? My experience is, Brave gets a significantly better anti-fingerprinting result.
I have no idea about TOR, other than seems impracticably slow and delivers a lot of rubbish of no peersonal interest. It may be OK for someone who wants the false sense of security they are outwitting law-enforcement, but IMO law-abiding users who just wish to avoid tracking are better off hardening a regular browser.
Hardening a browser makes a browser more secure, not more private