3w ago

Google said it was too hard to target ads to people

www.digitaltrends.com Google’s new policy tracks all your devices with no opt-out

Google has implemented the same strategy they once called wrong and subverts user choice. The tracking has begun and it's happening without your permission.

Came across this article and it got me thinking, are there any simple ways to defeat advanced tracking methods (fingerprinting, tracking pixels, etc.)?

Obviously you could go the Tor on a virtual machine route, or a non persistent set up like TAILS, but what about a browser that's able to give say, a 80% solution?

I work in the security industry and am always looking for the solution that is simple enough that its palatable to a client (not asking to change your whole lifestyle, just push this button) but also relatively effective.

59 comments

Google:
They've been asking us not to track them with cookies, so we're tracking them with fingerprints
Surely the gdpr has something to say about this. Or did the US forget the rest of the wold exists again?
- Thats why their ToS is different in the EU.
  
  Could I use a VPN to some place in the EU in order to have the different ToS
- Exactly, Google even advocated against the use of more intrusive tracking technology like fingerprinting stating it was too intrusive, I'll be the first to say I'm pro capitalist (if you can work hard and get rich, power to you), but when you are willing to invade the literal physical privacy of people who do not even want your products, it calls into question the legitimacy of your company.
  
  Lmao this guy thinks hard work is what makes people rich instead of massive amounts of exploitation in an inherently exploitative economic system....
  
  Being pro-capitalist on this website is gonna make you stick out like a sore thumb
  
  I appreciate that you are standing for moral dignities like personal privacy. But understand, Google's entire business model IS surveillance capitalism.
  Profits aren't infinite if the resource is finite. Eventually, they would have to dig the mineshaft deeper, take more material to sell more product. This is what happens when capital is left laissez-faire, it grows more tentacles.
  
  I love capitalists stepping on me
  Uhh, okay?
  
  I am also pro being able to form your own future by giving an extra hand to the world.
  I do however disagree on the part where you have to be born into certain privileges to be able to do this. Yes, giving extra should mean you get extra but all in accordance to individual abilities an privilege. Someone born rich should have it significantly harder to make more than someone born poor for example.
  
  What a bunch of BS.
- They don't give a F about any one and any laws as long as they get away with it. That's late stage capitalism for you.
  
  Any country trying to protect itself from US big tech gets threatened by tariffs, of course
  That is way you go up that orange ass

Check out EFF cover your tracks: https://coveryourtracks.eff.org/
The results are very interesting. For me, the most unique thing about my browser was that I had two system languages, and so the accept-language header was very unique.
I now use vanadium (graphene OS), which simply sends made up values for a lot of headers, and so makes fingerprinting harder.
In general, you should try to be as "normal" as possible, use standard settings for everything, just accept English, etc..
- Vanadium on Graphene is actually what I use as well haha, its just hard to convince people who already have enough on their plate with their actual jobs to make the lifestyle switch without it being viewed as very burdensome.
- That's a very interesting site, thank you!
  It looks like the screen size is the most identifying info for me, followed by the webGL hash. Not much can be done about those on mobile right?

Meanwhile the linked website is full of intrusive ads and hundreds of "legitimate interest" tracking cookies. Oh the irony...
- uBO exists.
  
  You don’t get the point, do you? I know I can block those, yet it’s hypocritical to complain about privacy and tracking in an article while doing the same. It’s not even the fact they use cookies at all, I get they might need them for analytics and such. But this site is out of control

I personally like Mullvad's approach to something like this.
First, use their browser and VPN together (browser was co-developed with the Tor Project folks),
In the VPN, you want to turn on DAITA. It's an interesting concept and I hope more legit projects like Mullvad start doing these things.
They're essentially adding bunk data to your VPN traffic to hide you from any AI analysis that might use only your throughput to identify you and your habits.
- try creepjs with mullvad browser, 100% traceable. it will always know it was you even if you clean the identity and restart the browser. and I bet googles tracking is even more advanced.
  
  Can you elaborate? When I'm using Mullvad Browser+VPN, have DAITA and Multi-hop on, it doesn't know who I am at all.
  Since this is a VPN, there are a ton of visits with this FP ID, and the FP ends up calculating differently (and I get different visits results, trust scores) whenever I refresh my session in the browser, or even just reconnect the VPN.
  The other data on the page are all completely generic guesses at my system, monitor size, etc. and maybe 10% of that info is accurate to my system. Even that info is not very useful. For instance it says I'm running "Linux x86_64"... they certainly nailed that information down...
  When I do this with only the VPN and Firefox, then the data is a lot more consistent between refreshes, incognito mode, etc. and the FP ID is pretty much the same every time in Firefox.
  The other data taking guesses at my system are also more accurate when using regular ol' Firefox. For instance, it actually adds to the "Linux x86_64" that I am using an AMD GPU (no additional info than brand). Still not all that damning if it wasn't for the FP ID in this scenario.
  I've read through the docs, and several other articles, that explain more about creepjs, but I culd be misunderstanding something somewhere I guess.
  ETA: I'm also noticing that in regular Firefox, the timezone data is all fairly accurate to the current servers my VPN is hopping through. In Mullvad Browser, though, the timezone data is all over the place and not at all accurate to what my VPN is set to, let alone where I actually am.
  ETA2: maybe my settings are more specific than you expect? Maybe your data about being 100% traceable is with 0 configuration of the browser or VPN?
  My setup:
  Mullvad Browser + Mullvad VPN
  DAITA turned on
  Multi-hop turned on
  Lockdown mode on
  All DNS content blockers enabled
  Extra steps to unify VPN+Browser DNS compatibility
  I could see if maybe you just installed Mullvad VPN and didn't use their browser (or didn't configure the browser for the VPN) that you'd be way more traceable.

i use uMatrix (by the same author as uBlock Origin), which essentially allows very granular control over what dynamic content to allow:
per domain and subdomain you can allow script, xhr, media, frames, cookies, images, css, and other things
so you can say, for example, on lemm.ee deny any scripts from google.com from loading and deny any xhr (so analytics can’t work even if the script is hosted on the sites own domain)
this stops a lot of fingerprinting in its tracks (except when you need to allow eg reCAPTCHA), but it does break pretty much every website until you go and allow only known good things (like scripts and xhr to the sites own domain)
there’s also server-side fingerprinting, which is harder again
- This looks to be an excellent tool, thanks for sharing and have a good one.
  
  you’re welcome! you too!
  it should be noted though that it hasn’t been updated since 2021, and its repo has been archived (i’m not sure of the reasons). it still works great, but it’s not going to get any updates

It's lying to get out of something.

targeted ads are stupid anyway, i dont want to hear about stuff i could look up myself if i need something. Constant ads are even more stupid because its just stuffing their stupid corporate shit down our throats.
There should be one opt in ad service that collects all the possible ads and you then just browse it like a catalog or something if you want to find ideas what to buy.

I will keep my adblocker until contextual ads are the norm again.

Firefox (with good settings, or Librewolf) + uBlock Origin + Decentraleyes + NoScript (with default permissions removed) is probably > 80%.
- DecentralEyes is deprecated, LocalCDN is actively maintained.
- NoScript is superfluous with uBo

Wouldn’t tails be just as trackable as say a browser that clears all its cookies?

The only thing i use google for is lens and couldnt find a good replacement for it,Tineye is subpar.

LibreWolf or Brave. I use Brave personally, it's okay
- The CEO of Brave is a fascist dickhead btw
- Mullvard browser
- +1 for brave. Definitely a great browser :)

59 comments