Google Wants to Track Your Digital Fingerprints Again (mashable.com) 54
Google is reintroducing "digital fingerprinting" in five weeks, reports Mashable, describing it as "a data collection process that ingests all of your online signals (from IP address to complex browser information) and pinpoints unique users or devices." Or, to put it another way, Google "is tracking your online behavior in the name of advertising."
The UK's Information Commissioner's Office called Google's decision "irresponsible": it is likely to reduce people's choice and control over how their information is collected. The change to Google's policy means that fingerprinting could now replace the functions of third-party cookies... Google itself has previously said that fingerprinting does not meet users' expectations for privacy, as users cannot easily consent to it as they would cookies. This in turn means they cannot control how their information is collected. To quote Google's own position on fingerprinting from 2019: "We think this subverts user choice and is wrong...." When the new policy comes into force on 16 February 2025, organisations using Google's advertising technology will be able to deploy fingerprinting without being in breach of Google's own policies. Given Google's position and scale in the online advertising ecosystem, this is significant.
Their post ends with a warning that those hoping to use fingerprinting for advertising "will need to demonstrate how they are complying with the requirements of data protection law. These include providing users with transparency, securing freely-given consent, ensuring fair processing and upholding information rights such as the right to erasure."
But security and privacy researcher Lukasz Olejnik asks if Google's move is the biggest privacy erosion in 10 years.... Could this mark the end of nearly a decade of progress in internet and web privacy? It would be unfortunate if the newly developing AI economy started from a decrease of privacy and data protection standards. Some analysts or observers might then be inclined to wonder whether this approach to privacy online might signal similar attitudes in other future Google products, like AI... The shift is rather drastic. Where clear restrictions once existed, the new policy removes the prohibition (so allows such uses) and now only requires disclosure... [I]f the ICO's claims about Google sharing IP addresses within the adtech ecosystem are accurate, this represents a significant policy shift with critical implications for privacy, trust, and the integrity of previously proposed Privacy Sandbox initiatives.
Their post includes a disturbing thought. "Reversing the stance on fingerprinting could open the door to further data collection, including to crafting dynamic, generative AI-powered ads tailored with huge precision. Indeed, such applications would require new data..."
Thanks to long-time Slashdot reader sinij for sharing the news.
The UK's Information Commissioner's Office called Google's decision "irresponsible": it is likely to reduce people's choice and control over how their information is collected. The change to Google's policy means that fingerprinting could now replace the functions of third-party cookies... Google itself has previously said that fingerprinting does not meet users' expectations for privacy, as users cannot easily consent to it as they would cookies. This in turn means they cannot control how their information is collected. To quote Google's own position on fingerprinting from 2019: "We think this subverts user choice and is wrong...." When the new policy comes into force on 16 February 2025, organisations using Google's advertising technology will be able to deploy fingerprinting without being in breach of Google's own policies. Given Google's position and scale in the online advertising ecosystem, this is significant.
Their post ends with a warning that those hoping to use fingerprinting for advertising "will need to demonstrate how they are complying with the requirements of data protection law. These include providing users with transparency, securing freely-given consent, ensuring fair processing and upholding information rights such as the right to erasure."
But security and privacy researcher Lukasz Olejnik asks if Google's move is the biggest privacy erosion in 10 years.... Could this mark the end of nearly a decade of progress in internet and web privacy? It would be unfortunate if the newly developing AI economy started from a decrease of privacy and data protection standards. Some analysts or observers might then be inclined to wonder whether this approach to privacy online might signal similar attitudes in other future Google products, like AI... The shift is rather drastic. Where clear restrictions once existed, the new policy removes the prohibition (so allows such uses) and now only requires disclosure... [I]f the ICO's claims about Google sharing IP addresses within the adtech ecosystem are accurate, this represents a significant policy shift with critical implications for privacy, trust, and the integrity of previously proposed Privacy Sandbox initiatives.
Their post includes a disturbing thought. "Reversing the stance on fingerprinting could open the door to further data collection, including to crafting dynamic, generative AI-powered ads tailored with huge precision. Indeed, such applications would require new data..."
Thanks to long-time Slashdot reader sinij for sharing the news.
And this is why... (Score:3, Informative)
Re: (Score:3)
I have a pihole that I route all requests through, use firefox with ublock origin. Is there anything else I can do to prevent these parasites from tracking me?
Re:And this is why... (Score:5, Informative)
In the 66 page suit and in later news articles, Oracles methods are revealed. They use tracking pixels, which are impossible to avoid
These data harvesting practices are largely invisible to most internet users. Tracking pixels are intentionally unobtrusive. They are embedded in digital platforms as almost invisible transparent 1x1 pixel png file thereby inextricably subjecting users to having their online activities monitored.
Some of the tracking tools, such as pixel trackers, are unavoidable because unlike cookies, they cannot be disabled. Oracle’s cookies and tracking pixels are pervasive throughout the Internet. Oracle has agreements with numerous high-traffic websites like the New York Times, ESPN, and Amazon to place cookies and/or pixels on their websites. By blanketing popular websites with these tracking tools, Oracle reaches a substantial percentage of Internet users—Oracle cookies are found on over 20 percent of the top 10,000 websites and more than 48 thousand websites. https://www.linkedin.com/pulse... [linkedin.com]
Its only going to get worse. Google is apparently playing catch up. "Ellison Declares Oracle 'All In' On AI Mass Surveillance" https://developers.slashdot.or... [slashdot.org]
Ellison made the comments near the end of an hour-long chat at the Oracle financial analyst meeting last week during a question and answer session in which he painted Oracle as the AI infrastructure player to beat in light of its recent deals with AWS and Microsoft. Many companies, Ellison touted, build AI models at Oracle because of its "unique networking architecture," which dates back to the database era. "Citizens will be on their best behavior because we're constantly recording and reporting," Ellison added, though it's not clear what he sees as the source of those recordings - police body cams or publicly placed security cameras. "There are so many opportunities to exploit AI," he said.
You might get some idea of how easily you are tracked by seeing how unique your browser trail is. Unless you use common software and settings, most of us will probably stand out. Here's a site to check your browser fingerprint https://www.amiunique.org/ [amiunique.org]
Re: (Score:2)
From that site:
"we will collect your browser fingerprint and we will put a cookie on your browser for a period of 4 months."
Thanks. No thanks.
Re:And this is why... (Score:4, Informative)
The EFF has a site https://coveryourtracks.eff.or... [eff.org]
Re: (Score:2)
They use tracking pixels, which are impossible to avoid
Delete cache early and often.
Re: (Score:3)
Hosting the cache on a tmpfs mount works quite well with firefox.
Sadly, Ubuntu's decision to force flatpak use for firefox makes this much more difficult to do on platform's based on the distro, but not impossible.
They seem to go out of their way to force the flatpak version's priority as well, sometimes even reverting the priority you set when you install the package manager PPA version direct from Mozilla.
It is at least, still possible to do. Just set it to something reasonable, and let the cache get nuk
Re: (Score:3)
>"Sadly, Ubuntu's decision to force flatpak use for firefox makes this much more difficult to do"
Which is one of the many reasons you should use Linux Mint instead of Ubuntu. Get all of the advantages of Ubuntu with little of the suckiness.
That said, you can use Mint's Firefox package under Ubuntu if you wish. Or you can use Mozilla's pre-built Firefox binaries.
https://9to5linux.com/how-to-i... [9to5linux.com]
Re: (Score:2)
Ubuntu's decision to force flatpak use for firefox
Ubuntu uses Snap, not Flatpak.
Re: (Score:3)
I realized that after the fact, it's my bazzite box that wants everything to be flatpaks.
Herpa Derpa.
Regardless, both of them make this difficult to set up a tmpfs mount there, due to how they do sandboxing.
Re:And this is why... (Score:5, Informative)
Tracking pixels are trivial to block and Firefox blocks most of them if you set tracking protection to strict.
Re:And this is why... (Score:5, Informative)
>> tracking pixels, which are impossible to avoid
Not sure that is correct. I use the Brave browser and the NoScript extension, I think they catch tracking pixels.
https://brave.com/privacy-feat... [brave.com]
You insensitive clod! (Score:2)
Some of the tracking tools, such as pixel trackers, are unavoidable because unlike cookies, they cannot be disabled.
I use the lynx browser. It doesn't know what to do with pixels.
Re: (Score:3)
They use tracking pixels, which are impossible to avoid
BTW, it's wrong that they are impossible to avoid. It's worth a very simple explanation:
A pixel is simply an image from one site which is downloaded into a web page from another site. In the request parameters downloading that image (typically the URL) the second site will send information about the user that is visiting their site.
You block this by only allowing sites to download images from their own domains. In other words, on cnn.com block all requests that go to twitter.com. That is a standard feature
Re:And this is why... (Score:5, Interesting)
A bit of a random list, feel free to explain why each option actually makes things worse, which is probably true in some cases with some trackers.
* Be aware that the more you do the more risk that you stand out each of the things below can probably be used as an identifying bit in a fingerprint
* Route all your traffic through a VPN or system like Tor so that it is grouped with other people's traffic, but be aware that even nastier people spy on those
* Run against a browser fingerprinting site to understand what information you are giving away
* Ensure you are using a browser which enforces HTTPS (now pretty much standard)
* Live in the EU so that you are covered by the GDPR and then use it's opt-out possibilities for "legitimate interest" tracking
* Consider an extension like Ghostery which automatically opts you of tracking
* invest time in understanding Ublock Origin's options and ensure that you block as many tracking sites as you can whilst trying not to stand out
* Vote for politicians who are trying to fix this.
* If you are technically adept, get in touch with your local politicians and volunteer to support them in understanding.
It's important to know that, without cookies your computer can provide plenty of tracking information - IP address + TCP stack identification (active or Passive) + cookie rejection options + window size + fonts available is already lots.
My impression is that even the anti-tracking groups like the EFF have really not understood this properly and tried hard enough. Some of them are even compromised. Still, it's something we really really can't afford to give up on.
Re: And this is why... (Score:2)
Time to assemble a whitelist - Internet Archive, Wikipedia, my bank, Slashdot and a couple of other forums and blogs I visit.
Re: And this is why... (Score:5, Interesting)
The ICO requires cookies FFS! (Score:4, Insightful)
https://ico.org.uk
Re: (Score:2)
The ICO also decided that "pay or okay" is fine, which is where a site demands you either pay or take tracking.
Re: (Score:2)
What is the argument that "pay or okay" is not fine? That companies should be legally obligated to provide significant web services to the global public for free?
Re: (Score:2)
That consent must be freely given, and that services which do not require privacy invasion cannot demand it or withhold said service.
Their argument is that tracking is essential because it's their business model, but they can show non targeted ads. GDPR doesn't have an allowance for "we could make more money that way", or even "we can't make enough money without it".
Craft ads with precision? (Score:5, Interesting)
I keep hearing about this "precision". Google has been talking about targeting relevant ads to people for 2 decades now. Yet still all I get over and over again are ads for products I already have, or ads for products I'm not actually interested in.
Buy a new camera from Nikon, get an advert for a Sony camera. What are they going for? Hoping I have buyers remorse and return the product?
Google's targeted ads are my favourite kind of ads. They are useless and don't influence my purchase because they come too late.
Re:Craft ads with precision? (Score:5, Interesting)
I keep hearing about this "precision". Google has been talking about targeting relevant ads to people for 2 decades now. Yet still all I get over and over again are ads for products I already have, or ads for products I'm not actually interested in.
Buy a new camera from Nikon, get an advert for a Sony camera. What are they going for? Hoping I have buyers remorse and return the product?
Google's targeted ads are my favourite kind of ads. They are useless and don't influence my purchase because they come too late.
Advertising is a scam at both ends.
The scam you're seeing is the scam on advertisers. For any given ad, there are a few possibilities. A} I am not interested in the product. B} I am interested in the product but can't afford it. C} I am interested in the product but won't dedicate my disposable income to it. D} I am interested in the product, can afford it, am willing to dedicate my disposable income to it, and for some strange reason haven't yet.
Whoever is charging the manufacturer in return for that advert is scamming them because only in scenario D is there a chance of a sale.
That said, given enough people and enough adverts, D can eventually become significant. But that's where the scam against the consumer applies. Because there's a sale that wouldn't have happened without the ad, you're looking at what amounts to coercion. You are convinced to spend money you wouldn't have otherwise. Sure, you get something out of it, but you pretty clearly didn't need it, only want it.
Either way, active advertising (as opposed to passive advertising, where your product and service can be learned about if a consumer wants to know about it, but you're not overtly trying to get in front of eyeballs) is kind of crappy all around.
Re: Craft ads with precision? (Score:2)
It's amazing "advertisers" haven't caught on to this massive systematic fraud yet.
I agree with garbz on this. Instagram put their finger on the scale long time ago, over 7 years, with wrongly targeted ads to drive impression stats up.
Re: (Score:2)
We humans are still at the mentality that tells us that advertisers need to track us in order to better serve us. Just think about how fucking stupid that is. I mean, does this mean that any country's adversary can simply open a business that sells stuff, and now they can legally track citizens of that country? WTF are we doing, people??
Re: Craft ads with precision? (Score:2)
E) "I just bought one, you moron." It's not likely that I will be buying another anytime soon."
Re: (Score:2)
I mean I'd love it if some psychic marketing genius would send me a ads for the cheapest and best product for my needs, including things I didn't realize would be useful to me. Of course the problem is they don't give a shit what I need, all they care is if they can in a cost-effective way convince some easily manipulated idiot to buy their specific product, and they can't even tell that said idiot isn't me.
And even Google, the world's expert on knowing everything about my life and how to find things, can't
Re: (Score:2)
I think there is also E} I'm currently not looking for the product, but may be in the future (even though I may not know that yet) so the company wants to make sure you know they sell the product too.
Re: (Score:2)
Advertising is a scam at both ends.
Too general. No *Online Personalised Advertising* is a scam at both ends. Normal advertising (including non-personalised online ads) are actually highly effective. And for that think normal generic ads like those for Coke. Yeah you may be a coke drinker already, but they aren't going for brand capture, they are trying to remind you that you're thirsty and to sit subconsciously in the back of your brain that you want that sugary goodness.
you're looking at what amounts to coercion
No, generating a want is not coercion. It's unethical in other ways, bu
Re: (Score:2)
Advertising is now and has always been, a tool to reach the minds of females and children. All males loath adverts. I've even seen men stabbing out the speakers that are inside of gas pumps that squawk adverts at you while you're trying to pump your gas. If you want to reach a male mind, you'll have to send in some super sexy young saleswoman.
Re: (Score:2)
LOL. What a dumb comment. I guess females and children really like beer, and power tool ads. Honestly I don't know what is wrong with your brain, but no females and children do not like ads either, and just because someone hates ads doesn't mean they aren't working. They don't exist to influence you on a conscious level. Also I've met females who too are mentally deranged enough to commit property damage.
I don't know what your point is other than trying to prove to the world your mind is one of the most sex
Re: (Score:2)
I don't know any man that watches any adverts, in fact the opposite. Sure, put power tool commercials on the TV, but I can't tell you of a single one, neither can any male that I know. Now, if you're talking about the "today man" and his endless need to be female, sure. He needs mirrors, hair gel, cologne, and all of the items that society deems fit for him to want.
My point is to say that it's feminine to stare into the commercial as if it offers opportunity to improve your life in ways that you haven't
It's The Onus (Score:3)
If Google tracks you using a cookie, the onus is on them to handle that data.
If Google tracks you by asking your browser what your identity is, it puts the onus on you to answer that how you see fit.
The term "Cookie" is written into thousands of laws and other compliance documents already and is regulated. Browser and system fingerprinting is not covered the same way in legal documents and is not heavily regulated, unless you sell the fingerprint data to someone else. In Googles model, there is no need to sell the fingerprint data to anyone. They match ads to your browser and stay the middle man.
From a legal perspective and a liability perspective, this seems like the obvious choice for a firm that wants to deal in advertising.
The question really is, "How can I not be fingerprinted in any meaningful way outside of an IP address?"
--
A hero is someone who understands the responsibility that comes with his freedom. - Bob Dylan
Re: (Score:2)
Re: (Score:3)
The bulk of fingerprinting comes from browser data, and especially from the HTML Canvas element, but if you're using an App or signing in then they obviously already have you tracked with a unique ID. The problem that trackers like Google face is that with NAT a LOT of eyeballs can be behind a single IP, and even if you have a static IP for your property, they still want to get down to the level of ind
Re: (Score:3)
>"Paging Brave (that already does some of this), Mozilla, Opera, et al..."
I think you mean "Paging Mozilla", essentially. Since all the others are already Chrom* and it is quite possible they won't be able to effectively combat all of it while keeping their innards compatible/secure/upgradable.
Mozilla will have none of those issues with Firefox. One of many, many reasons we shouldn't have everyone using what is essentially the same monoculture browser, especially one under control of an advertising gia
Re: (Score:1)
Strangely many people don't think it's a significant privacy issue. Guess they lack imagination and knowledge.
For example devices in the same vehicle or on the same table might experience similar "motions".
There's also the payment handler stuff.
Re: It's The Onus (Score:2)
Re: (Score:2)
Identifying the browser instead of identifying the person as a way to get around the GPDR is something that I think will get google into a lot of trouble eventually.
Google gets the middle finger... (Score:2)
Re:Google gets the middle finger... (Score:5, Insightful)
>"Up theirs !"
And that starts by using and promoting Firefox. Doesn't end there, however, but it is a decent start.
Re: (Score:2)
>"And that starts by using and promoting Firefox. Doesn't end there, however, but it is a decent start."
Reply to self... Not only because Firefox isn't Chrom*, Firefox also has some built-in anti-fingerprinting.
More information:
https://www.mozilla.org/en-US/... [mozilla.org]
https://support.mozilla.org/en... [mozilla.org]
If you are really paranoid, there are also some additional helpful Firefox Addons (none of which I use or am endorsing):
https://addons.mozilla.org/en-... [mozilla.org]
https://addons.mozilla.org/en-... [mozilla.org]
https://addons.mozilla.org/en [mozilla.org]
I'll fool them (Score:4, Funny)
(puts on rubber gloves before touching the keyboard)
Re: (Score:2)
People, born without fingerprints, are lucky for this!
Alternative browsers (Score:2)
somebody needs to start selling android phones without an umbilical cord to google & google playstore, F-Droid would be plenty good for me
Nowhere to escape (Score:3)
Not tracking, period. (Score:1)
Cambridge Analytica and Facebook Deja Vu (Score:4, Interesting)
That soft sells it, because over the last decade Google has moved to control all the data within it's massive ecosystem.
They forced all sites to go https. Which on the surface was great for security, but it ultimately:
So was it about security or making money and controlling all the data?
GA4
AMP
SERPs
Third party cookies:
o I still believe this is all about eliminating Affiliate programs. Attribution dies if 3rd party cookies die.
So to me, the fingerprinting stuff is old hat and par-for-the-course with Google.
They already have:
The only thing new here is that again they want to sell your fingerprint to advertisers. Deja vu: smells like Cambridge Analytica and Facebook all-over-again.
Isn't the GDPR the big no-no to this? (Score:2)
IIRC (European here) this is the exact stuff the EU GDPR was implemented against. If Google really does this, they should expect to be fined for a bazillion Euros, no?