Google Wants to Track Your Digital Fingerprints Again (mashable.com) 38
Google is reintroducing "digital fingerprinting" in five weeks, reports Mashable, describing it as "a data collection process that ingests all of your online signals (from IP address to complex browser information) and pinpoints unique users or devices." Or, to put it another way, Google "is tracking your online behavior in the name of advertising."
The UK's Information Commissioner's Office called Google's decision "irresponsible": it is likely to reduce people's choice and control over how their information is collected. The change to Google's policy means that fingerprinting could now replace the functions of third-party cookies... Google itself has previously said that fingerprinting does not meet users' expectations for privacy, as users cannot easily consent to it as they would cookies. This in turn means they cannot control how their information is collected. To quote Google's own position on fingerprinting from 2019: "We think this subverts user choice and is wrong...." When the new policy comes into force on 16 February 2025, organisations using Google's advertising technology will be able to deploy fingerprinting without being in breach of Google's own policies. Given Google's position and scale in the online advertising ecosystem, this is significant.
Their post ends with a warning that those hoping to use fingerprinting for advertising "will need to demonstrate how they are complying with the requirements of data protection law. These include providing users with transparency, securing freely-given consent, ensuring fair processing and upholding information rights such as the right to erasure."
But security and privacy researcher Lukasz Olejnik asks if Google's move is the biggest privacy erosion in 10 years.... Could this mark the end of nearly a decade of progress in internet and web privacy? It would be unfortunate if the newly developing AI economy started from a decrease of privacy and data protection standards. Some analysts or observers might then be inclined to wonder whether this approach to privacy online might signal similar attitudes in other future Google products, like AI... The shift is rather drastic. Where clear restrictions once existed, the new policy removes the prohibition (so allows such uses) and now only requires disclosure... [I]f the ICO's claims about Google sharing IP addresses within the adtech ecosystem are accurate, this represents a significant policy shift with critical implications for privacy, trust, and the integrity of previously proposed Privacy Sandbox initiatives.
Their post includes a disturbing thought. "Reversing the stance on fingerprinting could open the door to further data collection, including to crafting dynamic, generative AI-powered ads tailored with huge precision. Indeed, such applications would require new data..."
Thanks to long-time Slashdot reader sinij for sharing the news.
The UK's Information Commissioner's Office called Google's decision "irresponsible": it is likely to reduce people's choice and control over how their information is collected. The change to Google's policy means that fingerprinting could now replace the functions of third-party cookies... Google itself has previously said that fingerprinting does not meet users' expectations for privacy, as users cannot easily consent to it as they would cookies. This in turn means they cannot control how their information is collected. To quote Google's own position on fingerprinting from 2019: "We think this subverts user choice and is wrong...." When the new policy comes into force on 16 February 2025, organisations using Google's advertising technology will be able to deploy fingerprinting without being in breach of Google's own policies. Given Google's position and scale in the online advertising ecosystem, this is significant.
Their post ends with a warning that those hoping to use fingerprinting for advertising "will need to demonstrate how they are complying with the requirements of data protection law. These include providing users with transparency, securing freely-given consent, ensuring fair processing and upholding information rights such as the right to erasure."
But security and privacy researcher Lukasz Olejnik asks if Google's move is the biggest privacy erosion in 10 years.... Could this mark the end of nearly a decade of progress in internet and web privacy? It would be unfortunate if the newly developing AI economy started from a decrease of privacy and data protection standards. Some analysts or observers might then be inclined to wonder whether this approach to privacy online might signal similar attitudes in other future Google products, like AI... The shift is rather drastic. Where clear restrictions once existed, the new policy removes the prohibition (so allows such uses) and now only requires disclosure... [I]f the ICO's claims about Google sharing IP addresses within the adtech ecosystem are accurate, this represents a significant policy shift with critical implications for privacy, trust, and the integrity of previously proposed Privacy Sandbox initiatives.
Their post includes a disturbing thought. "Reversing the stance on fingerprinting could open the door to further data collection, including to crafting dynamic, generative AI-powered ads tailored with huge precision. Indeed, such applications would require new data..."
Thanks to long-time Slashdot reader sinij for sharing the news.
And this is why... (Score:2, Interesting)
Re: (Score:2)
I have a pihole that I route all requests through, use firefox with ublock origin. Is there anything else I can do to prevent these parasites from tracking me?
Re:And this is why... (Score:5, Informative)
In the 66 page suit and in later news articles, Oracles methods are revealed. They use tracking pixels, which are impossible to avoid
These data harvesting practices are largely invisible to most internet users. Tracking pixels are intentionally unobtrusive. They are embedded in digital platforms as almost invisible transparent 1x1 pixel png file thereby inextricably subjecting users to having their online activities monitored.
Some of the tracking tools, such as pixel trackers, are unavoidable because unlike cookies, they cannot be disabled. Oracle’s cookies and tracking pixels are pervasive throughout the Internet. Oracle has agreements with numerous high-traffic websites like the New York Times, ESPN, and Amazon to place cookies and/or pixels on their websites. By blanketing popular websites with these tracking tools, Oracle reaches a substantial percentage of Internet users—Oracle cookies are found on over 20 percent of the top 10,000 websites and more than 48 thousand websites. https://www.linkedin.com/pulse... [linkedin.com]
Its only going to get worse. Google is apparently playing catch up. "Ellison Declares Oracle 'All In' On AI Mass Surveillance" https://developers.slashdot.or... [slashdot.org]
Ellison made the comments near the end of an hour-long chat at the Oracle financial analyst meeting last week during a question and answer session in which he painted Oracle as the AI infrastructure player to beat in light of its recent deals with AWS and Microsoft. Many companies, Ellison touted, build AI models at Oracle because of its "unique networking architecture," which dates back to the database era. "Citizens will be on their best behavior because we're constantly recording and reporting," Ellison added, though it's not clear what he sees as the source of those recordings - police body cams or publicly placed security cameras. "There are so many opportunities to exploit AI," he said.
You might get some idea of how easily you are tracked by seeing how unique your browser trail is. Unless you use common software and settings, most of us will probably stand out. Here's a site to check your browser fingerprint https://www.amiunique.org/ [amiunique.org]
Re: (Score:1)
From that site:
"we will collect your browser fingerprint and we will put a cookie on your browser for a period of 4 months."
Thanks. No thanks.
Re: (Score:2)
They use tracking pixels, which are impossible to avoid
Delete cache early and often.
Re: (Score:3)
Hosting the cache on a tmpfs mount works quite well with firefox.
Sadly, Ubuntu's decision to force flatpak use for firefox makes this much more difficult to do on platform's based on the distro, but not impossible.
They seem to go out of their way to force the flatpak version's priority as well, sometimes even reverting the priority you set when you install the package manager PPA version direct from Mozilla.
It is at least, still possible to do. Just set it to something reasonable, and let the cache get nuk
Re: (Score:2)
>"Sadly, Ubuntu's decision to force flatpak use for firefox makes this much more difficult to do"
Which is one of the many reasons you should use Linux Mint instead of Ubuntu. Get all of the advantages of Ubuntu with little of the suckiness.
That said, you can use Mint's Firefox package under Ubuntu if you wish. Or you can use Mozilla's pre-built Firefox binaries.
https://9to5linux.com/how-to-i... [9to5linux.com]
Re:And this is why... (Score:4, Informative)
Tracking pixels are trivial to block and Firefox blocks most of them if you set tracking protection to strict.
Re: (Score:3)
>> tracking pixels, which are impossible to avoid
Not sure that is correct. I use the Brave browser and the NoScript extension, I think they catch tracking pixels.
https://brave.com/privacy-feat... [brave.com]
You insensitive clod! (Score:2)
Some of the tracking tools, such as pixel trackers, are unavoidable because unlike cookies, they cannot be disabled.
I use the lynx browser. It doesn't know what to do with pixels.
Re:And this is why... (Score:5, Interesting)
A bit of a random list, feel free to explain why each option actually makes things worse, which is probably true in some cases with some trackers.
* Be aware that the more you do the more risk that you stand out each of the things below can probably be used as an identifying bit in a fingerprint
* Route all your traffic through a VPN or system like Tor so that it is grouped with other people's traffic, but be aware that even nastier people spy on those
* Run against a browser fingerprinting site to understand what information you are giving away
* Ensure you are using a browser which enforces HTTPS (now pretty much standard)
* Live in the EU so that you are covered by the GDPR and then use it's opt-out possibilities for "legitimate interest" tracking
* Consider an extension like Ghostery which automatically opts you of tracking
* invest time in understanding Ublock Origin's options and ensure that you block as many tracking sites as you can whilst trying not to stand out
* Vote for politicians who are trying to fix this.
* If you are technically adept, get in touch with your local politicians and volunteer to support them in understanding.
It's important to know that, without cookies your computer can provide plenty of tracking information - IP address + TCP stack identification (active or Passive) + cookie rejection options + window size + fonts available is already lots.
My impression is that even the anti-tracking groups like the EFF have really not understood this properly and tried hard enough. Some of them are even compromised. Still, it's something we really really can't afford to give up on.
Re: And this is why... (Score:2)
Time to assemble a whitelist - Internet Archive, Wikipedia, my bank, Slashdot and a couple of other forums and blogs I visit.
Re: And this is why... (Score:3)
The ICO requires cookies FFS! (Score:3, Insightful)
https://ico.org.uk
Re: (Score:2)
The ICO also decided that "pay or okay" is fine, which is where a site demands you either pay or take tracking.
Re: (Score:2)
What is the argument that "pay or okay" is not fine? That companies should be legally obligated to provide significant web services to the global public for free?
Craft ads with precision? (Score:5, Interesting)
I keep hearing about this "precision". Google has been talking about targeting relevant ads to people for 2 decades now. Yet still all I get over and over again are ads for products I already have, or ads for products I'm not actually interested in.
Buy a new camera from Nikon, get an advert for a Sony camera. What are they going for? Hoping I have buyers remorse and return the product?
Google's targeted ads are my favourite kind of ads. They are useless and don't influence my purchase because they come too late.
Re:Craft ads with precision? (Score:5, Interesting)
I keep hearing about this "precision". Google has been talking about targeting relevant ads to people for 2 decades now. Yet still all I get over and over again are ads for products I already have, or ads for products I'm not actually interested in.
Buy a new camera from Nikon, get an advert for a Sony camera. What are they going for? Hoping I have buyers remorse and return the product?
Google's targeted ads are my favourite kind of ads. They are useless and don't influence my purchase because they come too late.
Advertising is a scam at both ends.
The scam you're seeing is the scam on advertisers. For any given ad, there are a few possibilities. A} I am not interested in the product. B} I am interested in the product but can't afford it. C} I am interested in the product but won't dedicate my disposable income to it. D} I am interested in the product, can afford it, am willing to dedicate my disposable income to it, and for some strange reason haven't yet.
Whoever is charging the manufacturer in return for that advert is scamming them because only in scenario D is there a chance of a sale.
That said, given enough people and enough adverts, D can eventually become significant. But that's where the scam against the consumer applies. Because there's a sale that wouldn't have happened without the ad, you're looking at what amounts to coercion. You are convinced to spend money you wouldn't have otherwise. Sure, you get something out of it, but you pretty clearly didn't need it, only want it.
Either way, active advertising (as opposed to passive advertising, where your product and service can be learned about if a consumer wants to know about it, but you're not overtly trying to get in front of eyeballs) is kind of crappy all around.
Re: Craft ads with precision? (Score:2)
It's amazing "advertisers" haven't caught on to this massive systematic fraud yet.
I agree with garbz on this. Instagram put their finger on the scale long time ago, over 7 years, with wrongly targeted ads to drive impression stats up.
Re: Craft ads with precision? (Score:2)
E) "I just bought one, you moron." It's not likely that I will be buying another anytime soon."
It's The Onus (Score:3)
If Google tracks you using a cookie, the onus is on them to handle that data.
If Google tracks you by asking your browser what your identity is, it puts the onus on you to answer that how you see fit.
The term "Cookie" is written into thousands of laws and other compliance documents already and is regulated. Browser and system fingerprinting is not covered the same way in legal documents and is not heavily regulated, unless you sell the fingerprint data to someone else. In Googles model, there is no need to sell the fingerprint data to anyone. They match ads to your browser and stay the middle man.
From a legal perspective and a liability perspective, this seems like the obvious choice for a firm that wants to deal in advertising.
The question really is, "How can I not be fingerprinted in any meaningful way outside of an IP address?"
--
A hero is someone who understands the responsibility that comes with his freedom. - Bob Dylan
Re: (Score:2)
Re: (Score:3)
The bulk of fingerprinting comes from browser data, and especially from the HTML Canvas element, but if you're using an App or signing in then they obviously already have you tracked with a unique ID. The problem that trackers like Google face is that with NAT a LOT of eyeballs can be behind a single IP, and even if you have a static IP for your property, they still want to get down to the level of ind
Re: (Score:3)
>"Paging Brave (that already does some of this), Mozilla, Opera, et al..."
I think you mean "Paging Mozilla", essentially. Since all the others are already Chrom* and it is quite possible they won't be able to effectively combat all of it while keeping their innards compatible/secure/upgradable.
Mozilla will have none of those issues with Firefox. One of many, many reasons we shouldn't have everyone using what is essentially the same monoculture browser, especially one under control of an advertising gia
Re: (Score:1)
Strangely many people don't think it's a significant privacy issue. Guess they lack imagination and knowledge.
For example devices in the same vehicle or on the same table might experience similar "motions".
There's also the payment handler stuff.
Re: It's The Onus (Score:2)
Re: (Score:2)
Identifying the browser instead of identifying the person as a way to get around the GPDR is something that I think will get google into a lot of trouble eventually.
Google gets the middle finger... (Score:2)
Re:Google gets the middle finger... (Score:5, Insightful)
>"Up theirs !"
And that starts by using and promoting Firefox. Doesn't end there, however, but it is a decent start.
Re: (Score:2)
>"And that starts by using and promoting Firefox. Doesn't end there, however, but it is a decent start."
Reply to self... Not only because Firefox isn't Chrom*, Firefox also has some built-in anti-fingerprinting.
More information:
https://www.mozilla.org/en-US/... [mozilla.org]
https://support.mozilla.org/en... [mozilla.org]
If you are really paranoid, there are also some additional helpful Firefox Addons (none of which I use or am endorsing):
https://addons.mozilla.org/en-... [mozilla.org]
https://addons.mozilla.org/en-... [mozilla.org]
https://addons.mozilla.org/en [mozilla.org]
I'll fool them (Score:4, Funny)
(puts on rubber gloves before touching the keyboard)
Alternative browsers (Score:2)
somebody needs to start selling android phones without an umbilical cord to google & google playstore, F-Droid would be plenty good for me
Nowhere to escape (Score:3)
Not tracking, period. (Score:1)
Cambridge Analytica and Facebook Deja Vu (Score:1)
That soft sells it, because over the last decade Google has moved to control all the data within it's massive ecosystem.
They forced all sites to go https. Which on the surface was great for security, but it ultimately: