alternative_right shares a report from 404 Media: An independent privacy audit of Microsoft, Meta, and Google web traffic in California found that the companies may be violating state regulations and racking up billions in fines. According to the audit from privacy search engine webXray, 55 percent ...
  • FineCoatMummy@sh.itjust.worksEnglish
    0·
    7 hours ago

    Article talks about cookies still being set when user opts out of those.

    That’s bad, sure. But TBH I worry so much more about fingerprinting. Cookies, easy to delete in your browser, easy to block. Fingerprinting is done behind the scenes on the server, you can’t block their attempt to. There are “resist fingerprinting” options in some browsers now like firefox, but limited in effect, and much of the fingerpinting is not even something the browser can stop. Things like TLS fingerprints, or exact timings between your system making a request, and the serving system. Or things you can spoof but which cause problems if you do. Even Tor Browser doesn’t spoof some of those things b/c it causes problems to do.

    The identity broker companies have a massive financial incentive, and they employ very smart data scientists. Even “opting out” of cookies, I think it’s about 0% chance we have any way to opt out of these behind the scene techniques they use. They will use every shitty weasely trick in the book like the slimeweasels they are.

    • Pika@sh.itjust.worksEnglish
      0·
      6 hours ago

      Honestly. I think if tracking is disabled it should do the following:

      • anything screen dimension related including available height/width -> blocked (realistically java-script should never need to disclose this information outside of an internal function anyway)
      • User Agent: generalized (this usually already is the case)
      • Cookie status: kept the same as needed for functionality.
      • addon/plugin info: blocked
      • buildID: blocked
      • hardware concurrently: generalized instead of a set number (low end being < 4 middle being < 12 high anything else)
      • any hardware characteristics(such as gyro, battery state, etc) -> request for permission by default

      Like there are many steps that can be done to help mitigate fingerprinting, its just getting vendors to actually do it.

      being said I had never known about the TLS fingerprinting option, I generally don’t see that shown on the fingerprint detector sites, that’s interesting.