[HN Gopher] Chrome is entrenching third-party cookies that will ...
___________________________________________________________________
Chrome is entrenching third-party cookies that will mislead users
Author : NayamAmarshe
Score : 244 points
Date : 2024-08-29 14:53 UTC (8 hours ago)
(HTM) web link (brave.com)
(TXT) w3m dump (brave.com)
| namdnay wrote:
| > and even after third-party cookies have been deprecated in
| Chrome
|
| apparently this was written a few weeks ago :)
| pimlottc wrote:
| Care to explain?
| Etheryte wrote:
| Chrome backtracked on the decision, they won't be blocking
| third-party cookies. There were a number of articles and a
| fair bit of discussion about it at the time, see e.g. [0] and
| [1].
|
| [0] https://news.ycombinator.com/item?id=41038586
|
| [1] https://www.theverge.com/2024/7/22/24203893/google-
| cookie-tr...
| IX-103 wrote:
| It's complicated. Chrome won't block 3rd party cookies _by
| default_. But it will present the users with a choice of
| whether to block them (with what exactly that means TBD).
| If most or all users choose to block them then it would
| have roughly the same effect as blocking third party
| cookies by default would.
|
| Though regardless of that, Related web sites (or whatever
| that set is currently called) does present a hole in that
| logic. It was originally meant to allow sites with
| different domains to share cookies/storage (like google.com
| and google.co.uk). From what it sounds like, bad actors are
| using it in the expected ways. There were supposed to be
| mechanisms to prevent this, but it seems like they failed
| in this case.
|
| The list is in a public repository however, so Brave
| _could_ have filled issues and a pull request to address
| the issue. Instead they decided to stage a meaningless
| survey and declare Chrome a threat to people everywhere.
| dwighttk wrote:
| >If most or all users choose to block them then it would
| have roughly the same effect as blocking third party
| cookies by default would.
|
| Sure but most won't unless the "go away now" button is
| "block" which I'm guessing Google wouldn't do.
| jeroenhd wrote:
| Google wanted to (that's why they created stuff like
| FLoC) but other advertisers didn't like that and went to
| the market authority. They demanded the ability to track
| users, arguing that the system would give Google an
| unfair advantage.
|
| After years of back and forth, Google abandoned their
| efforts. You can still disable third party cookies, in
| fact I don't think there's been a version of Chrome that
| doesn't let you block them. Go to your settings and set
| "third part cookies" to always be blocked. By default,
| grouped sites may be permitted to read each other's
| cookies, but you can disable that too.
|
| The problem Google faces is changing the default, simply
| blocking third party cookie has never been an issue.
| riku_iki wrote:
| > and went to the market authority
|
| its interesting that authority is in UK, but they pushed
| Google to abandon effort globally.
| jsnell wrote:
| Authorities in the US, EU and (IIRC) Japan had expressed
| anti-trust concerns (threats?) about the original plan.
| The UK CMA is the only one of those that had a formal
| complaint, and thus ended up with a veto right on the new
| design.
| svieira wrote:
| > We conducted a user study with 30 Web users, recruited over
| social media, and presented them each with 20 pairs of websites.
| Website pairs were randomly selected from both the Related
| Website Sets list (i.e., sites Google designates as "related",
| and so warranting reduced privacy protections), and the Tranco
| list of popular websites. Each user was presented with different
| pairs of websites, asked to view the sites, and then decide if
| they thought the two sites were operated by the same
| organization. This resulted in 430 determinations of whether
| unique pairs of websites were related.
|
| > In our study, the large majority of users (~73%) made at least
| one incorrect determination of whether two sites were related to
| each other, and almost half (~42%) of the determinations made
| during the study (i.e., all determinations from all users) were
| incorrect. Most concerning, of the cases where both sites were
| related (according to the RWS feature), users guessed that the
| sites were unrelated ~37% of the time, meaning that users would
| have thought Chrome was protecting them when it was not.
|
| > ... We conclude from this that the premise underlying RWS is
| fundamentally incorrect; Web users are (understandably,
| predictably) not able to accurately determine whether two sites
| are owned by the same organization. And as a result, RWS is
| reintroducing exactly the kinds of privacy harms that third-party
| cookies cause.
|
| > Lest anyone judge the study participants for being uninformed,
| or not taking the study seriously, consider for yourself: which
| of the following pairs of sites are related?
|
| 1. hindustantimes.com and healthshots.com
|
| 2. vwo.com and wingify.com
|
| 3. economictimes.com and cricbuzz.com
|
| 4. indiatoday.in and timesofindia.com
|
| > (For the above quiz, if you chose "4", then, unfortunately that
| is incorrect. That is in fact the only pair of the four that
| isn't considered "related" to each other.)
| nsagent wrote:
| If anything it sounds like "related" is not what they are
| actually doing. Rather they are looking at ways to uniquely
| fingerprint users through optimizing how they split "related"
| sites.
|
| Reminds me of the research that shows that 87% of people in the
| US can be uniquely identified with only three pieces of
| information: date of birth, gender, and zip code [1].
|
| [1]:
| https://dataprivacylab.org/projects/identifiability/paper1.p...
| dwighttk wrote:
| That seems to be saying it is extremely likely that the only
| other person in my zip code that shares my birthdate is
| opposite gender
| aftbit wrote:
| That sounds like a pitch for one of those "singles near
| you" apps. Find hot women in your area who share your
| birthdate!
| alwa wrote:
| Only 50% of the time, but that's 50% better of a guess than
| you'd make without knowing gender.
|
| ZIP codes contain maybe 40K residents [0] (many contain
| fewer) and there have been around 25K days in the last 70
| years. Sure births are not evenly distributed, but still...
|
| [0] https://www.unitedstateszipcodes.org/images/comparison-
| of-po...
| paulmd wrote:
| statistically, 50% chance, innit?
| dwighttk wrote:
| OP seems to claim 13% same / 87% opposite
| jsnell wrote:
| I don't think you can make that conclusion.
|
| I think you're making the assumption that all three data
| points are needed for all 87%. But obviously some people
| can be uniquely identified based on just {zip, date or
| birth}, such that gender isn't necessary.
|
| So the distribution could e.g. be 8% same, 8% opposite,
| 5% both, 79% neither, and explain the original numbers
| without triggering the paradox.
| Yawrehto wrote:
| Really? That's odd. The typical zip code has a population of
| about ~9000. Dates of birth are about evenly distributed, so
| you'd still get about 24 people/birthday, or around 12 men or
| women per birthday per zip code.. I might be off by a fair
| amount in either direction, but I don't think I'd be twelve
| times off.
| snowwrestler wrote:
| Dates of birth are not evenly distributed.
|
| To clarify: your date of birth includes the year. It's more
| specific than your birthday, which we usually think of as
| just day & month.
| Terr_ wrote:
| Also, the difficulty of identifying someone probably
| looks like a power-law curve, meaning that most of the
| "total difficulty" is concentrated in a small group, the
| ~13% that can't be identified.
|
| In other words, even if one person is extraordinarily
| tricky to find [0], their share of the total un-findable-
| ness does not diffuse outwards to help anybody else.
|
| [0] http://tailsteak.com/archive.php?num=433
| meindnoch wrote:
| birthday != date of birth
| tomschwiha wrote:
| 1) Shares the same company name in the About us 2 & 3) Same
| company name in the privacy declaration 4) timesofindia.com
| belongs to the 3) company
|
| timesofindia.com also redirected me on tabbing out to a "you
| won a free Samsung phone". Shady.
| tomschwiha wrote:
| Tried also to ask ChatGPT (4o) and it got it right on first
| attempt.
| hashtag-til wrote:
| Does this affect non Chrome users?
| judah wrote:
| It's a proposed web standard, so ultimately yes, it could
| affect other browsers in the long run. And it would almost
| certainly affect other Chromium-based browsers.
| IX-103 wrote:
| Only other chromium web browsers that enable that feature.
| Safari and Firefox already said they're not implementing the
| feature, so unless they change their mind it's not going
| anywhere.
| tomComb wrote:
| As if brave were a good or objective source for this topic.
| neilv wrote:
| Do you mean that Brave is a competitor, or something else?
| TylerE wrote:
| Both a competitor AND a history of operating in, to be
| polite, less than good faith.
| nicce wrote:
| As a competitor, let's add that they are ad company too.
| hapless wrote:
| Obviously they have a commercial incentive to complain about
| Chrome, but that doesn't make their complaint untrue
| cabbageicefruit wrote:
| Damn. If there was ever any doubt about why you should get off
| chrome, this seems to put an end to that.
| JonChesterfield wrote:
| Shed a tear for the Firefox that could have been
| rectang wrote:
| Firefox is still working great for me, and I intend to keep
| using it for the foreseeable future.
|
| I don't know what it might take for people to migrate away
| from Chrome en masse, but the alternative is there.
| nicce wrote:
| Mozilla is slowly turning to ad company too. Let's see what
| future brings us.
| delfinom wrote:
| I mean...they have to fund operations somehow. There's no
| money in pure open source in today's society.
| devrand wrote:
| And the recent antitrust ruling against Google might see
| Mozilla lose like 80% of their revenue...
| squarefoot wrote:
| A sane company would then give the boot to their overpaid
| CEO and hire back talented developers.
|
| https://lunduke.locals.com/post/5053290/mozilla-2023-annu
| al-...
| pndy wrote:
| Mozilla has a range of different priorities now and most
| of these do not revolve around the flagship project which
| Firefox should be.
|
| ---
|
| I remember reading news in 2005 saying that Mozilla has
| established its Corporation subsidiary - and I had a bad
| feelings about it at that time. And years later we can
| see the effects - what's the revenue, how browsers market
| share looks like. Now, every time I'm reading that
| project, foundation xyz is creating _" for profit"_
| branch, subsidiary I know that this most likely won't end
| well. Profits will go over users needs, wishes each time
| and those at the project will change as well. It's like a
| magic wand appears and turns open-minded contributors
| into some mindless corporate drones with an arrogant
| attitude.
|
| I want to still like Firefox but in last 14 years Mozilla
| managed to _seriously_ deteriorate trust in its
| capabilities of handling their main product. And I also
| cannot fathom how they managed to screw up promotion of
| the browser and let Google dominate the market. That didn
| 't happen overnight but Google at some point started to
| bundle their browser as "additional offer" in almost
| every software installer for Windows, while Mozilla did
| nothing similar.
| kitkat_new wrote:
| I look forward to Verso
|
| https://news.ycombinator.com/item?id=41215727
| kevwil wrote:
| Firefox is usually great for me, but with Chromium-based
| browsers having such a massive market share monopoly I do
| occasionally find a website that doesn't work properly on
| Firefox. But, I will stick with Firefox as long as
| possible.
| raybb wrote:
| Do you have any recent examples? It's more often I see
| websites that claim they don't work with firefox but
| actually do if you change your user agent.
| EasyMark wrote:
| Yeah I keep hearing this but it never pans out, seems
| like in my experience a lot of people don't know they
| might have to turn off an extension or two (ublock,
| built-in trackers, etc) to get a website to work.
| paulryanrogers wrote:
| YouTube, FreshDesk, Google TV (sharing from Firefox)
| JohnFen wrote:
| I certainly do. That said, I struggle to find another browser
| that's any better and most are worse. So I accept Firefox as
| the lesser evil.
| Filligree wrote:
| Safari. That's the only browser I really use.
| JohnFen wrote:
| That's not an option unless you're an Apple user, though.
| reaperducer wrote:
| I can't say what it's like on Linux or Windows, but the
| Duck browser is pretty good. It's my second choice.
|
| On Macs and iOS, and iPadOS, it's clunkier than Safari,
| but less clunky than Firefox.
|
| Perhaps the Windows experience is similar.
| heraldgeezer wrote:
| Just use Firefox... No need for more Chromeium forks.
| Timwi wrote:
| What does "clunky" even mean in this context?
| kevwil wrote:
| With the massive tide of browsers converting to Chromium
| under the hood, I wonder how long Apple can hold out.
| Fingers crossed they keep allocating budget for it.
| FractalHQ wrote:
| Brave browser is such an obvious win for me... chrome +
| privacy. None of the bugs and missing features that come
| with Safari or Firefox.
| JohnFen wrote:
| That's what I used for a year or so before switching back
| to Firefox. It's OK, but doesn't come as close to meeting
| my needs as Firefox does.
| anderber wrote:
| Curious about what needs you had that Brave didn't fill?
| sundarurfriend wrote:
| Not your parent commenter but I love Firefox more after
| discovering that you can't even customize the toolbar
| buttons in Brave. That's such a basic functionality that
| I'd taken for granted, until I tried to move out of
| Firefox for a brief time.
| echelon wrote:
| Forget Firefox as a fix. Call your legislators and explain
| this Google Chrome funny business to them.
| johnmaguire wrote:
| Why swim upstream?
| heraldgeezer wrote:
| Firefox Nightly just got official vertical tabs. It is also
| just as fast as Chrome now, subjectively just browsing
| around.
|
| No issues with Google services like Youtube (I'm an addict)
|
| I keep Chrome installed just in case, and Edge due to being
| on Windows.
| kevwil wrote:
| I'm concerned that if Google ever stopped paying Mozilla to
| be the default search engine in Firefox, Mozilla would not be
| able to afford continued development on Firefox.
| EasyMark wrote:
| Kind of wondering what you're talking about here? Firefox
| still works great for me, did I miss something in the news?
| pennybanks wrote:
| right but at least google will tell you.
|
| brave a lot more shady and just wont say anything or let you
| opt out. many examples in the past. imagine if they were
| anywhere near a quarter of googles size it wouldnt be pretty
| imo.
| arktos_ wrote:
| the only two browsers, Chrome and Brave
| pennybanks wrote:
| i mean theres really only 2 relevant ones and the other one
| is because its owned by the most popular phone manufacture
| and is the only option. ofc we can use anything we want but
| in terms of real world relevance. and i guess the other one
| is forced by the most popular OS.
| malfist wrote:
| That doesn't make a bit of sense. There's plenty of
| browsers, there's chrome, brave, firefox, opera, edge and
| safari, those are the big ones. There's also a ton of
| spinoffs like ice weasel or that browser Kagi is developing
| that I can't remember the name of.
|
| Way more than just two chromium browsers in existence.
| bloopernova wrote:
| Orion, based upon Safari.
|
| https://kagi.com/orion/
| notpushkin wrote:
| Could you elaborate?
| pennybanks wrote:
| vpn incident for one and their refusal the change initially
| or admit any wrong doing which i mean is the theme for
| every controversy they go through
| Vinnl wrote:
| I wouldn't count the Privacy Sandbox doublespeak as "telling
| you". Brave is not my browser, but it seems completely
| unjustified to just put them on the same (or even lower)
| level as Chrome.
| bad_user wrote:
| This is wrong.
|
| All settings in Brave with an impact on user privacy are opt-
| in. They even inform you of their product metrics, when you
| first start it, despite having a paper on how they anonymize
| that data. Versus Firefox, which never bothered. Firefox,
| which also added metrics for ads, similar with Privacy
| Sandbox, without informing users.
|
| I've never seen a browser with such a strong focus on
| privacy, the only contender it has being LibreWolf.
|
| The hate against Brave on this forum is completely
| unjustified and based on falsehoods, as if the issue isn't
| about Brave itself.
| johnmaguire wrote:
| > Brave has received negative press for diverting ad
| revenue from websites to itself,[30] collecting unsolicited
| donations for content creators without their consent,[43]
| suggesting affiliate links in the address bar[49] and
| installing a paid VPN service without the user's
| consent.[58]
|
| These are the primary issues I hear about regarding Brave
| on this forum.
|
| It's also founded by Brendan Eich who was forced out of
| Mozilla for his strong and vocal opposition of same-sex
| marriage. I tend to be a bit idealistic, but this is a
| strong reason for me to avoid Brave, especially when they
| are injecting content into pages.
| ToValueFunfetti wrote:
| Not that it makes him any less opposed to same-sex
| marriage, but I think 'vocal' is very much not the right
| word here. The only quotes I can find from him on the
| subject are him saying he's not going to talk about it.
| hnpolicestate wrote:
| This goes both ways for people. I switched from Mozilla
| to Brave when the latter first released because to me
| Mozilla's political positions seem at odds with an
| uncensored and privacy focused browser. I actually
| support universal marriage equality but don't consider it
| relevant to why I would choose a browser.
|
| I can't remember all of the details but Mozilla made a
| blog post regarding 1/6 and their commentary didn't align
| with a browser that would try and protect users from
| state, NGO and "just research" edu adversaries.
| FMecha wrote:
| Also, BAT being a cryptocurrency already turns off people
| who aren't fan of crypto.
| morkalork wrote:
| Nah, borking adblockers was the bridge too far. This is just
| salt in the wound.
| rachofsunshine wrote:
| They can have my uMatrix Firefox when they pry it from my
| cold, dead app list!
| nashashmi wrote:
| I always thought that rws was built in with cross site scripting
| declarations
| acheron wrote:
| Padme: So then Brave isn't going to be based on Chrome anymore,
| right?
| topspin wrote:
| Brave is a Chromium derivative, not Chrome. Can't imagine why
| any of this would imply they would need to stop deriving
| Chromium: they can develop and deploy whatever cookie policies
| and defaults they want.
| fabrice_d wrote:
| At this point they likely have no choice but to keep building
| on a chromium base. However the cost of maintaining their
| changes and additions will likely increase.
| topspin wrote:
| I suppose. That is a matter of business model, whereas I
| was addressing purely technical aspects.
|
| I've been using Brave as primary for years. At this point
| I'd pay for a license if it were necessary. Frankly that
| would be an improvement: if it's free, you're the product.
| Brave just monetizes you differently.
|
| I no longer argue with the legion of Brave haters. I've
| decided they're a benefit: the more people that don't use
| Brave the less likely Google et al. will be compelled to
| destroy it.
| nicce wrote:
| > Can't imagine why any of this would imply they would need
| to stop deriving Chromium: they can develop and deploy
| whatever cookie policies and defaults they want.
|
| Maintaining a very diverged fork can take even more work than
| building your own browser. I think they don't want to stop
| receiving upstream updates when the upstream is one of the
| biggest software projects in the world.
| kevwil wrote:
| Not to disagree with you specifically, but this seems a good
| context to make this point:
|
| Maybe I missed the memo that we stopped hating monopolies?
| Every browser worth considering, except Firefox and Safari,
| is based on Chromium. Firefox and Safari make up about 20%
| global market share, meaning Chromium in about 80% [0]. A bug
| in Chromium is a bug in all of them. A backdoor in Chromium
| is a backdoor in all of them. A feature of Chromium, good or
| __bad__, is a feature in all of them. It baffles me that this
| isn't a bigger concern to more people.
|
| [0] https://gs.statcounter.com/browser-market-share
| zamadatix wrote:
| This is one of those situations where "monopoly" is a very
| overloaded word in terms of what it means to different
| people in different situations, causing confusion when it
| gets broken down into specifics.
|
| Most people were never worried, and probably will never be
| worried, with the points you're listing there. That's not
| to say they've stopped hating browser monopolies, just
| maybe not your definition of what a browser monopoly is and
| why it was problematic.
|
| In general (not just browsers) most people treat
| "popularity" and "monopoly" as completely orthogonal
| concepts. I.e. something unpopular can still be a monopoly,
| something with 99% usage can still not be a monopoly.
| EasyMark wrote:
| They have software engineers, I'm sure they plan on just
| turning off that portion of the code and moving on with life
| like they do with so much of chrome engine
| aftbit wrote:
| I know this isn't quite the right place, but can anyone point to
| some research or writeups on the Chrome ad topics stuff? How does
| that impact user privacy? What is shared with third parties? I
| know next to nothing about it at the moment.
| afavour wrote:
| This is a great paper on how it doesn't make reserve privacy in
| the way Google claims it will:
|
| https://arxiv.org/html/2403.19577v1
| pennybanks wrote:
| so do they mention if the old system would be better in
| comparison? cause short of just making you pay to use the
| products i dont know if it can be any worse.
|
| at the end of the day it seems like 90% of people using
| google products dont even care. while some even prefer the
| convivence of some features that directly save your info. not
| sure what percentage that is compared to the people that
| practice a lot privacy.
|
| but shown by the chrome market share google really doesnt
| have to care about this section of users. the fact theyre
| willing to try things is a good sign imo. either way in 2024
| to be complianing about google is funny to me. literally dont
| have to interact or use a google product, they already have
| your information and so does the internet better to not let
| them occupy any of your mind as well
| knallfrosch wrote:
| I don't care because I use Firefox.
| immibis wrote:
| Firefox will either support this or your favorite websites
| won't work so you'll switch to Chrome so they do work.
| kstrauser wrote:
| Unlikely. Love 'em or hate 'em, Apple nudged most
| organizations to handle third party cookie blocking unless
| they wanted to completely lose iPhone users.
|
| "If Google limited 3rd party cookies, we'd go out of
| business!", said the companies who have literally 0 Safari
| users.
| JohnFen wrote:
| > or your favorite websites won't work
|
| If my favorite websites stop working with Firefox, they won't
| be my favorite websites anymore. I'll just stop using them
| instead.
| reaperducer wrote:
| _I 'll just stop using them instead._
|
| Easily said, until it's your bank, or a government entity,
| or the electric company, or any of the thousands of other
| entities that have started blocking Firefox.
|
| Firefox should really camouflage its user agent, or make it
| trivial to do so.
| JohnFen wrote:
| > Easily said, until it's your bank, or a government
| entity, or the electric company
|
| Still easily said, since I don't use the websites for any
| of those things anyway. If it's really important, or
| involves very sensitive personal information, I'm not
| doing it on the web.
|
| > or make it trivial to do so.
|
| There are extensions that make this very trivial.
| jjulius wrote:
| This is my approach, as well. And if I absolutely _had_
| to use their web service? Well, keep the bank in my
| Chrome bookmarks bar, and _only_ go there when I 'm in
| Chrome. Head on back to Firefox when I'm done doing
| whatever it is that I needed to do.
| alyandon wrote:
| My soon-to-be-not-current insurance company.
|
| https://imgur.com/a/7WMuu7c
| EasyMark wrote:
| That's likely just because they don't bother to test at
| all in Firefox, not because they will ban you.
| pornel wrote:
| That's why Firefox needs a userbase too large to ignore.
|
| If the overwhelming majority of users submits to Google,
| then Google has the power to erode privacy for everyone.
| edent wrote:
| I use FF on Android and Linux. I've restricted cookies and
| use an ad-blocker. I browse many popular (and unpopular)
| websites. I can't remember the last one which refused to work
| because I was on Firefox.
| kevwil wrote:
| Or start limiting Internet usage.
| JohnFen wrote:
| That seems the obvious result of this sort of thing.
|
| > Related Website Sets (RWS) is a way for a company to declare
| relationships among sites, so that browsers allow limited third-
| party cookie access for specific purposes.
|
| So the website itself gets to declare other "blessed" domains
| that can bypass third party cookie blocks? Big websites are
| constantly looking for ways to abuse users by bypassing their
| attempts at protecting themselves. How would anyone think these
| sites can be trusted not to abuse this?
| jahewson wrote:
| No, the website itself does not get to declare this. There's a
| master list that they have to submit their site to and go
| through an approval process.
|
| But as the article details, the contents of that preliminary
| list is already disconcerting. The whole "Google as the arbiter
| of all things ads" concept is a bust.
|
| But the alternative isn't great either - today's system of
| third party cookies allows for far worse. We need some better
| ideas.
| callmeal wrote:
| I guess it's time to start blocking /.well-known/related-website-
| set.json
| bradley13 wrote:
| tl;dr: Google is evil. The antitrust measures cannot come soon
| enough.
| codedokode wrote:
| Have been using Firefox for a long time, no issues, though long
| ago when I had little memory, Chrome was using less of it.
| Firefox also has HTTPS-only mode, encrypted DNS without
| fallbacks, supports SOCKS and Encrypted Client Hello (although
| almost no website support it). However, it is better to just buy
| more memory (unless you are lucky to use Apple products).
|
| Regarding analytics, I believe browsers should take user's side
| and do not cooperate with marketing companies; even better, they
| should implement measures to make user tracking and
| fingerprinting more difficult. There is no need to track user's
| browsing history; just make a product better than competitors (so
| that it gets first place in reviews and comparisons) and buy ads
| from influencers.
|
| It would be great if browsers made fingerprinting more difficult,
| i.e.: not allowed to read canvas data, not allowed to read GPU
| name, enumerate audio cards, probe for installed extensions etc.
| Every new web API should guarantee that it doesn't provide more
| fingerprinting data or hides the data behind a permission.
|
| Regarding 3rd party cookies: instead of shady lists like RWS
| browsers should just add a button that allows 3rd party cookies
| as an exception on a legacy website relying on them (which is
| probably not very secure). Although, there is a risk that
| newspaper websites, blog websites and question-answers websites
| will force users to press the button to see the content.
| lcnPylGDnU4H9OF wrote:
| > Every new web API should guarantee that it doesn't provide
| more fingerprinting data or hides the data behind a permission.
|
| FWIW, it's practically impossible to provide that guarantee
| because the API necessarily provides at least the data point
| of, "Did they select an option in the permission notification?"
| ("If yes, what option was selected?" etc.)
|
| It's often said that the only solution to this is regulation
| and there seems to be a good case for that perspective.
| XlA5vEKsMISoIln wrote:
| > API necessarily provides at least the data point of, "Did
| they select an option in the permission notification?"
|
| If a bird app (or, heck, pancake recipe site) asked for
| WebRTC or GPU access I would be rightfully suspicious. It's a
| shame these things don't happen.
| SpaghettiCthulu wrote:
| > FWIW, it's practically impossible to provide that guarantee
| because the API necessarily provides at least the data point
| of, "Did they select an option in the permission
| notification?" ("If yes, what option was selected?" etc.)
|
| Wrong. The status of permissions should not be visible to the
| page in most cases. Instead, fake data should be returned
| from them. That would be practical.
| paulryanrogers wrote:
| I've heard that fake data, like from AdNausium, just
| becomes noise as the advertisers know the patterns to
| filter them out.
|
| Assuming that's true, it seems to waste everyone's time and
| bits to fake it instead of just not answering or a minimal
| denial.
| thescriptkiddie wrote:
| One solution to this is to have the option to feed the
| application fake but plausible data. Android (or maybe some
| Android fork I was using) used to have this option for
| dealing with apps that insist on asking for location
| permission for no reason.
| pndy wrote:
| > Regarding analytics, I believe browsers should take user's
| side and do not cooperate with marketing companies
|
| https://news.ycombinator.com/item?id=40703546 - from 2 months
| ago
| noirscape wrote:
| https://news.ycombinator.com/item?id=40966312 - 20 days ago.
|
| In light of that acquisition, this also seems related.
| Firefox is the best choice but Mozilla is the biggest reason
| why people aren't using it and shit like this doesn't help.
| nine_k wrote:
| BTW I don't understand the anti-tracking absolutism. I don't
| care about being profiled as long as the profile lands me in a
| group of thousands of people like me. Yes, I live in ${CITY},
| identify as ${GEDNER}, am approximately ${AGE_RANGE} years old,
| run ${BROWSER} under set to ${LOCALE}. This does not allow to
| easily harm me. If it allows ad networks to target their ads,
| so be it, uBlock Origin still works well.
|
| But anything more precise would be uncomfortable.
| mbb70 wrote:
| How do you feel about ${INCOME}, ${SEXUAL_PREFERENCE},
| ${RACE}, ${WEIGHT}, ${RELIGION}? Those categories are at
| least as broad as the ones you mentioned and are absolutely
| profiled.
| nine_k wrote:
| Fine enough, if the ranges for each value are wide enough.
| Compare:
|
| - $120-140k, hetero, white, 190-220 lb, broadly Christian.
|
| - $137,500/y, prefers tall redhead females, Irishman
| originally from Cork, 197 lb, observant Catholic.
|
| The first one is too unspecific, while the second could
| suffice to identify a particular person in a neighborhood.
|
| What makes a butter knife safe is not that it's completely
| devoid of an edge, but that its edge is sufficiently blunt.
| factormeta wrote:
| >It would be great if browsers made fingerprinting more
| difficult, i.e.: not allowed to read canvas data, not allowed
| to read GPU name, enumerate audio cards, probe for installed
| extensions etc. Every new web API should guarantee that it
| doesn't provide more fingerprinting data or hides the data
| behind a permission.
|
| This should be what browser maker's #1 focus! Preventing
| fingerprinting of user's browser.
|
| Seems all this cookies talk the news and for policy makers are
| just limited hangouts.
| doo_daa wrote:
| I've tried brave and Firefox on mobile (android) and I've tried
| Safari on MacOs. I still just prefer Chrome, it's just a bit
| better. So I use it with third-party cookies turned off, which is
| easily (and transparently) done using the settings menu. I can
| also turn off this "related websites" thing. So what exactly is
| the problem? All major browsers have allowed users to turn off 3P
| cookies for years.
___________________________________________________________________
(page generated 2024-08-29 23:00 UTC)