So, manifest v3 was all about preventing Google's competitors from tracking you so that Google could forge ahead.
this post was submitted on 18 Feb 2025
928 points (99.3% liked)
Technology
70268 readers
3795 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
It was never about privacy, it was supposedly about security, which there is some evidence for. There were a lot of malicious extensions. The sensible thing to do would be to crack down on malicious extensions but I guess that costs too much money and this method also conveniently partially breaks adblockers.
The fewer of your competitors who have the data the more valuable that data is.
Would it be possible for a browser or extension to just provide false metadata in order to subvert this type of fingerprinting?
So from what I understand, theres 2 common ways that browsers combat this. Someone add to or correct me if I'm wrong.
- Browsers such as Mull combat this by looking the same as every other browser. If you all look the same, it's hard to tell you apart. I believe this is why people recommend using default window size when using Tor.
Ex: Everyone wearing black pants and hoodies with the facemasks. Extremely hard to tell who is who.
- Browsers such as Brave randomize metadata that fingerprinting collects so that it's more difficult to piece it all together and build a trend/profile on someone.
Ex: look like a dog in one place, a cat in another place. They get data for a dog but that doesn't help build anything if the rest of the data is a cat, hamster, whatever. No way to piece it together to be useful.
In both my examples, there are caveats. Just because everyone dressed the same doesn't mean someone isn't taller or shorter, or skinnier or fatter. There can still be tells to help narrow down. Or a cat that barks like a dog suddenly is more linkable to a dog if that makes sense lol.
In other words it still depends user behavior that can contribute to the effectiveness of these tools.
EDIT: got distracted. To answer your question I don't think so. I think it's more about user behavior blending in or being randomized. I think the only thing an extension would be able to do is possibly randomize the data but I'm unsure of such an extension yet. These aren't the only options, these are just ones I've read about recently. Online behavior, browswr window size, and I'm sure so much more also goes into it. But every little bit helps and is better than nothing.
EDIT2: Added examples for each for clarity.
load more comments
(2 replies)
No. Anything that executes Javascript will be fingerprinted.
That being said it depends who are you fighting. For common commercial tools like Cloudflare fingerprinter it might work to some extent but if you want to safeguard against more sophisticated fingerprinting then TOR and no JS is the only way to combat this.
The issue is that browsers are so incredibly complex that it's impossible to patch everything and you'll just end up getting infinite captchas and break your browsing experience.
load more comments
(3 replies)
This has been the case for years. I develop fingerprinting services so AMA but it's basically a long lost battle and browser are beyond the point of saving without a major resolution taking place.
The only way to resist effective fingerprint is to disable Javascript in its entirity and use a shared connection pool like wireguard VPN or TOR. Period. Nothing else works.
How can you live with yourself?
I do it as a security measure for private institutions and everyone involved has signed contracts. It's not on the public web.
load more comments
(1 replies)
Disabling JavaScript entirely is another data point for fingerprinting. Only a tiny fraction of users do it.
Besides, without JavaScript most websites are not functional anymore. Those that are are likely not tracking you much in the first place.
load more comments
(2 replies)
load more comments
(7 replies)
Just in time for their prophet, Curtis Yarvin, to be pushing a full-scale surveillance state!
Googlers aren't on our side. They want to rule. They think being a fucking admin on a server makes them cut out to run society.
They want to tear down democracy and basically replace it with administrator rules and access control lists.
load more comments
(1 replies)
So I thought this is never going to fly under GDPR. Then the article goes on to say:
Many privacy laws, including the EU’s GDPR and California’s CCPA, require user consent for tracking. However, because fingerprinting works without explicit storage of user data on a device, companies may argue that existing laws do not apply which creates a legal gray area that benefits advertisers over consumers.
Oh come on Google, seriously? I remember a time when Google were the good guys, can't believe how they've changed...
Google were maybe seen as the good guys back in the days of Yahoo search, and perhaps the very early days of Android.
But those times are so long passed. Google has been a tax-avoiding, anti-consumer rights, search-rigging, anti-privacy behemoth for decades now, and they only get worse with each passing year.
load more comments
(6 replies)
Yeah, I have an anti fingerprint extension installed in Firefox, and immediately no Google site will work anymore, all google sessions break with it while most other sites just continue to work.
I'm working to rid myself completely from Google, my target being that I will completely DNS block all google (and Microsoft and Facebook) domains within a year or so. Wish I could do it faster but I only have a few hours per weekend for this
Mind sharing what extension you use?
Hi, here are the extensions I use in FireFox/Librewolf (all will work in Chromium too, but I don't recommend Chromium browsers):
Privacy and Security-focused
uBlock Origin: A lightweight and efficient wide-spectrum content blocker.
Decentraleyes: Protects you from tracking through free, centralized content delivery. (not recommended alongside uBlock Origin; see the reply below)
CanvasBlocker: Protects your privacy by preventing websites from fingerprinting you using the Canvas API.
Ghostery Tracker & Ad Blocker - Privacy AdBlock: Blocks trackers and ads to protect your privacy and speed up browsing. Also has a handy feature that automatically rejects cookies for you. (not recommended alongside uBlock Origin; see the reply below. You can disable the ad blocking functionality and keep the cookie rejection function).
KeePassXC-Browser: Integrates KeePassXC password manager with your browser.
NoScript: Blocks JavaScript, Flash, and other executable content to protect against XSS and other web-based attacks (note: you will be required to manually activate javascript on each web page that you visit, but this is a good practice that you should get used to).
Privacy Badger: Automatically learns to block trackers based on their behavior. (not recommended alongside uBlock Origin; see the reply below)
User-Agent Switcher and Manager: Allows you to spoof your browser’s user-agent string (avoid creating a unique configuration; opt for something common, such as Chrome on Windows 10).
Violentmonkey: A user script manager for running custom scripts on websites (allows you to execute your own JavaScript code, usually to modify how a website behaves or block behavior that you don't like. VERY useful. Check out greasyfork for UserScripts).
Other useful extensions (non-privacy/security)
Firefox Translations: Provides on-demand translation of web pages directly within Firefox.
Flagfox: Displays a flag depicting the location of the current website’s server.
xBrowserSync: Syncs your browser data (bookmarks, passwords, etc.) across devices with end-to-end encryption.
Plasma Integration: Integrates Firefox with the KDE Plasma desktop environment (for linux users).
Thanks for the list! Although most of the time it's advised to not use multiple adblocker in tandem, because they might conflict with each other and get detected by the website. For example, uBlock origin has, in its settings, an option to disable JavaScript and in the filter list, an option to block cookie banners "Cookie notices". But if all of these work for you that's great!
load more comments
(6 replies)
load more comments
(2 replies)
Which is why I had hoped the EU would ban all forms of fingerprinting and non-essential data tracking. But they somehow got lobbied into selecting cookies as the only possible mechanism that can be used, leaving ample room to track using other methods.
load more comments
(10 replies)
Further evidence that a Republican government in the USA results in private organisations pushing the bar as far as they can.
In Reagan's time it was Wall Street. Now it's Silicon Valley.
You want private organisations working for your benefit and not that of their shareholders? You need a government that actually has the gumption to challenge them. The current US government is 4 years of a surrender flag flying on the white house.
Or we could bin off this fucking failed neoliberal experiment, but that's apparently a bit controversial for far too many people
load more comments
(1 replies)
This article actually shares what changed, as opposed to just asserting that there was a change.
I go to pornhub every morning to check out the articles. Lately I've noticed that they have exactly the kind of articles I'm interested in always at the top two rows and then a bunch of stuff I'm not really into elsewhere. They are definitely testing stuff.
I too go to pornhub for the articles.
It would be nice to hammer a manually created fingerprint into the browser and share that fingerprint around. When everyone has the same fingerprint, no one can be uniquely identified. Could we make such a thing possible?
Not really. The "fingerprint" is not one thing, it's many, e.g. what fonts are installed, what extensions are used, screen size, results of drawing on a canvas, etc... Most of this stuff is also in some way related to the regular operation of a website, so many of these can't be blocked.
You could maybe spoof all these things, but some websites may stop behaving correctly.
load more comments
(2 replies)
load more comments
(3 replies)
Digital fingerprinting is a method of data collection – one that in the past has been refused by Google itself because it “subverts user choice and is wrong.” But, we all remember that Google removed “Don’t be evil” from its Code of Conduct in 2018. Now, the Silicon Valley tech giant has taken the next step by introducing digital fingerprinting.
Oh, forgot to mention - we're evil now. Ha! Okay, into the chutes.
load more comments
(3 replies)
Google can't fingerprint you very well if you block all scripts from Google.
Considering how few people block all scripts, this could also make it trivial for them to fingerprint you.
load more comments
(3 replies)
load more comments
(2 replies)
Time for meshnet?
new? isn't this at least like a decade old method of tracking?
You'd THINK the article would link to a source about the fingerprinting in question instead of 90% filler slop and ads for their own service... Anyone got a link?
load more comments
(6 replies)
But why would any browser accept access to those metadata so freely? I get that programming languages can find out about the environment they are operating in, but why would a browser agree to something like reading installed fonts or extensions without asking the user first? I understand why Chrome does this, but all of the mayor ones and even Firefox?
Because the data used in browser fingerprinting is also used to render pages. Example: a site needs to know the size of browser window to properly fit all design elements.
load more comments
(2 replies)
load more comments
(4 replies)
Using Mullvad Browser + Mullvad VPN could mitigate this a little bit. Because if you use it as intended (don’t modify Mullvad browser after installation) , all Mullvad users would have the same browser fingerprint and IPs from the same pool.
load more comments
(8 replies)
Great read from Tuta on thia topic. It's been an issue for a while but Google going full force publicly on it causes this issue to grow greater.
I left a comment replying to someone further down about how this can be at least a little combatted and how it is with browsers. (At least to my minimal knowledge of it)
load more comments
(3 replies)
view more: next ›