Privacy

48300 readers

415 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

284

Audit Finds Google, Microsoft, and Meta Still Tracking Users After Opt-Out - Slashdot (tech.slashdot.org)

submitted 2 weeks ago by RotatingParts@lemmy.ml to c/privacy@lemmy.ml

15 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Pika@sh.itjust.works 7 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

Honestly. I think if tracking is disabled it should do the following:

anything screen dimension related including available height/width -> blocked (realistically java-script should never need to disclose this information outside of an internal function anyway)
User Agent: generalized (this usually already is the case)
Cookie status: kept the same as needed for functionality.
addon/plugin info: blocked
buildID: blocked
hardware concurrently: generalized instead of a set number (low end being < 4 middle being < 12 high anything else)
any hardware characteristics(such as gyro, battery state, etc) -> request for permission by default

Like there are many steps that can be done to help mitigate fingerprinting, its just getting vendors to actually do it.

being said I had never known about the TLS fingerprinting option, I generally don't see that shown on the fingerprint detector sites, that's interesting.

[–] FauxLiving@lemmy.world 2 points 2 weeks ago

being said I had never known about the TLS fingerprinting option, I generally don’t see that shown on the fingerprint detector sites, that’s interesting.

There's also things like the SNI field which is a non-encrypted field which contains the requested domain name. Even if you use DNS over HTTPS to keep your information from leaking via ISP controlled DNS servers, they can still get the destination domain names from the SNI during the TLS handshake.

[–] FineCoatMummy@sh.itjust.works 1 points 2 weeks ago

its just getting vendors to actually do it.

Good ideas... and yeah... the browser vendors have a financial incentive to build mechanisms to collect anything and everything. Javascript itself exposes so much more fingerprinting possibilies.

That's also why I think it's so terrible for Google's Chrome to have like practically all the market share. G can now drive the whole web in a way that's good for them and bad for us.