From time to time, important news gets overshadowed by other headlines, even though it could have a profound impact on our (online) world. To most of us, few things are more bothersome than the dreaded cookie banners. On countless websites, you’re confronted with a pesky pop-up urging you to agree to something. You end up consenting without really knowing what it is. If you try to figure out what’s going on, you quickly get lost among the often hundreds of “partners” who want access to your personal data. Even if you do give your consent, it’s questionable whether you truly understand what you’re agreeing to.
Cookies are old news. What about browser fingerprinting which can track you across websites? https://www.amiunique.org/
There’s basically no easy way to safeguard against it without making browsing nearly unusable.
If the website says that I’m unique in green font, it’s actually bad and should be red, isn’t it ?
Yes.
Happened to me, too. Fuck!
GDPR is regarding personal data, which includes cookies as well as any other fingerprinting. Even though browser fingerprinting does not persist any data on a device itself, explicit consent must be gathered before it’s used for processing (i.e. tracking) purposes.
But why unusable, why does a browser have to leak language, window size, time, extensions? Can’t those be spoofed?
A lot of those things are also required to render a webpage correctly.
But isn’t most of that client-side processing? Can’t I request a vanilla generic page and once it is in my browser to process it to shape it into the window size and extensions I want? Even if it is an adblocker: serve me the ad, I’ll block it internally. But I suppose that for dynamic pages with js requests this would become hard to do.
Yeah it’s Javascript that’s the issue that can just take all this data in the client and send it wherever. And that’s exactly what’s happening.
What’s the solution?
I’m not sure a technical solution is feasible, other than dns-blocking these trackers. I suppose lawmakers need to spring into action to make this shit illegal.
You could probably set a cap on how many different fingerprinty attributes a script is allowed to grab before requesting permission from the user.
That is indeed the solution.
A technical solution won’t cut it. Here’s a very convoluted example: the <p> tag allows you to send the text “buy illegal drugs here” to kids!! Omg!!! What to do? Remove the <p> tag? Obviously not. You ban the practice.
oh fuck i’m unique on every browser 😨
Tor Browser in normal mode is quite usable though, you just can’t use extensions and you need to start a new session whenever you use other websites so they can’t track you via cookies. Mullvad Browser is quite similar too.