1. 4
  1.  

  2. 6

    How can we be confident that any of the things discussed here (e.g. ‘protections against fingerprinting’) will be applied equally to google domains/services/ads/etc too?

    This reminds me of a wolf trying to give advice to a sheep on how/where to hide.

    1. 1

      Look at the cookies chrome sends to google?

      1. 4

        There is much more to fingerprinting than just cookies. All sorts of uniqueness can be obtained about a particular user by using javascript to detect specific system and browser configuration.

      2. 1

        What is your concern, something like

        // also for all the other properties that Google bought up over the years
        if (site != "google.com") {
          avoid_fingerprinting();
        }?
        

        That would be rather obvious since the code in question is open (unlike some the DRM additions in Chrome).

        Counter-theory: Google knows how to work without collecting data that way.

        (Disclosure: I work at Google, for Chrome OS even, but in firmware, which is further away from these considerations than most web-facing jobs even at different companies)

      3. 4

        I think the best way to understand Google and Chrome is that

        • there are plenty of talented and well-meaning developers, security engineers and even PMs working on Chrome
        • they implicitly understand that they have to make tradeoffs because of Google’s business model that they wouldn’t make without that (this doesn’t mean something unethical)
        • however mid and upper management at Google learned how to carefully exploit the benefit of the doubt that is extended to them. Anti-competitive/monopolistic features and changes are more and more introduced in a way that can be given plausible-deniability by security or “looking out for the user”.

        This means, I think, that Chrome has a moon-sized blind spot through which changes that are in Google’s interest but a net negative for everyone else are introduced.

        I don’t trust Chrome on privacy and security not because I think the people working on these changes have bad intentions, but because a lot of the changes that were introduced in the name of security or privacy recently uncannily, conveniently seemed to serve Google’s interests first. It’s a bit like how Facebook seemed to always only overstate their ad metrics to their customers, never understate them, after the tenth time we can spot the trend I think.

        So what would it take for me to have more trust in Chrome and their changes?

        • a more open chrome development process, the repository is open but almost zero of the roadmap/planning/decisions are publicly accessible. It would be great if Google would be (by number of contributions) a plurality but a minority contributor
        • Google giving careful attention to supporting other browsers, particularly and especially Firefox on their web properties
        • a more honest accounting of decisions not taken due to the impact it would have on Google’s financial interests
        • a careful firewalling of interests between Chrome and Google Services in terms of privacy