To the best of my knowledge - from a spirited but doomed attempt to read Google’s privacy policies - Google is committed to deleting your location history after sharing it with 10,000 or so vendor partners.
Each of those vendor partners have pinky promised to comply with the rules outlined in the same privacy policy that I failed to read.
For context, I’m not convinced any living person has read the entirety of Google’s privacy policies.
Sadly, I’m quite confident - by the law of averages, human nature, and corporate corruption - that not all 10,000 trusted partners also deletes our location data history.
Google does take privacy preserving steps to anonymyze what it shares.
My educated opinion is that no amount of attempted anonymozation is sufficient for the breadth, scope and quantity of data that Google collects.
Shorter answer for you: yes, I believe that is a corporate lie. True only in technicality, but likely false by any reasonable persons expectation of what “delete” means.
TL;DR - Google makes (arguably insane) claim that it previously acted responsibly with regards to fingerprinting, and says they will begin acting irresponsibility with fingerprinting in February.
Practical take-aways you probably already knew:
- Today’s Google may do or say anything to make an extra nickel.
- Today’s Google, while it employs some excellent privacy minded engineers, has not demonstrated an organizational commitment to user privacy.
- It is probably wise to assume that the next serious data breach at Google will end marriages, get politicians arrested, get famous people canceled, fuel successful scammers, and have every other privacy impact you can imagine. We know the Google data pool is massive, and we have reason to believe it is incredibly personal. I’m aware that Google has anonymozation solutions in play, and I do not believe those solutions will be effective in a breach scenario.
- I believe that the average person will likely be better off ten years from now if they interact less with Google services.
I mean, yeah. Pretty much every Linux version runs a lot lighter than Windows, nowadays.
There’s a lot of reasons, but I think the main one is that Windows has to be suitable for so many different uses, while each Linux distro can specialize.
Getting my games working on Linux used to be a pain in the ass, but the actual gameplay has always been a better experience, for me.
Yeah. I agree it’s rough to lose existing recognition, but I think the test in the name was hurting adoption quite a bit.
When I tried mineTest last, I was thinking, “what the hell, this will amuse me for an afternoon.”
I did not expect a feature complete game engine with a better more polished game than vanilla MineCraft.
Thanks for sharing this.
Here’s hoping they listen to feedback.
I left this series because it became a buggy mess. I added “stop making a buggy mess” anywhere I could. I’m not holding my breath, but I would love to get back into playing Civ again.
I guess there’s always Civ II, though. It’s quite stable, now, and runs everywhere.
Right. It’s different in that it lacks Google Framework Service, and adds a bunch of privacy controls, like additional quick toggles to control the cameras, and microphone, the way other Android can quick toggle the flashlight and location servcies and bluetooth.
The biggest thing is substantially more granular per app permissions, controlled from a calentral interface in settings.
- The largest e-commerce platform in latin america and the most used in my country requires FR to use it.
I minimize my use of the largest eCommerce platform in my country. It’s a pain, but it can be done, and I feel good about my money going to organizations that better match my values.
- The bank is now pressing me to use their app with FR as a 2fa when using homebanking from its website, something that wasn’t necessary up to some weeks ago.
Sounds like a great opportunity to check into joining a credit union. All banks are predatory. There’s lots of other great reasons to minimize your exposure to banks.
- The telecoms demands FR from now on if you want a new SIM card in case you lost your phone or it’s been stolen.
- The government is in the same direction as it’s moving to digitalizing many burocratic procedures and also requires FR.
I imagine you may be stuck with these. Sometimes we can’t win them all.
I wouldn’t take that as a reason to give up. Having your face on file in fewer places is very lively to save you future headaches.
Ideally this will be less of a concern in the future, when the vast majority of organizations no longer have utter shit for Cybersecurity.
But that day is not today.
Uh… I’m a patriot.
I fully support my country in every meaningful way, especially those ways that might otherwise make my billionaire overlords feel threatened enough to put a hit out on me.
More seriously, my neighbors are, on average, fantastic people, that deserve my support.
Edit: To be clear, I fully agree that this should piss us all off.
Generally they need all of your personal information (Full Name, Date of Birth and SSN - which costs them 25 cents or less on the dark web), plus your username and password that you create when you first visit each site. (Which hopefully isn’t on the dark web, because it’s new and unique.)
The new username and password that you create are what give some security.
And a warning, only because someone reading along will need it:
don’t re-use a password used elsewhere.
Re-used passwords, from past data breaches, paired nicely with email addresses and full names, also cost about 25 cents on the dark web.
What does freezing your credit do, exactly?
It prevents opening new credit cards or other lines of credit in your name.
The reason this matters is lots of fraudsters are using names and SSNs they bought on the dark web, to open credit cards they have no intention of paying back.
If you’re an American, your name and SSN combination is almost certainly for sale for about 25 cents, on the dark web, today.
Freezing your credit at all three agencies is the only effective prevention, today.
The credit agencies will attempt to charge you a monthly fee for the privilege, but don’t fall for it. They’re legally required to provide the service for free.
If I’m ever a juror on a murder trial where the “victim” worked in leadership at one of the big three credit agencies, I’ll have to admit that I couldn’t possibly convict someone for that.
Is this still something someone should do if they don’t even have any credit cards?
Yes. Absolutely. Being a victim of credit fraud can make it impossible to get a home mortgage, or even get certain jobs or apartments. It can be incredibly difficult and expensive to clean up, and the burden is largely left entirely on the victim.
always says my browser has a unique fingerprint.
That’s mysterious! It’s hard to entirely smudge away your digital fingerprint, but getting 100% unique match makes me think something important in your setup might be missing.
Does it say why?
Do you get the same result in a “Private Browsing” session?
Are your cookies set to clear automatically?
If you’re allowing 3rd party cookies, you’re going to have a unique fingerprint 100% of the time. That would certainly do it.
I can’t think of another reason you would get 100% unique match over and over, though.
Are you running nightly releases of your browsers? That shouldn’t get 100%, but could if you’re unlucky. Or a big pack for browser plugins that love to announce themselves? I’m grasping at straws now.
Edit: You can press F12, while in your browser, and find a tab called ‘Network’ to see details of what your browser is sending out about you. Pay particular attention to ‘headers’ and ‘cookies’. If those are too informative, it gives you a unique fingerprint. 99.99% of everyone has a unique digital fingerprint. But some basic techniques, studiously applied, should take you out of that pool.
Source: Websites have no idea who I am a lot of the time, generally when I choose. I’m clever and well informed, but I’m really just doing the same stuff you find in most short online guides to privacy.
As someone else said, Pixel for Pixel analysis is probably too much compute time for them to bother. But they can do a quick checksum on the file, and they probably do.
Whether the image seriously affects your online fingerprint is mostly about whether a lot of users or only a few users use that exact profile picture.
If they few users have that exact profile picture, then it’s likely that they have a behavior tracking data set assigned to it, in case it’s valuable later.
It’s not that someone is sitting in a room correlating and judging your choice of picture. It’s just that every aspect of your web browsing that can be cheaply tracked and correlated is tracked and correlated.
An image that too many people use is likely also correlated, but won’t be heavily weighted in deciding that traffic is yours, because the error rate is too high.
That’s why I always set my profile image to “Mickey Mouse” while I listen to music by The Beatles. It makes me invisible. Also I just really like Mickey Mouse.
I’ve heard this advice as well. It certainly doesn’t hurt, if you have credit cards, to prefer them.
I imagine it is a lot nicer to have a fraudulent item on a future bill, than an actual fraudulent deduction from a current active account. And fraud correction is prompt enough, that the bill never comes due on a CC, whereas the money is, indeed, missing immediately on a debit card.
That said, not having any credit cards, I would never open one simply for the fraud protection.
Debit card fraud correction has always been prompt and accurate, for me.
The card companies do not discriminate, currently, between corrections on credit and debit cards. Currently, that’s largely thanks to contract language with their debit card customers that prevents them from such discrimination.
I added disclaimers like crazy above, because FinTech is a constantly evolving industry with constantly changing terms of service. And because most people working in FinTech are assholes who want to scam you.
Edit: I’ve corrected the above advice with yours, thanks! There’s certainly no reason to prefer debit over credit for online use, for anyone who has both card types. I just have a bad habit of using the words interchangeably because I only carry debit cards.
Just put the card in directly on random websites.
I’m not joking - if you follow your existing “should I even be using this site anyway?” signs, it’s going to typically be fine (in 2024!) to use your debit card there.
(Edit: To be clear, things have changed. Time travelers from the past should absolutely not follow this advice back in 2002!)
And when something does go wrong, you’ll get better support from your credit union than PayPal would. (You don’t still use a bank like a sucker, right…?!)
The worst case, usually, is they reverse the fraud and issue a new card to prevent further fraud.
So I guess it’s a few things:
- Get a credit union, rather than a bank.
- Choose one or two of debit (edit: or credit) cards for all online use. Life is simpler when fraud does occur, if I have another card that still works for gas and groceries.
- Use the debit card directly, online, with any trusted site. There’s no need for PayPal to exist anymore.
Many years ago, PayPal’s innovation was treating people who shop online like actual people. The rest of the world has caught up, while PayPal lost sight of that.
Source: I worked in FinTech. It’s amazing how bad your current options are, but it tends to work out, anyway. There’s an extremely ethical and detail-oriented army of women named Karen, behind the scenes, looking out for you.
Edit: And as far as I can tell, not one of the extremely ethical and detail oriented women named Karen works for PayPal. Big tech companies rarely successfully keep that kind of no-nonsense-tolerated top talent.
While I know Signal isn’t perfect, I do like it and I haven’t seen anything that is better (on the whole).
Agreed. But it is worth mentioning that XMPP with OMEMO seems to be the current gold standard - runs almost everywhere, tons of available (free) servers, secure end to end messages, and fully auditable public source code.
I wonder too!
I’m betting on trial and error. Probably has a mysterious comment in the code, as a warning to other.
Source: I develop software and find these things are either deeply researched and analyzed scientific theory, or the result of guesswork and trial and error. At a ratio of about 95% and 5% respectively.
It gets weird fast, because before privacy controls in the Lemmy source code mean anything, we need trusted third party verification of a server’s patch level, and security controls.
That can be done, and I think Lemmy has a shot at getting to that point, but it’ll be awhile.
In the meantime, I suspect the Lemmy developers are hesitant to add and advertise features that you can’t be sure are actually correctly enabled on your instance.
But yeah, let’s not let perfect be the enemy of moving toward better.
Edit: Assuming you completely trust your instance admin, we could start adding some basic privacy to actions taken on your home instance.
But as soon as the user starts interacting via federation, all bets are off - because the federated instance may he malicious.
I think we might see one or more “trusted fediverse” groups emerge in the next few years, with instance admins making commitments to security controls, moderation, code of conduct, etc.
So, in theory, the lemmy software could start implementing privacy controls that allow users to limit their visibility to whichever part of the fediverse their instance admin has marked as highly trusted.
But even then, there’s risks from bad actors on highly trusted instances that still allow open signups.
Anyway, I totally agree with you. It’s just a genuinely complex problem.
You are reading it correctly.
If they only used your data to process deletions, it would read along the lines of “data shared with partners as necessary to provide (data deletion, etc) services.”
It should also normally be followed by a sentence that links to each partners privacy policies, and says that each partner complies with similar restrictions on using your data only for the same purposes listed in the earlier sentence.