cookies are just text. they could literally contain an ip address or a hash or other identifier that refers to one.

spotify can’t directly obtain data from a linkedin cookie. but ad networks and other ‘third parties’ could provide ‘targeting’ or even identifying information to them.

use a different browser profile, or better–an entirely different browser–for vpn browsing.

set up your own vpn server on a ‘low end box’ (small and cheap vps) for your own exclusive use.

any ‘lawful’ access that’s baked-in will also be used and exploited ‘unlawfully’.

of the two, common sense media says apple is better from a privacy standpoint.

and, if i had a roku-powered tv, i’d skip the internet on it (never hook it up) and use an external device, even if it was just a roku stick.

guessing they’re using the carrier’s data for verification. name, address, phone number, socials and at least partials of credit cards, bank accounts. whatever relevant that they have.

this is all data the credit bureau has on you already

just a step or two removed from what’s probably their ultimate goal: a unique guid for every device, that you can’t change, can’t remove, can’t decline, and is always with you–including linking multiple devices when you log-in to the same account somewhere across googleland from them.

effectiveness of ublockorigin, noscript, or other privacy/security related addons in your browser are unaffected by ech.

a pihole on your network is likewise unaffected, as it alters the dns requests so clients like your browser or tv can’t even resolve a ‘bad’ domain to an ip.

in the olden days, one ipv4 could host one domain securely. when a client connected to that ip, the connection was encrypted with the cert for that domain it was hosting.

the finite ipv4 space was gobbled up like crazy between this and every fucking thing on the planet wanting to be online.

an update to conserve ipv4 space allows one to host multiple domains (i.e. different sites on different domains, all using https) on one ip. to do this, the client needs tells the server which domain it’s looking for on the ip it’s connecting to–in the clear. once the server knows what cert to use, an encrypted connection can be set up.

‘encrypted client hello’ (ech) allows that initial request to be encrypted.

that’s pretty much all it does.

“our backdoors, not theirs”

(of course, they always fail to acknowledge the simple fact that “ours” becomes “everybody’s”)

i’d imagine your phone carrier still knows where you are when you use wifi calling… especially if that wifi’s internet source is a wireline isp or a known wifi-based network or hotspot.

i worked on someone’s laptop recently that was set up for mobile deposits via web browser. they also had a bank-provided scanner, too, that worked with it. so it is possible, and it is being done.

it’s not true.

while there is a 10 device ‘limit’, that refers to how many linked devices you can have. you can remove one to add another. info and how to do that

that’s basically what i had. a cheap laptop for a ‘streaming device’ and media player with a k400 keyboard with trackpad. connected to a monitor to start, then a cheap tv. don’t have a ‘media server’ though, just a pile of hard drives (externals, or internals with usb adapter or ‘dock’).

the tv eventually did get hooked up to wifi but i only use it for a couple ‘free’ apps that require no signin and work through pihole ok. mostly the ‘tv’ is playing a random playlist.