I wish that was enough. The articles that show up here on HN from time to time make me think they can cross-reference data and fingerprint you through many data sources and more advanced tracking (things that we discover from time to time like canvas, css). People that have you on their contact list, your e-mails that hit their servers even when you don't have a Gmail, DNS, CDN, cloud services, your phone unless you go full tin foil hat, data they acquire from other companies. I try to protect my privacy but I think it's all futile, they have too much power.
It’s not. While Facebook will exfiltrate and cross reference your name and number from associates’ address books, this wildly different than keeping a log of everywhere you travel, the time you wake and sleep, hundreds of tagged images of your face, all the news you read, and how readily you can be influenced. Primarily to influence your mind and behavior for profit, but all available to international governments to keep and eye on you, too.
I agree that Facebook and Google are too powerful, and that there should be much better protections around consumer data. Support the EFF, talk to your representatives.
How difficult would it be to defeat fingerprinting by injection of noise? I.e. your browser configuration/characteristics change every now and then by a tiny amount.
I use an extension called Canvas Defender that does this. You can have it create a new "fingerprint" every so often. It also pops up an alert when a site requests a fingerprint. I believe Facebook uses the fingerprint as part of the browser profile to help combat fraudulent logins, as I get many more "new browser" emails from them with this extension than I did prior to installing it.
Other than adnauseum which people have already mentioned, you might like User-Agent Switcher[1]. Not sure how useful it really is, but it is fun to see the differences between how a website designed to be browser specific renders in a incorrect browser.
"Google says it has access to roughly 70% of U.S. credit and debit card transactions through partnerships with companies that track that data."
"Google DeepMind's first deal with the NHS [...] gave the Google-owned artificial intelligence (AI) lab access to 1.6 million NHS patient records across three North London hospitals without patient's prior knowledge."
Oh, none of those are exclusive or even new. Your credit rating company has far more info on you that you didn't sign up for.
And AFAIK, and from what I heard from friends working at google, everything is linked to a google gaia account, if you don't have one, you don't exist for them.
Good point. This was used as a positive spin when there was the debate over whether Facebook is listening to your conversations.
The conclusion was no, but they are gathering more data from third parties so as to make direct listening unproductive. I found that more disturbing that Facebook has real-time access to whatever they believe I am looking at on Amazon, as presumably other places.
It's interesting that you trust a government to execute a no-knock raid on a private company's datacenter (and extract only the information that is relevant without drag-netting unrelated private information) more than you trust that private company to secure your data (an exercise they have a vested economic interest in accomplishing).
At the end of the day, all of these questions always come down to trust and just trust.
I use gmail and don't wish to give it up for now. I launch gmail in a site-specific browser process so that my login is isolated. This makes it so that in my main browser, I'm not logged into my Google account and they don't see where I go. As a bonus, the "filter bubble" effect is diminished for my Google searches.
That's not a reasonable approach for non-techies, but I thought it might interest the HN audience.
I'm not logged into my Google account and they don't see where I go.
If they see activity from one IP to say search, then activity from the same IP to visit the top result of that search, they don’t need a cookie to track you.
Anyone who shares an IP has seen ads actually targeting another member of their household...
Usually that's not a reliable way to identify a unique user. Given the prevalence of NAT, re-using IPs by ISPs with DHCP, and a host of other reasons. (That's not to say there aren't ways to fingerprint users across devices and browsers.)
A service ISPs should offer as standard is regularly randomising your outbound IP from their pool for all but a whitelist you specify. So you can have a static IP for say you work firewall, but are harder to track otherwise
Yes, that is possible -- and I'm sure that other trackers are doing their best with fingerprinting, etc and that they manage a certain amount despite my having Privacy Badger and uBlock Origin enabled in my main browser.
However, IP based associations do not show up in the user history that Google allows me to see, and as far as I can tell Google does not change my experience based on it.
I'm still subject to some filter bubble effects because I only zero out my main browser every few days.
Two of the replies mention FastMail, which for all I know might be nice, but FastMail still seems to be in its infancy (though perhaps growing fast) when it comes to securing customers' data. See the recent https://news.ycombinator.com/item?id=15853477
I've been using Gmail for over a decade. I've been getting in the habit of using a purpose@mydomain email for as many signups as I can (that for now all forward to my gmail) so that the impact of a random Google mess up that disables my access to my account is lessened, but there's still no service I trust more for my email's security and privacy apart from Google's algo-eyes (that offer me some features I appreciate anyway). Maybe that trust is misplaced and we're only a few years away from a Yahoo-level incompetence reveal, but I doubt it.
If there was a way to setup a local mailserver that can peer in a hierarchy with more trusted mailservers (so that I can send email with reasonable confidence it won't end up in a spam folder), and have encrypted buffers stored at those peers for when my local machine is offline and can't accept deliveries, I'd do that. Maybe it's possible with Urbit.
I am paying for FastMail for a few years now. It's a very good alternative, and it's really not expensive. Also, I know that my money goes into building an alternative with a viable business model.
Plus, GMail isn't free. You pay for it with your data.
I switched to FastMail about 6 months ago, and I like it. I actually like FastMail’s webapp more than Gmail’s. There aren’t any features from Gmail that I miss, and FastMail offers a very easy option to migrate your emails from Gmail.
If the time comes when you are ready to move on from Gmail, I can recommend Fastmail and ProtonMail. Both use a webmail interface that is very similar to a desktop client. ProtonMail is free for a single address with low volume, Fastmail is $50/year. ProtonMail is based in Switzerland and Fastmail in Australia.
I'm not affiliated with either company but I've evaluated both and settled on Fastmail as my Gmail replacement, mostly because of the added features like file storage, static web hosting, and notes, all of which I've used extensively.
Based on resolution of browser, user agent, list of plugins and all sorts of other seemingly unproblematic pieces of information one can build a unique fingerprint to track you without cookies. Most of it relies on JavaScript of course but if you use gmail you do run JS.
I think you're overestimating the privacy benefits afforded by using two browsers. Both browsers are using the same IP address which means that google can identify you in the other browser with high certainty. I also have two browsers and use only one to log into google. Yet, google firmly places me in my filter bubble even in the other browser.
I register all my accounts using Gmail because I feel DNS/domain security is a joke (this was debated here in the past but I don't have the technical knowledge to explain it any better). I'm saying that because IMO using your own domain is crucial for privacy and control.
I choose Google one day randomly blocking my account over losing it to some random person from the web. At least I can make a blog post and try to make to HNs frontpage to get some customer support.
Maybe I am missing something here, but how does this help against being tracked by google through google analytics and/or their ad-network?
Sure they cannot 1:1 link your {analytics, ad} identity to your actual Google identity, but I am reasonably sure that they have all the data necessary to do it via (not too many) connecting dots.
Slowly moving away from google what my personal email concerns - to protonmail, btw; I do use G+ as an excuse for social media, though, mostly for being able to stalk Linus on his scuba diving trips.
Additionally, consider that google has some advanced machine learning shit that can likely analyse your writing style.
Even an antipattern is a pattern.
Though they actively scan your email for targeted ads and correlate them to you outside of your jail through GA, which doesn't really require login. Unless you connect through a different VPN and browser/etc.
Seriously though - who cares? You use a credit or card? Your purchase history has been sold to advertisers and similar for decades, it's just more transparent now.
OP here is simply fomenting mistrust of the more obvious players to draw traffic (and advertising bucks) to their own website (duckduckgo).