You sound like the type to also disable cookies and use an adblocker and not use Chrome, but there are many ways Google can collect your credit cards or associate your purchase history. From Google Analytics to remembering the card in Chrome and syncing Chrome browser history to having a Gmail record of your purchases or even adding a credit card to your phone to use with Google Pay on an Android device… or while we’re at it, using Android. Lots of spying there unless you run Blokada Proxy or equivalent. Not to mention, if cookies are disabled, but you click on a Google ad, Google will likely help track the purchase with the third-party advertiser’s site using some alternative identifier they could assign outside of a cookie. After all, if you control the URL, you can inject session tokens. Not saying they do, but they could, and they probably make the data available in Google Analytics somehow, even with cookies disabled.
I realized the other day that thanks to Microsoft 365 and Google Workspace, these big companies know a ton about you just because your employer uses them. For example you might not be signed in using that web browser, but your work account just leaked your IP address or device metadata to Google, so they know it’s you anyway. It’s almost impossible to stay completely private online, these days, and still participate in the economy or society.
I would, though, draw a line and say that just because it’s possible to trace doesn’t mean it should be allowed… but we’ve all seen how the most effective countermeasures isn’t legislation but instead clients that can outsmart the trackers - like adblockers, privacy VPN proxies, DNS black holes, and Apple’s iCloud Private Relay (or similar VPNs) which would anonymize your IP address, partially defeating the point made earlier. (I say partially because it’s not like every packet is going to get a new IP address, that would break TCP connections… they could associate your work profile with your anonymous traffic using the same relay IP, if both traffic sources hit the same Google server from the same device, say…)
And of course we have historically shown that almost any collection of data can reveal a lot about a person, from Netflix watch history to search terms. I’m ignoring the obvious - that searching Google gives it information about you with every search.
- Google cannot legally protect payment information in any 1st, 2nd, or 3rd world country without explicit permission. There isn't a single country they operate in that will let them 'scrape' payment information in the manner which you claim.
- Any decent adblocker blocks GA cookies. GA does NOT collect payment info. Period. If you actually bothered to read that legally binding language or if you sniffed what is passed to GA you would know that. Please head back to your conspiracy subreddit and try again.
- Many folks like myself have completely left the Google ecosystem. Our adblockers block Google. We don't use google.com or Youtube. When you hit a popular Google property and notice an uptick in ads that is why. I use duck duck go as a search engine, and I personally dislike watching videos, however if you are someone who likes videos, I hear TikTok is all the rage these days.
I need to be clear here. I am not saying that it is impossible to track you, but rather, it isn't realistic or scalable across billions of users. For starters, Google would have to figure out how to beat Firefox containers or uBlock origin, and that is the simplest of problems. Next, they have to figure out how to bypass your local hosts file for a long period of time, otherwise they will get piholed...
If you use Chrome and opt out of sharing data with Google, they can still pair the ID from origin trials with your IP address and have a very good idea of who you are - or what installation of Chrome you’re using, which is basically the same thing: https://www.google.com/chrome/privacy/whitepaper.html#variat...
If you anonymize your IP, and turn off tracking, then yes, not much to say there until they start fingerprinting the fonts you have installed or something…
I realized the other day that thanks to Microsoft 365 and Google Workspace, these big companies know a ton about you just because your employer uses them. For example you might not be signed in using that web browser, but your work account just leaked your IP address or device metadata to Google, so they know it’s you anyway. It’s almost impossible to stay completely private online, these days, and still participate in the economy or society.
I would, though, draw a line and say that just because it’s possible to trace doesn’t mean it should be allowed… but we’ve all seen how the most effective countermeasures isn’t legislation but instead clients that can outsmart the trackers - like adblockers, privacy VPN proxies, DNS black holes, and Apple’s iCloud Private Relay (or similar VPNs) which would anonymize your IP address, partially defeating the point made earlier. (I say partially because it’s not like every packet is going to get a new IP address, that would break TCP connections… they could associate your work profile with your anonymous traffic using the same relay IP, if both traffic sources hit the same Google server from the same device, say…)
And of course we have historically shown that almost any collection of data can reveal a lot about a person, from Netflix watch history to search terms. I’m ignoring the obvious - that searching Google gives it information about you with every search.