[buran77]

> if the ICO actually just went after the companies doing fingerprinting directly, instead of being angry at Google for not enforcing things for them

Google isn't just a hapless bystander here, they are enabling and profiting from the practice. Big tech companies all build these billion people villages and heavily tax every person inside but when "outside law" is broken then "outside authorities" should fix it for free.

The rules could be simple: you have a problem in your village, either you enforce the laws there, or national authorities will do it and charge you (the company) for the service.

When Amazon allows any of the millions of ephemeral clone-storefronts to sell shady or illegal stuff, would you rather have the authorities spend years chasing ghosts or have Amazon change their rules to make sure such illegality and abuse aren't possible in their marketplace?

[sandstrom]

> When Amazon allows any of the millions of ephemeral clone-storefronts to sell shady or illegal stuff, would you rather have the authorities spend years chasing ghosts or have Amazon change their rules to make sure such illegality and abuse aren't possible in their marketplace?

I'm fine with a law saying Amazon is liable for fake storefronts etc. Sounds reasonable. I'd also favor requiring e.g. Uber or Airbnb to provide authorities with data to prevent tax fraud from operators in such marketplaces.

But to me saying Google's advertising product should enforce how the individual websites work [fingerprinting], is to me more in the direction of "an electricity provider should enforce how people live their lives in any home provided by such electricity…"

[buran77]

> Google's advertising product should enforce how the individual websites work

"Google's advertising product" should do no such thing, the websites can go right ahead implementing whatever they dream of. Google "the company that develops the OS for my phone and the web browser" on the other hand is responsible for what tools and features it gives to those websites or apps to use on my device and without my explicit permission.

For example Google doesn't allow them to have root on your device, or covertly activate your microphone or camera. Why aren't you asking "who's Google to police what websites can do with my device, camera, and mic"?

> is to me more in the direction of "an electricity provider should enforce how people live their lives in any home provided by such electricity…"

Quite the opposite, Google or the electricity provider should enforce nothing on you or me. The analogy is more like the electricity provider allowing anyone to access information about what you do using that electricity. Why would the electricity provider have access to that information in the first place, and why would they be allowed to create interfaces that share that info with their partners?

If you're fine with Google allowing sites to collect this information from you, would you also be fine if your electricity provider allowed sites to collect info about how you use the electricity?

[IanCal]

> But to me saying Google's advertising product should enforce how the individual websites work [fingerprinting], is to me more in the direction of "an electricity provider should enforce how people live their lives in any home provided by such electricity…"

That's a wild analogy.

You're talking there about what I do in my home without impacting anyone else.

With google here we're talking about companies tracking users in a way likely to be illegal.

> But to me saying Google's advertising product should enforce how the individual websites work [fingerprinting],

This is about the advertisers.

[swores]

I completely disagree, and I'm someone whose interests would be best served by agreeing with you (my marketing agency spends a lot on advertising, and if the ad platforms don't have to enforce this sort of bad behaviour from other advertisers then prices could potentially fall as their expenses would)

Google's ad network isn't just dumb pipes for information like an ISP or an electricity provider, they're actively charging companies money in order to send whatever information to be displayed and code to be executed those companies want them to onto the screens of people that they're actively targeting. It should absolutely be Google's (or whatever ad network's) responsibility to not allow bad actors to use their services to spread viruses/malware, nor to allow even worse privacy evasion that they're already doing themselves such as allowing fingerprinting.

[unyttigfjelltol]

Isn't Google's relevancy here a result of their connection to the Chrome browser? The analogy vis-à-vis electricity is more like a vacuum cleaner manufacturer than power provider, although even that's weak because this is fundamentally about personal information being miscategorized as a commodity.

[IG_Semmelweiss]

This lacks nuance.

In many jurisdictions, you can charged, for not reporting someone else's crimes.

Even if Google should not be responsible for other sites doing [fingerprinting], the fact that they are enabling it should make them liable.

I don't think this is needed via ICO or via laws, to be clear. This can be a simple lawsuit. That's the right way to do things.

[gruez]

>In many jurisdictions, you can charged, for not reporting someone else's crimes.

Source? At least in the US, "duty to report" is limited to stuff like suspected child abuse.

[threeseed]

> Google isn't just a hapless bystander here

Google literally added all of the random APIs into Chrome that fingerprinting depends on.

If you trust Google then they are a bystander. If you don't then they orchestrated this entire situation over the last decade or so in order to cement the dominance of their advertising business.

[gjm11]

Most of those "random APIs" have good reasons for being there that have nothing to do with fingerprinting. For instance:

Your browser needs to be able to render text in different fonts, which means that without paranoid design (and maybe with it) code running there can tell what fonts you have installed.

A web app may want to tell you when something happened in your time zone even though it happened somewhere else. So there's value in having code running in your browser be able to tell what time zone you're in.

Different browsers, and different versions of the same browser, have different bugs. So there's value in letting code running in your browser know what version of what browser you're running. (Note that this information has been exposed by browsers, though not always very honestly, since before Google even existed.)

Browser/device fingerprinting has been possible since before Google ever shipped a browser.

I wouldn't be surprised to learn that Google has made design decisions in Chrome motivated by not making fingerprinting too difficult. I also wouldn't be surprised to find that they've done the exact reverse. Maybe they've done both. But the possibility of browser fingerprinting isn't the result of some galaxy-brained conspiracy by Google; that was there all along because when browsers first gained the ability to run code the people building the browsers never thought of the danger, and by the time someone did it was already too late.