[Havoc]

> It's the mindset assuming that for anything to have value in data privacy it needs to be 100% perfectly private and secure.

It does also need to make a difference though. If Google has say three different ways of figuring out who I am and I eliminate one of them then nothing has changed.

Let’s say IP address, fingerprinting and cookies.

In that sense it is somewhat all or nothing. Either I’ve eliminated all three or I have not. I know that’s not precisely what the author means by all or nothing but there are certainly dynamics at play here that are not a smooth continuum

[godelski]

  > Let’s say IP address, fingerprinting and cookies.

This will still not lead to a binary outcome. Cookies can be deleted and fingerprints aren't perfect. Nor is Google able to obtain this data from sites equally. Amazon and Facebook certainly are not sharing liberally, as this is a big part of their revenue streams too. Their competition can benefit us in our defense.

You also forget time. There is historical data, current data, and future data. You can tackle all of these, and they should be addressed differently. You can remove data and that can prevent future players or potential sales of your data. But we should also be really aware that the future data is most important. You change over time and they want to track these changes. The more you can limit their access, the more you fight back. One easy method is to use email masks. You can do this for free or relatively cheap, but I've changed most of my logins to unique emails as well as unique passwords (fwiw, Mozilla Relay integrates into Bitwarden, making this simple). I've now been able to track who is leaking my information to who, and better adapt to the environment. It also means that if one of these sites gets hacked than I can easily burn that email address and not be forever locked in a circulating list.

So I just want you to realize, you haven't been defeated yet. As long as you generate new data, there is time for you to fight back.

[notpushkin]

Yes. But there are all sorts of sites that only track you with cookies, or IP address + cookies, and separating cookies helps a lot with those.

[JadeNB]

> If Google has say three different ways of figuring out who I am and I eliminate one of them then nothing has changed.

That's not true! If Google has three ways and you eliminate one, and nothing else ever happens, then you might as well not do anything. But if there's one approach to data security that protects you from one kind of tracking, and you "set it and forget it," then it's chugging away in the background not really protecting you now—but if you later "set and forget" two other approaches to data security, then, together, they might have eliminated the problem, even if none of them individually made any difference.

(Stating the attempted refutation this way, it feels kind of like the privacy version of the refutation of "what good is half an eye?", e.g., https://evolution.berkeley.edu/evolution-101/the-big-issues/...)

[chucksmash]

Long ago I started only using browsers in private/incognito mode with ads blocked with the idea that I was preserving my privacy in some meaningful way. It's been a few years since I realized this alone was a futile exercise because there's a lot of money paying for a lot of resourceful people whose raison d'etre is to poke holes in my fig leaf. It's small consolation to know that what I'm doing might work for the long tail of sites while doing nothing to hide me from the big players.

[dylan604]

If you eliminate fingerprinting, that is in and of itself a fingerprint. If you block cookies, that is too. So the person with your IP address and blocks fingerprinting and cookies is you. Someone with your IP address and only blocking cookies could be you as well on another device, or a family member on their device. Either way, they're on to you

[arzke]

> If you eliminate fingerprinting, that is in and of itself a fingerprint.

This is why you should "eliminate fingerprinting" by randomizing your fingerprint.

[akimbostrawman]

Even a random Fingerprint can be used as identification since you will always have some static values between each session. The better approach would be to get in a big enough group with the same/similar fingerprint. That's how tor browser works.