> It means at least 200 more days of the kind of Chrome user tracking that should have been banished years ago.

This kind of writing makes me question if the author understands the tech they're writing about. Chrome itself isn't doing any user-tracking through cookies, full stop. Websites you visit have 3rd party trackers embedded in them, and they are the ones tracking your behavior. They're watching your every move and using it to build up a profile, so they can send you targeted ads. But since they're 3rd party, you have no control over what they learn about you.

Clearly the right way forward is decentralization: you should have control over your own data, and choose exactly what a site knows about you (if anything). The only way to do that is to move the data into your browser! I don't understand why the Privacy Sandbox initiative isn't seen more positively, when it gives you direct control over your profile.

> Chrome itself isn't doing any user-tracking through cookies, full stop.

Well, no, Chrome itself is doing its user tracking through the Topics API.

Which you have control over! As opposed to today, where you don't have control over anything.

You’ve been conditioned.

It's just a statement of fact: if it's on your machine, then you have control over it.

In the old days the advertising industry didn't rely on tracking cookies. It showed you the monkey, you punched it, and job done.

Get a browser that doesn't have a massive financial incentive to track you:

https://www.mozilla.org/en-US/firefox/new/

There's really never been a better time to switch. Modern Firefox is just as (or more) performant than Chrome these days, and crossbrowser concerns are a thing of the past. I've been daily driving it for a couple years now with zero issues.

Wait, Firefox. Didn't they push DNS over HTTPS? Doesn't that allow you to track all the requests a user makes on the server side?

I mean the server operators could sell that data, subtract their operating costs, divide by two and then push huge donations to Firefox.

Firefox wouldn't track you or sell your data. Right?

> Didn't they push DNS over HTTPS? Doesn't that allow you to track all the requests a user makes on the server side?

Making DNS requests usually involves sending the query to a server that could track you; this has been true since long before DNS over HTTPS was even imagined. It's just a question of who is tracking you; the way Firefox migrated means that requests were concentrated on Cloudflare but nobody else can see the queries. Whether this is good or bad depends on your threat model.

This has nothing to do with my threat model.

First of all, not every country allows the ISP to spy on its users.

Then, by using the ISPs DNS resolver, there's a high chance when browsing a well known site, like ycombinator, I hit the ISP's cache, so the information that I want to access that side doesn't go past the ISP's DNS resolver.

Also the ISP's resolver may hit a cache higher up in the hierachy before talking to root servers and requesting the information directly from the source. But even if I do NOT hit the ISP's cache, and the DNS resolver has to look it up, my single request drowns in the sea of all kinds of requests from the ISP's resolver and only the ISP is able to tell that I made that request. Again, in a country where the ISP is not allowed to spy on you, that's a rather safe thing.

DNSSEC doesn't play a role here as it only signs stuff and doesn't encrypt it. So the DoH resolver, that uses the DNS protocol to resolve unknown requests, will rely on the same information that my ISP's resolver will. In the end they'll always query the root servers and go straight to the authorative source.

Also, DNS is like a public phone book, so no problem if I look something up while that lookup drowns in a sea of requests. The only identifiable part here is my udp "connection" to the ISP's resolver and my IP-Address. This information isn't forwarded past the resolver I contact even if the resolver has to request anything on my behalf.

Fast forward to Firefox' DNS over HTTPS approach:

- Now all requests go to a single resolver and are bundled there.

- The requests are encapsulated in HTTP.

- HTTP contains much more information in the headers than any direct DNS request ever could.

- I'm not just identifiable by my IP-Address, but also by the information in the HTTP-Headers and the fingerprinting of the browser that can be done.

Also Firefox made it OPT-OUT and not OPT-IN. Which is a problem in and of itself.

Great job on finding the one thing (perhaps 2 including pocket) compared to the extensive list of past transgressions by Google's Chrome team.

I greatly disagree with this kind of whataboutism brought up to whitewash the biggest offenders.

You know, the issue at hand is that they _ALL_ do it.

But some tell you they don't and do it anyway in ways that make it not as easy to detect.

And it's those sneaky ones that are really, REALLY bad, no matter what others have or haven't done.

Mozilla is a non-profit that made a couple of poor decisions. Meanwhile Google's whole business model is based around it. It is not the same thing at all.

Mozilla Foundation is a non-profit. Mozilla Corporation, a for-profit corporation which develops Firefox, made those bad decisions.

Run Chrome? Open this page: chrome://serviceworker-internals and have fun.

Personally I've had serviceworkers disabled in my browser for several years, as it seemed a pretty obvious supercookie mechanism.

Disabling them doesn't seem to break anything except push notifications - and I also have those disabled, so that's fine with me.

That's a list of service workers on your device. Not sure what point you are making. Service workers are an accepted JavaScript standard across browsers.

For Firefox:

> If you want to see a list of information concerning all the service workers registered on your browser, you can visit about:debugging#/runtime/this-firefox . Below the list of installed extensions you'll find a list of all the service workers you have registered.