I wrote a fairly long comment touching on why most browser and extension privacy features are just theatre and in reality tend to reduce privacy:
reddit.com/r/GrapheneOS/c
Services like Panopticlick are also incredibly misleading. Their approach is flawed and the data is tainted.
Conversation
Also gave a shout out to Apple for shipping some genuinely useful privacy features in Safari. There are not many attempts at browser privacy features that I can say that about. It's nearly all privacy theatre. Safari does that too, but they shipped a few genuinely good features.
1
3
In general, extensions reduce privacy. Changing site-visible settings reduces privacy. Deviating from standard content filtering lists reduces privacy. If you use uBlock Origin and you deviate from the standard filters, that can be detected. Sites can enumerate what is blocked.
3
6
Replying to
I disagree with this take. There is "the site" and there is all the 3rd parties "invited" by "the site". Not connecting to the 3rd parties will significantly lower the data mined & sent to countless 3rd parties -- no way this is a reduction of privacy.
1
2
Replying to
That's a misinterpretation of what I said. I called it a useful, opportunistic privacy improvement falling into the same school as antivirus of enumerating badness. It's not a fundamental privacy improvement. Ultimately, it doesn't really work, and just targets low-hanging fruit.
3
If most of the tracking scum was competent enough to even just read its own webserver logs, why do these companies bother with serving hundreds of kilobytes of bullshit JS tracking code for every single page impression?
1
Google Analytics doesn't use fingerprinting. It doesn't get deployed to sites via middleware. It's not deeply integrated into content. So sure, it's easily blocked. It's also not scary. It's doesn't try to bypass using a VPN + Incognito. It's not aimed at tracking individuals.
1
See, this is the issue. People are worried about being tracked by services that are explicitly stated to be gathering analytics and marked as such. Nothing about this is hidden, and it largely doesn't bother trying to evade blocking. Now, what about all the useful content?
1
Even simply talking about third party assets included on a site, a service doing something like providing comments can and does do just as much tracking. However, you can't just opportunistically strip it out since it's part of the functionality.
2
So, for example, if your concern is with Google tracking you, why would you only be blocking their analytics service and not everything else like YouTube code? The reason is because this is just opportunistic harm reduction. Code can be first party too. It's just not a solution.
2
I want actual solutions. Actual privacy features. Not stripping out analytics code that is marked as such when possible while leaving all the tracking via first party assets (which are often there for the benefit of a third party) and most of the useful third party assets intact.