← Back to context

Comment by asdfasgasdgasdg

6 years ago

> > Experiments may be further limited by country (determined by your IP address)

> They even admit to inspecting the IP address...

I don't think that sentence admits what you say? Chrome could be determining which experiments to run client-side.

Of course, when you visit a Google property, they needs must inspect your IP address to send a response to you, at a minimum. That goes for any site you might choose to visit. The existence of sufficient entropy to personally identify a site visitor is not a state secret. They do not need this chrome experiment seed to identify you, if that's a goal.

16 comments

asdfasgasdgasdg

Reply
calibas  6 years ago

Yeah, it's not a "state secret" but it's not common knowledge either. Their privacy policy says that specific header can't be used to identify you, but fails to mention it can be combined with other information to make browser fingerprinting trivial.

If you don't know how all this works, which is true for most human beings, their privacy policy might give you the wrong impression.

  • asdfasgasdgasdg  6 years ago

    > says that specific header can't be used to identify you

    That's not what it says. It says the header won't contain PII, which is true. It can be linked to PII, but so can literally every bit of information you send to Google while logged into or otherwise using their services. A disclaimer to this effect would not have any purpose.

    • calibas  6 years ago

      That's the whole point. Using any Google service means they can easily personally identify you, that's what the privacy policy should explain.

      That's their policy towards privacy, you don't have any. For some reason I can't fathom, you claim mentioning this in their privacy policy "would not have any purpose". Instead of honesty, their privacy policy is a wonder of public relations where it seems like they care deeply about protecting your privacy.

      6 replies →

    • GrayShade  6 years ago

      If I log in to my Google account once, they can associate that browser id with my account. Even if I log out, clear my cookies (and probably use the incognito mode), Google will be able to identify and follow me all over the Web.

      I don't know about your PII thing, but it's personal data under the GDPR.

      3 replies →

bamboozled  6 years ago

So if you use a VPN service for example, they still know who you are because of this. I would say even if you’re visiting in private mode.

I see your point, but I also see how this will keep you identifiable.

  • asdfasgasdgasdg  6 years ago

    I don't math very much, but I would guess the intersection of these sets of people is nil: people who 1) use VPN to avoid tracking by Google 2) still log in to Google services from one of their networks and not the other 3) use the same Chrome profile on both. But suppose some small number exist who adopt this illogical and contradictory pattern of behavior. If Google is using this token for the purpose of tracking this tiny set of people when the vast majority could be tracked more easily via conventional means, it would imply that they are far more competent than I give them credit for.