Comment by calibas

6 years ago

Yeah, it's not a "state secret" but it's not common knowledge either. Their privacy policy says that specific header can't be used to identify you, but fails to mention it can be combined with other information to make browser fingerprinting trivial.

If you don't know how all this works, which is true for most human beings, their privacy policy might give you the wrong impression.

12 comments

calibas

Reply
asdfasgasdgasdg  6 years ago

> says that specific header can't be used to identify you

That's not what it says. It says the header won't contain PII, which is true. It can be linked to PII, but so can literally every bit of information you send to Google while logged into or otherwise using their services. A disclaimer to this effect would not have any purpose.

  • calibas  6 years ago

    That's the whole point. Using any Google service means they can easily personally identify you, that's what the privacy policy should explain.

    That's their policy towards privacy, you don't have any. For some reason I can't fathom, you claim mentioning this in their privacy policy "would not have any purpose". Instead of honesty, their privacy policy is a wonder of public relations where it seems like they care deeply about protecting your privacy.

    • asdfasgasdgasdg  6 years ago

      We disagree about the purpose of privacy policies. I believe that privacy policies should describe how data will be used, not how it could be used. I just don't think a policy describing how data could be used is very useful, because it's going to be the same for all services.

      Under this formulation, Google's policy is (presumably, lacking any data to the contrary) honest with respect to this value.

      5 replies →

  • GrayShade  6 years ago

    If I log in to my Google account once, they can associate that browser id with my account. Even if I log out, clear my cookies (and probably use the incognito mode), Google will be able to identify and follow me all over the Web.

    I don't know about your PII thing, but it's personal data under the GDPR.

    • asdfasgasdgasdg  6 years ago

      AIUI GDPR restricts the handling and use of PII, not its existence. So it's PII under GDPR. Is Google misusing it? If so, that's an issue. If not, then it's kinda pointless to observe that it's PII under some possibly distinct legal definition than the one Google is using in its privacy policy.