Comment by Havoc

  > Let’s say IP address, fingerprinting and cookies.

This will still not lead to a binary outcome. Cookies can be deleted and fingerprints aren't perfect. Nor is Google able to obtain this data from sites equally. Amazon and Facebook certainly are not sharing liberally, as this is a big part of their revenue streams too. Their competition can benefit us in our defense.

You also forget time. There is historical data, current data, and future data. You can tackle all of these, and they should be addressed differently. You can remove data and that can prevent future players or potential sales of your data. But we should also be really aware that the future data is most important. You change over time and they want to track these changes. The more you can limit their access, the more you fight back. One easy method is to use email masks. You can do this for free or relatively cheap, but I've changed most of my logins to unique emails as well as unique passwords (fwiw, Mozilla Relay integrates into Bitwarden, making this simple). I've now been able to track who is leaking my information to who, and better adapt to the environment. It also means that if one of these sites gets hacked than I can easily burn that email address and not be forever locked in a circulating list.

So I just want you to realize, you haven't been defeated yet. As long as you generate new data, there is time for you to fight back.

Yes. But there are all sorts of sites that only track you with cookies, or IP address + cookies, and separating cookies helps a lot with those.

> If Google has say three different ways of figuring out who I am and I eliminate one of them then nothing has changed.

That's not true! If Google has three ways and you eliminate one, and nothing else ever happens, then you might as well not do anything. But if there's one approach to data security that protects you from one kind of tracking, and you "set it and forget it," then it's chugging away in the background not really protecting you now—but if you later "set and forget" two other approaches to data security, then, together, they might have eliminated the problem, even if none of them individually made any difference.

(Stating the attempted refutation this way, it feels kind of like the privacy version of the refutation of "what good is half an eye?", e.g., https://evolution.berkeley.edu/evolution-101/the-big-issues/...)

Long ago I started only using browsers in private/incognito mode with ads blocked with the idea that I was preserving my privacy in some meaningful way. It's been a few years since I realized this alone was a futile exercise because there's a lot of money paying for a lot of resourceful people whose raison d'etre is to poke holes in my fig leaf. It's small consolation to know that what I'm doing might work for the long tail of sites while doing nothing to hide me from the big players.

If you eliminate fingerprinting, that is in and of itself a fingerprint. If you block cookies, that is too. So the person with your IP address and blocks fingerprinting and cookies is you. Someone with your IP address and only blocking cookies could be you as well on another device, or a family member on their device. Either way, they're on to you