From time to time, important news gets overshadowed by other headlines, even though it could have a profound impact on our (online) world. To most of us, few things are more bothersome than the dreaded cookie banners. On countless websites, you’re confronted with a pesky pop-up urging you to agree to something. You end up consenting without really knowing what it is. If you try to figure out what’s going on, you quickly get lost among the often hundreds of “partners” who want access to your personal data. Even if you do give your consent, it’s questionable whether you truly understand what you’re agreeing to.
But why unusable, why does a browser have to leak language, window size, time, extensions? Can’t those be spoofed?
A lot of those things are also required to render a webpage correctly.
But isn’t most of that client-side processing? Can’t I request a vanilla generic page and once it is in my browser to process it to shape it into the window size and extensions I want? Even if it is an adblocker: serve me the ad, I’ll block it internally. But I suppose that for dynamic pages with js requests this would become hard to do.
Yeah it’s Javascript that’s the issue that can just take all this data in the client and send it wherever. And that’s exactly what’s happening.
What’s the solution?
I’m not sure a technical solution is feasible, other than dns-blocking these trackers. I suppose lawmakers need to spring into action to make this shit illegal.
That is indeed the solution.
A technical solution won’t cut it. Here’s a very convoluted example: the <p> tag allows you to send the text “buy illegal drugs here” to kids!! Omg!!! What to do? Remove the <p> tag? Obviously not. You ban the practice.
You could probably set a cap on how many different fingerprinty attributes a script is allowed to grab before requesting permission from the user.