• 2 Posts
  • 5 Comments
Joined 1 year ago
cake
Cake day: June 8th, 2023

help-circle

  • Do they “give high rankings” to CloudFlare sites because they just boost up whoever is behind CloudFlare, or because the sites happen to be good search hits, maybe that load quickly, and they don’t go in and penalize them for… telling CloudFlare that you would like them to send you the page when you go to the site?

    Counting the number of times results for different links are clicked is expected search engine behavior. Recording what search strings are sent from results pages for what other search strings is also probably fine, and because of the way forms and referrers work (the URL of the page you searched from has the old query in it) the page’s query will be sent in the referrer by all browsers by default even if the site neither wanted it nor intends to record it. Recording what text is highlighted is weird, but probably not a genuine threat.

    The remote favicon fetch design in their browser app was fixed like 4 years ago.

    The “accusation” of “fingerprinting” was along the lines of “their site called a canvas function oh no”. It’s not “fingerprinting” every time someone tries to use a canvas tag.

    What exactly is “all data available in my session” when I click on an ad? Is it basically the stuff a site I go to can see anyway? Sounds like it’s nothing exciting or some exciting pieces of data would be listed.

    This analysis misses the important point that none of this stuff is getting cross-linked to user identities or profiles. The problem with Google isn’t that they examine how their search results pages are interacted with in general or that they count Linux users, it’s that they keep a log of what everyone individually is searching, specifically. Not doing that sounds “anonymous” to me, even if it isn’t Tor-strength anonymity that’s resistant to wiretaps.

    There’s an important difference between “we’re trying to not do surveillance capitalism but as a centralized service data still comes to our servers to actually do the service, and we don’t boycott all of CloudFlare, AWS, Microsoft, Verizon, and Yahoo”, as opposed to “we’re building shadow profiles of everyone for us and our 1,437 partners”. And I feel like you shouldn’t take privacy advice from someone who hosts it unencrypted.