15 hours Ago
Tracking is here to stay. Google has just updated Chrome to kill a secretive form of tracking most of you didn’t even realize was there. It should be a good news story.
But it has been overshadowed by the worrying news that Chrome’s more infamous form of tracking is here to stay , and that a separate, outlawed form of tracking has also returned . First to that good news. Google confirmed the stable release of Chrome 136 this week, which stops bad actors abusing Chrome’s display of previously visited webpage links to assemble a history of where you’ve been, or more realistically publishing links to determine which of you visiting its site have been to specific webpages.
As Google explains, “if you clicked a link, it would show as ‘:visited’ on every site displaying that link. This was the core design flaw which enabled attacks to reveal information about the user’s browsing history.” Here’s the worked example.
“You are browsing on Site A and click a link to go to Site B...
Later, you might visit Site Evil, which creates a link to Site B as well. Without partitioning, Site Evil would display that link to Site B as :visited — even though you hadn’t clicked the link on Site Evil.” The fix is simple.
Chrome will only mark websites as previously visited if you clicked through from the website you’re currently on, partitioning the data. A little clunky, but much safer than making that universal “:visited history” dataset available to all. Google confirmed this change on April 2.
But then just twenty days later, it announced “we’ve made the decision to maintain our current approach to offering users third-party cookie choice in Chrome, and will not be rolling out a new standalone prompt for third-party cookies.” In other words, tracking cookies are here to stay and the teased one-click stop tracking prompt was not going to be offered to users after all. Just a few weeks earlier came Google’s other awkward u-turn — digital fingerprinting , the practice of harvesting IP addresses, and browser and device identifiers to provide a form of unique user profile.
This had been outlawed — by Google ironically — but was suddenly back. And whilst originally it had just impacted browsers, its return saw a wider remit encompassing smart TVs, gaming consoles and all your other devices. When the return of digital fingerprinting was announced in December, it was balanced against ongoing efforts to kill cookies — one way or another.
Now that’s not going to happen, we’re left with both tracking cookies and digital fingerprinting. Two u-turns. On any level, it seems a far worse situation for Chrome users than we expected.
Browsers and smart devices — everything is now being tracked. You can’t do much about digital fingerprinting — there’s no opt-out. But you can use Chrome’s incognito mode to mask your IP address and cut down its trackers.
You can also switch to a different, more private browser. Cue Apple’s Safari ads. Thus far, Chrome’s 3 billion users are voting with their feet, through, and sticking around.
If it’s already hard to keep up, the DOJ’s action won’t help..
