The privacy nightmare of browser fingerprinting
Mood
informative
Sentiment
negative
Category
tech_discussion
Key topics
Browser Fingerprinting
Privacy
Security
Online Tracking
Discussion Activity
Very active discussionFirst comment
16m
Peak period
43
Hour 1
Avg / period
11.4
Based on 160 loaded comments
Key moments
- 01Story posted
Nov 22, 2025 at 12:08 PM EST
1d ago
Step 01 - 02First comment
Nov 22, 2025 at 12:24 PM EST
16m after posting
Step 02 - 03Peak activity
43 comments in Hour 1
Hottest window of the conversation
Step 03 - 04Latest activity
Nov 24, 2025 at 1:49 AM EST
1h ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Basically, we can identify browsers based on the supported ciphers in TLS handshake (order matters too AFAIK). Then when your declared identity is not matching the ja3 hash, you're automatically suspicious, if not blocked right away. I think that's the reason for so many Capchas.
It's a better explanation that I can provide.
At best they identify the family of browser, and spoofing it is table stakes for bad actors. https://github.com/lwthiker/curl-impersonate
These will still help against the masses of dumb actors flooding your stuff.
I am concerned about the detail here: does this mean per hardware class (e.g. same model of GPU), or per each individual device?
Is the implication that there are certain graphical operations that - perhaps unintentionally - end up becoming akin to a physically unclonable function in hardware?
We've made our world a scary place.
per combination of hardware(GPU, resolution of display) and software(exact drivers)
Sending emails costs $0.50.
But yes, I always thought some form of network syndication would emerge on the Web, where creators could register for their share of aggregated periodic payments made by users.
Still not sure why that's not a thing. I would pay $50/month to a syndicate in return for never having to deal with paywalls on any sites affiliated with them. But only as long as the vast majority of sites participated, and that is probably the showstopper, I guess. We'd end up paying 20 different 'syndicates' for absolutely no good reason, just as we now have to deal with 20 different streaming services.
Also wonder if it will really work out, i open too many articles that are pretty bad when you start reading them. So i quit after 1 or 2 paragraphs.
Now if you get the first 2 paragraphs for free, contents writers will start to optimize for good first 2 paragraphs, and afterwards quality will drop. Also, many blog posts or news articles don't have more than 2 paragraphs of good content.
The point of paying creators is so that they can focus on creating content instead of making other things. Giving money to a creator is basically saying "you're so good at what you do, and it has so much cultural/intellectual value, I'd rather have you make content instead of stocking shelves or making food". But this should be reserved for people that publish good content because they can and are passionate about it, not just anyone putting out slop with the instrumental goal of paying their bills. If the friction of clicking a button and filling in payment details is enough to deter people from paying them, then maybe their content isn't worth paying for and they should find some other way to make a living instead.
Aggregation of tips and payouts would help, but that requires network effects (achievable only at scale) to be viable. I believe this approach has been tried in recent years, but I am not sure where those efforts went.
Would you pay per view? Most people (me included) would probably hesitate to say yes, because we’re used to not paying for that. But what if it meant that ad based model is gone and everything you buy is cheaper because the price does not include the cost of running ads?
Spotify's model is more that your monthly amount gets disproportionately redistributed to the artists that bring more interest and listens to Spotify, regardless of whether you were one of those listeners. Smaller and niche artists suffer under Spotify's model.
Except in practice we see the opposite.
There's something interesting going on with companies when they want to get paid directly versus by ads: they demand 3x - 4x or more for subscriptions or pay per view versus what they make from ads.
Easiest place to see this is ad supported non-linear TV in the years you could get without ads, or with ads. You pay significantly more to not see the ads, than they make from the ads.
Perhaps this is justified because ad-free subscriptions reduce the audience size for ad buys, but when you look at the numbers watching with ads versus paying, it wouldn't seem like the "no ads" buyers make a dent in whatever pricing tier.
In the 90s when we were young and naive, we imagined a library card model, with a library fee and then you have fractions of a cent cost to read a post, and using (hand waving) technology to uncouple viewing history from payables to content creators. That, or the British TV license model, an Internet license of some kind.
It's curious to me the ad networks haven't gotten together to preemptively offer this. Arguably Brave tried, but from an adversarial (to the ad companies) stance. It would work better from the inside with a simple regulation: if you serve ads for ad-supported content, you have to participate in the library card system at CPM rates no greater than you receive for ads to skip the ads for card holders.
The only companies that we directly allow to do this are schools, but having a premium version lets you approximate this.
it takes a lot of $0.10-$0.25 views to make up for the loss of a $5/month recurring revenue stream that might last for years.
The problem is skewed incentives, of course. Advertising is acceptable to most users and easy to integrate, so why should website authors go out of their way to please a minority of their users who object to it?
I can't speak for all web sites, but I reckon a combination of factors could explain why such a solution hasn't been deployed:
1. Advertising is ubiquitous, easy to integrate, and provides a safe revenue stream.
2. There is little to no infrastructure for the PPV model. Whoever builds it would need to maintain their own version of it.
3. People expect the web to be "free". This is even true within technical crowds who understand that it's really not free. And a large part of that group doesn't mind advertising.
So, really, it would require a substantial amount of effort to implement, it would add additional friction to users, and ultimately only a minority would appreciate it.
Had this model been in place from the beginning of the web, things might be different today. Alas, if my grandma had wheels...
A critical mass of publishers would need to team up and form a cooperative/etc where a user could register once, deposit some money, and then that money would be spent every time they view an article. But that requires cooperation between competitors, which is already hard enough, and the cancer that is the advertising industry wouldn't like this potential existential threat and would be more than happy to pour fuel onto the fire to ensure it never succeeds.
What's surprising is why the card networks themselves don't get in on it. They could do so in a completely backwards-compatible manner, introducing a new card number range that only works with transactions under a certain amount and have different fraud protection/chargeback rules.
i don't believe NYT has ever tried a pay-per-view model.
The PPV model, like Ads, works well for websites that you're not well associated with. Random blogs and websites that you otherwise wouldn't be willing to share your credit card info with.
you're describing the model of a product called blendle, a service which i loved but which totally failed. they failed to attract users, and they failed to attract publishers. this isn't some new idea that nobody had tried. it's been done. and it failed, not just for blendle. people have tried micropayments, they've tried subscriptions, if you can imagine a PPV model, it's probably been tried. readers and publishers both hate it.
Advertising is ubiquitous on the web. Integrating it into web sites is simple, it works well for generating revenue at scale, and users have been conditioned from every other media industry to accessing content for "free". There is practically no friction for users, save for the degraded user experience, which most people have learned to live with or ignore.
So right off the bat, anyone trying to deploy alternative business models is going against the current of a trillion-dollar industry, and well established consumer expectations.
> readers and publishers both hate it.
Why do you think that is? Is it because the micropayment model is inherently bad, or because implementing it is difficult for website owners, it is annoying to use for users, and ultimately brings little revenue?
What if implementing it were as easy and convenient as advertising is today? What if users had an easy and convenient way to link their payment method into their browser, and from then on it required no maintenance? What if they understood that the web is not "free", but someone on the other end should be paid for their work if they find it valuable? What if this model actually generated significant revenue for publishers? What if all this was simply the way the web operated from the start?
Clearly this model hinges on a bunch of hypotheticals, but hopefully you get the point. There's nothing fundamentally wrong about users paying for consuming content. This is the way business transactions work in most respectable industries. You want something, you pay for it directly. You don't ask a third party to step in between you and the seller, to show you manipulative content that directly benefits them and their associates, while indirectly paying for the thing you actually want to buy. The fact we've accepted this corrupt business model as normal in many facets of life is absolutely insane. Never mind the fact that it's being used to manipulate us into thinking and acting in ways which corrupt democratic processes and cause sociopolitical instability, or that it's abusing our right to privacy and exploiting our data. To hell with all of that.
It is a shame that this feature gets lumped together with claims of crypto scams, and similar nonsense. Yet this is precisely the right model that could work at scale to eliminate the advertising middleman, and make the web a safer and more enjoyable experience for everyone.
From my perspective I couldn't care less if one bad guy is stealing from another bad guy.
That's what people are bemoaning the loss of: the before times, when people did interesting stuff without regard for whether it could be monetized or not.
Yes, but only after viewing, of else I'd pay for "editorial" or AI generated slop which would be generated like link farms pointing to Amazon etc.
And that's the chicken-and-egg problem ...
In theory that could be resolved by registering for free at reputable sites and then paying per view with micropayments. Or by a scheme where one would register and only pay when I actually did read stuff, not with the currently en-vogue monthly fee for each and every site.
One option: a fund where you buy tokens, that you can spend reading an article. That will, however, lead to more clickbait and AI slop and snowing under serious blogs with low volume.
It's very simple, it's what they've been doing in print media for centuries: contextual advertising.
I'd venture to say contextual advertising would be more effective than whatever we've been trying to squeeze out of fingerprinting etc. All this supposed "data" they are gathering feels like a scam perpetuated by ad companies about how important it is to the people who buy ads. It's not.
Even Facebook and Instagram, which pretty much should know you to a tee is completely ineffectual at advertising to me - like at all.
Later on in life I got pissed at cable-TV advertisers shoved into my favorite movies every 5-10 minutes ... ruining any ambience or artistic merit in them ... so I got rid of cable TV. By the time analog TV went away, I'd got rid of my television set. No return address on an envelope? junk mail, into the garbage unopened.
Now the pollution's ruined the 'net ... it's YouTube (re-routed) and some websites (blocked). So long, boing-boing and wired and your 'native ads'. Sites demand subscription? blocked. How much longer before advertisers realize how much they're getting ripped off?
Odd. In the midst of a (well-deserved) anti-ad rant, you throw in the primary non-ad alternative and discard it.
> How much longer before advertisers realize how much they're getting ripped off?
A while longer, if the same people who reject ads are also the people who reject alternatives to ads. The advertisers can safely ignore those people's opinions.
(I'm not saying subscriptions are the answer. I don't have an answer. I'm just saying that companies wanting subscription money is not part of the problem where companies want to shove ads in our faces 24/7.)
Print media was also trying to guarantee their audience was an actual person by charging nominal fees, the difference was how much info required to do so.
Targeted ads concentrate control over the market into a few players, which can do things like acquire competitors or run them out of business with loss leaders.
With AI, the supply of ad real estate will go to infinity, so the only thing that will matter is the quality of the places the ads run.
This would be a good time to ban targeted advertising, or for the content producers to form a cartel that only purchases contextual ads.
That cartel will probably be even worse than what we have now, since it’s going to be 2-3 mega conglomerates like Disney, and they already have handed editorial control over to the White House.
Hopefully the invisible hand of capitalism will somehow fix this.
I have a gut feeling that we've been tricked (by ad companies) into thinking that this is somehow realistic and that casual "content creators" can get meaningful money from us reading their articles.
Realistically, while professional content creators can make a living, writing a blog post every once in a while will not provide meaningful income. Instead of trying to "monetize" everything, we would be better off with free content like on the internet of old. There are other means of making money.
It seems that the current situation means that the "content creators" earn insignificant money, while ad companies earn huge money because of scale, and we all somehow keep believing that this is necessary for content to appear.
Nor, generally, should it. Sitting down one or two Saturday afternoons a month to write a blog post shouldn't be generating the income of a FTE.
What if it could? Or should (be able to produce FTE or close income)?
In that world, the amount of pointless shite - questing to “go viral” - would be reduced to near zero. That is, if the incentive were more quality, and less quantity, we’d be better off, yes?
... but that's also not, nor should it be the median. I'm not sure how the economy functions if, say 8h/mo effort generates a median living wage.
Metrics are hard. Just making sure they reward one particular desired outcome doesn't mean you'll escape the unintended consequences.
Also, note that we are past the point of being able to reasonably able to manage any of this. Today, you'd need to come up with a reward function that cannot be maximized by AI. (And lest you think you can fix that by using site visitors to evaluate, most of them will be bots too.)
Should people receive meaningful income for writing a blog post every once in a while?
I feel like that's the real question and not everyone agrees on the answer
> we would be better off with free content like on the internet of old
Well as someone who was there you used to need meaningful income to use the Internet of old. Nowadays everyone needs the Internet and it's a pretty big expense in most peoples' budget, and I think that's why so many people are willing to try something at it,
I figure if you just gave everyone meaningful income we could have that again
I wrote a longer post on this[0] but to save you the click I will state the biggest problem from a privacy point of view - if you think privacy is bad now with ads imagine how much worse it would be with a payment processor knowing your every click.
Yes, I know about certain cryptocurrencies that maintain privacy, they are a non-starter for micropayments for different reasons.
Even if a magically technical solution to privacy were to emerge there is nothing more valuable than information about paying customers and sites would use browser fingerprinting anyway.
The article you lists assumes a "conventional" credit card system with chargebacks, massive fees, etc. which makes micropayments ecosystem impractical in the first place. Proposals for micro-payment systems usually describe a way top enable low-fee payments.
The author doesn't take into account modern cryptocurrency tech like payment channels. I really doubt that payments have a natural fixed floor of 10s of cents - Payment providers charge these fees simply because they are in a natural monopoly position, thanks to lock-in and regulation. The need to control fraud is caused by regulatory requirements, which are in turn caused by monopolization.
Despite being technologically less efficient, even traditional cryptocurrency payments are cheaper than bank transfer fees due to competition and low regulation.
Secondly, you assume that no one wants to do micropayments. The infrastructure doesn't exist for it yet. If you don't build it, they will not come.
As for browser fingerprinting, it can be solved on the client side with enough effort. Look at tor browser. Just have a system where cookies, WebGL, etc. are opt in on a browser level in the same way that WebUSB is. Artificially limit the performance of javascript to prevent bench-marking. I think it is possible to solve this architecturally.
Check it out!
https://en.bitcoin.it/wiki/Payment_channels
https://lightning.network/lightning-network-paper.pdf
Also, there are GNU Taler/Chaumian cash type systems that inherit the efficiency of centralized systems with an added privacy benefit.
That “if” is doing a lot of heavy lifting there.
But my point is that even if a magical technical solution existed tomorrow then the same sites that collect data for ads would continue to do so for the much more valuable data on paying users.
There have been a number of proposals, I think the oldest is DLSAG: https://eprint.iacr.org/2019/595.pdf There are other ones based on time-lock puzzles, but those have always been kinda crappy.
It may be possible with some ZK magic I'm unfamiliar with. But the core of the problem is that we need to find a way to make a transaction valid but only after a certain block height, and make it so that validators can't learn any specific heuristics about the transaction (like what the block height is exactly).
>But my point is that even if a magical technical solution existed tomorrow then the same sites that collect data for ads would continue to do so for the much more valuable data on paying users.
Sure, but after the micropayments revolution there will also be a change in the types of sites people use, enabled by the new form of monetization. You could rely more on people posting things like videos to their personal blogs and interlinking them instead of having to shack up with one of the few sites large enough to support ad-funded monetization. The internet would have a basic spam-resistance function, so it would be less reliant on the existing players to gatekeep (for example, email, forum moderators, etc).
I think it would be more competitive. Let's say you have a site like twitter that says "now that there are micropayments, we will charge you 1 cent per pageview AND force you to login and collect your data", well then you will have a competitor like xcancel.com which can charge 2 cents per pageview and not require login. The market would decide what the best model is. Right now proxy sites like xcancel have to do it for free. Even if they wanted to run ads, the ad market isn't competitive in the same sense because it is more profitable for larger players.
I think you mention in your blogpost that no one would want to support micropayments because of piracy. I consider this a massive advantage of the micropayment system. It's pro-piracy by default. If you look at the origins of ad-funded sites like youtube, they started out as hubs of (light) piracy. The content of social media sites should be pirated and mirrored: they are just getting rich off of network effects in the first place. If you combine micropayments with some sort of bittorrent-like system, this could be very powerful. Imagine a decentralized archive site, where you take advantage of TLS to archive a verifiably timestamped version of a page, and anyone else can send you money that is conditional on you providing them a copy of that archive in return.
Micropayments don't fund the development of new intellectual work, but they let you recoup the cost of bandwidth. He who does not host, also does not earn. If you want to fund the development of new work, I think you need patronage. We are already seeing this with a lot of videographers from youtube depending mostly on sites like patreon and donations from dedicated fans. In a micropayments world, you wouldn't have sites like patreon taking a cut. Aside from just having ~0.1c micropayments-per-pageview, you could have very easy p2p "mini-payments" on the order of ~$1 in exchange for donation rewards.
With less money in the annoying ads economy, google and others would have less power to alter the web standards to their whim, and we could claw back features that enable fingerprinting. I don't know, that is just my dream.
> I think you mention in your blogpost that no one would want to support micropayments because of piracy. I consider this a massive advantage of the micropayment system. It's pro-piracy by default
If I am selling my content at 5 cents a page, what stops somebody cloning my page and selling it for 4 cents? What stops Google from summarizing my content, discouraging people from clicking through to my site? Is Google even allowed to spider my site if I charge for it, and what stops them if not?
That is the type of piracy I was talking about and I think it is just one of the many serious fundamental problems micropayments have.
How does tracking me and invading my privacy make ads perform better? In my case it does not. As the tracked ads are usually worse as they will keep advertising me things I don't need anymore. Context based ads worked fine in the past and I don't really see why they cannot.
Also why does every web store need to show me ads? Don't they make money out of selling things? If they really have to, do they have to invade privacy? This is like walking into a physical store and them doing facial recognition, then showing you tailored ads/inventory. That feels creepy to me.
If you don’t want to be tracked, you shouldn’t be, but how could it not? At a very simple level, an ad targeted towards a 50 year old woman isn’t going to be the same ad to show a 14 year old boy. Different people like different things and ads targeting you as an advertising profile are going to be better than ones that aren’t. You may not like the targeting and think it's invasive, because it is, but let's not pretend the tracking doesn't do something.
This is false: We're the ones who pay the creator, because:
> I'm not going to pay $5/month for every blog that I occasionally read
If that upsets you, please understand it upsets me to, because
> but at the unacceptable price of privacy
I want you to consider a different toothbrush brand, or maybe a hot location for a holiday, and the idea that I am "invading" your privacy in trying to do this is disconcerting.
I understand there are actors who want to use your private personalising data to harm you. I think that is bad, but I am telling you friend, that isn't me.
> I'm not quite sure what the answer is.
Listen, as an insider I am not quite sure what the answer is either, but I'm telling you that content creators need to eat because you have threatened them with capitalism which murders you if you don't participate, and I am the one feeding them and not you.
I think though, it probably takes the form of better laws that prevent people from using personalised data to harm you without public (judicial) review, and I think that is going to require people like you thinking of the outcome that you want, instead of foolishly trying the impossible to conserve your personal privacy.
Why would you assume ads are worth $5 a month? Its more like paying 10cents to read the blog.
I switched to the Mullvad browser. The other recommendation, LibreWolf, provides the following warning on install which scared me away: "Warning: librewolf has been deprecated because it does not pass the macOS Gatekeeper check! It will be disabled on 2026-09-01."
Sure even with the gatekeeper test you can’t be sure it’s built against only the claimed code but it does guarantee:
1) the binary hasn’t been modified since it was signed 2) the binary was signed by somebody in possession of the private key 3) there is some measure of identification via Apple on who or what signed the binary 4) somebody was willing to fork over $99 to sign the binary
It’s not perfect security by any means but it is something. Otherwise the binary you are running might as well have come from some sketchy email attachment. And fuck that. Why would I want that on my machine?
I get that the $99 might be a hurdle for “non-organized open source” (ie most open source… doesn’t have a non-profit entity to take up the expense and credential management, etc…)… and there are probably ways apple could make it easier for such “collectives”… but ultimately I’d argue that signed binaries are good for everybody. While imperfect, they provide some form of traceability and accountability.
obviously it’s not a 100% guarantee of being fuckery-free. The private key might have been compromised, the appleid might have been hijacked and the developer program might have been enrolled with stolen credit cards… but it’s still a hurdle to filter out a large swath of low effort nonsense.This isn’t an easy problem! I’d argue signed binaries are good for everybody… They are good for the end user because it provides some assurance the thing hasn’t been tampered with and provides at least some form of audit history. It’s good for the developers too! It ensures that users are running the binaries the dev intended them to run! It’s good for the platform maker as it reduces the attack surface…
The problem is… getting the keys to sign binaries requires getting a private key! And not just any key but one that been blessed somehow by something that all parties can trust. And trust isn’t a technical problem but a meatspace human some. Apple solves it by requiring the dev to cough up 100USD and probably some other personal information. I have no idea how Ubuntu does it or Microsoft…. But something, somewhere has to bless that signing key.
Edit: Apparently Brew doesn't sign stuff because they don't trust the code they are being asked to sign. Apparently you can just get brew to build the package locally with `brew install --build-from-source librewolf` though which is useful.
On windows you just need a certificate from a known authority. This will still probably cost you money but you have a lot more options at different price levels. Also that certificate is a widely useful thing rather than an apple dev account which is only useful in the apple walled garden.
If you want to avoid being uniquely identifiable stick to Chrome, signed into a Google account, running on a PC from Best Buy.
That’s not to say you shouldn’t use a browser that blocks ads etc but I don’t think people should immediately think that they’re not fingerprintable because they’re running these. There definitely needs to be more discussion on the reality of how much these browsers can “protect” you.
Yes, I know that's ski-mask bla bla bla, but I still don't want my browser to be doing this nonsense.
When I think of all the tracking that goes on, these are becoming more lucrative.
However, you might also want to access HTTP and HTML, and to do so without needing to load fonts, pictures, etc; you might use a web browser that omits many of these features. However, it also can result in some problems; there are a few ways to work around some of these, such as adding your own scripts to handle some services, adding proxy services for handling some services (although some of these can use other protocols such as Gemini), and/or using the HTML/CSS commands in other ways (e.g. using ARIA to decide the formatting rather than using CSS). However, there are other issues, e.g. if the web page you download includes more junk than the actual main text.
Lets see what he says on the subject.
It really isn't, because there's plenty of fingerprinting scripts that run on the same domain, especially fingerprinters from security providers like cloudflare or akamai.
When I was young I used to think of him as that eccentric pedantic mit guy but now I see him as a true warrior for freedom.
With like 12 students, that's 4 bits, and it often ends up with 2-3 questions. It starts off with the obvious ones - man/woman/diverse, but then a realization comes in: An answer usually contains more information than just that one bit. If you have long hair, you're most likely a woman and/or a metalhead for example. That part will get shaken out later on.
And those thoughts make these browser fingerprinting techniques all the more scary: They contain a lot of information and that quickly cuts the possible amount of people down. Like, I'm a Linux Firefox user with a screen on the left. I wouldn't be suprised if that put me in a 5-6 digit bucket of people already.
Isn't the point to ask yes or no questions?
It is indeed not possible for it to give more, because it only has a single bit answer, which by the pigeonhole principle can't give you more than one bit.
The best yes/no questions are the ones which are independent of each other and bisect the group evenly. "Are you female" is typically good because it will be approximately half the population. Then you want independent questions that bisect the population again, like "does your first name have more than the median number of letters" which should be mostly independent of the first question. Another good one is conditional questions like "are you taller than the median for your sex" since a pure height question wouldn't be independent of sex but that one is.
Whereas bad questions would be ones with highly disproportionate responses, like "do you have pink hair with black and green highlights" which might be true for someone somewhere but is going to have >99% of people answering no, or "were you born on the planet Mercury" which will be 100% no and provide zero bits of information.
You can think of all sorts of questions and answers like this, and when you combine with the assumptions and answers from previous answers you can make even more assumptions. They won't always be correct, but you don't have to be "perfect", depending on your use-case. For example for advertising purposes assumptions(even if incorrect) can still go a long way.
There is a reason Target got sooo good at identifying pregnant women[0] before the women knew they were pregnant that they creeped out women, and had to pull back what they did with that information. This was like a decade or more ago. It's only gotten more accurate since then.
0: one example from 2012: https://techland.time.com/2012/02/17/how-target-knew-a-high-...
That's why I pay with cash and do not have a loyalty card (other customers often offer theirs at cash register anyway). And of course I don't even go to Target.
https://www.predictiveanalyticsworld.com/machinelearningtime...
Why would they do that, if they didn't think their system was that good?
Target isn’t going to do something that scares away consumers, like say “our ad tracking is TOO good”, unless there’s another benefit that makes it net positive for them.
The goal of these decision trees is to have as few questions that divide the group in two balanced halves (and also recursively).
If you imagine a binary tree with questions in each internal node, and in each leaf there is a person. You want the height of the tree to be minimized.
That means there is less information in the question "do they have long hair?", not more. Asking "long hair?" and then "woman?" is probably, in most groups, roughly the same as just the first or second question alone. So the second question added much less than one bit of information because the answer is probably "yes". "Long hair" and then "metalhead" is the same, except that the answer to the second question is probably "no".
Yes/no questions on average contain the most information each when they partition the remaining possibilities 50:50. Then each answer gives you exactly one more bit. The closet you get to either a 100:0 or 0:100 yes:no split, the smaller the fraction of a bit you encode in the answer.
"Metalhead?" usually gives you lots of bits of information (probably 4 in an "average" group of 16 containing at least one metalhead) if the answer is "yes", but on average that's outweighed by the very high chance that the answer will be "no". If there are no metalheads or only metalheads, it gives you zero information.
In this case, it was often an interesting exercise in bias as well. "Woman?" would usually single out 1-2 persons out of the 15, so it was a terrible question. It was CompSci after all. "Long hair?", lumping women and metal heads into one group would often split it into half and half. That was much better, and then spurred creative thoughts like travel distance, or bus stations.
Unfortunately there is no way to tell advertisers, "No, I'm not interested in your product. I never will be. Don't waste your money."
The top offender is Hims. No, I don't have hair loss. I don't want hair loss supplements. I also don't have ED, and I object strongly to ads for that showing up unexpectedly when I'm showing a YouTube video to someone else.
The second top offender is whoever it is (they keep changing their name) who thinks that I need some kind of Christian motivational course to get control of "the P-word". (Their phrase, not mine.) No, I don't have a problem with pornography. I am very rarely interested in it. And when it comes up every few months, I don't feel any guilt about it afterwards. Furthermore I'm an atheist. A Christian motivational course isn't going to work well for me regardless.
Yes, Google does offer a report function, and a block function, for ads. The report function seems to have gotten rid of the unwanted ED ads. The block really doesn't work when the ads are all very similar AI slop that is rotated frequently. Block this ad, and then next unwanted ad from the same source will be coming along soon enough. (The reason why I particularly dislike Hims is that they are more aggressively rotating their ads.)
[1] https://mullvad.net/en/help/dns-over-https-and-dns-over-tls#...
[3] https://revanced.app/patches?pkg=com.google.android.youtube
A general "show me no ads" solution is not my preference.
It means that, when you need a new dishwasher, you will never see the actual best dishwasher for you, only dishwashers that are a bit more expensive than you actually need but you will end up buying one of them anyways.
It means that you are more likely to see products you would impulse buy just after you get your paycheck. Or slightly inflated prices on things you usually buy.
It means ads designed to take advantage of addictions to sugar, alcohol, gambling etc
Finding stuff you actually want to buy has never been easier, you can find hundreds of reviews and comparisons instantly. People who opt into personalised ads don't end up being more savvy online shoppers, they just end up buying more junk.
I do not have those problem addictions. Of course I am going to comparison shop for any large purchases. I am good enough about controlling spending that excess junk isn't one of my problems.
But what I do have a problem with is coming up with creative ideas for people in my life. So, for example, I would have never thought to look for https://www.zazzle.com/cup_equation_love-168099175298227864. But I'm very glad that someone out there knew enough about me to guess that this might be an item that I'd like. And my wife liked the cup a whole lot.
Does this happen often? No. But I'm perfectly happy to pay a premium for a product when an advertiser gets it right.
Maybe you truly are above the influence of advertising. However, almost no one believes that they are affected by advertising yet clearly almost all of those people are wrong.
I find it safer to assume I am part of the vast majority of people who would be influenced by personalised advertising. Given that online advertising is basically the biggest business in the world, I assume that it would find a way to get money from me.
In addition, I block most known advertizing/tracking domains at the DNS level (I run my own server, and use Hagezi's blacklists).
Finally, another suggestion would be to block all third party content by default using uBlock Origin and/or uMatrix. This will break a lot of websites, but automatically rules out most forms of tracking through things such as fonts hosted by Google, Adobe and others. I manually whitelist required third party domains (CDNs) for websites I frequently visit.
https://help.kagi.com/orion/privacy-and-security/preventing-...
The last time I looked at this seriously I was trying to find out how much fidelity (if it was possible at all) was necessary to identify someone by their mouse and keyboard input.
It's not just what you do but how you do it.
Giving the surveillance economy access to your habits means making them slightly better informed about everyone. That won't directly endanger you; the SE will just become slightly better informed about how people like you function.
This will enable it to increase the amount of risk faced by some other person that you will never hear of (and vice versa) if any of you is even suspected of endangering the SE, in proportion to the risk to the SE which people like you may hypothetically pose, as quantified by the methods of nepotism-powered pseudoscience.
75 more comments available on Hacker News
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.