> Websites can only make inferences based on the absence of unique cross-site cookies if you are configuring your browser in non-default ways.
But if the defaults don't block those cookies, then the alternative is that you have unique cross-site cookies, which are an instant game over. Having a site make inferences about you is preferable to having a unique cross-site cookie set that can perfectly identify you across multiple websites.
> [...] and I wish that more took your careful approach here when recommending "privacy" setups to others.
Similarly, I appreciate your approach and concerns, and you are correct that browser uniqueness is a valid concern, one that many people don't consider. But I fully stand by my advice. Your first priority as a user who cares about privacy needs to be blocking unique cross-site cookies. If you have them set, it's just game over, it doesn't matter whether or not someone is fingerprinting you somewhere else.
Your priority list should be:
A) block cookies and persistent storage that can track you across sites.
B) block tracking scripts from ever executing at all.
C) keep your browser from standing out.
D) etc...
uBlock Origin is the easiest, simplest way that you can make progress towards addressing A and B. To your overall points about stuff like advertising networks looking to prevent fraud, this is exactly why it's important to block advertising networks; they're the low hanging fruit that's most likely to be trying to fingerprint you at any given moment. To your point about it standing out that you don't have certain query params set, those query params are unique identifiers and referrers. If you don't delete them it's game over, you have been identified. You can't blend into the crowd if you have a tracker attached to you.
There are very few one-size-fits-all approaches to security/privacy, but I fully stand by the belief that virtually every single person running Chrome or Firefox should have uBlock Origin installed. I don't have much nuance or any caveats to add to that statement: block unique identifiers first, worry about fingerprinting second. You don't need to worry as much about your browser standing out if you block the majority of tracking scripts from reaching your browser in the first place, and in most (not all, but most) cases you should be more worried about 3rd-party tracking on the web than 1st-party tracking. That's just where the current incentives are right now, and it's important that we calibrate our threat models accordingly.
But if the defaults don't block those cookies, then the alternative is that you have unique cross-site cookies, which are an instant game over. Having a site make inferences about you is preferable to having a unique cross-site cookie set that can perfectly identify you across multiple websites.
> [...] and I wish that more took your careful approach here when recommending "privacy" setups to others.
Similarly, I appreciate your approach and concerns, and you are correct that browser uniqueness is a valid concern, one that many people don't consider. But I fully stand by my advice. Your first priority as a user who cares about privacy needs to be blocking unique cross-site cookies. If you have them set, it's just game over, it doesn't matter whether or not someone is fingerprinting you somewhere else.
Your priority list should be:
A) block cookies and persistent storage that can track you across sites.
B) block tracking scripts from ever executing at all.
C) keep your browser from standing out.
D) etc...
uBlock Origin is the easiest, simplest way that you can make progress towards addressing A and B. To your overall points about stuff like advertising networks looking to prevent fraud, this is exactly why it's important to block advertising networks; they're the low hanging fruit that's most likely to be trying to fingerprint you at any given moment. To your point about it standing out that you don't have certain query params set, those query params are unique identifiers and referrers. If you don't delete them it's game over, you have been identified. You can't blend into the crowd if you have a tracker attached to you.
There are very few one-size-fits-all approaches to security/privacy, but I fully stand by the belief that virtually every single person running Chrome or Firefox should have uBlock Origin installed. I don't have much nuance or any caveats to add to that statement: block unique identifiers first, worry about fingerprinting second. You don't need to worry as much about your browser standing out if you block the majority of tracking scripts from reaching your browser in the first place, and in most (not all, but most) cases you should be more worried about 3rd-party tracking on the web than 1st-party tracking. That's just where the current incentives are right now, and it's important that we calibrate our threat models accordingly.