What are realistic ways to protect ourselves?
Use browsers like Cromite, Iridium, Waterfox, Betterfox, Firedragon, Tor, Vanadium. Disabke fingerprinting in hidden settings or in about:config. Don’t install too much extensions, if you can, none. That can be used to fingerprint you. If you don’t have the need, disable javascript and webassembly. Change your useragent to something very common
Not sure there is. Dimensionality of the trackble elements is very high. All of them have to either be the same or fuzzed across large groups of users.
it can be fixed but would require herculean engineering efforts, the biggest problem atm is the canvas. most of the other things can be fixed via defaults that are returned to the webapps unless explicit permission to access them is granted. like there is never a reason to return errors for session storage if its disable. just return a memory implementation that doesn’t persist beyond the window life. little changes like that would go a long way to removing the bits of information.
Use alternative browsers (Safari, Firefox) and alternative platforms (iOS, GrapheneOS).
I’ve had some internal struggles on this. Have used graphene for a long time and the last phone completely avoided using any G products (not even sandboxed) but still worry about the hardware, especially with the new AI chips. Can’t imagine that the ability to fingerprint using their hardware isn’t available.
So I vacillate between Fairphone/PinePhone with Linux or just anonymity through the masses with iOS. It sucks, the whole turn. Either get a fully functional smartphone and pick your poison or use a limited or dumb phone but know your smart TV/car/computer/etc will still be there for vulnerability.
Thing is, then you stand out as one of the very few people using that alternative.
If it is the Android that comes with the phone, it comes with Google Play and Google Services libraries installed. It is tracking you already. If you use Duckduckgo at least they will not know what you search for (and you will get better search than AI-ridden Google search…).
If you want an Android that doesn’t track you all the time, listens to you and those around you, etc etc, you need to use a vanilla android like https://lineageos.org as it comes, and not install the Google Services packages. This means that you may not be able to use some bank apps or popular apps such as Uber, etc that heavily depend on Google Services. Some chat apps may also have a delay in receiving messages.
Yes it sucks. It’s doable though. Welcome to the future. If we do nothing it will get even worse.
Edit: some governments are pushing for apps to not depend on Google propietary libraries. For example in the EU transit apps (city, trains ticket planners etc) are being migrated away from using Google Maps and into OpenStreetmaps, and those apps run nicely with a vanilla LineageOS. We need to keep this momentum.
