With the demise of third party cookies and the advent of built-in tracking protection measures, data brokers need to resort to first party data, thatâs why many sites (Iâve seen it i a lot of online news) suggest you to log in with your Google credentials: this way your activity on that site becomes first party.
The IP address is only one point of data used for tracking. Through scripting, it is easy to collect other technical data like your OS version, the list of typefaces installed, your screen resolution and lots of other things that are not significant in themselves, but the combination of data points make up a pretty unique profile.
Last time I visited CNN, they refused me entry because I browse with blockers 
As I see it, VPNs protect more against your ISP snooping on you than it does from the websites you visit.
The only way to disable the tracking and email analysis completely is to use a Google Workspace account. This is a âbusinessâ account, which you have to pay for. If you turn off the options for tracking once you have Workspace then they stop analyzing your emails, documents, and web activity. However, you lose any type of personalization in ads so you receive generic, non-relevant ads across all websites that use Google advertising (if you donât use an ad blocker) and you donât get localized and personalized services.
I donât mind this and prefer generic ads to them processing my personal information.
Just want to point out that personally identifiable information includes your IP, email address, ID number, biometrics and so on and its usage is severely restricted under EU GDPR and I guess there is equivalent regulation in the US. Iâve worked with many clients in martech initiatives and proper anonimization is mandatory, at least in any law abiding business.
Tracking consists on the aggregation of users with similar behaviour. So itâs not like someone is going to store in a database something like âMr Polding, ID card 9999, who owns a red Chrysler with Plate ID XYZ, drives through this street everyday at 07:45â. Yes, this fact will be logged but will be anonymized. The stored fact will be more like âThis street sees a lot of red cars traffic between 07:00 and 10:00, these guys seem to like red, letâs sell this info to advertisers that offer red productsâ. For that, Google needs a unique visitor ID to count for unique users, but thatâs decoupled from your real identity (in fact, that unique visitor ID lasts 30 days if memory serves).
Now more worrying things happen when you fill out a form, as the information will travel to a CDP even if you are not logged in the website (after all you are a potential customer), but then thatâs not something will be mediated by Google, it will be captured by the owner of the website and they are able use it on the terms of their legal conditions, possibly selling it to other âdata partnersâ (including Google, but there are hundreds of brokers including Google, Oracle, Facebook, IBM, you name it) so beware of that!
No youâre not safe. They associate you with your computer in so many ways, that changing browsers doesnât help.
To give you an idea of how bad this is, read: How the Pentagon Learned to Use Targeted Ads to Find Its Targetsâand Vladimir Putin | WIRED
Basically the brokers are better at the CIA and NSA at gathering your data.
This paragraph at the end of the article articulates the size of problem:
If you cheated on your spouse in the past few years and you were careless about your location data settings, there is a good chance there is evidence of that in data that is available for purchase. If you checked yourself into an inpatient drug rehab, that data is probably sitting in a data bank somewhere. If you told your boss you took a sick day and interviewed at a rival company, that could be in there. If you threw a brick through a storefront window during the George Floyd protests, well, your cell phone might link you to that bit of vandalism. And if you once had a few pints before causing a car crash and drove off without calling the police, data telling that story likely still exists somewhere.
The three golden rules to ensure computer security are:
-
do not own a computer;
-
do not power it on;
-
and do not use it.
Robert Morris, Cryptographer
One last thought if it helps. Iâm as nearly technical as it gets. I canât reduce my fingerprint to zero. Even worse some good things you do make your finger print larger.
Example - I use an adblocker. (AdBlock Pro). This helps on the one hand. On the other hand it makes my web browser more unique for fingerprinting.
Iâm always looking for ways to reduce my fingerprint. The browser LibreWolf is a start.
I havenât tried Librewolf, but Brave is the only desktop browser Iâve tested on Cover Your Tracks that doesnât show a unique or nearly unique fingerprint.
All of these will do well as along as you have no extensions installed. The more extensions the more unique you are.
Which browsers do you mean? Even with a few extensions, Brave shows a random fingerprint. Safari, Firefox, Vivaldi, and Arc all show unique or nearly unique fingerprints with minimal extensions. I doubt Chrome or Edge would do any better.
You can also beat the fingerprint by using the Tor browser without Tor enabled (or the new Mullvad browser is it?) but the main problem with all of these is that there is very little point in beating the fingerprinting if your IP address isnât hidden because that is the fundamental tracking element. Using a VPN with one of these browsers has given much better since the introduction of the wireguard protocol but it is still inconvenient to perpetually use a VPN. iCloud Private Relay is the best solution I have seen for hiding your IP which feels like it has almost no overhead. But as you said, Safari probably will not save you 100% from fingerprinting.
In the US, if you donât use a VPN all the time, your ISP is allowed to track and sell your browsing history, and almost certainly does.
If they are selling my information I feel like I should be getting my service for free. 
I agree, but unfortunately they donât.
And itâs cars, too: Pluralistic: Your car spies on you and rats you out to insurance companies (12 Mar 2024) â Pluralistic: Daily links from Cory Doctorow
Begs the question of âhow are insurers obtaining that information?â
I have never connected my car to any (UK-based) insurers of my Vauxhall (a Puegot badge-engineered model for the UK market).
From the first paragraph of the linked post:
your car secretly records fine-grained telemetry about your driving and [the manufacturer] sells it to data-brokers, who sell it to insurers, who use it as a pretext to gouge you on premiums
It then links to the original New York Times article.
The NYT article is behind a paywall.
Other links suggest that transmission of telemetry is done with the ownerâs permission. In other words rather link letting web sites and webvert companies collect data about oneâs web surfing habits; should point out that my web browsers are stuffed with adblockers, privacy protectors and setup to block all such nefarious data grabs and would do the same with vehicle telemetery. The temerity of manufacturers and insurers.
The article explains that much like apps on our phones, users donât read the terms of service and driverâs ââŚconsent is obtained in fine print and murky privacy policies that few readâ
âEven for those who opt in, the risks are far from clear. I have a G.M. car, a Chevrolet. I went through the enrollment process for Smart Driver; there was no warning or prominent disclosure that any third party would get access to my driving data.â
G.M. confirmed that it shares âselect insightsâ about hard braking, hard accelerating, speeding over 80 miles an hour and drive time of Smart Driver enrollees with LexisNexis and another data broker that works with the insurance industry called Verisk.
âOne driver lamented having data collected during a âtrack day,â while testing out the Corvetteâs limits on a professional racetrack.â
I would have no faith in the ML engineers putting in the proper safeguards; imagine having LA freeway âeventsâ measured the same as those in rural Iowa. Ka-ching⌠up goes your insurance.