Google's Secret Tracking Warning For All 3 Billion Chrome Users
You are being tracked — how to stop it.
getty
It's hard to know where Chrome is going at the moment when it comes to tracking its 3 billion users. The promise to kill cookies is essentially dead, with even regulators reportedly assuming that's the case. Meanwhile, Google and the ad industry continue their slow two-step routine, with nothing likely to change anytime soon.
There are some footnotes to all this. Google has unbanned digital fingerprinting, widening its remit beyond browsers to a raft of smart devices including TVs and gaming consoles. While the company's stock Android apps have been caught tracking users, even when the apps themselves are not being used or even opened.
Now we have another secretive tracking warning for all those users. This time, Google is playing gamekeeper rather than data poacher, warning users that there are 'known, prevalent techniques for browser re-identification used in third-party contexts.' What this means is abusing third-party APIs working within Chrome to harvest fingerprints that can then be searched to identify the specific browser and user.
Google has a plan to 'block the execution of these techniques' within Chrome's Incognito mode, which it says 'generally involve the use of existing browser APIs in ways that do not match the API's intended purpose and are designed to extract additional information about the user's browser or device characteristics.'
Blocking this browser fingerprinting in Incognito mode would at least allay the risk that users are being tracked when they have specifically opted to browse privately without any such secret tracking operating behind the scenes.
Google confirms its Chrome team 'has developed a methodology to identify widely used JavaScript functions that provide consistent outputs from stable and high-entropy web APIs and can therefore be used to construct probabilistically high-entropy identifiers.' In short, a blacklist of workarounds and websites it can automatically block.
Users will be able to opt in (or likely out) of this protection. 'When the feature is enabled, Chrome will check network requests against the blocklist, including detecting CNAME aliases. When there is a match, active content from those domains will be blocked (e.g., scripts, iframes), but not static resources (e.g., images, stylesheets).'
Google also says it will introduce mechanisms to 'prevent simple evasion tactics such as renaming or slightly modifying the script.'
With tracking cookies seemingly here to stay and fingerprinting back, Incognito mode is fast becoming more critical for users tied to Chrome but interested in privacy protections as well, better matching the defaults in Safari and Firefox. This includes IP address protection, which is also being designated as just for Incognito mode.
Google says 'the feature will be available for users in Chrome's Incognito Mode only, on Android and Desktop platforms. It will be on by default in Incognito. Users will have the ability to disable it. For enterprise-managed versions of Chrome, the feature can be enabled in Incognito, but it will be off by default to ensure that enterprise site compatibility and their user workflows are not impacted.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Verge
33 minutes ago
- The Verge
Wyze says its security cameras deserve your trust again
In an effort to restore trust in the security of its cameras, smart home brand Wyze has developed VerifiedView — a new layer of protection that embeds your user ID into the metadata of every photo, video, and livestream. Wyze claims the system matches this data to your account before playback, blocking unauthorized access to your footage. 'This is a safety net,' Wyze co-founder and CMO Dave Crosby tells The Verge. 'On top of doing everything we can to protect users, we've built this double check at the end to make sure that they're extra protected.' 'We realized that we cannot survive if we keep making these stupid mistakes.' The move follows several rough years for Wyze on the security front, starting with a vulnerability on its v1 cameras that it knew about for three years and never disclosed, followed by two high-profile incidents in 2023 and 2024, where users saw images from other people's cameras. Crosby says that Wyze now sees fixing its security practices as existential. 'We realized that we cannot survive if we keep making these stupid mistakes that we're making,' he says. 'We've got to make monumental changes so this kind of stuff never happens again.' VerifiedView is just one result of this major shift; Wyze has also expanded its in-house security team, Crosby says, and 'invested millions of dollars' in strengthening its security architecture from top to bottom. That includes re-architecting its security stack, requiring two-factor authentication, launching a bug bounty program, and deploying monitoring tools to detect and prevent threats. Wyze is also committed to being more transparent around security. 'One of the biggest mistakes we ever made was not being more transparent on that,' Crosby says, referring to a flaw Bitdefender identified in its camera in 2019, but which the company didn't disclose to customers until 2022. VerifiedView is available now via a firmware update that began rolling out in April. 'It's 100% deployed on our most popular cameras — Wyze Cam v4, v3, Pan v3, and OG,' Crosby says, adding that it's coming to the rest soon. Some older cameras don't have the hardware to support it, but Wyze is exploring ways to accommodate them. Users can check to see if their cameras are on the new firmware on Wyze's site. Investing in rebuilding After the 2024 breach, Cosby says Wyze regrouped around security. 'We went through our entire security stack, evaluating where we can improve, reviewing third-party tools, and removing them where we can. Where we have to use them, we are only building with the best platforms,' he says. 'We've invested in AWS tools – including Lacework, Security Hub, GuardDuty, and Q CLI.' Wyze also hired several security firms 'to verify and validate what we've done.' VerifiedView should prevent the types of scenarios Wyze experienced in 2023 and 2024 around issues with third-party tools. 'If everything else fails and people get into the cloud or data gets switched, people cannot see other people's content,' Crosby says. It works by attaching your user ID to your camera – and therefore onto any photo, video, or livestream it produces. Before you can access the footage, VerifiedView checks that the ID from the device you're using matches. If it doesn't, access is denied. The tech is similar to DRM (Digital Rights Management) created to combat content piracy, explains Sharon Hagi, a cybersecurity expert and chief security officer at Silicon Labs, who reviewed Wyze's published materials at The Verge's request. 'At the core of VerifiedView is a well-established and critical data security concept: cryptographic binding of user identity and device data to digital content,' he says, calling it a significant step forward in smart home security. While VerifiedView is designed to prevent unauthorized access to your footage, it can't stop someone with access to your account from viewing it. To address that, Wyze claims login security has been strengthened. Two-factor authentication is now required by default, secure sign-in options are available, and the company has deployed tools to detect suspicious logins. Crosby emphasized Wyze has invested a lot of money into these changes and that the ongoing costs to maintain VerifiedView, including engineering and cloud infrastructure, are substantial. This raises the question of how sustainable this is for a bootstrapped startup with razor-thin margins. Could VerifiedView eventually become a paid feature? 'We will never charge for this feature and we will never discontinue it,' Crosby says. 'It will be a regular feature for all Wyze Cams going forward.' Another question is why not just build in end-to-end encryption (E2EE), which ensures only the user and their authorized devices can access footage? Most cloud-based security cameras, including Wyze, encrypt data while 'in transit' and 'at rest,' which protects against bad actors, but allows the company to access it while on their servers to provide additional features. 'VerifiedView offers very similar protections to E2EE without compromising the user experience – it felt like the perfect trade-off.' Crosby says E2EE is the 'holy grail,' but it breaks the features users value. 'With E2EE, you can't use third-party integrations like Alexa, and AI identifications in the cloud don't work. VerifiedView offers very similar protections to E2EE without compromising the user experience — it felt like the perfect tradeoff.' It's true that encrypting your footage keeps a company's cloud servers from looking at it and acting on your behalf to tell you when, say, a package is at your door. But some companies like Apple, with its E2EE HomeKit Secure Video, use a local server to do that processing. Alongside the local storage it offers on some cameras, Crosby says they are exploring adding more local processing, something it has on its higher-end cameras. 'We want to move more and more to the edge,' he says, adding that could mean new local devices, but didn't clarify if that means new cameras or some type of hub for local processing. Wyze is also working on bringing back Real-Time Streaming Protocol, Crosby says. This would let users stream video to a local recording device and/or platforms like Home Assistant. When asked why not at least offer E2EE as an option, Crosby again pointed to the lost functionality of E2EE, such as Wyze's new AI features that help cut down on notifications. 'We created VerifiedView to be a third layer of protection so users can benefit from the AI features … while knowing their videos are secure.' Clearly, the cloud will always be a core part of the Wyze service. 'There will probably always be some sort of edge-cloud collaboration,' Crosby says. 'Today, we do the easy stuff on the edge and the hard stuff on the cloud. As our cameras get smarter, we move more to the edge. But situations are getting harder, too, and we're adding more use cases to what we monitor. So, it will always be a process of learning and getting better at something, and then moving that to the edge.' Crosby believes that users should now feel safe using Wyze's security cameras. 'We are more locked down than ever,' he says. 'I feel very confident. And while you can't be too confident in this game, because everyone feels confident until something happens, we're building layers of tools on top of each other. It's the best we can do at this point, and I feel very confident with it.'
Bloomberg
38 minutes ago
- Bloomberg
Intel Brings in New Engineering Leaders to Help With AI Comeback
Intel Corp. named new engineering leadership as part of a turnaround effort under Chief Executive Officer Lip-Bu Tan, tapping veterans of Cadence Design Systems Inc., Apple Inc. and Google. The executives — Srinivasan Iyengar, Jean-Didier Allegrucci and Shailendra Desai — will be joining Intel in key engineering roles, the company said on Wednesday. As part of the changes, Intel also elevated sales head Greg Ernst to the position of chief revenue officer.
Entrepreneur
40 minutes ago
- Entrepreneur
illumine and Seven Raise Early-Stage Funding
The below brands have announced their latest funding rounds. You're reading Entrepreneur India, an international franchise of Entrepreneur Media. illumine Raises USD 2.5 Mn Funding from Prime Venture Partners illumine, a fast-growing startup transforming early childhood education, has raised USD 2.5 million in seed funding from Prime Venture Partners. The funds will be used to fuel product innovation and support the company's international expansion. Founded in 2019 by Navneet Rastogi (CEO), Sourabh Agarwal (CTO), and Purva Goyal (CPO), illumine was born from Rastogi's personal experience of missing his son's first steps while at daycare — a moment that led him to reimagine how technology could bridge communication gaps in childcare. "That moment made me realise how outdated and disconnected childcare systems are," said Rastogi. illumine offers the world's first vertical AI SaaS platform for childcare, streamlining operations, supporting educators, and enhancing parent engagement. Serving over 3,000 childcare centres across 56 countries — including the US, UAE, Southeast Asia, and Europe — the platform is already a trusted tool for thousands of early education providers. "Despite parents spending thousands annually, the childcare industry remains largely untouched by modern tech," said Shripati Acharya, Partner at Prime Venture Partners. "illumine's AI-first platform improves outcomes across the board." With this funding, illumine plans to accelerate its innovation pipeline and scale globally. "Every feature we build is designed to meet the real-world needs of diverse childcare providers," said CTO Sourabh Agarwal, with CPO Purva Goyal adding, "Our platform adapts to each centre's unique requirements." Venture Catalysts Leads INR 4 Cr Investment in Seven to Advance Wearable Fintech Mumbai-based fintech startup Seven has raised INR 4 crore in a pre-series A funding round led by early-stage investor Venture Catalysts, with participation from existing backers Vinners and Anchorage Capital Partners. The funds will be used to scale production of Seven's flagship product—the 7 Ring, an indigenous, contactless payment smart ring—and launch a budget variant, 7 Ring Air, later this year. Founded in 2020 by Vijay Khubchandani, Mahek Savla, and Karthik Menon, Seven combines embedded systems and fintech innovation to create secure, tap-and-pay solutions via NFC technology. The 7 Ring, featured on Shark Tank India, is RuPay and MasterCard certified and functions without charging, smartphone dependency, or PIN entry, using a prepaid UPI wallet. "This funding enables us to deploy 30 lakh rings by 2028, transforming metro gates and kirana stores into frictionless payment zones," said Vijay Khubchandani, CEO of Seven. "We're not just building a device—we're architecting India's contactless payment infrastructure." Venture Catalysts co-founder Apoorva Ranjan Sharma added, "Seven's wearable tech is a paradigm shift, merging fashion with fintech. With 66% gross margins and zero charging needs, 7 Ring brings secure digital payments to the masses." Seven plans to expand retail presence across metro stations and major e-commerce platforms. With its IP68-rated ceramic build, metro card compatibility, and credit card tokenisation in development, Seven is well-positioned to lead India's booming digital payments sector, projected to hit INR 577 trillion by FY29.
