Good on them.

Would be nice if also others started using internal analytics, and other utilities, instead of Google/Facebook/etc. everything.
Like that's ever going to happen...

ALL HAIL OUR LORD AND SAVIOR! LORD GABEN!

:rockout::rockout::rockout::rockout::rockout::rockout::rockout::rockout::rockout::rockout::rockout:

Good news :)

As time has gone on we've come to realize that Google's tracking solutions don't align well with our approach to customer privacy

It took me all of a Google search to find out what GA4 collects: support.google.com/firebase/answer/9268042?visit_id=638201360274760553-3726867104&rd=1
Nothing personal identifiable and it even says that geographic info is inferred from the IP (thus, publicly available anyway). Sounds to me like what Valve doesn't like is the granularity and they plan to lump some of that info together. Either that, or it's just a cost-cutting measure, only painted rosier than it really is.

bugIt took me all of a Google search to find out what GA4 collects: support.google.com/firebase/answer/9268042?visit_id=638201360274760553-3726867104&rd=1
Nothing personal identifiable and it even says that geographic info is inferred from the IP (thus, publicly available anyway). Sounds to me like what Valve doesn't like is the granularity and they plan to lump some of that info together. Either that, or it's just a cost-cutting measure, only painted rosier than it really is.

It is my personal opinion, that those that still trust anything Google says, are acting foolishly.
I say that as someone who used to celebrate (and defend) Google's 'innovations' and services.

If Valve has ulterior motives, so be it; but, I will continue to look kindly upon companies willing to separate from (any portion) of Google's ecosystems.

LabRat 891It is my personal opinion, that those that still trust anything Google says, are acting foolishly.
I say that as someone who used to celebrate (and defend) Google's 'innovations' and services.

If Valve has ulterior motives, so be it; but, I will continue to look kindly upon companies willing to separate from (any portion) of Google's ecosystems.

If there was a shred of evidence GA collects anything else than it says it does, Google would have been hit by a number of lawsuits already, I would assume. Allegations... those are another story.

In the past, my dynamic IPs would only resolve to a very rough and wide geographical area (like the ISP's nearest hub).
In recent times it's disturbingly much more likely to be more accurate.

Google Search web usually says the location is "Based on your past activity".
Sometimes it's a bit more off (yet far more accurate than in the past), but after a while it locks in even better. And that with Google not being my main search engine.

I'm not sure, but I suspect some correlation with me sometimes connecting an Android phone to the WiFi LAN.
The phone has GPS off almost always, accurate location off, and other related things off, yet who knows what's going on there. Location snooping based on nearby WiFi networks? Bluetooth?

Interestingly and unfortunately, the accurate location is also resolved by some non-Google IP-to-location databases.
Not sure if that means data sharing by Google, the other way around, or unrelated sources.

So as far as I'm concerned, the less presence of Google code around, the better.

nageme,
Good read there.

Myself, I'm happily still in the "somewhere in the region" category. Likely because I always have javascript disabled by default when visiting websites. Even here on Techpowerup I can enter these comments without any scripting. There is of course many sites that are broken when browsing in this manner. The vast majority of which I just leave and never come back to.

When I do decide to enable scripting I do it selectively (manually for each domain) and make use of tracker blockers to cleanse the webpage of nefarious code.

PS: And of course all cookies are automatically deleted every time I exit the browser. All in all I suspect it's hard for any larger profile of me to be linked up over time.

One way they could still build something is via email address submissions. But that'd require a deeper level of scraping or more explicit participation by first party site owners. The sort of thing that attracts law enforcement attention. ISP selling my metadata would be the other way I guess. That'd suck if that eventuates, but is also explicit participation by the ISP.

JavaScript is a bonus, but just the act of downloading a resource from their servers already gives them info. And I wouldn't be surprised if 95% of the websites out there integrate some Google something, including governmental and financial ones.

If cookies are retained during a whole browsing session that's already potentially linkable across sites. There are also non-cookie storage mechanisms, though these probably require JavaScript.

Disabling JavaScript was easier in the past, both because websites were designed not to require it for core functionality, and because some past browsers allowed you to toggle it easily, dynamically without a page refresh. But no more.

Yep, scripting is the primary way all tracking, including picking up cookie info, is accomplished. Cookies are otherwise benign.

It's not actually hard to selectively toggle scripting with a few plugins. I use a combination that I've been told can upset more websites than using them separately but that doesn't worry me. If the site breaks then I move on.

Cookies are sent in HTTP headers, so they're there also without JS. Though no JS might mean less types of data can be collected.

Toggle JS dynamically? If so, can you elaborate?
I don't know of any modern browser (or extension) that can suspend and resume JavaScript "live", without a refresh.

That's the benign use of cookies.
I manually toggle scripting on a domain selective manner then do the refresh. It just becomes a habit after a while. And I can click save for each of the plugins remember their respective settings if I am happy with the outcome.

I don't know if I'd call it benign. A unique tracking code can be sent both directions like that.

A page refresh to toggle JS makes it much more of a problem. Not only for the extra delay, but because some sites don't render properly without JS active on page load, even if theoretically it can be disabled afterwards.

For example, the annoying yet popular delayed loading of images or content, or the even more annoying and popular innovation: having to click "show more" to see the full page or items content.

The plugins are uBlock Origin in expert manual mode, Noscript and Ghostery. uBlock is used primarily to manage domains for all data flows, whereas Noscript is only for blocking scripts, and Ghostery is the fully automated layer for blocking known trackers that I may have let through.

I know uBlock can do a lot more automation, and it still does some automated cleansing, but I leave most of that for Ghostery since I like using the selective domain detail the expert mode provides.

The purpose of cookies is session tracking between first and second parties. Rather important to have when every HTTP request is naturally separate from every other HTTP request. That's all you get without scripts.

As I said, some sites break. I walk away then ... Well, I do enable first party scripts from time to time, hence the manual controls. That's when Ghostery kicks in and blocks the known trackers that are hosted within the loaded webpage.

My initial page view is often unformatted and can even be blank at first. So I enable one or two specific domains that look like they should contain the images and/or formatting files. So those are third party but aren't scripts. Noscript is still blocking every script at this point. This happens a lot!

The page can still be blank at this point. If I'm still interested, I might enable first party scripts. This will usually yield results. Not many are still blank after this point. And if they are then I usually walk away proper.

Although many are displayed fine by this point, interactive pages may not be responsive due to requiring some third party scripts. Google's CAPTCHA tools is a good example. If it's something like a login process where I'm trying to buy something I will go the extra effort here and enable selected third party domains in Noscript ... and also uBlock since by now there will be a large number of attempted third part domains in uBlock's list.

On these sort of sites, there is always a large number of known domains showing up that host trackers. Those I have clearly marked in uBlock's black list. So it's often not hard to find the minimum needed domains to unblock to make the site fully functional.

Alas, that's a lot of work. And requires even more work if you want to backup all the domain rules, or restore them later, or move to another browser or computer. BTW, you might find Decentraleyesinteresting (though it hasn't been updated in a while; LocalCDN might be an alternative, but it's far less vetted).

Well, cookies aren't only for sessions. It can be any arbitrary data, the interpretation of which is up to the site.

I managed to get in touch with a developer team, they also considering ditching chrome's happy eye balls RFC (which breaks the original dual stack implementation, ignoring preferences configured in the OS), why this is important? If you using a fast IPv4 ISP with a much slower IPv6 tunnel, usually you can preference traffic to go over IPv4 by default, but the happy eye balls mechanism bypasses it.

Yep, but as I said, it has become an easy habit for me. As for config transfers, so far I've just copied my whole home directory when needed. I only use Firefox so no duplication for different browsers.

Session tracking is the original purpose and only legit use of cookies - And is the only way they can function in my setup since they all get globally deleted when I close the window. Which can happen often. I even close and restart the browser just for a page reload a times.