On February 16, Google implemented a significant shift in its advertising policies, allowing advertisers to collect IP addresses and use device fingerprinting – two tracking methods that had been previously restricted. This move represents a reversal of Google's earlier stance on privacy, raising concerns about user tracking and data security.
What Changed in Google’s Ad Policy?
Previously, Google limited advertisers' ability to collect persistent identifiers like IP addresses and employ fingerprinting techniques, citing privacy concerns. These restrictions were in place to prevent invasive tracking methods that could be used to profile users across different websites and devices without their explicit consent.
However, Google claims its latest policy update reflects broader industry trends and technological advancements in privacy-enhancing technologies (PETs). According to Google, PETs such as on-device processing and secure multi-party computation now allow advertisers to use these signals while maintaining a 'high privacy bar' through anonymization techniques. Additionally, Google argues that IP addresses are already widely used in the advertising ecosystem for measuring ad effectiveness, particularly on Connected TV (CTV) and streaming platforms.
While Google doesn't explicitly state that IP addresses and other fingerprint methods are now allowed, the Privacy Disclosure section of Google's February 16th Platforms Program Policies now explicitly mentions "cookies, web beacons, IP addresses, or other identifiers."
Why Fingerprinting Is a Privacy Concern
Unlike cookies, which users can delete or block, fingerprinting creates a unique profile of a user’s device based on characteristics such as screen resolution, installed fonts, browser settings, and IP address. This allows advertisers to track you across different websites, even if you clear cookies or use private browsing modes. Because of its persistent nature, fingerprinting is almost impossible to fully block.
If you're curious to see how unique your browser fingerprint is, this tool from the Electronic Frontier Foundation (EFF) will show you everything advertisers (or others monitoring your activity) can use to track your device.
How to Reduce Your Exposure
While completely avoiding fingerprinting is very challenging, there are steps you can take to limit your exposure:
1. Use Private Browsing Mode
Private browsing modes (like Chrome’s Incognito Mode) prevent websites from storing cookies and tracking data between sessions. However, they do not completely prevent fingerprinting. For more details on how Incognito Mode protects your privacy, read our article on What Chrome’s Incognito Mode Does and Doesn’t Protect.
2. Use a VPN
A Virtual Private Network (VPN) helps anonymize your internet activity by masking your IP address, making it harder for advertisers to track you based on location. For my recommended VPNs, check out our guide to the Best VPNs for Privacy.
3. Modify Your Google Ad Preferences
If you prefer not to use private browsing or a VPN, you can still limit personalized ad tracking by modifying your Google ad profile. Google provides an "AdChoices" feature that allows users to control the types of ads they see and opt out of personalized advertising. You can adjust your settings here in Google Ad Center.
The Bigger Picture
Google’s policy shift aligns with a growing industry trend of using first-party data and alternative tracking methods to replace third-party cookies, which are being phased out in most major browsers. While Google asserts that new privacy-enhancing technologies will help mitigate risks, privacy advocates warn that fingerprinting remains a highly invasive tracking method that gives users little control over their data.
With advertisers now gaining more access to user tracking tools, it’s more important than ever for us to take proactive steps to protect our online privacy.
[Image credit: Techlicious/Midjourney]
