Friendly forums for passionate Dems!
More than 94 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Latest Breaking News»Google, Microsoft, Meta A...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Latest Breaking News

Related: General Discussion, Editorials & Other Articles

highplainsdem

(62,491 posts) Tue Apr 14, 2026, 02:30 PM 12 hrs ago

Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit

Source: 404 Media

An independent privacy audit of Microsoft, Meta, and Google web traffic in California found that the companies may be violating state regulations and racking up billions in fines. According to the audit from privacy search engine webXray, 55 percent of the sites it checked set ad cookies in a user’s browser even if they opted out of tracking. Each company disputed or took issue with the research, with Google saying it was based on a “fundamental misunderstanding” of how its product works.

The webXray California Privacy Audit viewed web traffic on more than 7,000 popular websites in California in the month of March and found that most tech companies ignore when a user asks to opt-out of cookie tracking. California has stringent and well defined privacy legislation thanks to its California Consumer Privacy Act (CCPA) which allows users to, among other things, opt out of the sale of their personal information. There’s a system called Global Privacy Control (GPC), which includes a browser extension that indicates to a website when a user wants to opt out of tracking.

According to the webXray audit, Google failed to let users opt out 87 percent of the time. “Googleʼs failure to honor the GPC opt-out signal is easy to find in network traffic. When a browser using GPC connects to Googleʼs servers it encodes the opt-out signal by sending the code ‘sec-gpc: 1.’ This means Google should not return cookies,” the audit said. “However, when Googleʼs server responds to the network request with the opt-out it explicitly responds with a command to create an advertising cookie named IDE using the ‘set-cookie’ command. This non-compliance is easy to spot, hiding in plain sight.”

The audit said that Microsoft fails to opt out users in the same way and has a failure rate of 50 percent in the web traffic webXray viewed. Meta’s failure rate was 69 percent and a bit more comprehensive. “Meta instructs publishers to install the following tracking code on their websites. The code contains no check for globally standard opt-out signals—it loads unconditionally, fires a tracking event, and sets a cookie regardless of the consumerʼs privacy preferences,” the audit said. It showed a copy of Meta’s tracking data which contains no GPC check at all.

-snip-

Read more: https://www.404media.co/google-microsoft-meta-all-tracking-you-even-when-you-opt-out-according-to-an-independent-audit/

3 replies, 832 views
3 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit (Original Post) highplainsdem 12 hrs ago OP
That's partly a browser code failure dickthegrouch 11 hrs ago #1
Should have always been opt-ins. "Opt-out" would be the default in a sane society. Karasu 7 hrs ago #3
People need to read the full article. What these companies are doing is deliberate as hell and the "explanations" they Karasu 7 hrs ago #2

dickthegrouch

(4,563 posts)
1. That's partly a browser code failure
Reply to highplainsdem (Original post)
Tue Apr 14, 2026, 04:08 PM
11 hrs ago

The browser could signal success on the cookie placement, but actually perform a null operation.
Subsequent attempts to read the cookie should just return a failed read, or null data in the case of CA , where the site is not allowed to give a different experience if the cookies are not accepted.
Then it would not be up to the website developer to honor the opt-out but would be performed directly at the user level.
Of course “secure by design AND SECURE BY DEFAULT” means those opt-outs should really by opt-in’s.
Nobody is getting an ISO27018 cert from me anytime soon!!

Karasu

(2,010 posts)
2. People need to read the full article. What these companies are doing is deliberate as hell and the "explanations" they
Reply to highplainsdem (Original post)
Tue Apr 14, 2026, 07:33 PM
7 hrs ago

gave in response to this report are utter weaksauce.

Without any accountability, they will not stop.

Reply to this discussion
Latest Discussions»Latest Breaking News»Google, Microsoft, Meta A...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2026 Democratic Underground, LLC. Thank you for visiting.