Browser Privacy Leaks

I don’t see how this service checks if the website is supposed to be using it. So it seems any website can get all this information and use it to track users.

The information "hey I have an IP and I'm using this browser, and I have a browser at this time" is going to be send A LOT when using the browser for what it's made for. The problems come later when sending every URL to another party (safe browsing). Also from google "Privacy: API users exchange data with the server using hashed URLs, so the server never knows the actual URLs queried by the clients." So it's possibly safe ?

Yes, though IP address isn't too much info. You can mitigate it with a VPN or by not loading external resources by default.

wait so you can detect if any of your visitors visited any link before? isn't that a huge privacy risk?

Yes. Browser have been making partial attempts to resist this, but it's an intractable problem in general -- You can't interact with a website without leaking information about yourself. Using a trusted proxy that serves many people can help.

Not a joke, panopticlick by eff does this too and explains how it works.

It doesn't prevent all tracking. You still leak uniquely identifying info via cookies, headers, and IP.

It might have privacy issues, though. Say you copy the HN logo to your server, and then serve it with an hash. You can then tell if the person has visited HN by seeing if their browser asks for the logo.

The IP you connect to could host 1000 sites. Leaking which one you're actually accessing could be important.

Thinking more adversarially, doesn't this provide an easy way to track anyone who visits a target website?