Hey, I’ll be the devil advocate for a while. It’s not my usual interaction around here because I truly respect all of you folks.
But I guess that being the crypto guy (people say OG) and after giving a decade learning to self-host my files, nodes, websites and blablah, motivates me to share my thoughs to you.
I have 7 years supporting Discourse and I manage a community that value privacy.
They trust on me (someone can say I’m not the guy but they know that I’m their guy) and they learn how to keep their own privacy at first.
Discourse is not built with stronger privacy on mind, it’s about mostly public communities.
Primarly tech support regardless the software itself is used for different markets, concepts, nations and so on 
Depreceated encrypt PMs shows the reality: only 1% on the world takes care about their privacy.
Meta on Discourse is not different and I bet your own community neither (remember a lot of guys trusting on a random on internet like me, so we are all the same).
Apple, Amazon, Microsoft, Facebook, Google make money killing their users privacy. And almost everyone depends everyday on them.
Are you browsing on Chrome? You have no privacy.
It's real
Major Privacy Issues Google Faced with Chrome
1. Extensive Data Collection and Profiling
- Chrome collects significant amounts of user data, including location, search and browsing history, user identifiers, and product interaction data. This information is linked to individuals and devices, allowing Google to build detailed profiles for ad targeting and personalization42.
- Critics argue that Chrome’s data collection practices are more invasive than those of competitors like Safari and Firefox, and that syncing with a Google account further expands the scope of data aggregation across Google services47.
2. Third-Party Cookies and Privacy Sandbox Controversy
- Google’s long-promised plan to phase out third-party cookies in Chrome was repeatedly delayed and ultimately paused, drawing criticism from privacy advocates and regulators. The failure to eliminate these cookies leaves users exposed to cross-site tracking and surveillance85.
- Privacy advocates and digital rights groups, such as the Electronic Frontier Foundation, argue that abandoning the plan benefits Google’s business interests while failing to protect user privacy85.
3. Browsing History Leaks via :visited Links
- For nearly 20 years, Chrome allowed websites to infer a user’s browsing history through the
:visited
CSS selector, which could be exploited for tracking, profiling, and phishing. This longstanding vulnerability was only addressed in Chrome version 136 with a new partitioning system to prevent cross-site history leaks3.
4. Personalized Ads Based on Browsing History
- Chrome introduced features that use recent browsing history to profile users and display personalized ads. This raised concerns about transparency, informed consent, and the potential for manipulation or misuse of sensitive data2.
- Many users and privacy experts view this as a significant privacy violation, as Chrome accesses and processes private browsing logs for advertising without clear user control2.
5. Lawsuits and Regulatory Scrutiny
- Google has faced lawsuits alleging unlawful data harvesting from Chrome users, including accusations that private browsing data was collected and retained without proper consent. Settlements have required Google to delete private browsing histories and review its data practices7.
6. Integration with Google’s Wider Ecosystem
- Data collected via Chrome can be combined with information from other Google products (e.g., Gmail, Maps, Android), creating comprehensive user profiles that raise further privacy concerns4.
Summary Table
Issue |
Description |
Source |
Data Collection & Profiling |
Chrome collects and links vast amounts of personal data for profiling and ads |
427 |
Third-Party Cookie Phase-Out Failure |
Google’s delays and reversal on cookie removal leaves users exposed to tracking |
85 |
Browsing History Leak via :visited Links |
Exploitable CSS feature leaked browsing history for decades; only recently fixed |
3 |
Personalized Ads from Browsing History |
Chrome uses recent browsing activity for ad targeting, raising transparency and consent issues |
2 |
Lawsuits & Regulatory Action |
Legal challenges over alleged unlawful data collection, including in private browsing modes |
7 |
Google Ecosystem Data Integration |
Chrome data combined with other Google services for extensive profiling |
4 |
These issues have contributed to ongoing debates about Chrome’s suitability for privacy-conscious users and have prompted some to recommend alternative browsers with stronger privacy protections47.
- https://www.reddit.com/r/browsers/comments/146srua/is_chromes_lack_of_privacy_a_big_issue/
- Is Google Chrome violating your privacy? Scary new notification spooks users - here’s what you can do | TechRadar
- Chrome 136 fixes 20-year browser history privacy risk
- https://www.wired.com/story/google-chrome-browser-data/
- Google Confirms Bad News For 3 Billion Chrome Users
- How Chrome Safe Browsing keeps your browsing data private - Computer - Google Chrome Help
- Google Chrome and antitrust: Will a new owner solve the browser’s privacy problems? | Vox
- https://www.wired.com/story/google-chrome-third-party-cookies-privacy-rollback/
- Understand privacy in Chrome - Google Chrome Help
- Privacy concerns with Google - Wikipedia
- https://www.gen.uk/index.php?page=Home&option=Blog&article=20241003
So, back in topic, going on SSO route for real privacy means to self-host the service on local hardware or encrypted HD/SO.
I think Authentik -tested with Discourse- is our best bet for those who want open-source, community, respect and common sense.
I like to suggest e-mail alias services like Duck or Addy (better to self-host, from my perspective).
And move to LibreWolf ASAP.
Best wishes for your community and project. It’s good to see discussions about the major vortex on Internet.