Two days ago, I stumbled upon this thread on Hacker News. The subject of discussion is a comment on a W3C TAG discussion, which claims that Google Chrome sets Google-specific tracking headers (
x-client-data) when visiting Alphabet-owned domains. The header's value is a "unique ID to track a specific Chrome instance" (installation).
There's no consent from users, or even an ability to opt-out.
This could obviously be used to fingerprint or track users (especially if combined with IP-address, for instance) – even across domains – which looks especially sketchy in the context of recent development with SameSite-cookies, as it means that Google is potentially keeping the possibility that everyone else will eventually be denied because of their vertical ownership, including the platform (browser).
An antitrust-case in the making?