Here’s an article from a Vice sister site that’s definitely got a lot of questions around the line between intrusive snooping and illegal (at least in some juristictions) monitoring of users:
Personally, I’m not a big fan of even the privacy violations that do stick to best practices of anonymisation of data and informed consent of users. Generally, I’d say the only sensible way to browse the web nowadays is with scripts disabled except for a whitelist of sites whose online apps are just something you are prepared to give up privacy to access (and the privacy you give up is only lost while on those sites, unlike a browser that enables all scripts and allows you to be tracked in detail between different domains).
I’ve previously mentioned that this does come at a cost: if I read Waypoint via the RSS text stream or without client side code execution enabled, the telemetry, the images/videos embedded in articles, and the ads all fail to appear (this is a choice from ad platforms: I remember running sites with customised/per view server-side ads almost 20 years ago - you can sell ad space without client side code execution, you just can’t also sell the privacy of your readers). But the actual text (just like the above article, which I read with no scripts enabled because I’ve never whitelisted Motherboard to read a few articles) is there just fine. I experience a site that loads instantly, contains no clutter, uses up far less of my resources, and doesn’t expose me (as much - there’s still the server-side tracking stuff going on) to incredibly intrusive privacy violation concerns. But also I suspect I’m not contributing to any of the metrics that a Vice site uses to keep the money flowing in for writing this stuff.
At some point, for online ads to have value, trust must somehow be earned back. This latest report shows that movement is still happening in exactly the opposite direction: making it so any savvy user should expect to put their browser into a mode almost indistinguishable from running an ad blocker (note the end of the article effectively suggests one such tool as the easy way of protecting yourself - I’d rather make the list of allowed scripts myself rather than trusting a plugin).