That's the whole point. Using any Google service means they can easily personally identify you, that's what the privacy policy should explain.

That's their policy towards privacy, you don't have any. For some reason I can't fathom, you claim mentioning this in their privacy policy "would not have any purpose". Instead of honesty, their privacy policy is a wonder of public relations where it seems like they care deeply about protecting your privacy.

We disagree about the purpose of privacy policies. I believe that privacy policies should describe how data will be used, not how it could be used. I just don't think a policy describing how data could be used is very useful, because it's going to be the same for all services.

Under this formulation, Google's policy is (presumably, lacking any data to the contrary) honest with respect to this value.

"I believe that privacy policies should describe how the data will be used, not how it could be used."

Google's policy does not tell the user how her data will be used by Google's customers. The policy states Google will use the data to "provide better services". That is deliberately vague. That is the "purpose", but how exactly is the data used to achieve that purpose. There are no specifics with which a user could object.

Google does not only serve the search engine user, the email user, the YouTube user, etc. Its business is not free services. As such the policy is misleading as to what are the "Services" it may use the data to improve. Google's business is providing online ad services.

The truth is that Google collects data to provide better services to advertisers. The policy reads as if it only collects data to provide better services to users. The "free" services are just bait to draw users in. The data is collected to improve online ad services.

> The truth is that Google collects data to provide better services to advertisers.

I understand that that is what you believe, but I do not think this is factually true about the data collected from this Chrome header. I believe that Chrome team collects it in order to understand the impact of Chrome experiments on performance.

> I believe that privacy policies should describe how data will be used, not how it could be used.

This is key. If you subscribe to the "how it could be used" version, then even say possessing an android phone would be a violation of the privacy policy. Which is absurd.

This is a fair distinction, though it does not include the option of discussing how the data _won’t_ be used.

Per your observation, I would argue that the intent of the privacy policy as quoted above is pretty clear. When the policy says that the identifier doesn't contain PII, I believe that is meant to convey that it will not be used to identify you. But it's true that that use is not explicitly excluded. I'm not a lawyer so I couldn't tell you if being weasely in this way would count as fraud or not. Otoh, I suspect that Google is actually abiding by the spirit of the policy they wrote because honestly they have little to gain and much to lose by violating it.

If I log in to my Google account once, they can associate that browser id with my account. Even if I log out, clear my cookies (and probably use the incognito mode), Google will be able to identify and follow me all over the Web.

I don't know about your PII thing, but it's personal data under the GDPR.

You can't even login into gmail, at least from firefox in incognito mode.

It works for me, at least with 2FA enabled.