But anybody knows (in tech I mean) that a browser client leak a lot of things and sustained tracking is easy even cross-browsers (and cross-devices too with more advanced techniques), including history (easy to know which websites were visited with timing analysis in loops and iteration), it falls on the responsibility of the user to achieve privacy, but it requires heavy sacrifices that frankly most users are not willing to do, fingerprint.com is really basic and doesn't go to a great length at all actually to track users (fortunately).
Reality is that most do not care about privacy (look at the number of Google users, even developers themselves who are completely aware of it and continue to "embrace" the mass tracking). There is also the mass brainwashing which is an issue where people that use VPNs think that they are anonymous and this is terrifying to think (thank you NordVPN non-sense, which also use Google Analytics which then correlate entire traffic later-on, what a joke).
Similarly, just like how somebody would think that a company selling weapons that are expressly used to harm protestors is a terrible company, a company that tracks its users and invades their privacy is a terrible company.
We can see that big companies are able to do a great deal for privacy like Cloudflare and Apple (relatively speaking).
>Reality is that most do not care about privacy
Most people don't understand how much they are being tracked online, and even less know how to start preventing it. The vast majority of people care deeply about privacy. It is a natural human desire. Ask someone that says they have "nothing to hide" if they would be willing to let you install a camera pointed at their bed. Are they doing anything wrong in bed? Anything to hide? No. They still deserve privacy.
Saying you don't care about privacy because you have nothing to hide is like saying you don't care about free speech because you have nothing to say. [1]
Just because people don't care about the issue doesn't mean they shouldn't have the right by default. Privacy should be the default. It is bad for you to have less privacy because it gives governments, corporations, and other people significant power over you and allows them to harm you more easily. Also it is your right, just like the 1st amendment.
I would never use NordVPN–I think their marketing is deceptive and they don't accept private payments, among other issues, but there is a big difference between the VPN collecting data and just their website. Bitwarden has a privacy respecting pw manager, but their website uses analytics.
Absolutely, Nord is a sh*t company when it comes to privacy, they removed the anonymity claim as well recently and changed it by "Security", but anyway a VPN is far (very far) from being enough to reach decent level of Opsec. Anyway, VPNs that care can start use Enclave at the very minimum, but it's insufficient as traffic can easily be correlated if you disconnect peers one by one (gov can just sniff DC firewall, then DDoS each IP connecting through it, check if the guy is still online... (ton of ways)). Mullvad is clearly more trustable regarding the steps taken to ensure more privacy, but it's not enough on its own and even them say so.
For Bitwarden, well, US government (and Google, and more) is aware of your usage of it through their analytics so I wouldn't say it's really privacy respecting but sure, there is a bigger effort yeah.