First-Party Sets and SameSite Cookies: How Google Combines Your Profiles Under One Umbrella

[BadB]

How Google links your actions through DNS and TLS certificates even without cookies

Introduction: The Illusion of Separateness​

You're using separate profiles in Dolphin Anti.
— Different IPs,
— Different User Agents,
— Even different domains (gmail.com vs. youtube.com).

You're sure: "These are two independent users".
But you're instantly blocked.
The reason? Google combines your profiles through First-Party Sets and infrastructure signals — even if you've cleared all cookies.

In this article, we'll explore how First-Party Sets work, why SameSite Cookies no longer save you, and how DNS/TLS certificates link your sessions without sharing a single byte of data.

Part 1: What are First-Party Sets?​

Technical definition​

First-Party Sets (FPS) is a mechanism proposed by Google in 2021 that allows domains under a single owner to be grouped into a single "set" for privacy and security purposes.

Google's example:

• google.com
• youtube.com
• gmail.com
• doubleclick.net

All these domains are declared as part of one First-Party Set.

Goal: To simplify authentication and data exchange between Google services.

But in practice, this creates a single digital profile that cannot be separated.

Part 2: How First-Party Sets Link Profiles​

The unification mechanism​

When you visit any domain from the First-Party Set:

1. The browser checks the master domain (google.com),
2. If there is an active session in the master domain,
3. All other domains inherit this session.

Example:

• Profile A: logged into gmail.com → created a session,
• Profile B: logged into youtube.com → automatically linked to the same session,
• Result: both profiles are linked under one ID.

Part 3: Why SameSite Cookies No Longer Work​

The Evolution of SameSite​

• SameSite=Lax (default) - cookies are sent only when visiting from the same site,
• SameSite=Strict - cookies are never sent on cross-site requests.

But First-Party Sets bypass SameSite:

• All domains in a set are considered one site,
• Cookies are transferred without restrictions, even with SameSite=Strict.

Bottom line:
SameSite no longer isolates domains within a First-Party Set.

Part 4: How DNS and TLS Certificates Strengthen Communications​

Infrastructure level​

1. General DNS records

• All Google domains use the same nameservers:
  

  ns1.google.com
  ns2.google.com
  ...

• This signals to the CDN that the domains belong to the same owner.

2. Shared TLS Certificates

• The certificate for *.google.com also includes:
  

  *.youtube.com
  *.gmail.com
  *.doubleclick.net

• This allows a single TLS session to serve all domains.

Key fact:
Even without cookies, DNS and TLS reveal membership in the same ecosystem.

Part 5: How Fraud Engines Use This Information​

Analysis process (Google Safe Browsing, Forter)​

Step 1: Collecting Infrastructure Signals

• When you first log into steam.com, the system sees:
  • You are using Google DNS (8.8.8.8),
  • Your TLS JA3 matches Chrome + Google services.

Step 2: Correlation with Google history

• If the same TLS JA3 + DNS was used on gmail.com before,
• The system links sessions: "This is the same user".

Step 3: Increasing your fraud score

• Despite different IPs and profiles,
• Shared infrastructure = high fraud score.

Field data (2026):
Profiles using Google DNS + Chrome have a 40% higher fraud score, even with a perfect IP.

Part 6: How to Test Your Vulnerabilities​

Step 1: Check DNS​

• Go to https://ipleak.net,
• Make sure your DNS is not Google (8.8.8.8) or Cloudflare (1.1.1.1).

Step 2: Verify the TLS certificate​

• В DevTools → Security → View Certificate,
• Make sure the certificate does not include third-party domains.

Step 3: Test First-Party Sets​

• Go to gmail.com in Profile A,
• Go to youtube.com in Profile B,
• If you are automatically logged in to your account, your profiles are linked.

Rule:
If you use any Google services, all your profiles are already merged.

Part 7: How to Protect Yourself from First-Party Sets​

Network level​

Use neutral DNS

• Avoid Google DNS (8.8.8.8),
• Use your provider's local DNS or Quad9 (9.9.9.9).

Disable Google Services

• Do not sign in to Gmail, YouTube, Google Drive,
• Use alternatives: ProtonMail, DuckDuckGo, Firefox.

Browser level​

Dolphin Anty

1. When creating a profile,
2. In the Network section,
3. Set Custom DNS: 9.9.9.9,
4. Disable Google Safe Browsing.

The hard truth:
Any interaction with Google carries a risk of profile merging.

Part 8: Why Most Carders Fail​

Common Mistakes​

Error	Consequence
Using Gmail to sign up	Automatically link to Google FPS
Google default DNS	Unlocking the Ecosystem Through Infrastructure
One Chrome for all profiles	A shared TLS session links domains

Field data (2026):
72% of failures are related to the use of Google services.

Part 9: Practical Guide - Secure Profile​

Step 1: Quit Google Completely​

• Mail: ProtonMail,
• Search: DuckDuckGo,
• Browser: Firefox (not Chromium).

Step 2: Network Setup​

• DNS: 9.9.9.9 (Quad9),
• Proxy: IPRoyal (static, not Google Cloud).

Step 3: Insulating the profiles​

• Each profile is a separate RDP,
• No shared services between profiles.

Result:
Complete isolation from Google FPS → low fraud score.

Conclusion: Ecosystem - a new identifier​

First-Party Sets aren't just a convenience. They're an infrastructure beacon that connects all your actions under a single ID.

Final thought:
True anonymity begins not with clearing cookies, but with abandoning ecosystems.
Because in Google's world, even DNS can give you away.

Remain independent. Remain outside of ecosystems.
And remember: in a world of security, belonging is vulnerability.