- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
You must log in or register to comment.
Get fucked, advertisers.
Advertisers track you with device fingerprinting and behaviour profiling now. Firefox doesn’t do much to obscure the more advanced methods of tracking.
Don’t all the advanced ways rely on JavaScript?
Lots do. But do you know anyone that turns JS off anymore? Platforms don’t care if they miss the odd user for this - because almost no one will be missed.
“Anymore”? I’ve never met a single soul who knows this is even possible. I myself don’t even know how to do it if I wanted to.
I do use NoScript, which does this on a site-by-site basis, but even that is considered extremely niche. I’ve never met another NoScripter in the wild.
Am I in the wild? I use it.
The people who I’ve tried to get on NoScript seem to have the brain capacity of goldfish. If the site doesn’t instantly work, it’s as if the sky has fallen and there is no way to convince them to pay attention to which scripts are actually needed.
It’s a rare breed that is willing to put up with toggling different scripts on and off. I’ll also acknowledge that too many people (including me) are in a giant rush. For work-type stuff, I have the laptop without noscript, because sometimes I do need something to work absolutely right now.
You don’t think you are being a tad judgemental?
People whose lives revolve around fashion probably think you dress like shit.
People who love food probably think you eat like shit.
People who love cars probably think you are a shit driver.
You probably love computers and care about privacy, and you are shitting on regular users(assumption, admittedly) for not being invested.
They had something that was working, you present noscript, thing no longer works. If you are not invested, how are you going to see the appeal of extra work?
I go hard with DNS-based ad blocking and I’m constantly confirming it works by checking the network tab in developer tools. I’m basically only seeing first party scripts and CDN assets — 99% of websites load all the tracking garbage from third-party domains that can be easily blocked.
Honestly would be hard to do. There a perfectly legitimate and everyday uses for pretty much everything used in fingerprinting. Taking them away or obscuring them in one way or another would break so much.
Librewolf has Resist Fingerprinting which comes pretty far.
Every Librewolf browser uses the same windows user agent, etc. But there are downsides, like time zones don’t work, and sites don’t use dark mode by default.
And even then, EFF’s Cover Your Tracks site can still uniquely identify me, mainly through window size. That’s one of the reasons why Tor Browser uses letterboxing to make the window size consistent.
I don’t know what letterboxing is. But if window size is used to identify me, can’t it be circumvented simply by using the window in restored size, and not maximised?
Your restored window size is even more unique than your maximised window size!
The correct solution is to just not make the window size available to JS or to remotes at all. There’s no reason to ever need specifics on window size other than CSS media-queries, and those can be done via profiles.
For those who don’t care to read the full article:
This basically just confines any cookies generated on a page, to just that page.
So, instead of a cookie from, say, Facebook, being stored on site A, then requested for tracking purposes on site B, each individual site would be sent its own separate Facebook cookie, that only gets used on that site, preventing it from tracking you anywhere outside of the specific site you got it from in the first place.
Hahahahaha so it doesn’t break anything that still relies on cookies, but neuters the ability to share them.
That’s awesome
Honestly, I thought that’s how it already worked.
Edit: I think what I’m remembering is that you can define the cookies by site/domain, and restrict to just those. And normally would, for security reasons.
But some asshole sites like Facebook are cookies that are world-readable for tracking, and this breaks that.
Someone correct me if I got it wrong.
They’ve been doing this with container tabs, so this must be the successor to that idea (I’m going to assume they’ll still have container tabs).
Container tabs are still a thing in FF. This is based on that work, if I remember correctly.
I love container tabs. It’s one of the reasons I went back to FF.
Total Cookie Protection was already a feature, (introduced on Feb 23st 2021) but it was only for people using Firefox’s Enhanced Tracking Protection (ETP) on strict mode.
They had a less powerful third-party cookie blocking feature for users that didn’t have ETP on strict mode, that blocked third party cookies on specific block lists. (i.e. known tracking companies)
This just expanded that original functionality, by making it happen on any domain, and have it be the default for all users, rather than an opt-in feature of Enhanced Tracking Protection.
Article from JUNE 14, 2022
updated August 28th
I think this tips it over the edge for me to switch to Firefox
I hope so! It’s a wonderful side of the Internet to be on
I miss Mozilla the product.
I unironically miss Netscape Communicator. Yes most of that went into Firefox but not all and I really miss the frame layout.
I used the shit out of their WYSIWYG HTML editor when I was an up and coming little script kiddie.
I prefer waterfox. Hard to trust Mozilla Corpos.
As long as it’s not Chromium, I’m happy people aren’t just handing over the keys to the Internet to Google.
Yeah, Waterfox is just another browser built on top of the Mozilla’s GECKO engine. But without all the AI dickriding.
How terrible to offer client-side translation or webpage description for differently abled people!
Client side incorrect translations*
How incorrect is it?
Sentences are a lot like math problems. An incorrect part changes the entire outcome.
I haven’t seen anything to signal Mozilla is untrustworthy other than from that one right wing guy with a chip on his shoulder.
The Mozilla Corporation is a for profit entity owned by the non-profit Mozilla Foundation, which lets them claim to be a nonprofit, which is a sketchy looking way to set up and promote your business if nothing else. They get most of their money from Google and they’ve been riding AI like all the other unethical companies.
I see absolutely no reason to give them a chance, either. Just use an actual open source build instead of the mainstream one.
Really? This is what does it for you?
Ur… Yeah?
Yup. Nobody else gets those cookies.
Why are we posting 2 year old articles as though they are new?
I guess it says updated, but hey. PR for Firefox is cool, until the imminent enshittification.
The moment that Firefox goes too far, it’ll immediately be forked and 75% of the user base would leave within a few months. Their user base is almost entirely privacy-conscious, technologically savvy people.
Firefox did an add-on genocide years ago and it obviously didn’t hurt them in the long run.
Maybe they should try to develop the uBlock Origin extension with the dev to make it last more.
Aren’t cookies already limited to the site at which they were created??
What the fuck? You mean to tell me sites have been sharing cookies?
I thought all browsers only delivered cookies back to the same site.
The problem is that a website is generally not served from one domain.
Put a Facebook like button on your website, it’s loaded directly from Facebook servers. Now they can put a cookie on your computer with an identifier.
Now every site you visit with a Facebook like button, they know it was you. They can watch you as you move around the web.
Google does this at a larger scale. Every site with Google ads on it. Every site using Google analytics. Every site that embeds a Google map. They can stick a cookie in and know you were there.
Put a Facebook like button on your website, it’s loaded directly from Facebook servers. Now they can put a cookie on your computer with an identifier.
Which is not allowed by GDPR btw, because they do that even if you don’t click them. There are plenty guides online, how to create your own, not tracking, facebook like button.
Is this also how they know which ads to feed you?
Yes, it’s the reason for the tracking. To sell more targeted ads.
If you’re up for reading some shennanigans, check out the book Mindf*ck. It’s about the Cambridge Analytica scandal, written by a whistleblower, and details election manipulation using data collected from Facebook and other public or purchased data.
Is that because the like button is an iframe?
It doesn’t have to be. Your browser sends the cookies for a domain with every request to that domain. So you have a website example.com, that embeds a Facebook like button from Facebook.com.
When your browser downloads the page, it requests the different pieces of the page. It requests the main page from example.com, your browser sends any example.com cookies with the request.
Your browser needs the javascript, it sends the cookie in the request to get the JavaScript file. It needs the like button, it sends a request off to Facebook.com and sends the Facebook.com cookies with it.
Note that the request to example.com doesn’t send the cookies for Facebook.com, and the request to Facebook.com doesn’t send the cookie for example.com to Facebook. However, it does tell Facebook.com that the request for the like button came from example.com.
Facebook puts an identifier in the cookie, and any request to Facebook sends that cookie and the site it was loaded on.
So you log in to Facebook, it puts an identifier in your cookies. Now whenever you go to other sites with a Facebook like button (or the Facebook analytics stuff), Facebook links that with your profile.
Not logged in? Facebook sets an identifier to track you anyway, and links it up when you make an account or log in.
ah yes, the other TCP
Maybe they should patent it, to protect their TCP IP.
Or have some higher tier version called Ultimate Cookie Protection {UDP)
Wouldn’t that be Ultimate Dookie Protection?
danvit, yes
This is old news, from 2022!!
From the blog post:
“June 14, 2022”
“Updated Aug. 28, 2024”
“And starting in 2024, all our users can look forward to Firefox blocking even more third party cookies.”
Except it’s still out of date because it mentions chrome also blocking third party cookies when at this point in time they’ve announced that they’ve abandoned that course of action now.
Chrome, I’m looking at you. When are you getting it?
Never, because Chrome is a data harvesting platform.
Made by an advertising company
Yes we are going to enable this feature that is going to be irrelevant in the future, because where building an API in the browser to fetch browser History…
Yeah maybe 10 years late…
