Mozilla security policy cracks down on creepy web trackers, holds supercookies over fire The Mozilla Foundation has announced its intent to reduce the ability of websites and other online services to track users of its Firefox browser around the internet. At this stage, Moz's actions are baby steps. In support of its decision in late 2018 to reduce the amount of tracking it permits, the organisation has now …
I think Firefox lacks an option in the options/safety and security section.
Under cookies, one is offered the possibility to block third party cookies, at the risk of breaking some websites, which is fine, but the 'keep until' options are only until they expire, or until Firefox is closed.
It strikes me that an option to delete cookies once the last tab currently open on a domain is closed, possibly in association with a whitelist, might actually be more useful to have.
Generally a combination of techniques to make it so that you can't delete a cookie. But, what that really means is if you delete the cookie, some other mechanism will bring it back, so they might also be called zombie cookies. This includes the use of Flash cookies. Yes, Adobe decided that Flash needed it's own cookies. Wasn't that nice of them :( Sesame Street's Cookie Monster surely does not like these.
Thanks.. In the UK, unless there's informed consent, methinks with some sharp lawyers, this could fall foul of our Computer Misuse Act. So unauthorised changes to a computer. As for Flash, I terminated that with extreme prejudice after trying out ITV's video player. Which featured ads that would unmute speakers, and an insatiable appetite for cookie storage.
I have fixed IP addresses (IPv4 & IPv6) at home, I live alone - that makes me easy to track from the server, no javascript needed. Even if others lived here it would narrow it down to a few people.
What is needed is legislation to stop the various sites from sharing tracking information. This might happen in Europe, but I doubt that it will in the USA (no comment on a post brexit UK).
Yep, this is strangely not illegal. Amazon makes this prevalent with the fact they keep showing the same guesstimated ads when you have never logged into Amazon on a machine, and see the same ad on another machine you've never logged into. Amazon, Facebook and Google are notorious at invading privacy, but even smaller sites of similar kin do it (there was 3 I noticed it on, but I'm not disclosing them).
It also might be worth pointing out the sites that "save a draft" of some sort, as this is a great excuse to retain user data under the guise of functionality (I'm now VERY paranoid of these sites).
So your bet is that your pull with legislatures and their capacity to set and enforce rules over time exceeds the amount of pull combined with the legal and technical resources of some of the largest and wealthiest organizations on the planet.
That's adorable, but good luck with that.
In practice, even people with dynamic IPs don't change that often (mobile usage being an exception) - sometimes less than once a year, so as a practical matter we're all more or less in the same boat.
As a general philosophy, the most robust responses to things you don't like are responses that work unilaterally - things you can do where it doesn't matter what the other party does. There are always limits, but the more unilateral your focus the more success you will find in practice. This applies in most areas of life. As to this specific area...
I block certain domains at the DNS level. I avoid using the services and resources of certain companies whose practices I consider abusive - this really isn't as difficult as it sounds. I use a combination of VPNs, browser and / or VM isolation, onion routing, and pseudonymous accounts in areas where the above measures are insufficient or too restrictive of what I want to accomplish. And in some cases on some days I just accept that I'm giving up a little bit of privacy. You can actually accomplish quite a bit on your own with a reasonable amount of effort if you're conscientious enough.
In the long run, privacy will be a privilege of the wealthy and those who are both technically astute and disciplined. This can't be fixed legislatively (and arguably may not even be immoral - work with me on this), because there are a lot of people who will gleefully give up all knowledge of themselves for a few minutes of Candy Crush or whatever. If people *want* to make these choices then you really can't save them from themselves and even if you could you'd be inhibiting their learning to make better life decisions (assuming they're not the more rational ones - I personally prefer privacy but I'm not arrogant enough to believe that my choice "is correct" for everyone else on the planet. An argument can be made that for poor people trading privacy for entertainment may be acceptable - again, not my thing, but it's not like I can prove that I'm right).
When Microsoft decided to do a similar thing with IE10 (do not track) did they not get shot down and told it would be ignored?
I assume the firefox method is going to be more direct. Rather than a request it will outright just block the nasty practices?
Serves the ad slingers right IMO. Lets's hope they all start blocking it (hmmm Chromium)
Microsoft were changing a default option that was supposed to be "no" to "yes". What Moz are doing is attempting to block hacks that get round blocks that various browser options give users.
EG, user clicks "delete all cookies" but some supercookie system puts back a bunch of those cookies because the operator would rather track you than allow you to give them the slip.
When Microsoft decided to do a similar thing with IE10 (do not track)
The "Do Not Track" flag was introduce by Firefox, Microsoft in IE10 chose to override it and change its meaning.
The "Do Not Track" flag is meant to express an explicit request of the user. Microsoft by overriding the policy and setting the flag by default stated that it wasn't anymore an explicit request of the user and as everyone expected after some time internet sites began to ignore the flag claiming that it any case it didn't express a user request.
Basically Microsoft made on purpose a choice that backfired.
EFF's Panopticlick (as mentioned in a previous Reg article) might still be a useful check:
https://panopticlick.eff.org/
(Before and after installing Ublock Origin, Ghostery, DuckDuckGo browser add-in for privacy protection, etc, etc)
Sadly their Self-Defence page has disappeared.
(Register link)
https://panopticlick.eff.org/self-defense.php
LOL, I guess this means my Firefox browser running NoScript is safe.
Response from https://panopticlick.eff.org/
Internal Server Error
The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.
Hear hear. Anyone on Firefox, AVOID the last 2 "up"grades offered by the auto-update. Its already-terrible (non)ability to handle more than a couple of simultaneous javascript threads goes to pieces. As in: goes from teeth-grinding to 2 or 3 full restarts per day to recover your ability to get anything done on your machine. As in: mouse frozen for 5mins at a time, etc.
If Mozilla actually manages to block the things that are effectively impossible for me to block myself (supercookies and fingerprinting are the most obvious things), that might actually convince me to use the new Firefox. Although I strongly dislike the new Firefox because of unfixable usability issues, the ability to stop that sort of thing would likely be enough to make me suffer the UI in exchange for protection I can't get anywhere else.
Many internet sites will react by making navigation with Mozilla more difficult. Right now a lot of sites don't bother about your security settings, If you block third party cookies many functions like streaming videos do not work and if you ask them why they don't tell you to enable third party cookies they tell you to use Chrome (which enables third party cookies by default).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
