https://wiki.mozilla.org/Security/Contextual_Identity_Projec...
It lets you run multiple sessions in one window, where each tab belongs to a specific session with separated cookies and such.
I've got a bunch of tabs where I'm logged in to Facebook, another set where I'm logged in to Google and the rest of them where I'm not logged in to either. Of course they can still use IP matching to track me, but at least it's something...
Your user agent plus unique plugin installations plus fonts installed equals a unique fingerprint across IP addresses. The above isn't an exhaustive list, either. There are dozens of tricks to track you.
Plus it's super slow, encouraging me to not spend too much time on Facebook...
But it's not just that. It let you easily open several accounts in parallel. I have 3 github accounts, and can open 3 tabs in 3 clicks with the 3 account in parallel. Before than I had to use profiles and it was a pain.
Just a warning: not if you have enabled multiprocessing.
SDC (and other similar addons) can't monitor LocalStorage when e10s is on, only cookies. (Source: "Frequently Asked Questions and Common Problems" at https://addons.mozilla.org/en-US/firefox/addon/self-destruct...)
Along with that, it will still be necessary to fix some browser information leaks that could be used for fingerprinting
If someone is tempted to beat me to it, go for it!
Having multiple container tabs on the same window can be hard to manage & track, at least with the way brave presented it with their numbered session tabs.
This is really annoying when you always use your web browser in private mode, but don't close it regularly. It means that e.g. youtube already builds a profile about me from my previous searches even though I'm not logged in. If I were that concerned I would close Firefox, but the usability issue is just too big for me. Having the best of both worls would be awesome.
Meanwhile, my personal container won't log me with my gmail/work account when I watch cat videos on youtube.
If I used facebook, I'd have a facebook-specific container. Just open a tab in it, and I'm logged in, but no cross-container tracking.
Also, history is retained, and all in one big pool (unlike having actual separate profiles).
1) “Facebook’s intrusion could have easily been blocked, but plaintiffs chose not to do so,”
This seems like a dangerous precedent. So if we can block surveillance attempts and we don't try, then it's our fault?
> “The fact that a user’s web browser automatically sends the same information to both parties does not establish that one party intercepted the user’s communication with the other,”
This makes no sense. Nothing happens "automatically", someone wrote the code for that to happen, in this case, Facebook.
But, at the end of the day it's just an embedded thing in a bunch of websites. I don't see anyone suing Google about AdSense. I mean I despise Facebook, but unless they're doing something more nefarious than getting a GET request on page load, then I'm not sure that I care enough. Get a blocker.
If that isn't already enshrined in case law, hopefully it signals that we will not get laws passed requiring users to allow tracking, and the courts will hopefully invalidate terms and conditions requiring tracking.
Having lived through the rise of DMCA, I live in fear of an emboldened industry getting laws passed that make the use and distribution of blocking software illegal.
The day that happens I'm joining the dark side.
Actually, the problem is [add: after the website is created, and tracking code is put there by someone] that it all happens automatically.
See, there is another perspective into this. Not exactly correct (I admit, there is some stretching and it's not all solid), but just the general idea...
The semi-forgotten term for the browser is user agent. Point is, it really should act on behalf of the user. It's an automation that should be programmed to do what the user wants it to do (browsing the web, displaying the pages, etc), sparing user of mundane choices and gory technical details.
If the agent is configured to willingly accept and execute arbitrary third-party instructions, and provide detailed information - and it can be configured differently - isn't the problem with the agent configuration? If you didn't want that GET request, why agent did it? And it's not that the agent was tricked (hacked) into doing so - all the APIs (cookies, XHR, etc) are well-documented. Sure, there is some shady stuff sometimes going on - like browser fingerprinting, but it's not the core issue.
Maybe we should actually start blaming browser vendors for shipping badly pre-configured software with the defaults that consciously and willingly trade privacy for "not breaking" the web?
Remove the automation and just imagine users themselves would somehow connect to the web, and the site would tell "hey, now go talk to Facebook server and do whatever they say" - and they do. (And this is what actually happens!) Surely, the tracking would be a non-issue.
This.
The writing was on the wall when the conversation became about "balancing" the interests of users and huge content factories. And now web-DRM is a standard.
Fuck that; my computer, my rules.
I had a funny conversation recently with someone who was arguing that I was breaking etiquette, or perhaps an implied contract (it wasn't clear) by messing with cookies. He realized the absurdity about the time I asked if I was ethically obligated to back up and restore the cookies in case of drive failure, but people have some really odd notions about their right to control state on my machine.
In some ways I prefer the black-hat types; at least they're aware that they're working against my interests and don't become indignant when I point it out.
The user agent concept is long dead and buried. Modern web browser is more like a virtual OS, a platform for running arbitrary code loaded from the internet, a hosting environment for temporary lending computing power of user's device and its network access to whomever was able to lure the user to their website.
The website you are visiting has to deploy Facebook's code though. So the website owner has to allow it (assuming the know the implications of what they are doing).
You could assume it but it's not necessary the same people who designed the web page that add those facebok "features". From my impression, often than not you have some "social media marketing expert" that does this. And they do not give a rats ass about any nefarious tracking and will continue to be blissfully ignorant about the users privacy unless it becomes a corporate policy to care about those things.
Do we assume everyone reasonably knows how to block surveillance attempts by Facebook/Google?
Shouldn't privacy be a default right, and that users can opt-in (to be tracked) with their expressed consent instead?
Users can easily block cookies themselves, but that is no excuse for the cookie intrusion, so every single website must display a pop-up warning that it uses cookies.
Imagine that: every single website you visit shows a pop-over or an extra top bar that you have to close. Every website.
That's the online life of the European netizen.
Whether you take reasonable steps to make something private does influence the degree of legal protection it gets.
If I can save your life, but choose not to, it's your fault.
Here's a good demo which uses fingerprinting to show how ineffective incognito mode is: http://www.nothingprivate.ml/
your browser is leaking a lot of data, from the plugins you have installed to the fonts & you need to take initiative to patch the holes
here's a website you may find useful: https://browserleaks.com/
Maybe put it at a tier above private, "ghost" mode.
This BS has gone on too long
https://addons.mozilla.org/en-us/firefox/addon/privacy-badge...
https://chrome.google.com/webstore/detail/privacy-badger/pke...
Do they require that it be from a previously used IP/user-agent or something?
Edit: received FB email about "login from unknown device".
https://fstoppers.com/photojournalistic/supreme-court-rules-...
It's not like people should have exclusivity over who has access to the photons that hit them...
In many, if not most European countries you can get a ticket for not protecting your vehicle. If you leave your car unlocked and someone steals it, it's your fault. Police if have to investigate it etc, but they also give you a ticket, because it not thoughtlessness, they wouldn't have to do it.
Getting a ticket for that does not mean the theft gets blamed solely on the owner so that the thief is not even considered committing a crime. It's just the owner may have violated a law, too. How about you a.) quote those laws, and even assuming you are correct in how you put it, show how b.) one instance of victim blaming would justify another. To me that's like drinking a second bottle of bleach because you already downed one. That runs so much counter my own intuition I'm kind of intrigued.
Block as many ads as you can, in order the starve the best.
After reading that (in 2011) I decided to block all third-party cookies.
[1] https://chrome.google.com/webstore/detail/vanilla-cookie-man...
[2] https://bugs.chromium.org/p/chromium/issues/detail?id=78093
[3] https://bugs.chromium.org/p/chromium/issues/detail?id=589586...
since Chrome is such a memory hog on macs my principal browsers are opera and brave, both of which work very well on my elderly macbook air.
I have no idea if my somewhat paranoid tracking avoidance is effective against FB though. I see that when I go to the log in page in safari that FB knows how many 'posts' I have stacked up to consume (the little Pavlov's dog red circle with a number in it). I'm assuming I'm being tracked despite being logged out...
HTTP requests sent from my browser page when viewing Foo.com to Bar.com have no cookies. Javascript is available to create an explicit pop-up requesting permission to share your cookies with Bar.com.
When I go to Foo.com, my relationship is with Foo.com. I'm okay with being tracked by Foo.com when I'm on Foo.com, but if bar.com is going to track me then I want to be asked.
That said, Foo and Bar could still share information about me directly without going through my browser, but without the cookie feature it would be very hard for Foo and Bar's profiles on the person Pxtl are the same person.
Media did it to itself--it just gave away it's audience for free. No wonder it can't make enough money via advertising.
Yes, you could do that all on the computer itself, no need to run it on the router. I guess the benefit of having it all on a router is that it would be a plug and play solution for the privacy conscious but technically limited individual.
Or are the sneakier ways sites track users something that can get by the OOTB settings?
The judge can rule about lawfulness, otherwise it looks like they are a investigative reporter that just found out about the technical capability to track users in such a way.
One source that "can" is ok here: https://en.oxforddictionaries.com/usage/can-or-may
I didn't realize that this use of "can" is something that would cause confusion. Maybe there's a regional difference? I'm from the western United States.
