Apple has responded with ITP 2.1, though, limiting _all_ (persistent) cookie lifetime to 7 days, although these could probably be accurately re-issued/kept alive in my opinion: https://webkit.org/blog/8613/intelligent-tracking-prevention...
ITP 2.1 also removes support for Do Not Track (as it's not honored anyway).
Apple can afford to be more aggressive, and force features such as ITP 2+, because of their iOS monopoly, and expect webdevs to scramble for fixes, but Mozilla doesn't have such leverage, so they need to avoid breaking the web.
https://www.consumeraffairs.com/news/web-advertisers-attack-...
If Mozilla wants to make a real difference, they'd study uMatrix and figure out how to create UX that would give that degree of flexibility and power to non-technical users.
I don't know if I'm an outlier, but I hate having to resign back into sites I use even semi-regularly unless its for administrative access or purchase confirmation. Regular "auto sign outs" already happens with a few due to a snafu somewhere along the stack, for me The Economist and Foreign Affairs are the major ones where it seems like every time I go back to visit I'm signed out. In contrast sites like HN or Ars seem to never sign me out (or maybe once every few years) and some of the newspapers are once or twice a year. Being signed out creates more friction then I'd have thought before experiencing it often, perhaps amplified since I tend to read on the model of "see a few of interesting stories, open them all in tabs, then go through them" and if signed out I not only need to sign in but every single tab will be "you've reached your article limit please sign in".
I have suspicions about how much it even matters when it comes to tracking for any site I'm actually paying for. I mean, by definition they know who I am, real money is changing hands after all. Within their own site there is no technical measure that can prevent them from seeing what remote resources of theirs I specifically am calling for, it's their resources after all with authentication required. And once they have the info what would prevent them sharing/selling it would be their own interests and the law, not anything from my end. Clearing 1st party cookies smells suspiciously like privacy theater for any site at all that depends on authentication in any significant way.
Is there anything in umatrix to make the switch worthwhile?
So this change should have no effect on you right? You're blocking all cookies? I like that idea, but how many things does it break?
I bet the ad industry wishes they'd played ball, now that browsers are baking tracking protection in.
In January 2019 W3C Tracking Protection Working Group concluded work on Do Not Track standard citing "insufficient deployment of these extensions" and lack of "indications of planned support among user agents, third parties, and the ecosystem at large." In February 2019 Apple Safari 12.1 was released without support for DNT to avoid it being used as a "tracking variable."
Ten years ago it would have been a different matter, but it doesn't seem that far fetched to get do not track to be the legal equivalent of a "no" on those GDPR consent forms, but with no options for dark patterns and no way to re-query on every page load for those who opt-out.
No usage data, devs caring less about firefox, users having more problems when using firefox, less users using firefox, less users having 3rd party trackers blocked, chrome monopoly growing.
There might be some positive press around "the numbers in Analytics do not reflect users on FF"
It's enough that a few large websites provide stats summary for their users. It is not necessary that Google, FB and co. track the entire Internet.
This presupposes that the current tracking (spyware) data is a reasonably accurate representation of reality. This assumption could be tested by comparing the "analytics" data to the server logs. but who wants to use accurate first-party data when delusions about "analytics" can tell you what you want to hear.
And it's nobody's business what I do with the bits after it comes down the pipe anyways.
1) Create a new container
2) Open a new tab with that container
3) Open the website in that container
4) Check "Always open in [container name]"
5) Open a new tab and load that page again.
6) Click "Remember my decision"
7) Click "Open in [container name] Container"
This commonly called the paradox of choice. Satisfaction is often higher when choosing from a limited set of good options than choosing from a large set of options with varying quality.
(YMMV, it is also used as an excuse for being inflexible, or for forcing bad options on users a.l.a. a false dilemma, and to be honest I'm not sure how to tell the difference as an outsider)
If I had to guess it would be UX designers: users are really dumb so lets make sure we make this simple enough.
Of course they don't say these words but sometimes I feel this attitude shines through everywhere :-/
With Temporary Containers, you can easily run one new container per tab. Or one new container per domain or even subdomain within the same tab. Although the latter option will break many sites and the go back button.
https://addons.mozilla.org/en-US/firefox/addon/open-bookmark...
https://addons.mozilla.org/en-US/firefox/addon/switch-contai...
I agree with your point completely though- needs to be a front and center feature.
I'd like to add something else- firefox should ship a 'power user' edition. Comes pre-installed with uBlock origin/uMatrix/temporary containers/sidebar tabs/greasemonkey/Tridactyl (sorry emacs users ;)
If you have Firefox-Sync enabled. You will get all your extensions anyway. so it is a one time setup for all those extensions that you need.
First time hearing Tridactyl! I'm using Vimium. Does it have any advantage over Vimium?
However, I don't know how it'll play out in the long run. FF is already on the radar of ad-driven sites, including those that just need basic unique visitor counters verified by third parties rather than doing evil privacy invasion things. So they could decide to boycot FF alltogether. I hope this isn't going to happen, though. Anyone in the ad-driven content business here to share their opinion? Or should we go back to pixels?
The user's machine presents back to the tracking network the cookie and a bunch of http params to the tracking provider whilst interacting with pages that support the script, which the tracker stores in a database to sell access to.
It gives developers/businesses a way to collect metrics while offloading the trouble of keeping track of and maintaining the infrastructure to do so to someone else.
Firefox will probably be enforcing a cross-origin isolation constraint, requiring that all material be hosted by the domain you're requesting from in the first place, which doesn't really fix the problem since people will probably just try to build ways around the limitation.
Until the industry breaks itself free of it's current fetish for wholesale data collection, it's just going to be an arms race.
Firefox uses the Disconnect blocking list to determine what is tracking, and Disconnect doesn't only filter out cookies.
https://support.mozilla.org/en-US/kb/content-blocking
"Disconnect Private Browsing automatically detects when your browser tries to make a connection to anything other than the site you are visiting. We call these other attempted connections “network requests" https://disconnect.me/help
It could reduce the across-the-entire-web tracking, categorizing and labeling of users, and instead limit analytics to useful things like "what percentage of my users are on mobile".
For some reason, this keeps getting flipped to "on" for me, and I have to keep turning it off, to get images to load correctly in both my RSS reader and via a convenience user script.
At one point someone on HN posted a link to the bug report on mozilla's bug tracker about this issue with retina macbooks. Does anyone have that link? I can't find it.
My main desktop is an ubuntu 16.04 machine with 16GB of memory and I've never had a slowdown, often get upto the 100+ tab range across different windows.
I'm also running 10+ extensions.
Works pretty well for me.
Sometime after awhile the video playback goes wonky though. I end up doing `sudo killall firefox`.
Honestly the two things I've noticed are: - I have to fill out recaptcha. A lot. - I've been applying for jobs, some companies have a button for linked in auto fill. Sometimes this works sometimes it doesn't
Beyond that there's a few other thing like, wikidot, that don't really work. In this case the cookie is given by wikidot for sign in, then you're redirected to the custom url wikidot instance (Scp foundation in this case) and you're just not logged in until you allow cookies in this case.
If so, ad companies should consider some kind of functionality to proxy the advertisements through the partners' websites.
I've seen ublock struggle with Server Side Ads Injection.
Firefox right now has two options related to DNT:
"Send web sites a “Do Not Track” signal that you don’t want to be tracked
(_) Always
(_) Only when Firefox is set to block known trackers"
These two options don't become irrelevant, but the choice related to them does if the default is "block known trackers" (if that is the same as "block all 3rd party trackers by default).
Disable all cookies for iframes? That seems like it would break the internet.
... Yea but that requires the parent frame not to want the tracking to take place right? Why would they put the iframe in sandbox mode if they were trying to track their users?
Today, with Chrome being dominant the situation is different because Google is still innovating Chrome at light speed. The one and only Achilles heel to beat this giant is by attacking their business model, which is to enable ad blocking by default. I expect this is something people want, just like pop-up blockers back in the days. Google will never be able to lead, or even follow in this direction without changing their business model.
Unfortunately, Mozilla’s own business model also heavily relies on selling ads, albeit indirectly. According to this statement from an independent audit report[1]:
"Note 10 - Concentrations of Risk:
Mozilla has entered into contracts with search engine providers for royalties which expire through November 2020. Approximately 93% and 94% of Mozilla’s royalty revenues were derived from these contracts for 2017 and 2016, respectively, with receivables from these contracts representing approximately 75% and 79% of the December 31, 2017 and 2016 outstanding receivables."
In other words, $539 Million, which is 93% of their total revenue, comes from companies that have selling ads as their business model (Baidu, Google, Yahoo and Yandex [2]).
I really hope Mozilla will be able to change this revenue stream to better align with their mission[3]. They have been trying to diversify their revenue since 2014 [4] and although they might not be as dependent on Google as they once were, they're still almost fully dependent on ads.
Oh, and yeah, of course simply making a better browser than Chrome would also help ;)
Background:
* https://www.mozilla.org/en-US/foundation/annualreport/2017/
* https://assets.mozilla.net/annualreport/2017/mozilla-2017-fo...
[1] https://assets.mozilla.net/annualreport/2017/mozilla-fdn-201...
[2] https://wiki.mozilla.org/Global_Search_Strategy_Status
[3] https://www.mozilla.org/en-US/mission/ "An Internet that truly puts people first, where individuals can shape their own experience and are empowered, safe and independent."
[4] https://blog.mozilla.org/advancingcontent/2014/02/11/publish...
Firefox has an opportunity.
Also, ad blocking will start being a problem when enough people start doing it. I still remember the days of no websites yelling at you for blocking their ads. Things are going to get much worse.
It's not breaking the web, it's breaking part of the web's grasp on users. Is the web for people or is it there to use people?
"Ad blocking will start being a problem"
I live in the days where both all ads and all bullshit responses to my adblocker ("don't block my ads!!") are blocked; it's a breeze of fresh air. Sometimes a site tries to get around it and I block it permanently.
The alternative is what we do now: a select group with tech savvy blocks advertisements, and lets the masses pick up the bill by 'accepting' ads and having their every movement online tracked.
There is no magical solution. The alternative is some kind of payment system.
And many people can't afford paying for each site they visit, so it would limit people's access to the net if there were paywalls everywhere.
Also, if sites can't show ads and not enough people subscribes then many sites will close which would lead to further concentration of the web. Small players would be eliminated, big players would still thrive.
Independent journalism would decrease while sites financed by rich companies and people could keep running and promoting the agenda of the rich players.
And I like it. I know it's selfish; I'm just speaking my mind.
Soon, there will be so many people blocking ads that many websites will simply become pay-per-view, and that's going to be bad for me.
It's also worth noting that anecdotically, blocking all third party cookies and running an adblocker has not lead to "breaking the web" in my personal use. I can count any issues I encountered on one hand, and I've run this setup for years. It might me that my internet use is weird (I don't believe so) but it makes me feel the consequences for users for this is overblown.
[1] https://web.archive.org/web/20170421064522/http://www.montul...
Doesn't Safari already do this (or something like this)?
Safari works pretty well on most web sites. So what will Firefox be doing differently that will "break" the web?
How is this “breaking the web”? Honest question, I would not subscribe to that sentiment, but am interested in other points of view.
I recommend updating your adblocker. I haven't seen that kind of crap in ages, because I block that stuff too.
I guess what I'm saying is it would be nice for Mozilla to be a bit more bold in demonstrating this independence from Google. It seems to me they still fear/respect Google more than Facebook.
https://addons.mozilla.org/en-US/firefox/addon/facebook-cont...
https://addons.mozilla.org/en-US/firefox/addon/google-contai...
The fact that I prefer it to Chrome also for convenience and practical reasons helps a lot of course.