I think, and always thought of it as intuitive with the way I use browsers, that sessions should work as a tree. So only child tabs in that tree should see the contents of parent's session. If I open a new tab, it's a new tree. Bookmarks could create permanent root node.
But I never got around to polishing it and making it more accessible.
The thing that really prompted me was peeking at what financial websites were doing, trying to connect to data mining sites like ru4.com and refusing to load if they couldn't connect to facebook.com and twitter.com.
My script also fixes paths in profile folders so that the roboforms extension will still work, because it is the only password manager that I have found that is able to completely automate my logins, despite the best efforts of UX designers.
I also couldn't order food from seamless.com unless I allowed a script on their site to connect to facebook.com. So, now seamless.com gets its own empty sandbox.
And because you're using your filesystem to store a browser profile, you can have specific extensions or settings for each profile.
So whenever I want to do financial stuff, it just connects over an autossh tunnel to my home, so it will never trigger any any stupid re-authentications when I'm connecting from a cellphone or work.
That's awesome, thanks. I've tried the Tree Style Tabs in the past, it made a lot of sense to me, but unfortunately I had other issues with FF back then. Now with the containers support there's more incentive to try it again.
The problem with this (and the reason browsers don't already do things this way) is that it breaks Single Sign-On flows like OAuth.
When your browser redirects a tab from example.com to accounts.google.com to do an OAuth login, the Google OAuth login cookie that gets set by accounts.google.com under that tab, needs to also be visible later on to any other tab whose "root node" navigates to accounts.google.com.
Maybe you can make an exception for just SSO providers—but won't other nefarious uses (e.g. analytics providers) then just pretend to be SSO flows?
And maybe you can just whitelist the existing SSO providers—but that's an instant oligopoly.
You're thinking of consumer SSO. There's also enterprise SSO. Per-tab cookie isolation would break pretty much every bigcorp's Intranet, because they're composed of a bunch of different services that all rely on a centralized IAM provider.
(Mind you, Google themselves are working to move enterprises away from this model, with their https://cloud.google.com/beyondcorp/ effort avoiding the "Intranet as a bunch of services on separate internal domains" model, in favor of a "Intranet as a bunch of services all living under smart proxies that make them look like one domain and handle IAM for you" model. But enterprises would need to move first, before complete tab isolation could be workable for them.)
There's also even-more-enterprise SSO, i.e. SAML and its "using your bank as an SSO provider to prove your identity to government services" use-cases. This actually isn't SSO at all—there are more identity providers than there are services. The point here is to federate proofs-of-identity by allowing many different (whitelisted) agencies to vouch for your identity, so that the government doesn't need to issue you some centralized proof-of-identity. This would also break under complete tab isolation, and I don't think there's any good replacement in this case.
this is an ideal example of "you know you need this, whitelist it" vs "this is always allowed". sites will definitely start messaging "whitelist or follow link from X" if default-block becomes popular, so I don't really think it'll break anything, tho it might be a bit more annoying.
(personally I get a small hit of joy every time I hit a site that is caught and blocked trying to do things it shouldn't, and vow never to return. it's better than it happening without knowing.)
How do you suggest enabling these use-cases for users that want them, on top of a browser that isolates tabs by default, without requiring any technical aptitude of the user to understand what a "cookie" is (which would normally suggest "have a UX flow for it") but while preventing arbitrary websites from triggering such a flow and thereby tricking these non-technical users into enabling the site to track them?
It's not like the problem is impossible; nobody is saying that. My point is that the solution is non-obvious to the point that nobody has solved it yet, despite likely man-years being put into trying. Firefox Containers are the best UX we've come up with so far to kinda-sorta solve the problem. Do you have any better idea?
If I understand you correctly, Safari does this on both iOS and macOS.
If you click a link that opens a new tab and swipe back from that new tab, Safari closes the new tab and shows you the previous tab.
I’m not exactly sure of the behavior when you open a new tab, then go to another tab, then back to the tab that was opened and then swipe back, though.
Safari for iOS has kind of a "grace period" where the back gestures do work from the new tab. But I think this is more to aid the confusion for people who don't understand that a new tab has even been created.
If you switch tabs, or close the app, or do anything other than somewhat immediately go back, that back history is lost. And if you do use the shortcut to go back, the new tab is destroyed. There's no ability to open a bunch of tabs and then in each of them independently navigate back to the parent.
People who are aware of how pervasive tracking is wouldn't mind much indeed. The average user would be _infuriated_ of having to login every time they open a tab.
That's where LastPass, et. al. come to the rescue. Minimizes the annoyance of multiple logins, while increasing overall security if they didn't already use a password manager.
There's only so long that all those angry, multi-tabbing, somehow-simultaneously-both-ignorant-and-power users will be infuriated at every single website before they forget it ever wasn't like that.
From a UX perspective, that sounds confusing to me. How do you know which subtree from 2 weeks ago each tab is from? It might be an alright tradeoff for 'power' users though
Containers are a feature built into Firefox. There are extensions that let you use them more generally with any given website. It's also quite useful to log into websites with multiple accounts at the same time.
However, to prevent tracking I mostly use CookieAutoDelete [0] which only stores Cookies for sites that I have whitelisted after the tab is closed. It's really just a handful of sites I visit frequently and don't want to log in every time. Cookies aren't required for anything else.
Also, not having a Google account comes in handy to prevent tracking by Google. My default search engine is DuckDuckGo.
>to prevent tracking I mostly use CookieAutoDelete
Removing cookies will not prevent anyone from tracking.
Simple example: I once visited an online shop from browser profile in which I never logged into Facebook. Few hours later I switched to another browser profile, used exclusively for Facebook, and I got an ad on my timeline from said online shop, for the exact product I was looking for earlier in another browser profile. Facebook associated my two browsing personas without cookies, most likely using a combination of my browser's request headers and IP address. Not to mention that JavaScript (if enabled) provides additional and extremely detailed fingerprinting capabilities.
In my experience, Google seems to have a better track record in terms of respecting cookies (or lack thereof) as the main carrier of online privacy management. But I think it's just an illusion. They're just obscuring it to not freak people out too much the way like Facebook does. The information is still there. They have it, from analytics, fonts, reCaptcha and all other means of their creep.
To prevent tracking, you need to have a full control over information you send to the internet, including browser request headers, IP address, behavior patterns of web browser, and so on. Cookie management alone is just a fallacy and gives a false feeling of control over privacy.
This is also why I consider those "privacy containers" broken by design. They just operate on cookies and don't contain anything besides cookies. I would even consider them harmful because of their misleading nature.
> This is also why I consider those "privacy containers" broken by design. They just operate on cookies and don't contain anything besides cookies. I would even consider them harmful because of their misleading nature.
Privacy containers could do more interesting things like:
- Connect through a VPN/proxy, so IP address changes all the time.
- Change browser characteristics (screen size, available fonts, user agent string, etc) to fool the fingerprint. I suppose that fingerprints are hashes, so you only have to corrupt one ingredient of the hash to make the fingerprint unusable.
Fingerprints are not necessarily hashes, they can also be done as a collection of datapoints that combine into a probability. Here is a POC of this type of technique:
This doesn't deserve to be downvoted. The quickest way to combat fingerprinting is to hide in the crowd, which has value without requiring buy-in from other users; randomization as fingerprint deterrence only works once you have a critical mass of people using it.
Or if you actually randomise it, meaning "different output every time it's accessed", not "randomly set once, now it's hardcoded until you close the browser".
This is what Tor does, I believe. The problem with spoofing the fingerprint is that all the features that allow you to be fingerprinted are features that are in use by some site or another, so it would break compatibility.
So long as the client runtime can inspect the host, inferring the fingerprint, and call back to the mothership, there's no foolproof, durable way to defeat fingerprinting.
At best, fudging the fingerprint just buys some time in the arms race.
The problem is that a 'browser fingerprint' is not some function call that can have its result be spoofed. There isn't even a single specification for what constitutes a browser 'fingerprint'
It is simply a series of attributes that are tested and compiled. Attributes that are consistent for a single browser but have some degree of variation between different computers.
Put enough of those together and you can uniquely identify someone. The exact things that are checked, however, will vary between implementations, and can always be changed in the future, so there isn't an easy way to spoof all of them to be identical.
In addition, many of these attributes that are tested need to return accurate results for normal functionality to work, so you are again limited in what you can fudge to avoid fingerprinting.
That's not a problem. Make those things normally untestable, and sites will by definition work normally without accurate information about those attributes.
It advertises itself as "prevent Google from tracking you around the web", which I consider a false and misleading statement. It doesn't prevent it. It is not "not perfect", it is not even far from perfect.
I think it is very important to make Internet users aware that cookies are the red herring in all privacy issues that are plaguing the World Wide Web. Cookie feature in modern browsers is just a tiny puzzle piece in a larger picture, consisting of wide range of entry points used for collecting data. It includes invasive JavaScript fingerprinting that can easily extract a list of installed fonts, local IP address and list of media devices from WebRTC, device capabilities, WebGL/Canvas fingerprinting, content filter list detection and much much more. Even with JS disabled most browsers share so much explicit information that is enough for precise identification without the use of cookies.
Is it impossible? For 99.99% of Internet users it requires so much hoops to hop through it might as well be impossible. However, I believe that awareness could slow down this privacy decline. I hope users will finally start demanding more native privacy controls in their browsers. Native JavaScript filter in Firefox would be a good place to start.
They aren’t impossible steps, just get virtualbox for sites you don’t want tracking you. Unless they can break out of the VM they can’t fingerprint the hardware even if JavaScript is enabled
How exactly would you use the attributes of a VM for tracking? You can have a separate one for fb and for google. All they are going to be able to track is what you want them to know
ReCaptchas, the inability to post to many sites because tor ip addresses have been blacklisted, latency, etc. It’s better than nothing but like many solutions it doesn’t really seem to address the underlying problem.
Anyway the very idea that people are making money from me keeps me up at night so I use FF with a bunch of privacy aiding extensions. The war to fingerprint users is endless though. Ad tech is a billion dollar industry.
You could use separate profiles on Firefox (which I do, I have half a dozen) and in each profile set up different browser headers. Everything coming from the same IP address would still be an issue, but I doubt that trackers rely on that alone as it's too coarse. Families will easily have 6 - 12 devices for several different people in the home all NATed through the same ISP IP address. You could use proxies if you're really worried about it.
My project does that.[1] Since each profile has its own profile.js and extensions. One application is that I hate triggering financial portals to re-authenticate. So all of my finance happens from my home IP, no matter where I am. And instead of a heavy VPN, it is just an ssh tunnel. When I was in university, my school browser profile always routed through my school proxy. If I start using facebook again, I will use Facebook's TOR public gateway, but only for the Facebook profile.
Device fingerprinting (and cache attacks) could still connect the different profiles unless you change more parameters than just headers. Or disable javascript for some or all the profiles.
Like I mentioned in parent comment, my project has had a lot of success with that. I know I was able to fool the Evercookie[1]. I can even have different profiles have different browser engines if I want. They each use individual prefs.js files.
I think you are right that fingerprinting is much better at tracking than just cookies. And that it has become trivial to do.
I think that your comment makes it seem trivial to control fingerprinting by controlling the information you send over the internet. While I suppose it is true that you can prevent fingerprinting by not allowing data transmission, this will also make the intenet and especially the www unusable.
Masking your IP address would require access to multiple IP pools, which is cost prohibitive. Alternatively, you could use some centralized proxy, which just changes who controls the information about you, but perhaps in even a more scary way.
Obscuring your screen size breaks responsive web design. Obscuring your browser still breaks a lot of everything even in 2018. Chrome vs Firefox vs Edge vs Safari still don't have the same web api. Disabling Javascript breaks most websites. Disabling XHR/fetch also breaks a great deal.
I mostly use the phone for browsing the internet and I couldn't find the container feature on FF for Android so what I did was refused to store cookies on FF & began using Chrome for logins
That way, my identity is disassociates, hopefully. All logins are on chrome which are used minimally and all browsing is on FF with no track on, cookies blocked etc
Indeed. Your unique fingerprint is your account. Even with Facebook. Being logged in just syncs your fingerprint better, possibly your multiple fingerprints.
I also find CookieAutoDelete invaluable, particularly in combination with "I don't care about cookies" extension which removes almost all of the cookie warning dialogs which you would get otherwise. Web is usable again :)
- set it to delete all local data for all domains, 15 seconds after its last tab is closed
- create a Firefox container for untrusted apps you can't get rid of (e.g Gmail, Facebook) and set these domains to open in this "untrusted" container by default
- set Cookie Auto-Delete not to delete the data for this particular container
- whitelist the few domains you trust so that you can keep their sessions open in the Default container
Result: No need to use a secondary browser or to install special "Google/Facebook/etc Containers for Firefox". You always browse the Web incognito by default! Only when you visit some particular webpages do you enter a custom container that keep your personal data separate from other activities.
This has worked nicely for 2+ years, with other essential extensions such as uBlock Origin, Privacy Badger, HTTPS Everywhere and Decentraleyes.
I ended up using the exact same solution! The only annoying thing is that I want "untrusted apps" to open external links in a new DEFAULT tab so that I don't carry over the whitelisted cookies but that requires manual "right click > open in" with the default setup.
That doesn't prevent shit. These companies have invested far more man power to track you than you have to protect yourself. They can use a variety of methods to still track you. And they will. Think IP address based tracking.
Note: none of this prevents tracking unless you also have fingerprinting turned off, which makes things a whole lot less useful. For example, if you like Date.now() to be reliable, and you want to about:config your way to locking down finger printing: too bad. It's one or the other.
Yeah except in this case Google is the enemy of even the moderately useful. Find any website you like. Odds are it uses google analytics and/or google ads, and good news: that website absolutely uses fingerprinting, even if they didn't implement it "themselves".
The only thing that's annoying is that with GDPR I have to do 3 clicks on every website. What I want is an addon where I can mute / suppress the cookie overlay.
Though I guess with this setup I can do "accept cookies" knowing that they will shortly be deleted.
ublock Origin does it. You can subscribe to filter lists like "Fanboy’s Cookiemonster". And you can manually remove annoying elements (e.g overlay, banners, etc).
Anonymity will always be greater than privacy. What I'm saying is that there should be a focus on being anonymous without a care (almost) of what you're doing.
I just think it's a futile kind of paranoia. Your anomalous behavior puts you on some list. Writing about it here puts you on some list. As every admin knows so well, spying on user data is much too easy for that not being done all over. We'd need to tear down large scale digital infrastructure to make even a dent into the problem of massive abuse potential. Deleting cookies is cope.
Depending on the context, platform, and data, de-anonymization is almost trivial to perform. Worse, someone can replicate your patterns and masquerade as you (thinking about that "lodestar" opinion where people were debating whether it was Pence or not).
This is probably a good idea in theory. In practice, it might lower your internal ReCAPTCHA score and end up prompting you more actual CAPTCHAs, possibly up to unsolvable[1] ones.
... a tarpit nominally designed for bot detection and anti-spam. I'm sure the patent wasn't created with sinister motives but it somehow enforced a system in which you have to either accept full surveillance or end up being increasingly excluded from the socioeconomic sphere. This is the danger of solving the human factor with pure technological means - it doesn't really solve it, instead the human conflict is transported into a more radical one.
what worries me about patent abolishment is the contracts employees would have to sign to work places. It would make career maneuverability absolutely brutal if every single thing was a trade secret.
When using Tor Browser I often get (Google) Captchas on all sorts of websites, before I'm even allowed to load the page. (I think it's integrated into CloudFlare's DDoS protection?)
These are typically pretty straightforward (although tedious) but on some Tor circuits it just never lets me through: the endless "Please try again".
That is to say, if Google's Catcha bot does not like you[r IP], many other parts of the internet stop working, too.
I don’t think you need to worry about that. In my experience, unless your IP has really bad reputation (think tor exit nodes), a normal browser with a fresh profile will get an easy captcha (2-3 pictures at most).
anecdotally: i run a fairly fingerprint-resilient browser setup (using firefox containers plus additional measures) and, while i am asked for full CAPTCHAs every single time, i haven't yet noticed them increasing in difficulty.
Isn't it possible to have a "per TLD" container addon? I'm fine to be logged into Google and even have Google collect information when I'm using any of their services (same for Facebook). What I'm really after is a way to sandbox every site to only have information I explicitly grant it while using their service.
I've been using first party isolation ever since it was ported from Tor. It's excellent, but be aware that it breaks stuff, usually JavaScript, on about 5% of websites (anecdata). I find this to be well worth it, especially to find out which sites do the worst tracking.
I have a separate Firefox profile I use for rare occasions when I need to allow third party tracking in order to do something.
Google has... literally hundreds of domains. Just assuming *.google.com would miss things like googleusercontent.com or googleapis.com or doubleclick.net. The Facebook container basically grabs "all domains by Facebook" and sandboxes them together (so they can still interoperate amongst themselves), while isolating it off from other sites you visit.
Sure, you could do a lot of this yourself with different browsers/browser profiles/containers, but it'd be far better to have someone provide that list as a prebuilt addon.
To trigger the switch to a container, only the user-visible URL in the address bar is relevant. Other URLs for resources on the page do not matter at all, as they will only be loaded after you are already in the corresponding container.
I would say it's both a blessing and a curse. Yes, it makes it harder for first party isolation scripts to sandbox a service, but the separation of domain based on the service (doubleclick for ads, googlevideo.com for video, etc) makes it easier for ad/content blocker list maintainers to block only the domains and services it should be blocking.
So when a site relies on resources from ytimg.com, are those ads or videos? What about ggpht.com, gstatic.com, branch.io, unpkg.com, or any of the hundreds of CDNs?
Most sites I visit these days--even super common sites like medium.com--have dozens (or even the hundreds alluded to above) of dependencies from seemingly unrelated sites. I have no idea if those are CDNs for common js libs, analytics libs, spammer libs, tracking libs, or what. I recognize things like CDN links for jQuery, Bootstrap, React, etc. I see many that seem to be Facebook tracking.
Of course, blocking many of these breaks the page. I have started to avoid sites that break without access to urls I can't identify. But this is both laborious to vet, and isolating.
There is no longer such a thing as easy, anonymous, inclusive web browsing.
Yes, but they are supposed to be using subdomains for that (e.g. usercontent.google.com, video.google.com, apis.google.com, ...), instead of what is essentially DNS spam (guesswhetherthisdomainalsobelongstogoogle.com).
I was told this may have been because older browsers limited the number of simultaneous connections to a domain name and you could work around it by having multiple domain names.
In order to use this supposed privacy-enhancing feature, you must allow the authors of this extension total control over everything you do on the web. Add-ons are automatically updated in Firefox by default, so you can review this code now and it will change later. This seems like a poor trade.
...Or, you can use "Firefox Multi-Account containers" by Mozilla. [0]
This is what I use. I have everything that I log into google for in one container, social media in a second, and everything else is nicely sand-boxed away from those horrors.
It bothers me that they for some reason doesn't support containers in private windows. I guess a substitute could be to wipe the firefox profile on start or something but haven't attempted that route yet.
Is anyone else bothered by Google Chrome's new attempt to suggest long and complicated passwords when you create an account anywhere? Sure this is a nice bonus for security, but it also means that you can't log into websites anymore unless you're using chrome signed into your Google account.
I think I understand what you're saying. It almost sounds like you're privacy conscious but not security conscious, but I don't think that was intentional.
Personally, if I was dealing with someone who wasn't already using strong unique passwords for everything, and didn't want the burden of having a password manager, I would absolutely recommend relying on Chrome's built in password manager and having to be signed in to Chrome everywhere. This might actually be one of the use-cases that triggered the 'auto sign into Chrome when you sign into a Google product in a tab' feature, which didn't go down very well in some circles.
I believe (re)using relatively weak passwords on multiple sites is a bigger risk to privacy than Google tracking every page I visit. I would assume they track every page I visit regardless of whether I'm signed in to Chrome or not.
EDIT: Note that I'm assuming this feature in Chrome is similar to the feature in Safari, where Safari suggests strong passwords, but this doesn't prevent those passwords from being stored in your password manager of choice.
No, I don't think you're understanding my concern, it doesn't relate to security at all, it touches on privacy, but it's more about monopoly control.
If you start using Google's password manager with their auto-suggested long complex passwords, there is no way you can remember the passwords yourself. You'll need to be logged into Google Chrome to have access to the password. Therefore, you'll need to be logged into Google Chrome to log into any website. Currently, there is not way to export passwords from one browser to another, so if all your long complex random passwords are in Chrome, as a practical matter, you won't be able to use Firefox, Safari, or Internet Explorer, you'll be required to use Chrome.
The apprehension over the feature is not about security at all (in fact, this system is likely more secure). It's about control. If you allow Google to manage all of your passwords, then you'll need Google to do anything.
But does it restrict your ability to also save those passwords into an external password manager?
Per my previous, Safari has a similar feature, which streamlines the process of generating secure passwords without needing to switch to the password manager to generate the password, and upon submission, it gets stored in the keychain, and also pops up the ability to store into 1Password via the usual extension.
Sure, all those passwords in the keychain are locked to Safari only, so Chrome, Firefox, etc are unable to access them, but that's what external password managers are for.
> But does it restrict your ability to also save those passwords into an external password manager?
It absolutely nudges people away from password managers and on to Chrome. You now you have two options... (1) get a password manager on all of your devices that properly syncs with Chrome; or (2) only use chrome on your devices.
Many people are going to choose option #2. This will lead to more people relying on Google Chrome and Google Accounts, and will now you'll need to be logged into Chrome to log into any other site. It's a way for Google to become requisite, and add more power when they already have so much.
I don't quit my browser for weeks at a time (basically the only thing I restart the browser if for updates) so I'd like much more control than what private mode offers - which is just a session where everything is shared until you close it.
I've been using the Temporary Container addon for this purpose. It allows you to specify that any link will automatically open into a new container, fully isolated from previous sites, with more rules so that sites like reddit work without logging you out all the time.
Coupled with clearing history, this should be fairly close to a much more stricter private mode.
Profiles provide isolation at the browser level, containers at the origin/domain level. Different profiles are essentially different browser installations that share nothing more than core browser code: extensions, settings, and even looks. It can get tedious to have to replicate one's browser customisations in every profile. Containers bring convenience.
I never made a separate browser profile for Facebook, but the moment Firefox's Containerisation was available in Test Pilot, I made a container for all things Facebook.
Depends on if you prefer separate windows or just separate tabs. I prefer having a single window and I've become so used to containers that using Private Browsing feels weird because I can't move those tabs into the main window.
I think Mozilla does a basic review. Not perfect but good enough. The extensions situation has gotten bad enough that I'd support Mozilla having an "approved extensions" section where you pay to have yours reviewed and approved.
The fact that Stylish managed to remain—and be featured, even—on both the Mozilla and Chrome catalogs for close to two years as it tracked user's browsing history says to me that there must be certain level of trust for pre-reviewed addons.
The mozilla add-ons site actually rejected the version with tracking (the post acquisition one) for some years due to the tracking and still featured the old version without tracking. Chrome's webstore version did have the tracking, tho.
Now in the era of WebExtensions (which are SOOO much more secure!!!) it seems they finally approved a version published by those bad actors. No idea tho if and what tracking is in there and if mozilla stuck to their guns and made them remove tracking or not.
> The mozilla add-ons site actually rejected the version with tracking (the post acquisition one) for some years due to the tracking and still featured the old version without tracking.
Is there a source you're using for this info? As I visited a couple times during that period (including mid this year) and saved a personal copy of the Versions URL which listed multiple versions post acquisition available [1].
[1] Specifically: 2.1.1 (2017-10-31), 3.0.1 (2017-11-10), and 3.1.1 (2018-05-23).
While I agree with you and wouldn't use it myself, it is relevant that Firefox uses human reviewers for their add-ons. So with every update someone will look at what changed and judge if it is benign.
When I submitted my webextension-based extension, there was an automatic review followed by a human review. But obviously it's unclear what the quality of that review was and I'm not sure whether any update triggers another round of reviews.
I know that at least for decentraleyes, the human reviewers have a script to check all the checksums of the included libraries after updates get submitted.
Yes. That's why Apple moved from JS based extentions to Content Blockers model. App provides a complex list of blocked resources to Safari, and have no access to actual browser content.
On iOS, install Firefox Focus, and in Safari settings enable FF provided Content Blocker.
To be fair, I can't see any way for this to work without giving them control of the browser. Even with a TLD limited extension, the extension would need permission to access your browser window and giving it permission to do that would give it permission for any TLD.
I use the brave browser which is based on chromium, blocks ads, trackers, has tor private tabs and soon will pay you for seeing ads which you can then use pay BAT to the websites you want to support.
I mean, you don't. You have to trust the maintainers of the software you use, to a certain degree, or spend a majority of your time auditing the software you use.
That being said, Brave is pretty upfront about the security of their software. They've paid $25k in bug/security bounties so far and their browser is open source. So if an update turns evil, it stands to reason that someone is going to notice.
Feel free to read the source code (the entire thing is 400 lines) and disable extension auto updates. Or sideload the addon from the github repo so there's no way for it to auto update in the first place.
I agree. I have no idea who the author is and, while they may well have the best of motives, that's not a basis for trust.
FF extensions just have too much power and too little end-user control. At a minimum I'd like to be able to selectively disable them in private browsing mode, as Chrome allows.
That was my usual extension management method for chrome, but sadly each time I tried that on firefox, it didn't fly (IIRC, you _can_ load extension from your local FS, but they only lives for the time of the session).
By the way, if someone from firefox team is reading this : I would _really_ love to be able to just load directories from my FS as extensions rather than having to trust someone on the internet that it does what it says it does. I love building extensions myself, but I just don't install extensions from the web anymore because I don't know what's in there (note that referring to a github repos is not enough : I have no guarantee the content of the extension is the same).
An isolation policy will let you treat subdomain different from main domain. So I can use mail.google.com and still always be logged in, while a search from address bar or elsewhere will open in a temporary container that lasts only as long as the browser tab.
The persistent "Google" container I have has domains mail.google.com, accounts.google.com, and myaccount.google.com.. everything else loads in temporary containers.
Combine with this to remove the link stubs on SERP so you're not sending back click data if there's a shadow profile based on IP and browser metrics.. so shadow profile only knows what you searched and not necessarily what you clicked, and its cleaner for container assignment when opening links in new tabs because there's no brief hop to the same temp container google search loads in before going on to a separate temporary container for the target site:
The Firefox Multi-Account Containers is a more general extension that allows you to create containers and determine which sites open in each container. This extension can be customized to suit your needs for multiple sites and multiple logins but takes more time to set up than Google Container.
Exactly. It's easy to tell a privacy-unsavvy person to install this and the Facebook-only container rather than explaining how to containerize and set up all the specific URLs and what the broader concept means. The multi-account container is pretty cumbersome to set up despite being easy.
The facebook-only container is really slick. If you go to facebook.com or instagram.com it'll replace the current tab with a FB container automatically.
It serves different purpose. These Facebook/Google containers are for automatic isolation. The Multi-Account Containers is for creating and managing containers.
I've been using MAC for a week, and just added this extension. It immediately shows up in the MAC as an option. SO (I assume) it's no better than just creating a MAC 'google' container. Just easier.
I'd been using a 'sketchy' container for YTube, but dropped YTube into this. Thereby isolating (I think) YTube from the other 'sketchy' sites I may visit. As for Google ... long-ago blocked it and FB on the network level. Chopping off -some- of the octopus' tentacles.
This is a cool idea for an add-on, I use the Multi-Account Containers add on along with Cookie AutoDelete to do basically the same thing for a number of sites: Google, Facebook, twitter, linkedin (rot in hell, linkedin), amazon, etc. I like having my cookies there so I don't have to log in every time, but also don't want to be tracked around the web.
This looks like a great way to help people who don't want to fiddle with settings to get the same sort of protection. It'd be nice if Multi-Account Containers had an option to add these sites. I should cut a PR for that, probably :\
I tried using Multi-Account Containers because I loved the idea but found the user interface rather clunkier and more manual than I hoped.
What I really want is for it to be optimised for the common use case with each domain automatically put in its own container, with some whitelisting of common grouped services (e.g. MS and Xbox Live, Facebook and Instagram).
It's very rare that I actually want to share any cookie info between sites as most of it is tracking. In the rare situation you do, the browser could let you disable containers or add them to a group.
I'd also like something that automatically opts out of tracking preferences, as well as something that periodically deletes cookies/localstorage (say every 14 days).
I use the Temporary Containers extension and it does much of what you're looking for. I have it set up so every tab is opened in a new container and the container gets deleted when the tab closes. So everything is kept separate from everything else.
I use this as well. You don't need a site specific addon with this. It's actually useful for separating my different google accounts as well. I'd love an extension that makes all tabs in the a particular container private. That way, any kind of tracking would be opt in by assigning it a non private container and limited to that container.
I'm still waiting for bookmarks with the target container baked in. I also use separate containers for three different Google accounts, but opening a bookmark to a Google drive document or file is annoying, because I always have to open a specific container for that Google account tab first so the document access attempt is from the right account.
I definitely want this, but the only reason I use Facebook Container is because it's an official Mozilla addon. I encouraged Mozilla to pursue a Google version, but it seems like they've declined for now, and were just looking to capitalize on the press wave about Facebook.
I'm curious, why not just use Firefox Multi-Account Container[1] and setup Facebook and Google to open in its own container[3]?
The way I see Facebook Container (as an outside who have been using Multi-Account Container for a while) is that it tried to ride on the Delete Facebook wave few months ago to make people aware of Multi-Account Container functionality, so these Google Container/Reddit Container/etc. always seems weird to me.
Facebook container has tha two main benefits over multi-account containers, which is that it requires zero setup, and that when you click a link on Facebook it drops out of the container.
As a workaround for your second point, it is possible to right-click a link and use "Open Link in New Container Tab » No Container". Still a workaround though.
$539m of their $562m revenue last year came from "royalty deals" like Google. They don't break out specifics, but I'd guess Google is a significant contributor.
How can I be sure that with all these tools I have really avoided tracking?
I have PiHole/VPN/privacy browser extensions installed. Javascript is disabled for the majority of the sites. LittleSnitch supposedly takes care of the chatty non-browser programs. All my 3G/4G data goes through PiHole. I have only a selected few apps installed on my phone.
Paranoia? Yes. Do I have the piece of mind? No. I just simply cannot stay 24/7 on Wireshark examininig every outgoing packet.
Unless the legislation changes for good I really don't see how this mess can be tackled.
For everyone not knowing why you would use this extension, it is so the container breaks after Google. Say you Google spaghetti, after you click you defined food.com to be a food container, with this extension it will break out of Google container into food container. It is pretty great except it creates two tabs for me and breaks history. If that could be fixed or would be flawless.
You can conveniently audit the source code of (the current version of) an add-on by installing the “Extension source viewer” add-on (https://addons.mozilla.org/en-US/firefox/addon/crxviewer/) and then visiting the page of the add-on to inspect. I haven’t read through all the code of Google Container, but it only has 31 lines of JSON and 422 lines of JavaScript – smaller than most add-ons.
I'm probably in a minority around these here parts but... Am I the only one who doesn't worry too much about all this "tracking"?
Trying to avoid tracking is like some weird obsession/hobby. You go to all these lengths and then you realise they were tracking you anyway, so you throw your arms up in disgust, exclaiming how evil they are and start trying to block that vector, soon enough rinse and repeat. I was there too only a few years ago but I've since given up and my life has gotten measurably better because of it - I no longer feel like I'm trying to "stick it to the man", I don't have to integrate a bunch of different services in an attempt to keep x and y in separate products to reduce my "awareness surface area" to any one company. I just stopped worrying so much. Simple as that. And I'm really not convinced some evil affliction is going to strike me down as a result. Next time you find yourself wasting hours of your time trying to make yourself "private" just think of all the other fun stuff you could be doing.
But if you want best bang for minute spent worrying privacy: Use Incognito, uBlock, Proton Mail and a VPN. 20 minutes of your life and you're pretty darn private. This should cover you without labouring over choices of extensions etc.
You now have accepted a fundamentally different world where anything you like, anything you say, anyone you are with or hope to be with, anything you hope to do, have done, didn't do, every mistake or misstep or misstatement or misunderstanding or fuckup, is recorded, analyzed, classified, and mined. You're being constantly thought about, by the machines, who, if you are lucky, are only interested in making a buck off you, and if you are not lucky, have targeted you for increased scrutiny, security checks, auditing, social classification, digitized karma, and eventually, all of this will translate to a significantly different experience through life. How will it manifest? Maybe it'll be something big like being denied a loan for a car or a house. Maybe it'll be a landlord turning you down for an apartment. Maybe it'll be a constant drip of ads trying to trick you into buying something. Or maybe one day beaker53 will say something bad about the government, or get involved with a terror group, or it will accidentally look like you got involved with a terror group. Or maybe they'll just come annoy you while you're sitting down to tune your guitar with an ad on how to make yourself a better guitar player, if only you did this or that or the other thing. Or maybe they'll pester you because your friends did something or didn't do something or should do something, or how you'll look better in relation to them if you did do something.
Speak for yourself. I'm sick of being watched and being "thought about" by all these damn machines. FFS leave me alone, like it was just 15 years ago. Just 15 years ago.
This is not really an acceptable attitude towards this opinion. You can not mind the current state of tracking, acknowledge benefits, etc and should not be demonized or told your opinion was beat into you. And then congratulate them some rude way?
I used to wonder why so many people were surprised at recent presidential election results, assumed propaganda must be the cause, assumed ignorance of those they don't understand, take elitist attitudes towards others' preferences, etc. But now I'm starting to understand this cognitive dissonance. It's ok that they don't see tracking as a big deal, it's ok they don't want governments to step in, they aren't just dumb victims beat into submission.
I hope I wasn't rude, I didn't downvote the OP or anything, so I don't think I crossed any lines. Generally speaking opinions that are "meh, status quo seems fine to me" are poorly informed. I don't want to personally attack the OP but they literally stated that they don't want to think about this and would rather spend time doing something more fun. Fine, go ahead, but the rest of us who actually think about the implications of this recognize that a very gradual but very profound shift in society has already occurred. We're not discussing it, frankly, because people are generally passive and some, like the poster, express a pretty dangerous lack of concern. Not only that, but the OP literally said it was a "weird obsession" to be concerned with privacy. That is actually demonization, and it raised my hackles.
> "meh, status quo seems fine to me" are poorly informed
Personally, I feel the status quo is preferred over alternatives, but to each their own. Whether someone is poorly informed on a subject or not is hard to gauge and not always something that has to be fixed. The problem here is that ignorance is used as a reason to protect people from themselves forcefully thereby silencing the informed-yet-disagreeing (emphasis on "here" in this situation at this time, can't make generic absolute statements about consumer protection in general).
> We're not discussing it, frankly, because people are generally passive and some, like the poster, express a pretty dangerous lack of concern.
I see quite the opposite. Can't open any newspaper or obtain any general news without the ills of big-web-tech shoved in your face. The harms are explained as extreme but to many, regardless of what the pitchfork bearers shout, the harms are not that extreme. What's dangerous is over concern and the results of that fervor. But all of that is personal opinion, the good part is the freedom to hold that opinion and act on it personally without imposing.
P.S. I reject the assertion that being concerned about privacy is some kind of "weird obsession/hobby". It is, or was rather, the default state of life to not be watched constantly not long ago. This new thing of having to fight for basic privacy is the alien thing. You aren't obligated to think about it 24/7, and kudos to you (or something) for going and having fun while not worrying about it. But make no mistake, society has been radically altered while you were sleeping.
I think there is room for nuance between 'concern' about privacy and 'absolute dedication' to privacy, and the tone of your opinion ignores it. You make good points, but I would hope for some critical reading of the original poster's argument.
Data never being completely deleted, and the unending tracking being a slow sort of death of personal freedom is a good point, but I read the point of the poster you responded to as this: We can only do so much to secure our privacy, do effective and easy to implement solutions. If we want absolute privacy, its probably never possible until you cut out massive parts the digital world for yourself, and diminishing returns for your efforts most likely aren't worth it.
Yeah you were still being tracked. It's just a lot easier and more specific now. But everything about you that's public record, or even semi-public, including your credit reports, housing history, leins/judgments, voter registration, bio/demo data from any product registration card you ever sent in, purchase history from credit cards, etc. was in marketing databases and bought, sold, and traded. This has been going on since the 1970s at least.
But you're right, it's MUCH more pervasive now.
However, if you really yearn for what it was like 15 - 20 years ago, there's an easy solution: Don't be online. At all. Just like it was then.
The video portrays a future advanced home speaker which terrorizes its family through ads, AI, and "helpfulness" through data mining and the occasional benign hacking of remote systems.
If that's your angle, remember that that nonsense included explicitly the suggestion that one problem with tracking might be when you "get involved with a terror group", along with other drivel about "digitized karma" and unwanted ads. If you don't want ads, run an adblocker. That's literally what they're for.
Protecting your privacy is much like security, in the sense that it's not a black or white issue.
Having a lock on your door won't stop professional burglars, but it implies effort and isn't the same as leaving your front door wide open, which also invites passerbys.
Protecting your privacy actually has a non-negligible effect on your experience on the Internet. Let me give you an example ...
I have a friend that's a T2 diabetic, is self treating and doesn't want to go to a doctor due to past bad experiences. So in trying to help him, I signed up for a Facebook group for diabetics in my area. The result is that now I'm getting commercials for treatments of diabetes.
This to me is freaking scary, because this data can be used against you. Your medical history could affect your credit score for example. Your buying history or your friends list could affect the price of your insurance. Your daughter could get pregnant and the store could find out about it before you. Oh wait, these already happened.
You can't escape all profiling, but the less these profiling companies know about you, the better you are.
I'm using DuckDuckGo lately to search for symptoms of hypothyroidism, because apparently I suffer from it. Along with the privacy extensions I have installed (Privacy Badger, and ad-blocker with EasyPrivacy), guess what, I don't have commercials following me around on hypothyroidism, which to me is confirmation that I'm doing a good job.
You can choose to not care of course. But you're probably young. Give it another decade.
I can easily imagine that there's an identity for me at Google which is linked to all the IP I had ever used (meaning country and ISP at the least), and linked to every google account I ever used and browser ever used (meaning what devices I've been using) and then every page I've visited which has Google ads or analytics (meaning what site I visit) and every keyword I used to search the web (easy to guess what kind of life I'm having) and then every location I've ever searched on their map (meaning they know where I go and perhaps roughly where I live).
They know more about your online history than yourself they can write a diary for you but if you feel comfortable with that, then you don't need to do anything.
Changing IP, clearing cookie and changing browser may divide your ID but as soon as you log in with your Google account or they realize you may be having identical online activities, you can easily get linked again.
And as soon as you buy something on your Google account, be it physical item or an in app purchase, they know your real identity along with all of the above and then with more profiling, you will be linked with other people by family name, location you often visit and recognized by any other profiling I can't think of now.
Well, I don't really worry much about trying to avoid it. I do stuff somewhere along the lines of your "best bang for the minute" guidelines (aside from running my own mail server).
However, it does concern me that it exists. They use this data to manipulate people. To drive "engagement", which means addiction. I could spend too long describing the evil in it, but at the end of the day, why do they care so much about the data? It all only really comes down to a way to manipulate people... into buying goods, into believing things... without hyperbole, just to try to avoid listing out so many points and examples, their desire for data stands in opposition to the popular conception of free will and democracy. I will always take a strong dislike to people and organizations attempting to manipulate me by means other than simply providing value in my life and getting some value back in exchange.
At this point, it concerns me less how much data they collect on me, and that we as a society haven't dropped some kind of regulatory hammer on them before they almost literally brainwash us out of the notion that we would even want something like it.
Agreed - it seems to come from a similar mindset as being obsessed with "websites must run without Javascript because 0.00003% of HN users disable JS".
Another aspect of this I don't see mentioned nearly as much is that attempting to be more private may actually make you stand out more in terms of government surveillance. They wouldn't be getting as much data on you from companies, but odds are they're still getting plenty, and in the case of taking extreme measures to limit that it only takes one mistake to undo a lot work. So hypothetically if you did have something to hide, or if you really wanted to maximize privacy for a subset of your life, you would allow most of what you do to be tracked in order to appear "normal"
>This allows Telegram to be widely adopted in broad circles, not just by activists and dissidents, so that the simple fact of using Telegram does not mark users as targets for heightened surveillance in certain countries. We are convinced that the separation of conversations into Cloud and Secret chats represents the most secure solution currently possible for a massively popular messaging application.
>people using these apps can be targeted by governments as those who have something to hide. Due to the limited distribution of such apps, the government can identify and track individuals whose phones connect to the corresponding IP addresses. This is something that is already happening in case of tools like Tor, and, to a lesser extent, of some messaging apps. Yasha Levine is publishing a brilliant investigation about it.
I'm reminded of the (possibly apocryphal) stories of criminals who underwent various procedures to remove their fingerprints - methodical scarring, acid burns, skin grafts from elsewhere on the body, etc: even the procedures that worked didn't actually help them evade identification, because the marks left by their now-printless fingertips were even more distinctive than before.
In my case it's not a hobby. I actually hate wasting time and money on these kind of things. But on the other side I'm legitimately scared about what's happening with all my digital information. It could be paranoia because of all the privacy movement and the recent scandals but it's not worth the risk when you have very easy to setup tools to improve your privacy like that ones you mentioned in your last paragraph which is exactly what I'm currently using (+ DDG for searching).
No it's not just you. I block ads with ublock origin. The end result of the tracking is targeted ads, and as I don't see any of them I don't care how accurate they are.
Firefox already has a built-in option to block all tracking[1], the reason why this add-on exists is that it lets you keep Google into a separated Firefox Container[2]
Firefox tracking blocking is a fairly weak "make the web a bit safer while breaking nothing". This extensions actually does break stuff like google logins on non google websites.
I've thought for a minute when looking at that option, and couldn't think of why I wouldn't want it, so turned it on. IDK if it misses anything but seems to be working pretty good, judging by messages in the console.
It's rather aggressive, even: blocks Yandex's maps embedded on other sites (though iirc doesn't block Google's maps).
Containers need curating. You could in theory do that yourself, but you probably don't know how in practice (most users) or don't want to (most remaining users). These pre-made containers are curated by their developer so they do all that work once.
If I keep my whole Google (https://myactivity.google.com) and Youtube history completely empty but still logged in to Google account everyday (gmail and youtube on Firefox), are they still tracking me around the web?
I suspect its because containing Google hinders the web experience for people more than containing Facebook would. People have mentioned in threads here that Capchas would become frequent, Google login (which probably is more common than Facebook login) wouldn't work. The addon would make the browser of an average Joe worse than Facebook containers. And when Mozilla is grasping at straws, trying to win back market share, it'll have to really debate whether or not they would want to go forward with this.
Doesn't help that FB is getting a bad rep these days and its more mainstream to hate on it.
Then an interesting question is IF the Facebook container stemmed from principles 4 & 5 from the Mozilla Manifesto applied to the dominant social utility; is there a reason other than money that the same principles would not lead to a decision to build an add-on that gives people an option to contain Google? It's certainly not a technical limitation.
It seems natural to posit that money is the issue but is it so easy to believe that a foundation most of us trust would compromise its core values?
As mentioned elsewhere hacky add-ons cannot be the end solution, and will not be widely adopted unless incorporated as defaults.
