
Purge site data when site identified via old tracking cookies - cryogenic_soul
https://bugzilla.mozilla.org/show_bug.cgi?id=1599262
======
JMTQp8lwXL
I wouldn't mind going back to a JavaScript-less web experience. I know not all
tracking is based on JS, but the browser provides so many heuristics this way:
screen size, cursor location, installed plugins. Give me reasonably formatted
HTML, and something a little bit more powerful than curl.

~~~
JohnFen
> I wouldn't mind going back to a JavaScript-less web experience.

My default policy is to not allow JS to run, so my experience is already
mostly Javascriptless. And, I have to say, my user experience on most web
sites is actually better when I don't allow Javascript to execute.

~~~
ghostpepper
I run a similar sort of policy but I would say the number of sites I visit
that display nothing but a blank page without javascript is more than half.

Sites that function without it are the exception, not the rule.

~~~
wtallis
I've found that about half of the sites that render a blank page without JS
are just setting style="visibility: hidden" on the <body> element. I cannot
think of any good reason for browsers to continue to allow that CSS property
to be set on that element. "Flash of unstyled content" is not a valid concern
here.

~~~
onion2k
_" Flash of unstyled content" is not a valid concern here._

Except it really is. Most websites are attached to businesses in some way. If
you see statistics that the flash of unstyled content means 10% of your
traffic leaves the site after less than a second you do what you can to fix
it, and unfortunately that's often hiding everything until it's ready.

Pragmatically, most businesses would give up users who don't like tracking
_long before_ they give up users who care about styling, because there are
just a lot more people who care about styling. It's an unfortunate fact of web
life.

~~~
pjc50
> flash of unstyled content means 10% of your traffic leaves the site after
> less than a second

Really?

Why does this happen at all? After all the "visible=false" is a styling..

~~~
onion2k
Some people decide whether or not a site is worth looking at extremely quickly
- if it looks "old" or "broken" they hit the back button immediately. They
will wait for the first paint though, so it can be better to delay anything
appearing until everything is ready. The impact depends a lot on demographics.

~~~
pjc50
And the second part - where does the bug lie that this happens at all?

------
floatingatoll
The relevant code comment from the bug-linked changes is:

> _This loops through all cookies saved in the database and checks if they are
> a tracking cookie, if it is it checks that they have an interaction
> permission which is still valid. If the Permission is not valid we delete
> all data associated with the site that owns that cookie._

------
majkinetor
And in v80 in alternate universe, Firefox will purge the sites from the
Internet, after the data.

Somebody please point me to the portal...

~~~
BubRoss
That's called pi-hole and having it network wide is a game changer. 30% of all
dns requests are blocked.

~~~
majkinetor
Pi-hole is on my TODO list for quite some time. Yeah, its definitelly a portal
I should get to fast (summon, not get to, hence the TODO entry). Currently
using uMatrix and friends but its not network wide and that sux a lot.

~~~
sneak
NextDNS works well without setting up anything new, too. I use it instead of
pi-hole.

------
BaitBlock
Try Baitblock [https://baitblock.app](https://baitblock.app) Baitblock has
tracking resistance that also deletes first party cookies/other tracking
mechanisms when it detects that you're not logged into a website.

~~~
foo_in_bar
It's a pity it's chrome only.

------
mgbmtl
It's rather neat to be able to read a short diff, including a test, to see
exactly what that means.

From my limited understanding: it purges cookies and localStorage, if the
storage access API permission was not granted?

------
tinus_hn
So the next race is going to be pinging all these cookies to keep them alive

~~~
JohnFen
Nah. The adtech people are already talking about persistent identification
mechanisms to allow the same identification in the absence of third party
cookies.

If you're privacy-minded, it's worth keeping an eye on these efforts, as some
of them involve getting publishers to require a login and an email address or
phone number from their users, then using that as the persistent identifier.

If that idea takes root, then we'll probably want to cancel accounts and avoid
making new ones.

~~~
l31g
Or a sign-in with Apple-like system so tracking is limited to each site.

~~~
kamyarg
Best decision I have made so far is setting up a catch-all polic for my
domain. any_random_address@mydomain.com is saved in a "dummy" inbox, I check
it from time to time and give different emails for different services to
identify who sold my email.

instagram is insta@mydomain.com, netflix is nflx@mydomain.com etc.

If someone needs pointers: I use webfaction for MX, setup mailboxes with
catch-all policy and setup a rule to forward these email to my gmail and have
a filter on gmail to skip inbox and save in "dummy" category.

p.s. if someone has a better alternative to webfaction for email only stuff,
please let me know, not sure if I can do it with an other provider that is
cheaper.

~~~
goatsi
I've used migadu.com for well over a year now and been very happy with them.
They let you setup multiple regex based catchalls, so I can create any address
prefixed with shop and have it forwarded to one address, while ones prefixed
with game get forwarded to another. If you aren't planning on sending any
emails from the domain, their free single domain plan might work very well for
you.

~~~
kamyarg
Occasionally I have to send emails especially when I have to respond to a
customer care response. But will take a look, I am willing to pay for this(I
am already paying for webfaction).

------
xenator
So, another popup notification to add site's cookies to whitelist.

------
jackjeff
I have been using “Cookies Autodelete” for years. Except for a short list of
20 sites, nothing can store data on my Firefox.

These tracking sites would not be able to show me ads anyway because I have
“uBlock origin”

And finally “I don’t care about cookies” to automatically dismiss these stupid
GDPR “we’re going to use cookies” prompts.

Without these the Internet feels broken.

~~~
gruez
>I have been using “Cookies Autodelete” for years. Except for a short list of
20 sites, nothing can store data on my Firefox.

Not really. It doesn't delete indexeddb for instance.

~~~
rasz

        delete indexedDB;
    

in userjs is all it takes in Chrome to disable indexedDB permanently

~~~
smitop
It is still possible for websites to access indexedDB by using Web Workers:

    
    
      new Worker("data:application/javascript,console.log('indexedDB: ', indexedDB)")
    

This works since userscripts only run in top-level websites and frames, but
the above code runs JS code in a seperate thread with no attached DOM.

~~~
rasz

        if ('serviceWorker' in window.navigator) navigator.serviceWorker.register = () => new Promise( function(resolve, reject) {} );
    

disables webworkers from ever working.

