Hacker News new | past | comments | ask | show | jobs | submit login
Facebook Container Extension: Take control of how you’re being tracked (blog.mozilla.org)
854 points by sanatgersappa on March 27, 2018 | hide | past | favorite | 229 comments

I don't understand why the default behavior isn't to isolate every website from every other website? Why is least privacy the default?

Disclosure: I'm the author of the add-on mentioned in the story.

Basically, various privacy protections cause various kinds of website breakage.


Oh hey, love your work mate. Thank you!

My pleasure ... but it's not just my work. Firefox privacy & security and add-ons engineering teams have poured a ton of effort into Firefox Quantum to make features like this possible and easy.

How easy is this to extend to other sites? LinkedIn and Google, specifically?

Then those websites should be considered broken much like we consider Adobe Flash and sites with invalid TLS certificates.

I really like that perspective! A few more high-profile cases like this and we just might nudge the internet in this direction! :)

Yes please. Third party cookies and the like are the plague. They have so few legitimate use cases.

Make it a long deprecation if you have to. Give even longer exemptions to the really big players / the big breakage / the legitimate use cases while we find better ways. But it is up to the browser vendors to remove the weapons here.

Unfortunately, OAuth relies on them. Many SaaS offerings rely on OAuth.

SAML and some oauth flavors do, but most of oauth does not.

I don't think OAuth requires third-party cookies, and SAML definitely does not. The authentication parts use HTTP POSTs or redirects from the IdP to SP. You probably do want cookies to track the sessions on each end, but those would be first-party.

It's possible for your IdP to track the SPs you authenticate to regardless of protocol or cookie use, of course.

The problem is that basically all of Google’s products would be affected, which is something no browser can easily ship without angering users.

Can you elaborate? Is there some reason that running every Google property except google search (unless desired, but I prefer non-tailored results) in one container wouldn't work?

In that case each origin is not really getting an isolated cookie jar.

Agreed. There are good kinds of broken.

That is mostly the case. However, other websites may ask your browser to make requests to Facebook domains (to load in social buttons or tracking scripts/pixels). Those requests will include any cookies your browser has for Facebook as they're direct to Facebook domains.

This extension gives Firefox selective amnesia: if you're in a Facebook container tab, it'll remember and send those cookies. If you're not, it won't!

An alternative solution is to never make those third party requests in the first place, but you might need some of them for content you're actually interested in viewing. Using both a blocking extension and this container extension should improve your privacy towards Facebook.

This begs the follow up question: Why can’t my browser always send zero cookies for all third party requests in all tabs?

Presumably the like button wouldn’t work - but that’s what I want. So the Q is: what will break that I didn’t want to break?

You can disable third-party cookies in Firefox. See https://support.mozilla.org/en-US/kb/disable-third-party-coo...

It breaks things like "sign-in with github credentials" in CIs. But you know, these should be exceptional, therefore the default should be to load third-party content without cookies. The problem is that some content is loaded without your having to click on something (where you'd have a chance to right-click and request loading with selected credentials).

Not necessarily: OAuth Basic Flow does not require third-party cookies. With Basic Flow, you'd get redirected to github.com, making it a first party request. Github will then redirect you back passing an authentication code as a URL parameter.

I use uMatrix for this purpose, and to block third-party frames to defend against clickjacking. That said, Multi-Account Containers still are very useful.

I’ve been blocking third-party cookies for years and using OAuth authentication in several places. Don’t remember ever having an issue.

> Why can’t my browser always send zero cookies for all third party requests in all tabs?

It can. Blocking third-party cookies is available in the browser settings of at least Firefox, Chrome, and Safari. I think it’s even on by default in the latter.

I’ve been using it for years and never seen a broken page as a result.

The site of one of the banks I use relies on third-party cookies, because it outsources parts of the site functionality.

Sites that put a checkout flow hosted on a different hostname in a subframe break.

Some forms of "sign in with X" break.

The main thing I notice break when I enable things like "no cross origin cookies" is history on the AWS console. Stuff like "roles you've switched to" and "services you've used recently" get forgotten.

Single sign-on? (e.g. logging in to Trello with your Google account)

If you get tokens by callback urls you don't need any 3rd party cookies.

That's not relevant to the question.

It breaks federation, i.e., Single SignOn.

But there's a thing for Firefox which does it for all sites. Called First Party Isolation.

An idea.. imagine putting SSO stuff into a Container and setting First Party Isolation off for just that Container.

ive had it disabled for years and never had any kind of issue with single signon websites

knowing what fb is doing with your data, why would you still want SSO?

Because it doesn't have a way to break only FB SSO. All SSO would break by default.

I mean it's too late now but there's nothing fundamental about the current SSO design. If browsers shipped with FPI from the beginning SSO would still work, it would just look different.

There’s uMatrix for that of course but is uBlock Origin and PrivacyBadger combo enough with this extension? As the de-facto tech guy in my family I know how to take care of my own privacy but I’m always searching for the most hands off solution for the tech illiterate family members who come to me asking to “fix their laptops”.

Have you considered Tracking Protection? https://support.mozilla.org/en-US/kb/tracking-protection I had to disable it for a few select sites but I guess there's currently no solution that won't ever break a site.

There's a "Same-Site" cookie flag that helps prevent CSRF by preventing cookies being sent in that scenario. Can the browser be made to treat all cookies as "same-site" for a quick 'fix' to this issue?

Obviously this would need a white-list (and a pair<from,to> whitelist, not just "this domain is OK list) to allow SSO scenarios.

Simply set the configuration value privacy.firstparty.isolate in your about:config.

This will treat every first party domain as it's own container for cookies and other stuff.

Yes, but as you say this breaks a large number of applications. The web browsers aren't super likely to break existing behavior since people simply blame the browser that whatever thing doesn't work.

> I don't understand why the default behavior isn't to isolate every website from every other website? Why is least privacy the default?

Default privacy settings are tough to manage.

Some people want privacy, and will accept broken websites if it keeps their data and online movement private.

Other people just want their usual websites to work, don't understand or care to think about privacy, and if some random content farm looks busted in Firefox, will just switch to another browser.

Aside from picking a sensible default, Firefox also offers to educate users where it makes sense. For example, when you open a new private browsing window in Firefox, the tracking protection section includes a "See how it works" button that takes you to a tour-style walkthrough of how tracking protection works.

> I don't understand why the default behavior isn't to isolate every website from every other website?

There's an add-on that does something close to that:


This add-on's options include opening each (sub)domain in its own container. These containers are temporary: they're deleted a short time after you close their last tab, so you have to log back into each site on each visit. (This may be something you do anyway.)

I don't (yet?) know of an add-on that automatically assigns each domain you visit to its own permanent container, and automatically creates new containers for each new domain.

It's likely breaking lots of websites that do single sign-on and similar federated/multi-domain things

You can set Firefox to behave that way, though. Look for First Party Isolation.

you can do that with the firefox Multi-Account containers extension. I don't go to that extreme, but its nice to have a few key profiles. I have work and personal, plus a few others (like banking).

What is really nice, is you can tell it to ALWAYS open your banks website in a particular container, and it will. If you go to that URL from a tab in your work profile, it will switch to the banking profile for you.

Multi-account containers are great. I just wish switching to one wasn't as jarring as the tab closing immediately after opening and then re-opening in the correct container - I'm assuming that's still how this extension works?

Of course, I can appreciate that such behaviour is technically far more challenging. It's merely as a user that it's disappointing, and it makes Temporary Containers [0] practically unusable.

[0] https://addons.mozilla.org/en-GB/firefox/addon/temporary-con...

It still works that way.

We close the previous tab and cancel the webRequest before it's sent to the site so none of the default cookies are sent.

"Converting" a tab from one container to another is actually a bit complicated, and there are open issues for it. :/

I've noticed the favicon still loads in the old tab. Is that a request made outside of the web request and possibly leaking info in the old context?

Probably served from cache

I believe this is an issue with redirecting domains. For example, if you have set foo.com to automatically open in a specific container, and you enter www.foo.com into your default tabs, it will try to load www.foo.com in the default tab, then get redirected to foo.com, then realize it needs to be open in a specific container, then open a new tab in that specific container with foo.com.

A good workaround for this could be to let users add arbitrary domains to their container whitelists (so you could manually add www.foo.com), but I haven't found a way to do that yet.

That's exactly the reason why I stopped using Multi Account Containers. Very annoying.

Are they planning to fix it somehow?

I just tried the Facebook container and it doesn't do that.

tip : you can assign sites to specific containers - so amazon always opens in shopping

Right, that's the way the described minor annoyance occurs: configure Amazon to open in the Shopping container, open a new tab, enter the Amazon URL and press Enter, then the tab closes and a new tab opens in the Shopping Container that visits the URL.

Dear Apple,

Please design an iOS identity isolation UX for Mobile Safari, Apple Mail and third-party apps.

Currently we have to use several different iOS web browsers to achieve isolation of browser logins/cookies, but Apple Mail opens all links in Safari.

Ideally, there would be an OS enforced, per-app setting which defines which web browser (or Mobile Safari identity context) will be used to open a URL.

I'd prefer creating a throwaway container/context every time. Safari allows you to store pwds.

You can get that by entering Private Mode in Safari.

A URL clicked in Apple Mail will then open in a private tab.

Another good tool is DuckDuckGo's tracker blocker. Facebook got a lot of attention, but google, comscore, twitter, and others are doing the exact same thing.


Note that it includes "energy labels" for terms of services that allow you to assess their impact at a glance. Those labels are provided by Terms of Service; Didn't Read, and they're currently crowdfunding with the help of DuckDuckGo, who donate to the project depending on the amount raised: https://www.crowdrise.com/o/en/campaign/tosdr

Remember Facebook probably tracks your IP address and user-agent anyway, I'd be skeptical that Facebook doesn't put two and two together.

After using containers to isolate my Google activity in a similar fashion, I can confirm Google at least does. I see recommendations to watch other videos from the same channels I watch on YouTube in my Google container if I end up on YouTube in my normal browsing container.

Are you logged out of (or never logged in to) any of the Google properties/platforms in these two modes? If yes, then Google's behavior here doesn't match user expectations and is tainted.

Yes, I've never logged into Google anything in the default container.

Now we need per-container VPN/proxy.

There is one silver lining in carrier grade NAT. combine that and all facebook ends up with is you are one of a few hundred firefox users in some geographical area.

Not necessarily! Other fingerprinting details can surface identity even when user agent and IP are unreliable. If you've got a specific screen resolution, you're tagged. If you've got a specific version of some piece of software (Flash, for instance) you're tagged.

I believe also fonts installed. EFF has a great tool regarding fingerprinting https://panopticlick.eff.org

Not true

Everything down to the fonts you have installed can be used to track you


more than that, theres a bunch of sites that buy your email address/phone number from companies, which then provide matching across browsers/devices/containers/etc which they sell to others. All you need to do is log into one on each and the cookies get linked and they know its the same person.

Wouldn't adding hashed query strings to urls linking to sites outside of Facebook circumvent any effort put into containing de-anonymizing data? The wrong hash would lead nowhere, and the right one would give you away.

Facebook would only have to edit a specific field in users' posts' urls related to certain domains, so that different users access unique urls that link them to Facebook in a specific context.

Once outside the container, a user is traceable back to a Facebook profile.

I don't know if this is possible, but people don't really check urls, let alone human-unreadable ones.

I imagine that this could break navigation, but directing wrong queries to a default page would solve this. Anyway, they could still try their luck.

That's an interesting threat model for this particular defense.

Cliqz has done some interesting research in this area of detecting (and stripping) unsafe data elements.


I hope that gets Facebook fined 4% of their turnover for violating the GDPR.

If most users don't pay attention to URLs (which is true), users cannot give informed consent, a core tenant of GDPR.

I really think programmers need a basic lesson in probability, because most of these solutions are complete nonsense with respect to information theory. Skynet still knows enough about you and everyone else even if you alone leave Facebook, and we need to figure out how to curb the powers that come with amassed data more generally.

1. Models don't need everyones data, they just need enough data. Facebook, Google, et al have more than enough data for a lot of applications even if they only had 5-10% of the population. So at best, this ship jumping will limit Facebook's ability to "micro-target" certain populations. In this case, P(whatever | privacy concerned individual) will be a bit noisier, but Facebook will still have a really damn good idea about P(whatever | still a Facebook user)

2. Facebook can still use/sell the models it develops against its user base to target you even if you're not on the platform unless you really think P(depressed), P(bad employee), P(insurance risk), P(easily influenced by a specific type of marketing) has anything to do with the fact that you're not on Facebook. The minute someone asks a few questions about you in any setting, they'll be able to infer a ton more from the models alone. Lack of information about you will only add noise, and to make things worse, Facebook has enough data on privacy conscious individuals anyway to where they can reasonably fill in the privacy conscious holes in their data with a reasonable model.

3. P(privacy concerned) may be correlated with P(not manipulable), so you jumping ship isn't going change the systemic issues everyone is concerned with, namely Facebook and third-party customers' ability to morph society in the means they see fit.

4. You can replace Facebook with Google/Amazon/Spotify/Chase/Bank of America/Hospital System/Government and all of the above is true within the domain of data they control.

"Facebook Container leverages the Containers feature that is already built in to Firefox."

I appreciate this. I was aware Firefox already had a container system, but didn't want to employ the effort to set it up. A one-off for Facebook though, feels easy to work with.

Exactly! This addon has no new exciting tech. It's just specialized/preconfigured UX around an existing feature, and opportunity-grasping marketing after the recent Facebook privacy barfs.

I'm happy to recommend/install it to friends I install uBlock Origin for.

Great job Mozilla :) . More of this.

Can someone explain how this would prevent fingerprinting? IP, user-agent, window-size and other details can reliably identify most of the the other http sessions anyway. Blocking trackers seems as important to me.

Mozilla is also taking anti-fingerprinting action, but that's separate from this. see: https://wiki.mozilla.org/Security/Fingerprinting

Well credit where it's due, the anti-fingerprinting is actually a TOR project. The project you linked to is an attempt to bring TOR's protections into the mainline Firefox browser. Obviously TOR has more stringent goals than Firefox so many privacy features are currently hidden behind the `privacy.resistFingerprinting` option in about:config.

It wouldn't. It merely makes it more difficult for Facebook to track you on third-party websites, as fingerprinting is more difficult and error-prone than simply re-using your cookie.

My question was rhetorical :-). I agree with you that it is harder and noisier to perform fingerprinting, but I still wish for Mozilla to evangelize a more complete solution. The current one creates a somewhat sense of false security, in my opinion.

For them to evangelise it, it has to exist :) That said, they are incorporating anti-fingerprinting features as part of the Tor Uplift project. (See e.g. https://www.deepdotweb.com/2016/07/10/mozilla-implementing-t... )

It does not. I'd guess it hardly makes a dent in their tracking. The only sure way to block completely is to use a custom router on your network - an outgoing firewall. Via a custom dns server on my router, all requests from any device, browser, app, etc for the facebook or any ad or tracking domains never leave my network. This is powerful. Windows 10 intrusive spying can be blocked as well. Basically anything that I can't figure out what it is is blocked, and it's a lot. If I ever acquire malware that phones home, it should detect as well.

The great thing is when you block all that, your internet is much faster.

You can already go a long way without as much technical commitment with a PiHole setup that simply poison DNS queries.

It can't compete with the total control you get with crafting specific firewall rules but it has most of the same effect while being a lot simpler to manage.

Would you comment on what router and software you are using, how difficult it is to maintain, and any surprises you have had using it (things you depend on breaking).

It's Ubuntu. Protectli is the equipment, easily obtainable on Amazon. If I had to do over I would use PCEngines however since they use core boot. Edit: you will also need a wireless access point to plug into a lan port. Ubiquity unify is great and is much better coverage than the consumer grade router this replaced.

An excellent guide: https://killtacknine.com/building-an-ubuntu-16-04-router-par...

Up for months, incredible speed, no maintenance, except to add new domains to block when they prove to be spyware. Twitter may be next on the list since it is of declining use to me.

I'll add that I'm by no means a linux whiz, but learned a lot by doing this project.

Biggest issue is explaining to guests why they can't access facebook.

Another bene is you no longer have the planned obsolescence of consumer grade equipment. I fully expect this thing to last a decade, and "firmware" is automatically updated via linux.

If you want something high-performance that you can have running quickly, you can do this with a Turris Omnia router + Pi-hole (DNS ad-blocker). The Omnia is about $300. I've done a blog post explaining how to get everything set up here, and it's CC0 public domain licensed so you can copy or adapt it however you like: https://www.tombrossman.com/blog/2017/how-to-install-pi-hole...

No surprises, the Omnia updates itself and reboots automatically (you get an email warning of you want to intervene) and everything 'just works'.

It won't, but it'll still help with the low-hanging fruit of just giving you a cookie.

I already use the multi-container accounts to do this. It works fantastically, and is the biggest reason that Chrome is gone from my mac.

Why is this different from Privacy Badger? This allows you to segregate all facebook toxicity to a single container. This allows you to fully use facebook, and places like login via facebook, without exposing other things to facebook in the first place.

That said, this really doesn't address either the Cambridge situation, or the fact that Facebook themselves allowed the Obama campagin to pull demographic information in violation of their own polices, which was arguably impacted far more people (https://www.investors.com/politics/editorials/facebook-data-... && http://www.dailymail.co.uk/news/article-5520303/Obama-campai...). The only solution to that is to #DeleteFacebook. Facebook is a surveillance as a service provider. The only way to keep them from monetizing you for commercial, social or political reasons is to firewall them off.

You can also associate this with a VPN, if you want to deny them the IP address your home machine is using.

> Facebook themselves allowed the Obama campagin to pull demographic information in violation of their own polices, which was arguably impacted far more people (https://www.investors.com/... && http://www.dailymail.co.uk/news/...).

Neither of those citations say that what the Obama campaign did violated Facebook's policies.

The "But the Obama campaign did something similar!" is an argument based on false equivalence, used to muddy the conversation.

(Further, both of those citations - a right-leaning source[0] and a tabloid, respectively - are articles written about some tweets. Which is not to say that they're wrong, but without further confirmation, one might want to take them with a grain of salt.)

[0] The "You might like" links at the bottom are to the articles "Russia Scandal: Did Obama Tutor Hillary Clinton In Electoral Conspiracy 101?", "Will Mueller Ever Admit That There Was No Trump-Russia Collusion?", and "Hillary Clinton Still Can't Believe She Lost ... Or Why".

Actually, if you look, the original source said that Facebook admitted that they were only doing so because they wanted Obama to win - and that for anyone else it would be a violation of their practices. The OFA postulated that Facebook did the same for other parties, but no evidence has come to light.

In fact, reading what the OFA admitted, and what is under investigation here, the only difference seems to be that Facebook didn't unofficially bless the efforts of Cambridge, while they did for OFA.

Here is the money quote - directly from Twitter:

“They came to office in the days following election recruiting & were very candid that they allowed us to do things they wouldn’t have allowed someone else to do because they were on our side"

That's not a conspiracy theory, or some evil double standard. That is a director for OFA explicitly mentioning that they were being given special data "because they were on our side".

You should be very very scared about social network deciding to be on peoples side. See Trump and Twitter.

It's as if the last two years hasn't convinced you to be deeply skeptical of social networks and surveillance as a service operations. This universal confirmation bias is the exact same bias that Trumpkins use to ignore any news they don't like. Facebook will keep selling you to the highest bidder. They don't give a fsck about your political point of views.

(And this is probably tame for what they do for China to suppress their people).

Actually, if you look, the original source said that Facebook admitted that they were only doing so because they wanted Obama to win - and that for anyone else it would be a violation of their practices.

No, it doesn't. Between the two sources, they say that Facebook was "surprised" that they were able to get so much data, and that Facebook didn't stop them. The sources do not say that the Obama campaign violated Facebook's policies.

This is the false equivalence: "What the Obama campaign and Cambridge Analytica did to acquire data on tens of millions of Americans is the same."

In reality, Cambridge Analytica obtained the data from a 3rd party not authorized to provide it, and who collected the data under false pretenses.

The Obama campaign did neither.

EDIT: Here's The Washington Post. "Facebook’s rules for accessing user data lured more than just Cambridge Analytica" - https://www.washingtonpost.com/business/economy/facebooks-ru... :

Cambridge Analytica — unlike other firms that access Facebook’s user data — broke Facebook’s rules by obtaining the data under the pretense of academic use. But experts familiar with Facebook’s systems and policies say that the greater problem was that the rules for accessing the social network’s information trove were so loose in the first place.

“They came to office in the days following election recruiting & were very candid that they allowed us to do things they wouldn’t have allowed someone else to do because they were on our side"

The willingness to excuse Facebook selling your privacy because you agree with a political point of view is part of the problem.

Both the articles you cite concede that some meeting some time somewhere at which somebody from Facebook said "they allowed us to do things they wouldn’t have allowed someone else to do because they were on our side" doesn't mean that the Obama campaign violated Facebook policies. It's an important distinction.

If we trust The Daily Mail article:

Davidsen said that she felt the project was 'creepy' - 'even though we played by the rules, and didn't do anything I felt was ugly, with the data'

If we trust the IBD article:

The only difference, as far as we can discern, between the two campaigns' use of Facebook, is that in the case of Obama the users themselves agreed to share their data with the Obama campaign, as well as that of their friends.

The users that downloaded the Cambridge app, meanwhile, were only told that the information would be used for academic purposes. Nor was the data to be used for anything other than academic purposes.

It's an important distinction, to be sure, and Facebook is right to be attacked for its inability to control how its user data were being gathered and shopped around.

(Though it should be pointed out that it wasn't a Cambridge Analytica app, and Cambridge Analytica obtained the data from a 3rd party who wasn't authorized to provide it.)

In any case, Zuckerberg's senate testimony should reveal the circumstances under which facebook data was shared or not shared with the Obama and Trump campaigns.

After all, both campaigns (and most major US political campaigns) surely had embedded Facebook employee account managers helping them spend as much money as effectively as possible, while scrutinizing their account usage.

That is assuming the testimony doesn't wind up being an hours long repetition of the words "I do not recall". I'm not all that familiar with Facebook's org chart, but there might even be some plausible deniability with the CEO getting involved with day-to-day API access requests.

(Who, me, cynical?)

That sort of rank partisanship can barely be hidden. It's discrediting. FB is clearly in the worse here, even if they were entirely within their rights while Cambridge Analytica was entirely not. What's legal is not always what's right.


It's becoming clear exactly what the cost of social surveillance is in our lives. This is just one of many significant problems with it.

There have always been jackasses willing to sacrifice morals (or rightness) in favor of power. Social networks just make it easier to ignore signals that should humanize power.


> ...his brain literally cannot differentiate between identical and similar...

You're way out of civil and substantive territory with things like this. Please resist the temptation.


I sincerely believe this is something new and interesting. Suggesting someone has acted based on a subconscious psychological affect is less insulting than accusing someone of conscious or deliberate error (which happens routinely on HN), is it not? Which has the harsher punishment, second degree murder or first?

Serious question. Would you deny that there has been a noticeable decline in objectivity of commentary in the last year? I can agree singling one person out could be considered harsh, but make an honest effort to ignore the perceived "rudeness", is the failure of basic logic not a little striking here? If the topic wasn't controversial, do you think a similar situation would arise?

I take what you say seriously, and kindly ask for the same consideration in return.

I'm sorry, but I don't follow all of that. The main issue with the original comment is simple: it is not within the guidelines on Hacker News to say that another user's brain is malfunctioning, or other things of that sort.

> Be civil. Don't say things you wouldn't say face-to-face. Don't be snarky. Comments should get more civil and substantive, not less, as a topic gets more divisive.


The point is, it's a double standard. The guideline you quote used to be broadly followed, but is now broken regularly.

And his brain isn't malfunctioning, it's just behaving the way the human brain works, the vast majority of people on HN are quite broadly knowledgeable, I highly doubt you're that ignorant of human psychology, more likely you don't care for my opinion.

Besides, read my edit above - whether it was accidental or deliberate, the person was being incredibly intellectually dishonest. It wasn't too long ago that that counted for something on this website. I suppose it still does, but what's new is that it is trumped by political correctness.

If you're going to bother with a reply, how about you address my "intellectually dishonest" charge?

Demonstrate how I am incorrect.

In case you do make it back here, I now realize who I'm talking to and how thin of ice I'm likely treading on. This changes my opinion in no way, instead I'll make one last statement on this particular matter: I assert that the level of discourse on political related matters on HN has taken a significant turn for the worse, most likely corresponding to the most recent election. While this probably shouldn't be surprising, HN's are people after all, where I think (not guarantee, but think) criticism is valid is that there is widespread abuse of the guidelines noted above, widespread abuse of the truth, and a double standard of claims of "appropriate behavior".

I would imagine your instinctual reaction is to disagree, I'm sure mine would be as well, but then ask yourself this: is it possible I have a point? We know this phenomenon is happening on other forums, are HN'ers really all that special, are we immune to the shortcomings the rest of humanity suffers from?

This is too complicated. It's against HN's guidelines to take personal swipes, such as insinuating things about their brain. That's all. Please don't do it again.

It's against the rules regardless of your politics or theirs.


Fair enough, I would simply ask that the rules are enforced in an unbiased manner, and if I report someone for an objectively similar violation of the rules, that evaluation of that is unbiased.

It's not lost on me that I am involved in these types of discussions more than average, but it seems that this will naturally occur to anyone who is in a substantial minority - after all, would we expect people to be highly motivated to reply to a comment with which they agree?

I don't involve myself in these discussions entirely because I enjoy it, I also do it because it's important. Disagreement and debate is important to a healthy democracy, and there is a decreasing amount of genuine honest debate in the world.

Also not that as usual, someone coincidentally came across my posts on an at least 2 day old thread and delivered my obligatory downvotes. No problem though I suppose.

The behavior is objectionable whether any of the parties had FB's approval or not. That Cambridge Analytica lacked FB's approval makes what they did either no different, or a lot worse, depending on your p.o.v. -- if you're FB, you're likely to think that Cambridge Analytica did something terrible; if you're the public then the end result was the same as in the Obama campaign case, so you might find the Cambridge Analytica no worse.

Seriously, being on the public side I can't tell the difference. Both cases involve (ab)use of user data from FB without the users' knowledge. Both are bad -- or neutral, if you're the sort of user that understands the implications of using Facebook at all. Indeed, I'm not even surprised by these incidents. If anything I'm surprised that anyone is. I'm not even surprised -though annoyed- by partisan attempts to make one side or the other look worse.

Please, let's stop pretending that Facebook's blessing makes one (ab)use of user data OK and the other not. If you object to a campaign's use of your data, why wouldn't you object to a campaign's use of someone else's data?

And yes, your data, when shared with FB, is FB's data. But do people even understand that? You and I do, but does your mom? Mine certainly does not.

Wonder if anyone from Facebook went back and asked them to delete all that data. Then later on verified that they did so. What about other outfits that figured out how extract the data in the same way?

The commenter isn't arguing that they're the same:

> That said, this really doesn't address either the Cambridge situation, or the fact that Facebook themselves allowed the Obama campagin to pull demographic information in violation of their own polices...

The sentence is essentially "this doesn't address A, nor does it address B", which requires that A and B be different.

There were rumors of Zuck wanting to run for president.

Somehow, I think after this, it is ( I hope ) unthinkable.

It's always been laughable.

It was laughable that Trump would run for President, until he did. And Ronald Reagan: "The actor?"

Reagan was also Governor of California.

we are firmly in the era of celebrity presidents - every president since Carter has been less qualified then the previous in terms of previous executive experience.

Zuck, Kamala Harris and Oprah are whetting their appetites.

Kamala Harris may be a political darling at the moment, but she is not a celebrity politician and so it doesn’t make sense to compare her to Oprah or Mark Zuckerberg. Harris has been in law/politics for basically her whole career:


One of those three people is a sitting US Senator.

Who will not have even served out her term when she runs for president.

These are the type of people we feel are well qualified to run the most powerful, largest, and most expensive institution in human history?

How is someone who is a US senator exactly similar to Oprah? Nixon was in Congress for 6 years and VP for 8. Was that not enough or too much? And the idea Obama was less prepared that George W. Bush seems hard to swallow.

Look, you can take issue with Harris's positions, but before she was Senator she was CA's Attorney General before that.

Not exactly inexperienced.

> Who will not have even served out her term when she runs for president.

So, she’ll have a couple fewer years in the Senate and a lot more in elected executive positions than Kennedy when he was elected President.

> These are the type of people we feel are well qualified to run the most powerful, largest, and most expensive institution in human history?

Harris isn't necessarily my first choice, but she's certainly qualified; Oprah and Zuck are unqualified, though less so than the current incumbent (which, admittedly, is a low bar to clear.)

Of course. The people that would elect them are decidedly and unabashedly anti-technorati. It is a good thing we have the bureaucrat firewall in place, frustrating though it is.

Interestingly, from a game theory perspective, the purpose of leadership is to coordinate people, and charisma is absolutely a valid way to accomplish that. From game theory it doesn't actually matter very much how the coordination is arrived at, just that it happens, check out http://www.dustingetz.com/:myerson c-f "charisma"

In short, yes. I think a sitting US Senator has met the basic credibility and resume qualifications to be a US President, and is not accurately described as a "celebrity" candidate.

Reagan, GWB, and Clinton were all Governor before President.

GHWB was founder/CEO of an oil company, Chairman of the Republican National Committee, Director of the CIA, and Vice President.

Zuck is the Chief Executive Officer of a $400bn+ company ( not that I think he is qualified, mind you ).

For one tech company with no other experience. A one hit wonder, in other words.

He might be a great executive, but then, Donald Trump might be a great real estate developer, investor, and business man. Just a few factors aligning correctly and you can be successful, even if you aren't particularly skilled.

Here's NPR.


Relevant quotes from Betsy Hoover the Obama 2012 online organizing director:

"So the app that everyone's referring to in this moment was an app called Targeted Sharing. It was an app that we created on Facebook that fully followed Facebook's terms of service. And any individual could decide to use the app. When they clicked on the app, a screen would pop up that would say what data they're authorizing the app was giving us access to and exactly how we were going to use that data. And so at that time, it was totally legitimate on Facebook to say you're giving us access to your social network. You're giving us access to your friends on Facebook."

"...So, you know, we got your list of friends. And then we matched it to our model, our list of voters that we didn't build with Facebook data. We built with voter history and, you know, all of the other data points that Democratic campaigns use to build models. But we matched the data of your friends to that model and then reflected it back to the person who had authorized the app..."

Sounds very similar to Cambrdige Analytica imho. In addition I don't really think that exploring how deep the rabbit hole goes is deflection, rather showing how much more pervasive this practice is than people think.

>The people signing up knew the data they were handing over would be used to support a political campaign. Their friends, however, did not.

>Facebook friends lists, tags and photos allowed Obama operatives to identify a person’s close friends, which they then matched with offline public records. (Was this person likely to vote for Obama, but unlikely to get out to vote?) They then told the app users which of their friends they should send campaign messages to.


They seem pretty different. Not just in how the data was collected, but how it was then used.

The research into Facebook likes and personality and the manipulation of those psychological profiles, which CA based their entire operation on, didn’t even exist in 2008.

Comparing the two is absolutely a false equivalency.

And the CA scandal goes way beyond the Facebook stuff. The company is allegedly involved in various illegal and anti-democratic activities around the world. Are people really downplaying this simply because they support Trump and CA has a Trump connection?

Agreed. In my understanding the CA data wasn't a friends list, which it what OFA got, but your friends Facebook data (their photos, posts, likes AND their friends data). That's how they got to 50M users. And how they used it sounds pretty different too.

The data OFA got wasn't just a list of your friends, it was their photos, posts and likes too. The Obama campaign's strategy revolved around using that information about your friends' social media - what photos they were tagged in, who interacted with who, etc - to figure out who was closest to which of their volunteers in order to work out who could best convince them to vote Obama. Which isn't what CA was offering, of course, but still seems rather creepy.

The other difference is that based on what we know, the Trump campaign didn't actually have any interest in using the CA data in question. The head of their campaign has quite consistently said he thinks CA's psychographics was worthless nonsense, and I'm not aware of anyone finding evidence contradicting this. It's quite possible that, in fact, the 2012 Obama campaign was the only US presidential campaign that systematically gathered information on people's Facebook friends to feed their campaign machine.

'False equivalency!' seems to be a popular new phrase to prevent self-reflection. If the CA situation is only bad insofar as it helped the GOP, then that's fine, but if you're interested in broader change regarding privacy then a knee-jerk partisan supremacy won't benefit anyone.

It’s not a new phrase. Perhaps you’re seeing it more due to the flood of textbook false equivalencies from people trying to defend the president’s behavior.

On the one hand you have FB users actively campaigning for Obama coordinating and voluntarily sharing their friend data with the campaign for the purpose of campaign, and on the other hand you have a goofy quiz app author secretly using the friend data for the Trump campaign.

> > Facebook themselves allowed the Obama campagin to pull demographic information in violation of their own polices, which was arguably impacted far more people (https://www.investors.com/... && http://www.dailymail.co.uk/news/...).

> Neither of those citations say that what the Obama campaign did violated Facebook's policies.

The text you quoted does not claim that the Obama campaign violated FB's policies. It says that FB allowed the Obama campaign to do things that would -without FB's approval- have violated FB's policies.

> (Further, both of those citations - a right-leaning source[0] and a tabloid, respectively - are articles written about some tweets. Which is not to say that they're wrong, but without further confirmation, one might want to take them with a grain of salt.)

The tweets were from Obama's own Campaign Director, saying that OFA were allowed to violate FB's TOS in a way that others weren't.

> both of those citations - a right-leaning source[0] and a tabloid, respectively

The Daily Mail is a tabloid, and is so bad that it has been banned from being used as source in Wikipedia.


> Neither of those citations say that what the Obama campaign did violated Facebook's policies.


I can see why Facebook would care about that, because owning/selling/managing the data is their model.

But that doesn't matter to me a Facebook user when the end result is the same (my FB info provided to political campaign.)

Yes, this was the first thing I did when I installed multi-container tabs. I use it for Facebook and banking.

I don't use it for banking but I do contain Amazon as well.

Every account should get its own container.

That's effectively what privacy.firstparty.isolate does in about:config. Every origin automatically gets its own container.

This is one of the features that we've brought upstream from the Tor browser. Further reading at https://www.torproject.org/projects/torbrowser/design/#ident...

They do keep shadow profiles even if you #DeleteFacebook or don't use it at all.

use FB disconnect, noscript and ublock, use multiple container profiles (not just for FB).

I've quit FB, but the above might be enough to contain FB for those who can't/won't. I still do the above for any other privacy-hating aspirants.

Not saying you shouldn't play the cat and mouse game but it wouldn't take much to have the FB code served first party.

You're gaining security the same way bike locks provide security. Anyone motivated could break it but you're hoping that enough people are easier targets that you're ignored.

This solution is good for you personally but it's not a fix.

> biggest reason that Chrome is gone from my mac

You can do the same thing with Chrome profiles, Chrome Canary and Choosy. This multi-container thing (per OP, don't know if you are using the same one) appears to be FB only. So while it is effortless, it's reactionary and limited. The general solution is better and doesn't force you to a specific browser.


Disclaimer: When I use google (search, gmail, etc) and facebook I use specific profiles for those activities. I use a default profile for everything else. So, I don't actually use the above solution myself.

I used to alternate between browsers for different uses but after the Pocket debacle I abandoned Firefox "for good". Since Quantum I haven't liked it anyway.

I believe the parent comment is referring to multi-account-containers [1], which is a general implementation.

This Facebook extension is a reactionary Facebook-specific adaptation of that extension. But it is still useful for many users since it doesn't require any user interaction.

I think multi-account-containers is more convenient than profiles since it provides a single interface to manage the containers and browser settings are shared, but I am actually using profiles on Firefox because the extension doesn't seem to support the "Never remember history" browser option.

[1] https://github.com/mozilla/multi-account-containers and https://addons.mozilla.org/en-US/firefox/addon/multi-account...

This extension is FB specific, but thw underlying mechanism is generic, and has an advantage over chrome profiles in that tabs with different 'profiles'/'containers' can share a window.

> I already use the multi-container accounts to do this.

How? Specifically the part where clicking a link inside the FB container that leads outside of FB opens outside the container?

AFAIK it's impossible, and that's why I stopped using the multi container stuff in Firefox.

It's such an obvious oversight. When they implemented "get into the container when clicking xyz.com" how come they never thought of "get out of the container when clicking something that's not xyz.com"?

> That said, this really doesn't address either the Cambridge situation, or the fact that Facebook themselves allowed the Obama campagin to pull demographic information in violation of their own polices, which was arguably impacted far more people (https://www.investors.com/politics/editorials/facebook-data-.... && http://www.dailymail.co.uk/news/article-5520303/Obama-campai...).

But Facebook is a private company, so they're allowed to do what they want regardless of whatever "policies" they set, so long as they remain within the law. If you don't like it, start your own Facebook!

(Due to Poe's law, I should note that I'm being sarcastic. Funny that this sentiment gets brought up all the time in discussions about YouTube, but not here...)

Just deactivated Facebook, and it's a wonderfully freeing sensation. I can always reactivate it if I really need to reach somebody who's only available on there, but that's unlikely at best.

"The only way to keep them from monetizing you for commercial, social or political reasons is to firewall them off."

I have though of spamming face book with a ton of likes and shares of things I am not actually interested in.

What are peoples opinions of that? It has the obvious problem that my friends might associate me with things I actually dislike.

What’s so wrong with them monetizing you? You are getting some benefit. As long as said monetization is privacy-preserving IMHO it’s ok.

Spamming likes and what not to disrupt your profile might be great for your own privacy but isn’t stopping them from monetizing you at all.

That bit doesn't bother me so much. Its the way the data is used to influence elections and Zuckerbergs attitude that annoy me.

Check out this book:


Full of obfuscation tactics like that.

I've been doing that for a while. Also hiding every single suggested post to the extent that Facebook occasionally blocks me for "abusing" that feature.

I just use mbasic.Facebook.com in the basic netsurf browser. No JS, no other sites. Avoids any possibility of accidentally letting Facebook out of its box.

Privacy Badger is already able to prevent Facebook from tracking you right? And it's doing way more than just that.

Or am I missing something?

Privacy Badger is attempting to prevent Facebook from tracking you by blocking URLs known to load tracking code or pixel trackers etc.

This extension isolates your Facebook login cookies while you're browsing on non-Facebook websites, hence making it harder for those tracking techniques to identify you.

How can you load Facebook login cookies from third party websites? I thought they set a cookie on facebook and used that to track you between sites. Third parties add Facebook scripts to their sites that then read the tracking cookie around the web.

Privacy Badger prevents the cookie being sent back to Facebook from these third party websites.

Competitors (obvious and non-obvious) are going to capitalize on FB's incidents.

Business world is not technical.

I'm glad Mozilla is finally recognising Facebook as an opponent of the open web.

Multi-account containers are great. The only issue I’ve encountered is opening links outside of your container (e.g. a link to a website that you are logged in outside the container will mean you are logged out). Just need to train my muscle memory to “right click > open in container...” rather than just clicking!

This is a good start. It's close to the way I've been (infrequently) using Facebook for the past few years: in a private browsing session through a VPN. It's worth noting that with this extension Facebook still gets your IP address.

This makes it harder for Facebook to track your activity on other websites via third-party cookies.

Why not bundle uBlock Origin into every Firefox install and make it impossible for Facebook to track everyone's activity on other web sites?

With this extension, Facebook still knows that those non-Facebook links were clicked on because of the outgoing redirects they add to all URLs under the guise of 'safety'.

There is something unintentionally hilarious about the title 'Take control of how you are being tracked.'

Edit: ignore the below, I didn't realize the new container had the opposite behavior from other Firefox containers, described here https://addons.mozilla.org/en-US/firefox/addon/multi-account...

This has a real limitation, which is that if you click an external link on your Facebook newsfeed, the new website will also be in the FB container. On the one hand, that keeps your FB-related browsing from "contaminating" your other web cookies. On the other hand, all the websites in that container get to link you to your FB account just like normal.

Doesn't the post explicitly contradict this?

> If you click on a non-Facebook link or navigate to a non-Facebook website in the URL bar, these pages will load outside of the container.

Or am I misunderstanding?

This is great, and will probably save me a lot of time. Currently I use an ubuntu desktop vm (vagrant) that I use for sites like facebook, that I destroy when done and recreate when needed so it's like a brand new clean pc each time.

Nice. Can I have the same one for Google ?

I know about the multi-account container extension.

A google one would be so much easier for setting-up and forget it. The facebook one is really nice because once installed it auto logs out then automatically puts facebook.com into its own container everytime I type the url or visit it (even if the active tab is in another container).

With the multi-account extension I have to actively manage containers which becomes annoying quite fast.

It's a little more setup, but I believe you can accomplish that in Multi-account Container extension by setting "Always open in <container>" for the Google domains.

Thanks ! It seems to do the trick.

This is cute, but does little to address tracking via IP and basic behavioral sniffing. Facebook buys lots of third party datasets, including data from ISPs (actually, it is given to them).

Remember that Mozilla is basically a fiefdom of google - like the recent industry denouncements of fb this is all about opportunism and corporate power struggles with the users still being the commodity traded. Also can someone explain what this container does that disabling third-party cookies doesn't (assuming you don't have other malware like flash installed) ?

Is there any way to make the standalone Messenger open in the FB Container? The way I see it, the two are intrinsically linked since using Messenger requires an FB login.

Edit: After playing around, this also breaks the back button. If anyone from Mozilla is here, I think it would be better if an FB page opened in a new tab while keeping the original open.

Disclosure: I'm the author of the add-on mentioned in the story.

We tried a few different UXs and none of them felt ideal. We have an open issue to add Messenger to the list of FB domains that are contained. https://github.com/mozilla/contain-facebook/issues/45

Great work! I love multi-accounts containers on desktop. Is it coming to the Android browser as well?

I use a separate Chrome profile to isolate Facebook. I'm wondering how Firefox does things differently?

It never occurred to me to try this. Great idea!

This is essentially a light-weight version of that.

Blocking third party cookies goes a long way to achieving the same thing, and also prevents Google and others to track your movements across the web. The occasional site may break if it relies on third party cookies, but this is easy to work around when it happens.

> The next time you navigate to Facebook it will load in a new blue colored browser tab (the “Container”).

Why does not browsers (eh, Firefox) do this by default for every origin? 3rd party cookies would be broken I assume, but overall it would lead to less tracking across origins.

Because that would break many things on the web, in particular the ability to `Like`, to `Log-in with Google`, etc. Also, the definition of 3rd party is sometimes complicated.

But zero people in the history of the web has deliberately “liked” anything while knowing the privacy implications.

Liking and logging in with google should show a similar warning as an untrusted or malicious site and then send the cookies

The Tor Browser does do that by default, by the way.

This is cool, but please make Firefox work like this for every webpage now.

I don’t see a reason to allow any cross domain tracking from any website at all.

Facebook is probably just the most visible offender rather than the worst offender in this regard.

It can basically.

1. Go to Options->Privacy 2. Go to History and change it to use custom settings 3a. You can either disable third-party cookies 3b. Or you could go a bit further and check "Always use private browsing mode"

Another nice thing to have, although Firefox already has extensions like Self-Destructing Cookies or Cookie Auto Delete to remove cookies as soon as the tab is closed. In which case, Facebook should have nothing to look at.

Does this extension work more or less like every URL you would open in a new incognito mode separate window? Or is there some other more sophisticated solution in the background?

It works similarly to Private Browsing Mode - it actually uses the same architecture.

But the Facebook container retains your Facebook cookies (and therefore your login) after restarts.

The amount of effort that goes in to making it 'safer' for people to use ridiculously abusive services like this is ridiculous.

This is the tech world's equivalent of a "how to take a punch" class for victims of domestic violence.

That would make sense if the abuse was between individual actors. Domestic violence victims can, in theory, defend themselves with weapons and legal means. This is (to really stretch the analogy) more "how to hide from drones" for targets of a giant, state-tolerated PMC.

Sorry, but no.

People know that (facebook|their partner) is abusing them (privacy-wise|physically) and they choose to continue the relationship.

That's it. No one chooses a relationship with a drone, and to date Facebook haven't found a way to force people to create accounts and continue to use them, at gun-point.

> People know that (facebook|their partner) is abusing them (privacy-wise|physically) and they choose to continue the relationship.

Really bad comparison there.

Well, I don't mean to compare those two very different situations, but that does happen with victims of domestic violence. Many times they choose to remain in the relationship, and out of fear and desperation, they hope things will change, and they rationalize that whatever is happening is partially their fault or not that serious. And many times that ends with the death of a domestic violence victim.

You're hopelessly naive if you think that doesn't happen all the time with domestic violence. It's the rule, not the exception.

That's my point. Domestic violence shouldn't be equaled with Facebook's abuses. Causes, consequences, objectives and methods of entrapment are too much different.

I have experienced domestic violence first-hand and I cringed when I read the word "choose" when describing the situation.

I chose to stop the relationship. It probably still has all my information in a shadow account, and might be collecting SMS messages I exchange with people who maintain FB accounts. Facebook doesn't have to force people to do anything -- are you going to cut off contact with everyone you suspect might possibly have an account, to prevent them from creating a shadow account on you?

The topic is about a browser extension to block them tracking first party activity. That does literally nothing to solve the scenario you described.

It's also no coincidence that their SMS harvesting shenanigans are only possible on Android, the poster child for "fuck privacy I want free shit from a giant creepy company".

Sure, on some level there should be laws about privacy. But this is fucking America we're talking about - it's practically the third world when it comes to the state of basic protections for citizens.

Facebook tracks people who are not users. That has been a reason for lawsuits. I have taken measures to block Facebook trackers in many sites I visit.

So yes, Facebook (among other agents, like Google) is forcing me to follow a course of action that protects my family and myself from intensive data collection, and that many times breaks my browsing and interferes with my work. Forcing HTTPS, blocking cookies, revoking certificates, etc. and then reverting some special cases or creating exceptions on the fly for specific sites I cannot go without is kind of maddening.

Stalking isn't a relationship, but it does force victims to take action.

If you don't want to run arbitrary 3rd party code on your system, don't run arbitrary 3rd party code on your system.

Great! Everyone chose to run 3rd party code because the services provided by that code bring them value and they have no feasible alternative.

Does that suddenly make it okay to completely ignore ethics?

Well, yeah, because the law does jackshit to protect people.

Too bad the extension doesn't work on mobile - does anyone know if there are any plans to change that?

I'm guessing the Mozilla Foundation just lost all it's funding from Facebook.

They don't get any funding from Facebook, as far as I know. In the US, it's almost entirely from Google (source: I'm an ex employee)

Furthermore I am sure the extension came from the Mozilla Corporation side and not the Foundation side. Based on the last audit (2016-2015) if I read it correctly 52K was brought in through "receivables" which includes search engine deal revenues

Best solution = deactivate and delete your Facebook account.

No, because you are still tracked via Like and Share buttons and all of that goes in your shadow profile. Best solution = block all of Facebooks IPs via hosts file or a plugin like uBlock Origin

I guess it doesn't stop info trading behind the scenes.

No, obviously it can't. But, that's what "DNT" (Do Not Track) header was supposed to fix, but there is no incentive for companies to adhere to it, except good-will.

That's a much more manual and difficult B2B contractual process. A completely different level than automated data sharing via tightly integrated plugins.

I took control by never signing on to Facebook.

this is really good...timely release.

PSA: Safari does this by default.

Do you have a link with more information about Safari's approach?

Disclosure: I'm the author of the add-on mentioned in the story.

I'm also interested in this claim. If you're referring to Intelligent Tracking Prevention, I don't think it does this.

The ultimate aim is the same.

The aim is the same, but ITP only strips cookies after a 24-hour period when you HAVE NOT visited the site.

So ITP does nothing to protect a user who visits facebook.com every day. Which is most of Facebook's user-base.

This for every site by default!

This article disappoints me because Mozilla seems to be spinning the current facebook disdain to sell their offerings rather than providing clarity/solutions on this issue.

I didn't realize that Mozilla started charging people for Firefox.

I like this a lot, but I won’t use it because I resent the need to contain different personas online. Too much work.

This literally does all of the work for you. You just click "install" and then you don't need to worry about 'containing different personas online' at all. It's ridiculously easy.

I don't worry about containing different personas online because I have only one social media account (HN). Therefore, only one persona. That + ublock origin is sufficient for me.

but youre still sniffing my DNS traffic in the nightlies right?


"Still"? That one-week experiment with Firefox Nightly user was proposed but not started at this time, as user feedback is being considered.

1. Chrome uses Google DNS for ALL users, and doesn't delete the records after 24 hours.

2. The study is optional.

3. DNS over HTTPS is a net benefit to privacy.

Practically irrelevant to the above article, but for those still coming across this: view the top comments at [0] to see why it's not that big a deal.

[0] https://news.ycombinator.com/item?id=16653889

Since you asked: No.

Remember that Mozilla is basically a google fiefdom and like the industry "denouncements" of fb this is all about opportunism, corporate power struggles with the users still the commodity being traded. Also can someone explain what this container does that disabling third-party cookies doesn't ? (assuming you don't have other malware like flash installed)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact