Hacker News new | past | comments | ask | show | jobs | submit login

What if the box is empty? JS is allowed. (Edit: I guess the culprit is "third party cookies blocked by default")

So wouldn't a better test be about a third party that was used in a first party context before? Since FPI goes beyond third party cookies.




Thanks for diagnosing that for me, you're right blocking third party cookies does cause it to fail.

Both tests are equally valid. I just gave one because trying to be exhaustive about testing it would be mind-numbing. The test I provded only does localstorage, but FPI also isolates DNS cache, H2, image cache, favicons, cookies, localstorage, indexdb, etc etc

You can do yours by visiting https://anonymity.is/misc/ff/fpi-iframe.html first; then visit the ritter.vg and rittervg.com links.


Thanks for the clarification.

What surprises me the most is that not only Firefox but also my Safari Browser passes all those tests when ITP is enabled.


Safari by default has a stricter storage access policy by default for all third-party domains, which requires you to visit the domain as a first party first. So it's probably that rather than ITP.


I have a general question if you don't mind. I use Firefox Beta. Why is Firefox going the route of a manual blacklist (disconnect) instead of working on some kind of programmatic machine-learning/somewhat intelligent third-party storage blocking by default that doesn't discriminate known against unnkwon trackers?




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: