Hacker News new | past | comments | ask | show | jobs | submit login
Firefox private mode blocked by T-Mobile (t-mobile.com)
157 points by katam on Oct 20, 2022 | hide | past | favorite | 55 comments



So many companies make stupid, gratuitous changes that break perfectly acceptable browsers. For what? They're not making browsing any faster - no, instead, they're adding things that make the newest, fastest computers we can buy take a long, jerky pause when we click on something, or try to scroll too soon...

I think it's time to call out shitty web developers who are probably contributing to this because they want job security. The web doesn't need generation after generation of significantly different browsers every few years, nor do we need web sites that very literally take more RAM and more CPU resources than entire OSes.

It's all bullshit, and there's never a good reason for any web site to take hundreds of megabytes of memory and take seconds to do things on a machine that can do tens of billions of instructions per second.


I feel just as disgusted by stuff like this, but more at the industry incentives than developers as people.

There is a type of developer that adds more technical garbage to the pile, but their ranks grow when their peers see they are rewarded for that behavior.

It is the game that is messed up, many are just playing by the rules to 'win'.


I feel like this kind of thing happens as SWEs became commodified. Just imagine if we were still a tight knit community of people in basements, we could simply work our way through the social network and yell at whoever made such bad choices.


It's wild how they offer zero justification for this.

They know it's wrong. They removed the discussion about this on their own board: https://community.t-mobile.com/accounts-services-4/firefox-i...

Apparently there's an extension called 'Hide Private Mode' which gets around this. Browsing in containers also reportedly works. But these workarounds shouldn't be necessary. This is creepy behavior.



i checked the link and it said "enable" meaning i had installed it sometime ago and disabled it and i don't remember doing either. strange


If you were trying to get something done you probably just didn't pay enough attention to what you were doing, and you forgot about it. It could have been years ago. I don't think it's all that strange: can you remember everything you ate in April?


Their site has been annoying to use for a while now, and its slowly getting worse. I think it was last year when I found myself unable to pay bills with Firefox since it blocks certain cookies by default (and, really, I make those settings even more restrictive). So I have to manually allow everything, pay my bill, then restrict it all again.

More and more sites are breaking when certain privacy measures are used. A few months ago I started having similar issues with local water utility. Always could pay my bill just fine, then it became more restrictive.

Of all the things to make difficult, you'd think payment would be the one aspect they'd want to work smoothly.


Coles supermarket in Australia has a site that just fails to load when connected via a vpn. And it’s not even a “access denied” it’s the JavaScript cbn rejecting requests so the site loads broken.


Remember that this is the same company that did this: https://archive.ph/DSL4x


T-Mobile USA should have different leadership than Deutsch Telekom:

https://en.wikipedia.org/wiki/T-Mobile

Although, Deutsche almost has majority ownership of T-Mobile USA, and is trying to get it:

https://www.reuters.com/business/media-telecom/deutsche-tele...


Please tell me, that this tweet is a joke or a fake.


In the archive link, I could not see the original response from TMobile 'Andrea'.

On twitter, they deleted their response https://twitter.com/c_pellegrino/status/981596868709961728

But you can see it here : https://archive.ph/O7K0s


wow. mind=blown


All the money: “What if this doesn't happen because our security is amazingly good? ^Käthe”


Reading the thread; I have to assume whatever rep was in charge of that twitter account had ~no idea what they were talking about. It's just too oblivious to the base concepts involved.


Fuck T-mobile. I have stopped using plenty of sites that break under certain conditions, such as private mode or when blocking third party cookies. I guess it's a little more difficult to not use the T-mobile website if you're one of their customers though.


I'm a t-mobile customer and their website sucks, even when it works. On the plus side, I only rarely need to use it. Only when I need to adjust the auto pay, or if I need to fiddle with the plan if I go over the data allowance.


Good reason to stop being their customer, I guess.


They probably won't fix their development habits until a bunch of their revenue walks out the door.


The title needs to be clarified: It makes it seem like if you use T-Mobile on your phone you can't use private mode.

Logging in to T-Mobile itself is what is blocked.

I suggest: Logging in to T-Mobile is blocked in Firefox private mode.

Flagged to call moderator attention (does that actually work that way?)


No, please mail hn@ycombinator.com instead.


You are right, I should have mentioned they only block login for more context. I found it interesting that they would block Firefox, but allow Chrome's incognito. Well looks like I can't edit the title now.


Bug name: Site breaks a little in private mode Solution: Block firefox private mode

Sometimes complaining makes things worse


I don't understand why a browser would report that it's in private mode to a website, what purpose could that serve?


It doesn’t. There are just ways to tell because private mode restricts certain APIs, so you can check against limits.


Instead of restricting access to APIs, "private modes" should just return junk data. This should be on the browser to fix. I would love it if my browser would return random numbers for things that web sites have no business querying, like my screen size or the number of cores in my cpu.


The rabbit hole goes down a long way. You end up with things like timing api calls and if it’s too fast you know it must be junk from the private mode fake api.


You could also just do the actual query then return garbage.


Sure, but browsers are complex enough that it becomes an endless cat and mouse game where adversaries are able to find an endless list of things to differentiate private browsing with. The browser makers have been tightening things up but the people making these scripts have a long list of tricks in their backlog so they just roll the next one out immediately.


Banks should do the same. ATM wants to know how much money I have? $17!


I have no idea what you're trying to say here. T-mobile wanting to know how many cores my cpu has is equivalent to my bank telling me how much money I have?


No, I sincerely think that I should have a setting to to tell my bank to lie to ATMs, especially useful for those that print out receipts automatically.


OK, so the next step is to spoof those APIs. That's to say the browser should report itself as something 'respectable' and not restrict said APIs but to send back garbage.

This is getting beyond a joke. Governments should demand common carriers be just that—license to operate dictates no interference with the data-stream and no monitoring of users' habits.

Why the hell is it so difficult for governments to legislate these requirements?


>license to operate dictates no interference with the data-stream and no monitoring of users' habits.

I agree, but in this case, it's T-Mobile's website, rather than their service.


I think the developers at T-Mobile are equally pissed off about this. But with Firefox market share sitting at 3.5% in the US, it no longer makes business sense to spend the extra money required to make their site work in what is now a niche browser.

It's Google's world, we're just living in it.


I get that this is a short move but what about using Firefox containers + cookie auto-delete? You can put T-Mobile into a container all by itself, and automatically nuke cookies. Is there anything else that Private Mode gives you?


I have Firefox Containers, cookie auto-delete, ublock origin, privacy badger.

The site is unavailable to me even in a regular Firefox window. I am guessing it's the tracker blocking or maybe I have some config settings that is doing this.


that's a very good question. the one thing that private mode adds is not contaminating your own history. there is a nice extension for temporary containers that can create new containers on demand and will automatically delete them if they are not used for a while. i don't know if firefox is working on per-container history, but i think, in combination with that extension that would be a useful alternative to private mode


By any chance, do you mean that containers work on the phone version of FF? Last time I tried, there were problems with the addons menu UI.


What exactly in private mode is a problem for T-Mobile?


I am guessing Local Storage or something like that. That mode just breaks bunch of APIs to work, it is not as simple as "just delete all cookies on start and after tab is closed"


Why is it any different than cookies and firefox does not suply a fresh local storage to websites?


I'd like to know this, too -- how can a website even know if my browser is in private mode?


depending on which browser you are using there are slight changes to the api's accessable to web sites depending if you are in private mode or not. For example, in firefox private mode service workers are not avalable so a simple check to see if navigator.serviceWorker is undefined is all you need. Other browsers have other tells such as what types of storage are avilable, the size of storage (if avalable).


I have service workers disabled in my main firefox profile and haven't noticed any websites breaking because of it.


Its not the only signal, was just the first one that jumped to mind.

EDIT: Looks like tmobile are checking indexedDB to check if firefox is in private mode or not.


Firefox gradually adds protections against fingerprinting methods that aren't just cookies. Of course, sometimes this means stepping on borderline cases of legitimate API usage. Also these protections are added for the private mode first.


The T-Mobile account management website is absolute trash. I was just blowing my stack about this affront to all things decent the other day. Why does showing me my bill and letting me update my account details require so much garbage JavaScript all over the place? I'm not running a command center that needs up-to-the-second "dynamic" billing info, I'm just a simple plebe who wanted to update his billing info. So just render the stupid page server side and let me get to it. But no, instead I have to sit around watching 4 different spinners "load" the "frontend" components of this bloated, over-engineered pile of steaming crap.


This has to be wrong. What is the advantage of blocking firefox private mode and not blocking vivaldi/opera/brave/safari/chrome icongnito modes?


The site, last time I checked, doesn't work when you try to login, even outside of private browsing. It just constantly tries to load. My bill is on auto pay so I haven't had to bother in a year but remember having to open Chrome when I was changing credit cards.


I had to resort to logging in via my phone browser the other day. Got endless spinning on desktop, on both Firefox and Chrome. Absolute trash of a website.


That's what you get for signing with a company, whose largest shareholder is a german effed up overpriced s*thole company.

Great service but at awful prices.

Censorship and more is coming your way.

Telekom Germany is also part of CUII. Check online and don't help them, if possible. Switch to 1.1.1. (and 1.0.0.1)


But the site seems to work fine, what's going on?


Thankfully I'm 90% sure this crap would never fly in the EU due to the reasonable risk of it being interpreted as a violation of GDPR




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: