• ngwoo@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      4 months ago

      Advertisers track you with device fingerprinting and behaviour profiling now. Firefox doesn’t do much to obscure the more advanced methods of tracking.

        • hoot@lemmy.ca
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          Lots do. But do you know anyone that turns JS off anymore? Platforms don’t care if they miss the odd user for this - because almost no one will be missed.

      • KairuByte@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        Honestly would be hard to do. There a perfectly legitimate and everyday uses for pretty much everything used in fingerprinting. Taking them away or obscuring them in one way or another would break so much.

        • Justin@lemmy.jlh.name
          link
          fedilink
          English
          arrow-up
          0
          ·
          4 months ago

          Librewolf has Resist Fingerprinting which comes pretty far.

          Every Librewolf browser uses the same windows user agent, etc. But there are downsides, like time zones don’t work, and sites don’t use dark mode by default.

          And even then, EFF’s Cover Your Tracks site can still uniquely identify me, mainly through window size. That’s one of the reasons why Tor Browser uses letterboxing to make the window size consistent.

          • mitrosus@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            0
            ·
            4 months ago

            I don’t know what letterboxing is. But if window size is used to identify me, can’t it be circumvented simply by using the window in restored size, and not maximised?

            • Venia Silente@lemm.ee
              link
              fedilink
              English
              arrow-up
              1
              ·
              4 months ago

              Your restored window size is even more unique than your maximised window size!

              The correct solution is to just not make the window size available to JS or to remotes at all. There’s no reason to ever need specifics on window size other than CSS media-queries, and those can be done via profiles.

  • ArchRecord@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    ·
    4 months ago

    For those who don’t care to read the full article:

    This basically just confines any cookies generated on a page, to just that page.

    So, instead of a cookie from, say, Facebook, being stored on site A, then requested for tracking purposes on site B, each individual site would be sent its own separate Facebook cookie, that only gets used on that site, preventing it from tracking you anywhere outside of the specific site you got it from in the first place.

    • peopleproblems@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      4 months ago

      Hahahahaha so it doesn’t break anything that still relies on cookies, but neuters the ability to share them.

      That’s awesome

      • ripcord@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        4 months ago

        Honestly, I thought that’s how it already worked.

        Edit: I think what I’m remembering is that you can define the cookies by site/domain, and restrict to just those. And normally would, for security reasons.

        But some asshole sites like Facebook are cookies that are world-readable for tracking, and this breaks that.

        Someone correct me if I got it wrong.

        • Telorand@reddthat.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          They’ve been doing this with container tabs, so this must be the successor to that idea (I’m going to assume they’ll still have container tabs).

  • foremanguy@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    Maybe they should try to develop the uBlock Origin extension with the dev to make it last more.

  • intensely_human@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    Aren’t cookies already limited to the site at which they were created??

    What the fuck? You mean to tell me sites have been sharing cookies?

    I thought all browsers only delivered cookies back to the same site.

    • Dave@lemmy.nz
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      The problem is that a website is generally not served from one domain.

      Put a Facebook like button on your website, it’s loaded directly from Facebook servers. Now they can put a cookie on your computer with an identifier.

      Now every site you visit with a Facebook like button, they know it was you. They can watch you as you move around the web.

      Google does this at a larger scale. Every site with Google ads on it. Every site using Google analytics. Every site that embeds a Google map. They can stick a cookie in and know you were there.

        • Dave@lemmy.nz
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          It doesn’t have to be. Your browser sends the cookies for a domain with every request to that domain. So you have a website example.com, that embeds a Facebook like button from Facebook.com.

          When your browser downloads the page, it requests the different pieces of the page. It requests the main page from example.com, your browser sends any example.com cookies with the request.

          Your browser needs the javascript, it sends the cookie in the request to get the JavaScript file. It needs the like button, it sends a request off to Facebook.com and sends the Facebook.com cookies with it.

          Note that the request to example.com doesn’t send the cookies for Facebook.com, and the request to Facebook.com doesn’t send the cookie for example.com to Facebook. However, it does tell Facebook.com that the request for the like button came from example.com.

          Facebook puts an identifier in the cookie, and any request to Facebook sends that cookie and the site it was loaded on.

          So you log in to Facebook, it puts an identifier in your cookies. Now whenever you go to other sites with a Facebook like button (or the Facebook analytics stuff), Facebook links that with your profile.

          Not logged in? Facebook sets an identifier to track you anyway, and links it up when you make an account or log in.

        • Dave@lemmy.nz
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          Yes, it’s the reason for the tracking. To sell more targeted ads.

          If you’re up for reading some shennanigans, check out the book Mindf*ck. It’s about the Cambridge Analytica scandal, written by a whistleblower, and details election manipulation using data collected from Facebook and other public or purchased data.

      • sandbox@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        The moment that Firefox goes too far, it’ll immediately be forked and 75% of the user base would leave within a few months. Their user base is almost entirely privacy-conscious, technologically savvy people.

        • morriscox@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          arrow-down
          1
          ·
          4 months ago

          Firefox did an add-on genocide years ago and it obviously didn’t hurt them in the long run.