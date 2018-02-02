Firefox 59 Will Stop Websites Snooping on Where You've Just Been (zdnet.com) 79
Firefox 59 will reduce how much information websites pass on about visitors in an attempt to improve privacy for users of its private browsing mode. From a report: When you click a link in your browser to navigate to a new site, the site you go on to visit receives the address of the site you came from, via the so-called "referrer value." While this helps websites understand where visitors are coming from, it can also leak data about the individual browsing, because it tells the site the exact page you were looking at when you clicked the link, said Mozilla. Browsers also send a referrer value when requesting other details like ads, or other social media snippets integrated in a modern website, which means these embedded content features also know exactly what page you're visiting.
Finally (Score:1)
This privacy issue has been known for as long as browsers have been around. Nevertheless, this is good news.
Re: (Score:3)
Every time I look at a post like this, I wonder when Slashdot will get with the times and support unicode?
Re: (Score:2)
Probably once you and the rest of the user base have flocked to SoylentNews, which forked the Slash software and added proper Unicode support.
Re: (Score:1)
I'm glad they haven't. There's very little real use for it, and those messed-up comments give useful information for judging clueless commenters.
Re: (Score:2)
Probably when it becomes a standard. I mean, any legitimate tech site would wait until that point, and then roll the change into their development cycle for the next release.
Firefox's other privacy problems need to be fixed. (Score:1)
Unlike many people, I've actually read Firefox's privacy policy [mozilla.org].
It turns out that Firefox's privacy policy is quite disturbing, especially when considering how often we're told that Firefox supposedly "cares" about our privacy.
The Firefox privacy policy dated September 28, 2017 makes it clear that Firefox user data can be collected by Firefox and can be sent to various third parties, including Google, some "Adjust" company, some "Leanplum" company, and SalesForce.
For example, there are very worrying section
Keep them from removing your pet CSS or JS feature (Score:2)
Without telemetry, how do you expect a browser developer to assess use coverage of the browser's code? Without coverage, browser developers have no way to know which bugs to prioritize fixing and no way to know which web standards are used in websites. Without information about feature use, browser developers might assume CSS and JavaScript features used in your site are "not widely adopted on the web" and begin the process of removing them from the web standards.
Features used only while logged in (Score:2)
Browser vendors can comb the top 10000 websites of the world easily enough and see what features are being used the most.
That won't work for features used more often in the long tail below the top 10000 or behind the login page of the top 10000. This might be the case, for example, for the Encrypted Media Extensions used to enforce audio and video rental terms.
Re: (Score:2)
When many, many, many Firefox users keep on reporting again and again and again that Firefox suffers from severe performance and memory usage problems, do you know what the Firefox developers should do? Focus on the performance and memory usage problems that the users are talking about!
When many, many, many Firefox users keep on saying that they don't want their XUL extensions to break, do you know what the Firefox developers should do? Focus on not breaking browser functionality that Firefox users deem to be essential!
What if the memory usage problems are from having XUL extensions?
Re: (Score:2)
Which provider other than Google would you recommend that Firefox instead use when the user chooses to query the safety reputation of a particular website or downloaded file? Or how do you find why do you find offering the choice to query the safety reputation of a particular website or downloaded file inherently harmful?
Which provider other than Google would you recommend that Firefox instead use when the user chooses to reveal the user's location to a site? Or why do you find offering the choice to reveal
Re:Don't break the referrer (Score:5, Informative)
If you RTFA (I know, I know; I must be new around here), you'll see this is only for Private Mode, and leaves the domain portion intact. You can still see if they loaded from your domain.
Referrer Header (Score:2)
Re: (Score:2)
Re: (Score:1)
Why wouldn't this be the default?
Same site allow referrer. Anything else completely block it.
Re: (Score:2)
You'll break sites that only show you the full content when coming from Google but throw up an interterrestrial when direct linking if you do that, setting referrer to be only domain if doing cross-site is probably the best option.
Re: (Score:2)
...You'll break sites that only show you the full content when coming from Google but throw up an interterrestrial when direct linking if you do that...
Which is why I use the Toggle-Proxy add-in (one of the extensions that stopped working in Firefox and one of the reasons why I moved to Waterfox). If I see the very infrequent site that offers the interstitial as you say, I just turn off the proxy and go direct. But it is my choice when I want to do that.
Pangalactic! (Score:2)
Re: (Score:1)
if youre checkin http_referrer for valid requests, youre doing it wrong anyway. referrer can be faked easily therefore absolutely not reliable.
Re: (Score:2)
Then what image should a document on one site use to represent the document on another site to which it is linking?
Don't break og:image thumbnails either (Score:2)
If you deny hotlinking, and a user of another website supporting Open Graph protocol links to a document on your site, then the link will look unusually plain because the site won't be able to display the thumbnail declared in og:image [ogp.me]. What mechanism have you put in place to allow hotlinking only in the context of thumbnails intended to attract visits to documents on your site, such as og:image, and deny it otherwise? Or do you just opt out of offering thumbnails for other authors to use when citing your
Re: (Score:2)
Change doesn't stop snooping of where you've been (Score:5, Informative)
To prevent this type of data leakage, from Firefox 59, the private browsing option will remove path information from referrer values sent to third parties, effectively stripping out additional data and only leaving the web domain.
Re:Change doesn't stop snooping of where you've be (Score:4, Interesting)
Meh, in private browsing mode they really should kill the referrer from any top level page. If it's an <img>, <iframe> or <video> tag it's cool... but if I go from foo.com to bar.com via an <a href> it shouldn't secretly tell bar.com I came from foo.com. Transparency in what information you're exposing is essential to security and most people aren't aware it's happening.
Re: (Score:2)
To prevent this type of data leakage, from Firefox 59, the private browsing option will remove path information from referrer values sent to third parties, effectively stripping out additional data and only leaving the web domain.
Hopefully this is just the first step toward a proper solution. Step 2 is to apply the same policy for intra-site links, to prevent sites from filtering on the exact page address. Step 3 is to always send the requested resource's domain, regardless of the source.
Ruining my fun.. (Score:4, Funny)
Re:Ruining my fun.. (Score:5, Informative)
Unless Pornhub links to the Christian Coalition, the referrer field will be blank. The "referer" field only gets set when you click on a link. Just typing in the new address on the address bar doesn't do it.
Re: (Score:3)
So you just drop a link to christian coalition in a pronhub comment and click it from there, problem solved =)
Re: (Score:2)
Re: (Score:2)
Yeah... not really a problem on any site that allows user comments with links though. In fact this traffic would be more confusing, like okay I'm seeing a lot of traffic from reddit but what sub-board has linked me now or what celeb linked me on Facebook or what video is going viral on YouTube. Then again you'll probably see a substantial amount of any traffic in non-private mode, so not really a big deal I guess.
Will it stop taking ALL the memory? (Score:1)
With the various updates over the past few months, now instead of one process in task manager eating ~1.5 GB of RAM, now I generally have ~5 processes eating up ~3 GB.
Re: (Score:3)
I have 184 tabs open at the moment and my Firefox processes are using a total of ~900MB of RAM, what are you doing to get it to 15GB?!?
If you're thrashing swap, say so (Score:2)
To counter "unused RAM is wasted RAM", make your complaints explicitly about the user-observable symptom: "Firefox causes my computer to thrash swap when I do X, Y, and Z." If you have made a report that explicitly mentioned page file usage, what was the reply?
Re: (Score:2)
Processes listed by name showing all FF processes, tabcount addon showing tab count, not sure what more you want...
https://photos.app.goo.gl/MWnO... [app.goo.gl]
https://photos.app.goo.gl/XjFr... [app.goo.gl]
Re: (Score:1)
1.5, not 15, and that was before, now it is usually twice that. Currently there are 6 Firefox processes running, using 695, 380, 354, 335, 305, and 201 MB respectively (so ONLY ~2.3GB now), after restarting about an hour ago. I have 4 windows open with probably 70 tabs spread across them, which I admit is a lot, but this is what I have always done. The vast majority of those tabs are not even loaded, because I haven't looked at them since the last time I had to kill the processes to get it working again.
Re: (Score:1)
Forgot to mention, FF 58.0.1 (64 Bit)
Re: (Score:2)
Thought experiment: restart your browser with extensions disabled and compare usage.
I am using ublock origin after reading somewhere that adblock plus was a performance hog.
"so called"? (Score:2)
When you click a link in your browser to navigate to a new site, the site you go on to visit receives the address of the site you came from, via the so-called "referrer value."
This is how the web has always worked and it's a public specification. There's nothing so called or nefarious here.
Re: (Score:1)
Re: (Score:2)
Let me know when key binding support for new-style addons [mozilla.org] is fixed.
Give the middle finger to google (Score:1)
Google itself removes the referer (an url with a query) when I use open source statistics software like Piwik, for "privacy reasons", except they do show what people searched for on their own analytics services, so in reality it was just to give the middle finger to competition, using the near monopoly of the search engine. So I'd like Firefox to return the favor and not hand the complete referer to any 3rd parties loaded on websites. Just do this in the header to Google:
Referer: -_-*,,|,
Using Matomo/Piwik? Try Search Console and HTTPS (Score:2)
Glad to see someone else using Matomo (formerly Piwik) instead of third-party analytics.
Seeing as you've shown interest in helping viewers find documents on your site, have you tried signing up for the major web search engines' webmaster tools, such as Google Search Console? I was under the impression that these tools offered search queries even without having to install a search engine's analytics script on your site. (Source: "What is Search Console?" [google.com]; "Help Center - Bing Webmaster Tools" [bing.com])
Another tip: Doe
What took them so long? (Score:2)
When? (Score:2)
TFS, TFA don't say.
New Tab ? (Score:1)