Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Firefox Facebook Privacy The Internet

Firefox 74 Slams Facebook In Solitary Confinement: Browser Add-On Stops Social Network Stalking Users Across the Web (theregister.co.uk) 49

Tim Anderson reporting via The Register: The first thing users will see after updating to Mozilla's latest browser, Firefox 74, is a prompt to install the Facebook Container add-on. The Facebook Container add-on is not new, but has been enhanced in its latest version, 2.1.0, with the ability to add custom sites to the container so that you can "login with Facebook wherever you need to." The purpose of the Facebook Container is to let you continue to use Facebook but without having the social network site track your browsing elsewhere. "Installing this extension closes your Facebook tabs, deletes your Facebook cookies, and logs you out of Facebook," say the docs.

When you visit Facebook and log in, the cookies it plants are isolated to the container. This prevents Facebook Like buttons and embedded comments from working on other sites. There is also an issue with sites that require or offer a Facebook login, which you can now overcome by adding those sites to the container. Sites are added by clicking a fence icon and selecting "Allow site in Facebook container." The effect is like having two web browsers, one in which you are logged into Facebook and subject to potential tracking on any site which has Facebook content, and another where Facebook has no knowledge of you.

This discussion has been archived. No new comments can be posted.

Firefox 74 Slams Facebook In Solitary Confinement: Browser Add-On Stops Social Network Stalking Users Across the Web

Comments Filter:
  • Great but... (Score:4, Insightful)

    by Anonymous Coward on Thursday March 12, 2020 @05:13PM (#59823974)

    Why just Facebook? Google is just as bad, are Mozilla still taking money from Google or something?

    • Re: (Score:2, Informative)

      by Anonymous Coward

      are Mozilla still taking money from Google or something?

      Only $300 Million a year.

      • by Anonymous Coward

        This is why I can't take Mozilla's recent enlightenment seriously, they started off pretending to care about privacy but then we saw them side with the ad industry on things like do not track, DRM and such.

        So why would I trust them a second time when they're still almost entirely funded by the ad industry?

        Until they stop accepting ad industry money they shouldn't be touched with a barge pole.

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      The purpose of the Facebook Container is to let you continue to use Facebook

      There's your problem.

      If you are using Facebook then there's nothing to see here and you can move along, because you are an ignorant fuck who doesn't give two shits about privacy.

      • Re: (Score:3, Insightful)

        by Nexx ( 75873 )
        It's not just users of Facebook. They also collect shadow profiles of you based on various things, which you cannot prevent. Better to have a FB account that's connected but unused than for them to create a shadow profile. Better yet, install this and make their profiling useless.
        • by Zocalo ( 252965 )
          Not so sure on that. Yes, this will put a logged-in FB session into a container, but without additional controls like Privacy Badger, etc. isn't going to do anything about all the other tracking FB does on the web. Basically, your're going to end up with a FB profile for the container and any other logged in tabs (even if you don't use them or give them any data) *and* a Shadow Profile for everything else. Sooner or later - assuming they haven't figured out how to do so already - FB will make a connectio
          • If they are doing it right, it's more likely that you end up with Facebook having a profile of all the sites you use Facebook to log into, and a shadow profile for /each/ of the websites you don't use, rather than one shadow profile for all of them. That said, they may not have done it that way, and using another tool to hamper Facebook is going to be still useful, but even without it's just individual website analytics, which is less useful than browsing analytics.

            Of course, then there is an arms race, whe

          • but without additional controls like Privacy Badger, etc. isn't going to do anything about all the other tracking FB does on the web.

            You didn't even need to read the article, the summary explains that:

            the cookies it plants are isolated to the container. This prevents Facebook Like buttons and embedded comments from working on other sites. There is also an issue with sites that require or offer a Facebook login, which you can now overcome by adding those sites to the container. Sites are added by clicking a fence icon and selecting "Allow site in Facebook container." The effect is like having two web browsers, one in which you are logged into Facebook and subject to potential tracking on any site which has Facebook content, and another where Facebook has no knowledge of you.

      • I agree 100%. It's as secure as a wet paper bag.
      • The problem here is what if your *employer* requires you to use FB?

          I know, get a new job. Easier said than done.

    • Its been available for ages in their Containers system, but now they're making a bit of a marteting fuss over this and wrapping it up in a more obvious extension.

      https://blog.mozilla.org/tanvi... [mozilla.org]

  • The mental image of Zuckerberg being sent to The SHU made me smile.
  • by bobstreo ( 1320787 ) on Thursday March 12, 2020 @05:46PM (#59824118)

    I got 74 a couple days ago. I did actually gaze at the "New Features" from the release notes.

    https://www.mozilla.org/en-US/... [mozilla.org]

    Here is one new feature that may bork things up a bit for some sites:

    "We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page."

    • The insecurity of 1.0 and 1.1 have been well-known for ages now. Any company whose engineering team have been asleep at the wheel that whole time, is probably one to which you ought not to entrust your data anyway. Hell, my own employer is 1.2-only at the server side.

      • What? Your employer hasn't switched to 1.3 yet? Get with the times! How can anyone trust you?

      • by Bite The Pillow ( 3087109 ) on Thursday March 12, 2020 @10:38PM (#59824932)

        Sure, but think of all the users who don't know what TLS is. The message says to contact the site administrator, but that is on the website, which is not accessible. I expect many users to abandon a browser that "doesn't work" with their chosen website.

        A more elegant solution is needed.

        • We can't make the users any smarter.
          • Has anyone tried selective culling of the stupid - or at least forcible sterilisation (along with any offspring)? It is the most effective known way of breeding a desired character into a population that doesn't involve difficult multiple-locus gene editing.
        • by AmiMoJo ( 196126 )

          96% of web sites support TLS 1.2, so about 4% will break.

          Source: https://www.ssllabs.com/ssl-pu... [ssllabs.com]

          To me that says that 4% of web sites are still broken years after we knew TSL 1.1 was no good and TSL 1.2 became available, and they will probably never fix their shit unless forced to.

          It's not just those sites at risk though. TLS downgrade attacks are possible and as long as the browser is accepting insecure versions the user is vulnerable to them.

          • To be fair to context less statistics, 96% of websites support TLS 1.2, but I'd wager a good 50% of websites get zero traffic and have fallen into obscurity. 4% of website may be using old broken ciphers, but that doesn't mean people will find 4% of websites broken. I'll wager that people actually find 0% of websites broken.

    • by AHuxley ( 892839 )
      Yes its powerful and fun with a nice GUI.
      Set "Strict" in "Privacy and Security" in FF 75.
      Click on the Protections list for a website and read all about the tracking content, fingerprints, social media trackers... if used.
    • You can turn that back on easily enough. All they did was change the defaults for the min/max TLS version and add a new "harrass me" page setting. The changes had no effect if you had already set those options to a specific value rather than being "default".

    • I got the error the other day after accessing a site (corporate internal) only supporting an old version of TLS. It gave the option to continue anyway.
  • Am I safe?? o_O

  • Bogus (Score:4, Insightful)

    by Retired ICS ( 6159680 ) on Thursday March 12, 2020 @06:28PM (#59824244)

    Have Firefox 74.
    Have no prompt/popup/whatever about no Facebook Container.

    Clearly this article is wrong.

    Or do I just have too much security and the attacks are being repelled?

    • by Sebby ( 238625 )

      Have Firefox 74. Have no prompt/popup/whatever about no Facebook Container.

      I upgraded yesterday - I vaguely remember seeing something about 'Facebook' in one of the tabs I had open, but since I'm always "fuck that FB shit" whenever I see reference(s) to it, I didn't pay any attention to what I saw.

      I think what ended up happening in my case is that on relaunch after the updating, FF simply reopened all my existing tabs, and I just happened to quickly notice the one about FB container it probably added while I was cleaning them up (probably thinking it was spam add from a site).

      • It did not add any "Facebook Container" add-in either. If it did, I would have noticed and removed it as "unauthorized malware".

        If by "prompt" they mean "silly clickable crap" on the useless "Welcome to Firefox" tab/page of useless shit that I always just close without even bothering to look at (since it is completely useless and information free). The only way to see what unauthorized changes / useless additions Mozilla made with each update is by scanning the configuration for changes.

        There are no usefu

        • by AmiMoJo ( 196126 )

          The release notes are here: https://www.mozilla.org/en-US/... [mozilla.org]

          No advertising. They contain a link to the Facebook Container page: https://addons.mozilla.org/en-... [mozilla.org]

          As you can see it's a normal add-on. All it does is prompt you to install it after updating. There is a giant box in the middle of the screen that tells you about it in very simple, clear language but apparently you ignored it because despite not looking at it you somehow determined that it was "completely useless and information free".

          The fact tha

          • You are full of crap. There was no "giant box in the middle of the screen". I do not click things without reading them first, just as I do not sign things without reading them first. So if there was "a giant box in the middle of the screen" and you have to click something to make it go away, then I would have read it.

            Since that was not the case, I can only surmize that your "giant box in the middle of the screen" only appeared on YOUR computer, but not mine, probably because I have some sort of security

            • by AmiMoJo ( 196126 )

              Here's a screenshot of the giant box in the middle of the screen that I just made for you: https://imgur.com/bRZCwm7 [imgur.com]

              It's impossible for any normal person to miss. The tab auto-opens when you update to V74. I'm not sure if it's even possible to stop it happening, maybe there is an obscure about:config option but why would you enable it? All it's done is confuse you.

      • by rtb61 ( 674572 )

        Well just click through the links in the story to get you to here https://addons.mozilla.org/en-... [mozilla.org] and install away. I did and I dropped facebook something over a decade ago, it was pretty easy to tell back then how bad they would get and so dropped in and you could not check with a log in to make sure it was dead, else it would be reactivated (instead of just pretend deleted). I still installed the addon because Facebook would still be tracking me and compiling data by what ever means they can, it is who

    • by ftobin ( 48814 )

      I did notice that the extension isn't available for Android (though a similar one is). It's possible your platform isn't supported.

    • Comment removed based on user account deletion
    • I don't think it was a pop-up. I think it was a frame on their "what's new?" tab that almost everyone (myself included) closes immediately upon upgrading.
    • Have Firefox 74.
      Have no prompt/popup/whatever about no Facebook Container.

      I now have Firefox 74. The reason I know I have it is because when I opened the browser it told me, and front and centre of the page that told me about the upgrade was a prompt to enable the Facebook Container.

      Maybe you missed the upgrade tab and closed it like so many people (myself included) do.

  • #deletefacebook (twitter, too, despite the apparent reference)
  • Ironically I was already using the addon. I have used FB container for about a month and am happy to report it works as described.
  • When I read the post here I was reminded that I downloaded the version yesterday and thought that I could try out now. I have to note 2 things before reporting: 1. I use only "portable" versions of software packages like "Firefox" (if they are available), 2. I use one of the "international" versions (german) - these two deviations from "plain vanilla" MAY have effects.

    Then, Slashdot is one of those bazillion sites with (strong) "integration" of social media shit (like facebook, Twitter...). There are button

    • by dargaud ( 518470 )
      FF doesn't gloat about its improvements. On Linux upgrades are automatic and I usually don't even know or notice when it has changed.
      • But wasn't the "new thing information" popup the whole point of the post here? As a shiny new thingy within FF? In opposition to the long time availability of an obscure extension that could be installed by user?

  • ...when we could have time travel (Can you imagine how long it would take to go through customs/ immigration/TSA, but then you hit the switch Done! )

    But really, the resources that have to be devoted just to defy a tech giant's shenanigans. Eventually there will be a figure attached to the effort, but then the people who have moved on get to smell the coffee, or soak in some rays, whatever.

  • uMatrix add-on will block a lot, out of the box, but I also set it to block everything from 3rd-party domains and all javascript, by default.
  • ... #Deletefacebook If you have even the smallest amount of sense.

You know you've landed gear-up when it takes full power to taxi.

Working...