Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Firefox Mozilla Privacy IT

Firefox's Total Cookie Protection Aims To Stop Tracking Between Multiple Sites (engadget.com) 65

As part of its war on web tracking, Mozilla is adding a new tool to Firefox aimed at stopping cookies from keeping tabs on you across multiple sites. From a report: The "Total Cookie Protection" feature is included in the web browser's latest release -- alongside multiple picture-in-picture views -- and essentially works by keeping cookies isolated between each site you visit. Or, in Mozilla's words: "By creating a separate cookie jar for every website." Firefox's new feature pares with last month's network partitioning tool, which works by splitting the Firefox browser cache on a per-website basis to prevent tracking across the web, itself targeted at blocking more stubborn "supercookies." According to Mozilla, these types of cookies are more difficult to delete and block as they are stored in obscure parts of the browser, including in Flash storage, ETags, and HSTS flags. Both tools are available as part of Firefox's enhanced tracking protection suite in "strict mode" on desktop and Android.
This discussion has been archived. No new comments can be posted.

Firefox's Total Cookie Protection Aims To Stop Tracking Between Multiple Sites

Comments Filter:
  • That's good news! (Score:3, Interesting)

    by QuietLagoon ( 813062 ) on Tuesday February 23, 2021 @10:32AM (#61092756)
    Now, if Mozilla could only get auto-play media to not auto-play. There's a config option for it, but that option does not seem to work.
    • Seems to be working well for me across multiple systems. Maybe take a look at this support page: https://support.mozilla.org/en... [mozilla.org]
      • Nope, I can verify that on marmiton.org, if a page contains a video at the top, it is automatically played on mobile, in any case, ... completely ruining my data cap.

        • by Merk42 ( 1906718 )
          Does it not autoplay in any browser? There seems to be a lot of JavaScript operating that player.
      • by sound+vision ( 884283 ) on Tuesday February 23, 2021 @12:46PM (#61093120) Journal

        Why are they giving you a GUI option for it when you have to go to about:config and mess with 4 or 5 different values to get it to actually do what it says? This has been broken for years, across many versions. Eventually I just installed Noscript.

        This shouldn't need a third-party plugin, config-file tinkering, or even a GUI option to turn off. It should be the default behavior of the browser.

        • This shouldn't need a third-party plugin, config-file tinkering, or even a GUI option to turn off. It should be the default behavior of the browser.

          https://www.mozilla.org/en-US/... [mozilla.org]

        • by AmiMoJo ( 196126 )

          The config option only disables the HTML tag that starts playback. Most sites use JavaScript to do it now so are not blocked.

          uBlock helps but unfortunately all the popular block lists don't work too stop autoplay video because they don't want to break other parts of the site. I wish there was an option to just break the site if there is no other option to stop video and hide cookie consent overlays.

          • That is lame. They should be prepending to the start of the video player, not dealing with HTML at all

            • by AmiMoJo ( 196126 )

              It is frustrating. The problem is that if they just disable the Javascript play function then sites with a play button won't work.

              We had this problem before with pop-up windows, tried to allow them only when the user interacted with the site and not running automatically when the page loads etc. Didn't work, spammers would just tie it in to timers or move movement events and stuff like that, so in the end they were just banned entirely.

              The same could work for video. Only allow video to be played via control

          • NoScript errs on the side of "just break the site", if that's what you want. For me, that's exactly the kind of heavy hand that I need. "When I try to use the internet these days... (TrueScore: 5, Informative)"

            The couple of domains I regularly want video from are whitelisted, so they work fine. Rarely do I want video from anywhere else, and when I do, "Disable restrictions for this tab" is just 2 clicks away.

          • Under the section "Settings: Autoplay" you get a drop-down menu with 3 choices: "Allow Audio and Video", "Block Audio", and "Block Audio and Video". There is no further explanation.

            It doesn't make any distinction between HTML tags or Javascript - nor should it, because it doesn't matter. You want to block this stuff to conserve bandwidth & CPU or maintain aural peace. Not because you favor the JS method to accomplish autoplay over the HTML method.

            The setting does not do what it says; autoplay audio and

            • by AmiMoJo ( 196126 )

              I know, I'm just trying to explain why it's hard to actually make that setting work. Nobody has found a reliable way to do it that doesn't break large numbers of popular websites.

      • Thanks, I tried the changes suggested on that support page, and it does seem to not autoplay during my quick testing. Why aren't those settings triggered when I select "do not autoplay" in the config dialog? If the "do not autoplay" setting in the config dialog does not do what it's name suggests, why is it there?
    • Yes, I remember the time I hot linked my brother to goatse, back when he has a 22" Sun RGB monitor...

  • by shadow_slicer ( 607649 ) on Tuesday February 23, 2021 @10:37AM (#61092768)

    I know Chrome also has an implementation of sharded third-party state (which is the technical term for separating caches and cookies [and socket pools] by first party site). I even think they started working on it first, but it's still in the experimental stage as it breaks too much to deployed by default.

    I think it mainly breaks advertising, but causes problems with other embeds -- and what's the point of YouTube premium if you still see ads on embedded videos?

    That said, good job for Firefox. It's not easy separating stuff out like this, as you effectively have to change every map to use 2-3 element tuples as keys instead of a single string. And if you keep in mind all of the different caches and storage browsers support (HSTS, favicons, pages, fonts, cookies, indexDB, service workers, etc) it's quite a bit of work.

  • by src04c ( 1612593 ) on Tuesday February 23, 2021 @10:40AM (#61092790)
    With the stances many are taking anyhow. Cookies arent really being relied on as much. Google announced a year ago that third party cookies wouldn't even be supported about a year from now anyhow. https://www.cnbc.com/2020/01/1... [cnbc.com] What FF is doing that is nice is their Multi-Account containers. It previously was an add-on. But will be a default. https://addons.mozilla.org/en-... [mozilla.org] What i would really like to see them add support for per-container settings. Things like noscript settings, ublock settings, even proxy settings.
    • Looks like the perpetrators have got a 20-year jump on the EU regulators. Cookies are so Web 1.0. Reminds me of the text in the Brexit deal recommending Netscape Navigator. I suppose it's still better than not trying at all, which is the path the US is taking.

    • I haven't supported third-party cookies for 40 years. Nice that Google is finally catching up. It took a long time to catch up to banning Flash. I wonder how long it will take to deprecate iframe's (which I already have disabled since 40 years).

  • Google's gonna love this
  • by awwshit ( 6214476 ) on Tuesday February 23, 2021 @11:03AM (#61092844)

    I want a solution that makes all cookies, local storage, history, all temporary files of any type evaporate when I close the tab. Everything stored temporarily per tab and gone when I close the tab. Temporary means temporary, right?

    • Yeah, but even in nature an Ephemeron lives for one day.
    • Don't private tabs already do a lot of that?

      • Not exactly. And I'm talking about non-private tabs. Some browsers have a feature like this for when you close the entire browser vs a tab, but even then most of them miss local storage or other things. Can't remove everything, like favicons so easily. My browser mostly works for advertisers and not me.

        • by Luthair ( 847766 )
          No he is right. The only distinction is that private browsing isn't per-tab its per-session, which you probably do want otherwise opening a link in a new tab may not work.
    • by AmiMoJo ( 196126 )

      Cookie Auto Delete does that. Despite the name it clears everything.

    • Use Qubes OS and do your browsing in a disposable VM. Voila, everything disappears when you close the VM.
    • That is called "Forget Me Not" ... It has been around for many years.

  • I'm a former (pre-HTML5) web developer, and: Does anyone else think this is yet another example of how the "web" platform is designed, from ground up, by hacks doing hack jobs, for hacks doing hack jobs, and was never meant to be used for things as large as today?

    I mean, I was there, I saw it. Netscape Navigator and IE... the one a horrible mess of spaghetti code, and the other one ... IE.
    But anyone working in the industry today, how do you see it.
    Is it still full of clueless people hiring clueelss people

    • by Nrrqshrr ( 1879148 ) on Tuesday February 23, 2021 @11:31AM (#61092916)

      As someone doing bioengineering and learning web development for fun, the amount of "workarounds" and little hacks I see people do is amazing. Watching people in the field work keeps reminding me of a quote from Saint-Exupery: 'Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.'
      I cant imagine someone designing a car or a protein and adding extra parts just as a workaround or to overwrite the former guy's work without deleting it. Every part of the process must be fully accounted for and must exist for a specific single role that is absolutely vital to how the whole thing function.

      Yet what I saw in web development is beyond ridiculous. Imported libraries that are never needed, using bloated frameworks for a single page website when pure JS/HTML/CSS could have done the job just fine, people not really worrying about performance because "Modern phones can handle it", following the latest flashy trends and adding buttons and animations and floating notifications when the end user just wants to read some fucking text...

      Of course, am not working for a FAANG or a cutting edge "innovating" company from Silicon Valley (or Austin, now), so maybe what am seeing is just the works of the bottom-tier developers, but this field is still such a mess.

      • by Anonymous Coward

        >I cant imagine someone designing a car or a protein and adding extra parts just as a workaround or to overwrite the former guy's work without deleting it.

        A lot of common crops have their entire genetic code duplicated multiple times, which is far more redundant

  • PARES?!
    What the fuck people.

  • Count me in (Score:4, Insightful)

    by ddtmm ( 549094 ) on Tuesday February 23, 2021 @11:43AM (#61092946)
    Criticize in Firefox all you want but this is exactly the type of thing we need more of. I would even buy more ram for my browser's use if it meant I could finally start realizing true privacy. Tracking and personal privacy invasion have gone way too far and I love that Firefox and to a degree Safari are trying to do something about it. I've often thought I would even pay for a browser if it was truly all about the user experience and eliminated privacy concerns. Of course, with so many people hooked on "free" the critical mass needed to float that idea will never get off the ground. Sad.
  • All this amazing new stuff. Mozzila.

    Now how about putting back what you broke ?

  • I don't know what the hell they've done, but I'm constantly getting logged out of websites that require a login. And not only the "common login" ones like Instagram using my Facebook login, but sites like Github and Reddit also that have dedicated login mechanisms.
  • by oldgraybeard ( 2939809 ) on Tuesday February 23, 2021 @01:04PM (#61093168)
    Web Sites and No Cross Site Anything! Seems simple to me ;)

    I use NoScript in Firefox and you go to most web sites now and there are 5-10-20+ other sites providing pieces of the site or running scripts.
    How in the heck does anyone even a tech savvy person really know what is going on. Let alone a normal web user.
    To me I just enable the main site and if that does not work I move on. Unless I am forced to sort out the mess.

    I really think we have 3 Internets now
    1. The Commercial Internet, Ads Ads and more Ads, Tracking sand Spying galore. Rampant Ideological and Political censorship! And no privacy at all!
    2. The Deep Web, which to me is becoming the real back bone.
    3. The Dark Web oooo Danger Will Robinson Danger! ;) lol
    I am thinking 2 and 3 are really getting to be the place to operate.
    And encryption, encryption, encryption!

    Commercialization and Monetization has made the www, domain named web useless and why even hang there much.
  • Hopefully next they will focus on blocking tracking pixels and also JS that tracks people across services for targeted advertising, which Google, FB, AWS Ads, and other services use.

The trouble with being punctual is that nobody's there to appreciate it. -- Franklin P. Jones

Working...