Firefox 86 Gains Total Cookie Protection and Multiple Picture-in-Picture Views

[MacBH928]

No, it needs to be blown to actual proportion. It's not a misstep; it was deliberate, and they thought they could get away with it. It's not about the privacy, it's about the trust.

At least Canonical was open about it, but yeah, I'm not a fan of that move either. Firefox's telemetry is annoying but minimal and again well-disclosed, and Google default, idc. There's a search engine setting for a reason.

That's pretty bad. I wouldn't trust Brave after that. Firefox only collects telemetry if you opt-in. They also encrypt your synced data before collecting so it's not shadily analyzing your browsing history, bookmarks, and address book in order to serve ads.

So Brave is not trust worth because for like 2 weeks/1 month they referred some ads to their own ads, but you will continue to use Apple, Google, Facebook, Amazon, Microsoft, Spotify, YouTube, Roku, eBay..etc that actually tell you in your face we did and will continue to breach your privacy and collect data on you? Thats some logic...

And yes Apple does collect your data, they tell you in your face, use Siri and will store your voice on our servers.

Apple’s hired contractors are listening to your recorded Siri conversations, too

Just like Alexa and Google Assistant

www.theverge.com

but Brave is the evil guy here for switching ads.

 

[hot-gril]

So Brave is not trust worth because for like 2 weeks/1 month they referred some ads to their own ads, but you will continue to use Apple, Google, Facebook, Amazon, Microsoft, Spotify, YouTube, Roku, eBay..etc that actually tell you in your face we did and will continue to breach your privacy and collect data on you? Thats some logic...

And yes Apple does collect your data, they tell you in your face, use Siri and will store your voice on our servers.

Apple’s hired contractors are listening to your recorded Siri conversations, too

Just like Alexa and Google Assistant

www.theverge.com

but Brave is the evil guy here for switching ads.

Yes.

 

[Enlightened Doggo]

So Brave is not trust worth because for like 2 weeks/1 month they referred some ads to their own ads, but you will continue to use Apple, Google, Facebook, Amazon, Microsoft, Spotify, YouTube, Roku, eBay..etc that actually tell you in your face we did and will continue to breach your privacy and collect data on you? Thats some logic...

And yes Apple does collect your data, they tell you in your face, use Siri and will store your voice on our servers.

Apple’s hired contractors are listening to your recorded Siri conversations, too

Just like Alexa and Google Assistant

www.theverge.com

but Brave is the evil guy here for switching ads.

If there's something relevant you feel the need to raise an alarm bell over, then by all means. However, if you think I need to support or oppose any number of random other things in order to distrust a shady crypto startup, then you're sadly mistaken.

 

[MacBH928]

If there's something relevant you feel the need to raise an alarm bell over, then by all means. However, if you think I need to support or oppose any number of random other things in order to distrust a shady crypto startup, then you're sadly mistaken.

To each his own, but you call Brave shady when its run by the past Mozilla CEO and Javascript creator and the software is open source for the world to audit. We are not talking about a 3 man team company in Guatemala. Somehow its ok to trust Apple that just told you they hire employees to listen to your Siri recordings in a completely closed-source ecosystem.

 

[Enlightened Doggo]

To each his own, but you call Brave shady when its run by the past Mozilla CEO and Javascript creator and the software is open source for the world to audit. We are not talking about a 3 man team company in Guatemala. Somehow its ok to trust Apple that just told you they hire employees to listen to your Siri recordings in a completely closed-source ecosystem.

I don't use Siri...

 

[kc9hzn]

But it is. This is exactly how cookies were set up from the start.

I can’t put a site online at mysite.com and just rummage around in your cookies when you visit and pull info from when you visited yoursite.com. That’s just how cookies work. It’s the same-origin policy at work.

I’m very confused by this “feature”

It’s third party cookies, like tracking cookies. The third party site sets the cookie when your browser accesses the embedded resource from their server.

Cookies are a fairly archaic mechanism. HTTP is what’s called a stateless protocol, so each request is completely logically separate from the previous request. That makes it impossible to do things like accessing content that requires authorization (like user account history for e-commerce). Cookies were really a minimum viable mechanism for persisting state between HTTP requests (on a technical level, they’re just key-value pairs in a plain text file) to enable account log in and e-commerce. Likewise, Netscape added JavaScript to provide a minimum viable method of making web pages interactive without making another request. This minimum viable approach also led to Netscape’s development of HTTPS (instead of the security first approach used by SHTTP).

In Netscape’s defense, when they implemented these features, Macs were still cooperative multitasking, single threaded computers (and Apple was still selling new 68k Macs), PCs were still fundamentally DOS based (and the current Windows release was 3.1), and personal computers had processors that maybe reached 70MHz on the high end, 4MB was a decent amount of RAM, and hard drives were less than a GB! (By way of comparison, my wrist watch has a preemptive multitasking UNIX based operating system, a GB of RAM, 32GB of solid state storage, a multicore processor running probably around 1GHz, Wi-Fi, and Bluetooth.) Personal computers were pretty primitive back then, and, if these technologies were implemented today, it’s likely they’d be done in a more secure, more sane way.

 

[mikepictor]

What I am still trying to figure out, is whether this total cookie protection is materially better or different than the 3rd party cookie blocking that has been part of Safari for a while now. Does FF do something new here that Safari isn't doing?

 

[shapesinaframe]

What I am still trying to figure out, is whether this total cookie protection is materially better or different than the 3rd party cookie blocking that has been part of Safari for a while now. Does FF do something new here that Safari isn't doing?

it's my understanding that this FF feature allows you to receive 3rd party cookies, but contains them for each domain you visit, limiting their ability to track you across domains.

 

[kc9hzn]

it's my understanding that this FF feature allows you to receive 3rd party cookies, but contains them for each domain you visit, limiting their ability to track you across domains.

Ie You go to a newspaper webpage with a Facebook like widget. That like widget can’t see that you’re logged into Facebook in another tab because it can’t access that cookie, nor can it see the like widget on the newspaper webpage for the other popular newspaper in town that you have open in a third tag. It’s like private browsing mode, but just for third party trackers and ads. The Safari setting is an all or nothing affair that stops third party cookies from loading. The advantage of FF’s feature is mostly that it works on sites that would break if you turned off third party cookies entirely.

Edit: Mobile Safari has a similar feature, but it only works in private browsing mode. You open a site in tab 1, then log in. In tab 1, open an internal link in a new tab. In tab 2, you’re still logged in. Back in tab 1, open an external link in a new tab. In tab 3, you’re not logged into the site from tab 1. Open a new tab, then navigate to the same site as tab 1. In tab 4, you won’t be logged in. I think the Firefox feature works the same way, except that 1) you retain browsing history between launches, 2) you remain logged in between sessions, and 3) in the above example, you’d still be logged in on tab 4.

 

[mikepictor]

Huh...well here is one difference. I tried a Canadian streaming site that I know has had issues (crave.ca). In Safari if I try and login I just get a big splash page that says I need to turn off 3rd party cookies.

In Firefox, it gives me a login screen (which is on a different domain), it accepts my account details and password, and then passes me back to crave.ca...where I am not signed in. That tracks with the cookie jar approach, but it didn't help me login (and I wasn't really expecting it to)

So yeah, it doesn't register as a 3rd party cookie, but it also still didn't work. At least in Safari I was told "don't bother", which still leaves me wondering if FF is in any way better than Safari.

 

[kc9hzn]

That’s fair, that’s actually a use case where I would have expected a difference in Firefox. Functionally, there probably isn’t a difference in most situations then, but there might be some edge cases where it does make a difference.

 

[shapesinaframe]

Huh...well here is one difference. I tried a Canadian streaming site that I know has had issues (crave.ca). In Safari if I try and login I just get a big splash page that says I need to turn off 3rd party cookies.

In Firefox, it gives me a login screen (which is on a different domain), it accepts my account details and password, and then passes me back to crave.ca...where I am not signed in. That tracks with the cookie jar approach, but it didn't help me login (and I wasn't really expecting it to)

So yeah, it doesn't register as a 3rd party cookie, but it also still didn't work. At least in Safari I was told "don't bother", which still leaves me wondering if FF is in any way better than Safari.

FF does allow SSO login cookies to function outside of the "cookie jar", I think I (or someone else) put a link to a FF dev/support doc earlier in this thread somewhere that explains how it works. It explains how they still allows Sign in with Google etc to function.

 

[mikepictor]

Yeah, but only for certain services.

 

[jon08]

I’ve been on Firefox all along, but even so I’m always signed into my Gmail account on Firefox because, well, as soon as I sign in on YouTube I’d remain logged into my Gmail anyway. So how much do all these Firefox’s privacy-related bells and whistles still help then? Presumably I’d have to be logged out of Gmail to prevent Google from tracking me and collecting all this data it collects otherwise?

PS: I also use uBlock Origin.

 

[kc9hzn]

I’ve been on Firefox all along, but even so I’m always signed into my Gmail account on Firefox because, well, as soon as I sign in on YouTube I’d remain logged into my Gmail anyway. So how much do all these Firefox’s privacy-related bells and whistles still help then? Presumably I’d have to be logged out of Gmail to prevent Google from tracking me and collecting all this data it collects otherwise?

PS: I also use uBlock Origin.

That’s a great question, I suppose that depends on how Firefox handles single sign-on for Google, especially with regards to AdSense advertising and Google Analytics tracking. I don’t have an answer for you, unfortunately!

 

[adrianlondon]

You could configure the Containers feature in Firefox to isolate either Google Mail or Youtube or both. I have Youtube in its own container so if I log in to that (or not) it doesn't affect anything else. I can even open Youtube in another tab (in no container, or a different container) and am able to log in again with a different user.