Privacy Badger is attempting to prevent Facebook from tracking you by blocking URLs known to load tracking code or pixel trackers etc.
This extension isolates your Facebook login cookies while you're browsing on non-Facebook websites, hence making it harder for those tracking techniques to identify you.
How can you load Facebook login cookies from third party websites? I thought they set a cookie on facebook and used that to track you between sites. Third parties add Facebook scripts to their sites that then read the tracking cookie around the web.
Privacy Badger prevents the cookie being sent back to Facebook from these third party websites.
This is a good start. It's close to the way I've been (infrequently) using Facebook for the past few years: in a private browsing session through a VPN. It's worth noting that with this extension Facebook still gets your IP address.
Multi-account containers are great. The only issue I’ve encountered is opening links outside of your container (e.g. a link to a website that you are logged in outside the container will mean you are logged out). Just need to train my muscle memory to “right click > open in container...” rather than just clicking!
I already use the multi-container accounts to do this. It works fantastically, and is the biggest reason that Chrome is gone from my mac.
Why is this different from Privacy Badger? This allows you to segregate all facebook toxicity to a single container. This allows you to fully use facebook, and places like login via facebook, without exposing other things to facebook in the first place.
That said, this really doesn't address either the Cambridge situation, or the fact that Facebook themselves allowed the Obama campagin to pull demographic information in violation of their own polices, which was arguably impacted far more people (https://www.investors.com/politics/editorials/facebook-data-... && http://www.dailymail.co.uk/news/article-5520303/Obama-campai...). The only solution to that is to #DeleteFacebook. Facebook is a surveillance as a service provider. The only way to keep them from monetizing you for commercial, social or political reasons is to firewall them off.
You can also associate this with a VPN, if you want to deny them the IP address your home machine is using.
Everyone should use the firefox multi-account containers. Each account you use should have a separate container. The new versions allow you to associate bookmarks to containers.
Neither of those citations say that what the Obama campaign did violated Facebook's policies.
The "But the Obama campaign did something similar!" is an argument based on false equivalence, used to muddy the conversation.
(Further, both of those citations - a right-leaning source[0] and a tabloid, respectively - are articles written about some tweets. Which is not to say that they're wrong, but without further confirmation, one might want to take them with a grain of salt.)
[0] The "You might like" links at the bottom are to the articles "Russia Scandal: Did Obama Tutor Hillary Clinton In Electoral Conspiracy 101?", "Will Mueller Ever Admit That There Was No Trump-Russia Collusion?", and "Hillary Clinton Still Can't Believe She Lost ... Or Why".
Actually, if you look, the original source said that Facebook admitted that they were only doing so because they wanted Obama to win - and that for anyone else it would be a violation of their practices. The OFA postulated that Facebook did the same for other parties, but no evidence has come to light.
In fact, reading what the OFA admitted, and what is under investigation here, the only difference seems to be that Facebook didn't unofficially bless the efforts of Cambridge, while they did for OFA.
Here is the money quote - directly from Twitter:
“They came to office in the days following election recruiting & were very candid that they allowed us to do things they wouldn’t have allowed someone else to do because they were on our side"
That's not a conspiracy theory, or some evil double standard. That is a director for OFA explicitly mentioning that they were being given special data "because they were on our side".
You should be very very scared about social network deciding to be on peoples side. See Trump and Twitter.
It's as if the last two years hasn't convinced you to be deeply skeptical of social networks and surveillance as a service operations. This universal confirmation bias is the exact same bias that Trumpkins use to ignore any news they don't like. Facebook will keep selling you to the highest bidder. They don't give a fsck about your political point of views.
(And this is probably tame for what they do for China to suppress their people).
we are firmly in the era of celebrity presidents - every president since Carter has been less qualified then the previous in terms of previous executive experience.
Zuck, Kamala Harris and Oprah are whetting their appetites.
Kamala Harris may be a political darling at the moment, but she is not a celebrity politician and so it doesn’t make sense to compare her to Oprah or Mark Zuckerberg. Harris has been in law/politics for basically her whole career:
Of course. The people that would elect them are decidedly and unabashedly anti-technorati. It is a good thing we have the bureaucrat firewall in place, frustrating though it is.
How is someone who is a US senator exactly similar to Oprah? Nixon was in Congress for 6 years and VP for 8. Was that not enough or too much? And the idea Obama was less prepared that George W. Bush seems hard to swallow.
Interestingly, from a game theory perspective, the purpose of leadership is to coordinate people, and charisma is absolutely a valid way to accomplish that. From game theory it doesn't actually matter very much how the coordination is arrived at, just that it happens, check out http://www.dustingetz.com/:myerson c-f "charisma"
> Who will not have even served out her term when she runs for president.
So, she’ll have a couple fewer years in the Senate and a lot more in elected executive positions than Kennedy when he was elected President.
> These are the type of people we feel are well qualified to run the most powerful, largest, and most expensive institution in human history?
Harris isn't necessarily my first choice, but she's certainly qualified; Oprah and Zuck are unqualified, though less so than the current incumbent (which, admittedly, is a low bar to clear.)
In short, yes. I think a sitting US Senator has met the basic credibility and resume qualifications to be a US President, and is not accurately described as a "celebrity" candidate.
For one tech company with no other experience. A one hit wonder, in other words.
He might be a great executive, but then, Donald Trump might be a great real estate developer, investor, and business man. Just a few factors aligning correctly and you can be successful, even if you aren't particularly skilled.
Actually, if you look, the original source said that Facebook admitted that they were only doing so because they wanted Obama to win - and that for anyone else it would be a violation of their practices.
No, it doesn't. Between the two sources, they say that Facebook was "surprised" that they were able to get so much data, and that Facebook didn't stop them. The sources do not say that the Obama campaign violated Facebook's policies.
This is the false equivalence: "What the Obama campaign and Cambridge Analytica did to acquire data on tens of millions of Americans is the same."
In reality, Cambridge Analytica obtained the data from a 3rd party not authorized to provide it, and who collected the data under false pretenses.
Cambridge Analytica — unlike other firms that access Facebook’s user data — broke Facebook’s rules by obtaining the data under the pretense of academic use. But experts familiar with Facebook’s systems and policies say that the greater problem was that the rules for accessing the social network’s information trove were so loose in the first place.
“They came to office in the days following election recruiting & were very candid that they allowed us to do things they wouldn’t have allowed someone else to do because they were on our side"
The willingness to excuse Facebook selling your privacy because you agree with a political point of view is part of the problem.
That sort of rank partisanship can barely be hidden. It's discrediting. FB is clearly in the worse here, even if they were entirely within their rights while Cambridge Analytica was entirely not. What's legal is not always what's right.
It's becoming clear exactly what the cost of social surveillance is in our lives. This is just one of many significant problems with it.
There have always been jackasses willing to sacrifice morals (or rightness) in favor of power. Social networks just make it easier to ignore signals that should humanize power.
What's even more interesting to me is that /u/WalterGR is so biased that on this topic, unless he's lying, his brain literally cannot differentiate between identical and similar, and he is far from the only person behaving like this. Since we're on HN, odds are he's otherwise a fairly smart person.
This isn't just a typical argument about a matter of opinion - identical and similar are two distinctly different words, but he will be simply unable to see the relevance of that to what he has written above. I've been on the internet a long time, and there have been flame wars and various disagreements since forever, but there is something very, very different happening with people's minds now.
EDIT:
Once again, immediate downvotes with no rebuttal. Shocking. And while this is frustrating, and a bit scary for the future that critical thinking is almost nowhere to be found, the childish partisanship combined with self-important delusions is an interesting insight into the psyche of young university educated Westerners.
> Neither of those citations say that what the Obama campaign did violated Facebook's policies.
> The "But the Obama campaign did something similar!" is an argument based on false equivalence, used to muddy the conversation.
e·quiv·a·lence
iˈkwivələns/
noun
noun: equivalence; plural noun: equivalences
the condition of being equal or equivalent in value, worth, function, etc.
sim·i·lar
ˈsim(ə)lər/
adjective
adjective: similar
1.
resembling without being identical.
"a soft cheese similar to Brie"
synonyms: alike, (much) the same, indistinguishable, almost identical, homogeneous, homologous; More
I sincerely believe this is something new and interesting. Suggesting someone has acted based on a subconscious psychological affect is less insulting than accusing someone of conscious or deliberate error (which happens routinely on HN), is it not? Which has the harsher punishment, second degree murder or first?
Serious question. Would you deny that there has been a noticeable decline in objectivity of commentary in the last year? I can agree singling one person out could be considered harsh, but make an honest effort to ignore the perceived "rudeness", is the failure of basic logic not a little striking here? If the topic wasn't controversial, do you think a similar situation would arise?
I take what you say seriously, and kindly ask for the same consideration in return.
I'm sorry, but I don't follow all of that. The main issue with the original comment is simple: it is not within the guidelines on Hacker News to say that another user's brain is malfunctioning, or other things of that sort.
> Be civil. Don't say things you wouldn't say face-to-face. Don't be snarky. Comments should get more civil and substantive, not less, as a topic gets more divisive.
The point is, it's a double standard. The guideline you quote used to be broadly followed, but is now broken regularly.
And his brain isn't malfunctioning, it's just behaving the way the human brain works, the vast majority of people on HN are quite broadly knowledgeable, I highly doubt you're that ignorant of human psychology, more likely you don't care for my opinion.
Besides, read my edit above - whether it was accidental or deliberate, the person was being incredibly intellectually dishonest. It wasn't too long ago that that counted for something on this website. I suppose it still does, but what's new is that it is trumped by political correctness.
If you're going to bother with a reply, how about you address my "intellectually dishonest" charge?
In case you do make it back here, I now realize who I'm talking to and how thin of ice I'm likely treading on. This changes my opinion in no way, instead I'll make one last statement on this particular matter: I assert that the level of discourse on political related matters on HN has taken a significant turn for the worse, most likely corresponding to the most recent election. While this probably shouldn't be surprising, HN's are people after all, where I think (not guarantee, but think) criticism is valid is that there is widespread abuse of the guidelines noted above, widespread abuse of the truth, and a double standard of claims of "appropriate behavior".
I would imagine your instinctual reaction is to disagree, I'm sure mine would be as well, but then ask yourself this: is it possible I have a point? We know this phenomenon is happening on other forums, are HN'ers really all that special, are we immune to the shortcomings the rest of humanity suffers from?
This is too complicated. It's against HN's guidelines to take personal swipes, such as insinuating things about their brain. That's all. Please don't do it again.
It's against the rules regardless of your politics or theirs.
Fair enough, I would simply ask that the rules are enforced in an unbiased manner, and if I report someone for an objectively similar violation of the rules, that evaluation of that is unbiased.
It's not lost on me that I am involved in these types of discussions more than average, but it seems that this will naturally occur to anyone who is in a substantial minority - after all, would we expect people to be highly motivated to reply to a comment with which they agree?
I don't involve myself in these discussions entirely because I enjoy it, I also do it because it's important. Disagreement and debate is important to a healthy democracy, and there is a decreasing amount of genuine honest debate in the world.
Also not that as usual, someone coincidentally came across my posts on an at least 2 day old thread and delivered my obligatory downvotes. No problem though I suppose.
Both the articles you cite concede that some meeting some time somewhere at which somebody from Facebook said "they allowed us to do things they wouldn’t have allowed someone else to do because they were on our side" doesn't mean that the Obama campaign violated Facebook policies. It's an important distinction.
If we trust The Daily Mail article:
Davidsen said that she felt the project was 'creepy' - 'even though we played by the rules, and didn't do anything I felt was ugly, with the data'
If we trust the IBD article:
The only difference, as far as we can discern, between the two campaigns' use of Facebook, is that in the case of Obama the users themselves agreed to share their data with the Obama campaign, as well as that of their friends.
The users that downloaded the Cambridge app, meanwhile, were only told that the information would be used for academic purposes. Nor was the data to be used for anything other than academic purposes.
It's an important distinction, to be sure, and Facebook is right to be attacked for its inability to control how its user data were being gathered and shopped around.
(Though it should be pointed out that it wasn't a Cambridge Analytica app, and Cambridge Analytica obtained the data from a 3rd party who wasn't authorized to provide it.)
In any case, Zuckerberg's senate testimony should reveal the circumstances under which facebook data was shared or not shared with the Obama and Trump campaigns.
After all, both campaigns (and most major US political campaigns) surely had embedded Facebook employee account managers helping them spend as much money as effectively as possible, while scrutinizing their account usage.
That is assuming the testimony doesn't wind up being an hours long repetition of the words "I do not recall". I'm not all that familiar with Facebook's org chart, but there might even be some plausible deniability with the CEO getting involved with day-to-day API access requests.
The behavior is objectionable whether any of the parties had FB's approval or not. That Cambridge Analytica lacked FB's approval makes what they did either no different, or a lot worse, depending on your p.o.v. -- if you're FB, you're likely to think that Cambridge Analytica did something terrible; if you're the public then the end result was the same as in the Obama campaign case, so you might find the Cambridge Analytica no worse.
Seriously, being on the public side I can't tell the difference. Both cases involve (ab)use of user data from FB without the users' knowledge. Both are bad -- or neutral, if you're the sort of user that understands the implications of using Facebook at all. Indeed, I'm not even surprised by these incidents. If anything I'm surprised that anyone is. I'm not even surprised -though annoyed- by partisan attempts to make one side or the other look worse.
Please, let's stop pretending that Facebook's blessing makes one (ab)use of user data OK and the other not. If you object to a campaign's use of your data, why wouldn't you object to a campaign's use of someone else's data?
And yes, your data, when shared with FB, is FB's data. But do people even understand that? You and I do, but does your mom? Mine certainly does not.
Wonder if anyone from Facebook went back and asked them to delete all that data. Then later on verified that they did so. What about other outfits that figured out how extract the data in the same way?
The commenter isn't arguing that they're the same:
> That said, this really doesn't address either the Cambridge situation, or the fact that Facebook themselves allowed the Obama campagin to pull demographic information in violation of their own polices...
The sentence is essentially "this doesn't address A, nor does it address B", which requires that A and B be different.
> (Further, both of those citations - a right-leaning source[0] and a tabloid, respectively - are articles written about some tweets. Which is not to say that they're wrong, but without further confirmation, one might want to take them with a grain of salt.)
The tweets were from Obama's own Campaign Director, saying that OFA were allowed to violate FB's TOS in a way that others weren't.
> Neither of those citations say that what the Obama campaign did violated Facebook's policies.
The text you quoted does not claim that the Obama campaign violated FB's policies. It says that FB allowed the Obama campaign to do things that would -without FB's approval- have violated FB's policies.
Relevant quotes from Betsy Hoover the Obama 2012 online organizing director:
"So the app that everyone's referring to in this moment was an app called Targeted Sharing. It was an app that we created on Facebook that fully followed Facebook's terms of service. And any individual could decide to use the app. When they clicked on the app, a screen would pop up that would say what data they're authorizing the app was giving us access to and exactly how we were going to use that data. And so at that time, it was totally legitimate on Facebook to say you're giving us access to your social network. You're giving us access to your friends on Facebook."
"...So, you know, we got your list of friends. And then we matched it to our model, our list of voters that we didn't build with Facebook data. We built with voter history and, you know, all of the other data points that Democratic campaigns use to build models. But we matched the data of your friends to that model and then reflected it back to the person who had authorized the app..."
Sounds very similar to Cambrdige Analytica imho. In addition I don't really think that exploring how deep the rabbit hole goes is deflection, rather showing how much more pervasive this practice is than people think.
>The people signing up knew the data they were handing over would be used to support a political campaign. Their friends, however, did not.
>Facebook friends lists, tags and photos allowed Obama operatives to identify a person’s close friends, which they then matched with offline public records. (Was this person likely to vote for Obama, but unlikely to get out to vote?) They then told the app users which of their friends they should send campaign messages to.
They seem pretty different. Not just in how the data was collected, but how it was then used.
The research into Facebook likes and personality and the manipulation of those psychological profiles, which CA based their entire operation on, didn’t even exist in 2008.
Comparing the two is absolutely a false equivalency.
And the CA scandal goes way beyond the Facebook stuff. The company is allegedly involved in various illegal and anti-democratic activities around the world. Are people really downplaying this simply because they support Trump and CA has a Trump connection?
Agreed. In my understanding the CA data wasn't a friends list, which it what OFA got, but your friends Facebook data (their photos, posts, likes AND their friends data). That's how they got to 50M users. And how they used it sounds pretty different too.
The data OFA got wasn't just a list of your friends, it was their photos, posts and likes too. The Obama campaign's strategy revolved around using that information about your friends' social media - what photos they were tagged in, who interacted with who, etc - to figure out who was closest to which of their volunteers in order to work out who could best convince them to vote Obama. Which isn't what CA was offering, of course, but still seems rather creepy.
The other difference is that based on what we know, the Trump campaign didn't actually have any interest in using the CA data in question. The head of their campaign has quite consistently said he thinks CA's psychographics was worthless nonsense, and I'm not aware of anyone finding evidence contradicting this. It's quite possible that, in fact, the 2012 Obama campaign was the only US presidential campaign that systematically gathered information on people's Facebook friends to feed their campaign machine.
'False equivalency!' seems to be a popular new phrase to prevent self-reflection. If the CA situation is only bad insofar as it helped the GOP, then that's fine, but if you're interested in broader change regarding privacy then a knee-jerk partisan supremacy won't benefit anyone.
It’s not a new phrase. Perhaps you’re seeing it more due to the flood of textbook false equivalencies from people trying to defend the president’s behavior.
On the one hand you have FB users actively campaigning for Obama coordinating and voluntarily sharing their friend data with the campaign for the purpose of campaign, and on the other hand you have a goofy quiz app author secretly using the friend data for the Trump campaign.
Not saying you shouldn't play the cat and mouse game but it wouldn't take much to have the FB code served first party.
You're gaining security the same way bike locks provide security. Anyone motivated could break it but you're hoping that enough people are easier targets that you're ignored.
This solution is good for you personally but it's not a fix.
I've been doing that for a while. Also hiding every single suggested post to the extent that Facebook occasionally blocks me for "abusing" that feature.
But Facebook is a private company, so they're allowed to do what they want regardless of whatever "policies" they set, so long as they remain within the law. If you don't like it, start your own Facebook!
(Due to Poe's law, I should note that I'm being sarcastic. Funny that this sentiment gets brought up all the time in discussions about YouTube, but not here...)
Just deactivated Facebook, and it's a wonderfully freeing sensation. I can always reactivate it if I really need to reach somebody who's only available on there, but that's unlikely at best.
You can do the same thing with Chrome profiles, Chrome Canary and Choosy. This multi-container thing (per OP, don't know if you are using the same one) appears to be FB only. So while it is effortless, it's reactionary and limited. The general solution is better and doesn't force you to a specific browser.
Disclaimer: When I use google (search, gmail, etc) and facebook I use specific profiles for those activities. I use a default profile for everything else. So, I don't actually use the above solution myself.
I used to alternate between browsers for different uses but after the Pocket debacle I abandoned Firefox "for good". Since Quantum I haven't liked it anyway.
This extension is FB specific, but thw underlying mechanism is generic, and has an advantage over chrome profiles in that tabs with different 'profiles'/'containers' can share a window.
I believe the parent comment is referring to multi-account-containers [1], which is a general implementation.
This Facebook extension is a reactionary Facebook-specific adaptation of that extension. But it is still useful for many users since it doesn't require any user interaction.
I think multi-account-containers is more convenient than profiles since it provides a single interface to manage the containers and browser settings are shared, but I am actually using profiles on Firefox because the extension doesn't seem to support the "Never remember history" browser option.
I just use mbasic.Facebook.com in the basic netsurf browser. No JS, no other sites. Avoids any possibility of accidentally letting Facebook out of its box.
> I already use the multi-container accounts to do this.
How? Specifically the part where clicking a link inside the FB container that leads outside of FB opens outside the container?
AFAIK it's impossible, and that's why I stopped using the multi container stuff in Firefox.
It's such an obvious oversight. When they implemented "get into the container when clicking xyz.com" how come they never thought of "get out of the container when clicking something that's not xyz.com"?
No, obviously it can't. But, that's what "DNT" (Do Not Track) header was supposed to fix, but there is no incentive for companies to adhere to it, except good-will.
That's a much more manual and difficult B2B contractual process. A completely different level than automated data sharing via tightly integrated plugins.
Another good tool is DuckDuckGo's tracker blocker. Facebook got a lot of attention, but google, comscore, twitter, and others are doing the exact same thing.
Note that it includes "energy labels" for terms of services that allow you to assess their impact at a glance. Those labels are provided by Terms of Service; Didn't Read, and they're currently crowdfunding with the help of DuckDuckGo, who donate to the project depending on the amount raised: https://www.crowdrise.com/o/en/campaign/tosdr
> The next time you navigate to Facebook it will load in a new blue colored browser tab (the “Container”).
Why does not browsers (eh, Firefox) do this by default for every origin? 3rd party cookies would be broken I assume, but overall it would lead to less tracking across origins.
Because that would break many things on the web, in particular the ability to `Like`, to `Log-in with Google`, etc. Also, the definition of 3rd party is sometimes complicated.
This has a real limitation, which is that if you click an external link on your Facebook newsfeed, the new website will also be in the FB container. On the one hand, that keeps your FB-related browsing from "contaminating" your other web cookies. On the other hand, all the websites in that container get to link you to your FB account just like normal.
Can someone explain how this would prevent fingerprinting? IP, user-agent, window-size and other details can reliably identify most of the the other http sessions anyway. Blocking trackers seems as important to me.
It wouldn't. It merely makes it more difficult for Facebook to track you on third-party websites, as fingerprinting is more difficult and error-prone than simply re-using your cookie.
My question was rhetorical :-). I agree with you that it is harder and noisier to perform fingerprinting, but I still wish for Mozilla to evangelize a more complete solution. The current one creates a somewhat sense of false security, in my opinion.
It does not. I'd guess it hardly makes a dent in their tracking. The only sure way to block completely is to use a custom router on your network - an outgoing firewall. Via a custom dns server on my router, all requests from any device, browser, app, etc for the facebook or any ad or tracking domains never leave my network. This is powerful. Windows 10 intrusive spying can be blocked as well. Basically anything that I can't figure out what it is is blocked, and it's a lot. If I ever acquire malware that phones home, it should detect as well.
The great thing is when you block all that, your internet is much faster.
Would you comment on what router and software you are using, how difficult it is to maintain, and any surprises you have had using it (things you depend on breaking).
It's Ubuntu. Protectli is the equipment, easily obtainable on Amazon. If I had to do over I would use PCEngines however since they use core boot. Edit: you will also need a wireless access point to plug into a lan port. Ubiquity unify is great and is much better coverage than the consumer grade router this replaced.
Up for months, incredible speed, no maintenance, except to add new domains to block when they prove to be spyware. Twitter may be next on the list since it is of declining use to me.
I'll add that I'm by no means a linux whiz, but learned a lot by doing this project.
Biggest issue is explaining to guests why they can't access facebook.
Another bene is you no longer have the planned obsolescence of consumer grade equipment. I fully expect this thing to last a decade, and "firmware" is automatically updated via linux.
If you want something high-performance that you can have running quickly, you can do this with a Turris Omnia router + Pi-hole (DNS ad-blocker). The Omnia is about $300. I've done a blog post explaining how to get everything set up here, and it's CC0 public domain licensed so you can copy or adapt it however you like: https://www.tombrossman.com/blog/2017/how-to-install-pi-hole...
No surprises, the Omnia updates itself and reboots automatically (you get an email warning of you want to intervene) and everything 'just works'.
You can already go a long way without as much technical commitment with a PiHole setup that simply poison DNS queries.
It can't compete with the total control you get with crafting specific firewall rules but it has most of the same effect while being a lot simpler to manage.
Well credit where it's due, the anti-fingerprinting is actually a TOR project. The project you linked to is an attempt to bring TOR's protections into the mainline Firefox browser. Obviously TOR has more stringent goals than Firefox so many privacy features are currently hidden behind the `privacy.resistFingerprinting` option in about:config.
After using containers to isolate my Google activity in a similar fashion, I can confirm Google at least does. I see recommendations to watch other videos from the same channels I watch on YouTube in my Google container if I end up on YouTube in my normal browsing container.
Are you logged out of (or never logged in to) any of the Google properties/platforms in these two modes? If yes, then Google's behavior here doesn't match user expectations and is tainted.
There is one silver lining in carrier grade NAT. combine that and all facebook ends up with is you are one of a few hundred firefox users in some geographical area.
Not necessarily! Other fingerprinting details can surface identity even when user agent and IP are unreliable. If you've got a specific screen resolution, you're tagged. If you've got a specific version of some piece of software (Flash, for instance) you're tagged.
more than that, theres a bunch of sites that buy your email address/phone number from companies, which then provide matching across browsers/devices/containers/etc which they sell to others. All you need to do is log into one on each and the cookies get linked and they know its the same person.
This literally does all of the work for you. You just click "install" and then you don't need to worry about 'containing different personas online' at all. It's ridiculously easy.
I don't worry about containing different personas online because I have only one social media account (HN). Therefore, only one persona. That + ublock origin is sufficient for me.
That is mostly the case. However, other websites may ask your browser to make requests to Facebook domains (to load in social buttons or tracking scripts/pixels). Those requests will include any cookies your browser has for Facebook as they're direct to Facebook domains.
This extension gives Firefox selective amnesia: if you're in a Facebook container tab, it'll remember and send those cookies. If you're not, it won't!
An alternative solution is to never make those third party requests in the first place, but you might need some of them for content you're actually interested in viewing. Using both a blocking extension and this container extension should improve your privacy towards Facebook.
There's a "Same-Site" cookie flag that helps prevent CSRF by preventing cookies being sent in that scenario. Can the browser be made to treat all cookies as "same-site" for a quick 'fix' to this issue?
Obviously this would need a white-list (and a pair<from,to> whitelist, not just "this domain is OK list) to allow SSO scenarios.
Yes, but as you say this breaks a large number of applications. The web browsers aren't super likely to break existing behavior since people simply blame the browser that whatever thing doesn't work.
There’s uMatrix for that of course but is uBlock Origin and PrivacyBadger combo enough with this extension? As the de-facto tech guy in my family I know how to take care of my own privacy but I’m always searching for the most hands off solution for the tech illiterate family members who come to me asking to “fix their laptops”.
I mean it's too late now but there's nothing fundamental about the current SSO design. If browsers shipped with FPI from the beginning SSO would still work, it would just look different.
It breaks things like "sign-in with github credentials" in CIs. But you know, these should be exceptional, therefore the default should be to load third-party content without cookies. The problem is that some content is loaded without your having to click on something (where you'd have a chance to right-click and request loading with selected credentials).
Not necessarily: OAuth Basic Flow does not require third-party cookies. With Basic Flow, you'd get redirected to github.com, making it a first party request. Github will then redirect you back passing an authentication code as a URL parameter.
I use uMatrix for this purpose, and to block third-party frames to defend against clickjacking. That said, Multi-Account Containers still are very useful.
The main thing I notice break when I enable things like "no cross origin cookies" is history on the AWS console. Stuff like "roles you've switched to" and "services you've used recently" get forgotten.
> Why can’t my browser always send zero cookies for all third party requests in all tabs?
It can. Blocking third-party cookies is available in the browser settings of at least Firefox, Chrome, and Safari. I think it’s even on by default in the latter.
I’ve been using it for years and never seen a broken page as a result.
> I don't understand why the default behavior isn't to isolate every website from every other website? Why is least privacy the default?
Default privacy settings are tough to manage.
Some people want privacy, and will accept broken websites if it keeps their data and online movement private.
Other people just want their usual websites to work, don't understand or care to think about privacy, and if some random content farm looks busted in Firefox, will just switch to another browser.
Aside from picking a sensible default, Firefox also offers to educate users where it makes sense. For example, when you open a new private browsing window in Firefox, the tracking protection section includes a "See how it works" button that takes you to a tour-style walkthrough of how tracking protection works.
you can do that with the firefox Multi-Account containers extension. I don't go to that extreme, but its nice to have a few key profiles. I have work and personal, plus a few others (like banking).
What is really nice, is you can tell it to ALWAYS open your banks website in a particular container, and it will. If you go to that URL from a tab in your work profile, it will switch to the banking profile for you.
Can you elaborate? Is there some reason that running every Google property except google search (unless desired, but I prefer non-tailored results) in one container wouldn't work?
Yes please. Third party cookies and the like are the plague. They have so few legitimate use cases.
Make it a long deprecation if you have to. Give even longer exemptions to the really big players / the big breakage / the legitimate use cases while we find better ways. But it is up to the browser vendors to remove the weapons here.
I don't think OAuth requires third-party cookies, and SAML definitely does not. The authentication parts use HTTP POSTs or redirects from the IdP to SP. You probably do want cookies to track the sessions on each end, but those would be first-party.
It's possible for your IdP to track the SPs you authenticate to regardless of protocol or cookie use, of course.
My pleasure ... but it's not just my work. Firefox privacy & security and add-ons engineering teams have poured a ton of effort into Firefox Quantum to make features like this possible and easy.
This add-on's options include opening each (sub)domain in its own container. These containers are temporary: they're deleted a short time after you close their last tab, so you have to log back into each site on each visit. (This may be something you do anyway.)
I don't (yet?) know of an add-on that automatically assigns each domain you visit to its own permanent container, and automatically creates new containers for each new domain.
Multi-account containers are great. I just wish switching to one wasn't as jarring as the tab closing immediately after opening and then re-opening in the correct container - I'm assuming that's still how this extension works?
Of course, I can appreciate that such behaviour is technically far more challenging. It's merely as a user that it's disappointing, and it makes Temporary Containers [0] practically unusable.
I believe this is an issue with redirecting domains. For example, if you have set foo.com to automatically open in a specific container, and you enter www.foo.com into your default tabs, it will try to load www.foo.com in the default tab, then get redirected to foo.com, then realize it needs to be open in a specific container, then open a new tab in that specific container with foo.com.
A good workaround for this could be to let users add arbitrary domains to their container whitelists (so you could manually add www.foo.com), but I haven't found a way to do that yet.
Right, that's the way the described minor annoyance occurs: configure Amazon to open in the Shopping container, open a new tab, enter the Amazon URL and press Enter, then the tab closes and a new tab opens in the Shopping Container that visits the URL.
This is cute, but does little to address tracking via IP and basic behavioral sniffing. Facebook buys lots of third party datasets, including data from ISPs (actually, it is given to them).
Please design an iOS identity isolation UX for Mobile Safari, Apple Mail and third-party apps.
Currently we have to use several different iOS web browsers to achieve isolation of browser logins/cookies, but Apple Mail opens all links in Safari.
Ideally, there would be an OS enforced, per-app setting which defines which web browser (or Mobile Safari identity context) will be used to open a URL.
This article disappoints me because Mozilla seems to be spinning the current facebook disdain to sell their offerings rather than providing clarity/solutions on this issue.
Another nice thing to have, although Firefox already has extensions like Self-Destructing Cookies or Cookie Auto Delete to remove cookies as soon as the tab is closed. In which case, Facebook should have nothing to look at.
That would make sense if the abuse was between individual actors. Domestic violence victims can, in theory, defend themselves with weapons and legal means. This is (to really stretch the analogy) more "how to hide from drones" for targets of a giant, state-tolerated PMC.
People know that (facebook|their partner) is abusing them (privacy-wise|physically) and they choose to continue the relationship.
That's it. No one chooses a relationship with a drone, and to date Facebook haven't found a way to force people to create accounts and continue to use them, at gun-point.
I chose to stop the relationship. It probably still has all my information in a shadow account, and might be collecting SMS messages I exchange with people who maintain FB accounts. Facebook doesn't have to force people to do anything -- are you going to cut off contact with everyone you suspect might possibly have an account, to prevent them from creating a shadow account on you?
The topic is about a browser extension to block them tracking first party activity. That does literally nothing to solve the scenario you described.
It's also no coincidence that their SMS harvesting shenanigans are only possible on Android, the poster child for "fuck privacy I want free shit from a giant creepy company".
Sure, on some level there should be laws about privacy. But this is fucking America we're talking about - it's practically the third world when it comes to the state of basic protections for citizens.
Facebook tracks people who are not users. That has been a reason for lawsuits. I have taken measures to block Facebook trackers in many sites I visit.
So yes, Facebook (among other agents, like Google) is forcing me to follow a course of action that protects my family and myself from intensive data collection, and that many times breaks my browsing and interferes with my work. Forcing HTTPS, blocking cookies, revoking certificates, etc. and then reverting some special cases or creating exceptions on the fly for specific sites I cannot go without is kind of maddening.
Stalking isn't a relationship, but it does force victims to take action.
Well, I don't mean to compare those two very different situations, but that does happen with victims of domestic violence. Many times they choose to remain in the relationship, and out of fear and desperation, they hope things will change, and they rationalize that whatever is happening is partially their fault or not that serious. And many times that ends with the death of a domestic violence victim.
That's my point. Domestic violence shouldn't be equaled with Facebook's abuses. Causes, consequences, objectives and methods of entrapment are too much different.
I have experienced domestic violence first-hand and I cringed when I read the word "choose" when describing the situation.
An abuse victim cannot fail to notice when they receive a punch in the gut, unless they were already unconscious from a series of previous punches. Most FB users have no idea their data is sold down the river. From the ones who are iin the know, a significant majority just found out in the previous week or two.
Even in the techie community, who ought to have known better, the amount of people that have spend the last decade in denial is staggering. I'd bet dollars to dougnuts that the percentage of IT people that actually took steps to protect their privacy from social media and/or smartphone platforms is in the single digits.
I am willing to believe there are other professions that took this issue more seriously (lawyers and journalists come to mind), but only if said professions do face real world consequences when they fuck up. Even in those cases, I see no evidence that point of a single demography where what you claim is the norm rather than the exception (well, maybe NSA agents and organized crime types do care, but how would we know, anyways?).
With this extension, Facebook still knows that those non-Facebook links were clicked on because of the outgoing redirects they add to all URLs under the guise of 'safety'.
"Facebook Container leverages the Containers feature that is already built in to Firefox."
I appreciate this. I was aware Firefox already had a container system, but didn't want to employ the effort to set it up. A one-off for Facebook though, feels easy to work with.
Exactly! This addon has no new exciting tech. It's just specialized/preconfigured UX around an existing feature, and opportunity-grasping marketing after the recent Facebook privacy barfs.
I'm happy to recommend/install it to friends I install uBlock Origin for.
Does this extension work more or less like every URL you would open in a new incognito mode separate window? Or is there some other more sophisticated solution in the background?
Is there any way to make the standalone Messenger open in the FB Container? The way I see it, the two are intrinsically linked since using Messenger requires an FB login.
Edit: After playing around, this also breaks the back button. If anyone from Mozilla is here, I think it would be better if an FB page opened in a new tab while keeping the original open.
241 comments
[ 3.0 ms ] story [ 224 ms ] threadOr am I missing something?
Business world is not technical.
This extension isolates your Facebook login cookies while you're browsing on non-Facebook websites, hence making it harder for those tracking techniques to identify you.
Privacy Badger prevents the cookie being sent back to Facebook from these third party websites.
Why is this different from Privacy Badger? This allows you to segregate all facebook toxicity to a single container. This allows you to fully use facebook, and places like login via facebook, without exposing other things to facebook in the first place.
That said, this really doesn't address either the Cambridge situation, or the fact that Facebook themselves allowed the Obama campagin to pull demographic information in violation of their own polices, which was arguably impacted far more people (https://www.investors.com/politics/editorials/facebook-data-... && http://www.dailymail.co.uk/news/article-5520303/Obama-campai...). The only solution to that is to #DeleteFacebook. Facebook is a surveillance as a service provider. The only way to keep them from monetizing you for commercial, social or political reasons is to firewall them off.
You can also associate this with a VPN, if you want to deny them the IP address your home machine is using.
Fabulous!
This is one of the features that we've brought upstream from the Tor browser. Further reading at https://www.torproject.org/projects/torbrowser/design/#ident...
Neither of those citations say that what the Obama campaign did violated Facebook's policies.
The "But the Obama campaign did something similar!" is an argument based on false equivalence, used to muddy the conversation.
(Further, both of those citations - a right-leaning source[0] and a tabloid, respectively - are articles written about some tweets. Which is not to say that they're wrong, but without further confirmation, one might want to take them with a grain of salt.)
[0] The "You might like" links at the bottom are to the articles "Russia Scandal: Did Obama Tutor Hillary Clinton In Electoral Conspiracy 101?", "Will Mueller Ever Admit That There Was No Trump-Russia Collusion?", and "Hillary Clinton Still Can't Believe She Lost ... Or Why".
In fact, reading what the OFA admitted, and what is under investigation here, the only difference seems to be that Facebook didn't unofficially bless the efforts of Cambridge, while they did for OFA.
Here is the money quote - directly from Twitter:
“They came to office in the days following election recruiting & were very candid that they allowed us to do things they wouldn’t have allowed someone else to do because they were on our side"
That's not a conspiracy theory, or some evil double standard. That is a director for OFA explicitly mentioning that they were being given special data "because they were on our side".
You should be very very scared about social network deciding to be on peoples side. See Trump and Twitter.
It's as if the last two years hasn't convinced you to be deeply skeptical of social networks and surveillance as a service operations. This universal confirmation bias is the exact same bias that Trumpkins use to ignore any news they don't like. Facebook will keep selling you to the highest bidder. They don't give a fsck about your political point of views.
(And this is probably tame for what they do for China to suppress their people).
Somehow, I think after this, it is ( I hope ) unthinkable.
Zuck, Kamala Harris and Oprah are whetting their appetites.
https://en.m.wikipedia.org/wiki/Kamala_Harris
These are the type of people we feel are well qualified to run the most powerful, largest, and most expensive institution in human history?
Not exactly inexperienced.
So, she’ll have a couple fewer years in the Senate and a lot more in elected executive positions than Kennedy when he was elected President.
> These are the type of people we feel are well qualified to run the most powerful, largest, and most expensive institution in human history?
Harris isn't necessarily my first choice, but she's certainly qualified; Oprah and Zuck are unqualified, though less so than the current incumbent (which, admittedly, is a low bar to clear.)
He might be a great executive, but then, Donald Trump might be a great real estate developer, investor, and business man. Just a few factors aligning correctly and you can be successful, even if you aren't particularly skilled.
GHWB was founder/CEO of an oil company, Chairman of the Republican National Committee, Director of the CIA, and Vice President.
No, it doesn't. Between the two sources, they say that Facebook was "surprised" that they were able to get so much data, and that Facebook didn't stop them. The sources do not say that the Obama campaign violated Facebook's policies.
This is the false equivalence: "What the Obama campaign and Cambridge Analytica did to acquire data on tens of millions of Americans is the same."
In reality, Cambridge Analytica obtained the data from a 3rd party not authorized to provide it, and who collected the data under false pretenses.
The Obama campaign did neither.
EDIT: Here's The Washington Post. "Facebook’s rules for accessing user data lured more than just Cambridge Analytica" - https://www.washingtonpost.com/business/economy/facebooks-ru... :
Cambridge Analytica — unlike other firms that access Facebook’s user data — broke Facebook’s rules by obtaining the data under the pretense of academic use. But experts familiar with Facebook’s systems and policies say that the greater problem was that the rules for accessing the social network’s information trove were so loose in the first place.
The willingness to excuse Facebook selling your privacy because you agree with a political point of view is part of the problem.
It's becoming clear exactly what the cost of social surveillance is in our lives. This is just one of many significant problems with it.
There have always been jackasses willing to sacrifice morals (or rightness) in favor of power. Social networks just make it easier to ignore signals that should humanize power.
This isn't just a typical argument about a matter of opinion - identical and similar are two distinctly different words, but he will be simply unable to see the relevance of that to what he has written above. I've been on the internet a long time, and there have been flame wars and various disagreements since forever, but there is something very, very different happening with people's minds now.
EDIT:
Once again, immediate downvotes with no rebuttal. Shocking. And while this is frustrating, and a bit scary for the future that critical thinking is almost nowhere to be found, the childish partisanship combined with self-important delusions is an interesting insight into the psyche of young university educated Westerners.
> Neither of those citations say that what the Obama campaign did violated Facebook's policies.
> The "But the Obama campaign did something similar!" is an argument based on false equivalence, used to muddy the conversation.
e·quiv·a·lence
iˈkwivələns/
noun
noun: equivalence; plural noun: equivalences
sim·i·larˈsim(ə)lər/
adjective
adjective: similar
You're way out of civil and substantive territory with things like this. Please resist the temptation.
https://news.ycombinator.com/newsguidelines.html
Serious question. Would you deny that there has been a noticeable decline in objectivity of commentary in the last year? I can agree singling one person out could be considered harsh, but make an honest effort to ignore the perceived "rudeness", is the failure of basic logic not a little striking here? If the topic wasn't controversial, do you think a similar situation would arise?
I take what you say seriously, and kindly ask for the same consideration in return.
> Be civil. Don't say things you wouldn't say face-to-face. Don't be snarky. Comments should get more civil and substantive, not less, as a topic gets more divisive.
https://news.ycombinator.com/newsguidelines.html
And his brain isn't malfunctioning, it's just behaving the way the human brain works, the vast majority of people on HN are quite broadly knowledgeable, I highly doubt you're that ignorant of human psychology, more likely you don't care for my opinion.
Besides, read my edit above - whether it was accidental or deliberate, the person was being incredibly intellectually dishonest. It wasn't too long ago that that counted for something on this website. I suppose it still does, but what's new is that it is trumped by political correctness.
If you're going to bother with a reply, how about you address my "intellectually dishonest" charge?
Demonstrate how I am incorrect.
I would imagine your instinctual reaction is to disagree, I'm sure mine would be as well, but then ask yourself this: is it possible I have a point? We know this phenomenon is happening on other forums, are HN'ers really all that special, are we immune to the shortcomings the rest of humanity suffers from?
It's against the rules regardless of your politics or theirs.
https://news.ycombinator.com/newsguidelines.html
It's not lost on me that I am involved in these types of discussions more than average, but it seems that this will naturally occur to anyone who is in a substantial minority - after all, would we expect people to be highly motivated to reply to a comment with which they agree?
I don't involve myself in these discussions entirely because I enjoy it, I also do it because it's important. Disagreement and debate is important to a healthy democracy, and there is a decreasing amount of genuine honest debate in the world.
Also not that as usual, someone coincidentally came across my posts on an at least 2 day old thread and delivered my obligatory downvotes. No problem though I suppose.
If we trust The Daily Mail article:
Davidsen said that she felt the project was 'creepy' - 'even though we played by the rules, and didn't do anything I felt was ugly, with the data'
If we trust the IBD article:
The only difference, as far as we can discern, between the two campaigns' use of Facebook, is that in the case of Obama the users themselves agreed to share their data with the Obama campaign, as well as that of their friends.
The users that downloaded the Cambridge app, meanwhile, were only told that the information would be used for academic purposes. Nor was the data to be used for anything other than academic purposes.
It's an important distinction, to be sure, and Facebook is right to be attacked for its inability to control how its user data were being gathered and shopped around.
(Though it should be pointed out that it wasn't a Cambridge Analytica app, and Cambridge Analytica obtained the data from a 3rd party who wasn't authorized to provide it.)
After all, both campaigns (and most major US political campaigns) surely had embedded Facebook employee account managers helping them spend as much money as effectively as possible, while scrutinizing their account usage.
(Who, me, cynical?)
Seriously, being on the public side I can't tell the difference. Both cases involve (ab)use of user data from FB without the users' knowledge. Both are bad -- or neutral, if you're the sort of user that understands the implications of using Facebook at all. Indeed, I'm not even surprised by these incidents. If anything I'm surprised that anyone is. I'm not even surprised -though annoyed- by partisan attempts to make one side or the other look worse.
Please, let's stop pretending that Facebook's blessing makes one (ab)use of user data OK and the other not. If you object to a campaign's use of your data, why wouldn't you object to a campaign's use of someone else's data?
And yes, your data, when shared with FB, is FB's data. But do people even understand that? You and I do, but does your mom? Mine certainly does not.
> That said, this really doesn't address either the Cambridge situation, or the fact that Facebook themselves allowed the Obama campagin to pull demographic information in violation of their own polices...
The sentence is essentially "this doesn't address A, nor does it address B", which requires that A and B be different.
The tweets were from Obama's own Campaign Director, saying that OFA were allowed to violate FB's TOS in a way that others weren't.
> Neither of those citations say that what the Obama campaign did violated Facebook's policies.
The text you quoted does not claim that the Obama campaign violated FB's policies. It says that FB allowed the Obama campaign to do things that would -without FB's approval- have violated FB's policies.
https://www.npr.org/2018/03/25/596805347/how-does-cambridge-...
Relevant quotes from Betsy Hoover the Obama 2012 online organizing director:
"So the app that everyone's referring to in this moment was an app called Targeted Sharing. It was an app that we created on Facebook that fully followed Facebook's terms of service. And any individual could decide to use the app. When they clicked on the app, a screen would pop up that would say what data they're authorizing the app was giving us access to and exactly how we were going to use that data. And so at that time, it was totally legitimate on Facebook to say you're giving us access to your social network. You're giving us access to your friends on Facebook."
"...So, you know, we got your list of friends. And then we matched it to our model, our list of voters that we didn't build with Facebook data. We built with voter history and, you know, all of the other data points that Democratic campaigns use to build models. But we matched the data of your friends to that model and then reflected it back to the person who had authorized the app..."
Sounds very similar to Cambrdige Analytica imho. In addition I don't really think that exploring how deep the rabbit hole goes is deflection, rather showing how much more pervasive this practice is than people think.
>Facebook friends lists, tags and photos allowed Obama operatives to identify a person’s close friends, which they then matched with offline public records. (Was this person likely to vote for Obama, but unlikely to get out to vote?) They then told the app users which of their friends they should send campaign messages to.
http://www.politifact.com/truth-o-meter/statements/2018/mar/...
They seem pretty different. Not just in how the data was collected, but how it was then used.
The research into Facebook likes and personality and the manipulation of those psychological profiles, which CA based their entire operation on, didn’t even exist in 2008.
Comparing the two is absolutely a false equivalency.
And the CA scandal goes way beyond the Facebook stuff. The company is allegedly involved in various illegal and anti-democratic activities around the world. Are people really downplaying this simply because they support Trump and CA has a Trump connection?
The other difference is that based on what we know, the Trump campaign didn't actually have any interest in using the CA data in question. The head of their campaign has quite consistently said he thinks CA's psychographics was worthless nonsense, and I'm not aware of anyone finding evidence contradicting this. It's quite possible that, in fact, the 2012 Obama campaign was the only US presidential campaign that systematically gathered information on people's Facebook friends to feed their campaign machine.
So?
I can see why Facebook would care about that, because owning/selling/managing the data is their model.
But that doesn't matter to me a Facebook user when the end result is the same (my FB info provided to political campaign.)
The Daily Mail is a tabloid, and is so bad that it has been banned from being used as source in Wikipedia.
https://www.theguardian.com/technology/2017/feb/08/wikipedia...
I've quit FB, but the above might be enough to contain FB for those who can't/won't. I still do the above for any other privacy-hating aspirants.
You're gaining security the same way bike locks provide security. Anyone motivated could break it but you're hoping that enough people are easier targets that you're ignored.
This solution is good for you personally but it's not a fix.
I have though of spamming face book with a ton of likes and shares of things I am not actually interested in.
What are peoples opinions of that? It has the obvious problem that my friends might associate me with things I actually dislike.
https://mitpress.mit.edu/books/obfuscation
Full of obfuscation tactics like that.
Spamming likes and what not to disrupt your profile might be great for your own privacy but isn’t stopping them from monetizing you at all.
But Facebook is a private company, so they're allowed to do what they want regardless of whatever "policies" they set, so long as they remain within the law. If you don't like it, start your own Facebook!
(Due to Poe's law, I should note that I'm being sarcastic. Funny that this sentiment gets brought up all the time in discussions about YouTube, but not here...)
Just deactivated Facebook, and it's a wonderfully freeing sensation. I can always reactivate it if I really need to reach somebody who's only available on there, but that's unlikely at best.
You can do the same thing with Chrome profiles, Chrome Canary and Choosy. This multi-container thing (per OP, don't know if you are using the same one) appears to be FB only. So while it is effortless, it's reactionary and limited. The general solution is better and doesn't force you to a specific browser.
https://weblog.bulknews.net/mac-routing-links-to-chrome-prof...
Disclaimer: When I use google (search, gmail, etc) and facebook I use specific profiles for those activities. I use a default profile for everything else. So, I don't actually use the above solution myself.
I used to alternate between browsers for different uses but after the Pocket debacle I abandoned Firefox "for good". Since Quantum I haven't liked it anyway.
This Facebook extension is a reactionary Facebook-specific adaptation of that extension. But it is still useful for many users since it doesn't require any user interaction.
I think multi-account-containers is more convenient than profiles since it provides a single interface to manage the containers and browser settings are shared, but I am actually using profiles on Firefox because the extension doesn't seem to support the "Never remember history" browser option.
[1] https://github.com/mozilla/multi-account-containers and https://addons.mozilla.org/en-US/firefox/addon/multi-account...
How? Specifically the part where clicking a link inside the FB container that leads outside of FB opens outside the container?
AFAIK it's impossible, and that's why I stopped using the multi container stuff in Firefox.
It's such an obvious oversight. When they implemented "get into the container when clicking xyz.com" how come they never thought of "get out of the container when clicking something that's not xyz.com"?
https://techcrunch.com/2018/01/23/duckduckgo-adds-tracker-bl...
https://www.theregister.co.uk/2018/03/20/mozilla_firefox_tes...
2. The study is optional.
3. DNS over HTTPS is a net benefit to privacy.
[0] https://news.ycombinator.com/item?id=16653889
Why does not browsers (eh, Firefox) do this by default for every origin? 3rd party cookies would be broken I assume, but overall it would lead to less tracking across origins.
Liking and logging in with google should show a similar warning as an untrusted or malicious site and then send the cookies
This has a real limitation, which is that if you click an external link on your Facebook newsfeed, the new website will also be in the FB container. On the one hand, that keeps your FB-related browsing from "contaminating" your other web cookies. On the other hand, all the websites in that container get to link you to your FB account just like normal.
> If you click on a non-Facebook link or navigate to a non-Facebook website in the URL bar, these pages will load outside of the container.
Or am I misunderstanding?
The great thing is when you block all that, your internet is much faster.
An excellent guide: https://killtacknine.com/building-an-ubuntu-16-04-router-par...
Up for months, incredible speed, no maintenance, except to add new domains to block when they prove to be spyware. Twitter may be next on the list since it is of declining use to me.
I'll add that I'm by no means a linux whiz, but learned a lot by doing this project.
Biggest issue is explaining to guests why they can't access facebook.
Another bene is you no longer have the planned obsolescence of consumer grade equipment. I fully expect this thing to last a decade, and "firmware" is automatically updated via linux.
No surprises, the Omnia updates itself and reboots automatically (you get an email warning of you want to intervene) and everything 'just works'.
It can't compete with the total control you get with crafting specific firewall rules but it has most of the same effect while being a lot simpler to manage.
Everything down to the fonts you have installed can be used to track you
https://amiunique.org
This extension gives Firefox selective amnesia: if you're in a Facebook container tab, it'll remember and send those cookies. If you're not, it won't!
An alternative solution is to never make those third party requests in the first place, but you might need some of them for content you're actually interested in viewing. Using both a blocking extension and this container extension should improve your privacy towards Facebook.
Obviously this would need a white-list (and a pair<from,to> whitelist, not just "this domain is OK list) to allow SSO scenarios.
This will treat every first party domain as it's own container for cookies and other stuff.
Presumably the like button wouldn’t work - but that’s what I want. So the Q is: what will break that I didn’t want to break?
But there's a thing for Firefox which does it for all sites. Called First Party Isolation.
Sites that put a checkout flow hosted on a different hostname in a subframe break.
Some forms of "sign in with X" break.
It can. Blocking third-party cookies is available in the browser settings of at least Firefox, Chrome, and Safari. I think it’s even on by default in the latter.
I’ve been using it for years and never seen a broken page as a result.
Default privacy settings are tough to manage.
Some people want privacy, and will accept broken websites if it keeps their data and online movement private.
Other people just want their usual websites to work, don't understand or care to think about privacy, and if some random content farm looks busted in Firefox, will just switch to another browser.
Aside from picking a sensible default, Firefox also offers to educate users where it makes sense. For example, when you open a new private browsing window in Firefox, the tracking protection section includes a "See how it works" button that takes you to a tour-style walkthrough of how tracking protection works.
You can set Firefox to behave that way, though. Look for First Party Isolation.
What is really nice, is you can tell it to ALWAYS open your banks website in a particular container, and it will. If you go to that URL from a tab in your work profile, it will switch to the banking profile for you.
Basically, various privacy protections cause various kinds of website breakage.
https://blog.mozilla.org/data/2018/01/26/improving-privacy-w...
Make it a long deprecation if you have to. Give even longer exemptions to the really big players / the big breakage / the legitimate use cases while we find better ways. But it is up to the browser vendors to remove the weapons here.
It's possible for your IdP to track the SPs you authenticate to regardless of protocol or cookie use, of course.
There's an add-on that does something close to that:
https://addons.mozilla.org/en-US/firefox/addon/temporary-con...
This add-on's options include opening each (sub)domain in its own container. These containers are temporary: they're deleted a short time after you close their last tab, so you have to log back into each site on each visit. (This may be something you do anyway.)
I don't (yet?) know of an add-on that automatically assigns each domain you visit to its own permanent container, and automatically creates new containers for each new domain.
Of course, I can appreciate that such behaviour is technically far more challenging. It's merely as a user that it's disappointing, and it makes Temporary Containers [0] practically unusable.
[0] https://addons.mozilla.org/en-GB/firefox/addon/temporary-con...
A good workaround for this could be to let users add arbitrary domains to their container whitelists (so you could manually add www.foo.com), but I haven't found a way to do that yet.
Are they planning to fix it somehow?
We close the previous tab and cancel the webRequest before it's sent to the site so none of the default cookies are sent.
"Converting" a tab from one container to another is actually a bit complicated, and there are open issues for it. :/
Please design an iOS identity isolation UX for Mobile Safari, Apple Mail and third-party apps.
Currently we have to use several different iOS web browsers to achieve isolation of browser logins/cookies, but Apple Mail opens all links in Safari.
Ideally, there would be an OS enforced, per-app setting which defines which web browser (or Mobile Safari identity context) will be used to open a URL.
A URL clicked in Apple Mail will then open in a private tab.
This is the tech world's equivalent of a "how to take a punch" class for victims of domestic violence.
People know that (facebook|their partner) is abusing them (privacy-wise|physically) and they choose to continue the relationship.
That's it. No one chooses a relationship with a drone, and to date Facebook haven't found a way to force people to create accounts and continue to use them, at gun-point.
It's also no coincidence that their SMS harvesting shenanigans are only possible on Android, the poster child for "fuck privacy I want free shit from a giant creepy company".
Sure, on some level there should be laws about privacy. But this is fucking America we're talking about - it's practically the third world when it comes to the state of basic protections for citizens.
So yes, Facebook (among other agents, like Google) is forcing me to follow a course of action that protects my family and myself from intensive data collection, and that many times breaks my browsing and interferes with my work. Forcing HTTPS, blocking cookies, revoking certificates, etc. and then reverting some special cases or creating exceptions on the fly for specific sites I cannot go without is kind of maddening.
Stalking isn't a relationship, but it does force victims to take action.
Really bad comparison there.
I have experienced domestic violence first-hand and I cringed when I read the word "choose" when describing the situation.
An abuse victim cannot fail to notice when they receive a punch in the gut, unless they were already unconscious from a series of previous punches. Most FB users have no idea their data is sold down the river. From the ones who are iin the know, a significant majority just found out in the previous week or two.
Even in the techie community, who ought to have known better, the amount of people that have spend the last decade in denial is staggering. I'd bet dollars to dougnuts that the percentage of IT people that actually took steps to protect their privacy from social media and/or smartphone platforms is in the single digits.
I am willing to believe there are other professions that took this issue more seriously (lawyers and journalists come to mind), but only if said professions do face real world consequences when they fuck up. Even in those cases, I see no evidence that point of a single demography where what you claim is the norm rather than the exception (well, maybe NSA agents and organized crime types do care, but how would we know, anyways?).
You don't need a facebook account for them to know more about you than your parents do. They get data from many other sources.
Also, poor analogy.
https://www.washingtonpost.com/news/the-intersect/wp/2016/08...
http://adage.com/article/dataworks/mastercard-amex-feed-data...
https://www.propublica.org/article/facebook-doesnt-tell-user...
https://analytics.facebook.com/features/omni-channel
Does that suddenly make it okay to completely ignore ethics?
I appreciate this. I was aware Firefox already had a container system, but didn't want to employ the effort to set it up. A one-off for Facebook though, feels easy to work with.
I'm happy to recommend/install it to friends I install uBlock Origin for.
Great job Mozilla :) . More of this.
But the Facebook container retains your Facebook cookies (and therefore your login) after restarts.
Edit: After playing around, this also breaks the back button. If anyone from Mozilla is here, I think it would be better if an FB page opened in a new tab while keeping the original open.
We tried a few different UXs and none of them felt ideal. We have an open issue to add Messenger to the list of FB domains that are contained. https://github.com/mozilla/contain-facebook/issues/45