32 comments

[ 2.3 ms ] story [ 68.6 ms ] thread
Kind of ironic to click the link only to be presented with a cookie popup that defaults to all tracking enabled.
It also detects Firefox's Private Browsing and tells me that reading in Private Browsing is a privilege for paying subscribers.
How does it do that? Mozilla spends a great deal of effort to make sure this type of fingerprinting isn’t possible.
There is a lot more money on the other side of that arms race.
indexedDB is the short answer. Whilst Mozilla has made efforts to make it harder, there is still a bunch of things that don't work the same way in private mode, which can provide a best guess as to whether you're in private mode.

indexedDB isn't implemented in Firefox's private mode. [0]

So if you can guess that it is Firefox, and can't use indexedDB, then you can guess that you're in private mode.

[0] https://bugzilla.mozilla.org/show_bug.cgi?id=1639542

Does Chromium do the same thing? The page is able to detect incognito mode in Chromium Edge. The page even uses the browser-specific terminology, private mode for Firefox, incognito mode for Chromium Edge.
No, indexedDB not working is a Firefox-specific thing.

But there are other differences you can look for under Chrome, the simplest of which is that navigator.storage is smaller whilst incognito mode is active.

And under Safari you can just check if localStorage actually stores things.

The lack of fingerprinting information is, in itself, a data point.
That wouldn't be able to distinguish between Private Browsing and having just cleared out browser data, though.
There are features like IndexedDB that are disabled in private browsing but not in a clean install
> It also detects Firefox's Private Browsing and tells me that reading in Private Browsing is a privilege for paying subscribers.

Wait, so if I don't want to be tracked, their solution is to sign in to an account which is tied to my meatspace name and credit card?

I think it nicely shows the independence of the newsrooms, in that they report on matters of online privacy like any other topic, even though it is close to the financial interests of their publisher, who stands to lose from any increase of privacy requirements.
Even rejecting all cookies results in you receiving 18 cookies. They're presumably all unrelated to tracking, but it's still not exactly a good experience.
Are they perm cookies?

Session cookies AFAIK are allowed under the US and EU privacy regs and are necessary for some sites to function, for better or worse.

Looks like about 80% are longer than the session and about half are 1-2 years. If you need 18 cookies for your site to even function, you're doing something wrong IMO.
I use a combination of uMatrix and bypass-paywalls-chrome from iamadamdev on Github to bypass that.
For people who consider supporting Schrems with a (small) donation: https://support.noyb.eu/join

I don't often donate, but i feel like this is a very good cause; I'm often frustrated by the privacy abuse of big tech, yet at the same time i can't stop using its products because there are no proper alternatives (i believe it's called "oligopoly"...)

So, this way i hope to help support restoring the balance, even if it's just a small donation.

I'm confused with this particular cause, though. It is known that "in the beginning" of 2021 Apple will make IDFA enabled on a per app basis after explicit user consent. This was working in beta version of iOS 14 this summer and caused huge pushback mainly from Facebook.

So, this is what Schrems is after, but it will happen with or without their action.

I'm not sure about the details, but i imagine something like this;

If Apple breaks the rules by placing "cookies" without user consent/knowledge, they may need to be fined.

Whether they may or may not stop abusing the rules in the future, is a secondary issue.

This is just a mirror suit of Schrems Google ID tracking suit: https://noyb.eu/en/complaint-filed-against-google-tracking-i...

That's already in progress and in this case it's pretty much about the exact same practice on Apple platforms.

(Also please note how iOS 14 has a separate switch for Apple Ads tracking identifier which is ON by default.)

They don't consider those improvements sufficient. See section titled "Insufficient “improvement” on third-party access.": https://noyb.eu/en/noyb-files-complaints-against-apples-trac...

They argue that with the planned changes, Apple still creates a IDFA, and while it will allow users to restrict other apps from using it, Apple itself still can. Additionally they want users to be able to have no IDFA at all.

I have seen a lot of bad press about Apple these past days, and now I wonder if they are somehow targeted.

Because of all the privacy abusing big tech companies they don't seem the worse to me.

And before someone call me a fanboy, I don't own even one Apple device.

This is press, and seems accurate.

There have been a bunch of opinion blog posts recently. Some of them are clearly ideological attack pieces, but I don’t see any coordination. Apple had a real outage that caused a real problem.

Also, the people posting the attack pieces or echoing their points all seem like regular contributors and don’t look like bots or throwaway accounts.

This article doesn't really take iOS14 changes into account. It's unclear to me if the lawsuit will be germane after they take effect
This is kind of an odd lawsuit.

Apple has been working for years to reduce and ultimately give the user opt-in control of the exact tracking that they have been targeted for here.

They already have the code in place to do this, and the only reason it isn’t this way now is pushback and a campaign by Facebook that it might be anticompetitive for them to use their power over the operating system to limit the ad industry this way.

The lawsuit seem like a good thing, because tracking should be opt in, but also because a legal precedent would indemnify Apple against this being held against them in an antitrust investigation.

> They already have the code in place to do this, and the only reason it isn’t this way now is pushback and a campaign by Facebook that it might be anticompetitive for them to use their power over the operating system to limit the ad industry this way.

I think you forgot that the user owns the computer and gets to decide what code runs. Not facebook, the ad industry or apple.

(comment deleted)
The user just buys a computer and buys or install an OS on it (or gets on with an OS pre-installed).

They do get their pick of OS, but they don't get to decide what the OS allows, beyond what's available as a configuration.

They can tinker with the OS settings (where available) or even code if they have it, but most users don't have the knowledge or time to do so, even if their OS of choice is FOSS.

There is no modern computer for which this is true.

It is an ideological denial of computer science.

Nobody decides for themselves what code runs on their computer beyond the tiny fraction for which they understand the source code.

They only decide where the code comes from, and to what extent they trust the origin.

Apple provides the IDFA specifically so that advertisers wouldn’t use the hardware identifiers that couldn’t be changed at all.

This lawsuit is specifically targeting a pro-privacy feature.

you cant use 5 seconds of any music without permission but the internet is trying to sell my long dead mum underware multiple times per day.

i cant wait for this industry to be abolished. right now is better than next week.