1. 33
  1. 2

    Facebook Container prevents Facebook from tracking you around the web - Facebook logins, likes, and comments are automatically blocked on non-Facebook sites. But when we need an exception, you can now create one by adding custom sites to the Facebook Container.

    Interesting that they surface this as a top-level new feature of Firefox, when as far as I can tell it’s an add-on that a new user would have to manually install and enable first. I’m also curious what additional protection this offers that couldn’t be implemented in the base container add-on that was already available. Is Facebook specifically doing things to break normal Firefox containers that have to be mitigated here?

    1. 7

      What I don’t understand is why they don’t have a Google Container. It’s more likely that Google will track you through Analytics, AdWords, Tag Manager, etc without you noticing than Facebook doing the same.

      1. 14

        What I don’t understand is why they don’t have a Google Container.

        They get a lot of money from Google.

        1. 6

          Also, a lot of sites break when you block Google scripts :(.

          1. 4

            This is a big pet peeve of mine. It’s ridiculous how many sites are too lazy (or cheap, I guess) to host their own Javascript.

            A nice extension (or uBlock/uMatrix feature) would be redirecting all of the googleapis.com URLs to localhost or some other server.

            1. 4

              I think this is what decentraleyes does: https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/

              1. 1

                This isn’t about hosting their own JavaScript. Pretty often, it’s business-logic trackers (e.g. “user clicked the buy button” that crash the JS program if they fail, because no one expects them to).

                1. 2

                  because no one expects them to).

                  Decent programmers everywhere do. I don’t, though.

                2. 1

                  Hosting JS, fonts, etc. from CDNs improves the chance that they’ll be cached since other sites use the same CDN URLs for those resources.

                  1. 5

                    Chrome and Firefox will soon partition the cache by the origin of the top-level document to prevent timing leaks. Safari already does.

                    1. 2

                      Most sites are so big it’s kind of silly to worry about a few kilobytes of Javascript, isn’t it?

                  2. 2

                    This isn’t blocking google scripts though - it’s using a separate set of cookies/state for pages that are google-first-party vs the rest of the web.

                  3. 1

                    I made my own container to hold my Google stuff.

                  4. 1

                    At a guess, it’s the usual story: They expect too many complaints about breaking behaviour the users consider normal and desirable. Remember that new features can’t break too much existing usage, or else users switch to another browser.

                    If Firefox were to break every site with a recaptcha, users would complain a lot. Breaking like buttons isn’t as serious… I think.

                  5. 3

                    I just started using Firefox again on Linux, and I got prompted to enable Facebook Container by the browser itself, even from a completely new profile, so it seems that they’ve integrated the installation and enabling into the workflow itself.

                    1. 3

                      Facebook is known to build shadow profiles around users that are not on Facebook.

                      1. 5

                        Is this materially different than the profile Google builds when visiting sites with ads or analytics?

                        1. 7

                          Yes. Facebook apparently connects them to their social graph like normal profiles. So they don’t only track your individual travel, but also your personal connections.

                          1. 7

                            I looked through what Google had on me once. It was enough to send me targeted ads, but it was nothing compared to what it could have been if, for example, Google were to trawl the entire gmail archives for mentions of my name.

                            Facebook is different. You may have seen the “upload contacts” feature? Facebook will read all of your email and store the email addresses. If I send you and someone else email, and you “upload your contacts”, Facebook is said to store not just my email address, but also the relationship between me and that someone else. Sleazy.