1. 83

  2. 16

    It’s great to see that this topic gets such a popular coverage in the WP. It’s one part to increase the mindshare within the developer community, another to increase it on the ‘consumer’ end.

    1. 2

      Consumers don’t care, though. They have said as much since the beginning.

      1. 4

        Most don’t. There’s a subset that do. I’ve also found you can get more on something if you put it in a way they understand with an easy solution. I’ve gotten a few people on Firefox that way. Social apps like Signal they mostly ignore. There’s potential to increase the niche with that kind of awareness.

        You’re right that don’t care is the default, though. The default that brings in the most money, too.

    2. 14

      Is there a mirror which actually complies with the GDPR (i.e makes it possible to opt out of their tracking)? I can’t read that article without clicking “I agree” to “We use cookies and other technologies to customize your experience, perform analytics and deliver personalized advertising on our sites, apps and newsletters and across the Internet based on your interests.”, which I’d rather not do.

      EDIT: I suppose outline.com is the answer: https://outline.com/FW9FzX

      1. 7

        Spoiler alert: when you click “I agree”, you get to the article, and the full page is covered with a popup: “We noticed you’re browsing in private mode.Private browsing is permitted exclusively for our subscribers.”

        1. 17

          Thanks to Firefox and one or more of its add-ons (possibly uBlock Origin and/or NoScript), I don’t see these annoyances.

          1. 20

            I don’t leave the terminal without sunscreen and uMatrix.

        2. 3

          It is ironic if you do not consent to unlimited tracking, you cannot read the article blaming Chrome for being a spy software (which it is)

        3. 10

          Great that it shows up on WP but on Lobste.rs it’s just preaching to the choir.

          1. 6

            After having read this article, I read a bit more about third-party cookie blocking, and I was reminded that cookies are not the only way to track internet users: localStorage, and cache tracking with HTTP ETag, also enable tracking.

            This led me to Safari which partitions cookies, cache and HTML 5 storage for all third-party domains. As far as I know, Firefox (and Chrome of course) don’t to that.

            It’s easy to check with the browser developer tools open:

            • Empty your cache.
            • Visit a website that uses a given font hosted on fonts.google.com.
            • You should see the HTTP request for the font in the network tab.
            • Then visit another website that uses the same font on fonts.google.com.
            • In Safari, you should see another HTTP request, because the cache is not shared.
            • In Chrome and Firefox, you’ll see the font is retrieved from the cache.

            Kudos to Apple for their work on the privacy features of Safari! I’d be happy to see Firefox put the same emphasis on this :-)

            1. 6

              Enable first party isolation in about:config (or download the web extension withtthe same name)

              1. 2

                To be honest, I do want resources such as fonts and javascript libraries to be cached across domains. Cookies, no.

                1. 1

                  You don’t. Because those libraries and fonts basically act as cookies.

                  1. 2

                    How so? If they are accessed at a common URL from a CDN, how could they be used to track a user across domains? Serious question, I am trying to understand the threat model.

                2. 2

                  Caching of reused assets accross domains is useful when accessing the internet over metered satelight link. Where every byte counts and latency is often in the seconds.

                3. 8

                  Funny how there are at least 32 trackers on this article.

                  1. 2

                    It always was. Everything you typed into the search bar got sent to google, no matter what.

                    1. 2

                      Could comments about Washington Post’s usability please be removed? It muddies the discussion of the content.

                      1. 2

                        (I dislike Google as much as the next guy, but) This doesn’t seem like an entirely fair article. The issues it raises seem more to do with cookies and browser settings than Google vs. Mozilla. I grant that there may be a difference in default settings between Chrome and newer Firefox, but both seem capable of blocking or exposing you, depending on the settings and extensions you use.

                        1. 9

                          The thing is that firefox has sane default, moreover firefox embed a tracker list which allow a full working web with a lot less tracking

                          1. 3

                            Maybe it’s different now, but firefox used to enable telemetry, Pocket, and ‘safe URL checking’ (by sending it to google lol) by default. I wouldn’t call those ‘sane defaults’.

                            1. 4

                              I see people complaining about telemetry but has anyone checked what it actually sends?

                              I’m totally fine with uploading what functions run in my browser and how well it performs.

                              I’m less happy if it turns out anyone is stashing away my browsing history for their own use which is one reason why I stay away from Chrome (the primary reason however has always been that it was too limited.)

                              1. 3

                                …has anyone checked what it actually sends?

                                See for yourself: type about:telemetry into the URL bar and poke around.

                                1. 1

                                  Just did that but couldn’t find any refererence to uploading browsing history, but I only spent three minutes or so.

                                2. 2

                                  The point isn’t about what amount of telemetry you find acceptable, but that they phone home with any telemetry by default without user permission to do so.

                                  1. 2

                                    Can’t remember the specifics about Firefox (I installed it on autopilot last time it seems), but for VS Code, - another tool I use that also regularily get flak for telemetry - the instructions about telemetry stands out when you first open it and removing it is a simple 30 seconds task that consists of following the linked instructions and then restart of the editor.

                                    I’d say that if people don’t remove it then that is clear acceptance. As for Firefox I have issues with Mozilla as well like:

                                    • when they scared me by installing that robot extension
                                    • not informing me up front about Normandy and hiding it in the settings
                                    • destroying the old extension API before the new one was ready
                                    • etc

                                    But sending performance data is ok with me (but I realize I’ll have to verify that and only that is what they actually send.)

                                3. 2

                                  Actually url checking to google is only when local bloom filter match, so a very small subset of private addresses,

                                  Pocket is mozilla

                                  Telemetry is also mozilla and supposed to not hold private info.

                                  Idealist always want something perfect but not used by common people. Even if firefox is not perfect, it is a lot more private than chrome.

                                  Actually the most private offensive thing of firefox is that it default search to Google including anything inputed in the address bar. But once more there is no really alternative for common people.

                              2. 9

                                It has to do more with the incentives of the companies involved. Google is always going to err on the side of their customers, so surveillance will always be baked into Chrome. You might as well ask an oil company to oppose extractive resource exhaustion.

                              3. 1

                                I switched to Brave browser a week ago, so far no regrets. Pretty impressed by how much control I gained back.

                                1. 1

                                  On desktop, I browse using Chrome with third-party cookies disabled, and the web works fine. I just found out that Chrome on iOS doesn’t have that setting :(. Pretty sure it used to…

                                  1. 0

                                    I will switch to Firefox as soon as Workona creates an addon for it, similar to the one that they have for Chrome.For whoever doesn’t know it yet, this is an awesome productivity tool, which changes the way you use the browser.