Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Mozilla Firefox Privacy The Internet

Mozilla Launches Facebook Container Add-on To Isolate Your Web Browsing Activity From Facebook (venturebeat.com) 112

Paul Sawers, writing for VentureBeat: On Tuesday, Mozilla announced a new tool it said will help keep Facebook from tracking your browsing across the web. The Facebook Container add-on for Firefox promises to make it "much harder" for Facebook to track you when you're not on its site. Mozilla has been working on the technology for several years already, accelerating its development in response to what it called a "growing demand for tools that help manage privacy and security," according to a statement issued by Mozilla today.

Most people are probably aware that data they directly give to Facebook -- such as "liking" a Page or updating their relationship status -- may be sold to advertisers. But fewer people know that Facebook can also track their activities on other websites that have integrated with aspects of Facebook's tracking technology, such as the pervasive "Like" button. And it's in this scenario that Mozilla is now hoping to play the good guy.

This discussion has been archived. No new comments can be posted.

Mozilla Launches Facebook Container Add-on To Isolate Your Web Browsing Activity From Facebook

Comments Filter:
  • by Anonymous Coward on Tuesday March 27, 2018 @09:58AM (#56333859)

    Comment.

    • Precisely, facebook can easily be blocked as it's just one or two domains, but what about the biggest privacy-breaching data-collector of them all [softpedia.com] - the serial tracker Google [slashdot.org]?!

      • What's the biggest privacy abusing data collector of them all? -- It's not Facebook or Google or Microsoft, etc.. It's your ISP. The only way you can stop them is to use a VPN but in the past they've even found ways to "tag" your encrypted packets so that they can identify them as you wherever you go and then sell that information to 3rd parties.
    • This is actually a better idea than you might think. For some people it's a coin toss between Chrome and Firefox, not being able to be tracked by Google may well be a decider for many, and I somewhat doubt that Chrome would support something like that out of the box.

  • Comment removed (Score:3, Interesting)

    by account_deleted ( 4530225 ) on Tuesday March 27, 2018 @10:01AM (#56333879)
    Comment removed based on user account deletion
  • Web is broken. (Score:5, Insightful)

    by LoRdTAW ( 99712 ) on Tuesday March 27, 2018 @10:13AM (#56333953)

    When a website can track you, it's no longer a website. I call that malware. Why did we let this happen again?

    • I don't know for sure, but I'm kinda certain it has something to do with getting something for free or videos of cute kittens.

    • by Anonymous Coward

      When a website can track you, it's no longer a website. I call that malware. Why did we let this happen again?

      It is not just the snoops, but the folks who allowed the browsers to report back pretty much everything. Fingerprinting, cookies, the works.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      I completely disagree. It's running on their computer, serving their interests. That's the essence of not-malware.

      If your browser, though, is serving them, then it is malware.

    • by Anonymous Coward

      And by they I mean the teeming unintellectual masses who we foolishly recruited into our international pool of former awesomeness.

      The worst thing to happen to the internet was the commercialization of it. While early on it gave people without government/corporate/school based access to it, it also started letting the sickness from outside in. Rather than merely a few griefers we got masses of hate, corporatism and authoritarian apologists all overpowering our collective voice, along with people too stupid t

  • OR... (Score:5, Insightful)

    by ceoyoyo ( 59147 ) on Tuesday March 27, 2018 @10:18AM (#56333999)

    Instead of picking on Facebook specifically, you could have a setting that refuses to load any off-site data, unless it's on a whitelist. Then make it the default. Problem solved.

    • This would break a lot of CDNs which use random-like hostnames.
      • by Luthair ( 847766 )
        It would, but I wonder how relevant that is today. Anecdotally it seems like most sites are building big blobs of Javascript instead of pulling in libraries.
        • As a concession to obstructing the execution of random code from unknown sites to slow the wholesale scraping of my browsing habits, I have execution blocked by default, and when I go to a site and find that it doesn't display right, I get to play JavaScript roulette, wading through a list that can show a dozen or more hosts completely unrelated to the site I'm viewing to find the one(s) that will make the content display correctly. The Gizmodo sites, for example, will sometimes require running a script fro

        • Comment removed based on user account deletion
      • Then I guess it's time they start working around that limitation.

    • by tomhath ( 637240 )

      Including third party cookies.

      But in the end I'm sure FB, Google, and others will find a way, because there's too much money in it.

      • by Luthair ( 847766 )

        Personally I already use social blockers and on the rare occasions I go log into Facebook I use a fresh private browsing instance. Mozillas cookie sandboxes could have a similar effect, though super cookies or other fingerprinting methods might be circumventing it.

      • There is the First Party Isolation [mozilla.org] plugin. Here is the description:

        "First Party Isolation, also known as Cross-Origin Identifier Unlinkability is a concept from the Tor Browser. The idea is to key every source of browser identification with the domain in the URL bar (the first party). This makes all access to identifiers distinct between usage in the website itself and through third-party. Think of it as blocking Third-party cookies, but more exhaustively." ...
    • Re:OR... (Score:4, Interesting)

      by rtkluttz ( 244325 ) on Tuesday March 27, 2018 @10:31AM (#56334089) Homepage

      And anonymise the browser by just having it say yes I have it to every plugin, font, etc. and then just report LOCAL errors to the owner that content may not work because a plugin was requested that isn't actually installed. Also remove any and all functionality that allows outbound data to be sent without a user interaction... i.e. disable mouse location sensing, disable live fields that send data in real time such as google instant. Disable search in the address bar and any number of other things that reduce security and privacy of the user.

    • Comment removed (Score:5, Interesting)

      by account_deleted ( 4530225 ) on Tuesday March 27, 2018 @10:36AM (#56334141)
      Comment removed based on user account deletion
      • But if it's on by default and users start to complain about sites not working, sites have to find a new way to deliver their content to browsers that don't just jump through their hoops.

        Hell, web designers made whole websites for IE6, this is a breeze compared to that bullshit!

      • by ceoyoyo ( 59147 )

        Websites would get fixed in a hurry if it was the default. Could be you'd need the three majors to all do it at the same time.

        Alternately, Firefox could provide a reasonable default whitelist and pop up a scary warning when a page makes a request from a third party. That seems to have worked out pretty well for https. If the default whitelist was well made people might not even notice. The ads would disappear, darn, and the tracking bugs and like buttons, but most of the content is either local or delive

        • Comment removed based on user account deletion
          • by ceoyoyo ( 59147 )

            Sounds like a good reason not to use Chrome, to be honest. If Firefox wanted to gain some marketshare and stand up for privacy, now would seem to be a great time to push this. Google wouldn't like it, but with everyone pissed at Facebook they're probably fairly desperate for the public not to be reminded that their business model is even more invasive than than FBs.

            Google might not even mind that much. Google's competitors all get their information from tracking people. If this got passed, Google might

          • That would be awesome but good luck getting Google on board with that. They're just as bad as Facebook when it comes to tracking and Chrome is the most used browser.

            Not only that, but there would also be pressure...either overt, covert, or a combination...by the US government and it's TLAs to not damage a significant part of their domestic and foreign surveillance programs.

            Strat

      • zzzz works for me.

    • Re:OR... (Score:5, Informative)

      by AmiMoJo ( 196126 ) on Tuesday March 27, 2018 @10:39AM (#56334159) Homepage Journal

      That's what Privacy Badger and uBlock are for.

      I read TFA and the Mozilla blog post and l still don't know exactly what their add-on does. It's not clear how it contains anything, or why I'd use it over Privacy Badger.

      Privacy Badger is great because it doesn't use whitelists. It looks for sites following you around the web, tracking you on multiple other sites, and blocks them. It generally doesn't break anything so I'm happy to install it on friend's and family member's computers.

      uBlock Origin is pretty great too, but for other people's computers I tend to only enable the basic ad-blocking to avoid breakage.

      • by Anonymous Coward

        Going by the name, I guess it's a specialization of their "multi-account containers" feature/extension* (which allows one to create isolated tabs/'sessions' with separate cookie jars/Session IDs/offline storage) set up to automagically create a container for facebook.com, making it a wee bit harder for fb to pin your online activity (on a separate/"default" container) to your fb account.

        *: The extension only adds an easy-to-use UI, the feature is baked in from FF 59.x (if not 58.x) and can be used via about

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Google has carefully preempted any attempts to limit third party sources in web pages. By practically mandating (lest you be ranked lower in Google Search Engine results pages) that sites offload all sorts of things to separate domains ("to minimize overhead for unnecessary cookie transmissions") and even third parties ("to leverage caching of script libraries which are constant across web sites"), Google has made sure that sites break if you prevent them from loading third party resources. Now you're suppo

      • Force them. There is a billion webpages out there delivering the same content this one is delivering. You don't play nice with my browser and its settings?

        NEXT!

  • by yuvcifjt ( 4161545 ) on Tuesday March 27, 2018 @10:24AM (#56334033)

    Forget one little domain like facebook which can easily be blocked, what about the biggest data collector and serial tracker Google [slashdot.org] which is almost impossible to block?!

    • by Opportunist ( 166417 ) on Tuesday March 27, 2018 @11:06AM (#56334401)

      I think it's time for a "tracking cookie mix and match" addon. Every time you start your browser, you get a new tracking cookie from a pool of participating people that originally belonged to someone else. After a couple minutes you return the cookie to the pool and get a new one from someone else, while yours goes to some other person.

      What this eventually does is invalidate and thus poison the cookie data. Unless Google finds a way to voluntarily eliminate these cookies from their data mining, their whole data pool is useless. Which is basically all we want. Either they have to throw the cookies away that they use to track us, or they have to throw all tracking cookies away.

      Either is fine by me.

      • by hawk ( 1151 )

        >I think it's time for a "tracking cookie mix and match" addon.

        welcome too the 90s :)

        junkbuster had options for this way back when. I'm not sure how well supported or complete it was, but these were in the configuration file in the mid 90s.

        hawk

        • Hmm. Apparently it didn't catch on, maybe if they had made it an automatic-on feature it would?

          • by hawk ( 1151 )

            I don't know that it ever got finished, but maybe it did. I also don't recall every seeing a cookie exchange site or server.

            It certainly would never have become automatic--over privacy concerns.

            hawk

  • I understand that Disconnect does this, but not just for Facebook. I had "Block third-party cookies" enable in my Chrome and draw.io thought I had Disconnect installed and gave me instructions on how to whitelist them so I can use Google Drive.

  • by Anonymous Coward

    I keep things separate by having many user accounts on my PC, using a last name:
    smith -- used for most websites that don't need logon info
    smith_g -- for google
    smith_fb -- for facebook
    smith_b -- banking
    smith_nf -- netflix
    smith_s -- secure login (clear brower cache before each use)
    smith_o -- outlook
    smith_y -- yahoo
    smith_e -- other email accounts

    • by mccrew ( 62494 )

      Sounds like you are serious, can't tell if you are being facetious.

      So if you want to browse to a different site, you switch logins to another user account? To each his own, I suppose. That would drive me nuts in no time fast.

      Of course you realize that the advertisers are not fooled, and can gather up and identify scattered requests all having the same IP address, with the same CPU ID, with the same set of fonts loaded, and many other uniquifying tricks like hidden <canvas> element renderings...

  • This is something they should have done about 8-10 years ago. FB has more than enough dirt.
  • Most people are probably aware that data they directly give to Facebook -- such as "liking" a Page or updating their relationship status -- may be sold to advertisers

    It's not sold to advertisers... Facebook is an advertiser. Don't allow this bullshit "Facebook only helps the advertisers" meme stand. Make Facebook own their shit.

    Also, they're never going to sell data on you, cause renting it is far more profitable.

  • This is perfect. Although I don't use FB at all (it's so toxic that I block all of their domains and networks at the firewall) ... there are other sites that I'd like to be able to run "in a sandbox". Yes, I can open a Private Browsing window (or Incognito in chrome's parlance) but it's definitely time to have browser sandboxes that can isolate sites from each other. The trackers have become too powerful and we all need to start resisting them.
    • You're essentially asking for Firefox's containers. They are included by default with the browser (just not enabled).

      Which incidentally is exactly what this add-on enables for you and uses for the facebook.com domain only (it creates a Facebook container for you).

      https://wiki.mozilla.org/Secur... [mozilla.org]

  • It's amazing how much effort people put into making a broken service usable. Just stop using Facebook.

    As for other web sites, just use the browser's privacy mode. It's a minor inconvenience since you lose your browser history, but it isn't worth it. If that really matters, just clear your cookies every day. Years ago, clearing your cookies every time you closed the browser, or every 24 hours, was an option in Firefox. It meant web sites worked but you had to login once a day. Seemed like a good compro

  • by VeryFluffyBunny ( 5037285 ) on Tuesday March 27, 2018 @12:19PM (#56334975)
    OK, Facebook sucks but then so do Google, Microsoft, Amazon, Apple, Oracle, etc.. We're supposed to believe that the internet is a revolutionary force for good and that it's making the world a better place. Yeah, right. Keep drinking the cool-aid https://youtu.be/4tLvzyb3_Uc?t... [youtu.be]
  • Add the following to your /etc/hosts file:
    0.0.0.0 connect.facebook.com
    0.0.0.0 static.ak.connect.facebook.com
    0.0.0.0 api.connect.facebook.com
    0.0.0.0 ssl.connect.facebook.com
    0.0.0.0 www.connect.facebook.com
    0.0.0.0 graph.facebook.com
    0.0.0.0 connect.facebook.net

  • I use Opera exclusively for FB and nothing else. That blocks tracking.

    • by Dwedit ( 232252 )

      No it doesn't. If you load any third-party content from FB's servers from the same IP address, they can tell.

  • What social media platform are people switching to in order to replace Facebook? I've already signed up for Mastodon. I just wish Facebook wasn't used as the default user authentication mechanism for so many websites -- 'net identity and social media should be completely separate functions. from separate providers that don't have a vested interest in your data.
  • Ridiculous, it shouldn't be that difficult.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (1) Gee, I wish we hadn't backed down on 'noalias'.

Working...