Mozilla Launches Facebook Container Add-on To Isolate Your Web Browsing Activity From Facebook (venturebeat.com) 112
Paul Sawers, writing for VentureBeat: On Tuesday, Mozilla announced a new tool it said will help keep Facebook from tracking your browsing across the web. The Facebook Container add-on for Firefox promises to make it "much harder" for Facebook to track you when you're not on its site. Mozilla has been working on the technology for several years already, accelerating its development in response to what it called a "growing demand for tools that help manage privacy and security," according to a statement issued by Mozilla today.
Most people are probably aware that data they directly give to Facebook -- such as "liking" a Page or updating their relationship status -- may be sold to advertisers. But fewer people know that Facebook can also track their activities on other websites that have integrated with aspects of Facebook's tracking technology, such as the pervasive "Like" button. And it's in this scenario that Mozilla is now hoping to play the good guy.
Most people are probably aware that data they directly give to Facebook -- such as "liking" a Page or updating their relationship status -- may be sold to advertisers. But fewer people know that Facebook can also track their activities on other websites that have integrated with aspects of Facebook's tracking technology, such as the pervasive "Like" button. And it's in this scenario that Mozilla is now hoping to play the good guy.
Great! Now add a Google container and we're set (Score:5, Insightful)
Comment.
Re: (Score:2)
Precisely, facebook can easily be blocked as it's just one or two domains, but what about the biggest privacy-breaching data-collector of them all [softpedia.com] - the serial tracker Google [slashdot.org]?!
Re: (Score:3)
Re: (Score:2)
[Citation Needed]
Please tell me what these tags look like. Where do they fit in the network stack?
Re: (Score:1)
Google tried to enable the election of a homicidal maniac. Fortunately, they failed.
Re: (Score:2)
As far as I know, Google hasn't enabled the election of a moron to president like Facebook has. Everything else, I can forgive.
Well, it's a good job Facebook failed and that America elected its current stable genius. Yes, he's doing a lot of harm but that the world (and by "the world" I mean "Murica" because that's all there is, right?) hasn't ended already is testament to how little actual power POTUS' have.
Re:You have to draw the line somewhere. (Score:4, Informative)
That would be Obama in 2012. His team used FB similar to Trump's team but it was called a genius move.
And FB was in the pocket of Hillary's team [wp.com]
Re:You have to draw the line somewhere. (Score:4, Informative)
Re: (Score:2)
This is actually a better idea than you might think. For some people it's a coin toss between Chrome and Firefox, not being able to be tracked by Google may well be a decider for many, and I somewhat doubt that Chrome would support something like that out of the box.
Re: (Score:3)
No, Windows 10 bypasses the "kernel level" hosts file.
And mozilla may also plan to perhaps bypass the local dns resolver [theregister.co.uk] in favour of "Trusted Recursive Resolver".
APK: if you can invent an app to block domains/ip's at the router level for virtually any router on the market, then that would be something special and worth all your advertising time in comments! ;)
Comment removed (Score:3, Interesting)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Why would you use nightlies? I can't think of a single reason why I would want to do that apart from specifically needing to test a plugin against the latest code.
Re: (Score:2)
Thinking it's just Facebook, and that you'll be safe by avoiding Facebook, is a bigger mistake than using Facebook.
Re: (Score:1)
Really? Tell us more, Mr. Zuckerberg.
Re: (Score:2)
Thinking it's just Facebook, and that you'll be safe by avoiding Facebook, is a bigger mistake than using Facebook.
I don't think they claimed it was just Facebook. Facebook is a well known and ubiquitous offender. Knock 'em out one at a time. I bet it would be relatively easy to convert this Facebook container into a Google container, and whatever kind of container you wanted.
Re:This Facebook news is not new. (Score:5, Insightful)
It's not only Facebook. But you should start somewhere. Al Capone also wasn't the only crook in Chicago, but it's sensible to start with the biggest criminal.
Re: (Score:1)
Re: (Score:1)
Why does everything have to be about the annoying orange? It may surprise you, but most of the planet doesn't really revolve around that goofball.
Not new to you (Score:2)
This isn't new coming from Facebook. This has happened many times before. Why is everyone scrambling to try and fix something that can't be fixed.
Sure it can. We can collectively make Facebook irrelevant/unprofitable. Ask MySpace what that looks like. Facebook will be a tough out but they aren't invincible. Facebook seems determined to explore where the line for "too far" actually lies. For me it is way behind them. Others have different opinions but everyone has a limit. Sure this new revelation isn't exactly shocking to many of us but to many people it is actually surprising. Don't overestimate how much attention people pay to corporate she
Re: (Score:2)
The problem is that we may have known for a long time what kind of data mill FB is, but you would be surprised to how many this was anything but obvious. Yes, they collect data, people know that, but most people think the only data FB collects (and can collect) is the data you hand over freely. And even that isn't really present for most people using it. "I have nothing to hide" is still in many peoples' heads.
This might well be an eye opener to some people who get to see just HOW deep the rabbit hole goes.
Web is broken. (Score:5, Insightful)
When a website can track you, it's no longer a website. I call that malware. Why did we let this happen again?
Re: (Score:3)
I don't know for sure, but I'm kinda certain it has something to do with getting something for free or videos of cute kittens.
Re: (Score:1)
When a website can track you, it's no longer a website. I call that malware. Why did we let this happen again?
It is not just the snoops, but the folks who allowed the browsers to report back pretty much everything. Fingerprinting, cookies, the works.
Re: (Score:2, Insightful)
I completely disagree. It's running on their computer, serving their interests. That's the essence of not-malware.
If your browser, though, is serving them, then it is malware.
WE didn't, THEY did. (Score:1)
And by they I mean the teeming unintellectual masses who we foolishly recruited into our international pool of former awesomeness.
The worst thing to happen to the internet was the commercialization of it. While early on it gave people without government/corporate/school based access to it, it also started letting the sickness from outside in. Rather than merely a few griefers we got masses of hate, corporatism and authoritarian apologists all overpowering our collective voice, along with people too stupid t
OR... (Score:5, Insightful)
Instead of picking on Facebook specifically, you could have a setting that refuses to load any off-site data, unless it's on a whitelist. Then make it the default. Problem solved.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
As a concession to obstructing the execution of random code from unknown sites to slow the wholesale scraping of my browsing habits, I have execution blocked by default, and when I go to a site and find that it doesn't display right, I get to play JavaScript roulette, wading through a list that can show a dozen or more hosts completely unrelated to the site I'm viewing to find the one(s) that will make the content display correctly. The Gizmodo sites, for example, will sometimes require running a script fro
Re: (Score:2)
Re: (Score:2)
Then I guess it's time they start working around that limitation.
Re: (Score:2)
Including third party cookies.
But in the end I'm sure FB, Google, and others will find a way, because there's too much money in it.
Re: (Score:2)
Personally I already use social blockers and on the rare occasions I go log into Facebook I use a fresh private browsing instance. Mozillas cookie sandboxes could have a similar effect, though super cookies or other fingerprinting methods might be circumventing it.
Re: (Score:2)
"First Party Isolation, also known as Cross-Origin Identifier Unlinkability is a concept from the Tor Browser. The idea is to key every source of browser identification with the domain in the URL bar (the first party). This makes all access to identifiers distinct between usage in the website itself and through third-party. Think of it as blocking Third-party cookies, but more exhaustively."
Re:OR... (Score:4, Interesting)
And anonymise the browser by just having it say yes I have it to every plugin, font, etc. and then just report LOCAL errors to the owner that content may not work because a plugin was requested that isn't actually installed. Also remove any and all functionality that allows outbound data to be sent without a user interaction... i.e. disable mouse location sensing, disable live fields that send data in real time such as google instant. Disable search in the address bar and any number of other things that reduce security and privacy of the user.
Comment removed (Score:5, Interesting)
Re: (Score:2)
But if it's on by default and users start to complain about sites not working, sites have to find a new way to deliver their content to browsers that don't just jump through their hoops.
Hell, web designers made whole websites for IE6, this is a breeze compared to that bullshit!
Re: (Score:3)
Websites would get fixed in a hurry if it was the default. Could be you'd need the three majors to all do it at the same time.
Alternately, Firefox could provide a reasonable default whitelist and pop up a scary warning when a page makes a request from a third party. That seems to have worked out pretty well for https. If the default whitelist was well made people might not even notice. The ads would disappear, darn, and the tracking bugs and like buttons, but most of the content is either local or delive
Re: (Score:2)
Re: (Score:2)
Sounds like a good reason not to use Chrome, to be honest. If Firefox wanted to gain some marketshare and stand up for privacy, now would seem to be a great time to push this. Google wouldn't like it, but with everyone pissed at Facebook they're probably fairly desperate for the public not to be reminded that their business model is even more invasive than than FBs.
Google might not even mind that much. Google's competitors all get their information from tracking people. If this got passed, Google might
Re: (Score:2)
That would be awesome but good luck getting Google on board with that. They're just as bad as Facebook when it comes to tracking and Chrome is the most used browser.
Not only that, but there would also be pressure...either overt, covert, or a combination...by the US government and it's TLAs to not damage a significant part of their domestic and foreign surveillance programs.
Strat
Re: (Score:2)
zzzz works for me.
Re:OR... (Score:5, Informative)
That's what Privacy Badger and uBlock are for.
I read TFA and the Mozilla blog post and l still don't know exactly what their add-on does. It's not clear how it contains anything, or why I'd use it over Privacy Badger.
Privacy Badger is great because it doesn't use whitelists. It looks for sites following you around the web, tracking you on multiple other sites, and blocks them. It generally doesn't break anything so I'm happy to install it on friend's and family member's computers.
uBlock Origin is pretty great too, but for other people's computers I tend to only enable the basic ad-blocking to avoid breakage.
Re: (Score:1)
Going by the name, I guess it's a specialization of their "multi-account containers" feature/extension* (which allows one to create isolated tabs/'sessions' with separate cookie jars/Session IDs/offline storage) set up to automagically create a container for facebook.com, making it a wee bit harder for fb to pin your online activity (on a separate/"default" container) to your fb account.
*: The extension only adds an easy-to-use UI, the feature is baked in from FF 59.x (if not 58.x) and can be used via about
Re: (Score:2, Interesting)
Google has carefully preempted any attempts to limit third party sources in web pages. By practically mandating (lest you be ranked lower in Google Search Engine results pages) that sites offload all sorts of things to separate domains ("to minimize overhead for unnecessary cookie transmissions") and even third parties ("to leverage caching of script libraries which are constant across web sites"), Google has made sure that sites break if you prevent them from loading third party resources. Now you're suppo
Re: (Score:2)
Force them. There is a billion webpages out there delivering the same content this one is delivering. You don't play nice with my browser and its settings?
NEXT!
What about Google?! (Score:3)
Forget one little domain like facebook which can easily be blocked, what about the biggest data collector and serial tracker Google [slashdot.org] which is almost impossible to block?!
Re: (Score:2)
Because Google has a hand in virtually all aspects of the web.
Anytime you send mail, it's very likely one of your recipients is using Google Mail, including companies, or your mail travels through their exchange. Otherwise, one of their dns resolvers might have a hand in your traffic.
And if not, then either your browser (Chrome) or your phone (Android) will keep phoning home and reporting personal data, location, and pics to Google.
And even if that doesn't get you, then generally browsing any site on the we
Re:What about Google?! (Score:5, Interesting)
I think it's time for a "tracking cookie mix and match" addon. Every time you start your browser, you get a new tracking cookie from a pool of participating people that originally belonged to someone else. After a couple minutes you return the cookie to the pool and get a new one from someone else, while yours goes to some other person.
What this eventually does is invalidate and thus poison the cookie data. Unless Google finds a way to voluntarily eliminate these cookies from their data mining, their whole data pool is useless. Which is basically all we want. Either they have to throw the cookies away that they use to track us, or they have to throw all tracking cookies away.
Either is fine by me.
Re: (Score:2)
>I think it's time for a "tracking cookie mix and match" addon.
welcome too the 90s :)
junkbuster had options for this way back when. I'm not sure how well supported or complete it was, but these were in the configuration file in the mid 90s.
hawk
Re: (Score:2)
Hmm. Apparently it didn't catch on, maybe if they had made it an automatic-on feature it would?
Re: (Score:2)
I don't know that it ever got finished, but maybe it did. I also don't recall every seeing a cookie exchange site or server.
It certainly would never have become automatic--over privacy concerns.
hawk
Re: (Score:2)
Because it was a hassle. Since this would be fully automatic with you having to do nothing (after installing it once), it's way more convenient.
Disconnect (Score:2)
I understand that Disconnect does this, but not just for Facebook. I had "Block third-party cookies" enable in my Chrome and draw.io thought I had Disconnect installed and gave me instructions on how to whitelist them so I can use Google Drive.
I keep websites separated a little by... (Score:1)
I keep things separate by having many user accounts on my PC, using a last name:
smith -- used for most websites that don't need logon info
smith_g -- for google
smith_fb -- for facebook
smith_b -- banking
smith_nf -- netflix
smith_s -- secure login (clear brower cache before each use)
smith_o -- outlook
smith_y -- yahoo
smith_e -- other email accounts
Re: (Score:2)
Sounds like you are serious, can't tell if you are being facetious.
So if you want to browse to a different site, you switch logins to another user account? To each his own, I suppose. That would drive me nuts in no time fast.
Of course you realize that the advertisers are not fooled, and can gather up and identify scattered requests all having the same IP address, with the same CPU ID, with the same set of fonts loaded, and many other uniquifying tricks like hidden <canvas> element renderings...
Re: (Score:2)
What's needed is a general solution that lets me stay logged in (to any site that's not stuck in the retarded 90s with login timeouts and "use our mobile app just to stay logged in" nonsense), but reduces the power of cookies irrevocably and understandably, across the board, not with some manually-maintained whitelist pushed down by a central party that can sell off corruptions to the whitelist as a revenue model like AdBlock.
There is something like that [wikipedia.org]. But nobody really uses it.
Too little too late (Score:2)
FFS (Score:2)
It's not sold to advertisers... Facebook is an advertiser. Don't allow this bullshit "Facebook only helps the advertisers" meme stand. Make Facebook own their shit.
Also, they're never going to sell data on you, cause renting it is far more profitable.
This is perfect; now do it for "any" site. (Score:3)
Re: (Score:2)
You're essentially asking for Firefox's containers. They are included by default with the browser (just not enabled).
Which incidentally is exactly what this add-on enables for you and uses for the facebook.com domain only (it creates a Facebook container for you).
https://wiki.mozilla.org/Secur... [mozilla.org]
Just use Privacy Mode / Incognito mode / whatever (Score:2)
It's amazing how much effort people put into making a broken service usable. Just stop using Facebook.
As for other web sites, just use the browser's privacy mode. It's a minor inconvenience since you lose your browser history, but it isn't worth it. If that really matters, just clear your cookies every day. Years ago, clearing your cookies every time you closed the browser, or every 24 hours, was an option in Firefox. It meant web sites worked but you had to login once a day. Seemed like a good compro
Re: (Score:2)
Oh good, thanks. The 24-hours option was my favorite, since I didn't have to close the browser every day, and if I closed it in the middle of the day I didn't have to log back in. But that option might have been in Netscape but never in Firefox.
I question the whole ideology... (Score:3)
Another solution that doesn't require Firefox... (Score:2)
Add the following to your /etc/hosts file:
0.0.0.0 connect.facebook.com
0.0.0.0 static.ak.connect.facebook.com
0.0.0.0 api.connect.facebook.com
0.0.0.0 ssl.connect.facebook.com
0.0.0.0 www.connect.facebook.com
0.0.0.0 graph.facebook.com
0.0.0.0 connect.facebook.net
Re: (Score:2)
Here's some footnotes to your advice: https://news.ycombinator.com/i... [ycombinator.com]
Use a separate browser for Facebook (Score:2)
I use Opera exclusively for FB and nothing else. That blocks tracking.
Re: (Score:2)
No it doesn't. If you load any third-party content from FB's servers from the same IP address, they can tell.
So... (Score:2)
Working on the technology for several years? (Score:1)