According to this german article: https://www.soeren-hentzschel.at/firefox/firefox-sagt-cookie... , you can already set various values for the cookiebanners.service.mode about:config setting on Firefox nightly. 1 denies all cookies, 2 also accepts if there is no option to deny or if denying didn't work.
Should, but even the websites themselves don't seem to know this. And it's not about cookies either, it's about anything allowing tracking on and between websites.
The GDPR is not about cookies, the freely-given consent requirement applies just the same if they’re tracking you in other ways (perhaps submitting a fingerprint via XHR, or even server-side—arguably just storing IPs in an access log counts[1]). The recorded data doesn’t have to be actively used to identify you, only usable for that purpose in principle.
The earlier 2002 “ePrivacy Directive”[2], which came to be known as “cookie law”, does mention cookies in the motivational part, though the actual text just refers to storing stuff client-side whatever the means. Storage strictly required for the website to function is specifically exempted. Unlike what the GDPR would say later, the preamble said sites would be able to tell users to GTFO if they refuse the cookies.
In the old days (Netscape Navigator) you'd get an annoying popup asking you if you wanted to store cookies. Firefox came from the open sourcing of Netscape. How things repeat!
Telling your users about what web technologies are and what certain settings mean is also cool.
Wanting to be helpful to a wider audience rather than have a funny easter egg for tech nerds feels like an okay thing to do, once a project is past a certain stage and aims for larger adoption.
That said, seeing "18 years ago" for the message dates in the discussion feels sobering.
Doesn't work on Android yet. Can't wait for this to be finished, cookie banners are even more annoying when you have as small a screen as on a phone...
Firefox Nightly allows you to use your own collection of add-ons that you've set up on AMO, including I Don't Care About Cookies and forks as long as they're up on AMO:
This brings up a great point! Why didn't browsers jump in right away and offer this natively instead of letting the web get littered with annoying cookie banners that everyone is either going to (1) ignore (2) blindly accept?
I fully expect the EU will somehow find a way to regulate this out of existence .... (in protection of users all browser software must ensure privacy options are not supressed and displayed prominently with a dialog immune to any form of automation ....)
Browser add-ons require permissions which you might not want to grant to arbitrary code. And anyway, it’s a truism that products can and will absorb add-ons into their code (cf ‘Sherlocked’)
They can spend time absorbing whatever they want, just make sure first you have a capable browser, that can be competitive, maybe absorb some market share from other Chromes. Instead of being a constant crippleware that we just barely tolerate, with half cooked "nice" to haves
If you don't trust, don't install. Maybe don't install anything on your machine just to be safe
Firefox can improve their addons security audit, their addons website to help users make a choice... absorbing addons seems like wasting time
Excellent extension with one glaring flaw: IDCAC accepts cookies if there is no option to decline them. You don't see annoying popups anymore, but the cookies are still there tracking you. This can be combated by combining it combined with Cookie AutoDelete [0]. Cookie AutoDelete solves the problem by purging all cookies automatically (except your whitelist) when the tab is closed. They work great together
> IDCAC accepts cookies if there is no option to decline them. You don't see annoying popups anymore, but the cookies are still there tracking you.
Yes. Because I don't care about cookies. This is not an anti-tracking extension. I do not care about being tracked. I just want to stop being bombarded with cookie consent dialogs.
Yeah, but if you're not aware of this gotcha, the extension takes the choice away from you. It's good that the parent post highlighted this issue.
I don't care a lot about cookies, but if a website is abusive enough that they need to ask for my permission, I prefer to deny it rather than give them a blanket approval (again: what I really care about is wasteful and overbearing JavaScript code that complements tracking via cookie... If I cannot object to that, at least let me object to cookies used for tracking)
Again: you don't need permission for necessary cookies. The fact that the cookie prompt is annoying/difficult to parse and requires opt-out instead of opt-in is against the spirit (and possibly the letter) of the law. If our automation around the cookie prompt is accidentally giving an implicit consent, we ended up doing exactly what the people that push pervasive tracking wanted. We end up rewarding, instead of punishing, people who implemented dark patterns.
The extension is far more useful if you block all cookies by default and whitelist the domains you allow to set them, like me. When you do that, every time you visit a site, sometimes even every time you load a page on a site, you get a cookie pop-up.
They should pair it with a "yes, I am an adult" extension.
> I don't care a lot about cookies, but if a website is abusive enough that they need to ask for my permission
How do you tell the difference?
> Again: you don't need permission for necessary cookies.
Usually it's better to ask forgiveness than permission, but I can understand sites wanting to play it safe and throw up a banner even if they only have "legal" cookies.
I mean, it's kinda in the title of the extension. If you install this extension, it's very obvious that you're okay with cookies... If you wanted that choice, you wouldn't install the extension. I don't understand why this would be an issue.
And to the extent that you do care, you can just block the cookies at the browser level. In-page pop ups on every site is about the stupidest way imaginable to implement anti-tracking controls.
> That's because the alternative is for browsers to send a "I-WANT-TO-BE-TRACKED" header if users want tracking and then basically no-one would consent.
I would say that, getting companies to convince the user that they would be better if they are tracked would be a good feature. Currently,tracking helps the company and hurts the customer, so companies should come up with a reason why tracking is actually good for the customer.
It is an unpopular opinion but I see GDPR as a watershed for user hostile design. It used to be that people involved with the web read Jacob Nielsen and Don’t Make Me Think, there was always pressure from the suits to distract users with BS but it was possible to hold the line.
Once the GDPR came out, now it was required, even admirable, to distract users. Once that window was broken the car got stripped within 24 hours and now it is not unusual to have to dismiss 3 or more pop ups asking you to subscribe to an email newsletter.
I have a zero-tolerance policy for dialogs, with few exceptions.
If I can't use the site while ignoring them, I close the tab.
What I realized after a while that this sort of user-hostile design correlates strongly with poor quality content, so it's also a great way to save my time.
I don’t mean this to be rude, but that’s how complete sentences work. Sometimes they’re internally inconsistent, but when you reach the full stop you’ve hopefully arrived at a coherent view of what the speaker intended to express. I know with this one that I did, even when I noted the same inconsistency. It seems you did too, but got hung up mid-sentence anyway. Maybe just be glad you understand what they meant to say?
The point is, calling it zero-tolerance when it's not is misleading. There's a perfectly fine way to describe zero-tolerance with exceptions, and it's not even far fetched: “low tolerance”.
Complete sentences may make it possible to pretend bad wording is consistent, but that doesn't make it good wording.
My point wasn’t that it’s good wording, just that it may be good enough to understand what someone meant to convey. I can be very literal myself, and I can take others’ words overly literally as well. It hasn’t made life better for me to insist on that kind of consistency from others, especially when they know I know what they meant to say. It has helped me to develop some instinct for accepting the intent of people’s communication rather than the minutiae of it. Even when I find the inconsistencies. It’s much nicer to realize what someone meant, and sometimes even to have a small laugh to myself about the way they put it.
Misleading? I wasn't mislead. It seems like you weren't mislead. The person who responded to you wasn't mislead. Was anyone mislead? Really, a single person? Or is language a mechanism to probabilistically encode information and not a formal system, even if it often approximates one? Go learn Lojban and leave everyone who actually wants to communicate be.
Yeah with the benefit of 5 minutes hindsight it's hilarious that I got suckered in literally just because I felt a single word wasn't precisely accurate. I mean, "misleading" didn't mislead me in the slightest, the overall meaning was clearly that it's better to be correct than not, precisely the impetuous of my snark. He who is without sin, yada yada yada
I guess I should clarify that in the rare case I still want to access the content, I still do not engage with the modal dialogs, but instead use a proxy service such as archive.is to present it in an accessible way.
I consider modals to be a gross accessibility issue.
I went through a phase when I was reading way too much about communism and riding shotgun back and forth to Buffalo a lot while stoned and resolved I was going to quit reading the web with a normal web browser but instead I was going to run everything through a workflow system that would convert web sites to HAR files, strip out all the ads and bullshit.
I worked on it pretty seriously for two weeks but got hung up on the problem that my web archiving system was never 100% sure that a page had finished loading (that there would be more significant AJAX calls) so it would set long timeouts and even with a lot of stripping out the junk it was going to be even more awkward than dealing with the junk.
Looking back at it however it looked like an overly ambitious project.
By zero tolerance, I mean to say that I do not engage with the dialogs in any way, e.g. clicking agree, cancel, close, or the area around the dialog if it is blocking the page.
By few exceptions, I mean that I look for an alternative method to access the content rather than disengaging from it entirely.
I am imperfect, so if you were to observe me 24/7, you would probably see me slip up eventually. But this is an ideal I strive for and for the most part am satisfied with the results of pursuing.
FWIW I'm very sorry I put you through this. My comment was low value, posted during insomnia, I was very surprised by the reach it gained while I slept at last.
You're confused. The EU's cookie consent dialogues do not come from the GDPR; they're several years older than that. They come from the Privacy and Electronic Communications Directive (ePD), particularly the 2009 amendment to that.
I think you're partly right but it happened before GDPR - when advertisers decided to ignore the DNT[1] flag. If DNT was respected, GDPR cookie pop ups would be unnecessary. Unfortunately the modern web is not about user choice but about herding users like cattle to maximize "engagement".
DNT was an "evil bit" non-solution that was stupid all the way from initial concept to execution to predictable industry response. We are better off without it.
No. The problem is the legal framework for user tracking informed consent didn't exist back then. Sites wouldn't be able to simply ignore DNT if doing so created legal liability for them.
Corporations essentially had a presumed right to track users. Now they don't, they need to get informed consent first. A DNT header makes the user's non-consent explicit: not only is the user presumed not to have consented to tracking, the presence of this header signals active and explicit denial of consent from the user.
It's not like the evil bit at all. We're dealing with corporations that operate openly on the market. It's perfectly possible to say "it's illegal to ignore this bit" if it comes with the threat of heavy fines attached.
Millions of websites are currently showing stupid cookie popups because they're mandated by law to obtain the user's consent. Why shouldn't that consent or lack thereof be expressed once in the browser UI instead?
The only issue with DNT is that it wasn't mandated.
As an example, a user may store in the browser preferences that information about their browsing habits should not be collected. If the policy of a Website states that a cookie is used for this purpose, the browser automatically rejects the cookie.
That's one of the odder things about the HN user base. How much we care about things seems to have little to do with how much they affect our lives. Most of us exist with a magic shield carefully affixed to our every point of contact with the electronic world that fully insulates us from anything we don't want to see, but it is maniacally important to us that Google doesn't know it was John Smith who searched for "sexy ostriches" eight years ago.
So because it doesn't "affect our lives" surveillance capitalism is okay? No.
It's about principles. We simply don't want corporations knowing anything about us unless absolutely necessary. It's bad enough that governments have to know about us. We really don't need the private sector mass surveilling the entire globe and exploiting our data for god knows what purposes.
Data should be a massive legal liability. It should cost them money to hold onto any piece of data about any person. They should be scrambling to forget all about me the second the transaction is finished.
I agree in principle - but you need a centralised government to punish them.
You could in theory have third party auditing and user reviews but almost nobody would care and they wouldn't have much power.
In practice I'd prefer a world without government and with companies tracking me over a government that steals half of my income and protect me from "evil" trackers.
Same thing with abortion. Of course wasting a human life is a tragedy, but it's hard to imagine economic model where you can guarantee the life of a foetus nobody knows much about, without needing a centralised entity. (you could in theory have protection agencies - as in The Machinery of Freedom - which guarantee your safety have you sign a contract saying you won't do that or else - but that would be hard to enforce).
> In practice I'd prefer a world without government and with companies tracking me over a government that steals half of my income and protect me from "evil" trackers.
What does "in practice" mean here?
I get the sense that when people say things like this, they think folks would have the lifestyles they currently have in the US, but much better because they don't have to pay any tax. In reality, a world without government would be run by the type of people who run Russia right now.
Great if you're connected to enough strongmen to be an oligarch I suppose but not that great for anyone else.
From what I see it has gone the way of "regardless" and "irregardless". I'm sure there's a cool word for this too. Antonyms that are actually synonyms.
Wait, just because throwaway787544 is OK with websites tracking where his behaviours on their domain, he should publicly give you and everyone his real name and address ?
If you walk in on a store that has security cameras in it and you accept to be filmed while you are in there, does that mean that I should be allowed and able to access you entire private photo and video gallery ?
Sorry but what's twisted is some pseudonymous throwaway account not only shaming people for caring about privacy but also proclaiming loudly that they don't care when their privacy gets violated. You gotta be kidding me.
well these are different purposes, aren't they? I do delete the cookies afterwards, so I don't care whether they get accepted or denied. But for this extention, the purpose was always just to get rid of the popups. I mean if you're automating it anyway, it's much easier to choose the happy path and comply isn't it? Those cookies can always be deleted later.
I'd rather use an extension that tells companies no, that exercises the legal right to say no. Dont just accept then delete (with likely other downstream consequences such as re-logging in when you dont want), just opt out. Make it clear that privacy matters. Dont just hack (with multiple extensions), vote.
Use a moral & good & fit to task (not apathetic & consenting extension) like Consent-o-matic[1] or Auto Cookie Optout[2].
Some people actively dont care. Dont do that. Care. Help. Be a positive influence. (Ed: wow, unpopular opinion, over something that costs people nothing to assist in!! -2 points!
Time and drain on my patience is a cost. And it is a particularly awful trade in this case; both of those are extremely precious resources, one of which is nonrenewable.
I do not care about cookies. Not one person on the Internet can demonstrate a concrete harm caused by the existence of advertiser cookies on their machine. If you want to spend time twiddling these knobs, more power to you. I've got things to do and I will gladly take the first option that erases the annoyance with a minimum of disruption.
Sad that you have no spare effort-capacity whatsoever to make a choice for yourself like this, that you see yourself as at zero! Woe unto you.
I dont get why this proclaimed unwillingness & lack of deciding leads you to pick the worse less defensive pick though. Why actively choose worse defense? I dont get your argumentation. Why is the worse dumber pick better for you, even if you dont feel convinced of the harm? Presented with a defensive & apathetic option, I don't see why you would still choose worse.
FWIW, I agree. Be the change you want to see in the world.
'Actively not caring' is insidious and depressing. It normalises data surveillance and says there's no point fighting it.
Comments here seem to ask if cookies are really worth all this fuss. Frankly, I don't think it's much of a fuss at all. Block the pop-ups, auto-delete the cookies. It's so simple I'm bemused there's any pushback.
Its a mindflip to me to imagine wanton anti-caring like this. Literally just make an incredibly smallley modestly better choice to serve yourself & each other better. Why not pick a good option? Why go through the trouble then be like, fuck it, Ill pick a shitty option? I dont get the anti-progressive pro-shitty attitude. But it sure seems popular & well represented! Blast us all!
> Why not pick a good option? Why go through the trouble then be like, fuck it, Ill pick a shitty option?
You're assuming way too much active thought and choice on the part of the people who don't care about cookies. You're assuming that it was a choice between options at all.
In my case, a website I was happening to read mentioned the I Don't Care About Cookies extension, and I thought, "oh, it'd be nice to have something that stops all of those annoying cookie pop-ups" and installed it. That is all. Is such an action really an "anti-progressive and pro-shitty attitude"? Am I really harming you or myself or society by doing that?
I have two browsers. One is my persistent logins browser (Mail, banking, etc). The other is my "browsing" browser which is inside of a windows VM that gets restarted and reverted every morning at 4 AM.
It blows my mind that you'd have such disregard for your own personal data protection by not implementing a similar system. Why not spend half a day setting up something that solves the problem long term without depending on you to consciously make the "right" decision over and over?
It's a feature not a flaw. See, I literally don't care about cookies. Deny them, allow them, whatever. Just don't bother me. That's exactly what the extension says and does.
I agree with you on not caring at all about cookies.
I've never understood the obsession with cookies and tracking. It seems that some people imagine Sundar Pichai sitting in his underground lair, following the browsing session of individual Chrome users, cackling with evil delight.
We know that Facebook employees stalked people using the 'tracking' info. We know police stalked people with their info. We know people with access to PRISM data used it to stalk people.
I respect your, and others’, opinion about not caring about tracking. But this extension is not named "i-dont-care-about-tracking", but instead misleading people into thinking it’s only about cookies when it’s not. It accepts all and any tracking, which can be far more advanced than just simple cookies.
Again, anyone can use this, I really don’t care, but the original author is essentially doing the work of adtech companies (not really surprising that they sold out their users in that context) by lying about the extension.
Temporary Containers also solve this problem (as long as you don't open things outside temporary containers), while also isolating tabs from other cookies.
I thought the goal of IDCAC was to get rid of those annoying cookie consent popups. It tries to block or hide the popup, but when cookies are required to use the site it automatically accepts them, assuming you will handle erasing unwanted cookies in some other way.
There are quite a few news websites that deny access to the site unless you agree to being tracked (e.g. [1]). Authorities in EU countries are split on the legality of that -- the Dutch data protection authority explicitly disallows such behavior [2], while German authorities are silently tolerating it [3].
In my opinion, this goes against the spirit and the letter of GDPR, but it seems that they are getting away with it for now. The matter hasn't been discussed by the European Court of Justice yet.
In those cases, as a non-paying user, you essentially have the choice between accepting being tracked, or not viewing the site. IDCAC errs on the side of being able to view the site.
[3] In the case of online raffles, a German court even explicitly allowed forcing users to agree to their data being used for advertising purposes if they want to participate in the raffle. https://openjur.de/u/2185336.html
You don't need uMatrix to block all third party cookies, in both Firefox and Chromium that is a build in option.
And I don't think that option is as good as IDCAC (or Consent-O-Matic [0]) + CookieAutoDelete. With those two add-ons even first party cookies are deleted, while you don't need to close banners all the time.
Easy to say "move to another", but what offers comparable functionality?
The vulnerability does not seem that serious to me... isn't it going to be pretty obvious if it gets exploited with this description?
> An attacker may exploit the vulnerability to get the extension to crash or cause memory exhaustion according to the researcher. When the extension crashes, users are left without protection until it is reloaded.
So I'm going to start seeing a bunch of ads as my clue, right?
[Not a drive-by:]
> It requires that users become active, e.g. by clicking on a link.
The article you linked has plenty of information in the comments, it's actually a good resource.
I know, I love uMatrix, and was sad to leave it. I've migrated to uBlock Origin, but it isn't the same even with dynamic filtering window opened. With uMatrix I had been taking the approach of denying all third-party resources by default and selectively allowing just the ones I need, and after the move largely ended up abandoning this approach.
The different UI of uBO was part of this decision, but not the biggest factor. Over time it had gotten less and less workable even with uMatrix's great UI. I could no longer configure a site once and then expect it to work for any amount of time, as the rate at which new mandatory third-party dependencies were added to sites kept increasing. And I was visiting more websites as part of avoiding big sites like Amazon.
In addition, uBO's CNAME unmasking meant that many resources that were considered first party by uMatrix, are treated as third party by uBO. This added to the burden of whitelisting, but also got me thinking about how fuzzy the first party / third party distinction was and that it was increasingly a poor proxy variable for what I was really trying to block (trackers mostly, and also some annoyances).
I also use the Temporary Container extension in Firefox. In the end I decided that the default block lists of uBO combined with the isolation and discarding of persistent data provided by Temporary Containers was good enough for most browsing. I still use a whitelisting approach for my handful of permanent containers, and uBO's dynamic mode UI is good enough for that.
It would be awesome if Avast moved the extension source code to Github or somewhere else public. I hope existing users won't settle blindly for whatever changes get added from now on.
I don't understand this attitude. You're annoyed by company's malicious compliance with a law designed to protect you, so you act out against the law, and not the malicious compliance?
Isn't the correct response to say "I always care about unnecessary cookies, don't set them"?
I know there are much less popular extensions that do just this, but I won't link to any because I'm not sure which are best now (just did a search and realised my choice may be out of date).
Finishing that line of thought gives: "I didn't ask to be protected, so this makes sense to me". Applying the same logic evenly gives me: "I'm very glad someone is keeping these companies in check, so this doesn't make sense to me", which gets us nowhere.
I think we can agree that none of us likes to be taken advantage of, and this law is trying to stop that.
EDIT: P.S. The law actually isn't badly written, and the malicious compliance is _breaking_ it. The law accounts for these kinds of behaviours, it's just that nobody has tested it yet. Though there are people trying to bring the widespread law breaking to the attention of the EU
> I think we can agree that none of us likes to be taken advantage of, and this law is trying to stop that.
The disagreement is over whether paying for information services with your personal data is being taken advantage of. Yes, there's an imbalance of size, and of information, but the attention market is also intensely competitive and - even in social media - switching costs for the consumer are low. A market-oriented solution would have been to sponsor independent organizations to score websites on privacy.
> The disagreement is over whether paying for information services with your personal data is being taken advantage of
Sure, if that was clear then we'd be in agreement. The EU law is aiming to make it clearer that you are indeed "paying" for the use of the website with your privacy.
Personally, I'm happy to pay for services with money, and do so whenever I feel a service is good enough. I'd wager a significant portion of average users would be too, if they knew what was happening with the profiles built up on them.
Putting that aside for a moment: If we paid for services, then it would promote good services. When we pay with our privacy, it promotes more effective data collection that doesn't have anything to do with the service, such as a focus on "engagement" (and everything that entails, that you've already alluded to).
I cannot speak to how well the law is written, but the effect it has, although annoying, is not an indication of it being a bad one.
If a website wants to track a user and sell that data to a couple of hundred data brokers, having to let people know, is in my opinion a good thing. That they go about making that a shitty experience is on them.
I've been thinking: the number of websites I want to stay logged into are quite few, and most of them I don't need to keep being logged into when clicking external links. From my point of view, that is what _I_ need cookies for.
E.g., I like to be able to go to facebook.com and be logged in, but when I click an external link, I kind a like to open a tab where I am not logged in. Same for hacker news and Youtube and my email.
When I'm "outside" those websites, sure, just accept all cookies and delete them when I close the tab
I imagine this can be done with Firefox containers and a bit of smarts, but I don't know how.
1. Install Firefox container management extension
2. Make some containers
3. Visit websites and add them to only open in certain containers
4. Install cookie auto delete extension.
5. Add exceptions for sites you want to be logged into for each container the first time you visit them.
I have some other extension that makes a temp container for each new click that I can’t remember the name of now and I’m not by my PC.
Cookie auto delete may be superfluous.
Con is google is still broken for me (mainly gmail) because of the web of redirects they do and there’s no way in the container extension to add a top level domain to a particular extension (that I’ve found).
I was looking for this exact setup a couple months back. I found a system that works for me, though not exactly perfect.
You can use the extension "Simple Tab Groups"[1] to automatically open some domains in specific Firefox containers like you described, by assigning a container to a group, and then configuring a domain to always open in that group.
The downside is that not all groups will be visible at a time, and you'll need to first select your previous group before finding the tab you came from. For me, that's an acceptable downside given the advantages it brings.
The solution is an extension called Temporary Containers.
You have to turn it to "Automatic mode", and fiddle a bit with the settings, but I have it set up so that every time I open a new tab it is a fresh isolated session, and will be destroyed when the tab is closed.
When I need to be logged in, I use the regular containers in Firefox for each service, or a context like "work", instead of the temporary containers.
This shouldn't require any smarts with Firefox containers. There is a Facebook container which opens any Facebook URL in, and will move you put once it resolves a URL which isn't Facebook.
I was never clear on this extension. Does it just suppress the the cookie prompts, does it only accept essential cookies or does it do the default action and accept everything?
> In most cases, it just blocks or hides cookie related pop-ups. When it's needed for the website to work properly, it will automatically accept the cookie policy for you (sometimes it will accept all and sometimes only necessary cookie categories, depending on what's easier to do). It doesn't delete cookies.
I mean... if you don't care about cookies (as is the extension's name)... you don't care about cookies. Asking what happens to them is missing the point.
If implemented correctly clicking "Accept" on a cookie banner will trigger the loading of the tracking scripts. Which will then set its cookies.
At least that is how i implement google analytics for example.
By not showing the button in the first place, nothing happens and no cookies are set (apart from the functional ones which are set regardless).
Other than that it really does not matter that much because if you use a plugin like this you will usually use an add blocker as well which removes the tracking.
Was there any ublock origin filter that could do the same.
Cookie popups are aids, what's someone gonna do? Say no and then quit the site? It doesn't actually change behaviour from the root cause, just passes on the different to the end user.
> Was there any ublock origin filter that could do the same.
Yes, "Fanboy's Annoyance" list under the "Annoyance" section, in uBo "Filter Lists" configuration tab. I enabled it recently only, and so far it looks OK with IDCAC removed. And uBo is also supported on Firefox for Android.
This github page seems a bit casual/flippant, there's no explanation of what the extension does or anything to build trust/confidence in the author. Hopefully it gets more developed as it sounds like a good idea.
I've been using Super Agent for this purpose since it has a Safari extension. It seems to work in more cases than not.
Its web site feels very… corporate, and I can't find a source code link anyway, so I'm sure it's making money off of me somehow, but I can't figure out how - according to the site's FAQ, it isn't selling any data, so who knows.
I don't believe Firefox has announced a discontinuation date for V2. If your browser vendor breaks your stuff perhaps you should consider switching browsers ...
>During the deprecation period, we can keep this functionality via patch (since it's there for Enterprise). After V2 is pulled from store, we'll need to stand up our own extension store for manifest v2
Is it that simple? Brave has various proprietary bits, so it's possible they could maintain v2 support. Perhaps others know if this is feasible, from a technical perspective.
Until a chromium browser let's you use arbitrary extension stores, I don't think there's any fork that's divergent enough. And I haven't found one after months of searching.
I'm almost to the point of trying to do it myself.
I do something similar. You can configure this using Chromium policies and don't need an extension. I wonder if Firefox policies does the same thing as well.
I have no idea why cookie retention is a server-side thing instead of a client-side thing.
Browsers should silently accept cookies, and delete them once the tab/window has been closed, and cookies should be stored only on user request (a toggle near the url bar) or after submitting a login form.
gosh, yeah. This should be discussed way more in this thread. IDCAC and GPDR popups are not just a result of a broken law, they are also result of a lack of technological progress and standardization by the industry giants. It has been killed because those same giants would stand to lose a lot from it becoming the norm.
BTW for anyone who doesn't know what P3P is:
> The Platform for Privacy Preferences Project (P3P) enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit.
How that would become complicated by regional laws requiring specific legal wording is anyone's guess, though - as this standard never became widely used.
Any use of that codebase - Brave, etc. - empowers Google. They're the ones pushing it forward, and developer mindshare empowers the player holding the reins.
To this sentiment – does anyone have a good way of auditing Firefox extensions for security?
I find really useful extensions on https://addons.mozilla.org ... but they often require permission to look at all of my browsing data, and I haven't found a way to view the canonical source that will be installed.
I'm sure it's available somewhere on the file system, but is there an easier way?
Right click the "Add to Firefox" button, "Save Link As" and open with something that supports zip files.
My take from watching some open source extensions is you are relatively safe from properly nasty things with a popular extension as they receive a higher "weighting" in the review process. Releases tend to get held up when something strange is added. Mozilla also document their process and tools (they have a web UI for it all):
Can I ask a question as a non-tech person - What is the disadvantage of empowering Chrome? Wouldn't having a dominant browser be a boon for developers in creating a more consistent and standardised UX experience?
I recall multiple-browser compatibility support was a challenge quite a few years ago when I worked as a manager for a smallish dev-shop, the problem stopped when IE moved their code to Chromium.
While it's indeed great for web developers in the short run. The problem is giving a single company too much power on the web. Google in the end, is also an ad company, which happens to also be starting making it harder for ad blockers to work:
https://www.theregister.com/2022/06/08/google_blocking_priva...
The web should be available for all, and not managed by a single company.
For whatever reason, Firefox uses 30-40% CPU at all times on my 2020 Intel Macbook, meaning battery life is quite short and the slightest bit of load on top will trigger the fan, which hardly ever happens when using Brave or Chrome instead. FF worked well enough for a year or so once they got acceleration to work properly on macOS, then this happened. Besides, I need to run Chrome anyway for various webapps I need to use that are broken in FF.
For a time outlook 365 wouldn’t receive all keystrokes, this was for months, when I finally got fed up I googled it and users reporting it resolved their issue by using chrome.
This is akin to people who used to shout to stop using windows. It isn’t an actual solution any more than a communist revolution is a solution to climate change.
It’s an excuse to take political (economic in this case maybe) pot shots at your rivals.
It absolutely is a solution to the over presence of a single rendering engine and browser working against the user for the editor, I don't understand how you can argue for the opposite. Comparing the browser switch to an OS switch or even to the complete change of economical, political and societal system as if they were of similar complexity is just being dishonest and is the best way to not even question the status quo.
In this piece she takes a clearly partisan stance with regard to "Trump" (between quotes because the stance is against the "movement", not the person) and calls for censorship - disguised under vague terms like Turn on by default the tools to amplify factual voices over disinformation. No matter whether you agree with Baker or not it should be clear that a pro-censorship stance coming from the head of a browser company is a bad sign.
I'm a die-hard Firefox user and not a resident of the D.S.A. but that does not mean I won't be affected by this type of activism. If Baker and her ilk go beyond their current promotional activism - from pride-month themes to "voices of colour" extension suggestions - to actually embrace the censorship she seems to desire I'll jump ship. Not to Chrome or Safari or anything like that, probably to one of the de-fanged Blink-based browsers like Bromite or Ungoogled Chromium.
If you don't believe in racism, or you believe in it but don't want anyone to talk about it because it hurts your tender feelings - you are a racist. That isn't a left or right wing ideology, anymore than 1+1=2 is a left or right wing ideology.
Also, conservatives in general (99.9%) don't know what CRT is, they just call anything that mentions the existence of racism CRT.
As someone who is greatly influenced by CRT, I certainly do believe in math, objective facts, and truth. The strongest argument for systemic racism is the overwhelming amount of evidence for it.
According to this german article: https://www.soeren-hentzschel.at/firefox/firefox-sagt-cookie... , you can already set various values for the cookiebanners.service.mode about:config setting on Firefox nightly. 1 denies all cookies, 2 also accepts if there is no option to deny or if denying didn't work.