Favicons in bookmarks - How to get rid of them? (Firefox 3)

[Bluefang]

We were talking about Firefox. That is for their website, and IIRC, most websites have session tracking of some sort or another. Infact, it is a rarity that I see a site that doesn't make use of clear GIFs, invisible frames, or some sort of JS tracker. In fact, any web server will most likely be logging all activity it sees. I can go log in to the cPanel on my website and get usage statistics as fat back as I've had space on that particular server.

Like I said, blocking a favicon will do absolutely nothing.

I should also point out that it's Mozilla.com which has the tracking to Omniture, which is what the host file fixes. Mozilla.org does have Google's Urchin on it, but Google hasn't given me reason to question them yet. Plus it could easily be blocked though hosts or AdBlock.
And MozillaZine.org dose have tracking software (google-analytics) on it.

[quote=Right at the top, http://people.mozilla.com/~basil/privac ... party.html]
Note: This privacy policy applies to our Web sites and services. We have a separate privacy policy for our products. Please see: Mozilla Firefox Privacy Policy.
[/quote]

[Frank Lion]

[SK.]

Thanks, Frank. Is that you?

(ducks and runs)

[Frank Lion]

Thanks, Frank. Is that you?

(ducks and runs)

Ahem, nope. It is, in fact, 'Larry The Happy Foiler', who will soon be making his appearance as the reassuring website verification guy on the new Metal Lion themes for Firefox 3.



For unsafe sites, I'm making an animated version (face turns red, head explodes, etc) ... good, informative UI being so important these days.

[RaiseMachine]

^Nice, can't wait for that!

[SK.]

For unsafe sites, I'm making an animated version (face turns red, head explodes, etc) ... good, informative UI being so important these days.

So true. So true.

I just wish he didn't look so much like me.

[Scarlettrunner20]

We were talking about Firefox. That is for their website, and IIRC, most websites have session tracking of some sort or another. Infact, it is a rarity that I see a site that doesn't make use of clear GIFs, invisible frames, or some sort of JS tracker. In fact, any web server will most likely be logging all activity it sees. I can go log in to the cPanel on my website and get usage statistics as fat back as I've had space on that particular server.

Like I said, blocking a favicon will do absolutely nothing.

I should also point out that it's Mozilla.com which has the tracking to Omniture, which is what the host file fixes. Mozilla.org does have Google's Urchin on it, but Google hasn't given me reason to question them yet. Plus it could easily be blocked though hosts or AdBlock.
And MozillaZine.org dose have tracking software (google-analytics) on it.

[quote=Right at the top, http://people.mozilla.com/~basil/privac ... party.html]
Note: This privacy policy applies to our Web sites and services. We have a separate privacy policy for our products. Please see: Mozilla Firefox Privacy Policy.

[/quote]

Blocking favicons blocks their cookies. Plus, I don't want them updating for the same reason. (Of course, I didn't know about all Fx versions being incapable of handling cross context cookies without leakage until Steve Gibson's cookie project. But because I routinely block all cookies except for a mere handful, the damage has been limited for me. Not so for most Fx users who think their browser is handling cookies as they wish and it isn't but then none of the browsers are doing what users think they are doing when it comes to cookies. The browser writers are going to have a lot of work to do once the project goes live).

I have Customize Google to block google analytics and I also block all the addresses in my Hosts file. I use the Proxomitron with Sidki's latest configs which are superb and some other filters added. It is the most important piece of software I have after Windows. It blocks all web bugs, all the other junk, invisible frames, etc. I am not tracked.

This stupid Mozilla tracking policy has just kept me from reporting my antivirus forum site (which has great new forum software which is superb) as being unworkable with Fx3 RC1. (It works fine with Fx 1.5). I went to use the "report a site" in About Firefox menu and was confronted with the NEW Mozilla Privacy Policy that I would have to agree to in order to report the site.

[teoli2003]

Steve Gibson's cookie project

Do you have a link to this?

[GrailKnight]

This stupid Mozilla tracking policy has just kept me from reporting my antivirus forum site (which has great new forum software which is superb) as being unworkable with Fx3 RC1. (It works fine with Fx 1.5). I went to use the "report a site" in About Firefox menu and was confronted with the NEW Mozilla Privacy Policy that I would have to agree to in order to report the site.

Another day another psychotic break 'eh Mele20?

Instead of bad mouthing Mozilla Foundation at every turn make it easy on yourself and everyone else by not using Fx. How hard is that?

You had no problem selling your soul to MS for some free software so live a little and click that button.

[GrailKnight]

Steve Gibson's cookie project

Do you have a link to this?

This is the link for that test.

http://www.grc.com/cookies/forensics.htm

I got it from another ScarlettRuuner/Mele20 cookie thread at DSLR.

[RaiseMachine]

Is this the same Steve Gibson that couldn't stop a 13 year old script kid?

*Thinks* Yes. Yes it is .

Take anything Gibson does or says with a hefty pinch of salt...

[malliz]

[teoli2003]

Euh, I'm perhaps stupid, but I don't see with the link what kind of cookie can be set through a favicon, that can't be set through the page. Somebody could explain it to me?

@malliz: lol, Gibson's reputation is well known Your photo is exactly the correct amount of salt necessary.

[Bluefang]

I also fail to see favicons pose a threat any different than loading any other content on the page. And with third party cookies disabled and a pretty sparse set of AdBlock Plus rules and I have the cookie situation pretty well under control.

http://files.bluefang-logic.com/images/cookies.png

I should also point out that the fact you get a cookie from a site is so absolutely trivial compared to the fact that you made a request to the site. An IP address is all that a server needs to do any kind of tracking, and it's pretty safe to assume that you have the same IP for at least one contiguous browsing session.

And, because most favicons are hosted on the site you originally requested, anything you could get from the favicon you've most likely already gotten from the site its self.

This stupid Mozilla tracking policy has just kept me from reporting my antivirus forum site (which has great new forum software which is superb) as being unworkable with Fx3 RC1. (It works fine with Fx 1.5). I went to use the "report a site" in About Firefox menu and was confronted with the NEW Mozilla Privacy Policy that I would have to agree to in order to report the site.

Do you actually understand what that policy means? And do you know what it means in relation to how HTTP/IP protocols work? What that policy is basically saying is that the interactive features send data to Mozilla. This includes data on your browser, the data requested by the feature (i.e. a web page), and the information necessary to make an internet connection (like your IP address).

Like most Web site operators, Mozilla does collect non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and date and time of each visitor request. Mozilla also collects potentially-personally-identifying information like Internet Protocol (IP) addresses, which are non-personally-identifying in and of themselves but could be used in conjunction with other information to personally identify users.

Whenever you make a request to ANY site, all of this data gets sent, as it is part of the HTTP protocol. You can control thinks like referrer URLs though about:config options, but disabling that can break some web sites. This is not something new or specific to Mozilla sites or products. Any browser/site will say the exact same thing.

Certain Mozilla products contain features that report, or that permit users to report, the user's usage patterns and problems - whether caused by Mozilla's software, third-party software, or third-party Web sites - to Mozilla. The reports generated by these features typically include non-personally-identifying information such as the configuration of the user's computer and the code running at the time the problem occurred. Some of these features give users the option of providing personally-identifying information, though none of these features require it. Some Mozilla software features that do permit users to provide personally-identifying information advise, in advance, that such information will not be made publicly available. Mozilla analyzes the information provided by these interactive product features to develop a better understanding of how its products are performing and being used. It does not use the information to track the usage of its products by identifiable individuals.

Once again, all this is saying is that by choosing to submit data to Mozilla, you are actually submitting data. Nothing new or special here.


As I pointed out before, the rest of that policy specifically applies to the Mozilla.com web site. If you choose not to report a site because it sends Mozilla data like browser info, the website, and your IP address, then feel free to continue using a broken web site.

It's quite obvious that you have an obsessive paranoia about hemorrhaging any kind of data at all. Don't expect people or products to cater to that, and the only way to ensure security is to not use the internet at all. In fact, by posting on this site, PHPBB records the IP address/host of every post you have made that can be correlated and looked up to a precision that would probably make you a little uncomfortable. By going to any site that is controlled by a control panel (like cPanel), the admin can get data like you IP address, any resource you touched, about of data transferred, geographic location, browser info, time spent, referring URLs, search terms used to find the page, etc... and there isn't much you can do about that with out breaking the internet.

I highly suggest getting over this fear and learn about what is actually going on from a reputable source, and understand how little the measures you're taking actually mean. Safe browsing habits are much more effective.

[Scarlettrunner20]

Thanks to the incredible efforts of the developer of CookieSafe who has made three new versions in the past few days due to requests (not from me originally although I added myself later) for a version that could block cross context third party cookies that Fx 3 leaks and could block favicon cookies, we now have a version that does these things! FANTASTIC. It hasn't been officially released yet but this new version of CookieSafe is probably going to make Fx3 the ONLY safe browser privacy wise (in regards to third party cookies) to use as long as you have CookieSafe. (This assumes the experimental code for GRC Cookie Forensics and Cookie Context test pages is working correctly as the developer has been testing his extension there as have those of us who asked for him to improve CookieSafe).

I had never used CookieSafe before because I had no idea how extremely broken Fx2 is as far as blocking third party cookies goes until Steve Gibson started his Cookie Forensics work. I didn't think I needed a third party application to properly control cookies until I started participating in helping give feedback and ideas for Steve's Cookie Forensics. (I also had no idea how broken IE7 and 8 are cookie wise...luckily I went back to IE6 on my main machine (which properly handles TPC and I don't use it much anyway).