FF44 third party cookies

[Grumpus]

Seems to me if there's that much concern on cookies, bad or good, a short trip to the Options or Preferences, as the case may be an allow, deny or even a delete of individual cookies would be simple enough. It's not the desired singular keystroke or automatic accept/deny but it's functional.

[Drumbrake]

(...) I just browse 'normally' and never see ads, let alone click them and this JS side has never been a problem to me - which even I find surprising, given the claimed endless lists of JS exploits around.

Regarding ads, you either must have a very comprehensive hosts file in your computer, or a powerful firewall in your router (or both): otherwise, I really cannot see this happening:

I just browse 'normally' and never see ads

As for JS, I gather you have better things to do , but have you ever bothered to see how many scripts (mostly from third-party sites that have nothing to do with actual page content) websites try to unleash these days?
Not to mention beacons, transparent pixels, metrics stuff and the whole lot.

[Frank Lion]

(...) I just browse 'normally' and never see ads, let alone click them and this JS side has never been a problem to me - which even I find surprising, given the claimed endless lists of JS exploits around.

As for JS, I gather you have better things to do , but have you ever bothered to see how many scripts (mostly from third-party sites that have nothing to do with actual page content) websites try to unleash these days?
Not to mention beacons, transparent pixels, metrics stuff and the whole lot.

Nope, then again I've never bothered to count the number of bees hovering over the Spring heather either.

All I can do is to write the truth and people can make of it what they will and the truth is that I've had JavaScript enabled ever since 2004 and never had a problem.

Hardly unique as that is default in browsers. The elephant in the room is where are all those supposedly inevitably compromised JS users hiding?

[Scarlettrunner20]

ABP + Turning off 3rd Party Cookies. You don't need the "ask every time" option honestly. Just get blunt and block stuff.

So you believe no one should have fine control over first party cookies? I have ALWAYS blocked third party cookies. This stupidity on the part of Mozilla affects fine control of FIRST PARTY cookies. As for APB, never used it as I don't need it. I have a far superior (IMO) application but it doesn't give me fine control over ALL FIRST PARTY cookies which is what Ask Me in Fx did.

[Frank Lion]

This stupidity on the part of Mozilla affects fine control of FIRST PARTY cookies

...and the following would be an example of your fine control of FIRST PARTY cookies, would it? -

This was done because of some irresponsible websites that have poor coding and are not respecting cookie settings. Thus, users with settings like I have had, since Fx introduced them many years ago, find a few sites a mess to deal with. The badly coded sites try upwards to 100 times (that is a LOT of clicking and yes I have actually counted that many clicks on a few sites) to get you to accept their cookies. After a large number of clicks these irresponsible sites finally honor the setting that is in the first cookie popup that tells the sites (if the checkmark is there) to handle all cookies as the user designates the first one be handled. These sites ignore your settings whether deliberately or just through sloppy code I don't know but they finally adhere. I don't usually visit such sites a second time and I write the webmasters and tell them why I will not visit their sites. I have never given in though....I have clicked until my fingers were half numb but the sites always finally give up trying to set cookies.

[MeSat]

Self-Destructing Cookies
https://addons.mozilla.org/en-US/androi ... src=search

Or other "cookie" extensions like Cookie Monster make handling cookies so much simpler. Or uMatrix.


https://feeding.cloud.geek.nz/posts/twe ... n-firefox/

Doesn't give me the control that I need in my day to control cookies efficiently. Ask me every time allowed me to work, not manage with opening this or clicking that to protect my privacy.

[MeSat]

@ Other people -

Seriously, the sheer amount of time people waste on this stuff always amazes me - allowing scripts, allowing adblocking, allowing 3rd party cookies - when do they ever just use the damn browser for looking at the Net?

12 years now, I've sailed around the entire Internet with JavaScript enabled - not one single problem, even the YesScript I have is used to block JS on just 3 JS heavy media sites on the entire Net. I use very simple adblocking, clear cache and cookies on exit and sometimes use the above hotkey combination during a session. That's it.

I understand privacy, I can even vaguely understand paranoia with some people, but how on Earth is it possible to be so paranoid and write huge posts on this thread about cookies and yet be so mind blisteringly dumb as to not already know that this history can be easily cleared on exit?

The problem is, tracking is done during the session and clearing on exit is already too late.

When sites are gathering cookies for third party sites under their domain, then allowing that site means you are being tracked. For some people that is important.

Just as some people will gladly use anything Google for their lives, others avoid it at all costs if they can. I do understand their feelings, again, I remember Snowden and 1984 and they did have an effect on my concerns.

Comcast has a FAQ and one of the questions answers that they DO third party tracking on their domain. In my blocked cookie's list, I have a very large number of blocked cookies that are for third party tracking sites under valid, no tracking domains.

I have tried the recommended third party cookie managers and none provide the granularity that I need for my work. Now I spend more time managing cookies than browsing. At least I can click to clear my history every minute or two in case.

I prefer to keep my curtains closed from prying eyes.

[Scarlettrunner20]

This stupidity on the part of Mozilla affects fine control of FIRST PARTY cookies

...and the following would be an example of your fine control of FIRST PARTY cookies, would it? -

This was done because of some irresponsible websites that have poor coding and are not respecting cookie settings. Thus, users with settings like I have had, since Fx introduced them many years ago, find a few sites a mess to deal with. The badly coded sites try upwards to 100 times (that is a LOT of clicking and yes I have actually counted that many clicks on a few sites) to get you to accept their cookies. After a large number of clicks these irresponsible sites finally honor the setting that is in the first cookie popup that tells the sites (if the checkmark is there) to handle all cookies as the user designates the first one be handled. These sites ignore your settings whether deliberately or just through sloppy code I don't know but they finally adhere. I don't usually visit such sites a second time and I write the webmasters and tell them why I will not visit their sites. I have never given in though....I have clicked until my fingers were half numb but the sites always finally give up trying to set cookies.

The Mozilla that I pledged allegiance to way, way back WOULD have done some thing positive to try and fix what happens when Fx encounters what is essentially a "rogue" site that refuses to follow standards regarding cookie setting. Mozilla could have fixed it - partial fix at least - by setting a mechanism (button maybe?) that the user could hit if a site refused to honor (after say 10 tries at the most) the user's choice for cookies and that button would force the user's choice on the errant site and send a notice to the site that they needed to fix their cookies to honor the user's choice. Or some other attempt to fix this instead of just giving up on the user being able to fine tune their cookie settings. Giving up is just another indication of the lack of interest Mozilla now has in any user except the ignorant of computers one. It also indicates that Mozilla has forgotten its own manifesto as this refusal to try and fix it (or just at least leave as is) is another nail in Mozilla's privacy coffin.

FWIW, Pale Moon seems to have less problems with rogue sites that try to force cookies. However, I don't know if that is because I have just happened to be on Fx when I encounter one of these sites or if Moonchild has tried to fix the problem. SeaMonkey still has this Ask Me setting....but for how long? I haven't had the problem that many times so I don't understand why Mozilla decided the action had to be to remove the setting. Even with this problem on a few sites, I'd FAR PREFER to have to this setting intact and deal with the problem on the occasions where it is necessary. I would like an escape mechanism (if Fx could not be made to force a site to behave cookie wise) from the popups as I won't ever visit a site that does this again but my hand does get very tired with a few rogue sites where my choice for ALL cookies at that site (made by checking the box on the first cookie offered) is ignored. On well behaved sites, I may allow some session cookies but no permanent ones or I may allow both or none, etc. On the rogue sites, if they could see a good reason to behave themselves, I might very well allow some cookies and would be inclined to visit the site again (assuming I found the site interesting, useful information, etc). I thought Mozilla was trying to PROMOTE standards so why not actively try to promote good cookie standards?

This issue has been picked up on the Fx ESR List Serve. Businesses are not liking this change either even though the change won't effect ESR version until the next version.

[Frank Lion]

The Mozilla that I pledged allegiance to way, way back WOULD have done some thing positive to try and fix what happens when Fx encounters what is essentially a "rogue" site that refuses to follow standards regarding cookie setting. Mozilla could have fixed it - partial fix at least - by setting a mechanism (button maybe?) that the user could hit if a site refused to honor (after say 10 tries at the most) the user's choice for cookies and that button would force the user's choice on the errant site and send a notice to the site that they needed to fix their cookies to honor the user's choice. Or some other attempt to fix this instead of just giving up on the user being able to fine tune their cookie settings. Giving up is just another indication of the lack of interest Mozilla now has in any user except the ignorant of computers one. It also indicates that Mozilla has forgotten its own manifesto as this refusal to try and fix it (or just at least leave as is) is another nail in Mozilla's privacy coffin.

Ever considered the possibility of actually learning in the last 10 years+ how to use the free program you 'pledge allegiance' to, before writing yet another meaningless 10,000 worder post here?

Page Info is covered here or right click on the page and select it.

I'll leave you to it, I'm off to pledge allegiance to another cup of tea.

[Frank Lion]

The problem is, tracking is done during the session and clearing on exit is already too late.

The problem I have with guys like you is simply that you will not learn about the damn subject that you claim to be so concerned about.

As you are new here, I'll leave it at that. But at least learn what a Unique Identifier is and how they work.

https://www.optimizesmart.com/complete- ... analytics/

[Scarlettrunner20]

The Mozilla that I pledged allegiance to way, way back WOULD have done some thing positive to try and fix what happens when Fx encounters what is essentially a "rogue" site that refuses to follow standards regarding cookie setting. Mozilla could have fixed it - partial fix at least - by setting a mechanism (button maybe?) that the user could hit if a site refused to honor (after say 10 tries at the most) the user's choice for cookies and that button would force the user's choice on the errant site and send a notice to the site that they needed to fix their cookies to honor the user's choice. Or some other attempt to fix this instead of just giving up on the user being able to fine tune their cookie settings. Giving up is just another indication of the lack of interest Mozilla now has in any user except the ignorant of computers one. It also indicates that Mozilla has forgotten its own manifesto as this refusal to try and fix it (or just at least leave as is) is another nail in Mozilla's privacy coffin.

Ever considered the possibility of actually learning in the last 10 years+ how to use the free program you 'pledge allegiance' to, before writing yet another meaningless 10,000 worder post here?

Page Info is covered here or right click on the page and select it.

I'll leave you to it, I'm off to pledge allegiance to another cup of tea.

All these years and you still don't understand about cookies. Page source has nothing to do with this problem and is in no way a fix. AFTER THE FACT is not a fix. It is simply shutting the barn door after the horse already escaped.

[Frank Lion]

Page source has nothing to do with this problem

Through the fog of your mind, could you at least try to read just two words correctly? Page Info is not Page source.

All these years and you sti

Try to focus. It was you who asked for this -

. Mozilla could have fixed it - partial fix at least - by setting a mechanism (button maybe?) that the user could hit if a site refused to honor (after say 10 tries at the most) the user's choice for cookies and that button would force the user's choice on the errant site

...and me who told you how that already existed using Page Info > Permissions, where you can block all cookies from an individual site forever. If you don't like what it does then don't ask for it or use it.

[Drumbrake]

As for JS, I gather you have better things to do , but have you ever bothered to see how many scripts (mostly from third-party sites that have nothing to do with actual page content) websites try to unleash these days?
Not to mention beacons, transparent pixels, metrics stuff and the whole lot.

Nope, then again I've never bothered to count the number of bees hovering over the Spring heather either.

All I can do is to write the truth and people can make of it what they will and the truth is that I've had JavaScript enabled ever since 2004 and never had a problem.

Hardly unique as that is default in browsers. The elephant in the room is where are all those supposedly inevitably compromised JS users hiding?

You may (with all due respect) be missing something important here: JS exploits are purposely silent (well, all late compromises are, but since they almost inevitably seem to take advantage of javascript flaws...), since their aim is to remotely hijack routers, take over computers to stole sensitive data or recruit them as part of large botnets.
These are generally not the kind of old Windows exploits that do all sorts of funny things on your pc and make you immediately know about them, in short many people (including advanced users) may actually never know they have been targeted, let alone average users.



Then you point at a very interesting link:

(...) But at least learn what a Unique Identifier is and how they work.

https://www.optimizesmart.com/complete- ... analytics/

where it clearly states that this kind of permanent tracking by means of a Unique Identifier works most reliably when a user is logged in, which in turns possibly implies permanent cookies set in local storage (not the tiny traditional cookies) again via JS.


Regading the first part of the post, you mis-quoted it:

(...) I just browse 'normally' and never see ads, let alone click them and this JS side has never been a problem to me - which even I find surprising, given the claimed endless lists of JS exploits around.

Regarding ads, you either must have a very comprehensive hosts file in your computer, or a powerful firewall in your router (or both): otherwise, I really cannot see this happening:

I just browse 'normally' and never see ads

And I definitely stand by that: it may well depend on your ISP provider, browsing habits and who knows what else but really, "never see ads" with JS permanently enabled, cookies enabled (if I understand correctly) and no special countermeasures, that's simply not going to happen IMO.

The web these days is kinda of a sewer filled with ads, tracking gizmos of every kind and silent exploits, just ignoring it won't make it go away - unfortunately.

I mean, in all fairness you are of course entitled to ignore javascript issues, don't waste your time blocking cookies or tweaking complicate adblockers, ignoring ads and focus and what is of interest to you, your choice - but it's not the general advice that I would give to everyone.

[Drumbrake]

Sorry, another thing comes to mind : enjoying the fact that ads seems to be generally way off and often flat out ridiculous, may not be the best way to look at this tracking deal.

Because, as noted here by patrickjdempsey

Amazon's suggestion routines are a joke. That said, the raw data itself is just as valuable as Google's... perhaps moreso because it's tied to a real-world bank account attached to a person. It's really not very important after all what the person searches for, as much as what the bank account buys.

they have the data that matters, or at least a big part of it.
Hindering their ability to tie that up to the rest of our online activity, when we are not buying things, may be worth the trouble - maybe.

[Frank Lion]

Sorry, another thing comes to mind : enjoying the fact that ads seems to be generally way off and often flat out ridiculous, may not be the best way to look at this tracking deal.

Because, as noted here by patrickjdempsey.

Did it ever occur to you that there was a very good reason that Amazon in 8 years have been able to do no more than make suggestions based solely on my recorded purchase history and never once on my browsing history there? Like maybe I do more than just look at this tracking deal?

Regarding ads, you either must have a very comprehensive hosts file in your computer

Certainly a very effective and pretty short one. Guess who wrote it?

Regarding your scaremongering silent JS stuff, you really think I don't have these computers and routers being continually scanned and would not know immediately of any JS exploits, really? Really? 12 years I've waited, where are they?

Take up your JS concerns with the browser makers who have it enabled by default.

... cookies enabled (if I understand correctly) and no special countermeasures...

That's the problem, you didn't understand that or what the link was actually telling you or anything else and instead plucked out bits that you already had made decisions about and then invented a supposed scenario of assumptions over what I might be doing, so you could vigorously refute it. I can't help you or anyone else who has that approach, especially when you're not even reading, or at least understanding, what I've written previously in this thread.

Spend less time doing 'rebuttals' to me here and instead read and understand this and other links properly without preconceptions - https://www.optimizesmart.com/complete- ... analytics/

Yeah, I could spend ages discussing this, but for what? People are going to suddenly rid themselves of their time-wasting emotional comfort blankets of many years in the face of facts and logic by me? Not going to happen, so just keep on doing what you were doing.