[HN Gopher] Firefox 85 cracks down on supercookies ___________________________________________________________________ Firefox 85 cracks down on supercookies Author : todsacerdoti Score : 972 points Date : 2021-01-26 15:06 UTC (7 hours ago) (HTM) web link (blog.mozilla.org) (TXT) w3m dump (blog.mozilla.org) | abcd_f wrote: | Per-site caching negates the principal selling point of | centrally-hosted JS and resources, including fonts. The | convenience remains, but all speed-related perks (due to the | resources being reused from earlier visits to unrelated sites) | are no more... which is actually great, because it reduces the | value that unscrupulous free CDN providers can derive from their | "properties". | | It also means that I can remove fonts.google.com from the uBlock | blacklist. Yay. | dathinab wrote: | > Per-site caching negates the principal selling point of | centrally-hosted JS and resources | | It doesn't or more correctly the benefit wasn't really a think | in most cases. | | I will not start the discussion her again but on previous | hacker news articles about this topic you will find very | extensive discussions about how in practice the caches often | didn't work out well for all kinds of reasons and how you still | have a per-domain cache so it anyway mainly matters the first | time you visit a domain but not later times and how the JS | ecosystem is super fragmented even if it's about the same | library etc. etc. | | > cause it reduces the value that unscrupulous free CDN | providers can derive from their "properties". | | Not really, the value of a CDN is to serve content to the user | from a "close by" node in a reliable way allowing you to focus | on the non static parts of your site (wrt. to traffic balancing | and similar). | | Shared caches technically never did matter that much wrt. CDN's | (but people used it IMHO wrongly as selling point). | kristofferR wrote: | LocalCDN is an extension I would recommend, both for privacy | and performance reasons. | | https://www.localcdn.org/ | milofeynman wrote: | Decentraleyes is what I use. I assume they're similar | https://addons.mozilla.org/en- | US/firefox/addon/decentraleyes... | [deleted] | kristofferR wrote: | LocalCDN is an updated fork of Decentraleyes. | | Decentraleyes hasn't been updated in ages, has few assets | and its assets are massively out of date. | | https://git.synz.io/Synzvato/decentraleyes/-/tree/master/re | s... | | vs | | https://codeberg.org/nobody/LocalCDN/src/branch/main/resour | c... | takeda wrote: | My Decentraleyes was updated in November 5th, that's not | that long ago. | zamadatix wrote: | I wouldn't say all speed related perks, CDNs for resources like | that are still probably wider (and therefore closer) and faster | than whatever is hosting your stuff for most sites. Overall it | is a pretty big cut out of the performance selling point | though. | ogre_codes wrote: | > It also means that I can remove fonts.google.com from the | uBlock blacklist. Yay. | | If you are downloading fonts from Google, Google harvests your | IP and likely the referring site from the request. Even if your | browser doesn't sent the referrer, many sites have a unique | enough font-fingerprint that Google can figure out where you | are. | cactus2093 wrote: | It doesn't seem like centrally-hosted resources ever | centralized enough to be all that useful. Even for sites that | are trying to play ball, there are multiple CDNs so everyone | has to agree which one is the standard. Plus everyone has to be | using the same version of each resource, but in practice most | js tools release so often that there will always be many | different versions out in the wild. | | On top of that a lot of the modern frontend tools and best | practices are pushing in the other direction. Out of the box, | tools like webpack will bundle up all your dependecies with | your app code. The lack of JS namespacing and desire to avoid | globals (which is pretty well-intentioned, and generally good | advice) means that your linter complains when you just drop in | a script tag to pull a library from a cdn instead of using an | es6 import and letting your bundler handle it. Typescript won't | work out of the box I don't think. Your integration tests will | fail if the cdn is down or you have a network hiccup, as | opposed to serving files locally in your test suite. And on and | on. This is just anecdotal, but I haven't seen most teams I've | worked with value the idea of centrally-hosted JS enough to | work around all these obstacles. | jahewson wrote: | Per-site caching is the new norm. Shared caches are vulnerable | to timing attacks that infer your web history. It's a shame but | that's just the reality of caching. Shared caches were never as | useful as claimed due to the large numbers of versions of most | resources. | PaulHoule wrote: | That idea of having JS files hosted elsewhere always struck me | as a Girardian scam (e.g. "everybody else does it") and always | getting voted down when I showed people the reality factor. | | Nobody seemed to think it was hard to host a file before this | came along, just as nobody thought it was hard to have a blog | before Medium. | | Of course this creates the apocalyptic possibility that one of | these servers could get hacked (later addressed with some | signing) but it's also not easy to say you're really improving | the performance of something if there is any possibility you'll | need to do an additional DNS lookup -- one of the greatest | "long tails" in performance. You might improve median | performance, but people don't 'experience' median performance | in most cases (it goes by too fast for them to actually | experience it), they 'experience' the 5% of requests that are | the 95% worst, and if they make 100 requests to do a task, 5 of | them will go bad. | | People are miseducated to think caching is always a slam dunk | and sometimes it is but often it is more nuanced, something you | see in CPU design where you might "build the best system you | can that doesn't cache" (and doesn't have the complexity, power | and transistor count from the cache -- like Atmel AVR8) to | quite a bit of tradeoff when it comes to 'computing power' vs | 'electrical power' and also multiple cores that see a | consistent or not view of memory. | conradfr wrote: | Wasn't that also because before http2 browsers were limiting | the number of concurrent requests to a domain? | gamacodre wrote: | This. If you are loading some scripts that are actually | required for your app or page to work right, why would you | get them from someone else's infrastructure? Terminal | laziness? Or is the assumption that XYZ corp has more | incentive than you do to keep your page working? This never | made much sense to me except for developer toys & tutorials. | sanxiyn wrote: | It's not about being hard, it's about being convenient. | Convenience is important. Even trivial convenience. | mdavidn wrote: | Browsers can check "subresource integrity" to guard against | hacks of third-party services. | | https://developer.mozilla.org/en- | US/docs/Web/Security/Subres... | jimbob45 wrote: | By Supercookie they mean Evercookie, right? That seems to be what | they're describing. | baliex wrote: | Is either a formal enough term to argue that one is more | correct than the other? | kristofferR wrote: | Evercookie is a Javascript project that produces respawning | super cookies: | | https://github.com/samyk/evercookie | | It's quite dead now, stopped working around 2017: | https://github.com/samyk/evercookie/issues/125 | hereisdx wrote: | Can you please detect I'm using Firefox, and not show the | "Download Firefox" banner on top? I'll be able to save a few | pixels of vertical space. | tangoalpha wrote: | Firefox takes privacy so seriously that they fail to detect you | are on Firefox, if you are using Firefox! | Nextgrid wrote: | But not seriously enough to remove Google Analytics from | their website. | fsflover wrote: | Google currently pays for Firefox development. Are you | ready to be the money source instead? | floatingatoll wrote: | I looked because I was curious, and on both desktop and mobile, | in all browsers, the site's topnav includes their Mozilla logo, | a Download Firefox button, and links to a couple of other | Mozilla sites about Internet Health and Donate. | | I imagine they could still choose to hide the blue button when | you're on Firefox, but that wouldn't save you any vertical | space, since the topnav menu of links and logo would remain. | noja wrote: | It's there always in the same place so you can download Firefox | for someone else, or for another device. | Shivetya wrote: | So eventually we will have private browsing for every site so | that there is no possible cross pollination? How far can that be | taken? | | Or am I off in the weed here about how this will play out? | jypepin wrote: | Tracking has become so bad that it seems like users have to spend | money (more bandwidth) to protect themselves from it. | | Crazy and sad to see where we've come :\ | wejick wrote: | Which one more annoying for you between today's tracker and | early 2000ish popup on top IE? | | Or remember adware on windows XP and how many antivirus tools | advertised to eradicate that. | | * they're hilarious comparison but I found it amusing. | foepys wrote: | Nobody would accept interconnected face scanners in every | building they walk into but online it's somehow okay. | vaduz wrote: | Maybe not yet, but neither did we arrive at the current state | where e.g. London has an estimated 691k _registered_ CCTV | cameras [0] (and many hundreds of thousands more | unregistered, as you don 't need to register ones that point | only at your own property) in a day. Note that a lot of those | are already interconnected and linked to recognition systems: | TfL and various borough council cameras in particular as part | of anti-"serious crime" initiative are an example [1]. | | Private exercise of the same technology is merely deterred, | but not stopped by GDPR (especially now that UK is "happily | gone" from "EU overregulation"...). | | And of course that ignores China which has cities that have | both more total(Beijing, Shanghai) and more per-kilopop | (Taiyuan, Wuxi) cameras than London. | | [0] https://www.cctv.co.uk/how-many-cctv-cameras-are-there- | in-lo... [1] | https://www.nytimes.com/2020/01/24/business/london-police- | fa... | ogre_codes wrote: | > Nobody would accept interconnected face scanners in every | building they walk into but online it's somehow okay. | | There are cars with license plate scanners that wardrive the | world. They scan plates in shopping centers, businesses, and | even apartment buildings so on the off chance law | enforcement, repo businesses, or anyone who wants to know | where your car is parked can track you. | | People accept that. Or rather, most are blissfully unaware | that it happens. | | If your grocery store added face tracking to their existing | security cameras, would you even know it? Would you know if | they sold that data? | upofadown wrote: | People accept that in the USA. Privacy laws in most | countries make the free interchange of such information | illegal | ogre_codes wrote: | Fair point. | | The Wild West mentality in the US kind of sucks when | technology allows even small businesses the ability to | screw over large numbers of people. | novaRom wrote: | Even worse: foreign powers get that ability to screw | whole country. | saagarjha wrote: | > Or rather, most are blissfully unaware that it happens. | | That is the problem. | shaan7 wrote: | You know what is surprising? A lot of people will easily | accept those face scanners too :/ | ogre_codes wrote: | A lot of people accept that which is beyond their control. | That doesn't mean they are Ok with it, just that they don't | know how to do anything about it or often that it's even | happening. | franga2000 wrote: | Wasn't there an article about paying with your face | around here just a bit ago? People clearly don't just | tolerate this, but embrace it. | | Only people from places where it's too late to go back | (like China) are aware of the dangers of these systems, | but they can hardly warn the rest of us and when they do, | we generally don't listen as "something like that surely | wouldn't happen in my free country". | | It would seem that people only get slightly spooked when | a government does something that could impact their | privacy (even when it actually doesn't - see the recent | covid tracking app backlash in basically every country) | but when private companies do it, they eat it up hapily. | ogre_codes wrote: | > People clearly don't just tolerate this, but embrace | it. | | If there were an opt-in way of doing this, it wouldn't | bother me. Similarly with online tracking, if it were opt | in only, it wouldn't bother me. | | What is frustrating is the lack of transparency or | ability to control who and where my data is collected. | notyourwork wrote: | Amazon Go disagrees with you. We're moving that direction and | I think the pace will accelerate. | adolph wrote: | _Unfortunately, some trackers have found ways to abuse these | shared resources to follow users around the web. In the case of | Firefox's image cache, a tracker can create a supercookie by | "encoding" an identifier for the user in a cached image on one | website, and then "retrieving" that identifier on a different | website by embedding the same image. To prevent this possibility, | Firefox 85 uses a different image cache for every website a user | visits. That means we still load cached images when a user | revisits the same site, but we don't share those caches across | sites._ | | Wait, so one form of "supercookie" is basically the same as the | transparent gif in an email? | | https://help.campaignmonitor.com/email-open-rates#accuracy | suvelx wrote: | Are there any plans for complete partitioning? | | I'd like to see a point where browsing on two different websites | are treated as a completely different user. Embeds, cookies, | cookies in embeds, etc. | Santosh83 wrote: | I believe the 'First-party isolation' feature does this, but | you need to enable it from about:config, and even then, I'm not | sure if it is complete or bug-free. | cassianoleal wrote: | Have you tried Temporary Containers[0]? | | I use it to automatically open every new tab in its own | temporary container. | | [0] https://addons.mozilla.org/en-US/firefox/addon/temporary- | con... | cmeacham98 wrote: | privacy.firstparty.isolate :) | andrewaylett wrote: | I've had first party isolation turned on for possibly a couple | of years now (certainly since before the pandemic) and it does | break a small number of sites but nothing I particularly care | about. Except that one internal tool that I've taken to loading | in Chrome :P. | | I don't recall the last time I had to temporarily disable it to | allow something to work. | ajvs wrote: | This is called First-Party Isolation, a key principle of the | Tor Browser and an optional preference in Firefox. | jrmann100 wrote: | That's probably Firefox's own Firefox Multi-Account | Containers[0]. Groups caches/cookies into designated categories | for each tab (personal, work, shopping, etc.), with smart | recognition for assigned sites. | | [0] https://addons.mozilla.org/en-US/firefox/addon/multi- | account... | nixpulvis wrote: | Someone should do a study on the performance impacts of using | something like this on all sites for various kinds of | "typical" web browsing profiles. I'm honestly guessing a lot | of the losses would be in the noise for me personally. | greggyb wrote: | There is an additional Firefox extension that integrates | with multi-account containers, Temporary Containers. This | is highly configurable - I have it create a new container | for every domain I visit, with a couple of exceptions that | are tied to permanent containers. | | I run that on my personal devices. | | At work, there is so much in terms of SSO the amount of | redirects that happen mean that temp-container-per-domain | breaks all sorts of workflows, so I go without on the work | machine. | | I notice no major difference between these two | configurations, although I'm sure that there would be | things that are measurable, though imperceptible. | jniedrauer wrote: | I'd like to see something like the firefox container extension | automatically open a new container for every unique domain | name. It could get tricky for eg. federated logins, so I'm not | 100% sure what the implementation would look like. But it'd be | nice to have the option. | SAI_Peregrinus wrote: | The Temporary Containers addon[1] does this. Combined with | the usual Multi-Account Containers "always open this site | in..." mechanism you can have some sites always open in a | single container, but all other sites open in temporary | containers that get deleted shortly after you close their | tab. | | [1] https://addons.mozilla.org/en-US/firefox/addon/temporary- | con... | jniedrauer wrote: | I don't want the containers to be transient. I want to be | able to persist session cookies and local settings. | cmeacham98 wrote: | I commented on the main post, but First Party Isolation | is exactly what you want, and breaks relatively few | websites (and there's an extension to turn it on/off if | you do use a website it breaks). | adkadskhj wrote: | For clarity - the workflow is basically that all sites | would be temporary containers, _except_ sites you | explicitly set to be managed by Multi-Account Containers? | | _edit_ : I'm trying this out, seems to work nicely - but | assigning all the sites that i want permanent state on to | different account containers is a bit of a chore. Feel like | i'm doing something wrong there. | | But the temporary containers are working great | noctua wrote: | A few days ago there was a paper posted here about favicon cache | being used for tracking [1]. I wonder if cache partitioning also | prevents that? | | [1] https://news.ycombinator.com/item?id=25868742 | floatboth wrote: | Favicons are mentioned in the article as one of the caches that | get partitioned now. | eslaught wrote: | Is this the same as the old privacy.firstparty.isolate setting in | about:config? If not what's different? | Caligatio wrote: | There still appears to be some confusion but, from what I read, | FPI is a superset of this partitioning stuff: | https://github.com/arkenfox/user.js/issues/930 | hassanahmad wrote: | Hopefully it will speed up my Mozilla a bit. | w0mbat wrote: | Ironically, the Hush extension for Safari (which aims to limit | cookie tracking, amongst other goals) blocks that page. | | I mean this one, not the Chrome extension of the same name. | https://oblador.github.io/hush/ | amenod wrote: | Good job Mozilla! Do what Google never will - put users' privacy | front and center. | | On a sidenote, I might now re-enable cache that I kept disabled | (well - cleared on exit) because of supercookies. I don't care | that much if a single page tracks me, but I _really_ don't want | Google to track me across sites. If Firefox protected me against | that.. they would have one very grateful user. :) | | EDIT: this also highlights why Google is so invested in Chrome - | they can make sure that privacy doesn't interfere with their | money-making machine. They really are brilliant. Brilliantly | evil. | sanxiyn wrote: | Eh, Google was first to implement this: | https://developers.google.com/web/updates/2020/10/http- | cache.... | [deleted] | amenod wrote: | So? Mozilla should still catch up (if/where needed) and | surpass Google on all privacy fronts. The goal should be that | Google can't track Firefox users in default configuration - | rest assured, this will never happen with | Chrome/Chromium/Edge, and probably not with any other Chrome- | base browser either. | livvelupp wrote: | Thank you, now i am resting assured. | ahupp wrote: | From the article: " These impacts are similar to those reported | by the Chrome team for similar" | huron wrote: | From a purely web browsing experience the first iPad 'should be' | powerful enough to browse ANYTHING out there these days. But it | can't. The last few models will increasingly have the same issues | as the sheer volume of muck and cruft that's included with the | advertising gack just continues to explode. | | I'm definitely of the opinion that our web browsing devices are | marketing tools that we are allowed to use for media consumption. | Synaesthesia wrote: | The first iPad sucked a whole bunch. Only 256mb RAM especially | hurt. But I hear what you're saying. | 725686 wrote: | I beg to differ. Of course if you compare it with today's | spec it sucks... its been more than 10 years since launch! I | can still use my iPad 1 to watch Netflix and play some old | games I like (i.e. Carcassonne). The battery still works | pretty good. I would say that the iPad 1 rocked, and should | be able to browse today's web ... except it can't because of | the amount of cruft that is pushed our thoughts nowadays. | woof wrote: | I loved mine at least a year and was quite happy for another | year. Some sites worked awesome, others sucked hard due to | crazy pay loads. | | I blame shitty sites more than Apples architecture :( | bawolff wrote: | Wait does that mean hsts cache is per origin? | | That seems like it would make tls stripping attacks a lot easier. | kag0 wrote: | Maybe. But a more clever approach might be to limit the size of | the HSTS cache per second-level-domin per orign. Or to randomly | respect the cache. Or to simply make every request to both the | TLS and non-TLS port but do so in parallel and discard the non- | TLS response if the domain was in the HSTS cache. | | I'm not saying any of those approaches is bulletproof, just | that maybe they have a more complex strategy in mind to | mitigate risk. | bawolff wrote: | Those would be much worse strategies than even just not | supporting hsts at all. | | > Or to randomly respect the cache | | If the goal is to manipulate a single request to insert | malicious js that gets cached, you only need a single non tls | request. If you're an on path attacker, you can probably get | the user to request things multiple times (e.g. randomly | break and unvlbreak internet connectivity) until you get | lucky with an unencrypted connection. If you're trying to | make a super cookie you can just repeat and average out the | random failures (random pertubation almost never prevents a | side channel leak, at most it makes it more expensive) | | >Or to simply make every request to both the TLS and non-TLS | port but do so in parallel and discard the non-TLS response | if the domain was in the HSTS cache. | | Fails at confidentiality 100% of the time | gennarro wrote: | If only DNT had been enforced and respected, so much effort could | have been avoided. I appreciate these protections, but it's | unfortunate this whole cat and mouse game is necessary. | nerdponx wrote: | Who would enforce it? | seumars wrote: | Maybe they should crack down on how awful the UI has become. | f430 wrote: | is it just me or more people switching to Firefox these days? | ff4lyfer99 wrote: | I switched in late 2017 when they released quantum or neutrino | or whatever they called it, a huge performance release. | | As a backend dev and security focused eng I have little reason | to test drive changes in all browsers. | | FF has been smooth and stable for me across desktop OSs. Having | no reason to alternate between that and Chrome, I've been | confused by people saying it's slow. | | It's been, to my memory, a flawless experience for 3+ years. | | On the flip side, Chrome is a spy app, and a cognitive | perception of web devs it's faster does little to move me to | use it. | kriops wrote: | Just interact with the Facebook chat in Chrome and FF, and | you'll see that FF is significantly slower. | | That being said I use 90% FF, 9% safari and 0.999...% Chrome, | because FF handling of tabs/containers/add-ons offers | superior UX _despite_ the performance annoyances. IMO, | obviously. | ff4lyfer99 wrote: | Ah well I nuked my FB account in 2010, as the spyware | nature of it was obvious to me then | vorticalbox wrote: | I think is down to the fact that most websites target | chrome first as it has the biggest market share. | | I've noticed reddit is rather slow in ff but other than | that not really nocoed anything massively slow or broken. | mynameisash wrote: | I've had a similar experience. My only gripe is that the | Facebook Container extension / Multi-Account Containers[0] | stopped working for some reason, and I haven't been able to | get them working again. I _love_ that I was able to sequester | all of Google 's real estate from all of Amazon from all of | my work tabs, and so on. | | [0] https://support.mozilla.org/en-US/kb/containers | wejick wrote: | The FB container is working Ok on my side. It's not helpful | tho | | May be try on new profile to isolate the issue. | mlok wrote: | FB Container never stopped working fine for me. You should | be able to use them again, as we do. | billiam wrote: | Evergreen comment. | devenblake wrote: | Not sure. People on-line are switching but I haven't been able | to convince many off-line - Chrome is necessary for a lot of | poorly coded sites. | eitland wrote: | > Chrome is necessary for a lot of poorly coded sites. | | Just like IE was. | | And just like in the IE days some of us are cheering | enthusiastically for every better alternative while others | are defend the incumbent alternative :-) | | It will take time but if we all do something sooner or lesser | the old "best viewed in IE6/Chrome" websites become an | embarrassment to management and then it will get fixed ;-) | | Edit: Same will probably (IMO) happen with WhatsApp now and | possible (again IMO) even Facebook and Google if they don't | catch the drift soon. I can sense a massive discontent with | them everywhere and for at least a 3 different reasons: | spying, ux and functionality regressions and also because of | their stance on politics (ironically I think large groups on | all sides of politics want to bludgeon those companies over | various issues and few except investors really love them). | gilrain wrote: | Not according to their own metrics. Monthly Active Users and | New Profile Rate are the relevant metrics, and both are in | decline. | | https://data.firefox.com/dashboard/user-activity | dang wrote: | We detached this subthread from | https://news.ycombinator.com/item?id=25917559. | kristofferR wrote: | That's my impression too. Not surprising though - Firefox has | just recently started to get good again (trackpad support, GPU | rendering, privacy protections etc), while Chrome gets | progressively worse. | StLCylone wrote: | On the desktop there has been minor movement as percentage of | the whole market, but up 9% on their own share. | | https://gs.statcounter.com/browser-market-share/desktop/worl... | hinkley wrote: | Chrome is losing market share since October? What changed? | aquova wrote: | I downloaded and looked at the raw data. The biggest reason | seems to be the new Edge browser gaining popularity. It | went from 5.8% to 7.4% market share since October. I'm not | sure why this chart displays both IE and the old Edge, when | together they're a third of the market share of new Edge. | | Safari and Firefox also are up since October, but I'm not | sure why that is. For Safari I suspect new Apple devices | being purchased around the holidays, but that's just a | guess. | supernova87a wrote: | Whenever a change to an ecosystem / business model comes along | and some entrenched interest complains, I think: | | "I have no doubt that someone will succeed under these new rules | to come. You're just upset that it isn't you any more." | beervirus wrote: | Firefox is so good. | | It's a continual source of amazement for me that a majority of | HNers are using a browser made by the largest data gobbler in the | world, instead of one that actually tries to prevent spying on | users. | mschuster91 wrote: | Speed, especially with a large number of tabs opened, and the | Dev tools. Chrome's are the most polished _by far_ , and it's | trivial to do remote debugging on Android devices. | dang wrote: | > _a majority of HNers are using a browser made by_ | | How do you know what browser the majority of HNers are using? | saagarjha wrote: | I'm curious: what _is_ the browser that the majority of | Hacker News users are using? | tannhaeuser wrote: | How do you know user-agent strings of HNers? My guess would be | that FF has above-average usage here, with FF topics getting | upvotes regularly. | | Hmm, come to think of it, does anybody know an easy Chrome- | blocking trick for displaying "this page is best viewed using | FF"? Might be an effective deterrent for non-"hackers" and the | start of forking the web for good. | goalieca wrote: | I used chrome from 2008 to about 2013. At the time Chrome was | fast and their macOS experience was amazing. But you could tell | that Google was focusing more and more on integrations and | services and less on the browsing experience. | mschuetz wrote: | I've been switching to Firefox for private use a year ago, but | overall I find it not good. Weird bugs, usability issues, dev | tools not that great, etc. And privacy-wise, the defaults don't | seem great either. There was something about containers that | are supposed to prevent tracking between different domains, but | if you actively have to create containers rather than them | being automatically applied on each domain, then that's not | much use since it makes things cumbersome to use. | jedberg wrote: | You need the temporary containers plug-in to manage it for | you. | | https://addons.mozilla.org/en-US/firefox/addon/temporary- | con... | mschuetz wrote: | This is not something that should require a plugin. Each | plugin is an additional source I need to trust. | jedberg wrote: | The reason it is a plugin is because it's really | complicated and confusing. Even as someone who has a deep | understanding of web protocols I get tripped up by | temporary containers sometimes when things don't work | quite right. | | Firefox built the core container technology, which drives | their built in Facebook container (isolating Facebook | from everything else). But isolating everything has a lot | of weird edge cases, and I can't blame them for not | supporting it out of the box. | paulpauper wrote: | I have not noticed Fiarefox to be faster | ceejayoz wrote: | I haven't noticed it to be _slower_ , but I'd accept slower | for the privacy benefits. | paulpauper wrote: | It depends. For work related stuff I will always choose | speed and responsiveness. | rational_indian wrote: | I have noticed it to be slower, and with more broken | websites. I still prefer it over chrome. | BasicObject wrote: | I don't know about others but when I click youtube links | on reddit the back button is disabled. Not sure if it's a | bug or by design but I don't remember it always being | that way. | iscrewyou wrote: | Google websites work better on chrome. Not sure if it's because | google is doing something nefarious or if Firefox is just not | keeping up with google website technologies. | | So, I've trained my brain to use chrome as an app only for | google websites. When I need to check gmail or YouTube or | google calendar, I use chrome. Otherwise I'm on Firefox or | safari. | | It's worked pretty well. I found I was only really unhappy with | Firefox when using google websites. No longer a problem. | LittlePeter wrote: | What is exactly better? I am using FF and browse Google | websites, but never noticed anything. | iscrewyou wrote: | I replied to one of the other replies above. | derefr wrote: | It's the latter, but I would describe it less as Firefox not | "keeping up", and more as Google deploying _pre-standard_ | protocols (like SPDY) into Chrome _first_ , _before_ ever | documenting the protocol; let alone trying to get it turned | into a standard (like HTTP /2.) | | Chrome had SPDY support not just before any other web browser | did, but before any open _web server_ did--because Chrome had | SPDY support before Google ever documented that there was | such as thing as "SPDY." It was, at first, just turned on as | a special Chrome-to-Google.com accelerator, spoken only | between that browser and that server, because only they knew | it. | | I don't fault Google for this: they're doing "internal" R&D | with protocols, and then RFCing them if-and-when they turn | out to have been a good design for at least their use-case | with plenty of experimental data to confirm that. Which is | exactly how the RFC process is intended to be used: spreading | things that are known to work. | | It's just kind of surprising that "internal" R&D, in their | case, means "billions of devices running their software are | all auto-updated to speak the protocol, and start speaking it | --at least to Google's own servers--making it immediately | become a non-negligible percentage of Internet packet | throughput." (Which is a troubling thing to have happen, if | you're a network equipment mfgr, and you expected to have | some time while new protocols are still "nascent" to tune | your switches for them.) | kevin_thibedeau wrote: | HTTP 1.1 is faster when you're not downloading megabytes of | JS. I rarely browse AMP sites but when I do I'm amazed at | how user hostile they are compared to a strictly filtered | browsing experience. | kgwxd wrote: | I use Gmail, YouTube, Calendar and Sheets through Firefox and | never noticed a difference. What's not as good? | iscrewyou wrote: | I've replied to one of the other replies above. | alangibson wrote: | What problems do you have? I use Firefox exclusively and I'm | a heavy Google app user too (laziness...), but I can't | remember ever having a significant issue | MegaDeKay wrote: | I've had weird little breakages. Right now in Firefox, I am | unable to search within a given Youtube channel. Works fine | in Chrome. | | Edit: I am a diehard Firefox user and fall back to Chrome | only when I have to because of some weird breakage. One of | those is editing within Atlassian's Confluence: find within | a Confluence page doesn't work right in FF, and I've often | had @name references messed up too upon saving. Chrome | works fine. | iscrewyou wrote: | I'm on a MacBook Pro with a discrete graphics card. YouTube | never performs well for me on Firefox. It takes time to | buffer the video when I skip ahead or back. And that's with | me being on Fiber internet. Same goes for Gmail. It takes | longer to load emails. It's minor annoyances that add up. | For some reason, Chrome always works better whenever I | switch the applications. | | There's a good chance my MacBook is not supported properly | for Firefox as I've run into some internet threads about. | But at this point, I've settled on this solution. It also | makes me spend less time on YouTube once chrome is closed | down and I'm solely on Firefox. | Hnaomyiph wrote: | For some reason Firefox absolutely cannot play 720p+ 60fps | videos on YouTube for me, whereas opening the same video on | Edge I can play 4K 60fps videos without a single problem. | SubiculumCode wrote: | Google refuses to let Firefox have their voice typing | feature. | SubiculumCode wrote: | For those down-voting, I should have added this: | https://bugzilla.mozilla.org/show_bug.cgi?id=1456885 | shakna wrote: | > Google websites work better on chrome. Not sure if it's | because google is doing something nefarious or if Firefox is | just not keeping up with google website technologies. | | For a number of sites like YouTube and GMail, it's because of | Google. If you change your useragent to look like Chrome, you | get served a JS payload that Firefox is fine with, and it is | faster. | | If your useragent isn't Chrome, they'll serve you a less | optimised payload, but which tends to have wider support. | | They seem to have made a tradeoff - one that generally isn't | necessary under Firefox. | literallyWTF wrote: | Lot of 'Do as I say, not as I do'. | sanxiyn wrote: | Eh, I agree in general, but in this case, Chrome implemented | network partitioning in Chrome 86, which became stable in | October 2020, earlier than Firefox. | zests wrote: | Firefox sends everything you type in the address bar to google | by default. | | Would you be able to tell the difference between stock firefox | and stock chrome if all you saw was the fiddler session? I | don't know, I haven't tried. I did look at a firefox session in | fiddler and I was not impressed. | | Pick your poison. If you configure all the settings in firefox | properly it might be acceptable. But can you just do the same | in chrome? If not, you can use the privacy friendly chromium | browser of your choice. Most firefox users wont take the time | to configure it properly and the data will still reach the data | gobbler. | | Edit: an interesting comment from the other firefox thread | https://news.ycombinator.com/reply?id=25916762 | splatcollision wrote: | Even if you've changed the search engine? | mrweasel wrote: | Nope, I believe it also stops if you disable search hints. | They send keystrokes to the search engines because that's | how you get the search suggestion when typing in the URL | bar. | zests wrote: | What if you change the search engine in Chrome and disable | all telemetry? This is the comparison we should be making. | unethical_ban wrote: | You're stretching really hard to make them equivalent. There | are a number of reasons to use FF besides telemetry. | zests wrote: | This is whataboutism. You can talk about other reasons for | using firefox if you'd like (although you'd have to mention | what those reasons are.) We're talking about privacy right | now and firefox does not fit the bill. | spijdar wrote: | It's probably one of the most obscure reasons, but keep | Chromium around because it's the only web browser with a JIT- | backed javascript engine on ppc64le. Firefox has to run | everything interpreted, which is actually fine for most sites, | but bogs down on JS heavy web app type things. | | On a much less niche side of things, a lot of web apps like | Teams, Zoom, and probably many others are only fully functional | on Chromium, thanks to WebRTC specifics and some video encoding | stuff that's only on Chromium. Don't know the details, but | things like video and desktop streaming are limited to | Chromium. | | That could very well be an artificially enforced restriction, | but I don't think it is. I _think_ firefox is moving towards | feature parity with Chrome on this one, I hope so anyway. | saagarjha wrote: | It's kind of sad that WebKit doesn't support it... | sanxiyn wrote: | Somewhat ironically, Google Meet works very well for video | streaming and desktop sharing on Firefox. So I think Firefox | isn't missing anything. | MegaDeKay wrote: | Slack calling doesn't work on FF as well. This + Teams + Zoom | is a big gap, especially in these COVID times. | arendtio wrote: | Is there any reason to keep the Same Origin Policy after this | change? I mean, shouldn't this change defeat CSRF attacks? | ogre_codes wrote: | These advertising networks are destroying web performance. Most | of these "Supercookies" are optimizations to improve performance. | By abusing them, advertisers have turned what should be a great | performance tool into a liability. I know FF suggests this won't | significantly affect most websites performance, but web | advertising and trackers are already responsible for a huge chunk | of performance issues already. | | Of course we'll have the inevitable guy pop in here and talk up | how awesome web tracking is because it helps sites monetize | better, but that's all bullshit. At this point, all the | advertising profits are sucked out of the web by Facebook and | Google. The rest of the industry, including publishers are just | struggling to get by while two trillion dollar behemoths throw | them scraps. | ngold wrote: | With data caps you are paying to be advertised to. | DrBazza wrote: | In many parts of the world, data still costs, and it annoys me | that if you pay for 10Gb a month, the sites you surf to are a | few kb, and then up pop the ads which are Mbs and steal your | data allowance. You're actually paying for ads you don't want. | the_jeremy wrote: | Browsers need to own tracking, and it's clear that Firefox and | Safari agree. | | I don't object to (silent, low resource, banner) ads, even | targeted ones, as long as the targeted ads aren't building a | comprehensive profile of me. | | I think my ideal would be telling my browser a list of a couple | interest areas (prosumer tech, sci-fi, dog peripherals) that | the website could target on to serve ads. They'd get targeted | ads, I'd get privacy, and I'd get ads that actually match | things I care about. | kristofferR wrote: | A much more significant performance issue with web tracking is | usually the absurd amount of JS loaded. | | It's almost impressive how they manage to load so much crap. | Just visit a site like mediaite.com, the list of trackers is | damn long. | ogre_codes wrote: | Yup. | | The _really_ frustrating thing about this bit is that because | it disables optimizations, it potentially impacts sites where | they don 't actually use tracking. | sanxiyn wrote: | Note that this particular change does not apply to non- | third-party resources. That's why performance impact is | minimal. | hinkley wrote: | I worked a contract where we slaved to get our load time down | to some respectable number, and then they launched the site | and load time was _multiplied_ by just the analytics software | (it was a company website, they weren't running 3rd party | ads). | | How demotivating. It was time to start thinking about moving | on anyway, but I basically stopped trying to pursue contract | renewal at that point. All that work (and uncomfortable | meetings) so Google could triple our load time. | Jestar342 wrote: | For more than a decade I've been campaigning (to any of my | employers that utilise adverts on their platform) to drop | adverts with the primary factor being that of performance for | page load. The last time I looked, adverts were adding an | additional ~35% load time to the page. Anywhere from 5% to | _60%_ (!!) of vistors were navigating away before page load | completed (Varied depending on company/product of course) and | a staggering 80+% of those vistors would have had a full page | load if the adverts were not there. | yummypaint wrote: | I often wonder incredulously whether developers responsible | for particular sites really comprehend how bad performance | has gotten. Browsing threads like this on HN makes it clear | that they are probably well aware, but have no choice in | the matter. In a way that's even more depressing because | only a tiny minority of people are happy with the | arrangement. | hinkley wrote: | I walked away from one project. 3rd party scripts were | not the only problem but were the last straw. | | I have a community site I want to build. If it stays | small I can probably run it for $20 a month all in and | not pester anyone. But I'm still keeping my eye on some | of the saner ad networks that use subject matter instead | of user tracking to target ads. That might be an option. | | Linus tech tips has a video where he gives us a peek into | their finances. Among other things the merchandizing arm | makes them about a third of their revenue, and no one | advertiser is allowed to pay more than that, so they can | maintain a degree of objectivity. I think a lot of us | don't want to approach sponsors so we feel sort of stuck | with ad networks. | | And I'm not much of a materialist but I'm a tool nerd | (you possibly don't need it, but if you're gonna buy it, | get a really good one) so I'm not sure how I'd do | merchandizing, since I'm more likely to recommend a brand | than have something made for us. That leaves what? | Amazon's "influencer" BS, which is more money for Amazon? | Discount codes, which are untargeted consumerism? | executesorder66 wrote: | What was their rationale for not doing as you suggested? | WrtCdEvrydy wrote: | It's the chain of analytics. | | You load one ad and they want their own analytics or they try | to stuff multiple ads into the same slot so you get multiple | analytics. | | We clocked one ad at 800Mb loaded once. | nudpiedo wrote: | Blocking ads and installing some sort of cookie auto- | accepter/deleter[1] is the best and mopst optimization saver | which you can have without disabling javascript. | | [1] https://www.i-dont-care-about-cookies.eu/ | aembleton wrote: | Or just add the filter list [1] to uBlock Origin | | 1. https://www.i-dont-care-about-cookies.eu/abp/ | stiray wrote: | Due to cache abuse I have all caching disabled on firefox and | this is a nice move (even if I will continue to use it without | cache). | | Anyway one more thing that I can observe on Ubuntu 20.04. | Firefox has become noticeably faster. I dont know if this is | due to the fact that is not from ubuntu repositories or some | serious optimizations were made. | | "On Linux, the WebRender compositing engine is enabled by | default for the GNOME desktop environment session with Wayland. | In the previous release, WebRender support was activated for | GNOME in the X11 environment. The use of WebRender on Linux is | still limited to AMD and Intel graphics cards, as there are | unresolved problems when working on systems with the | proprietary NVIDIA driver and the free Noveau driver." | | (Fax machine enthusiasts, please stop abusing the thread and | move to Ask HN or something) | warent wrote: | I run a network ad-block dns (pihole) and consistently 25-33% | of all my network traffic is blocked as ads. It's much more | than I ever imagined. Now I'm used to a different internet, | when I'm using internet off the network it's like WTF is this? | pradn wrote: | Question about pihole: is it possible to turn off blocking | for a website? Do you have to log into the pihole web | interface to do that? I often go to websites where some | crucial functionality is blocked by my adblocker (ublock | origin), where I have to turn it off for that site. | guilhermetk wrote: | Yes, you can do that via whitelist/blacklist: | https://docs.pi-hole.net/guides/misc/whitelist-blacklist/ | secondcoming wrote: | allowlist/denylist | daotoad wrote: | Why are people being so negative about this? | | If the terms whitelist/blacklist are hurtful to some | people because of all the racial baggage we've applied to | the words white and black, why not switch to allow/deny | instead? | | Using allow/deny is more explicit and doesn't rely on the | benign cultural associations with the colors black and | white. The choice of colors used here is arbitrary. For | example, one could just as easily use green/red in | reference to traffic signal colors. Ask yourself, would | it bother you if we used blue and pink for allow and | deny? What if we used blue or white as synonymous with | deny? | | Two good reasons exist to change our habits, basic | manners and clarity. | | I'm sure I'll use the terms blacklist and whitelist from | time to time out of accumulated habit. But there's no | reason for me to cling to those terms. Being gently | reminded to use objectively clearer terminology shouldn't | engender hostility on my part. I try not to be an | unpleasant person, part of that is when someone tells me | my behavior has a negative impact on them, I try to | listen to what they say and modify my behavior--while | actually effecting change can be hard, the underlying | concept is pretty simple. | shakna wrote: | Whitelist/blacklist have their origins in terms from the | 1400s and nothing to do with race (they have to do with | criminality). Twisting their etymology to fit some kind | of racial bias is sort of weird. | | And throwing aside 600 years of clarity for "basic | manners" also seems rather weird. Sort of like banning | the word "engender" because a small minority might find | that to be offensive. It isn't clearer to use a different | word than has been used for over half a millennium. | 8note wrote: | Blacklist/whitelist are not used consistently, so the | clarity is not there. You can't see whitelist and | consistently know whether it's going to be an allow list | or a deny list | sib wrote: | For a while, people were getting in trouble for using the | word, "niggardly," even though it had nothing to do with | the offensive term that it sounds like. | | https://en.wikipedia.org/wiki/Controversies_about_the_wor | d_n... | ogre_codes wrote: | I suspect it is the perception that it's a bit pedantic | to correct an otherwise correct answer. I agree with you, | but also don't really think it needs to be corrected | every single time someone posts whitelist/blacklist. | | EDIT: apparently setting allowlist/denylist won't work so | it's not just being pedantic, it's wrong. | rgossiaux wrote: | >objectively clearer terminology | | Sorry but I find this claim (which I've heard from others | too) ridiculous. "Blacklist" is an actual common English | word in the dictionary. "Denylist" is an incredibly | awkward-sounding neologism without any context or history | behind it. There is no way that "denylist" is the | "objectively clearer" one here. | Macha wrote: | There is a real cost to changing APIs/documentation/UIs. | My experience talking to black (one African, one | European) coworkers is their reaction is "That's the | problem you're going to fix?". When the company does a | companywide initative to remove "problematic" terms from | APIs/documentation, but doesn't stop funding of | politicians who support voter suppression that | predominantly affect black people in real practical ways, | that bemusement can even turn to offense as they feel | placated. | | Of course, my coworkers don't represent all black people, | and especially wouldn't claim to represent African | Americans, but if even black people can hold this | opinion, are you surprised others don't see this as worth | the effort to change? | ogre_codes wrote: | > There is a real cost to changing | APIs/documentation/UIs. | | This is an OSS project. If someone cares enough about it, | they should submit a (non-breaking) patch along with a | patch for the documentation. There are no costs to people | who don't find it a valuable change. | | > My experience talking to black (one African, one | European) coworkers is their reaction is "That's the | problem you're going to fix?". | | Obviously this isn't fixing any of the fundamental | issues, but it does bother some people. My preference is | to respect the people who have problems with it. An easy | policy is to simply avoid creating new software which | uses that terminology and to accept any patches which fix | it. That way the people who feel the change is important | bear the burden of the cost (which is likely small some | thing like this). | ARandomerDude wrote: | Man I can't wait until I get special treatment because I | drive a vehicle of color. | trewnews wrote: | Really? Is this not Doublespeak? | kayodelycaon wrote: | Not quite. A number of applications use allow/deny for | access control. I've seen allowlist and denylist more | than ten years ago. | tsujp wrote: | You and everyone else who exhibit this are reading into | things that don't exist. Language has context, words are | part of language and so therefore words have context too. | JKCalhoun wrote: | A black celebrity (forget who) said that he came to the | realization growing up that the only positive connotation | he could find for black was "in the black" with regards | to finances. | | So, I kind of see the point. | cgriswald wrote: | The downside of that is being 'in the red', which is also | potentially problematic. | | To fix the problem, we either have to stop referring to | any metaphor/symbol involving color with negative | connotations; or we have to stop using color to identify | and refer to people. I think the former is good for | precision (allowlist/denylist are great identifiers in | that regard), but won't really solve our other problems; | while the latter is probably better for human dignity, | mutual respect, and combating our propensity for | tribalism/racism. (Or, why not, we could do both.) | pkulak wrote: | Exactly. And using white/black as synonyms for good/bad | may be creating context (connotations, really) that we | don't want. It would be fine if we hadn't already | overloaded those words to refer to people... but, here we | are. In the context we've created. -\\_(tsu)_/- | cgriswald wrote: | The original poster used the terms used by the | technology. The best choices for changing this | terminology would be to write a treatise for HN | consumption (to reach the community at large) or to | contact the authors of the technology that use this | terminology (to fix the origin in this case). Sniping a | 'random internet poster' is just lazy trolling. | vaduz wrote: | > allowlist/denylist | | As of now, it is called whitelist/blacklist in PiHole | [0]. Maybe it will change, maybe it will not, but there | is already a place to fight that battle [1] and it is not | HN. | | [0] https://docs.pi-hole.net/guides/misc/whitelist- | blacklist/ | | [1] https://github.com/pi-hole/AdminLTE/issues/1448 | cj wrote: | My solution to this is using Cloudflare Warp (Cloudflare's | consumer-facing VPN). | | When I need to access ads.google.com or | analytics.google.com for my company, I turn on Cloudflare, | and pihole is bypassed. | corobo wrote: | You can whitelist yes, or there's an option to disable the | entire thing temporarily for x minutes. | | Yes you have to log in to the interface unless you engineer | a way around it | vdqtp3 wrote: | Yes, you have to login to disable but you could easily use | the API. For instance, pihole.disable(60) with | https://pypi.org/project/PiHole-api/ | biryani_chicken wrote: | I just stop using sites that gimp themselves when I use an | adblocker. There's tons of alternatives for most things. | pradn wrote: | There aren't always alternatives - think shopping for | certain items, government forms. | tux1968 wrote: | Why would a site that hopes you'll send them money in | exchange for product, refuse your traffic if you have an | ad blocker enabled? That just costs them money. Same for | government forms, why would they refuse your traffic if | you're blocking ads? | pradn wrote: | I wonder, too. Yet I still see these issues. | vaduz wrote: | It might not be intentional to break the site experience | for adblock users - but there is a number of sites that | has implemented link tracking in a way that overrides the | normal click (though sometimes not keypress) events, to | let the tracking code do its thing. If the tracking code | is blocked or fails to load, that means a lot of actions | break. | | Best part? Trying to convince the operators of such sites | that users they cannot see in their "analytics solution" | are worth fixing their site for is not exactly a | straightfoward job - from their narrow view, these users | simply do not exist, because the tracking does not show | them! | contravariant wrote: | You have adds on your government forms? | pradn wrote: | Ad blockers have false positives. | GuB-42 wrote: | It is not what GP asked. | | An no, there isn't "tons of alternatives". In theory | there is. But in practice, they can really make your life | harder. Some may say that Signal is an alternative for | WhatsApp, but if people you communicate with don't want | to use anything but WhatsApp, then Signal is useless. I | hate Facebook but when I want to plan an event, I found | nothing better, simply because that's the platform that | reaches the most people. Network effects... But also, | your favorite show may not be on "alternative" streaming | platforms, sometimes your job, or worse, the government | may require a specific website. | | There are extremists who are ready to find alternative | friends, shows or jobs just to avoid using some website. | It is a good thing these people exist, that's how | progress is made. But for most people you have to make | compromises. | JKCalhoun wrote: | > I hate Facebook but when I want to plan an event... | | Ah! That's why I haven't missed Facebook. I am old enough | that I don't plan events any longer. | | (Or maybe I have no social life. Actually, that's right, | I don't. ;-)) | ogre_codes wrote: | How do you use the web when you can't click on links? | | I can't effectively keep a mental black list of all the | sites which I don't want to click on. | biryani_chicken wrote: | I don't. I mean, if it's a news site just search for the | title in a search engine and you'll find other articles. | If it's a web application I search for an alternative and | bookmark that. If you really want to avoid even loading | it, you can just block the whole site with your adblocker | but I don't go that far. | ogre_codes wrote: | That is what I currently do. It turns casual browsing | into a frustrating scavenger hunt. The whole point of the | web was to make links effortless so you could browse | sites. This breaks that whole model. | monadic3 wrote: | > I can't effectively keep a mental black list of all the | sites which I don't want to click on. | | It gets easier over time. | oivey wrote: | Very few sites are broken with ad blocking. If you click | on one, you just press the back button. No need for a | mental blacklist. | spacedgrey wrote: | I map the command below to a keyboard shortcut to disable | all pihole blocking for 60 seconds via the pihole disable | API call. | | wget --quiet "http://PIHOLE_IP/admin/api.php?disable=60&aut | h=YOUR_API_TOKE..." | | You can find the token in the pihole Web GUI at, Settings > | API/Web Interface > Show API token | xeonoex wrote: | Pi-Hole/NextDNS also blocks adds in most apps. I used NextDNS | (which has a limit on the free tier), and recently switched | to pihole running on my home server. I also use ZeroTier to | connect to my server directly even when I am not on my local | network to still use it as the DNS server. Works great. | rndomsrmn wrote: | You can get even better coverage with the NoTracking lists | (dnsmasq/unbound or dnscrypt-proxy) | https://github.com/notracking/hosts-blocklists | | They focus not only on tracking but also malware | prevention, where possible via dns filtering. | | Pi-Hole still does not properly support wildcard filtering, | only via regex but that is not really efficient (requires | tons of resources). | StavrosK wrote: | I paid them, $20/yr is quite good and I can add my parents' | house, my in-laws' house, etc on the same plan and manage | them all centrally. | rodgerd wrote: | Mine was that high, until I ditched all the family Android | devices. It's now around 2-3%. It's quite an extraordinary | difference. | mstade wrote: | I use NextDNS for this, it's brilliant. (I'm not affiliated | with them in any way, just a happy customer.) | jeanofthedead wrote: | Same. I got tired of Pihole breaking for one reason or | another (although I certainly adore the project). NextDNS | works extremely well, provides a native app for every | device, runs on my router, and is dead simple to maintain. | mstade wrote: | Hear hear. The only problem I've had was when I set it up | on my router and my IKEA smart lights stopped responding | after some 30 min or so. Turns out the gateway phones | home and those calls were blocked, so for some reason or | another the gateway just stopped responding to commands. | Restarting it or resetting the network made it fly again, | but only for the set time before it phoned home again. I | was very disappointed by that, after having read some | article here on HN arguing that IKEA had actually done | IoT sort of right. Oh well. | | Obviously not a NextDNS specific issue, it'd happen with | anything that blocks the call, but just putting it out | there for the next sucker that tries to google why their | IKEA gateway suddenly stops responding. | karakanb wrote: | Would you mind sharing the blocklists you use? I have gotten | to a ratio like that, but I have noticed that it was causing | more issues with regular websites for my guests, so I removed | many of the custom ones. I'd like to try some others if you | have suggestions. | ycombinete wrote: | Would Pihole affect latency in online games? | wejick wrote: | My issue with pihole or any other DNS adblocker is I can't | whitelist some website that I love. As evil as ada network, | but I still want my favorite site to get some revenue. | McDyver wrote: | Maybe your favourite site would welcome a direct | contribution, instead of an ad click | [deleted] | ogre_codes wrote: | I just have a decent set of ad blockers and the experience is | similar. Unfortunately, it often results in weird experiences | or I get sites which don't work at all if you have ad | blocking. | Average_ wrote: | Well that's interesting. For me 99.5% of websites work | perfectly using ublock origin. The only .5% remaining are | websites that actively refuse to serve any kind of adblock | users, not because it breaks functionality on their site. I | don't think I can recall having visited a single website | that would have features break unintentionally because of | ublock in the past few years. | ogre_codes wrote: | I don't think my experience is vastly different from | yours. I do get some sites where pop-overs or cookie | notifications are blocked but it's not clear and you just | can't scroll. I could turn off those blocker settings, | but the notifications are annoying enough it's worth it. | vianneychevalie wrote: | Can't agree with you, Dynamics 365 is one of them (it's | shit but I've implemented it at work). EDF (French main | electricity provider) also breaks for me. That's one | example from a big company, and one example with a big | user base. | ev1 wrote: | It depends on how many privacy lists you have added, | probably. | | Normal display ads all being blocked is generally fine | 99% of the time, but if you care about not being | permanently tracked across the internet then there are a | couple more domains you have to add - except some sites | make it mandatory that those invasive fingerprinting | scripts and port scanners run and report back a session, | otherwise you're refused login or banned. | letitbeirie wrote: | The Denver Post just lost my business over this. They | have one of those things that scrambles all the words for | any user with the audacity to not want to see video+audio | ads while reading their newspaper. | | Is it their content to do what they want with? Sure. | | Does the same logic apply to the $9 I used to give them | each month? You're damn right. | ogre_codes wrote: | Hard agree. If I'm paying for content, I'd accept a small | number of discrete advertising. Video advertising on a | text/ photo site pisses me off in general and if I was | paying for it? No chance I'd let that fly. | pkulak wrote: | I run Pi-Hole on my network as well; it's wonderful. I'm | terrified that it will stop working soon though, as companies | start to use their own DNS servers, which I've heard is | happening. | rodgerd wrote: | This is pretty much why Google are a huge proponent of DoH. | JKCalhoun wrote: | Interesting. I would think though that the move to their | own DNS servers could extend to their own ads as well -- | that is, cutting out the middle man that is Google/etc. | | I'm all for news sites, for example, hoisting ads if I knew | they were getting the money from those ads, knew the ads | were actually coming from their site. | pkulak wrote: | Sorry, I didn't mean their _own_ servers, I just meant | hard-coding 8.8.8.8 into the DNS settings, for example. | | I wonder if you could hijack those requests at your | router and send them back to your Pi-Hole? But then they | just switch to DNS over TLS... | varenc wrote: | I just have my network block outgoing DNS queries that | aren't from the gateway. But you're so right that DoH is | going to throw a wrench in this. | [deleted] | letitbeirie wrote: | If an ad can use DoH to sidestep a firewall, so can an | employee. If Google and Facebook were cunning (and | nefarious, but that much is presumed), they would be | aggressively developing a product that solves this | problem for corporate networks, but at an enormous cost. | Otherwise, when corporate networks solve this (and they | will), home users who hate ads will just follow whatever | pattern they settle on. | dheera wrote: | I added this to my /etc/hosts | | https://github.com/StevenBlack/hosts | | What is the advantage of having DNS on a separate device | other than that it provides ad blocking for multiple devices? | varenc wrote: | That's the main benefit. | | But also you can have more flexible block patterns. I run | DNSCrypt-Proxy and my block lists can have wildcards. With | /etc/hosts you have to enumerate each origin. It can also | do things like IP blocking where if any domain resolves to | a known ad network IP, then that request is blocked. | | But mainly, DNSCrypt-proxy encrypts all my outgoing queries | and round robins them across resolvers. (Also hi dheera!) | JKCalhoun wrote: | 25-33% of requests? Or is this a percentage of bytes? | | Because I wonder what percentage of bandwidth (in terms of | bytes) trackers/banners/ads account for. | | Need to set up a pi-hole ... just too many other projects.... | 6gvONxR4sf7o wrote: | I set it up recently. It's about as much effort as buying | and setting up a new laptop with ubuntu if you get a kit. | I'd imagined it as a project beforehand, but in reality | it's super easy and trivial (assuming you're comfortable | using linux and ssh at a noob level). | warent wrote: | Yep same. I'm a mere web developer that mostly works on | Mac. Getting Pihole setup only took me like an afternoon | after having an RPi sitting around doing nothing for | months. They make it really easy, just follow the | instructions. Also I'm lucky enough that my router has a | friendly interface where it's easy to set the router DNS | to pihole. | mstade wrote: | How would you measure bytes if the requests are blocked? | emayljames wrote: | Run the same requests throught different end points. Each | through pihole & unfiltered, while monitoring the traffic | on both. | mstade wrote: | Doesn't that defeat the point of pihole? Though I suppose | if what you want to do is measure things it makes sense. | dylan604 wrote: | Some people are good at thinking a process through to the | end. Others are not and ask questions at the first | unknown. It's a large part of why I'm not a teacher. | cptskippy wrote: | Pi-Hole is a DNS solution so it's just blocking DNS | lookups. Mine is currently blocking 43.9% of all DNS | requests. | Fiahil wrote: | It's a percent of DNS requests. It might be quite difficult | to see what percentage of bytes it translate to, since HTTP | requests aren't actually sent. | | My pihole is showing 18.7%-23% of requests blocked :) | andreasha wrote: | Noticed that some apps on iOS spammed the DNS server if they | couldn't connect to their ad networks which should affect | battery negatively. | mixmastamyk wrote: | I use the noscript extension that uses a scripting whitelist. | Bit of a pain at first, but pretty soon your browser will be | flying. No extra hardware needed. | | Kid's computer has dnsmasq as a similar solution. | monopoledance wrote: | Advertising destroys everything. If something is based on ad | revenue, it goes to shit ultimately. | | The latest casualty was podcasts. It's revolting. | | Ad-based businesses need to be boycotted until this disease is | in lasting remission. | ogre_codes wrote: | > The latest casualty was podcasts. It's revolting. | | Hmm? | | Yes, there are adverts on all the podcasts I listen to. Many | of my favorites offer members only ad-free versions. Usually | I suffer through the ad supported versions because the | adverts are easy enough to skip. | | Some podcasts have too many adverts or annoyingly inserted | advertising. Those are pretty 1 and done. No point listening | to them. | | IMO the (current) podcast market is a good example of how we | can enjoy content and know the producers are compensated | without having to deal with obtrusive marketing crap. | | It is getting clear some podcasting is getting sucked into | things like Spotify, but there is still enough good content I | don't think it's a problem. | monopoledance wrote: | I absolutely don't respect having my weir podcast- | friendship relationship with the host exploited by fully | integrated ad pieces whispered to me in a trusted voice. | That. Is. Sick. | ericholscher wrote: | We're trying to build an ad network that doesn't track users: | https://www.ethicalads.io/ | | We talked a little bit about how these ads still work, even | without tracking you. You might be losing 10-15% of revenue, | but if you never had that revenue to start with, you don't miss | it: https://www.ethicalads.io/blog/2018/04/ethical- | advertising-w... | | I think the real secret is just to not become dependent on the | additive revenue. All businesses forgo additional revenue based | on ethics and regulation, and I don't understand why that's | such a odd thing to do with advertising. | tgsovlerkhgsel wrote: | I think the big problem in adtech isn't just targeting, it's | also fighting ad fraud. Do you have a good plan for when you | become big enough to become a target for ad fraud? | wpietri wrote: | I appreciate that you're trying what you're trying, but I | wanted to address this: | | > All businesses forgo additional revenue based on ethics and | regulation, and I don't understand why that's such a odd | thing to do with advertising. | | The great bulk of advertising is built upon a conflict of | interest and is essentially manipulative. Consider, for | example, an article. Both the writer and the reader want the | reader's maximum attention on the article for as long as the | reader cares to give it. The goal of advertising is to | distract from that in hopes of extracting money from the | reader. Generally, ads are constructed without much regard to | whether the reader was intending to buy or would really | benefit from the product. The goal is to make a sale. (If you | doubt me, look at how many people who create or show ads, | say, test a product before putting the ad in front of people. | Or just look at tobacco advertising, a product that has | killed hundreds of millions.) | | So I think there's an inherent lack of ethics to ads as an | industry. It could be that you'll find enough people who are | worried about privacy but not about the other stuff to build | a business. But I wouldn't bet on it. It's no accident that | this security hole is being closed not because of random | miscreants but because of industrial-scale exploitation. | msl wrote: | These are some of the only ads I see online these days (on | Read the Docs, mostly). I don't use ad blockers, but I do use | tracker blockers, and those block pretty much all ads, for | obvious reasons. Not these ones, though. And that's how it's | supposed to go. | HappySweeney wrote: | Can you elaborate on your setup? | morvita wrote: | I'm not OP, but I have my browser setup to block trackers | only, nothing that's billed as an ad-blocker. | | I use Firefox with Strict Enhanced Tracking Protection | [0] and Privacy Badger [1] as an extra layer of | protection. Some sites, mostly news orgs, complain that | I'm blocking ads, but inevitably these are the sites | Privacy Badger reports 20+ trackers blocked. I'm happy to | see ads online, I'm just not willing to sacrifice my | privacy for them. | | [0] https://support.mozilla.org/en-US/kb/enhanced- | tracking-prote... [1] https://privacybadger.org/ | TedDoesntTalk wrote: | Why not just block ads, too? Do you really think | advertising is ethical at any level? Because I do not. If | I want to buy something, I seek it out. Anything else is | like junk snail mail: a waste of my time and your money. | morvita wrote: | The short answer: I am not anti-advertising, so I don't | block ads that respect me. | | I don't love advertising in many of it's forms, but taken | from the viewpoint of those who make money from ads (i.e. | content creators), it is one of the best ways out there | for them to make a living. Platforms like Patreon are | great for some folks, but not everyone can make a living | off of sponsorship from their viewers. But, I am not | willing to sacrifice my own privacy to allow someone else | to make money, especially given that we have tonnes of | examples of non-privacy-invading advertising that works. | | I listen to 8-10 hours of podcasts a week and I generally | find the ads on them, usually where the host does an ad | read and includes a discount code, to be far more useful | and relevant to me than the hyper-targeted ads backed by | 20 tracking scripts I see on news sites. Another example, | many of the indie tech news sites I read (e.g. Daring | Fireball or Six Colors) will have a weekly sponsor that | will have an advertising post or two interspersed with | their regular content. I'm happy to take 2-3 minutes out | of a 30 minute podcast episode to listen to a couple ad | reads or see a brief write-up of a sponsor's product as | I'm scrolling through the week's tech news. What I'm not | happy to do is have my web browser load a dozen tracking | scripts in the background when I open a news article and | have flashing pictures deliberately trying to distract me | from what I'm reading. | s_tec wrote: | Which ones? I think I would like to try your setup, since | it sounds like a good compromise between having my data | harvested and being kicked off of sites for blocking their | ads. | Nextgrid wrote: | This is great. How are the ads paid for though - is it billed | per click or per impression, or is it billed per an | approximate amount of time the ad will be displayed for? | | The problem with charging per click or impression is that | you're vulnerable to fraud which means you either lose | money/trust or you have to do invasive tracking to detect & | prevent fraud (which you'll be unlikely to achieve as well as | the big players - Google & Facebook - do). Charging per | amount of time (regardless of actual impressions or clicks) | doesn't have that problem. | ericholscher wrote: | We are doing CPC & CPM pricing. I don't believe anyone has | asked us for "time seen" pricing. I don't even really know | how that would work, and why it wouldn't be open to fraud | in a similar fashion. | | Do you have a good example of how this is priced, and how | it would work in practice? | [deleted] | Nextgrid wrote: | By time seen I don't literally mean time displayed on | screen but more like TV/radio ads, as in this ad will be | part of our rotation of X ads for an entire months across | X publishers. I think The Deck used to do this. | | Determining the price will be a bit tricky (and I would | expect that you'd have to lowball yourself until your | platform builds credibility in terms of good ROI) but in | the long run it should mean your advertisers pay a flat | price to be included per week/month regardless of actual | impressions or clicks (thus there's no fraud potential as | only the raw profit from the ads will matter - the only | "fraud" potential would be to literally buy the | advertised product _en masse_ ). | ericholscher wrote: | Gotcha, that definitely makes sense. We are looking at | doing that for some of our larger sites, similar to | Daring Fireball: | https://daringfireball.net/feeds/sponsors/ -- which I | believe is based off the old Deck model :) | | Thanks for following up. | hhjj wrote: | It would be nicer if no tracking would mean no data sent to | ethicalads unless user engaging with ad because we know what | happen when we trust advertising companies. So a step in the | right direction but i would still block impressions when | hosted on another domain. Also ads should not distort users | perception in order to sell but that's another debate. | ericholscher wrote: | We support a backend API, but it's much more complicated to | implement, and the client gets more complex as well. We | started out with a vision of all backend integrations, but | it was impossible to sell to most publishers. | AndrewUnmuted wrote: | There is no such thing as an ethical ad. | | Advertising is a cynical deployment of our knowledge of crowd | wisdom, media manipulation, and statistics to make people | part with their money for things they wouldn't think they | needed. Our economy can't handle this kind of reckless | consumerism anymore. | | Worse yet, we don't need advertising to bolster our media. | Unfortunately, the media execs don't realize this yet. | | All your metrics are fuzzy, your standards ridiculous. We | have far better practices we can deploy than the ones the | advertisers use. | | Please, stop advertising to us. If that's all you plan to do | with this new company, can you please kindly go away? | sbarre wrote: | I am really confused by this position. | | How do you propose that companies should promote their | products and services, if not through advertising? | | Are you somehow suggesting that they should just sit there | and hope that people who have never heard of their product | independently decide they happen to want or need that | product and seek it out, unprompted? | | You say "people part with their money for things they | wouldn't think they needed, Our economy can't handle this | kind of reckless consumerism anymore": Surely you don't | think you speak for everyone? | | You certainly don't speak for me. | | I am not some blind sheep who is suckered into buying | things I don't need. I am a grown adult who can make | informed decisions with my money, including sometimes | buying frivolous or unnecessary things. | | I hate these arguments that assume everyone is stupid | except for the person making the argument. It feels like | there's some weird savior complex at work. | | People have free will and are allowed to spend their money | as they wish, and I think YOU are the cynical one if you | think otherwise.. | TedDoesntTalk wrote: | > Are you somehow suggesting that they should just sit | there and hope that people who have never heard of their | product independently decide they happen to want or need | that product and seek it out, unprompted? | | Yeah, it's even got a name: shopping. | jamiequint wrote: | It must be hard to be this naive ^^ | sbarre wrote: | And how do you know about the existence of a product to | go shop for in the first place, if not through | advertising and promotion? | | Or do you have infinite time to go browse every single | store in your city on the odd chance that you'll see | something you want? | com2kid wrote: | > Yeah, it's even got a name: shopping. | | So, for direct to consumer companies who only ship | online, SEO? | | Here's the thing: ads can be useful. | | Awhile back I got a, highly targeted, ad for high protein | sugar free cereal. That's awesome! I am 100% the target | audience for that product, and until I saw that ad I had | no clue it existed! To find a product like that I'd have | to search for it, but I would never search for an entire | new category of product that I didn't know about. | | Same thing for the fitness app I am using (BodBot, it is | amazing!). I am quite literally healthier right now | because of a targeted advertisement. | | Was I aware of fitness apps before then? Sure. But the ad | for BodBot was informative about what features | differentiated it from the literally hundreds, if not | thousands, of other competing apps. | | Do most ads suck? Sure. Should ads be highly invasive? | Nope. But interest tracking and basic targeting actually | help me find products and services that I want to buy! | | Facebook in particular, for all the things wrong with it | (long list!) has some amazingly relevant ads that inform | me of products that I never knew about. | TedDoesntTalk wrote: | hey man, that's great and i'm happy you're healthier | because of advertising. My experience has been the | opposite (yes, advertising making me and my family | UNhealthier -- mentally and emotionally). I don't want | targeted ads, but I can understand that you do. | | Perhaps there is a way we can both enjoy the internet in | our preferred ways. Perhaps not, I don't know. | zentiggr wrote: | So let's designate .biz as the place where advertisements | live, and turn it into the online yellow pages (plus all | the other scum to be expected) and ban anything | resembling advertising from every other TLD. | | Those who want to shop know where to go. Those who don't, | know where to avoid. | AngryData wrote: | I like what that guy is doing, but I still have to agree | with you. To me ads are just money focused propaganda, | abusing human psychology to make people spend money they on | crap they don't need. | scotu wrote: | there is no such a thing as an ethical comment. | | Comments are a cynical deployment of our knowledge of crowd | wisdom, media manipulation, and statistics to make people | part with their opinions for others they wouldn't think | they agree with. | | -- | | Sorry, there is such a think as "more" ethical ads. If you | want to be pedantic and argue they should use "more" suit | yourself. But things are not black and white, your comment | is in itself "manipulating" the reader trying to convince | them that ads are all the same and that they cannot be put | on an ehtical spectrum which is not true: tracking ads vs | billboard, I'd much rather a billboard (which I hate in and | on itself as they are usually just making the place they | are in uglier). | TedDoesntTalk wrote: | I'm not trying to manipulate anyone. I'm voicing my | opinion. I don't buy anything from advertisements. | Period. When I need something, I shop for it. And if you | think I'm alone, you're kidding yourself. | scotu wrote: | that's totally fine. I prefer a world without | advertisement, ideally. I disagree with you that there is | no spectrum of ad ethics. | | And while you are not "trying" to manipulate anyone | (maybe), I also disagree that you are not effectively | influencing your reader thoughts to some degree. | | The analogy I made is: even an internet comment does, on | a smaller scale, less maliciously, use persuasion | techniques: should we get rid of discussion forums too? I | don't think so, and while an ad-less world seems like a | nice experiment, sounds pretty unrealistic, regulating | (outlawing would be nice) tracking in ads? More realistic | and fixing 80% of what's wrong with 20% of the effort if | you ask me | TedDoesntTalk wrote: | You're right that an ad-less world is impossible. | Advertisements existed before you and I were both alive | and they will exist when we're gone. | | But that does not mean I have to partake in them, watch | them, or allow them to consume my attention and time. I | also don't need to spend my limited time on this planet | trying to "fix advertising". I can simply block them and | ignore the ones that slip through, and get on with my | life. If this is an issue that is dear to your heart, | that sentiment undoubtedly feels dismissive. I'm sorry | about that. | bennyelv wrote: | That may be the case but you can't discount the | possibility that when you are shopping for something, | your choices are influenced by advertising that you have | previously been exposed to whether you are aware of it or | not. Your decision to go shopping for something in the | first place may be influenced by it too. | ericholscher wrote: | If you'd like to suggest another way to make OSS | sustainable, I'd be all ears. | | A bit more color here: | https://www.ericholscher.com/blog/2016/aug/31/funding-oss- | ma... | smichel17 wrote: | I'm working on https://snowdrift.coop for that. | | We could use help, particularly from anyone who's good | with css. | TedDoesntTalk wrote: | You've obviously thought this out extensively and decided | to advertise. Who am I to offer a better solution? You | know your business domain, revenue needs, etc better than | me or anyone else. | | However, that does not mean I have to agree to | advertising -- whether it is labeled ethical, green, | sustainable, cage-free or whatever. If you're lucky, you | won't have a lot of extremists like myself visiting your | site; i.e. the advertising will be successful. | myWindoonn wrote: | Rather than open source, let us return to Free Software. | The point of our labor is not to ensure that we are paid; | it is to tear down the systems which create inequality | and scarcity in the first place. | TedDoesntTalk wrote: | To me, there is no such thing as an "ethical ad". You are | trying to steal my attention, my time. You don't get to do | that. My time on Earth is limited and you don't get a | millisecond of it if I can help it. | | If I want to buy something, I seek it out. Anything else is a | waste of my time and a waste of the advertisers money. | | I long ago decided to throw out every piece of physical ad | mail I receive without even glancing at it more than long | enough to recognize it as an advertisement. | | I don't know why you expect me to treat your digital ads any | differently? | | You can call my perspective extremist, but is it any more | extreme than the methods used by advertising networks to | steal my attention? | ogre_codes wrote: | I'm pretty frustrated by advertising too, and some of it is | particularly egregious, but at the moment, there is really | no other way for many publishers to get paid. | | I'm curious, how many services do you subscribe to and pay | for content? I pay for a few ad free resources, but | certainly a lot of the sites I enjoy don't get my $$. | monopoledance wrote: | Because publishers are producing print content for a past | era digitally, or, worse, already feed its bastard | adapted to advertisement. | | I get netflix for about 10EUR/month, but a weekly print | newspaper (still filled with ads...) wants 30EUR/month (4 | issues...) here, where a lesser digital only costs still | 10EUR/month... They just don't serve the information I | would pay for, but that doesn't mean the clickbaity | "free" online "content" is a legit business model. | | I want sober, on point, timely information on matters of | shared/common interest, filtered by journalistic | overview, contextualization and reliable sourcing. With | the option to subscribe to niche content additions, e.g. | art, culture, but of course news shouldn't be a comfort | zone only, either. I don't want to co-pay for the clear | special interests like the sports/soccer or housing | section, at all. And I won't ever pay for opinionated | outrage and intellectual masturbation, because nothing | else happened or feels like anything at the moment. I | don't want some mind-numbing four page zeitgeist piece on | cancel culture which starts by making associative yak | shaving a storytelling virtue. I want to be briefed in | the morning, by my personal intelligence service, like | madame president. | | Publishers are not struggling, they are throwing a fit | over a changing information access reality, for 15 years | or something. If they cry just a bit longer now, their | economic niche is gonna be completely absorbed by | technological answers to the question of "What's going | on?". | Griffinsauce wrote: | Just as an example: I read some dev newsletters, they | include a block of paid-for job postings. Highly relevant | with the content. Together with the occasional sponsored | post link (also still relevant content) this appears to | fund them just fine. | | This isn't "ad free" but it's close enough in my opinion. | There's a huge gulf between contextually relevant content | curated by the creators and the kind of shite that ad | networks push. | silentsea90 wrote: | Great morally charged argument, but I am not sure how you | expect content creators to monetize. | beefield wrote: | Well, to be blunt, in my humble opinion more than 90% of | "content creators" trying to monetize their content with | ads currently produce content of so low quality, that | world would be a better place without their content. So | if my ad blocker helps any of those to change their | career, I am happy. | silentsea90 wrote: | Even with ad monetization, if their content is of no use, | they will disappear if they survive on said ad | monetization. Content creation on the web is hard enough | to suffer from removing the major monetization avenue | without a suitable alternative. | JoshTriplett wrote: | Charge money, either directly for the content, or | indirectly in the form of patronage or a service or other | business you run. | silentsea90 wrote: | Yep, these exist as alternatives as of now, but require | an explicit payment step which might cause more friction | than ads. | | I think a service that allows for website usage based | payments, a Spotify/Apple News for websites would be | interesting. I can see a decentralized crypto application | evolving around this usecase | JoshTriplett wrote: | > Yep, these exist as alternatives as of now, but require | an explicit payment step which might cause more friction | than ads. | | Payment from one user produces more revenue than showing | ads to hundreds of users. That should be multiplied in to | any analysis of friction. | | > I think a service that allows for website usage based | payments, a Spotify/Apple News for websites would be | interesting. | | There have been _many_ attempts to do that, none of which | have succeeded. One major problem: they tend to track all | your web activity, and the kinds of people interested in | services like this are very much the kinds of people who | don 't want to be tracked. Another problem: it's easier | to convince people to pay for a specific source of | content than to amorphously pay for "various content". | TedDoesntTalk wrote: | That's not really my problem, is it? It is the content | creator's problem. | ogre_codes wrote: | Presumably if your adverts don't do tracking, they don't need | to slow page loads down the way current advertising does | either which should be a big plus. | | Fundamentally serving an advert should be a _light_ process | adding only a tiny amount of overhead to the site. | ericholscher wrote: | Yea, we are planning to do a blog post on it, but the total | overhead is in the 10's of KB. Just a single JS file, and | an image. All open source: | https://github.com/readthedocs/ethical-ad-client | franklampard wrote: | I totally read it as ethical lads. | tilolebo wrote: | And I read your comment as "ethical ads" and was wondering | what I got wrong from the GP comment, ahah. | baby wrote: | Security in general is a performance and usability killer. If | "attackers" were not a thing your internet would be much much | faster, hell your smartphone wouldn't need to encrypt itself or | paying in a shop wouldn't need a chip & pin. | | What I'm saying is that a lot of applications have many | attackers in their threat models, but advertisers have so far | been out of scope. | makecheck wrote: | Modern ad networks are essentially the "fax machine flyers" of | old: someone you don't know using _your_ resources and _your_ | time, denying you use of your own resources temporarily, to | send you something you don't want. Except now it's like every | "normal" fax page includes 15,000 flyers. | sunnytimes wrote: | i started working at a place that would get stacks of flyers | across the fax machine every day , they would just toss them | in the recycling bin all the while wasting tons of paper and | ink .. i started calling all the removal numbers and got it | down to zero .. they thought the fax machine was broken haha. | adrr wrote: | If people didn't want ads it wouldn't be a multi billion | business. Also your analogy is wrong. Your browser won't | execute code unless it requests it. Fax machine spam you | don't have do anything except have it connected to a live | telephone connection. | | It's more like complaining that your sole of your shoes is | being worn out more because grocery stores put the milk in | the back forcing you to walk past items you don't intend to | buy. You can always go to a different store just like you no | one is forcing you to browse websites that are ad supported. | ssss11 wrote: | Often something is a multi billion dollar industry that | people don't want! | | Perhaps you're invested in the ad industry. No one else | wants ads buddy. | adrr wrote: | Not in ads but I know they are quite effective. Most | startups can attribute their growth to the effectiveness | of digital advertising. Robinhood was driving app | installs for $10 each while E*TRADE and Ameritrade were | paying $1000 per customer. | | Most of that VC cash startups raise is spent on | marketing. I don't understand why people have such | negative perception of ads especially on a VC run news | site. All the ycomb companies drops tens of millions on | digital advertising. | mola wrote: | People don't want adds. how do you infer that people want | ads because the ad industry is profitable? | | It's profitable because a few people want to influence and | spy on a lot of people. | | Most people don't want ads they just tolerate them for | getting actual services. Most these people don't even know | how much tracking is involved and how nefarious this | industry really is. | adrr wrote: | Why do they work? Why can I go start a business and scale | it to millions of paying customers by using ads? | zentiggr wrote: | Because there are businesses and politicians willing to | pay through the nose to get their message in front of | those that they want to influence, and you are then the | middleman that gets our irritation and ad blockers and | pushback for contributing to the proliferation of the | most invasive, unscrupulous segment of our entire | society. | layoutIfNeeded wrote: | Because you're infecting people with mind-viruses to | force them to buy your crap. Advertising is about | exploiting human psychology, taking advantage of people | with weak impulse control, and outright lying. | notsureaboutpg wrote: | There's a huge difference though, people didn't use fax | machines to access loads of quality content for free. | | Things aren't free, but the Internet makes us feel like those | things are, and then when the creators of the content we | consume for free attempt to receive their pay, we call ad | networks shady and shifty and cheating. There are huge | problems with ad networks, but they are feeding and providing | for lots and lots of content creators in a way we, as the | general public, aren't willing to do. | | Complex situation with complex answers... | andai wrote: | Some pages don't let you "Reject All" cookies, you have to | uncheck them one by one, and there's literally hundreds of ad | networks listed. | | It's spooky, I tell ya! | jkochis wrote: | I seem to always have this handy snippet in my dev tools | history: | | document.querySelectorAll('input[type=checkbox]').forEach(e | l => el.removeAttribute('checked')) | anko wrote: | https://github.com/oblador/hush if you use safari :) | Basically the regulations say that if a user doesn't | respond to this popup, by default all the cookies are | rejected except the ones the site needs. | | This app hides the popup :) | tomjen3 wrote: | Sites can set as many cookies as they want. I have | installed temporary containers (that is a Firefox only | feature sadly), 15 minutes after I close the last tab in | that group all those cookies are automatically deleted. | | Each tab group then has its own cookie container, so I can | have multiple groups open and they don't share anything - I | can login to different google (or any other service) | accounts in different contains and it works like I want it | to. | | For the sites that I want to use logged in, I either create | a special container for that site only, or I just use a | password manager to log me in each time I need to visit it. | | The added privacy is great, the peace of mind in just | clicking I agree is great. | novaRom wrote: | How do you circumvent browser fingerprinting? If every | container has the same user agent, canvas, screen | resolution, JS benchmark test results, etc. then no | matter what but you are uniquely identified, bingo! | | I really feel today having different devices with | different browsers, connected to different providers is | only working solution. | grishka wrote: | Use your browser settings to block third-party cookies | altogether. And, better yet, install uBlock Origin and | never see an ad again. | Justsignedup wrote: | this. this is the way i solve this. They can use all the | cookies they want, ublock tends to just eliminate all of | it. | | Overall FF has been incredibly user friendly making all | sort of plugins that focus on privacy possible, while | Chrome has been as hostile to it as possible. | at-fates-hands wrote: | Unless you get the pop-up from the site that says, "We | see you're using an ad blocker. You need to turn it off | in order to access our site." | | Along with some marketing drivel about how its important | advertisers get their ad revenue. | grishka wrote: | This is when you revoke that website's privilege to run | arbitrary Turing-complete code in your browser because it | didn't use it wisely. | michaelmior wrote: | > never see an ad again | | I wish that were true. Although uBlock Origin does a good | job, some ads definitely still make it through. There are | also some sites that detect ad blockers and refuse to let | you in unless you disable it. There are workarounds for | some of these, but it's still a bit of a mess. | grishka wrote: | > There are also some sites that detect ad blockers and | refuse to let you in unless you disable it. | | That, and when there's an email subscription popup, is | when the one-click JS toggle extension comes out. Can't | detect anything if it can't run any code in your browser. | michaelmior wrote: | It can "detect" if JS is disabled (by loading content via | JS) so this doesn't always work. | emayljames wrote: | I agree, although to add, uBlock Origin has an | 'annoyances' list that does a pretty good job of stopping | detectors. | michaelmior wrote: | Thanks for the reminder that I hadn't enabled this in my | current browser :) | sbarre wrote: | If a website doesn't let me in because I use an ad | blocker, I respect their decision and I leave the site | and find what I need elsewhere. | | I have yet to come across a site that offered something | so unique or compelling that I decided to turn off my ad | blocker to use it. | [deleted] | [deleted] | boogies wrote: | Doesn't Google grant itself first-party status by | redirecting you through an advertisement domain? uBlock | definitely is the king of ad blocking extensions -- only | the fork AdNauseam (https://adnauseam.io/) can compete, | and that's by both blocking ads and fighting back with | obfuscating click simulation. | CameronNemo wrote: | Hmm. I think it would be better if the extension clicked | _randomly_ rather than clicked on all ads. That would | cause the numbers to be much harder to interpret, and ad | agencies or departments would have a much harder time | measuring their efficacy or justifying their existence. | boogies wrote: | Me too, and it provides a slider for the percentage to | click that I kept below 100 when I used it (now I use | Palemoon, which doesn't support WebExtensions, and I use | /etc/hosts). | valvar wrote: | You can change the click frequency in the settings. I | guess it would be better to make that setting a part of | the splash page that shows up on installation, though, as | otherwise many will miss it. | iso1631 wrote: | > ad agencies or departments would have a much harder | time measuring their efficacy or justifying their | existence. | | 50% of adverts are a waste of money, the problem for | people wanting to advertise is nobody knows which 50% | beders wrote: | Please don't. Unless you are willing to pay for the | services you are using for free now, ads is what keeps | them "free". | | You can object to being targeted based on your browsing | habits, but don't stop ads altogether. | gpvos wrote: | Too late. They had their chance and blew it. | grishka wrote: | It's my device and it's my choice what it's allowed to | load and display to me. It's not my responsibility to | make sure someone who provides their service for free | earns money from shitting into my brain. Implied | contracts aren't a thing for me. If you want to make sure | you get paid for your service, put up a paywall. | AnIdiotOnTheNet wrote: | Eh, I get where you're coming from, but no. The ad | industry is insidious and has exploited every means | possible to hijack the user's attention: pop-ups, | flashing banners, auto-playing videos with sound, inline | ads that reflow what you're reading after they take way | too long to load, extensions that insert ads, paying ISPs | to insert ads, talking to Alexa through your TV... | | There is no level these people will not stoop to, and | we're sick of their shit. They brought this on | themselves. | ihsw wrote: | Ad networks had their chance, it's done now. | mstade wrote: | I wonder how many people reading this comment are thinking, | "what's a fax machine?" :o) | | I like the analogy, but I wonder how effective it is on | anyone under the age of what, 35? | at-fates-hands wrote: | A small business owner I used to work for got sued for fax | blasting people when the marketing company he hired was | sending out some 2K faxes per day to unsuspecting business | owners. | | I still laugh about how he got several cease and desist | letters and still continued sending the same businesses | stuff. | | Ahhhhhhh yeah, the good old days. | culopatin wrote: | I'm in the age group you mention and although I've only | used a fax twice, I can totally understand the analogy. | neltnerb wrote: | Easy enough to just use "text messages" since it was not | very long ago that you had to pay to receive them but had | no ability to block them without disabling them entirely. | | At least for those of us that were late adopters of text | messages. | bialpio wrote: | This also depends on where you're from - I had a cell | phone for the past ~20years and only learned that you pay | for receiving texts in the US when I first visited, ~9 | years ago. | jdhzzz wrote: | I'm old enough to remember (like New Coke) ZapMail by FedEx | where you would send documents by FedEx and FedEx would Fax | it on their equipment to a location near the recipient for | physical delivery. Obligatory Wikipedia article: | https://en.wikipedia.org/wiki/Zapmail. Hey, most businesses | didn't have one of those newfangled FAX machines. | gumby wrote: | Newfangled? It will enter its third century in a decade | or so. | tomcam wrote: | So just fangled | gumby wrote: | I think it's sufficiently geriatric to be considered | oldfangled. | zxexz wrote: | You might be surprised how many of us under-35s still have | to use Fax machines on a regular basis ;) | megablast wrote: | > You might be surprised | | This is such a meaningless statement. | jsilence wrote: | This below 35 yr old discovered a fax machine. You won't | believe what happened next! | | Better? | castwide wrote: | Especially anyone who works in law, government, banking, | or healthcare. | TheRealDunkirk wrote: | I love that some of the most-sensitive information users | are the ones hanging on to a completely-unsecured | transmission method. Sure, tell me again about all those | HIPAA and SOX requirements when we still have fax | machines. | PeterStuer wrote: | or Microsoft | yakubin wrote: | Counts as government. | gumby wrote: | Especially in Japan. | pants-no-pants wrote: | My bank still accepts fax documents. All I would have to do | is find a fax machine ... | madamelic wrote: | Unsurprisingly Equifax requires you communicate with them | through snail mail, fax or a telephone call. | | Every other credit agency had no problem with my SSN + | address then Equifax throws a flag, locks my account and | says I have to validate my identity by faxing them | identity documents. | | Fat chance, idiots. | coliveira wrote: | In the Apple store you can find apps that send fax to a | physical location. That's what I used the last time I had | to send one. | slivanes wrote: | Try this online fax service: | https://www.faxrocket.com/#!/start | | I have bookmarked them from long ago. | yyyk wrote: | There are quite a few multifunction printers with fax. | darrylb42 wrote: | That assumes a land line to plug the fax machine into. | mjcohen wrote: | We have two. | wtetzner wrote: | There are online services that let you upload a PDF, and | they'll fax it for you. | mixmastamyk wrote: | Even in the 90s a lot of folks didn't send a "physical" | fax, you could print it thru your modem. Or something | similar, memory fuzzy, only did it once I think. | dylan604 wrote: | Or going to a shop like Kinkos or a local print/copy | shop. They offered sending/receiving faxes or FaaS before | _aaS was a term of "endearment". | gaius_baltar wrote: | > My bank still accepts fax documents. All I would have | to do is find a fax machine ... | | On linux you can use | [efax](https://linux.die.net/man/1/efax) and a modem | and... ooops, good luck finding a modem. | | I did this for real ~10 years ago when a stupid company | didn't accept a scanned PDF by email and required a fax | of the actual document "because security". The difference | is that I had a modem in an old laptop at that time, so I | just send them the same scanned PDF. | | Now I'm wondering if there is a provision for sending | faxes somewhere in the GSM/3G/4G rabbit hole of | standards. | unilynx wrote: | I'm not sure if it required anything from the network, | but my Siemens C35 could send faxes | freeone3000 wrote: | GSM yes, but once phones went digital that capability was | lost. | ciceryadam wrote: | One of my previous employees had a Kofax server with 6 | ISDN lines for faxing. D in ISDN stands for Digital. | gumby wrote: | GSM phones _are_ digital and include a special FAX mode. | dialamac wrote: | Pharmacy, nursing, and medical students will find out soon | enough. | dyingkneepad wrote: | I had to use a Fax machine in 2018. In the United States. | As the _only acceptable way_ to submit certain documents. | | I should also point to non-Unitedstatians that checks (that | physical paper worth as much money as you write and sign on | it) are still in use in the USA. | 14 wrote: | Checks still in use in Canada as well. I had a person | today tell me they had 3 checks stolen and cashed and my | response was "people still use checks?". | ghostpepper wrote: | In Canada it's spelled cheque, I have no idea why. | </pedantry> | jeromegv wrote: | Still in us but much less than the US. Interac bank | transfer has cut on a lot of that usage. | ryandrake wrote: | The demise of checks is greatly exaggerated. I've written | about 70 or so checks in the last 5 years. Mostly: | Property taxes, home improvement contractors, dues for | various clubs and social groups, kids activities, and | some mail-in retailers who simply don't take credit card. | | That's leaving out the "automatic bill pay" function of | my bank's web site, which, for most payees, at the end of | the day results in physical paper checks being printed | and sent in envelopes. | wastholm wrote: | > The demise of checks is greatly exaggerated. | | That varies a lot by jurisdiction. I'm 50 and I haven't | written a single check in my entire life. (Sweden.) | wdb wrote: | Yeah, only cashed in checks from US and U.K. Each time I | need to find out how to do it! Think three checks in | 40years ain't bad | tomjen3 wrote: | I have only ever paid once with a check here in Denmark. | I won't ever do it again, because no bank that I know of | will issue a paper check. | scruple wrote: | I maintain a legacy service at work (I originally wrote | it back in 2014) that is responsible for sending eFaxes | from our various other services and platforms. It's one | of the most internally trafficked services we have. We're | in the healthcare space. Almost every document created on | our different platforms results in a fax being sent. | dvfjsdhgfv wrote: | For the SS-4 form, to get the Employer Identification | Number, you have to either make a phone call (fairly | long, half na hour in my case), send a fax (and get the | EIN in 4 days) or apply by email and... wait 4-5 _weeks_! | [0] | | [0] https://www.irs.gov/instructions/iss4 | bityard wrote: | I still use checks because in the US there are certain | things you can't use a credit card for, e.g. loan | payments. | | I pay contractors with checks because almost none accept | credit cards and cash gets cumbersome once you start | getting into 4 and 5 digits. | | My local utilities all charge a "convenience fee" of a | few dollars when paying online or with a credit card. | Sending a check in the mail costs me only $0.50. (Even | though it costs them some employee's wages to handle my | envelope and cash the check. Go figure.) | | Checks are also convenient for transferring small amounts | of money to friends and family. Yes, there is Paypal and | the like and some of them don't even charge fees but I | trust my bank way more than I trust a random company with | direct access to my bank account. (Paypal in particular | have proven over and over again to be untrustworthy in | this regard, which is why not only do I have two Paypal | accounts--one for buying and one for selling--but I also | have a special "firewall" account between PayPal and my | main checking account. This is so that the most they can | grab is a couple hundred dollars on average, rather than | some arbitrary fraction of my life's savings.) | | Checks are sometimes the easiest (or only) way to move | large amounts of money between my own accounts. There was | a time where most online bank accounts would let you make | ACH ("electronic checks") transfers to any other account, | but they seem to be moving away from this, I presume due | to its high use in fraud. | robocat wrote: | New Zealand is phasing out cheques. | | Many shops don't accept them, some banks have already | stopped using them altogether, and the rest of the major | banks are phasing them out this year. | | A cheque is a rare thing to see (I haven't handled one | for a decade or so?) | ACow_Adonis wrote: | what on earth is banking doing over there in the US? I | wouldn't know how to write a cheque these days if I | wanted to, and the only cheque I've seen in the last 10 | years or so is from my (now deceased) grandmother in-law | sending birthday money to my wife. | | I'm guessing this is why several US payment companys and | start-ups just don't make any sense to me: "make payments | easier!" | | but it's hard for me to understand how to make it easier | than just typing in someone's phone number or email and | sending them money, or purchasing via tap and go with | your card/ phone. Don't you at least have electronic | transfers if not those other newfangled technologies? are | you (seriously) suggesting you can't transfer money | between your accounts? | toast0 wrote: | Banking in the US has first mover disadvantage. | | Because of how and when it got computerized, it's hard to | move it forward again. There's no desire for sweeping | changes, everything has to move slowly now. | | There are several personal transfer services (PayPal is | ancient and fits the mold), but none have a lot of | penetration. I think Zelle? is deployed through bank | integration, and may end up with a lot of users as a | result; possibly critical mass. | | There was a lot of backlash on rf payments the first go | round, a few issuers gave me cards with it, but then they | removed it. Then they started issuing cards with chips, | and now most of them are putting rf payments back in. A | lot of payment terminals have the hardware for it, but a | lot of them also have signs that say don't tap to pay. | | I can easily do electronic (ACH) between _my_ accounts, | as long as I 've gone through setup, which takes days for | test deposits to show up. But to transfer to a friend or | a relative is tricky. | spiralx wrote: | The first digital computers were used by banks within | years of each other - 1955 for BoA in the USA, 1958 for | BNP in France and 1959 for Barclays in the UK. And those | machines merely took over from existing calculating | systems that had been in place for a good couple of | decades. | | US banks suck for a lot of reasons but part of it is that | culturally and regulatorily the entire | financial/banking/commercial environment in the US is | very conservative. And there's not much in the way of | pressure to make changes either - whether internally from | competition and regulation or externally from the need to | interact with other countries. Like broadband, consumer | banking is basically an oligopoly that will quite happily | plod along providing the same service as long as it can. | elzbardico wrote: | Can't you use a wire-transfer or an ACH transfer? All | those use cases are easily solved with electronic | transactions in most of Europe, Asia and even in Latin | American countries like brazil. They are usually | inexpensive or free and instantaneous. | daxelrod wrote: | In the US, wire transfers can incur fees for both sender | and recipient. ACH is more often used by medium to large | businesses transferring money from or to consumers, but | the ergonomics are pretty bad for one-off person to | person transfers, to the point that if you hire a plumber | who owns their own business, they'll probably accept | check, and sometimes accept credit cards. | | The US does have some electronic networks for instant, | no-cost p2p payments. https://www.zellepay.com/ has a | large number of participating major banks with some major | exceptions. A lot of people use https://venmo.com/ or | https://cash.app/ which are not directly integrated with | banks but then offer electronic transfer of funds to bank | accounts. | com2kid wrote: | Wire transfers from my bank in the US require me to call | up and make a request. | | Writing a check is the fastest way for me to transfer | between two accounts. :( | josephg wrote: | Australia too. Electronic transfers here are free and | instant. When I used to rent I just set up a recurring | payment through my bank's website (free and easy, with | any bank to any bank). Now my mortgage gets taken out | each month automatically via a direct deposit | authorisation. (ACH equivalent). | toast0 wrote: | ACH in the US is not simple to use. Companies that accept | ACH payments are using a payment processor that comes | with a fee (usually less than credit card fees); | contractors aren't going to set that up. Consumer to | consumer transfers built on ACH have increased in the | last couple of years, but with low limits, inappropriate | for contractors, and generally with terms of service | prohibitting business use. It's easy to move money | between my accounts with tools based on ACH, though. | There's nowhere at my bank where I can say send $x to a | routing number and account number, it takes a bunch of | setup work. | | Wire transfers are expensive here; my credit union which | doesn't generally have high fees, charges $29 to send a | wire (they don't charge for incomming wires, but some | banks do). I've had some brokerages with free wires, but | usually that's tied to a balance requirement or in | connection with a company sponsored account (for stock | based compensation or retirement accounts). | jamiequint wrote: | This is a terrible analogy. Nobody forced you to go to the | website that voluntarily decided to include the trackers. | tehjoker wrote: | I can't tell if this argument is meant seriously but it is | incredibly specious. If every single website operates in | this fashion and modern life is nearly impossible without | them, then consumers are presented with no option and it | amounts to coercion. | passivate wrote: | It is still not a nice thing to do. Can we at-least agree | on that? | spiralx wrote: | If that website doesn't ask me if I want to allow those | trackers then it's forcing them upon me without my consent. | How am I supposed to know if a website has a tracker before | I visit it? | nixpulvis wrote: | This is akin to the whole class of CPU vulnerabilities we've | seen (Spectre/Meltdown/CacheOut/...) where performance | optimizations are at odds with security. | ogre_codes wrote: | It is remarkably similar. If it weren't for the assholes | trying to steal from us, our whole computing experience would | be faster. | kmeisthax wrote: | I'm going to be inevitable in the opposite direction: I don't | think cross-domain requests were actually saving that much | bandwidth. The common use case I could think of that would be | JavaScript CDNs. The problem with that is that JS libraries | update frequently - even something really common like jQuery | has hundreds of releases, all of which get their own | separately-cached URL. So the chance of two sites using the | same jQuery version is low. Keep in mind that public JS CDN | URLs are rarely refreshed, too - it's more of an indicator of | when the site was developed rather than the latest version the | site was tested with. So you could hit hundreds of sites and | not get a cross-domain cache hit. | | Even if you did share a URL with another site, the benefit is | low compared to what you can do with same-domain requests. Most | sites should be served with HTTP 2 already, which means even | unoptimized sites should still load decently fast as requests | aren't as expensive as they used to. You can get almost all of | the same bandwidth benefits from a cross-domain cache by just | making sure your own resources are being cached for a long | time. | ogre_codes wrote: | Mozilla ran the numbers and it's not a huge penalty. | | It's just frustrating that it's one more optimization that is | getting turned off. And makes the internet just a tiny bit | worse as a result. It's like death by a thousand cuts. | na85 wrote: | >but web advertising and trackers are already responsible for a | huge chunk of performance issues already. | | Indeed. The brave move would be to firefox to include built-in | adblock, but I don't think Mozilla has the cojones. | | >Of course we'll have the inevitable guy pop in here and talk | up how awesome web tracking is because it helps sites monetize | better, but that's all bullshit. | | I think if adblocker usage became widespread we _would_ in fact | see the death of a lot of websites, but to be perfectly honest | I kinda want that to happen because advertising is cancer. | jrmann100 wrote: | Does this make Firefox's Multi-Account Containers obsolete? I | just finished setting the smart cookie-grouping extension up, but | it seems like this serves a functionally similar purpose. | WorldMaker wrote: | Multi-Account Containers remains important for managing "real" | cookies used as intended (signed in account information, for | instance). These "supercookies" are parts of the web experience | abused for tracking and at least partly orthogonal to what | Multi-Account Containers helps manage. | cyberpro007 wrote: | Doesn't NoScript do the same job? | jefftk wrote: | No. You can track users across sites with the HTTP cache | without running any JS. | neatze wrote: | I use both ublock and noscript, it was pain for a few weeks | to get use to noscript, now I don't see going back using | browser without noscript. | NelsonMinar wrote: | Perhaps you are trolling? NoScript is a giant hammer that | smashes 90% of the functioning parts of most modern web pages. | This new feature in Firefox partitions caching in a way that | mostly won't affect how a site works but will block one | nefarious tracking technique. | Pet_Ant wrote: | It takes time to tune, but I find after a month of usage I | rarely need to tweak things. The tweaking itself is eye | opening as it really makes you more aware of what is going | on. | neatze wrote: | It is just one or two clicks away to load website, it also | safer to browse internet this way, in my no expert opinion. | nixpulvis wrote: | I'm still trying to imagine the way one exploits a lack of | partitioning in the DNS cache... | | 1. It seems like client web pages cannot directly view the DNS | information for a given domain name. So I would think embedding | identifying information in something like a CNAME or TXT record | directly wouldn't work. 2. I suppose a tracker could try to | create unique records for a given domain name and then use | request/responses to/from that domain to get identifying | information. But this seems highly dependent on being able to | control the DNS propagation. Short of my ISP trying this trick on | me, I'm not really sure who else could manage. | | I'm sure I am missing things in this brief analysis. I'd love to | hear what others think about this cache. | tyingq wrote: | _" I'm still trying to imagine the way one exploits a lack of | partitioning in the DNS cache."_ | | There's a PDF here: https://www.ndss-symposium.org/wp- | content/uploads/2019/02/nd... | | Basically timing based. See | https://www.audero.it/demo/resource-timing-api-demo.html for a | demo of what's available in the browser's navigation and | resource timing API. For example, I get this on a cached | reload: | | domainLookupStart: 52.090000128373504 | | domainLookupEnd: 52.090000128373504 | | The PDF explains some enhancements that make it more reliable, | like publishing multiple A records and watching order, etc. | Also, the demo link isn't really showing what you would | do...the resource being downloaded would be marked as non- | cacheable so that you would be measuring "DNS lookup was cached | or not" instead of "Entire Asset was cached, therefore no DNS | lookup happened". | nixpulvis wrote: | It's always timing isn't it... Thanks for those links. | labawi wrote: | DNS could respond with unique IPv6 addresses and echo back on | HTTP request. | | But it's more likely they just use a large set of (sub)domains | and measure timing. | somerandomboi wrote: | I'm on Firefox right now. Does anyone Internet browse on Emacs? | paulpauper wrote: | Twitter uses these type of cookies. They even use cookies that do | not contain any reference to the twitter domain. It is how they | track people who have been suspended on the platform | xorcist wrote: | Browse twitter through nitter and all these problems go away, | and it's actually a usable interface on top. | kreddor wrote: | Nitter looks pretty cool. Didn't know about that one. Does | something like that exist for Facebook as well? | jjgreen wrote: | ... and if you use the FF extension "Privacy Redirect", then | all twitter links are redirected to nitter, which is sweet. | brokensegue wrote: | citation? | smcl wrote: | Seconded - I'm not normally the [Citation Needed] guy but | this claim deserves either an explanation or a link to an | article that gives one. If it's true it'll have a ready | audience willing to amplify it, if it's false it should | disappear | SahAssar wrote: | That's not how cookies work. See mdn which says about the | domain flag: "If omitted, defaults to the host of the current | document URL, not including subdomains.": | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Se... | sholladay wrote: | I haven't looked into Twitter's cookies specifically, but if I | understood you correctly, I think you're misinformed about what | the domain of a cookie does. It's normal to not specify the | domain because that's the only way to exclude subdomains, which | is important for security. | eznzt wrote: | I think he means that they use another domain (third-party | cookies), not that they have no domain at all | yannoninator wrote: | Will switch to firefox because of this, absolutely disgusting. | jefftk wrote: | Safari, Chrome, and Edge already partitioned the HTTP Cache | by site; Firefox was the last major browser not to. It's | great that Firefox is doing this, but it's not a | differentiator. | viseztrance wrote: | The way they phrased it, in the post implies otherwise? | | > These impacts are similar to those reported by the Chrome | team for similar cache protections they are planning to | roll out. | jefftk wrote: | See | https://developers.google.com/web/updates/2020/10/http- | cache... | | "The feature is being rolled out through late 2020. To | check whether your Chrome instance already supports it: | ..." | [deleted] | crtasm wrote: | What other domain(s) are they setting cookies on? I'm not | seeing any (but I am not logged in). | paddlesteamer wrote: | I wish there could be a way to see which root site set those | cookies. For example I wish we could see twtracker.com | supercookies are set in some iframe in twitter.com. | danbruc wrote: | How much money is a user actually worth per year on average? And | why can I not pay that amount of money and be left alone, not | seeing any ads, not being tracked, not being sold? | LeifCarrotson wrote: | Annual average revenue per (active) user (from North America) | is about $180 for Google, $150 for Facebook, and $80 for | Twitter. As you might expect, Amazon has far higher revenue per | user ($700), and Apple is about $140, but they're both more | like $30 when you only count their advertising revenue instead | of much lower-margin retail and hardware manufacturing | businesses. | | Searching for "ARPU" news will give articles with new takes | every time anyone publishes new quarterly numbers, but those | are roughly accurate. Obviously, they can be distorted to tell | whatever story you want by messing with market segmentation, | time period, and what kind of | revenue/profit/margin/expenses/capital you want to invoke, but | those are rough numbers. | | To be clear, those are first-party advertising companies, this | isn't the value of a page view to a random blog with side-roll | ads from some third-party advertisers/trackers. I have no idea | what Taboola/Outbrain chumboxes generate other than that they | both have $1B revenue and there are about 5B Internet users | worldwide, which means the average user is worth $0.20 per year | to them. And it's reasonable to assume the majority of their | revenue comes from wealthy English speaking adults, so maybe | your demographic is worth $5 or something like that. | DevKoala wrote: | I wonder if Google will follow suit. | sanxiyn wrote: | Google implemented this first. | antman wrote: | And I am stuck in an old Firefox version before they cracked down | extensions. | [deleted] | jzer0cool wrote: | Is there any movement in tech centered on security/privacy | allowing web viewing without relying on cookies and local browser | storage? | dikaio wrote: | Mozilla. | newscracker wrote: | Use uBlock Origin, Multi Account Containers, Privacy Badger, | Decentraleyes and CookieAutoDelete with Firefox. Make sure you | aggressively clear cache, cookies, etc., periodically (with | CookieAutoDelete). You'll probably load the web servers more and | also add more traffic on your network, but it will help protect | your privacy since most websites don't care about that. When | websites are user hostile, you have to take protective measures | yourself. | SamuelAdams wrote: | Or enable private browsing all the time. You'll have to log | into your accounts every time you open your browser, but that's | not really a big deal with a decent password manager. | | [1]: https://support.mozilla.org/en-US/kb/how-clear-firefox- | cache... | skeletonjelly wrote: | Can you be tracked within the private browsing mode though? | For instance in Chrome private tabs I know if you log in to | something then open a new tab, that tab retains the cookies | from the private session until you close all private tabs. Is | this the same with Firefox? I'm hesitant to install yet | another extension but I'm wondering if this one mentioned | elsewhere in this thread will fix it, if it is the case with | firefox | | https://addons.mozilla.org/en-US/firefox/addon/temporary- | con... | driverdan wrote: | You forgot NoScript. | | uBlock Origin with privacy lists negates the need for Privacy | Badger. | | Decentraleyes is neat but I've found multiple sites it breaks. | llacb47 wrote: | Why NoScript? uBlock Origin in medium or hard mode can be | used instead. | m463 wrote: | I use umatrix... as long as it lasts. | vxNsr wrote: | umatrix is built into ublock origin now, just enable advanced | mode in ublock. | m463 wrote: | thank you, that is great news! | floatingatoll wrote: | Doing this will make it trivially easy to fingerprint and track | you on the web, as the set of people who use non-defaults like | this list is 0.000001% of the total possible user space for | their area, and your IP address probably only changes rarely or | never | | A better way to protect yourself is to use a browser with | tracking protections on by default, and leave the settings | alone. You may see a few more ads but you'll be a lot less | tracked as a result. | | If personal convenience is the priority, then of course Adblock | and so on to your heart's content, but if not being tracked is | the priority, reset your browser settings to default and remove | weird addons that your neighbors don't use. | danShumway wrote: | I don't see how using containers in Firefox or auto-deleting | cookies would have any negative effect here. | | None of the cache deletion/isolation addons should inject any | Javascript into the page or alter headers in any way, so they | shouldn't be detectable to sites you visit. So in terms of | unique behavior, all that site isolation means is that you're | going to hit caches more often and be missing cookies. | | I mean, sure, a website can recognize that you don't have any | unique cross-site cookies to send them and make some | inferences based on that, but the alternative is... having a | unique cross-site cookie. So it's not like you're doing any | better in that scenario. | | I can see an argument against a few of these like | DecentralEyes, since they change which resources you fetch at | a more micro-level. But uBlock Origin and Multi Account | Containers seem like strict privacy/security improvements to | me. | | UBlock Origin especially -- if you care about privacy, you | should have that installed, because outside of very specific | scenarios your biggest threat model should be 3rd-party ad- | networks, not serverside 1st-party timing | attacks/fingerprinting. No one should be running Chrome or | Firefox without Ublock Origin installed. | floatingatoll wrote: | Auto-deleting cookies or other content in a way that | doesn't resemble Safari ITP would indicate that a device at | your IP address is constantly losing tracking cookies in an | uncommon manner, theoretically increasing your | trackability. | | Websites can only make inferences based on the absence of | unique cross-site cookies _if_ you are configuring your | browser in non-default ways. If all Firefox 85+ users are | partitioning, then any inferences drawn from that behavior | do not increase your trackability -- and it could well | decrease it, as those Firefox 85+ users will be joining the | swarm of Safari users whose browser has already done the | same sort of partitioning for a couple years. | | Multi Account Containers are an oddity, and alone they | would not be particularly distinguishable from a multi-user | computer (which, at a home residence, could be unusual; | many people don't have User Accounts on a shared device). | However, when combined with cross-container tracking | infection (such as URL parameter tags designed to survive a | transition to another container, e.g. fbclid or utm_*), | it's possible to identify that a user is using containers, | which is a very rare thing and not available by default, | thus increasing risk of being tracked. | | UBlock Origin allows far too much customization for me to | prepare any clear reply there. I imagine it is possible to | run UBO with a ruleset that only interferes with requests | to third-party adservers, without letting the first-party | know that this is occurring. I doubt, however, that a | majority of UBO users are running in such a circumspect | mode. Adblocking often requires interfering with JavaScript | in ways that are easily visible to the first-party (who has | a vested interest in preventing ad fraud). | | Fingerprinting is a known defense against fraudulent | clicks, so there's a lot to puzzle over there. But I | definitely don't like to take active steps to make myself | stand out from others. I'm annoyed that I'm tracked a | little on the web, but I'm indistinguishable from the | general pool of "users with default browser settings" | today. That's a type of protection that addons can't | provide. I'm not wholly certain what I think yet, but | happily the browsers continue advancing the front of | protection forward, so maybe by the time I decide it won't | matter anymore. YMMV. | | ps. I'm glad to see your much more nuanced consideration of | this balance, and I wish that more took your careful | approach here when recommending "privacy" setups to others. | alfalfasprout wrote: | If you live in the Bay Area chances are plenty of others do | the same thing. | rmdashrfstar wrote: | And for the rest of the globe? | surround wrote: | Every browser already has a unique fingerprint. uBlock origin | does a ton to improve privacy, it's foolish not to use it | just to avoid fingerprinting. | buzzy_hacker wrote: | Agree, but substituting multi-account containers with temporary | containers https://addons.mozilla.org/en- | US/firefox/addon/temporary-con... | infogulch wrote: | Oh nice! I've been wanting a container extension that just | works on every site by default. | mistahchris wrote: | This looks excellent. I've wanted something like this before | but wasn't aware of this extension. Thanks for sharing :) | commotionfever wrote: | temporary containers is really nice. but how can you replace | MAC with it? I tried before couldn't assign some domains to | "permanent" containers. | | eg. I'd like use temp containers all the time, except for | some sites like YouTube where I'd like it to always open in a | YouTube container | floatboth wrote: | Temporary Containers > any kind of auto-delete hacks | WC3w6pXxgGd wrote: | Why not use Brave? It has all of this, with Fingerprint | protection turned on by default. | notriddle wrote: | Because cryptocurrency is a scam. | ldiracdelta wrote: | Then don't use the cryptocurrency part.. it isn't all-or- | nothing. | mastazi wrote: | Brave doesn't have the features offered by those extensions, | it doesn't have anything equivalent to multi account | containers, it doesn't have DNS emulation (unless you install | Decentraleyes) and it doesn't auto delete cookies (you still | need to install Cookie Autodelete). The built in ad blocker | is not as advanced as uBlock Origin and that's why I | installed the latter as an extension (I turned off the built | in one). Anyway IMHO the biggest limitation currently is the | lack of containers, because it needs to be built into the | browser, there is no 3rd party extension that can give you | that. | cpeterso wrote: | Firefox's Tracking Protection blocklist blocks many known | fingerprinting scripts by default. | | Firefox also has an active fingerprinting protection mode | that spoofs the unique values returned from some JavaScript | APIs (such as locale, time zone, screen dimensions, WebGL), | but this feature flash is currently buried in about:config | because it can break websites. How to enable fingerprinting | protection anyway: | | https://support.mozilla.org/kb/firefox-protection-against- | fi... | bradly wrote: | With Brave you will still see personalized ads on some sites | which I do not want see | dazbradbury wrote: | Worth pointing out that Chrome has been partitioning cache by | domain since chrome 86 (released Oct 6th 2020). | | https://developers.google.com/web/updates/2020/10/http-cache... | | Does anyone know if these protections go further or differ | significantly? | masa331 wrote: | Thank you Firefox team | EastSmith wrote: | I have an android phone, using Brave on a Samsung flagship from 2 | years ago. | | The test at amiunique.org tells me my _User Agent_ string is | unique. | | So, can we now fix the _User Agent_ strings, please? | chrsw wrote: | I'm slowly weaning myself onto private browsing through a VPN and | the NoScript extension. | brandnamehq wrote: | Any opinions on the likelihood of upcoming changes to first party | cookies? | | Ex: www.example.com and api.example.com may both access cookies | for example.com. | waynesonfire wrote: | fanastic work, thank you. | falsaberN1 wrote: | The partitioning thing is terrible for people with slow/unstable | connections, despite the security gains. | | Is there a way to disable it? Or should I better think about | installing a caching proxy to avoid the redundant traffic? | mikl wrote: | I think you're overestimating the impact of this. Most web site | content these days are served from the web site owner's own | domain. | | It's only if a.com and b.com have (for example) the exact same | image URL (c.com/img123.jpg) embedded, and you visit both | sites, that this cache partitioning will make a difference. | | In essence, there's very little legitimate Internet traffic | that would be effected by this change, but lots and lots of | creepy spyware behaviour will be prevented. | philote wrote: | What about JS libraries or CSS hosted by a CDN? I'm thinking | jQuery, Bootstrap, etc etc. I learned that using a common CDN | was the way to go because the content would likely already be | in the user's cache and often not need to be loaded. | IshKebab wrote: | This was discussed when Chrome made this change. It makes | almost no difference because to get any saving you have to | have lots of websites that use the same CDN _and_ the same | version of jQuery etc. Unlikely enough to not matter. | mikl wrote: | Indeed, and the savings are fairly small even in the best | case, jQuery is 28kB gzipped, a drop in the ocean of the | multi-megabyte payload of most big sites these days. | tyingq wrote: | I see what you're saying. But, for example, all of the new | DNS queries for things like jQuery and Google Analytics | surely add up to something noticeable. | mikl wrote: | Statistically significant: maybe. Noticeable to humans: | almost certainly not. | falsaberN1 wrote: | On a proper internet connection, you are right, but when | that connection is unstable or capped, it's extremely | noticeable. | mminer237 wrote: | I fully agree. | | I _think_ turning `privacy.partition.network_state` off in | about:config should do allow reverting the change at least. | floatingatoll wrote: | You'd be better off installing a caching proxy, so that all | connections from all of your devices share one cache, rather | than only altering settings in one browser. | | If you're a Mac user with more than one of any kind of Apple | device on your network (like, two Macs), you can install their | Server app on any macOS and enable software update caching as | well. | jb1991 wrote: | Can anyone explain the fingerprinting issue, unrelated to | cookies. Visit any one of these many sites that show you what | your browser knows about you, it doesn't matter if using Firefox | with fingerpring blocking enabled, the site reveals a tremendous | amount of information in your fingerprint. Firefox doesn't stop | any of that, despite its settings that purport to do so. It's | always the same information, not scrambled or randomized, from | site to site. | marvinblum wrote: | Which actually makes sense. If you have a "zero-fingerprint" | browser it will become useless, because you cannot use any | advanced features other than displaying HTML. | gilrain wrote: | Brave's method of slightly randomizing the metrics gets | around that. They call it farbling. | jb1991 wrote: | What I mean is, the fingerprint that is sent to any of these | sites accurately describes my machine, and FF never attempts | to hide or scramble that information despite its anti- | fingerprint setting. | chromaton wrote: | Is this really important given that browser fingerprinting can | almost always identify a web browser? | jb1991 wrote: | I agree. Visit any one of these many sites that show you what | your browser knows about you, it doesn't matter if using | Firefox, the site reveals a tremendous amount of information in | your fingerprint. Firefox doesn't stop any of that, despite a | setting that supposedly protects you from fingerprinting. | [deleted] | Closi wrote: | Absolutely it's important - Just because one hole is still open | doesn't mean another shouldn't be closed. | | And FF and Safari should continue their work to close any | fingerprinting opportunities Fingerprinting is becoming less | effective over time - for example fingerprinting on iOS is | pretty unsuccessful. | chromaton wrote: | Yes, I agree. | | Do you have more information about how iOS is blocking | fingerprinting? | zinekeller wrote: | While it has some native anti-fingerprinting protection | (including automatically deleting third-party cookies every | week), the main deterrent is homogeneity: you can be sure | that the browser/device is Safari on iPhone 12 Pro Max... | and that's it. In other words, unlike other devices where | you can get what GPU is in the system (WebGL and Canvas), | the resolution of the screen, the list of fonts installed | by the user (indirectly, by testing them), list of webcams | and sound cards on the system (WebRTC), how many (logical) | CPU cores are there (WASM), whether the device has a | battery (Battery API), and the laundry abuse of APIs that | exists means that it is possible to individually identify | desktop users and (to a certain extent) Android users. | chromaton wrote: | I found this: | | https://9to5mac.com/2020/09/04/ad-industry-tracking/ | | "my iPhone 11 Pro was also unique among the more than 2.5 | million devices they have tested." | | Time zone is one possible fingerprint data point. | zinekeller wrote: | > Time zone is one possible fingerprint data point. | | Totally forget that. Oops. | | Now for the meat of your comment ...and how many have | tested their protections so that their testing site | recognize that your device is not unique? | | A very good counterclaim was posted in the comments: | | _I strongly disagree with your findings, Ben. Namely, | you list fingerprinting techniques available to browsers, | and fail to mention how Safari (and Firefox to some | extent) make those methods less precise. Instead, you say | | Note that this isn't a comprehensive list, it's just | examples. When a website analyses all of the data | available to it, things get very specific, very fast. | | So let me point out where you were wrong about Safari in | particular: | | * Fonts installed. Safari reports very limited subset of | fonts, which does not vary. it is the same for every | Safari users. | | * Plugins installed. Unsurprisingly, Safari lists just | one: PDF reader. Native plugins are not reported. | | * Codecs supported for video. The uniqueness checking | site reported just H.264 and FLAC. Audio format are not | reported at all. There's no mention of H.265 and VP9 | which work in my Safari beta version, and no mention of | the whole plethora of audio formats which are supported. | | * Screen resolution is not the real screen resolution. | I'm on 27'' 5K iMac and the screen is reported as 2048 x | 1152. | | * Media devices attached reported as "audioinput" and | "videoinput". It has nothing to do with the actual | available media devices. | | And incorrect reporting goes on. | | As you can see, fingerprinting through browser leaves | Safari users very poorly segregated. As long as you | running latest OS with latest version of Safari, you are | a part of a very broad chunk. You can't be identified | through browser fingerprinting along._ | | This means that the only unique data that you can get | are: a) Language settings. There is no way to work-around | this (unless you consistently lie that you solely use | English) b) Time zone. There is no way to work-around | this (unless you consistently lie that you solely use | UTC) | | These things can be predicted anyway with IP address, so | it is not perceptibly meaningful in any way. In other | words, advertisers can literally give up on detecting | when Safari are the browser and rely instead on IP | addresses (which can tie into a family (or in some IPv6 | cases) a device. | chromaton wrote: | Thanks for the response. It looks like just because the | fingerprint is _unique_ doesn 't mean that it's | _accurate_ or _stable_. | kedikedi wrote: | I've got a question; if it is ok to lie in these reports, | why do they even exist? I thought these reports were | there as a way to introduce client capabilities so that | the server can serve the right content. | | Disclaimer: This is a genuine question. I'm a hardware | guy and I don't know how web works nowadays. | chromaton wrote: | You're correct as to why they exist, but then it turns | out that this is a privacy leak. Software is hard. | danShumway wrote: | In a parallel reality: | | "Firefox 85 Cracks Down on Fingerprinting" | | "Is this really important given that supercookies can almost | always persist between sessions and across domains?" | | ---- | | If you want to fix a problem, there are going to be points | during that process where the problem is partially fixed. This | only becomes an issue if we're headed in the wrong direction, | or focusing on a sub-problem that would be better addressed in | a different way, or if we have no plans to fix the other attack | vectors. | | But the steps we'll take to attack fingerprinting are very | similar to the steps we'll take to attack supercookies, so | there's no harm in grabbing the low-hanging fruit first. | | Supercookies clearly have some value to advertisers and other | bad actors or else they wouldn't be used. There's value in | closing off that specific tracking method while we continue to | try and figure out the harder problem of how to standardize | headers, resource loading, etc... | chromaton wrote: | You're right, of course. But let's not forget that | fingerprinting exists and is going to be tough to eliminate. | rrix2 wrote: | let's also not forget that firefox has spent the last few | years aggressively investing in anti-fingerprinting tech | danShumway wrote: | People shouldn't think that this change on its own means | they can't be tracked any more, but also this change is | worth celebrating -- not all sites use fingerprinting | (yet). | | But yeah, we still have a ways to go. Small steps. | floatboth wrote: | about:config - privacy.resistFingerprinting | Jonnax wrote: | "In the case of Firefox's image cache, a tracker can create a | supercookie by "encoding" an identifier for the user in a cached | image on one website, and then "retrieving" that identifier on a | different website by embedding the same image." | | Clever. And so frustrating that optimisations need to be turned | off due to bad actors. | legym wrote: | In Javascript how are they able to retrieve something from the | cache? Local, session, and cookies are domain locked. | Gare wrote: | They load the image URL and observe the loading time. If it's | fetched quickly, they know it was from cache. The server | (controlled by the advertisers) can intentionally add delay | to those image requests that makes detection reliable. | floatboth wrote: | With some forms of caching it's much simpler: the browser | sends an ETag or If-Modified-Since and the server is | supposed to return 304 Not Modified to optimize the load if | the cached resource is still valid. | kortilla wrote: | But from JavaScript I don't think you can see that. You | just get the end result of the image being served to you. | You have to infer it from timing. | avolpe wrote: | I think that they put the user information in the image using | something like this[1]. | | [1]. https://github.com/subc/steganography | eshaan7 wrote: | As a fellow engineer, clever! As a user, damn you! | simias wrote: | Note that the root of all evil here is Javascript being opt-out | instead of opt-in (and effectively mandatory for a big chunk of | the internet these days). | | Letting any website and their friends (and the friends of their | friends) run turing complete code on the client PC probably | sounded reasonable when the web was created but it seems | incredibly naive in hindsight. It's not as bad as ActiveX and | other plugins, but it's pretty close. | masa331 wrote: | No no no. The problem isn't JavaScript or web capabilities | here. It's the companies and people who use them in evil | ways. I would rather handle that even if it's much much | harder. | xg15 wrote: | And how would you address this problem? | CogitoCogito wrote: | Regulation seems appropriate. | kortilla wrote: | Regulation as a solution for problems on the Internet is | pretty stupid because jurisdictions are so diverse. | Daho0n wrote: | So different website features per country? Or do you mean | regulation decides how a browser implements it? Either | way I don't see how that would ever work. | DavideNL wrote: | Yea... You need either a law/sanctions, or a technical | restriction that can't be circumvented. | | Hopefully both, someday :) | alentist wrote: | Yes yes yes. Luckily for us, these problems are | _technically_ solvable, no handling (?) "evil ways" (?) | needed. The latter proposal is both ill-defined and a waste | of time and resources. Better to spend those resources on | _designing more secure systems_. | fimbulvetr wrote: | Somewhat off topic but have you see all of the recent (2 | years) malware using webassembly? It's difficult to disable | in chrome, somewhat difficult to disable in firefox, and no | extensions seem to help. I'd love make it as easy to disable | as JS. | ghayes wrote: | I'm curious how bad disabling this caching feature would be. | Specifically, how often do you load the same image on two | different domains? | callmeal wrote: | Instead of thinking "same image on different domains, think | "hidden uniquely-named single pixel image". | kortilla wrote: | That's the same thing. In order for that tracking method to | work, this uniquely named pixel has to be loaded while | visiting multiple sites. So it ends up being multiple | domains referencing the same image from some tracker | resource. | SwiftyBug wrote: | Good question. I'd guess that the chance of that happening is | very small. But if that optimization exists maybe it's not | that uncommon? | greycol wrote: | The most common example I could think of (other than | trackers) would be aggregator sites. If the aggregator shows | an image that was originally from a destination article or if | comments link to a source for some content. | avodonosov wrote: | We need to acknowledge also that recognising the user as he moves | across pages and domains is sometimes needed to provide valuable | services to the user. | | Therefore, I believe, browsers have to provide a volunteer | "tracking" functionality - when a web page reqests 3rd party | cookies, a popup is shown to the user with the cookie values, | description (as set by the owning domain), the list of domains | already permitted to access the cookies and their privacy policy | links, and options Allow Once, Allow, Deny Once, Deny. | | So instead of fighting each other, service and the user had a | chance to cooperate. Service only needs to describe the need | clear enough. | bryanmgreen wrote: | Does this mean I don't need to permanently browse with Incognito | now? | | Using uBlock, Privacy Badger, Decentraleyes currently. | option_greek wrote: | Not if you plan on using Google search. They discourage such | 'behaviour' by throwing captchas at you after a set amount of | time. | peterpost2 wrote: | How is that even legal | dang wrote: | We detached this subthread from | https://news.ycombinator.com/item?id=25917326. | minikites wrote: | Because enough people think making laws restricting companies | in any way prevents "innovation". Corporations should be able | to do whatever they want because if they were truly bad, they | would just go out of business, right? It's the worldview of a | third grader. | fcantournet wrote: | I don't know why your getting downvoted, this is clearly the | dominating ideology of Silicon Valley. | [deleted] | awefasdfasdf wrote: | Read 'The age of surveillance capitalism'. Engineers should | understand the business models they create. | minikites wrote: | Engineers don't respect any subject outside of STEM, | education like this would fall on deaf ears. | tolbish wrote: | That's not true; they respect the sciences. But only | sufficiently "hard" ones like chemistry and biology. | yakubin wrote: | You seem to think that the meaning of "STEM" includes | anything that anyone applied the word "science" to. But | no, the "science" part is precisely the "hard" sciences. | E.g. psychology, economics and theology aren't included | in STEM. | tolbish wrote: | I thought it was STEM instead of HSTEM. Silly me. | | Sarcasm aside, not all natural sciences are treated | equally. There are differing attitudes towards astronomy, | oceanography, and climatology, for example. | yannoninator wrote: | science is STEM no? | tolbish wrote: | But not all sciences are respected. | eulers_secret wrote: | I understand this knee-jerk reaction, but please don't | judge engineers by what they post on HN. This place is... | odd. (as I'm sure you know!) | | If I formed my opinion only from HN, I'd think most | engineers love: big-tech, advertising, electric cars, | Apple, tech-enabled tracking (autos, web, cell-phone, | watches, exercise machines, music players - it's ok if | business profits!), and tend toward self-righteousness, | narcissism, and virtue-signalling. | | Of course, most of us are just living our lives and trying | to get by. I don't know where this self-important | insufferable attitude comes from, but I suspect it's a few | folks who are very noisy. Most 'normal' people don't spend | much time posting to sites like these, so there is a | selection bias. Sadly, I also suspect that this attitude is | an advantage in today's environment. It is a mirage of | self-confidence, and telling the two apart can be very hard | (especially for a potential employer). | etiam wrote: | There are plenty of categories of human for which this | community would not stand for an overly broad, coarse | generalization like that. | | Personally I'm not even convinced your claim is effective | as a prejudice. What I'll concede is many engineers I've | met seem to be harsher than average on pseudoscience och | some varieties of manipulative lies, but that's to be | expected as they have distinguishing knowledge for such | things to clash with. | awefasdfasdf wrote: | They seem to respect their inflated salaries. | shrimp_emoji wrote: | In America, what else is there? :3 | [deleted] | call_me_dana wrote: | Hi! Systems engineer for two decades now. I have a deep | respect for philosophy, natural medicine, photography and | the environment. I suspect many other engineers would have | interests outside of their profession. | Teever wrote: | I know, right? | | Like if I were to be caught doing this to a random woman it | would be appropriately labelled 'stalking' yet when a company | does it they potentially have a patentable marketing technique | on their hands or something. | minikites wrote: | It's good when a company does it because they create value in | the economy. It's only bad when a person does it because no | value is created. | agnosticmantis wrote: | I wonder how many downvoted you because they understood the | sarcasm but they agreed with the non-sarcastic | interpretation of it. | Tarsul wrote: | don't know if you're sarcastic. However, just because a | company makes money, doesn't mean value is created. Like | when you win in poker against someone, you're making money | but not creating value. | _-david-_ wrote: | I am not who you were responding to, but I think playing | poker would create entertainment (even for the loser) | which could be considered something of value. | howlin wrote: | I mostly agree with your point, but it has to be said | that poker players are creating entertainment value for | each other. Even if the cash portion of the game is zero | or even negative sum. | ghostDancer wrote: | You forgot the /s. This is HN here you find people that can | take that seriously and agree. | numpad0 wrote: | IMO the /s requirement applies anywhere. Sarcasm is dead, | literal expressions are literally interpreted literally | since 2018 and on. | afiori wrote: | Sarcasm only works if it can succesfully comunicate that | it is sarcasm; be it body language, face expression, | absurdity, or memeing. On the internet you are a random | faceless stranger to me, so how can I distinguish sarcasm | other than guessing? | | If the priors were the other way then people would | complain that nobody takes anyone seriously. | hinkley wrote: | Poe's Law was named in 2005. Which was interesting news | to all of us on Usenet for whom this phenomenon was | already known before Eternal September or Green Cards | stole the show. | | Sarcasm was already dead before "spam" meant ads instead | of scrolling a forum or chat window by repeating yourself | (exactly like the Monty Python sketch it alluded to). | [deleted] | zwirbl wrote: | In values we trust. Shareholder value that is | numpad0 wrote: | nothing is illegal if no one understands a thing | notriddle wrote: | > It is how they track people who have been suspended on the | platform | | That sounds like a legitimate interest to me. | mirekrusin wrote: | Really? Chrome wants to protect against tracking? Isn't that | their business model? | EGreg wrote: | Serious question: | https://stackoverflow.com/questions/65904903/will-third-part... | | EDIT: why the downvotes? | fsflover wrote: | You can already do it in the preferences of Firefox. It can | break some websites though. | [deleted] ___________________________________________________________________ (page generated 2021-01-26 23:00 UTC)