[HN Gopher] When it comes to privacy, default settings matter (2...
___________________________________________________________________
When it comes to privacy, default settings matter (2019)
Author : ddtaylor
Score : 47 points
Date : 2022-06-03 19:00 UTC (4 hours ago)
(HTM) web link (blog.mozilla.org)
(TXT) w3m dump (blog.mozilla.org)
| dang wrote:
| Discussed at the time:
|
| _When it comes to privacy, default settings matter_ -
| https://news.ycombinator.com/item?id=20095856 - June 2019 (127
| comments)
| badrabbit wrote:
| When it comes to privacy UX matters. Modern apps should ask new
| users what type of experience they prefer before setting
| defaults.
| jjoonathan wrote:
| Modern platforms should always keep a banhammer nearby to
| quickly and severely punish malicious behavior from apps.
|
| I wish there was a platform that combined the app containment
| prowess of Apple platforms with the spam containment prowess of
| Google platforms.
| grishka wrote:
| I very much oppose there being "platforms" with gatekeepers
| in the first place. The countermeasures to privacy-violating
| apps should be technical, not organizational. Sandbox all
| apps, don't give them anything that could be used to uniquely
| identify the user across apps. Require user consent for
| everything potentially sensitive, including internet access.
| Give the user the ability to grant fake permissions to apps
| -- for example, a fake location permission where the system
| says "yes it's granted" but never returns any location data,
| "searching" for GPS indefinitely.
| Zak wrote:
| Before Android had finer-grained permissions[0], I used
| Xposed, a framework that allowed deep modifications to the
| OS and apps, and a permissions management tool called
| Xprivacy. It provided the kind of features you're
| describing, including fake locations that apps could not
| detect. Yes, Facebook, you can access my location. I'm in
| Pyongyang, North Korea.
|
| Successors to Xposed and Xprivacy exist, but I have not
| used them. It may be time to revisit that.
|
| [0] Many people, including me are still not satisfied with
| Android's permissions.
| grishka wrote:
| Which is why third-party cookies are to this day enabled by
| default in every single browser...
| more_corn wrote:
| And things like google drive don't work without them enabled.
| grishka wrote:
| Except these things don't have to rely on them. It's
| absolutely possible to build a portal-style website, spanning
| multiple different-level domains, without third-party
| cookies.
|
| It really is unfortunate that the most popular browser is
| made by the same company that controls the most popular
| search engine, the most popular video sharing service, the
| most popular email provider, and the most popular cloud
| storage/collaboration service. This should not be legal.
| hackernewds wrote:
| I'd rather have Google do this than go to multiple
| different disjoint sites. imagine without Google search,
| you go to Pinterest for wedding ideas, stackoverflow for
| questions, then target for a toaster oven, etc
| selykg wrote:
| Is that true for Safari? I think the "Prevent cross-site
| tracking" option is enabled by default, which deletes cookies
| unless they're from the site you're actually visiting.
| jaharios wrote:
| A bit ironic when your default search engine is Google, leading
| users to the dragon mouth by default.
|
| Also when most if not all telemetry from mozilla firefox is opt
| out.
|
| Including stuff like phoning home by default when you search,
| bookmarking something, delete anything from your history[1] and
| having a unique download token to track each install.[2]
|
| [1] https://spyware.neocities.org/articles/firefox.html [2]
| https://www.ghacks.net/2022/03/17/each-firefox-download-has-...
| Schinken_ wrote:
| This, from what I gathered the Librewolf fork is way better at
| this: https://librewolf.net/
| LeoPanthera wrote:
| Interesting counter-example though. The aggressive default
| settings of LibreWolf do break quite a few websites.
| bloppe wrote:
| Mozilla gets the majority of their revenue from Google paying
| them to keep their search engine as the default. I'm OK with
| this: the search engine is visible every time you use it, so
| it's impossible to "forget" to change it if you care about
| privacy, and the setting is relatively easy to find and change.
| Also, without this funding, Firefox would likely not exist.
| It's the price we pay for a good, free browser.
|
| Of course, many have postulated that Google's motivation to pay
| Mozilla all that money is actually to ensure that Mozilla
| remains in business, rather than to directly increase Google's
| own revenue with the added search traffic. By keeping Mozilla
| in business, Google can more convincingly argue that they do
| not have a monopoly on browsers. It may be the case that
| without this argument, Chrome could be subject to regulations
| that could benefit consumer privacy, but after watching all the
| recent congressional hearings involving big tech companies, I
| have very little faith in that happening any time soon. It's
| better to keep Mozilla around for now, and the only way to do
| that without turning Mozilla into another Google is for Google
| to essentially subsidize them.
| Melatonic wrote:
| I think it is pretty well accepted that they fund Firefox
| just to avoid being a monopoly with Chrome. The other stuff
| is just icing on the cake
| [deleted]
| throwaway0x7E6 wrote:
| >https://www.ghacks.net/2022/03/17/each-firefox-download-
| has-...
|
| that was the straw that broke the camel's back for me
|
| at this point, I'd prefer chromium singularity to this circus.
| there's no difference. at least that would be one less browser
| to support
| hackernewds wrote:
| Chromium is open source but also principally developed and
| maintained by Google
| Snuupy wrote:
| What about the default setting to have Pocket forced down my
| throat, an inability to install custom/self-made extensions
| (permanently, not temporarily), and an inability to install any
| extension outside of the default mozilla provided one on mobile
| (besides fenix nightly)?
|
| Good thing librewolf/iceraven exist.
| Zak wrote:
| They really did ruin extensions on Android and have shown zero
| interest in fixing it in the past couple years.
|
| Iceraven helps a bit, but there's virtually no incentive for
| someone to develop an extension for Fenix now. The pool of
| potential users would be small enough for Firefox itself, but
| its vastly smaller for Iceraven. I've been using Kiwi most of
| the time as it can use just about every extension available for
| desktop Chromium.
| entropicgravity wrote:
| Yes for example Android setting Location to "on" and then hiding
| the setting at the end of half a dozen drill downs. And then,
| every now and then on a new update, suddenly and without
| notification, Location has been reset to "on".
| de6u99er wrote:
| Android is applying tons of dark patterns. It's almost like the
| OS was created by Facebook and not Google.
| seabrookmx wrote:
| Implying that they're that different? Imagine a world where
| Google+ took off.
___________________________________________________________________
(page generated 2022-06-03 23:00 UTC)