Did you know? Despite claiming to block all cross-site cookies out of the box, Firefox automatically allows Google to use them in your browser should you log in to one of their services.

The browser only lets you know about this once it happens, and it’s on you to notice the permissions icon appearing in the URL bar. There is a link to a paragraph on a help page explaining this behaviour, but it seemingly goes unmentioned pretty much everywhere else on the internet.

This surprised me, especially considering Firefox’s stance on privacy. I was even more surprised that this is done without consent. If this is for usability, Firefox should at least warn the user before this happens.

  • Broken_Monitor@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    So google is a privacy nightmare. Google pays firefox. There’s not a lot more dots to connect here. How is anyone surprised at things like this?

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      I don’t know why you’re getting downvotes.

      All of the incentives line up. That’s why you always examine incentives.

      • Broken_Monitor@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        Not sure. It’s unverified speculation. People are weirdly attached to software these days. My answer to problems like these is to find something else. Tor seems decent.

  • RamdomSlaphead@feddit.uk
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    Take it you didn’t click “learn more”?

    To sign into YouTube, you need to sign into Google.Com. that’s the cross site script. Nothing scary, or unexpected.

    • candyman337@sh.itjust.works
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      What’s with the influx of anti Firefox posts here? Really weird. Especially since yes everything is in their learn more stuff.

      • IAmNotACat@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        It is a bit odd that there’s an influx of anti Firefox and AMD stuff after Google and Intel were in the news for major things.

      • just_another_person@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        People have been up in arms for every new “flavor of the month” browser that boasts better security, or some new privacy thing, and Firefox not offering it. Also, the freakout about Mozilla enabling “ad-tracking” was wildly misunderstood and overblown by the privacy nuts, but started a slew of these “WELLFFDIDTHISTHINGBLETRRGGHWAAAHHHHHHH”

        It’s all overblown in my opinion.

        • jet@hackertalks.com
          link
          fedilink
          English
          arrow-up
          0
          ·
          3 months ago

          If you’ve lost your entire user base except the privacy nuts, you should be very careful about your messaging because they’re your only demographic left.

          • just_another_person@lemmy.world
            link
            fedilink
            arrow-up
            0
            ·
            3 months ago

            It’s not clear who you are referring to. Privacy nuts seem to hate every browser that exists at the moment. I even see people pissed an Librewolf for one thing or another.

            Fact of the matter is that the browser is less the problem, and the contents they consume are, yet people are unwilling to just stop interacting with the sites that cause their concerns. There’s no way to win with everyone.

  • AllNewTypeFace@leminal.space
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    If you access Google sites only in a special Firefox container, that still isolates your Google cookies from the rest of your tabs? Or does it just add a “you don’t get this from me” flag when it gives Google your user cookie, so it can pretend to not recognise you as it adds your web-browsing history to your ad-targeting profile (flagged appropriately as to keep it deniable, of course)?

    • masterofn001@lemmy.ca
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      Yes.
      I have a google container for one account.
      If I open a google site in another container it will be as if the account didn’t exist.
      The containers are all partitioned.
      You can also partition off the cookie/storage per site by proxy used (in about:config).
      So, you could create a container for google account 1 using proxy 1 and another container for google account 2 using proxy 2 and they will never have access to the data stored by either.

      • ngwoo@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        Out of curiosity, do you know if these containers also obfuscate browser and device fingerprinting? Separating cookies is important but unless it also blocks fingerprinters (in a different way for each container) the site will instantly know the same person is using both accounts.

  • DirkMcCallahan@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    Is it sufficient to set the Enhanced Tracking Protection to “Strict” (which claims to block cross-site cookies in all windows), or is there something else you have to do?