Chrome is patching a bug that lets sites detect and block private browsing mode, declares war on incognito-blocking

Originally published at: https://boingboing.net/2019/07/20/cookie-managers-r-us.html

8 Likes

At least the WaPo catches Firefox, period. I ran the experiment of installing FF totally out of the box (OK, compiler) and without any privacy add-ons and with all of the privacy settings turned off. WaPo still blocked me for running “private mode,” Probably because FireFox doesn’t have the Filesystem API to begin with.

Self-Destructing Cookies can be set to whiff cookies when the tab closes, which isn’t bad. However, what I do is a Firefox-only trick: I have browser profiles for each of my activities (general browsing, business, system administration, video, academics) and I’ve added one specifically for amnesia. It has absolutely no privacy settings whatever, and in return isn’t trusted with anything at all. At the end of each session I just give it a nice complete mindwipe.

For those who have never used profiles, they operate in separate tasks and separate disk trees. No shared cache, no shared bookmarks, etc. but you can run them concurrently and cut and paste from one session to another.

I’ll note that it’s also amazingly fast right up until it runs into one of the countless sites that load up more scripts which call other scripts which call other scripts and all of them sit spinning around waiting for someone or something or a mouse movement or a clock tick. Runs my CPU utilization on a 4GHz 8 core 64 GByte workstation to over 50% just sitting there.

Which, in case anyone is paying attention, is why I use NoScript. It at least lets me blacklist CPU hogs.

9 Likes

I need this too

5 Likes

That said, even if you routinely jump over paywalls you should also support sites you find valuable, at a level you are (financially/morally) comfortable with. I subscribe to New York Times as my primary journalism source.

I also sometimes read from but don’t subscribe to the Washington Post (Alexandra Petri!!!), LA Times, The Guardian, whatever I see links to, etc. but I don’t have subscriptions to them.

Polonius mode can cause hypocrisy awareness, so I just went over and dropped some bucks on


which is the main aggregator of aggravation I visit. They don’t have a paywall.

1 Like

I keep meaning to sign up for more and support journalism/the press but so far only the NYT.

I wonder what news organizations other BB’s find worth supporting with their hard earned $?

Just use the Brave browser. It even has Tor mode.

1 Like

After Firefox updates killed too many of the extensions I like, I switched to Pale Moon – it’s a Firefox/Mozilla fork that’s much friendlier to power users who like to customize things. (I still have Firefox around for the rare sites that have trouble with Pale Moon.)

Among the Pale Moon extensions are a several for privacy/cookie-management; I use “Cookie Permissions Button,” which adds things like 3rd-party-cookie blocking.

WaPo just doesn’t like FOSS hippies like you!
/snark
:stuck_out_tongue_winking_eye:

2 Likes

Thanks! Some of these are new to me!

they’re such a pain of firefox. they really need a way to launch new profiles from within the browser. creating os shortcuts is not the bob omb. ( about:config is equally terrible )

I just edited the menu’s launch for Firefox to invoke the profile manager. Took seconds: In the main menu, select “Panel Preferences” from there the “Items tab”, select the first “Launcher” (which is Firefox), and then “Edit” twice. Under “Command,” change the command line to:

nice -n 10 firefox --new-instance --ProfileManager

Save it all you’re good.

2 Likes

yeah, me too. only, the launcher’s not the nicest interface, and i find, on my mac at least, if you click on a profile that’s already got a running instance you get annoying modal popups about “firefox is already running.”

firefox wants to be mainstream. they just haven’t figured it all out yet

Palemoon doesn’t get official security patches. No thanks.

2 Likes

The setting that will be changing is already available in flags:

chrome://flags/#enable-filesystem-in-incognito

I really can’t speak WRT apple stuff. Ten minutes in with their user interfaces and I’m ready to throw them across the room. I do know that FF on 'nix boxes is easy to invoke and lighting up the profile manager is just a command-line switch that you can set in the menu editor with a couple of keystrokes.

On top of that, “plugins” and “extensions” have one of the worst security models in the industry, so people who self-identify as chocoholics, but for plugins, are generally opting in to nightmare mode security wise :scream:

1 Like

For iOS I recommend and use 1BlockerX. It’s not free but it is really powerful and works great. I can use it to block many trackers and soft paywalls.

2 Likes

Yep. As I understand it, a lot of addons used really insecure features. When Mozilla updated FF to forbid unsigned extensions and started depreciating insecure APIs these extensions broke. There were several I really liked that stopped working, like FlashGot and DownThemAll. But I figured out workarounds to keep my browser secure and up to date.

The waterfox and palemoon guys were all “we’ll make our own browser with flapjacks and hookers” and reverted a lot of the security changes to allow insecure addons to work again. Sounds a bit like taking the saftey bars off a Rollercoaster because they got in the way of standing up on the inversions.

2 Likes

If you’re determined to stick with the Mozilla-security-blanket browser at all costs that’s fine, but describing legitimate forks as being made with “flapjacks and hookers” is unnecessarily disparaging. Can you point to any real instances of breaches coming from extensions on the Pale Moon site?

Firefox’s usage share has gone down the toilet in last few years, I think in no small part because of what they did to the extensions and the ability to customize it. That used to be a selling point.

1 Like

On that note, can anyone recommend an advanced cookie-manager for Firefox that allows you to accept cookies from soft paywall sites, but delete them when the browser closes.

Or you could, you know, just pay for the journalism.

2 Likes