Chrome is patching a bug that lets sites detect and block private browsing mode, declares war on incognito-blocking

“Other people don’t get to track incognito users! Only we can do that!”
-Google, probably


you are not the only one.

i appreciate that it exists for sure. it just should be more accessible out of the box. they’re attempting to be the “privacy browser” and soiling profiles it’s part of that ( or should be )

It has less built-in spying capability and Mozilla is half-ethical, and being a non-profit doesn’t have the same incentives as competitors to ignore your wishes to not be monitored.

You mean all forks, since it’s FF is an open source project and forking isn’t in any way restricted?

It’s just a reference to Futurama. Lighten up a little.

There’s a number of extensions for chrome and firefox that appear to have been infiltrated with spyware recently, although it appears that they’re running on the current addons platforms instead of legacy. Goes to show that addons are a huge attack surface that get neglected. I’d reason that doing things to secure addons is better than doing things to make your browser able to run older, unmaintained addons.

That’s not a reason to use other browsers. That’s not a reason to forgo new security measures in favor of running old stuff that’s no longer maintained.


On that note, can anyone recommend an advanced cookie-manager for Firefox that allows you to accept cookies from soft paywall sites, but delete them when the browser closes?

Count me as another vote for Cookie AutoDelete. It does exactly what you want for cookies and some forms of storage that can be (mis)used for “supercookies.”

Note, however, that CAD alone isn’t enough. Firefox’s premature switch to the webextensions API left it without an API call to clean indexeddb on a per-site basis. The author of CAD is aware of this and waiting impatiently for Firefox to implement the needed API call. In the meantime, you can use StorageRazor to nuke the entirety of indexeddb on Firefox startup.

I’d also recommend:

  • uMatrix (this is the single most important piece of security/privacy protecting code in existence)
  • uBlock Origin (to work in tandem with uMatrix, disable lists in uBlock that uMatrix is blocking anyway)
  • CanvasBlocker
  • Decentraleyes
  • History AutoDelete
  • Https Everywhere
  • Smart Referrer

(Also, please stop it with the flogging of insecure shovelware.)


Not the extensions, but how about the browser installer itself being infested with malware? (News story from a week and a half ago)

1 Like

That breach occurred at a hosting provider they were using to host archived versions of the browser. It has nothing to do with extensions or the flavor of the browser.

Firefox containers are like lightweight profiles and much easier to use. There’s also the great Facebook container add-on that automatically segregates all Facebook urls into a separate container, while also blocking all of its cookies.

It doesn’t quite do everything that separate profiles can do, but it’s much easier to set up.


thank you! this looks like exactly what i was looking for

1 Like

It’s the malevolent renaissance of the much beloved “To use this site you need Internet Explorer 3 and a resolution of 800x600 pixels”.
And why TF does a browser provide a filesystem API? To allow anyone else to remotely access your file system? I thought that was what a browser was never to be allowed to do.

1 Like

I am with you mostly. But I’d never leave home without NoScript.

uMatrix replaces all of the noScript functionality I care about.

For you. You, however, quite simply do not define others’ priorities and/or necessities.

Pale Moon is, for the most part, more secure than Firefox, largely due to extensive DiD (“Defense in Depth”) work by the devs. You may believe or disbelieve this as you wish, but I recommend you go to Pale Moon’s site and do a little research first.

Is Pale Moon perfect? No, not by a long shot. Does it, however, do some things far better than Firefox or Chrome? Yup! The only reason I went back to Firefox, was because I was essentially forced to by Prime Video (among a few other sites) which claims Pale Moon doesn’t work. If you spoof the useragent it works just fine, but they keep adding countermeasures vs. exactly that ^^’.

“New”<>“superior”, sorry, not even close, and furthermore, Pale Moon IS NOT stagnant; it’s still under continuous development. I think you need to reassess that reflexive snobbery a bit.

A simple way to extend paywall limits is just to switch to another browser. I have 4 on my desktop: Chrome, Firefox, Edge and IE. I use Chrome mostly but it is easy to bring up a different one if there is a paywall limit (there are certainly other ways to deal with this but I’m lazy).

Example 15. A Video/Photo Upload App. User is able to select large files for upload, which can then be “chunk-transfered” to the server.

also mentioned in other spots are log files, games, automatic backup of selected files and folders, and offline web apps like reading downloaded email.

1 Like

Google declaring war on incognito-blocking is a little like Napoleon declaring war on imperialism, but I guess it’s nice of them to help fix the mess they helped make.


I’d add to the list EFF’s Privacy Badger. That does a great job managing cookies on per-site basis (though doesn’t do what Cory is asking for, specifically.)


Hell. I knew there was a reason why I haven’t been checking the w3c specs for a while. All right then, I guess HTML-parsers will also need a water-line API (to do the dirty laundry and dishes) and a dog-food API soon. Not too forget an anal-probe API, because really everything needs to be “in the cloud”.

1 Like

If you are going to use containers, I recommend:

I have some containers for known sites that I always visit and the temporary containers extension catch all the others on new containers which are nuked as the last tab is closed.
It is great for random and non-trusted sites, while it does not leave a container with all of those sites together.


This topic was automatically closed after 5 days. New replies are no longer allowed.