Did you know? Despite claiming to block all cross-site cookies out of the box, Firefox automatically allows Google to use them in your browser should you log in to one of their services.

The browser only lets you know about this once it happens, and it’s on you to notice the permissions icon appearing in the URL bar. There is a link to a paragraph on a help page explaining this behaviour, but it seemingly goes unmentioned pretty much everywhere else on the internet.

This surprised me, especially considering Firefox’s stance on privacy. I was even more surprised that this is done without consent. If this is for usability, Firefox should at least warn the user before this happens.

  • AllNewTypeFace@leminal.space
    link
    fedilink
    arrow-up
    17
    ·
    5 months ago

    If you access Google sites only in a special Firefox container, that still isolates your Google cookies from the rest of your tabs? Or does it just add a “you don’t get this from me” flag when it gives Google your user cookie, so it can pretend to not recognise you as it adds your web-browsing history to your ad-targeting profile (flagged appropriately as to keep it deniable, of course)?

    • masterofn001@lemmy.ca
      link
      fedilink
      arrow-up
      10
      ·
      5 months ago

      Yes.
      I have a google container for one account.
      If I open a google site in another container it will be as if the account didn’t exist.
      The containers are all partitioned.
      You can also partition off the cookie/storage per site by proxy used (in about:config).
      So, you could create a container for google account 1 using proxy 1 and another container for google account 2 using proxy 2 and they will never have access to the data stored by either.

      • ngwoo@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        Out of curiosity, do you know if these containers also obfuscate browser and device fingerprinting? Separating cookies is important but unless it also blocks fingerprinters (in a different way for each container) the site will instantly know the same person is using both accounts.

        • masterofn001@lemmy.ca
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          4 months ago

          FF doesn’t really enable full fingerprint resistance by default. But it can.

          These settings are some of what I usually use. All fingerprint values (that are able to be are randomised on every reload of a page.

          Set secutity setting to custom, select known AND suspected fingerprinting > select from dropdown ‘In ALL tabs’

          Also: Because it’s of no value / use to me, and (IMHO) a giant gaping privacy and security issue, I also disable webgl and webrtc, and navigator completely in about:config

          Set the following:

          WebGL webgl.disabled true
          WebGL2 webgl.enable-webgl2 false
          WebRTC media.peerconnection.enabled false
          Navigator media.navigator.enabled false
          RFP privacy.resistFingerprinting true

          RFP options like bounce protection etc can also be enabled in config.

          Check fingerprints on browserleaks.com, coveryourtracks.EFF.org, etc

          Should be 100% unique fingerprint every time.

    • refalo@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      5 months ago

      I think the “rest of your tabs” would have to be sites that already include google js (e.g. for “sign in with google” type stuff) to even know you have a google cookie (otherwise what’s the point of FPI/ETP/TCP/network partitioning/no-3rd-party-cookies/etc.), but I could be wrong.