this post was submitted on 28 Aug 2024

2297 points (99.3% liked)

Technology

61203 readers

3079 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

[email protected]

2297

Firefox rolls out Total Cookie Protection by default to all desktop users worldwide | It is Firefox’s strongest privacy protection to date, confining cookies to the site where they were created (blog.mozilla.org)

submitted 5 months ago by [email protected] to c/[email protected]

227 comments fedilink hide all child comments

(page 3) 50 comments

sorted by: hot top controversial new old

[–] [email protected] 31 points 5 months ago (1 children)

Is this different from blocking 3rd party cookies?

load more comments (1 replies)

[–] [email protected] 82 points 5 months ago (12 children)

Aren’t cookies already limited to the site at which they were created??

What the fuck? You mean to tell me sites have been sharing cookies?

I thought all browsers only delivered cookies back to the same site.

[–] [email protected] 19 points 5 months ago

NO.

https://en.m.wikipedia.org/wiki/Third-party_cookies

Maybe it's not allowed in your local jurisdiction? But it's been a problem since forever.

[–] [email protected] 157 points 5 months ago (3 children)

The problem is that a website is generally not served from one domain.

Put a Facebook like button on your website, it's loaded directly from Facebook servers. Now they can put a cookie on your computer with an identifier.

Now every site you visit with a Facebook like button, they know it was you. They can watch you as you move around the web.

Google does this at a larger scale. Every site with Google ads on it. Every site using Google analytics. Every site that embeds a Google map. They can stick a cookie in and know you were there.

[–] [email protected] 37 points 5 months ago (1 children)

Is this also how they know which ads to feed you?

[–] [email protected] 59 points 5 months ago

Yes, it's the reason for the tracking. To sell more targeted ads.

If you're up for reading some shennanigans, check out the book Mindf*ck. It's about the Cambridge Analytica scandal, written by a whistleblower, and details election manipulation using data collected from Facebook and other public or purchased data.

[–] [email protected] 17 points 5 months ago* (last edited 5 months ago) (1 children)

Put a Facebook like button on your website, it's loaded directly from Facebook servers. Now they can put a cookie on your computer with an identifier.

Which is not allowed by GDPR btw, because they do that even if you don't click them. There are plenty guides online, how to create your own, not tracking, facebook like button.

[–] [email protected] 5 points 5 months ago (1 children)

How does GDPR fit in to Google Analytics and personalised ads?

I would have thought it went something like: random identifier: not linked to personal info, just a collection of browsing history for an unidentified person, not under GDPR as not personal info.

Link to account: let them request deletion (or more specifically, delinking the info from your account is what Facebook lets you do), GDPR compliant.

Both Google and Facebook run analytics software that tracks users. I presume letting people request deletion once it's personally linked to them is probably what let's them do it? But I don't live in a GDPR country, so I don't know a whole lot about it.

[–] [email protected] 5 points 5 months ago

No, it should've been opt-in. But loophole with "vital interest" and politics being slow and surface-level like politics.

[–] [email protected] 7 points 5 months ago (1 children)

Is that because the like button is an iframe?

[–] [email protected] 43 points 5 months ago (3 children)

It doesn't have to be. Your browser sends the cookies for a domain with every request to that domain. So you have a website example.com, that embeds a Facebook like button from Facebook.com.

When your browser downloads the page, it requests the different pieces of the page. It requests the main page from example.com, your browser sends any example.com cookies with the request.

Your browser needs the javascript, it sends the cookie in the request to get the JavaScript file. It needs the like button, it sends a request off to Facebook.com and sends the Facebook.com cookies with it.

Note that the request to example.com doesn't send the cookies for Facebook.com, and the request to Facebook.com doesn't send the cookie for example.com to Facebook. However, it does tell Facebook.com that the request for the like button came from example.com.

Facebook puts an identifier in the cookie, and any request to Facebook sends that cookie and the site it was loaded on.

So you log in to Facebook, it puts an identifier in your cookies. Now whenever you go to other sites with a Facebook like button (or the Facebook analytics stuff), Facebook links that with your profile.

Not logged in? Facebook sets an identifier to track you anyway, and links it up when you make an account or log in.