This business of using full HTTP requests with full cookies to domains that are secondary to the site I'm visiting needs to end. When I go to Foo.com, the browser does not need to send all my cookies and info to bar.com, even if we're fetching resources to display on Foo.com. Bar.com in this case is acting as a dumb file server, it doesn't need cookies.
Yes, this would make single-sign-on harder, but it would make it explicit and be worth the trouble so that when the user is talking to A, they're not being tracked by A's friends B, C, and D.
Of course, the big problem: the best browser is owned by the advertiser who stands to lose under such an arrangement. So at best you'd need Safari or IE to spearhead such a change. You can ape it with browser extensions, but without a big browser maker pushing for this kind of shift some sites would just break under such a model (particularly single-sign-on services like Gmail and Facebook).
> This business of using full HTTP requests with full cookies to domains that are secondary to the site I'm visiting needs to end. When I go to Foo.com, the browser does not need to send all my cookies and info to bar.com, even if we're fetching resources to display on Foo.com. Bar.com in this case is acting as a dumb file server, it doesn't need cookies.
Many third-party services (not just ads and tracking) currently rely on this behavior. That's not trivial to retract.
I have switched to explicit cookie whitelisting, and a browser cache that automatically wipes at application quit. I'm sure I can probably still be fingerprinted somehow, but I hope I have reduced the low-hanging fruit.
Fonts strike me as particular low-hanging fruit, especially when targeting developers (who often like to customize everything - and fonts high on the list).
In the context of a browser, how much does anything else matter if you have installed some particular programming font?
Well I have switched to offline Stackoverflow, Wikipedia and Khan academy, all my media from no js torrent site and all news sites blocked with stay focused. Lets see you beat that :p
How is one supposed to browse these files once un-zipped? I will be honest and admit I am ignorant to XML and had trouble finding a solution after some quick googling. Any help would be appreciated.
Cool thanks for the reply. If you find something better and get a chance, let me know, I'd be very appreciative. I'll take a look this evening and let you know if I find anything.
Because Firefox no longer has the market share it once did and is not in a position to drive web standards like IE, Chrome, and Safari. If Apple decided to kill cookies for secondary requests, they would be dead just like Flash died.
I didn't mention Chrome because Google is an advertising company that benefits from cookie tracking and so I expect them to look out for their own interests.
This really isn't my area of expertise. Can you provide a link to what you're talking about? AFAIK, if you have third-party cookies set to "never", Facebook sees exactly the same (lack of) cookies no matter where I click on a like button outside of Facebook.com itself. So, if Firefox does what you say, I still don't see what it has to do with the third-party cookie option gcp pointed to.
Also, in trying to figure out exactly what feature you're talking about, I've come across quite a lot of sources that suggest that Safari has similar or more strict default settings than Firefox regarding third-party cookies.
It's part of the container tabs concept, but automatically putting each first-level origin (what you see in the URL bar) into its own container. This is atm only an about:config option in Nightly.
So how do you use this with systems that need it - can you log into the site for this "container"? Or would it leave the container when you go to the sign-in page? Like if I'm using Google or Facebook for single-sign-on, or I want to comment on a Disqus thread below a news article - since it's in its own container, I'm not logged in on this other site, but if I click a link to log in and it takes me away from this site, it takes me away from this container.
That's actually an interesting issue I had with it, in some versions that actually didn't work. But, somehow, now it does, and I don't know why (haven't read up on it yet).
Yes, the technical solution would be so much better than the annoying "this site uses cookies" notice, a much as I don't trust governments to competently meddle in web standards it would be nice to see somebody big throw their weight around and protect consumers from this.
Yes, this would make single-sign-on harder, but it would make it explicit and be worth the trouble so that when the user is talking to A, they're not being tracked by A's friends B, C, and D.
Of course, the big problem: the best browser is owned by the advertiser who stands to lose under such an arrangement. So at best you'd need Safari or IE to spearhead such a change. You can ape it with browser extensions, but without a big browser maker pushing for this kind of shift some sites would just break under such a model (particularly single-sign-on services like Gmail and Facebook).