back to article Fed up with Facebook data slurping? Firefox has a cunning plan

Sensing an opportunity in Facebook's squandering of public trust through its previously unrestrained giveaway of user data, Mozilla on Tuesday unveiled a defense against the social ad biz in the form of an add-on for Firefox called Facebook Container. The Firefox add-on, as its name suggests, attempts to contain Facebook's …

  1. Voland's right hand Silver badge

    How is it any better than running NoScript with a single prohibited site - facebook.com?

    How is it any better than running NoScript with a single prohibited site - facebook.com?

    In fact, with noscript I can add all leaches to the list - their technology is nearly identical. "Like", "Share" - which should really be "Snoop", "Snoop". They all use a javascript-let fetched from their website which sucks data using their cookies to identify.

    Just kill 'em all. God will recognize its own.

    And in the very rare event you actually need their services you just go and tell noscript to temporarily enable them - as I do once in a couple of weeks for linkedin.

    1. malle-herbert
      Big Brother

      Re: How is it any better than running NoScript with a single prohibited site - facebook.com?

      It isn't... that's why I put all that FaceBook crap in my hosts-file...

      1. Anonymous Coward
        Anonymous Coward

        Re: How is it any better than running NoScript with a single prohibited site - facebook.com?

        Same here but at my Router/Firewall. (includes Twitter, WhatsApp and the rest of the Anti-Social Media platforms/data slurp engines. Even 70% of Google is blocked. Searches are done via DDG etc.)

        Pisses off the grandkids when they come to visit but for their parents, it is bliss. The phones go down and they actually take part in family life.

        Their father has threatened to do the same at home. :)

        1. Anonymous Coward
          Anonymous Coward

          Re: How is it any better than running NoScript

          It has a user interface that users will understand? Even most of the people I work with see NoScript as something that causes all sorts of grief, never mind non-technical users.

          We all know no-script is cool, but as a user experience it's rubbish. You have to care enough to put up with it constantly breaking things. Most users would rapidly lose patience. If this is easy to use then that's an advantage over NoScript.

          1. Anonymous Coward
            Anonymous Coward

            Re: How is it any better than running NoScript

            We all know no-script is cool, but as a user experience it's rubbish. You have to care enough to put up with it constantly breaking things. Most users would rapidly lose patience.

            Dear Gods, what a whingy snowflake post.

            No-Script turns off javascript functionality, so of course it will "break things" that's the idea. You need to invest a bit of time to set it up for each site you use it on, and for some sites, that won't work at all, you have to choose whether the site is worth whitelisting or not.

            If you can't be bothered to set it up and use it properly, then stop using it!

            1. Headley_Grange Silver badge

              Re: How is it any better than running NoScript

              "If you can't be bothered to set it up and use it properly, then stop using it!"

              I agree in principle, and I live with broken websites, no videos and pictures, failed payments, etc. because I value my privacy and can't be bothered to spend the time setting up NoScript - principally because I don't really know what I'm doing and haven't got time to learn.

              But what about people like my mum? When she rings up with a problem it's very difficult to help her because she doesn't know what the following mean; "window", "return key", "Finder", "Menu Bar", "Side Bar", "Folder", .......; so expecting her to be bothered to set up NoScript isn't a realistic proposition. I installed AdBlock for her a while ago, but disabled it because it breaks enough sites to be a problem for her.

              I don't think that people should need a degree in website design to protect themselves online and if, in the absence of proper legal protection from HMG, Moz comes up with something that gives some simple protection to people like my mum then all power to them.

          2. Doctor Syntax Silver badge

            Re: How is it any better than running NoScript

            "We all know no-script is cool, but as a user experience it's rubbish. You have to care enough to put up with it constantly breaking things."

            Wrong way round. I regard a website that can't function without introducing lumps of code from sources over which its developers have no control as being already broken at best and potentially dangerous at worst. All NoScript does is reveal that this damage.

            Don't shoot the messenger.

            1. lglethal Silver badge
              Go

              Re: How is it any better than running NoScript

              NoScript was great, and simple, and I taught many a family member to make use of it. After the 56 update, though it became a horrible UI mess of complexity and pretty much all of those family members either stayed with the old version of firefox or abandoned noScript entirely. I've tried transitioning them to uorigin, but it lacks the simplicity of the old NoScript UI.

              Shame really, it would have been so easy to implement an easy version with a level of control replicating the old version and then providing an advanced version for those that want the detailed levels of control the 56 update provides. Oh well, the wait for an easy replacement goes on...

              1. Just Enough
                Flame

                Re: How is it any better than running NoScript

                "After the 56 update, though it became a horrible UI mess of complexity"

                This. So much this. NoScript was never the easiest of add-ons, but recent updates have been disastrous. A complete and confusing redesign of the UI, with a lack of any documentation on how to use it. End users were expected to just figure it out themselves.

                And it keeps breaking or forgetting settings. I got to the point of purging everything (poking through Firefox setting files to achieve this was fun) and attempting to start again. But then it screws up again on the next update.

              2. GIRZiM

                Re: I've tried transitioning them to uorigin

                Use uMatrix instead. Furthermore, it's an improvement over NoScript because it it blocks at source, preventing things even getting as far as the browser in the first place.

                Ad (ha) adNauseum for the adblocking + increased anonymity + ethical aspect and the job's a good'un.

            2. Nattrash Silver badge

              Re: How is it any better than running NoScript

              People, people! Why all the noise about NoScript? If you don't like Giorgios labour of love, go for an alternative. I mean, for the tech savvy audience here, I expect an extended use of Gorhills uMatrix (with excellent UI) any way. Which not only would tackle facebook.com, but even facebook.*...

              ... which can be combined with a vast number of host files (e.g. Dan Pollock, Peter Lowe, EasyList) that could help you catching "all that other stuff"... if you want...

            3. Anonymous Coward
              Anonymous Coward

              Re: How is it any better than running NoScript

              Precisely. I torture myself with uMatrix, manually authorizing every 3rd party for every site. I just don't browse naked. I'm bashful.

            4. vulture65537

              Re: How is it any better than running NoScript

              > introducing lumps of code from sources over which its developers have no control

              https://www.troyhunt.com/locking-down-your-website-scripts-with-csp-hashes-nonces-and-report-uri/

          3. Anonymous Coward
            Anonymous Coward

            Re: How is it any better than running NoScript/uMatrix

            "We all know no-script is cool, but as a user experience it's rubbish. You have to care enough to put up with it constantly breaking things. Most users would rapidly lose patience. If this is easy to use then that's an advantage over NoScript."

            I agree with this comment.

            I use uMatrix which is much more user friendly than most and just as effective.

            1. ma1010
              Go

              Re: How is it any better than running NoScript/uMatrix

              You might try Ghostery. It blocks out trackers and other such vermin and seems to work well without doing violence to web sites.

              1. GIRZiM

                Re: Ghostery

                What the 'Ghostery' that was bought out by a company that tracks users and sells their data - that 'Ghostery'?

    2. big_D Silver badge

      Re: How is it any better than running NoScript with a single prohibited site - facebook.com?

      Except you are blocking scripts, but not images or cookies with NoScript - which is why I use it for advertising, I don't block them from showing ads (the site I visit has to earn money somehow), but the advertisers don't have to run JavaScript to show me an ad.

  2. Anonymous Coward
    Anonymous Coward

    While Facebook Container may help a bit, it has limitations.

    Too right. Remember all the stuff that Facebook stores *server side* - the postings you made, your friends graph, your likes, your contacts, your private messages, all the call data it slurped out of Whatsapp and other Facebook apps.

    No browser plugin is going to stop that. Cross-referencing clicks on third-party sites is just icing on the cake to them.

    1. Paul Crawford Silver badge

      Re: While Facebook Container may help a bit, it has limitations.

      No, this is still very important because some people actually do different things on facebook compared to the rest of the web they access.

      Yes, I know that is a strange idea that there are people who won't spunk their entire life and thoughts on the modern idiot-box replacement, but it is apparently true. By locking out cookie / "like button" tracking they are making a good start.

      Next think they should be addressing is browser fingerprinting. Just how much information is really needed to make a usable web site interaction? My guess is very little compared to what is currently offered, so they should stop reporting non-generic stuff like installed fonts, plugins, display size, etc. While some info might be useful, having only a dozen or so browser permutations from Firefox would be a major step forward in terms of privacy and a useful selling point over Google/MS offerings.

      1. Anonymous Coward
        Anonymous Coward

        Re: While Facebook Container may help a bit, it has limitations.

        Next think they should be addressing is browser fingerprinting. Just how much information is really needed to make a usable web site interaction?

        Too right. Even browser type/version is less important than it used to be in the old days when IE6 hacks had to be deployed just to get CSS formatting to display content right. Blabbing stuff like viewport size, OS version, plugins etc should be strictly opt-in when required, not a default where everything's blabbed to any server you connect to.

      2. Anonymous Coward
        Anonymous Coward

        Re: While Facebook Container may help a bit, it has limitations.

        re fingerprinting: One of us needs to write a Firefox Fuzzer: randomly vary the reported attributes like fonts, display size, etc. Make them look "real" (no 3x19000 screen resolutions, for instance), but enough of a moving target to defeat trackers.

        1. Charles 9 Silver badge

          Re: While Facebook Container may help a bit, it has limitations.

          They'll just start coding fuzz detectors to detect the use of fuzzers by using statistical analysis. It's hard to produce plausibly fake data, especially when sites actually use the information to render their sites (meaning using the fake data makes the site come out wrong).

        2. GIRZiM

          Re: One of us needs to write a Firefox Fuzzer

          Search for 'Canvas Blocker' on addons.mozilla.org

      3. GIRZiM

        Re: Browser Fingerprinting

        uMatrix+Decentraleyes+Canvas Blocker+ (eventually) some replacement for Random Agent Spoofer

    2. pakman
      Holmes

      Re: While Facebook Container may help a bit, it has limitations.

      If it successfully blocks anything that FB want, the Zuck will already have a team working (quietly) on how to get around it.

    3. Ian Michael Gumby
      Boffin

      @AC Re: While Facebook Container may help a bit, it has limitations.

      That assumes you have a FB account. The slurp is that FB most likely has a financial agreement in place to have some of their code running on a lot of site's pages or they convinced the sites to have single auth or tie in to their site.

      What's more disturbing...

      in 2009 Zuck sayz no sharing period.

      2012 Zuck shares w Obama for free. (Which actually is very illegal when it comes to FEC laws)

      Not a peep or complaint.

      2016 Trump buys data / algos from a company that purchased this from a researcher who got it from FB.

      Everyone is complaining.

      The truth is that this has been a major issue when it came to monetizing FB.

      1. AmyInNH

        Re: @AC While Facebook Container may help a bit, it has limitations.

        "2012 Zuck shares w Obama for free"

        NYTimes says O campaign ASKED FB users for their permission.

  3. AMBxx Silver badge

    Isn't that what Internet Explorer is for?

    I use IE for the very small amount of FaceBook stuff I use. Completely open, but nothing's going to leak to the other browsers I use.

    1. Christoph

      Re: Isn't that what Internet Explorer is for?

      IE is my browser of last resort if a site won't work on anything else.

      I use Chrome for Facebook to keep it isolated, Firefox with shedloads of security add-ons as my main browser, Pale Moon for a few sites that break with all those security add-ons, and a couple of other browsers for special purposes.

      1. AMBxx Silver badge
        Joke

        Re: Isn't that what Internet Explorer is for?

        @Christoph

        >> Special Purposes

        Are they better adapted for one handed 'browsing'?

  4. Anonymous Coward
    Anonymous Coward

    Sympathy

    Leaving aside any morals of it all, i do have some sympathy for anyone at Facebook attempting to undo the data tracking side of things in even the smallest way.

    It has been over 10 years since a PFY named mark made a fancy bulletin board for his college, since then every bit of code written has been in service of accumulating data.

  5. Charles 9 Silver badge

    So no mercy to those who MUST use Facebook to stay in touch with family or do their jobs (with no alternatives to speak of)?

    1. Doctor Syntax Silver badge

      "So no mercy to those who MUST use Facebook to stay in touch with family or do their jobs (with no alternatives to speak of)?"

      You didn't read it did you? It enables you to use FB if you've dug yourself into that hole and at the same time keep all other use of your browser out of their hands.

  6. Anonymous Coward
    Anonymous Coward

    Too little, too late...

    I guess Mozilla also suddenly feels the need to jump on the anti-Facebook bandwagon.

    Seriously though, I fail to see the need. I've been using StopSocial on Opera for quite a while now and never looked back. It doesn't just block Facebook but every single trace of social media meddling. No tracking for me thank you very much!

    1. Anonymous Coward
      Anonymous Coward

      Re: Too little, too late...

      I've been using alternate user profiles in a separate process. Less chance of confusing myself than have container tabs in the same window. But containers are welcome. All gadgets are welcome.

  7. Uncle Slacky Silver badge
    Stop

    Why not just use PrivacyBadger?

    PB has the advantage of blocking all social media tracking buttons on other sites, not just FB.

    1. Charles 9 Silver badge

      Re: Why not just use PrivacyBadger?

      Which means all squat if you MUST use Facebook, as it can just glean everything directly by blocking access if you don't.

  8. John Jennings Bronze badge

    And Moz is funded by...?

    Googles....

    I wonder if their container stuff will be configurable to block them?

    Foo

  9. iron Silver badge

    the only way to win remains not to play

    I win! *smug face*

  10. MrAnonCoward43

    Catch that Bandwagon

    Agree about the Google comments, this is Firefox jumping on the Facebook bashing. I hate Facebook as much as the next data-pilfered man who has never signed up but what about all the other tracking, if Mozilla wants to do this then they should have one to block Google Analytics, Google Tag Manager, Google Retargetting, Add This, Twitter Share etc etc. We know none of the Google stuff will be blocked by Firefox.

    Having never signed up to Facebook but having used Whatsapp I am pained to imagine all that Facebook has stored against me, as has proved it's not hard for them to link things on names, numbers and then throw in some facial recognition.

    However, I'm sure the data Facebook has on me pales into insignificance from what Google has hoovered up over the years prior to me blocking google analytics and from the years of using an Android phone until I jumped ship.

    1. Anonymous Coward
      Anonymous Coward

      Re: Catch that Bandwagon

      Yeah. Google. I surrendered to them long ago, although I've always blocked Analytics, for no better reason than peevishness. <sigh> Fuck 'em all.

  11. Pen-y-gors Silver badge

    Cat-skinning methods...

    The comments about 'just avoid FB' don't help when people actually need to use it - for various reasons.

    Then we get into mitigation strategies.

    We've had lots of different plug-ins suggested.

    Personally, I have several different 'fake' accounts, I use a selection of add-ons to e.g. delete cookies (not just from FB), but, interestingly, I've run FB in a Firefox container to keep it isolated fro some months now. Containers quite handy - using several to keep different twitter a/cs open at the same time (more flexible than Tweetdeck sometimes)

  12. tiggity Silver badge

    correction

    "Lesser privacy that can be had from a patchwork of browser add-ons – uBlock Origin, Privacy Badger, Disconnect, NoScript, etc. – though these can sometimes break websites. "

    Surely ..

    these can sometimes break badly written websites

    .. and lesser privacy is subject to interpretation - all depends how well they are configured

  13. IglooDude

    I fired up VMware Player (the free version), spun up a Mint VM, and use it exclusively for Facebook, the account of which uses a FB-dedicated gmail address. Zuck can have the whole damned OS if he likes, he's not getting anything else from me.

  14. Anonymous Coward
    Devil

    Just put facebook.com in your hosts file - all these

    facebook.com

    *.facebook.com

    http://facebook.com

    https://facebook.com

    ......etc

    and really be rid of it

    1. IglooDude

      Hosts files that get updates, maybe? There's a lot of facebook.net that I've seen. And really, how trivial for a company like Facebook would it be to come up with additional inocuous-sounding (or at least anonymous) domain names?

      1. Colin Miller

        You forgot fbcdn.net (FaceBook Content Delivery Network) and probably many others

  15. Anonymous Coward
    Anonymous Coward

    Options options options

    Plenty of other blockers in the world

    Firefox:-

    Javascript Toggle on/off (Toggle button) - this just toggles the config setting and reloads the page

    -- just manually turn it on where needed.

    Disable Javascript (Toggle button)this is per tab/domain set to by default to on or off tab or domain - whitelist preferred domains

  16. Anonymous Coward
    Anonymous Coward

    Facebook 'free' world can't get here soon enough

    https://www.bloomberg.com/news/features/2018-03-27/ad-scammers-need-suckers-and-facebook-helps-find-them

  17. Anonymous Coward
    Anonymous Coward

    Mozilla is worried about Privacy suddenly???

    Great, as Mozilla was making Privacy UnFriendly moves recently. But it all seems a bit futile, like Facebook revamping its settings after horse bolted:

    "Under the revamp, users still won’t be able to delete data that they had given third-party apps on the platform previously, even if it was used for reasons other than what was agreed to. That data, generated over years of games and personality quizzes that had access to private information, is largely still stored outside of Facebook’s grasp by the private individuals and companies that built those applications."

    https://www.bloomberg.com/news/articles/2018-03-28/facebook-announces-new-security-settings-amid-privacy-concerns

    1. Anonymous Coward
      Anonymous Coward

      Re: Mozilla is worried about Privacy suddenly???

      ....18% fall is a good start. Its the only thing sociopaths like Zuk understand:

      .

      "Plunged Facebook into one of its worst crises of confidence in years. The stock has fallen 18 percent since the news was first revealed by the New York Times and The Observer of London earlier this month, wiping out almost $100 billion of market value. Facebook is no longer among the top five most valuable companies in the world and it delayed unveiling a new home speaker product to reevaluate how it uses data, according to people familiar with the matter. The stock dipped 0.2 percent early Wednesday to $151.94."

      -

      "The move, which Facebook said was in the works even before the Cambridge Analytica scandal shook the company and its stock price, is unlikely to put to rest the broader issue of user privacy. Nonetheless, it underscores a key concern of both Facebook and its investors: how to keep people from deleting their accounts over what many see as a betrayal of customers’ trust."

      ....How can MSM keep saying this: FB Customers = FB-Investors + FB-Advertisers

  18. ashton

    You mean same mozilla who's on so friendly terms with their neighbour google ? I don't trust mozilla any more than i trust google.. and google went evil all the way

  19. Danny 2 Silver badge

    Burn

    "O wad some Power the giftie gie us, to see oursels as Facebook see us!"

    you've quit Facebook

    ahead of me

    we've fallen out

    at least on this we agree

    so don't come around

    no checking up on me

    since we've fallen out

    i've been left here to seethe

    and your enemies

    became my closest friends

    since we've fallen out

    fallen right over the edge

    my patience wore

    and my temper thinned

    since we've fallen out

    never to make up again

    such a waste of a friendship

    since we've fallen out

    spiralled out of existence

    so forget that we happened

    i've picked over the bones

    since we've fallen out

    i've tortured and torn

    my soul from its core

    my soul is ripped from its core

    since we've fallen out

    i don't believe anymore

    https://www.youtube.com/watch?v=i81oLnlaovc

  20. Drone Pilot

    Pointless for the masses?

    Sorry, but stuff like this is cool for the techies but for my wife and mom? Naa, won't gain traction.

    For those of us who want to stop the likes of FB tracking us, we a) don't use FB b) use Ghostery c) b + ABP d) all of the above.

    We techies are few. The masses will still be tracked by EvilCorp.

    1. GIRZiM

      Re: Pointless for the masses?

      Ghostery and ADB? The Ghostery that is owned by a company that harvests and monetises user browsing data and the ADB owned by a company that takes money form advertisers to whitelist their adverts - that Ghostery and that ADB?

    2. terrythetech
      Facepalm

      Re: Pointless for the masses?

      Finally, somebody who realises that most web users aren't tech savvy. Nearly all of the posts are about "What I do" and they vary enormously. It is a jungle for the average user so they just don't bother. If FF can make it easy to stop (er, reduce) slurping - good on them.

  21. GrahamTwine

    Dump facebook!!!

    Vote with your feet or rather your finger and delete your account.

    Now seriously ask yourself what good comes from this horrible application. I have not got a facebook account and do not see the point of it at all. I constantly hear, oh i use it to keep in touch with loved ones who are overseas. In this day and age there are far better options.

    In my opinion profiles on facebook are the life we want everyone to believe we are leading it is not the life we lead, we snoop on old school friends, ex lovers and work associates.

    Lets face it the entire conglomerate is built on theft. Undisclosed of course.

    Dump it now and go outside, do something with your life rather than telling outher how great it is MAKE IT GREAT!

    Graham

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020