back to article Firefox 85 crumbles cache-abusing supercookies with potent partitioning powers

The Mozilla Foundation has scorched a pair of monstrosities in the new version 85 of its Firefox browser. The big target is supercookies which, as explained by Mozilla privacy engineer Steven Englehardt and senior product manager for Firefox privacy and security Arthur Edelstein, are very nasty trackers indeed because they …

  1. This post has been deleted by its author

  2. Hubert Cumberdale Silver badge

    Good stuff. However, I have caching of HTTPS pages disabled (which makes no discernible difference to page load times on my modest 36Mbit broadband), and I also enforce HTTPS (only occasionally making an exception when absolutely necessary), so this won't make too much difference to me. I re-iterate my call for HTTPS on every website, and I await the inexplicable downvoting from those who seem to think it's a bad idea because its hard work* or something.

    *Before anyone says LetsEncrypt is difficult to understand etc., I will note that I find it utterly seamless with my hosting provider. In any case, that's not an argument against HTTPS, it's an argument for simpler implementation of HTTPS certificate management.

    1. Crypto Monad

      This issue is not so much about caching of HTML pages themselves, but of the assets referenced within them - images, CSS stylesheets, Javascript etc.

      Even when fetching over HTTPS, I doubt your browser refetches *all* the assets for a page for every page view. For many sites that would be multiple megabytes per view; you'd certainly notice it.

      The problem described in the article is when two separate websites (site1 and site2) both reference an asset at the same URL, e.g. img src="https://example.com/foo.png". Colluding sites could generate an image (or stylesheet etc) dynamically, and then check its content. The solution in Firefox is to have separate caches when browsing site1 and site2.

      1. Graham 32

        > I doubt your browser refetches *all* the assets for a page for every page view.

        All resources on an https page have to be loaded over https. So if he has https caching disabled it really will fetch everything on every page view.

        1. Hubert Cumberdale Silver badge

          Indeed. And I maintain that if the load times are impacted at all, it's not in a way that I care about (after all, I grew up with a 56k modem). I sincerely hope that most sites aren't slinging multi-megabyte images at me anyway. Maybe blocking the ads helps with that.

        2. Anonymous Coward
          Anonymous Coward

          The article states there's a separate HTTP cache & image cache - so I wouldn't automatically assume that "HTTPS cache disabled" (whatever that means exactly) disables cross-origin HTTPS image cache.

    2. Paul Crawford Silver badge

      https everywhere

      I have no issue with sites offering only https for security.

      I do have an issue with web browsers disallowing http or self-signed certificates and no configuration to allow it, as that breaks lots of legacy equipment you might need to administer locally over http.

      1. Hubert Cumberdale Silver badge

        Re: https everywhere

        I concur. That is a pain in the arse.

    3. Snake Silver badge

      The simple expedient, available for many years, was to set Firefox to clear both your cookies and cache at every program exit.

      Am I the only [paranoid fool] who bothered to actually use this option??

  3. iGNgnorr
    FAIL

    Firefox 85 hangs

    Firefox 85 is unusable: it hangs immediately. On the up side, that does prevent user tracking.

    1. ThatOne Silver badge
      Trollface

      Re: Firefox 85 hangs

      > Firefox 85 is unusable

      Thank god you're here, nobody else had noticed yet!

      1. Brian Morrison
        Boffin

        Re: Firefox 85 hangs

        Latest Firefox packages for Fedora show this in the changelog:

        - Added fix for mozbz#1679933 - startup crash

        It's a Mozilla bug, so possibly affects lots of people, however I didn't see a crash myself with the first ff 85 package I installed.

    2. Snake Silver badge

      Re: Firefox 85 hangs

      For the record, that seems to be on Linux or Fedora specifically. Runs fine on Win10 1909.

      1. BenDwire Silver badge
        Go

        Re: Firefox 85 hangs

        It runs fine on Debian Testing too.

      2. Chubango

        Re: Firefox 85 hangs

        Fine on arch as well.

        1. Palpy

          Re: "Fine on Arch as well."

          I was poised to -Syu but thought, mmm, maybe extend an info-gathering antenna tentatively first. No need! Thank, Chubango.

      3. Adair Silver badge

        Re: Firefox 85 hangs

        No probs on Mint so far.

      4. Fruit and Nutcase Silver badge

        Re: Firefox 85 hangs

        Ok on Centos 7

  4. This post has been deleted by its author

  5. razorfishsl

    The image tagging has been in use since about 2008,

    Why have they only decided to do something about it now?

    Facebook was the biggest user of the tech... via their off site links back to face book.

    each website has a link which serves a tagged image from FB to the users browser.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021