Mozilla doubles down on anti-tracking tech: It'll be tougher for wily ad-biz cookie monsters to track Firefox A week after Firefox 79 debuted, Mozilla says that it plans to start rolling out version 2.0 of its Enhanced Tracking Protection (ETP) scheme to prevent redirect tracking on the web. On the web there's a distinction between first-party cookies – files stored in your browser by a visited web application or site – and third- …
We've had Firefox addons that kill redirect and bring you to the intended website since ages. Why do we need this newfangled tracker/blocker thingamajig ?
It's not really difficult either, if I'm not mistaken. A redirect is like http://ww.redirect.com?goto/http:www.intended.site.com. Just check for the second http and take that.
It's not hard. At least I think. Why all the hoopla ?
the last time I saw an advert in a browser.
There again, I don't use IE/Edge or Chrome or actually Google anything. (plus zero social media platforms)
There is a pattern there but I can't quite see what it is. I need some more coffee.
[gulp][gulp]
Oh yes. I've got it now. Google is an ad factory. Use anything with their brand on it (or even their source code) and you know what you are letting yourself in for.
If I had my way then Google would be made to pay 99% tax on all UK income before they send of offshore to some tax haven just for the damage that they are inflicting on society. Never gonna happen so don't bother downvoting this post.
"If I had my way then Google would be made to pay 99% tax on all UK income before they send of offshore to some tax haven just for the damage that they are inflicting on society. Never gonna happen so don't bother downvoting this post."
And if they simply present financial records showing they have NO UK income? That's the sad reality of transnationals: they can play sovereignty against you.
And if they simply present financial records showing they have NO UK income? That's the sad reality of transnationals: they can play sovereignty against you.
In that case you just get information on payments made to Google by UK entities (make it mandatory reporting by banks) and double the taxes as punitive measure.
Customers aren't going to pay for international remittance and I am sure Google would like to get that money, so there will have to be a legal UK entity, which can be taxed. Alternatively, Google can stop doing business in the UK and leave that market to competitors, which is also an excellent solution to the problem as the competitors will be paying their taxes and can grow strong without the killing competition from Google.
"Customers aren't going to pay for international remittance..."
They may not realize they're paying for it if Google plays it savvy. If the customer doesn't realize it, they can probably go for it. Look at eBay and how it handles international transactions, even in foreign currency.
We simply need to make it law that if you do any business at all in the UK, you pay taxes depending on your global turnover.
And yes, I do mean tax turnover, not profit. That puts an instant stop to shell games. If you're still in business, you're obviously making money, even if you are managing to hide it by buying goods and services from your own subsidiary companies at inflated prices. If taxing every pound going into or out of a company's bank accounts is the only way to make sure they pay their fair share, so be it.
Yes, why not? If they are doing business in the UK, they must either be making money in the UK, or be deliberately running a loss-making business in the UK to disguise profitability elsewhere in the world. Taxing a small portion of every sum entering or leaving their bank accounts is the only way to be sure they pay their share.
"That puts an instant stop to shell games."
No, they'll just use more sophisticated shell games, degrees of separation, good lawyers, foreign shenanigans, and so on. Private lawyers tend to get paid more so have more access and more motivation to make their clients happy. I doubt you'll find a method that can't be lawyered around or, at the extreme, challenged in court on various legal grounds. Beyond that, it'll reach a point they'll just pony up to get the government changed altogether, finding that bill to be cheaper.
The problem is not first party vs third party cookies. If third party cookies were banned, advertisers would simply make the switch to first party cookies. That would need a bit more server side plumbing but could be done easily by major sites.
I do not want to be tracked all across the web. What I want is a browser that lets me compartmentalize my cookies into sessions. Like an "Amazon" session, a "Register" session etc. Private tabs are too restrictive, because I want multiple tabs per session. Cookies are limited to one session and not shared between sessions. Then each site could track what I am doing on the site itself, but not my browsing habits elsewhere.
For example, a browser could manage one session per window. Then I could have multiple sessions/windows, and multiple tabs per session/window.
Does that exist?
"Then each site could track what I am doing on the site itself, but not my browsing habits elsewhere."
But what if the two sites KNOW each other...or partner with someone who knows them both AND has second- or even first-party relationships with both of them, meaning their tracking tech looks no different from first-party tracking?
Basic point is, this whole shell game will eventually become server-side user tracking tracking which no user will be able to block, even with masquerading. Then it'll be a matter of, "Stop the Internet! I wanna get off!"
"But what if the two sites KNOW each other."
That would not matter. E.g., the Facebook cookie in the Register session would be different from the Facebook cookie in the Amazon session, and both would be different from the Facebook cookie in the Facebook session, meaning that Facebook would not be able to slurp the articles that I looked at.
So that would work unless they shared identities (i.e., your account information).
As for "Isn't that why you have multiple browsers installed?" Yes. I have Firefox, Opera, Edge, Chrome and Vivaldi. I am running out of browsers.
"So that would work unless they shared identities (i.e., your account information)."
DE-anonymization is a thing, you know? Facebook probably has the ability to connect the dots, by IP or ISP if nothing else, so even if you use physically separate computers, computing habits among other things would probably be able to start linking you together.
Yes: Firefox multi-account containers. There's (I think) support built into FF, and then there's an extension which provides the UI, from Mozilla.
It's OK (I use it to partition off Google & some other toxins) but slightly annoying that you can't write smarter URL-pattern->container rules.
How about this? A first-party cookie set on a website that is visited for less than 5 seconds is automatically cleared by the browser when leaving the website. This would completely stop the concealed-third-party cookie based tracking, as it would be a new cookie on every visit.
Wouldn't it be simpler just to wipe all cookies set by any site that just redirects without displaying anything?
Or even return "crumbled" cookies -- deliberately altered from what the site was trying to set, to devalue and poison tracking data (and maybe even crash servers with poor input sanitisation!)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
