Hacker News new | past | comments | ask | show | jobs | submit login

> The warning when opening about:config is no exaggeration

If you feel uncomfortable in that section, feel free to avoid touching it. But if you know what you do, there are zero problems. Want to change your user agent? Do it there. No problems. The warning is for your average non-technical user, justifiably.

Well, perhaps you need to read up on those a little bit again.

> If I remember correctly, this may break some sites.

Sure, everything may break some sites. But this is about blocking third party cookies, which blocks not a single site I know (Do you know a popular one?) while being one of the most effective measures against tracking (which uses fingerprinting) out there.

> Questionable value for privacy / fingerprinting. If you plug-in your computer ...

Sure, agreed for privacy.

> Pointless since 20100101 is already the default used in the user agent string

Yes, since late 2015 only, and keeping a default hardly does any harm. By the way, try outputting `navigator.buildID` in your JavaScript console -- oops, not even this setting helped. The real ID is right there. So it's not as easy as you might think.

> is this about the "stranger opens a new tab in my profile and sees what sites I frequently visit" scenario?

No. If I remember correctly, the "new tab" page is about the ads.




  > Pointless since 20100101 is already the default used in the user agent string
  
  Yes, since late 2015 only
Actually it was 2010 (hence 20100101) for Firefox branded builds:

https://bugzilla.mozilla.org/show_bug.cgi?id=591537

And 2013 for all builds (I happen to have fixed this bug):

https://bugzilla.mozilla.org/show_bug.cgi?id=728773


> If you feel uncomfortable in that section, feel free to avoid touching it.

I feel very comfortable touching hidden prefs in Firefox. That's not my point. My point is that random users stumbling upon your github page may not know what they're doing.

> Sure, everything may break some sites. But this is about blocking third party cookies, which blocks not a single site I know (Do you know a popular one?)

I quickly googled this for you, found this:

https://bugzilla.mozilla.org/show_bug.cgi?id=849948

https://news.ycombinator.com/item?id=5272069

https://getsatisfaction.com/getsatisfaction/topics/bad_user_...

https://planapple.uservoice.com/knowledgebase/articles/50965...

> No. If I remember correctly, the "new tab" page is about the ads.

The new tab page displays frequently visited sites. In new profiles without a browsing history, it would also suggest sites, some of which would be "sponsored" (i.e. ads). If I remember correctly, Firefox would pick the ads locally without leaking information about you. So what's the privacy impact? Also, it doesn't even do that anymore: http://arstechnica.com/information-technology/2015/12/firefo...


> I quickly googled this for you, found this

Right, "1292 days ago". Now that we've just talked about information that is out-of-date.

> Blocking 3rd party cookies breaks surprisingly few things

Agreed. A comment from the post that you linked to.

Disqus being one of the few exceptions that don't work (because it's embedded as a third-party on first-party sites), personally, I can live with that. Everybody has to decide for themselves. If some setting doesn't work, it can simply be undone.


> Disqus being one of the few exceptions that don't work (because it's embedded as a third-party on first-party sites),

Just like e.g. Facebook Login and github accounts, right?

> personally, I can live with that. Everybody has to decide for themselves. If some setting doesn't work, it can simply be undone.

Except that the list that you promoted here has no detailed documentation and doesn't put users in the position to make an informed decision.


Facebook login, Google login, etc. still work (at least with most implementations), since they redirect to the SSO site, which is what every reasonable site should do, instead of using an iframe/embed.

Good luck finding something that considerably improves your privacy while breaking 0.000% of modern sites.


I'm not blaming you for the fact that disabling third-party cookies may break some sites. The problem is that you provided a long list of preferences privacy-sensitive users allegedly should set, without explaining what these prefs do let alone warning about the possible negative impact.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: