this post was submitted on 02 Sep 2024
569 points (99.7% liked)

Cybersecurity - Memes

1964 readers
2 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
 

Nothing tells me more that you care about my privacy than sharing my data with hundreds or thousands of companies.

top 32 comments
sorted by: hot top controversial new old
[–] [email protected] 38 points 2 months ago (4 children)
[–] [email protected] 7 points 2 months ago (2 children)

Does that actually block "legitimate" cookies too? Because many of the pop ups are now set up in a way that "reject all" doesn't reject those, and I honestly don't trust that the extension is doing anything beyond "clicking" "reject all" on your behalf, meaning the hundreds of "legitimate" cookies will still get through.

[–] [email protected] 2 points 2 months ago (1 children)

If the plugin knows about it then it can handle it.

[–] [email protected] 4 points 2 months ago (2 children)

But how do I know that it does?

[–] [email protected] 6 points 2 months ago (1 children)

Read the code https://github.com/cavi-au/Consent-O-Matic ? Check the cookie after it has been set?

It's a valid question and if it wasn't both open-source and popular the doubt would be very justified. Here with so many eyes interested in the topic, the lack of proper reward for the risk, I would argue it's quite a safe bet.

[–] [email protected] 3 points 2 months ago (1 children)

I don't know how to read code (like what I would wager is most of the population), so that wouldn't help much, and is another reason for doubt.

Knowing that it's open source definitely helps, but I still worry that the pop ups get updated at a faster rate than the extension does, and unlike with an adblocker, I wouldn't necessarily be able to tell.

As I said, I'll keep it in mind, but at this point avoiding the worst offending sites is still easier (with added bonus that I deprive them of my traffic).

[–] [email protected] 2 points 2 months ago* (last edited 2 months ago) (1 children)

Unfortunately I don't think this code has been audited by a third party. That being said if there is not an uproar in issues in the repository or a popular fork overtaking it or a bunch of terrible online reviews, I would assume it's relatively safe. It's challenging to have a backdoor or scam or just bad practices with so many eyes on the source code. It's not impossible of course but it's rare, especially when it's something optional, the risk is very high.

Regarding pop-ups I'm not sure I understand. A lot of cookie banners use the same (sadly due to the concentration) services so I believe by supporting only a handful a lot of the Web can be covered. If he plugin doesn't support it, it just does nothing, letting the user decide as they normally would. The rules themselves are also public and can be checked.

Anyway nobody "needs" this so it's fine not using it. It makes me wonder though in practice how it changes behavior, e.g do I sometimes click "allow" or "yes" because I'm just tired, and think "whatever, right now I don't have time for this, I just want the damn information" and if so, does this plugin, assuming it doesn't fail, genuinely help, or not.

[–] [email protected] 1 points 2 months ago

Regarding pop-ups I’m not sure I understand. A lot of cookie banners use the same (sadly due to the concentration) services so I believe by supporting only a handful a lot of the Web can be covered. If he plugin doesn’t support it, it just does nothing, letting the user decide as they normally would. The rules themselves are also public and can be checked.

I've seen more and more different kinds of cookie pop ups, and even the ones that look familiar tend to have variations (like in how/where they include "legitimate interests" or how you object to them). I'm sure the people who made the plugin do their best, but the advertisers are constantly trying to find new ways to deceive or confuse people in to accepting their trackers which may not be noticed immediately, and like I said, I have trust issues lol (so if the plugin does nothing, and I can't tell unless I pay the same attention as if I was doing it myself, that's enough to make me pass).

Anyway nobody “needs” this so it’s fine not using it. It makes me wonder though in practice how it changes behavior, e.g do I sometimes click “allow” or “yes” because I’m just tired, and think “whatever, right now I don’t have time for this, I just want the damn information” and if so, does this plugin, assuming it doesn’t fail, genuinely help, or not.

Very very rarely will I give in to the frustration and just click "reject all" and hope for the best (not on any site, like if they have the cookie telling me they're wanting to connect all my devices or whatever, which is always "always active", fuck that), and I hate it every time. Assuming it doesn't fail, then yeah, it would help in those situations, but nothing never fails, so it's back to only trusting my own actions lol

[–] [email protected] 3 points 2 months ago (1 children)

By watching it.

There are 2 operating modes. Hide and picture in picture. Using picture in picture mode you can watch it do it's thing.

[–] [email protected] 4 points 2 months ago

Using picture in picture mode you can watch it do it’s thing.

Fair enough. Still sounds like more trouble than it's worth (having to look at it do it's thing each time, because each site has its own version, and they also change them regularly. Yes, I have trust issues), there's rarely anything behind the worst cookie pop ups that can't be found elsewhere.

I appreciate the info though, thanks. If things get bad enough I might not have a choice but to at least automate the process if I can no longer avoid it.

[–] [email protected] 1 points 2 months ago

Personally, I just use Cookie AutoDelete in addition to the cookie dialog removal extension (in my case, "I Still Don't Care About Cookies").

[–] [email protected] 4 points 2 months ago (1 children)

nice, thanks

will use this one, as the "i dont care about cookies" extension seems to cease to work nowadays

[–] [email protected] 10 points 2 months ago (1 children)

From memory I don't care accepts all cookies where consent-o-matic will actively opt out of them.

[–] [email protected] 1 points 2 months ago

Yeah, you should use an extension for removing cookies along with it.

[–] [email protected] 3 points 2 months ago

I think just for desktop at the moment unfortunately

[–] [email protected] 1 points 2 months ago (1 children)

Nice, I used "I don't care about cookies" for a while which just accepted or hid the pop-up and then blocked tracking locally. They got bought out by some corpo tho so I stopped using them.

[–] [email protected] 2 points 2 months ago (1 children)
[–] [email protected] 2 points 2 months ago

Ohh its available for android. Nice!

[–] [email protected] 19 points 2 months ago (4 children)

I wonder what it would be like if there was a setting in Firefox that opened each website in it's own container without any faff. Firefox automatically creates the container for the website if it doesn't already exist and opens the website within it.

[–] [email protected] 4 points 2 months ago (2 children)

I'm no expert in this matter, but it's probably much more effective to tweak your firefox than clicking around in those cookie banners.

I personally like uMatrix, which offers granular control which sites can run scripts or set cookies. But it is clearly targeted at advanced users.

[–] [email protected] 2 points 2 months ago

Like Linux, I don't want it to be the hobby; I just want to use it. If every website opened in it's only container then there is no care about cookies because they can't track you across the web, nor can they try to steal others.

[–] [email protected] 1 points 2 months ago (1 children)

Is uMatrix developed again? Because, since it didn't update webextension APIs, it got much less effective than uBlock Origin with a medium blocking setting.

[–] [email protected] 1 points 2 months ago

It's not as far as I'm aware.

[–] [email protected] 4 points 2 months ago

You can pretty much do this with Firefox. I'm on my phone but ublock origin can block 3rd party cookies and scripts. This breaks a lot of sites but it also lets you turn those back on, on a case-by-case basis. Plus various other Firefox settings.

[–] [email protected] 3 points 2 months ago

I've only got superficial knowledge on this, but I believe Firefox does roughly that out of the box.

The feature that you're asking for is called "first-party isolation". It was implemented by the Tor Browser devs and upstreamed into Firefox, and it's what the whole Container technology foots upon. You can activate it in Firefox by setting privacy.firstparty.isolate in about:config to true.

But as I understand, Firefox now ships dynamic first-party isolation (dFPI) out of the box. Which is FPI, with a few exceptions to ensure web compatibility.
This is part of a wider effort called State Partitioning. And they market it to users as Total Cookie Protection. It's a bit confusing...

[–] [email protected] 1 points 2 months ago* (last edited 2 months ago) (1 children)

That would be awesome.

Defaulting to "Private Browsing" achieves most of the desired effect, but I still have to switch to regular mode for sites I sign in to.

Needless to say, my technique is only effective because I'm a socoal pariah who doesn't sign into anything owned by Meta or Google.

[–] [email protected] 2 points 2 months ago (1 children)

Your method would annoy me because of having to log in to websites 'all of the time' instead of allowing at least some to have persistent logins. Losing website preferences would also be annoying.

[–] [email protected] 1 points 2 months ago* (last edited 2 months ago)

Yep. That's another issue with it.

I "solve" (not really a solution) that by opening a new non-private tab just when visiting sites that I sign into.

It's certainly not perfect, even some places that I shop run crazy amounts of tracking.

[–] [email protected] 10 points 2 months ago (1 children)
[–] [email protected] 6 points 2 months ago

That was exactly my inspiration for this meme. But it's by far not the only site that does this

[–] [email protected] 3 points 2 months ago

We value your privacy = your privacy has value which we can sell

[–] [email protected] 2 points 2 months ago