Privacy & Security Wiki Pages: Time for an update?

[Gitoffthelawn]

Firefox and Temporary Containers have both experienced numerous improvements since the Privacy and Security Wiki pages were last updated:

https://github.com/stoically/temporary-containers/wiki/Privacy https://github.com/stoically/temporary-containers/wiki/Comparison

Would those pages benefit from any updates to reflect improvements in Firefox and Temporary Containers?

[stoically]

Any specific changes? The last update on Firefox's end that seems relevant was TCP, which was added to the comparison page accordingly.

[Gitoffthelawn]

I actually learn much from you about these topics!

I know with FF 103, TCP is now the default. But I don't think that really changes anything for those documents, except perhaps mentioning that it's now enabled by default.

One of the reasons why I was re-reading those documents is because, with recent advancements, I was working to determine if TC is still necessary. TC is truly excellent, but I find it requires a time commitment to create isolation exceptions as they come up (or to remember to disable isolation for each site it breaks). And the double-tab creation thing is a touch distracting (albeit better than the tradeoff required to prevent it). As much as I appreciate TC, I was hoping it could perhaps be uninstalled. But re-reading those documents, it seems like the need for it remains. Of course, if those documents are outdated, that would change my conclusion. :)

[stoically]

Interesting, so they have enough heuristics now to even enable it by default. I can certainly add that, but it doesn't change the fact that TCP does no data cleaning. If they'd introduce that as an option, I'd happily deprecate TC.

I'm not following advancements in that area that closely anymore as my focus is different meanwhile.

What would certainly be nice is if FF would expose their data that allows unbreaking sites in TCP mode as an API to WebExtensions, then TC could use that to unbreak sites. Personally I'd appreciate that as well, because I have to regularly press the disable isolation shortcut still.

[stoically]

Updated the TCP paragraph accordingly. Thanks for the hint. :+1:

Also if anyone else has information about relevant upstream developments, please don't hesitate to comment here!

[Gitoffthelawn]

....it doesn't change the fact that TCP does no data cleaning.... If they'd introduce that as an option, I'd happily deprecate TC.

Thanks for your response (and your update mentioned in your next comment).

What is your meaning of "data cleaning" in this context? Are you referring to the removal of cookies, or something else?

[stoically]

What is your meaning of "data cleaning" in this context? Are you referring to the removal of cookies, or something else?

Generally fresh storage (including no cookies), which you get with a new TC.

[PrplHaz4]

Here's a snippet from the arkenfox wiki, which I think says the same thing - TC not necessary for isolation, but does solve the "storage" piece of it:

https://github.com/arkenfox/user.js/wiki/4.1-Extensions#-dont-bother

Temporary Containers, Cookie extensions Redundant with Total Cookie Protection (dFPI) or FPI ❗️Sanitizing in-session is a false sense of privacy. They do nothing for IP tracking. Even Tor Browser does not sanitize in-session e.g. when you request a new circuit. A new ID requires both full sanitizing and a new IP. The same applies to Firefox ❗️Cookie extensions can lack APIs or implementation of them to properly sanitize e.g. at the time of writing: Cookie Auto Delete

        As of Firefox 86, strict mode is not supported at this time due to missing APIs to handle the Total Cookie Protection

[stoically]

️Sanitizing in-session is a false sense of privacy.

Yeah, that's a fair point. I think I've written something along those lines on the browser fingerprinting wiki page.

However, if you keep your storage permanently (as with e.g. TCP), it's easier for the first party to track sessions longterm - and for me personally the combination of permanent and temporary containers is the most convenient way to make it not too easy to track me while at the same time not sacrifcing my convenience, like would be the case with full storage cleaning on session end or Tor browser.

[stoically]

Also left an issue over at the arkenfox repo: https://github.com/arkenfox/user.js/issues/1519