> Yes, this is accurate - extensions cannot intercept requests from PDFium. PDFium, in Chrome, is (partially) implemented as a component extension, and extension requests cannot be monitored or manipulated by other extensions. The behavior of protecting component extension requests is critical for security reasons, and we are unlikely to change it.
Ug, not exactly sure what triggers PDFium vs PDF download, but this is especially bad if I could load a PDF in an iframe and get around any of your ad blocking. I also question why it's considered an extension at the user level. Anything installed and enabled by default should be considered part of the core browser and not an extension (regardless of the mechanisms, such as the extension one, they are implemented with). I understand the levels of separation and implementation difficulty fixing this entails, I really do, but the practicalities of your on-by-default PDF renderer making web requests different than a web page is too bad to ignore.
This goes to show that you can not count on extensions to filter web requests in your browser. You must do it at the network level or have a dedicated browser for it (e.g. Tor Browser). Unfortunately it's often extensions that have all the contextual information needed to make the decisions you want.
That appears to be for blocking JS (and opt-in only via disabling JS on the site hosting the PDF). I am unfamiliar w/ the internals of PDFs (especially concerning JS invocation), but can you request an image from a third party site without scripting? Also, what if I want the PDF's features to work and I just want to filter web requests like I do every other page out there (e.g. to remove the referrer header)?
That web requests in PDF content types are not subject to the same approach as web requests in HTML content types is the problem. Disabling all JS is a blunt instrument akin to telling someone that being able to disable JS for other webpages is as good as more nuanced ad block extension.
You seem to be in favour of some JS running but not other JS - how can software tell the difference? What do you mean by "nuanced ad block extension"? Do they just have a massive blacklist of bad actors to block?
> You seem to be in favour of some JS running but not other JS
No, sorry if I was unclear. What I'm in favor of is my extensions being able to handle/filter web requests on PDFs the same as they do for webpages, irrespective of JS settings. JS is only under discussion here because of the linked commit and I'm saying that's not good enough.
Ok, anyway I agree with that completely, which is why I disabled PDFs opening automatically and have to click to open (via a standlone reader, not browser plugin). It's basically the same situation as the bad old days of having Flash load automatically and it making whatever requests it wants...
However, you probably don't want your Cloud-to-Butt extension reading/modifying requests made by your password-manager extension - which is how I understood the NOFIX comment.
The bug still seems to be present. You can use the testing on our website: navigate a Chrome browser with an ad-blocking extension to e.g. https://wholeftopenthecookiejar.eu/data/extensions/AdBlock/c... and click pdf-iframe-submitForm.
If the result shows cookies, it has not been fixed.
That's not what the fix was. Disable JS on the site, that should prevent the pdf running JS as well. (although it might prevent the pdf loading in the first place...). As kodablah pointed out, it's not a useful fix.
edit to clarify: sorry I thought you thought that fix was trying to fix the bug, but you weren't, so this comment doesn't make much sense.
One can imagine building a hierarchy of permissions so some extensions can have higher privileges over others. One more step in the slow march of browsers taking on more functionality of an OS.
I don’t get this quote. Why is mail reading considered an obvious forward step for a program? That fad seemed to die with the browser Mozilla (or SeaMonkey these days, if it still exists).
Facebook expanded until it could send and receive facebook walled garden mail (fb messages).
iOS has iMessage.
Instagram and tinder and snapchat all support the basic concept of “mail”.
In fact, I wonder how many apps I have installed that don’t have some concept of an “inbox” or “messages”. Taskrabbit, Uber, GrubHub - all do “mail” in the modern, unfederated sense of the term.
(email started out unfederated, then we got uucp and smtp, now we are back to unfederated, centralized messaging.)
Sounds unnecessarily complicated. Allowing extensions to lower select requests of their own to "standard browsing context" would be sufficient. You're not trying to control extensions, just third party content they render.
The main reason why the issue isn't present in Firefox is because their PDF reader (PDF.js) does not have an API to trigger requests (it does execute JS included within the PDF though)
It depends. Extensions cannot modify or do anything with the content of a PDF tab (I wanted to make a PDF dark mode extension). I wish there were special permissions for that.
It's determined by the "Content-Disposition" header in the response. If the header says it's an "attachment" then the browser will trigger a download, otherwise it's displayed inline.
I use Safari 11 as my primary browser. This is promising:
> Safari’s Intelligent Tracking Prevention managed to mitigate all third-party cookies to a tracking domain, apart from redirects. However, we found that future completeness can be undermined by having this option disabled for even a short interval. Third-party cookies set in this interval by tracking domains, which otherwise would have been prevented, will still be included in cross-site requests after enabling the option again, identical to the results when the option is disabled. Luckily, this option is enabled by default, so future completeness can only be affected through explicit disabling by the user.
I'd also like to know whether that applies to iOS, but the paper didn't perform any mobile browser testing.
That said, every so often I view my stored cookies and I'm always shocked at the number of domains that I've never heard of that have stashed cookies. :-(
I never wanted to "waste money" on a mac, but I feel like Apple takes user privacy seriously, and I'm genuinely considering making the switch from Windows just to support that practice. I dunno, maybe that's silly, but it seems like the whole world stopped caring about user security and privacy, and this is refreshing to see fairly consistently.
This is factually incorrect. You can have privacy without security, and you can have security without privacy. Security keeps things safe, privacy keeps things hidden.
Also, ChromeOS devices ship with a rootkit called the Play Store. There are also hundreds of apps on the play store that install malware on Android devices. You may not need to install an anti-virus, but you may also very easily install what looks like a fun game, and then find your funds being drained from your bank account.
> This is factually incorrect. You can have privacy without security, and you can have security without privacy. Security keeps things safe, privacy keeps things hidden.
Uh that's not factually incorrect. You can definitely have security without privacy, but not the other way around. Without security that means your privacy can't be protected.
The fact that your privacy isn't secured doesn't automatically mean that it is automatically compromised, does it? I mean, sure, maybe you assume it is for any real purpose, but that doesn't mean your privacy is actually compromised.
For example, my first iPhone, I didn't have a password (I think -- maybe that was my first ipad). It was insecure, but I'm reasonably sure that everything on there was private (in that more physical sense; I have no idea about internal security of those first generations of iphone/ipad).
A weaker claim that is probably true might be: you cannot guarantee your privacy without security. That you cannot have privacy seems like too strong of a claim?
I think it's bit of a nitpick, but the iPad was under physical security.
I do agree with you though. Privacy is having your information to yourself. You don't need security for that, just that everyone else keep their nose to them self. But if you want to guarantee your privacy, you need some form of security.
"The domain of privacy partially overlaps security (confidentiality), which can include the concepts of appropriate use, as well as protection of information." [1] It does not, however, implicitly provide security.
If I send and receive e-mails with a reporter off the record, we are communicating privately. But the communication may not be strictly confidential, nor secure, unless I take additional steps to ensure it.
If I keep files in my home directory, on my own hard disk, with permissions so only my user can access the files, then my files are private. They are not, however, implicitly secure. Another example: an SSH private key. Without a password on the key, the key is private, but not secure.
> Security keeps things safe, privacy keeps things hidden.
This seems like a false dichotomy. Safety and being hidden are utterly intertwined—is the act of preventing a request revealing my identity an act of security, or of privacy? It seems like both to me: privacy is effected via security of not performing the request without my consent.
You can have privacy and security, you just have no guarantee of one just because you have the other.
Cookie tracking is like wearing only a towel at the beach. Under the towel, you have privacy. But browsers suck at security, and so many websites can still walk up and yank off your towel, exposing you.
Security would be locking the towel to your body with a padlock. I'm not aware of browsers implementing strong security mechanisms for user data, so I'm pretty sure any privacy gains you get are just another towel.
it's a pedantic point I'll make, but one that's important to articulate: Apple hardware has incredible build quality- and you pay for that. An equivelant build quality Windows laptop will cost roughly the same.
The Entry level Apple MacBook pro 15" is £2,349.00 with:
So, more powerful CPU, slower storage and less pixels with a touch screen. -- For the same price.
The issue when comparing price is that it's often Apples (heh) to Oranges, Apple only sell high quality hardware thus the cost to play is higher.
(FWIW they also charge too much for upgrades; but this is just smart business as those who need that much power are willing to pay)
(PS: I actually own a Precision 5520 and I love it; I don't buy into the Apple hype train but I don't buy into the anti-apple hype train either- all systems should be weighed on their merits but my point is that price is often an unfair metric when people talk about laptops due to the abhorrent build quality of most laptops)
It is about the same price or more expensive to get an equivalent windows machine, the Thinkpad P52 is similarly priced if you go for those specs.
I think part of the issue is that you don't have a choice of specs. If PCI-E SSD speeds are enough for you, you don't have a choice to save the money on it. If you want to go for a cheaper 4-core processor with higher clock speeds and put the money into more/better RAM, you can't make that trade-off.
I do agree that macbooks are pretty good value for the components you're getting, but I think unless your view on what you want in your computer matches what Apple will give you then you will end up "wasting" some money on your machine.
I bought a MacBook Pro for 2.2k in 2010 and 8 years later, everything still works. I highly doubt I could say that about a Dell or Toshiba of any price.
I am perfectly capable of making a website work in safari but I am not able to test it because I don't want to spend $xxxx buying a macbook for the purpose of refreshing a web page. Firefox and chrome run on my dev machine and Microsoft gives out a free VM image with edge.
Potentially. Although in my experience safari works 99% the same as chrome so I'd bet a bunch of devs just assume if it works on chrome it will work on safari.
On a regular timebase it removes all cookies and databases except my Favorites like HN, Docker, GitHub, Netflix, my newspaper, etc. Works like a charm, set-and-forget.
Blocking cookies is an OK first step, but I was expecting this to go into things like HSTS supercookies that exploit intended behavior and aren't really fixable.
I have to disagree with the statement, that those techniques are not being used in the wild. I‘ve observed a porn advertising network delivering some js once, which opened a third-party domain served pdf with cookies in the background and then closed the popup immediately again. I was wondering what that was about. Now it’s clear to me.
Pornhub. It could of course be a popup playing a different role (e.g. being part of a "you need to upgrade your vulnerable software naow!1"-scheme) that's only visible if no blockers at all are used.
Self destructing cookies will mostly defeat these problems unless trackers get clever about cross-correlating cookies from different sessions. Restricting JavaScript makes that even harder for them to accomplish.
For most purposes there's little benefit to keeping old cookies hanging around. Just whitelist the sites you want to stay logged in to.
That has been my strategy lately, but it keeps getting more annoying because of all those cookie banners that now can’t remember to not show up – quite absurd and probably not intended by regulators.
Haven’t almost all browsers always had this feature in the form of “keep until browser is closed” or “delete local data after closing the browser”? At least Firefox and Chrome have it hidden somewhere in the settings.
right, right! forgot about that since (as sibling post says) I never close my browser. and since deleting all cookies on browser close is super aggressive and painful.
i'm referring to the latest safari which tracks 3rd-party cookies and deletes them automatically after 24 hours if you've never sent that cookie as a 1st-party one. thus effectively eliminating tracking, yet allowing sites to work normally without having to temporarily enable various trackers or determine which ones are "safe".
at the same time, google/chrome said they are taking a different approach which still allows tracking. i'm not sure that they said they would NOT CONSIDER implementing a feature like safari's though.
Is there a privacy-maximizing combination of browsers and extensions that keeps the web mostly usable?
I'm currently running chrome with uBlock Origin and uMatrix. uMatrix is a bit of a hassle, but I didn't realize the scope of the threat landscape until I saw the huge number of (potential) trackers called out by almost every site.
I believe the only proper step up from your setup would be to switch to browsing exclusively via Tor. Generally smaller browsers that advertise themselves as "privacy-maximizing" make basic mistakes like serving their own user agent - instead of using one of the extremely common user agents. Or at least that was the situation a few years ago.
Is there a meaningful distinction between a browser built by an advertising company, and a browser built by another company that earns almost all of its revenue from the advertising company?
* Well, Firefox being fully open source is certainly a distinction that counts with me.
* Their built-in tracking protection is also another distinction [1].
* Ability to modify core settings to improve privacy is also really nice, but not viable for the average user [2].
* Firefox on android is the only mobile browser that allows you to install add-ons. I'm not talking special mobile-made add-ons. Any add-on that you can install on desktop, you can install on the mobile version. Although usability will definitely vary. uBlock Origin, Privay Badger, Decentraleyes, Cookie AutoDelete - all available on Firefox mobile for android
I'm not going to go as far as saying Firefox deserves your 100% trust. They have definitely made some missteps along the way. However, as far as meaningful distinction, yes I think that is well earned.
I wish browsers had an option to make all cookies and site data local to the domain visited in the url of the browser. So if you are domain on “x”, and there is an iframe into domain “z”, the data would be local to domain “x.z”. When you would visit domain “y” which also has an iframe to domain “z”, its data would be local to “y.z” and therefore you couldn’t be tracked by “z” when going from “x” to “y”.
Of course that would probably break google analytics, so I don’t expect this on chrome.
Not really, it would break adwords but for google analytics you don't need to correlate the users between x.z and y.z, and if you need as you control both sites, you can do changing the link between both to include de google analytics session id (watch for gid parameter on urls).
I hope there could be more tests on Brave browser, too, which aims to improve privacy. But its most lovely feature imo is opening any kind of tab (normal, private, private on Tor network) on the same window. I wonder if this causes some backdoors, though. I support so that it can become better.
I'm not the parent poster, but I worked in ad tech.
With third party cookie policies getting more stringent, many websites now use either a reverse proxy within the first party domain that points to third party servers, or they use a first party subdomain that points to third party servers.
In either case, it allows the servers belonging to the data gatherer to appear as first party, thus getting around third party cookie restrictions.
Combine that with browser fingerprinting, and you now have a harder but very viable way to replace the functionality third party cookies previously had.
A company has multiple websites and all of them use a reverse proxy for tracking. (a webserver that is between clients and the real webserver and just "proxies" requests and responses between them, logging all that happens)
This is rather offtopic but it bothers me how most people in IT seem to use 'transparent' to mean 'opaque'.
When I hear PMs say "this change will be completely transparent to clients" what they mean is, the client will see no difference, which means really, the details are hidden in a black - opaque - box.
Transparent has a unique meaning in the context of computing And a different one in design, business and physics.
Importantly however; Tech people can claim they are being 'transparent'. To them this can mean no visible difference to the user- and to everyone else means visible/public and available for scrutiny.
So yes, I am sure Zuckerberg is focused on 'transparency'.
Unclear whether this was an ingenious comment that points out the daft American multi-word expression "I could care less" also means it's own opposite.
Doesn't transparent mean that the interface stays the same and clients can interact with the system in the same way as before without the need to change their code?
This makes little sense. Unless their reverse proxy is in front of every website they provide analytics for (like CloudFlare!), Then I don't see how this is means anything.. most analytics companies don't do this - really it's just CloudFlare that I know of...
I was running uMatrix with first-party scripts disabled by default for a while, but I found a lot of pages I needed 3 or 4 refreshes to get content. It opened my eyes to how much simple static stuff in dependent on Javascript; stuff that really shouldn't be.
I did the same, but instead decided most of those sites weren't worth my time. (For the few that I cared about, I whitelisted the bits needed to function).
My browser can also disable js (per site as well) with out any plugins, but doing it globally breaks too much and whitelisting those sites (and 3rd party they rely on) is way too much effort. Worst case that happened to me is a payment that went through but some bit of JS never ran so the order didn't make it to the shop.
Looking forward to a blocker that can detect if a script is going to pop up and block that (and it'd be ok to have to whitelist the few sites whose entire funtionality is popup based, like twitter), but I think that's equivalent to solving the halting problem.
If it doesn't work w/o js, it's not actually the web, the de facto truth of your statement notwithstanding.
It's an eminently defensible descriptive statement; the trend is certainly away from building the web and towards treating the browser as the VM to rule them all. It is not a particularly well-defensible normative statement.
I don't know if I agree that. It's pretty standardized. Every user-agent includes it.
You can give people documents without scripts, but it's not mandatory for them to work. And it's not like Javascript is some obscure single-vendor extension, it's widely supported.
The web works perfectly well without JavaScript: HTML still displays text & images fine, links still work properly &c.. Now, a whole host of things which aren't the web will break, but honestly that's okay.
You can buy things online just fine without JavaScript. Forms have been around for ages, and require no client-side code (they do require server-side smarts, and for security they require encryption).
The only real way to do that is to store the session variable in the URL. And that comes with its own host of issues.
People are going to be pissed when they load up their cart and then follow some bookmark they created for a product on your site to add it to the cart, only to find the cart empty.
> Yes, this is accurate - extensions cannot intercept requests from PDFium. PDFium, in Chrome, is (partially) implemented as a component extension, and extension requests cannot be monitored or manipulated by other extensions. The behavior of protecting component extension requests is critical for security reasons, and we are unlikely to change it.
Ug, not exactly sure what triggers PDFium vs PDF download, but this is especially bad if I could load a PDF in an iframe and get around any of your ad blocking. I also question why it's considered an extension at the user level. Anything installed and enabled by default should be considered part of the core browser and not an extension (regardless of the mechanisms, such as the extension one, they are implemented with). I understand the levels of separation and implementation difficulty fixing this entails, I really do, but the practicalities of your on-by-default PDF renderer making web requests different than a web page is too bad to ignore.
This goes to show that you can not count on extensions to filter web requests in your browser. You must do it at the network level or have a dedicated browser for it (e.g. Tor Browser). Unfortunately it's often extensions that have all the contextual information needed to make the decisions you want.
0 - https://bugs.chromium.org/p/chromium/issues/detail?id=824705...