Follow

Anyone know of a collated list of sites broken by firefox/tor's first party isolation?

@sam Disqus, Facebook Comments, reCAPTCHA, social logins; those are the big ones. However, they’re also expected to break.

@da I think reCaptcha should work, though one probably has to complete the challenge each time.

The third-party embeds should also work, as they use can `window.opener` to communicate with the first-party page to do the login. Firefox has the pref `privacy.firstparty.isolate.restrict_opener_access` which may help with compatibility here.

@sam reCAPTCHA "works", but you'll get punished with three-ten rounds of CAPTCHAs everywhere you go as you don't have a reputation score with them when they can't track you across the web.

@sam I didn't say embeds in general, but those popular embeds specifically.

@da I wonder how many of these issues could be solved via a 'compat' webextension. I imagine this would be the path to make it easier to adopt.

First pain point for me is the Atlassian's SSO doesn't work, which means I can't turn it on at work...

@sam what would the webcompat extension do? Allow some origins to access data by double-key instead of the isolated tripple-key system? That would allow for tracking. A work-around for Disqus/Facebook comments, by the by: right-click on the comment area and choose this frame->show only this frame. It effectively changes the origin. A webcompat extension could trigger that area when clicking anywhere inside #disqus_thread.

@sam you could build-in support for privacypass.github.io/ in Cliqz. It would reduce the number of reCAPTCHA challenges in a browser session on Cloudflare’s gatekeeper challenge page.

Sign in to participate in the conversation
Mastodon

macbeth.cc is one server in the network