Anyone know of a collated list of sites broken by firefox/tor's first party isolation?
@sam Disqus, Facebook Comments, reCAPTCHA, social logins; those are the big ones. However, they’re also expected to break.
@da I think reCaptcha should work, though one probably has to complete the challenge each time.
The third-party embeds should also work, as they use can `window.opener` to communicate with the first-party page to do the login. Firefox has the pref `privacy.firstparty.isolate.restrict_opener_access` which may help with compatibility here.
@sam reCAPTCHA "works", but you'll get punished with three-ten rounds of CAPTCHAs everywhere you go as you don't have a reputation score with them when they can't track you across the web.
@sam I didn't say embeds in general, but those popular embeds specifically.
@da I wonder how many of these issues could be solved via a 'compat' webextension. I imagine this would be the path to make it easier to adopt.
First pain point for me is the Atlassian's SSO doesn't work, which means I can't turn it on at work...
@sam what would the webcompat extension do? Allow some origins to access data by double-key instead of the isolated tripple-key system? That would allow for tracking. A work-around for Disqus/Facebook comments, by the by: right-click on the comment area and choose this frame->show only this frame. It effectively changes the origin. A webcompat extension could trigger that area when clicking anywhere inside #disqus_thread.
macbeth.cc is one server in the network