Mozilla has a petition asking Facebook to stop tracking people's browsing off the site unless they opt in to it. Frankly I think the solution is to remove the ability to track people across sites from the web entirely, but I signed the petition anyway. Facebook has taken a huge hit to their reputation, so now is a good time to be putting pressure on them to change their ways.
@seanl Technically, how could this capability be removed?
@woozle So far it's been primarily through tools like Privacy Badger and Multi-Account Containers. Privacy Badger at least should come with the browser and be on by default. It's essentially what Apple's now building in to Safari (the Privacy Badger functionality at least).
Tracking needs to be opt-in. Europe's "We use cookies, opt in or fuck off" is utterly worthless. We need laws against non-opt-in tracking, not laws forcing web sites to tell people meaningless things.
@woozle In terms of the technical capabilities that exist right now, yes, it's basically kludges. Unless you're going to start turning off first-party cookies by default. Browsers could gradually force publishers toward a web where using cookies or other client-side state for things that break functionality for non-logged-in people drives enough people away that they decide it's not worth it. That doesn't stop IP tracking, but NAT and IPv6 privacy extensions make that at best a heuristic.
@woozle It would help a LOT if the #1 browser weren't developed by a company whose entire business is violating people's privacy. Chrome needs to be liberated from Google or destroyed.
@woozle If you mean in terms changes to web standards, I guess it would have to involve dramatic reduction in the functionality of third party content requests. Maybe make all third party content "click to load". Doesn't stop tracking from the backend, but it makes it more expensive. And you don't have to make it that much more expensive before it's just not worth it anymore.
> We need laws against non-opt-in tracking
This gets tricky, and could easily penalize operators of small sites. E.g. it's almost impossible to have a login system without cookies, but how do you legally distinguish between cookies and tracking? If it's "using cookies from another site via iframes", then how do you distinguish between that and 3rd-party auth frames?
Large operators have legal teams to keep things clear...
@woozle Ah I should have said cross-site tracking, and the laws should explicitly allow collecting and storing such information for login and abuse prevention. For on-site tracking, laws could just limit what the information can be used for and how long it can be retained.
@seanl So, basically kluges -- not really a rigorous limitation?