[darkpuma]

I, and probably many other users, have begun blocking all first-party cookies by default. I only permit it on sites I sign into and want to remember me, which are very few.

If Mozilla wants to make a real difference, they'd study uMatrix and figure out how to create UX that would give that degree of flexibility and power to non-technical users.

[xoa]

>I only permit it on sites I sign into and want to remember me, which are very few.

I don't know if I'm an outlier, but I hate having to resign back into sites I use even semi-regularly unless its for administrative access or purchase confirmation. Regular "auto sign outs" already happens with a few due to a snafu somewhere along the stack, for me The Economist and Foreign Affairs are the major ones where it seems like every time I go back to visit I'm signed out. In contrast sites like HN or Ars seem to never sign me out (or maybe once every few years) and some of the newspapers are once or twice a year. Being signed out creates more friction then I'd have thought before experiencing it often, perhaps amplified since I tend to read on the model of "see a few of interesting stories, open them all in tabs, then go through them" and if signed out I not only need to sign in but every single tab will be "you've reached your article limit please sign in".

I have suspicions about how much it even matters when it comes to tracking for any site I'm actually paying for. I mean, by definition they know who I am, real money is changing hands after all. Within their own site there is no technical measure that can prevent them from seeing what remote resources of theirs I specifically am calling for, it's their resources after all with authentication required. And once they have the info what would prevent them sharing/selling it would be their own interests and the law, not anything from my end. Clearing 1st party cookies smells suspiciously like privacy theater for any site at all that depends on authentication in any significant way.

[basch]

You block cookies, scripts, frames, on sites you DONT sign into, and you allow them on sites you do sign into. uMatrix makes it really easy.

[jayjader]

> I don't know if I'm an outlier, but I hate having to resign back into sites I use even semi-regularly unless its for administrative access or purchase confirmation.

Having set up a master password in Firefox, resigning usually takes me a single click (as the login info is filled in by the browser). Would this be useful in your case?

[beatgammit]

I use a password manager, so it's really only slightly annoying unless I've set up 2FA, at which point I probably care enough to either put it with it or allow it to use cookies.

[darkpuma]

The list of sites I sign into in the first place is very short. Most of the time websites remembering me is used to implement anti-features.

[drukenemo]

I don't believe that many users are blocking first-party cookies. Source: I'm a web analyst managing large sites and can see how many visitors block all cookies. It's minimal. Also blocking first-party cookies requires a degree of tech-savviness and it prevents many websites from working properly.

[kop316]

To add with that the parent comment said, I do as well, in two ways:

- IE prompts me if I want to block cookies on a website, so unless I trust it, I block by default.

- I have an extension on Firefox that is "Cookie Autodelete", so I visit a site and unless I whitelist it, all cookies will be deleted when I leave.

I wondering if you are not seeing blocked cookie because of the second one. I'm not blocking it, but as soon as I leave it gets deleted, effectively doing the same thing.

[tomatotomato37]

One thing I want to add regarding "Cookie Autodelete" that tripped me up, unlike it's predecessor it does not default at the start to deleting everything, so you may end up running it for a year thinking it's clearing everything and than realize you have a multi-megabyte list full of tracking cookies.

[mirimir]

Right. I have Firefox configured to delete all cookies when I close it. And it only accepts 3rd-party cookies from sites that I've already visited during a session.

[Marsymars]

Cookie Autodelete is a step over that, it will automatically delete cookies from a site after you close the tab.

[blntechie]

I just use incognito/private mode all the time for my browsing. Signing in each time is not really a big pain with password managers.

[senorjazz]

I've never used umatrix and just stuck with noscript over the years due to the lengthy process of allowing scripts / domains, going through random external scripts required to make pages work that are not self-explanatory.

Is there anything in umatrix to make the switch worthwhile?

[zcid]

I migrated to uMatrix because it allows me to block cookies, media, javascript, and xhr by default. It replaced several different privacy extensions with a single control panel. You can set the defaults to be as strict or lenient as you wish.

[dontbenebby]

>I migrated to uMatrix because it allows me to block cookies, media, javascript, and xhr by default. It replaced several different privacy extensions with a single control panel. You can set the defaults to be as strict or lenient as you wish.

That's a lot of configuration to do. I'd rather just use Firefox containers, noscript, and use Tor for things I don't want tied to my ad profile.

[basch]

"by default"

It's not a lot of config at all. If the site breaks, you click a button and unblock some stuff. Otherwise the defaults work great.

[islon]

I use uMatrix since 2 years or so and it works out of the box for 70/80% of websites. By working I mean they are not completely broken.

For the ones that don't work it's normally 1 or 2 clicks in the UI to allow some 3rd parties and save it.

Sometimes a site works by default in the "broken" state but as soon as I give it more permissions it breaks by adding a paywall or some modal window.

uMatrix is like linux: it requires more work upfront but give you more control and customization options.

[phkahler]

>> I, and probably many other users, have begun blocking all first-party cookies by default.

So this change should have no effect on you right? You're blocking all cookies? I like that idea, but how many things does it break?

[zcid]

I use uMatrix in Firefox to block javascript, cookies, media, etc by default. For any site I need to login, I can easily enable them.

I don't see it too often, but occasionally I do run across a site that won't load at all without cookies enabled. For these circumstances, I use Containers and Cookie AutoDelete.

The only situations where I tend to have problems are those where I have a third-party payment window that opens in a new tab. It sometimes takes some fiddling with the settings to make it work properly.

[darkpuma]

> many things does it break?

Almost nothing, surprisingly enough. Of course it breaks websites I sign into, so I simply whitelist those.