Brave joins Mozilla in declaring Google's First-Party Sets feature harmful to privacy

Martin Brinkmann
May 23, 2022
Google Chrome

First-Party Sets is a proposed feature by Google that is designed to give site owners an option to declare multiple owned sites as first-party. Companies may own multiple domain names, and with first-party sets, they could get supporting browsers to handle all of the properties identical.

google first-party sets privacy

Currently, different domain names are considered third-parties in most cases, even if they belong to the same company. With the new technology in place, Google could group all of its properties together to improve communication and data flows between them.

Brave believes that first-party sets are harmful to user privacy, as companies may use the feature to track users across their properties. Third-party cookies, which are used for the same tracking purpose, will be a thing of the past soon.

Google explains that first-party sets "define a more realistic 'privacy boundary' by reflecting the real-world organization of websites, which often span multiple registrable domains".  Google points out that the feature would standardize functionality for the entire Web.

Mozilla, the organization that is making the Firefox web browser, declared First-Party Sets harmful back in 2020. Feedback from Apple was positive, according to this Chrome Status page.

Brave Software, maker of the Brave browser, joined Mozilla recently in declaring first-party sets an anti-privacy feature. Brave Senior director of privacy, Peter Snyder, pointed out on the official blog that the adoption of the feature would make it harder for "user-respecting browsers to protect their users' privacy".

First-Party Sets will allow more sites to track more of your behavior on the Web, and make it more difficult for users to predict how their information will be shared.

Snyder believes that Chrome's dominance will likely lead to the implementation of the feature in other browsers to "maintain compatibility with the Web". Chrome has a market share of over 60% and many browsers are using the same source as Chrome already. The two main exceptions are Apple's Safari and Mozilla's Firefox web browser. Other browsers, including Microsoft Edge, Brave, Vivaldi or Opera, use Chromium as the source.

First-party sets enable the tracking of users across properties that organizations and individuals own. Google could declare most of its properties a first-party set; this would mean that if a user is known on, it is also known on any other site of the first-party set, even if that site was never visited or is visited for the first time.

Google would know about the user who visits YouTube, Blogger, or for the first time, provided that these domains would be in the same first-party set.  Worse still, according to Snyder, users would have no control over the mechanism.

Google is arguing that first-party sets is improving privacy, as it paves the way for removing support for third-party cookies in the browser. Snyder argues that first-party sets is not a privacy feature, but one designed to "ensure companies can continue to identify and track people across sites".

Google is continuing its work on its Privacy Sandbox project. The company dropped support for the controversial FLoC in January 2022 to replace it with the equally-controversial Topics system. The company is running advertising system trials in Chrome currently.

Chrome's dominance makes it difficult to oppose features. While browser makers may choose to ignore certain features that Google implements in Chromium and Chrome, it could result in web compatibility issues, as many developers look at Chrome first when it comes to web standards and support.

Now You: what is your take on first-party sets?

Brave joins Mozilla in declaring Google's First-Party Sets feature harmful to privacy
Article Name
Brave joins Mozilla in declaring Google's First-Party Sets feature harmful to privacy
Brave considers Google's first-party sets proposal harmful to the privacy of Internet users, as it enables companies to track users across their properties.
Ghacks Technology News

Previous Post: «
Next Post: «


  1. ela said on May 24, 2022 at 10:39 am

    I’m undecided between firefox and brave, which would you recommend?

  2. nealis said on May 24, 2022 at 3:41 am

    Using MS edge now b/c I use a lot of its features, but kind of tired of constant cat and mouse with MS regarding privacy b/c MS and Google always adding stuff in the code base that is anti consumer.

  3. StalinWasRight said on May 24, 2022 at 1:34 am

    Brave, the one who tries to implement their Cryptoscam, the ones who lied about fighting censorship and Firefox, the one where its ‘gecko forks’ are aimed at stopping the Mozilla anti-privacy features and are openly pro-censorship and deplatforming.

    Now tell me, what’s worst: people who openly want to take the internet away from humans and telling you what to think or not stopping evil corporations or governments from doing it versus privacy issues like this proposal?

    Just use your brain for a second and stop crying like retards. Don’t be stupid for just a moment, because you have to realize that there is NO PRIVACY when you are on the internet, it’s all a buzzword, it is a marketing scheme like you have seen for centuries, like the guys who sold bottles on the street 200 years ago saying that was the ultimate cure for anything or the best manhood improver, but it was probably water with some crap on it or literal poison.
    You have to understand It doesn’t matter doesn’t matter how many extensions you install or what internet browser you choose, you will never have privacy or anything close on the internet.

    You can complain about this proposal, but pretending Brave and Mozilla are much better because of their marketing campaigns it’s stupid, especially Mozilla, the same company that gets half billion dollars from Google thanks to their ad business.

    People can choose to not use the internet and disconnect, if you worry about privacy, why don’t you unplug? why did you but the phone you are probably using right now? why do you keep upgrading your phone to a new shiny version that takes more your information?

    You can choose not to use internet but instead you do it and complain for companies not caring about your information?
    It’s like the idiot last time on the comments complaining about Youtube but still using Youtube. You either have the balls to stop using it or shut up.

    All of you literally got attached to a number when you were born, doesn’t matter the place, your got attached to a code like a product from a store, do you think you have any privacy? any freedom? you are slave of the system, what makes you think online will give you what you don’t get in real life outside your screen?

    Cameras around that can catch you for whatever reasons, for evil surveillance or protection, they are everywhere, when you buy something if you don’t use cash… do you think nobody will know you bought a bag of chips at the store? why do you think they are taking cash and making it digital? why did you choose to get digital and stop using cash? why did you allow companies to stop receiving money in cash?
    But people cry about some dumb proposal by Google? It’s the same thing they have been doing for years, they are obviously looking for their business to grow, they barely care about anything else, but people crying about it are no better, because they are the ones who could stop using it and don’t complicate, but they won’t they will keep using all Google services and their phones and their search engine and etc etc… buying the lies of the “privacy virtual world” when real life world is a complete mess.

    Stop crying and move on, these two companies Brave and Mozilla, do you think they don’t want to control what you read, how you read? Brave broke too many promises, they keep their crypto scam business growing while not improving the experience of users, but they rush to improve wallets and cryptoscam features and making partnerships, and Mozilla, the ones who even fired employees to rise the price of their executive people, the ones who also want to control what you see on the internet with extensions and features that grab your information.
    Is Google worst than these to companies? probably, but Brave and Mozilla are not anything better. They have to follow the US law anyway, so better hope they aren’t giving your information to the big man earthly god Government of the USA.
    All they do is follow orders anyway, so what makes you think they are the good guys? it’s more marketing to complain anything google does, people should already know that anything Google is probably bad anyway, but these two companies jumping like if they were any better is the annoying part.

    If you don’t like what Google does with the internet, don’t use their services or the whole internet because no company will sacrifice themselves to you, no government is going to give you more freedom that you haven’t had ever in your real life since you were born.
    I mean, even if you disable the whatever feature if this ever gets implemented, you will still complain and keep complaining and never stop using internet.

    Just let it go, move on and keep using it without worrying about some fantasy BS lies like “privacy” because again, there is none, and no matter what extensions you install and how many VPNs you use and how many subscriptions you pay for and adblockers or whatever, you will never get privacy in your life and less the internet.

    1. Steve99 said on May 24, 2022 at 7:29 pm

      Easily achievable goal – a properly setup machine will emit only a few network packets per hour while on, but not in active use by the user. None of those packets should transverse outside your private network. While in use for internet browsing; at the extremes, an internet user will

      #1. give complete access of their data to corporations.
      #2. give as little data as possible to corporations.

      The goal is to avoid extreme #1 above and trend toward point #2. Varying points of middle ground are achieved via content blockers, dnscrypt-proxy (and/or pi-hole), disabling javascript by default, hosts file, and firewalls. These simple tools greatly reduce the personal data corporations steal from unsuspecting users. Giving up hope to corporations lands people at extreme #1, a state of constant privacy violation.

      You can refine and measure the effectiveness of simple privacy tools via monitoring tools such as LiveTcpUdpWatch, IPNetInfo, and analyzing dns logs. Get towards #1 above and a user will create tens of thousands of connections which they did not intend to initiate. Get towards #2 above and all connections are only intended connections.

    2. Tom Hawack said on May 24, 2022 at 9:31 am

      Privacy doesn’t mean anonymity but rather the separation between what is notoriously public from what is confidential. What is new with the digital era is that we have to try to hide what is normally public, such as our names, in order to preserve what should remain confidential, because of Big Data.

      Of course there is no 100% privacy but OS and browser settings can have an impact on that percentage.
      For instance experience shows us that with adequate tools tracking advertisement can literally disappear : here for instance we have not one add and should we lower the guard we’d have maybe ads but non-personalized, those not specially addressed to us given recorded tracking, like in magazines, radio, TV, remember? :=)

      Choosing another browser than Chrome substantially improves our privacy, this is notorious as well. Improves, doesn’t guarantee it’d be 100%.

      Using disposable email addresses will contribute as well to a better privacy. There are several things you can do, they are regularly evoked here and elsewhere.

      In everyday life you may pay cash if credit card tracking frightens you. But, again, the idea IMO is not to correlate privacy to anonymity but to do the best to preserve the former without having to consider the latter.

  4. Coriy said on May 23, 2022 at 7:53 pm

    In case someone needs to know this:
    You can disable first party, for now, in Google Chrome via Flags. Just set First-Party Sets and Consider SameParty Cookies to be First-Party to Disabled.
    That is, if I’m understanding things correctly.

  5. Mystique said on May 23, 2022 at 3:16 pm

    This sis just Google being Google as they always have been and once again chipping away at a few things at a time. The have been pussyfooting with this move for a long time with good reason. Its one of the pillars if not the foundation to once again bamboozle users.

    Honestly I appreciate that Brave has stood up against google but you also have to admit that by aligning themselves with Google as a foundation for its browser they have only enabled Google further by giving them more power. Vivaldi is no better either. I know that may seem inflammatory and I apologize but considering that said browser is piggybacking off of Google’s work and thus indirectly pandering to their will then they and you by extension are still essentially supporting Google.
    I have said it before and I will say it again but the more Brave and other browsers need to distance themselves from Google the quicker, the better.
    Google is handing such browsers a golden opportunity to do so and grab some more users. Build a web store (stupid name) extension library, addon repository or whatever they want to call it that accepts manifest 2 extensions. People that find out their extensions or browser no longer works the way it did will find themselves looking for answers and perhaps find themselves a new home.
    That should be the second step or in tandem after ignoring manifest v3 and not implementing it in their browser.
    Mozilla can continue to fumble around as they do and PaleMoon can plod along doing its thing and hope for the best.

    I can respect PaleMoon, Brave and Mozilla for taking this stance though. It at least shows we aren’t all pushovers. I wonder who is gonna hold out the longest. I imagine it will be PaleMoon since they have a track record for going against the grain for many years and have absolutely no ties to Google, of course Google will structure the internet around this manifest v3 and make other browsers seem outdated and poorly compatible by comparison as they also dictate webstandards now also.

  6. Cédric said on May 23, 2022 at 12:35 pm

    Can Chrome be allowed to introduce web standards willy-nilly without it being referred to a privacy ombudsman to approve a new web standard/feature, especially when it comes to privacy? If not, it will give too much power to the behemoths who will exploit the privacy of the common person, who is unaware of how much is revealed/known of them. Maybe the EU will step in, at least in Europe. Hopefully, the likes of Brave, Vivaldi and FF will circumvent this but to the cost of smooth browsing. Really unfair. Something should be done.

  7. Tom Hawack said on May 23, 2022 at 9:58 am

    “Fnck the society” was and remains a slogan I never subscribed to.
    “Fnck Google” when its browser market share is 60%? Fnck its users, rather.
    “Fnck drug cartels” when its hold is entirely people’s addiction? Fnck its users, rather.

    Attackers attack, but when the attacked ones no longer react then hope vanishes.
    Humanity and its big principles which stand as long as effects on one’s life aren’t concerned. But when a service is apparently free then some, too many, 60%, accept to renounce to their very own dignity, that of their privacy, that of their intimacy.

    I don’t know, I still don’t know if life is a jungle, but what I know is that there wouldn’t be drugs without buyers, there wouldn’t be Google and Gafam as a whole without users pulling down their pants as long as the spoon is filled with what they like.

    Misanthropist I am, misanthropist I remain. Fnck humanity.

    1. ECJ said on May 23, 2022 at 11:35 am

      Um, no. Blaming the victim is a ridiculous stance.

      1. Tom Hawack said on May 23, 2022 at 11:48 am

        Blaming a victim who accepts being hit without reacting, asking for more, a ridiculous stance?
        Help yourself and the heavens will help you. Don’t blame never winning at the lottery if you never buy a ticket.
        After that, if you’ve done all you could and are still hurt, then blame the offender, only.

    2. Hitomi said on May 23, 2022 at 10:39 am

      Thanks I needed that, Tom!


      1. Richard Allen said on May 23, 2022 at 5:09 pm

        Great video!! I haven’t seen that in a while. I was a little surprised that I had to change my VPN server to watch the video. I feel special having to visit Bordeaux for the screening of that clip!!! :)

      2. Hitomi said on May 23, 2022 at 6:34 pm

        @Richard Allen
        Thank you! Yes youtube is actively enforcing licensing with geoblocking of licensed TV series snippets. Often I cannot even watch a harmless trailer in my region. Bordeaux and Bourgogne have nice red wines. Wouldn’t mind going there soon to pick up some bottles at half price.

      3. Tom Hawack said on May 23, 2022 at 11:20 am

        Except that the video refers to ‘society’ as I was referring to as ‘humanity’. Semantics. ‘Society’ is generally conceived as being this part of humanity which controls this other part of humanity named ‘people’. I’m emphasizing on the fact that blaming society (the powerful, the elites to make it short) should perhaps maybe not be replaced with but at least conceived together with blaming humanity, that is each and every one of us when we surrender for the sake of “free” services by paying the price of our privacy. I believe in responsibility and I am convinced that before blaming others we’d rather see if blaming ourselves first is applicable.

        Of course I’m disgusted by Google’s practices, by what the article describes, by the increasing constriction of the GAFAM to circumvent the basics of users’ rights with work-arounds presented as improvements when the only improvement is that of their inquisition capabilities. But I’m even more disgusted by 60% of us all responding to an aggressor with a smile. I mean, what? 60% of idiots within humanity? Some would say i’m optimistic when I’m only referring to Chrome’s market share.

        When I get into this sort of diatribe I feel the lack of correct English and it all sounds naive in the laying-out. Not sure the content is as naive as the container. Maybe it is, even with a finer rhetoric.

      4. Richard Allen said on May 23, 2022 at 5:42 pm

        @Tom Hawack
        Good Morning!
        Diatribe? I understand very well what you’re saying, no worries. And I totally agree. One of the things I’ve always liked about ghacks is the discussion/input from wide ranging locations. As far as what the goog is doing I think a lot of use are not surprised with the goog being googly. And…whatever happened to “Do No Evil”? Looks to me like a blatant lie masquerading as a catch phrase. Do no evil or chase the almighty dollar, what should we do?! The continued results speak for themselves. ;)

      5. Tom Hawack said on May 23, 2022 at 7:03 pm

        @Richard Allen, Good Evening! (are we referring to local time, I guess we are!).

        When it”s more than ordering a hot-dog and a coke English can become tough to serve and be served by.
        Some topics, even in one’s mother-tongue, when complex, require some mental organization which is not obvious for non academics as myself, so in another language … anyhow who wouldn’t be happy of having been understood?

        As French philosopher Bergson wrote, approximately translated, “We express ourselves with words but we think in three dimensions” which means that moving a thought to words is like trying to flatten a half orange : you’ll have to cut to get it flat … so we cut *or* re-write the Genesis according to ourselves, in ten volumes!

        Re-writing here the Genesis would really be not only off-topic but tremendously pretentious!

        I agree with you, Ghacks allows some digressions, side-topic and even, occasionally, off-topic! But what is off-topic? Perhaps when there’s no bridge from one comment to another, which seldom happens. We evoked “inter-disciplinarity” then came “trans-disciplinarity” (poorly translated from French, sorry!) which brings those bridges closer even to our understanding. Of course if at a dinner when asked one’s opinion about the latest exhibition the answer is “Eggs? I prefer them hard-boiled” then that’s a moment of fun advised by surrealists a century ago and has nothing to do with trans-disciplinarity… or does it? Trying to find relations (relations, not causes, we’re no psycho-analyst here!) between thoughts is a very instructive game!

        Google and its “Do No Evil”, which we don’t hear anymore, was so terribly arrogant and perhaps didn’t confirm a company’s reputation of high standards. Evoking evil is somewhat an easy reference in a complex world : even the worst monsters have been a baby. It’s after that things got problematic, not before.

        Always nice to read you, Richard. Hasta luego :=)

      6. Hitomi said on May 23, 2022 at 11:48 am

        Humans are not necessarily bad as individuals, they are bad as groups, because of group dynamics. Since society is a variable sized group i chose to not like it.

        It is not society’s fault we are different, but it definitely is society’s fault how we are treated by it for our difference.

        Like the video says, it is harder to reject it than to accept it. We need constant energy and time to evolve our defense mechanisms, since if we attack, we will be crushed. So our resistance is limited in its expression.

        Don’t worry how it sounds. We get what you mean, even if society doesn’t get it.

      7. Tom Hawack said on May 23, 2022 at 1:40 pm

        @Hitomi, I never thought humans were bad, I even believe they are fundamentally good. I agree with group dynamics and their interference with an individual’s behavior not to mention his very own beliefs. But I do think that an individual’s lack of responsibility can lead him to a passive approach of life, an attitude I too quickly defined as idiocy when I should rather have mentioned laziness if not a sheep’s uncertainty if not cowardice, especially when accusing the others of what his refusal of passivity could have prevented.

        > “It is not society’s fault we are different, but it definitely is society’s fault how we are treated by it for our difference”

        Should being different be a fault. I don’t agree that what is done of our differences be the fault of society. It’s my fault and mine only if I treat anyone accordingly to his differences (context-related tact aside) and more important even, it’s my double fault if I legitimize whatever I think by referring to others, to “society”. I’d even dare say that those who state and practice extremist positions are often if not always the very ones who refuse self-responsibility and self-thinking and need a “partner”, that of a group most often, to try to give a meaning to what they haven’t taken the time and effort to analyze by themselves. Is that idiocy or passivity only, no idea, though I’d privilege basic stupidity, even if I dislike words which sound like judgements, even if I never use the word when referring to one given person, even if I acknowledge that there is no definition of intelligence hence of its opposite : in that I take a quick and generic approach to summarize, finally, the cause of it all : irresponsibility. Is irresponsibility related to intelligence? That’s another topic so I’ll confirm the word: irresposibility.

        The video, once again, emphasizes on a world where I’d be but a good guy’s passive spectator of all its inequities, hypocrisy and correlated disappointments. It it this eternal ‘fnck the society” which is questionable in proportion of effort to change it, or not.

        “if we attack, we will be crushed. So our resistance is limited in its expression”.

        I often read this monumental modern psychology aberration which advises over and over again to love ourselves in order to love others… when the correct approach IMO is to do what we consider essential to be able to love ourselves and see ourselves in the mirror without being ashamed. Once that is done, if it is, if we’ve done all we can to improve then, then only, love ourselves, not before and therefor you’ll never love anyone “fully” as long as you’re ashamed of yourself. Doesn’t mean being outstandingly proud! Again: responsibility. In what is this related to limiting our resistance to its expression on the ground practicing it would end up by a clash? Simple answer: courage. As my old man used to say “it may be hard right now but you’ll be happy once it’s done”. Done? Being coherent between our beliefs and our engagement, then brave. Period.

        Sorry for this speech but either I shouldn’t have started the side-topic of the relation between offenders and offended either I need to fully explain myself on the ground of comments.

      8. Hitomi said on May 23, 2022 at 2:55 pm

        I mean treating disabled people as lazy, without saying what is “wrong” with the. Obviously an autist, a depressed, an AD(H)D or schizophrenic person.. there is nothing wrong with them, they are born that way. Possibly even with predisposition in family. Yet they suffer in socitey greatly.

        > modern psychology aberration which advises over and over again to love ourselves in order to love others… when the correct approach IMO is to do what we consider essential to be able to love ourselves and see ourselves in the mirror without being ashamed

        That lifestyle guru crap is just a genius plot to milk money out of people and wear them out. Like redlining your car engine at out specs rpm.

        Both corporations and the gurus fill their pockets with these mindfulness books. How can sick people be mindful to a hostile society?

        Go on as long as you like with the sidetopic, unless Martin steps in of course.

      9. Tom Hawack said on May 23, 2022 at 4:32 pm

        I never wrote, said or thought that laziness was the attribute of those suffering, be mentally or physically. I don’t even think laziness has anything to do with such sufferance in which case we’d evoke a blocking handicap rather than laziness. And inaction may not even apply, I know handicapped persons who are extremely active and responsible. I wouldn’t dare a static correlation between laziness and “disabled” people.

        Now, if the quest is to identify those who deserve a special consideration which de facto removes them from responsibility, of course deep mental handicaps speak for themselves, so to say. Children of course as well. Maybe is there a touch of childishness in the minds of lazy and/or irresponsible persons, the idea of being assisted is after all (or before all as well) a child’s prerogative.

        We’d have shrunk the equation from idiots to irresponsible/lazy to kids. 60% adopt the Chrome browser meaning 60% users of browsers would have never reached maturity? Maybe!

        @Martin, say when, if.

      10. Hitomi said on May 23, 2022 at 6:31 pm

        > I never wrote, said or thought that laziness was the attribute of those suffering,

        No you did not, but I am criticizing society and not you.

        > “Laziness and cowardice are the reasons why such a large part of mankind gladly remain minors all their lives, long after nature has freed them from external guidance. They are the reasons why it is so easy for others to set themselves up as guardians. It is so comfortable to be a minor. If I have a book that thinks for me, a pastor who acts as my conscience, a physician who prescribes my diet, and so on–then I have no need to exert myself. I have no need to think, if only I can pay; others will take care of that disagreeable business for me. Those guardians who have kindly taken supervision upon themselves see to it that the overwhelming majority of mankind.”
        — Immanuel Kant


        > We’d have shrunk the equation from idiots to irresponsible/lazy to kids. 60% adopt the Chrome browser meaning 60% users of browsers would have never reached maturity? Maybe!

        You just re-discovered Kant’s antics yourself, independently. Like I said earlier, to fight what is wrong you need tremendous amounts of energy. Which is already suffering to those struck by mental illness or pessimism.

      11. TelV said on May 24, 2022 at 5:45 pm

        404 error on that link. Better use this one instead:

      12. Tom Hawack said on May 23, 2022 at 7:42 pm

        @Hitomi said on May 23, 2022 at 6:31 pm (we’ve exchanged quite a lot so time for the reference),

        What do you call society and where do you perceive in your quote of a Kant’s writing an allusion to society? As I see it this quote emphasizes on human nature indeed, but that of the individuals we all are, and from there on explains the correlation with those who will take advantage of one’s laziness and cowardice. If so, I entirely agree.

        All I meant to say when evoking humanity rather than society was to express my conviction that “society” itself doesn’t mean more than the part of humanity which is not us (or “me” rather) and, politically, all those beyond ourselves who have the power and authority. Doesn’t mean more or can mean less if we agree that ‘la société c’est nous, c’est toi, c’est moi” (“We are the society, you are, I am”). Understanding society as an entity in which we have not our place appears to me as aberrant as the “lutte des classes” (“the class struggle” or whatever you express politically the hiatus between social classes). “Society” in my view is an empty concept, frankly!

      13. Hitomi said on May 23, 2022 at 9:39 pm

        Only in a society “a book that thinks for me, a pastor who acts as my conscience, a physician who prescribes my diet, and so on” exist that can think for the average Joe.

      14. Tom Hawack said on May 24, 2022 at 10:15 am

        But it all ends up to mankind, humanity, each and everyone of us can be the pastor or the physician, the master or the slave or neither : the boundary is not between me and society but between what we decide to do or not of our lives and our will and determination to behave accordingly, which implies of course a possible clash with those of us who’d try to go further than abusing our passivity but deliberately impose their ideas, there acts and themselves whatever our refusal. But we are all in this human soup called humanity. Imagining two worlds, one composed by the good and the other by the bad, is a total nonsense.

        Remember the Beatles “I Am The Walrus”?

        “I am he
        As you are he
        As you are me
        And we are all together”


      15. Hitomi said on May 23, 2022 at 2:57 pm

        Mobile crap virtual keyboard, i cannot type coherent on a phone. Sorry!

  8. Klaas Vaak said on May 23, 2022 at 9:26 am

    I cannot assess the worth of Google’s measure, but whatever Google tries to convince us of I naturally reject. I do not trust anything Google does, esp. if it is supposed to be “for the good of users”.

    1. foolishgrunt said on May 24, 2022 at 9:11 pm


  9. alsa said on May 23, 2022 at 9:21 am

    What a surprise, a new way to wedge technologies that benefit the corporate overlords that clearly pay Google millions for advertising already.

    Anyway, this privacy thing, like tech security and democracy are all illusions. All these loud noises are just distractions so the average person doesn’t realize how hard they are getting screwed.

  10. Moonchild said on May 23, 2022 at 9:00 am

    First party sets are yet another step closer to having content delivered as packets of indistinguishable content that make blocking of ads and trackers much harder.
    We’ve made a conscious effort for over a decade (and that is “we” as the whole of the browser market and standards bodies) to implement smart and complex machinery to strictly separate first and third party content, to implement same origin policies and cross-origin restrictions (and all of that works and works well!). And now Google wants to do away with that?

    Google will be blurring one of the few distinct lines left on the internet by doing this, and changing the scope of permissions that domains in the “set” would have to be “like first party”. While the argument can be made for ‘convenience for webmasters’, their convenience should not take away important control from the end user, which is what this is ultimately about.

    This will not be implemented in Goanna either, as it _is_ considered harmful. Our voice may be small but it’s there nonetheless.

    1. Flying Spaghetti Monster said on May 24, 2022 at 10:35 am

      after what, six years, Pale Moon’s canvas poisoning still leaks a pastafarian’s helmet

    2. DuMuT6p said on May 23, 2022 at 1:30 pm

      Hello Moonchild,
      That is nice to hear. I respect you and the Pale moon project for this stand point.

    3. Tom Hawack said on May 23, 2022 at 11:44 am

      Not to mention CNAME records [] and ‘first-party trackers’ (search for that with another service than Google as an attempt to remain coherent) which are already factual : many blockers (uBO as well) deal with that, but it does show that circumventing 1st-party cookies is an all-time enterprise.

  11. Iron Heart said on May 23, 2022 at 8:06 am

    Of course Google introduces an equivalent for 3rd party cookies. This and Google Topics are all part of the bigger picture.

    The people preaching about “Total Cookie Protection” and “first party isolation” must be in shambles now, if website owners can declare all their properties to be first party, then good luck with these approaches.

    Furthermore, as I’ve already said multiple times, it does not matter which engine your browser uses. Chrome will support this shit and Brave & Firefox will face the same issues if they don’t support this, irrespective of the underlying engine.

    1. Hitomi said on May 23, 2022 at 9:23 am

      Problems I don’t have with Temporary Containers, close and forget. Cookies are amongst the most easy to combat tracking technologies. For the real nasty stuff there is only CanvasBlocker.

      Abstention from consumption is another option for websites so nasty with tracking. If they can force you to use an account the game is lost anyways. Now for some hot suggestions by Jeff Bezos if someone falls for the Amazon meme.

      1. Iron Heart said on May 23, 2022 at 9:29 am


        Containers isolate first parties per parent domain. If multiple domains can be declared first party (not the case currently), then what’s the point?

        > CanvasBlocker

        Eww. The behavior of the extension is detectable and unique to the extension. How many users does CanvasBlocker have? You are within that small pool of users. Horrible idea, use RFP on Tor (covers Canvas) or Brave (covers Canvas by default).

      2. Hitomi said on May 23, 2022 at 9:51 am

        What they declare first party affects my private DNS resolver in my home how?
        Ignoring the point of what happens when I close a Temporary Container?

        RFP made my fingerprints worse with their bizarre fake values:
        Screen Size and Color Depth
        Bits of identifying information: 15.66
        One in x browsers have this value: 51806.5

        Bad advice.

      3. Iron Heart said on May 23, 2022 at 10:02 am


        You are using RFP on Firefox. Firefox is unique by default and the efforts to make it “non-unique”, so to speak, by its adherents usually result in fingerprints that are still unique. RFP exists in Firefox for the sole reason of supporting the Tor Project in their maintenance efforts. RFP belongs to Tor and your comparisons should be based on the Tor Browser Bundle, not Firefox.

        “Temporary containers” – Yep, that’s just a container (see above) with the addition of also deleting local data upon exit (similar to Cookie AutoDelete). In the future, this only improves matters if you close all domains belonging to the same entity before accessing any domain of that entity again. Otherwise you can still be tracked. That’s like saying “Close all Google Search tabs before accessing YouTube!”, how likely do you think that is for the average person? Containers so far provide a more convenient solution since the isolation happens per parent domain, Google means to subvert exactly that by declaring multiple parent domains (owned by the same entity) first party in the future.

      4. Hitomi said on May 23, 2022 at 10:06 am

        > marketing mode activated

        Okay sad, thought we could have a real conversation without this.

        > how likely do you think that is for the average person?

        I don’t care about normies, their power level is low and they love Chrome.

      5. Iron Heart said on May 23, 2022 at 10:18 am


        > Okay sad, thought we could have a real conversation without this.

        Dude, what do you mean? RFP is developed by and for the Tor Project. The Tor Browser Bundle does not suffer from you creating a unique configuration yourself since it comes preconfigured. These are FACTS and not marketing.

        You can’t judge the effectiveness of RFP based on a custom setup, simple as that.

        > I don’t care about normies, their power level is low and they love Chrome.

        You may be locked out of websites if they do feature detection and find your browser does not support this. So good luck with dismissing “normies” when you can no longer browse the websites you want to browse. We need mitigations that tackle this without disabling the feature. One approach could be the browser launching multiple full profiles for various Google-owned & Facebook-owned domains in the future.

      6. Hitomi said on May 23, 2022 at 10:35 am

        We will see what happens, whilst you make good points I am already locked out when websites enforce sign-in only. Some websites only allow to comment via 3rd party sign-in such as authenticating with your google account. Isn’t that living hell already without the new technologies that threaten freedom and privacy?

        > different domain names are considered third-parties in most cases, even if they belong to the same company. With the new technology in place, Google could group all of its properties together to improve communication and data flows between them

        Unless signed in, since the point is so moot, that I could be signed into Youtube at work and Gmail at home and they know what I did, because of an account.

        Some people like to see adult entertainment on Youtube, not porn obviously, as YT wouldn’t allow it. I mean vulgar language and comedy. So unless you youtube-dlp and MPV it is already hard to go accountless. If they really wanted to enforce it via cookie, you’d be signed in essentially in youtube-dlp, the scope of the tool supports cookies should sign-in one day be enforced.

        We can all twist and moan in our chairs, the thumb-cuffs can go on even if we defeat FloC, Topics and first-party sets. So I rather chill, I cannot even see a way they can enforce a first-party set in other browsers.

        Why? Because they’d lose customers on their website. The only way they could see you block a first-party set is that let’s say a youtube player in Google News has no access to the cookies on news google c*m.

        What will they do then? Not load the player for me and be mad at my insolence?
        Letting them view fake cookies is always an option.

        > youtube is trying to access the first party set of google news
        > what do?
        > show empty set and allow access to spoofed cookies
        > allow full access
        > laugh

        One of many naive ideas I have. Brave and Mozilla will figure it out. Not breaking a sweat yet.

      7. Hitomi said on May 23, 2022 at 10:46 am

        Yeah imagine how rad it would be to have a DHT (distributed hash table) with Firefox and Brave users, and they p2p their tracking cookies to each other. Every minute you become someone else, use their trackers. Logon tokens excluded of course.

        Complete noise in the ad industry.

  12. G said on May 23, 2022 at 7:55 am

    Fucking Google doing Gpogle thing again, first useless Webcomponents then this shit, people should stop using Google Chrome.

    1. Alexandria said on May 24, 2022 at 4:46 pm

      I do think first party sets aren’t a bad idea, but I’m also aware that the same people that would use Brave believe any client side data storage is bad and only could possibly be used for tracking and definitely nothing else.

      The web consists of more than Google people. Other developers could do very useful non tracking things with this, like maintaining user login state without resorting to arguably more privacy invasive SSO providers, or remember user preferences across sites.

      1. Rex said on May 27, 2022 at 7:20 am

        “The web consists of more than Google people.”
        The browser world consists of ONLY Google rendering engine using browsers, along with Firefox which is trying hard to be a Chrome copycat anyway despite all of Mozilla’s privacy posturing. And the web is maintained by web developers for whom Chrome spells job security as they can keep messing around with implementing its draft features that get added every other week.

    2. Hitomi said on May 23, 2022 at 9:18 am

      The FLoC of Sheeple is not aware of these privacy Topics :)

      1. Dennis said on May 25, 2022 at 1:50 am

        It’s almost time to just bend over and accept the inevitable…

        And that is that security, anonymity, and privacy on the web is for Party members only…..

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.