It’s not even “Incognito” (what a misnomer too), this is a Gecko-based browser
I feel like for straw poll it’s more valid, they probably do it to try and avoid people voting more than once.
A bit yes, but any technique like that can be used to fingerprint and deanonymize users.
Yes, but that’s the only way you can trust electronic voting, by removing anonymity
Yes, but if you wanted to, you can write a script that mass votes and bypasses this (if there is no captcha)
Cookies are not evil per se… but data mining companies made them like that.
I’m administrating an online store and cookies are responsible for the customer’s cart, plus their user session / logged in state.
As an admin I adhere to the “golden rule”, thus there are no creepy trackers on store. I don’t like them and I don’t want customers to face the same thing on websites that I manage.
That said, cookies are needed for user session & fraud protection. Instead of nuking cookies we shall kick the trackers out.
Yea but all that kind of functionality can work with (permanent) private mode as well. I don’t use a lot of web services so I can log in when I need or make a pwa like with Lemmy here.
True. It can work with private mode, but not with browser set to block all cookies, or to nuke JavaScript 😅
“One vote per IP-address” - So they already tackled the problem that people can vote more then once.
Straight-up asshole design.
That’s also asshole design. Most people are behind some form of nat. It’s especially egregious for customers of ISPs who use CGNAT.
Exactly what I think. They also block VPNs and such.
deleted by creator
Let Mozilla know by filing a report on Webcompat.
I’ll look into that. I believe web sites shouldn’t have any way to detect private mode, right?
I wonder if it tries to save a cookie then read it back? I don’t really know how any of this works but that sounds like a way to detect it that’s fairly infallible.
Writing a cookie and reading it back should work just fine even in incognito mode. It just gets deleted once incognito is closed.
There are ways to detect private browsing by querying browser features or behaviours that are different in private browsing.
For example, in Firefox calling
Navigator.serviceworker
returnsundefined
if private browsing is enabled.Check out this script for ways to detect this in popular browsers:
https://github.com/Joe12387/detectIncognito/blob/main/src/detectIncognito.ts
Maybe incognito enforces CSP more strictly.
I mean, of all sites, polls make the most sense to require cookies to avoid duplicate votes.
Wouldn’t the better solution be to keep a log of previous client IPs, on the server side? Sure, VPN will circumvent it, but it’s much easier for me to clear a cookie 100 times then to connect to 100 different VPNs.
The EU has made logging IP addresses generally illegal.
IP blocking would be really bad if the poll is for students staying in dorms at a university or for people on the same cell carrier.
IPs rotate too often and it would only allow 1 vote per modem.
CGNAT is a thing with regards to IPv4 addresses. So that won’t work.
Except that it is really easy to clear cookies
Not if you don’t know what cookies even are. Stops the regular Joe just fine
All it takes to swing a poll by 8,000 votes is one person that knows how to clear cookies. It’s not even about stopping regular joes.
*one person who knows how to clear cookies…and has WAY too much time on his hands.
50 votes in a browser would take an hour, but 5,000,000 votes in a browser’s dev tools would take an hour and fifteen minutes; it’s the kind of thing people can write a bit of code to do for them. (I’m a web dev, this doesn’t sound like a challenge to me if there’s no security)
Cookies are really inappropriate for this use…
You need to track the user for a poll. Sessions don’t work since private browsing enables duplicate votes. Tracking the IP can block users from the same network/wifi. Cookies get auto-sent and browser storage is only clientside. Really not many more options aside from making an account on a site and logging in. I find it a pretty reasonable solution actually.
Cookies fall short just the same as sessions. you’re asking the user to pinkie promise they won’t clear their cookies / modify them.
An account seems the most logical. You need to avoid duplicates ; it’s not really about privacy here. You’ll only make a tradeoff between accomplishing no duplicates and letting users do what they want.
It could be useful to prevent accidental duplicate votes. But definitely not sufficient for malicious actors.
There’s no way to prevent a malicious user from voting multiple times in an online poll, unless you can somehow tie it to a real world identity (and even then it’s not going to be easy).
This is just something to stop the workarounds that a 50 year old CEO was aware of.
I’d think they serve their purpose just fine
Clearing cookies is super easy, barely an inconvenience. If someone wants to vote on something a lot and cookies are the only barrier, they might as well not be there
This. Did it before to fuck with people in online forums
That’s when I stop giving them traffic. There’s far too many alternatives to do otherwise.
Enter.
“NOPE”
clicks back
And proceed to chose next search result.
There’s an extension that allows you to hide incognito mode from websites called Hide Private Mode I’m not sure why browsers don’t do this by default (maybe it’s some funny compliance thing) it would greatly improve privacy.
Thx. It’s weird, but I guess that’s now part of Firefox now, to be hypocrites.
Also why the heck does the browser need to ping Google every time I launch a private session? I can’t even fathom a reasonable answer.
Did you opt in to sending your usage statistics to Google wine you first installed Chrome?
Chrome? Why would I ever install that shit?
What browser are you using that pings Google?
IceRaven - FF for Android fork that tries to remove all this crap but isn’t 100% there yet due to all the nonsense Mozilla includes.
Generic FF did the same last time I used it. I think Mull doesn’t, but I haven’t used it in a while.
It’s not pointless, it’s so they can track you.
what a misnomer too
It’s crazy how many people think “incognito mode” prevents people from seeing what websites they are visiting.
yeah, it’s for buying secret Christmas presents for your wife
They aren’t a secret if she knows how to access the router’s control panel.
Why would anyone regularly access a routers control panel just to ruin the surprise of Christmas presents?
No idea, but she could. I would use public wifi and a private window for it, just to be sure.
Is there so little trust in your relationship that you feel the need to go to such extreme lengths to make them happy?
Yeah. If I don’t keep them happy, they’ll stab me while I’m asleep.
a router is not gonna be able to see your purchases
They can see what you visited though
Wouldn’t DoH fix that?
No clue what DoH is supposed to be, but that’s probably on me.
dns over https
yes but most routers don’t do dns in the first place or if they do even fewer log the traffic but yes DoT and DoH fixes this
very fewer routers log dns traffic normally if you want to log internet activity you have to get a separate device for it
Any websites that doesn’t just work with a simple ad blocker or still has ads I just close and never return.
“Oops! Looks like you’re using an adblocker! Please pay a subscription!”
Oops looks like I’m gonna check the comments for someone who pasted your article for free!
Just don’t complain when people no longer write good articles because there’s no money in it
Adblockers are borne of intrusive ads. If they were sidebar things like they used to be I’d be much less inclined to use one and just let them collect their ad revenue. Nowadays though there’s gotta be a video, a video embedded at the top, a pop-up ad, a break in an article every 10 lines of text for an ad, and then a delayed popup for when you get halfway down the page, PLUS the sidebar and banner ads.
Exactly, sidebar and banner are fine. If that’s all I see I’ll let it slide. The ones that make you stop reading to chase down the little black “x” on a pop up or separate the text with a wall of ad, fuck that shit.
Quit wasting my bandwidth, an adblocker makes the difference between a loaded page and a useless one in unstable mobile connections
It kind of makes sense for strawpoll, because without some sort of cookies, they wouldn’t know if the same person is voting multiple times. But they should say something like ‘incognito mode makes the votes inaccurate, please visit on normal mode’
One vote per IP-Address allowed.
They already have your IP. “Incognito” mode doesn’t change that.
That does have the consequence of allowing only one person to vote per public IP, which on large networks may correspond to quite a lot of users.
That probably doesn’t matter much for a simple internet straw poll, but I can imagine situations where IP-based uniqueness isn’t reliable enough.
What if you have multiple people voting from the same place/public IP?
Device fingerprinting
That doesn’t work for dynamic IPs
deleted by creator
I kind of understand this one though, 99% of the time stuff like this is just bullshit. But this is an effort to stop users from voting multiple times.
When I go to a site, and they do it, I avoid it at all the costs or never come back!
Sites like this I just close the tab and use uBlacklist to hide them from any search results.
Is that Firefox Focus? Because if yes, them that counts as “incognito mode” too.
It’s IceRaven, but I have it set to permanent private mode. I dont need to deal with cookies of every shitty site.
It just how internet works, dude. Most of the sites can’t work without cookies at all.
We need to be teaching sites that working that way is unacceptable, not accepting it.
This is the way
Well maybe some need cookies internally, that doesn’t mean I need to be storing them permanently. Most web sites are so full of scripts and bullshit that it’s infinitely much easier to disable all the nonsense and run in permanent private mode.
Honestly people should just set there browser to clear cookies on close
Can’t say I like logging into all of my accounts (most of which gave 2FA as well) 3 times a day
It would be nice if you could whitelist sites for cookies. That way you can stay logged into things like email.
You 100% can. That’s exactly how I have mine set up. It clears cookies on exit but then I manage a whitelist.
Here are the Chrome instructions. Firefox is more or less the same.
Use the extension/add-on “cookie auto-delete” https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/
It’s magic!
And “I don’t care about cookies” https://addons.mozilla.org/en-US/firefox/addon/i-dont-care-about-cookies/
This clears those annoying GPDR things.
These two add-ons will change your life.
They are available for all the browsers, not just Firefox.
You can, on firefox at least. No add ons required it’s a browser feature.