Now that FB is deploying "1st party cookies useable by third parties", I wonder what the workaround mitigation could be (apart from avoiding FB): I currently use FF with 1st Party Isolation enabled, plus uBlock in advanced/medium mode (3rd Party, 3rd Party Scripts, 3rd Party frames blocked) I use others addons to such that than PrivacyBadger, CanvasBlocker, etc, but I think tat uB and FPI are the 2 main tools concerning isolation from third party. What are your advices for this problem?
The same things that work for 3rd party stuff can be applied to 1st party stuff too but it won't be very easy (you can't just do "block all from adthis.com" or similar when faced with 1st party). The only problem is, the offending script, pixel etc...whatever method the FB is using, needs to be recognized and then blocked with custom rule until uBlock and similar software catch up with this crooked behaviour. So basically, you could start blocking everything from FB domain (and subdomains) and then: 1. check the uBlock log, choose something that could be actual needed for usage and unblock that. 2. Test. Does it work? No? repeat step 1. For example here's uBlock dynamic rules that allowed me to login to my ancient FB account by the method of trial and error: And after that check the uBlock origin log if it needs fine tuning: As you can see it blocks pixel.facebook.com. Now is this that famous 1st-party-to-3rd party cookie that the news reported? Without some test case I have no clue .... maybe gorhill already added the needed protections? EDIT: Blocking embedded scripts too will still allow login and seems theres no breaking things ....
Get "Cookie AutoDelete". And I think that PrivacyBadger is not necessary. Use this to get a good baseline as to which extensions are good atm: https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.1-Extensions (You could also include that user.js in your firefox, but that is relative advanced and takes time to configure)