XPost: alt.comp.microsoft.windows
On 2023-04-22, Stan Brown <
the_stan_brown@fastmail.fm> wrote:
<https://popzazzle.blogspot.com/2021/11/dark-tracking-service- workers-and-privacy.html>
That link for web browser service workers was enlightening.
https://popzazzle.blogspot.com/2021/11/dark-tracking-service-workers-and-privacy.html
It covered exactly what I should do with this chrome setting when it said
"If you want to declare war on service workers in Chromium/Chrome, start by going into the Settings, head down to the System category and switch off Continue running background apps when Chromium/Chrome is closed. This does
not stop service workers from registering or installing, or even operating
as such. It does, however, stop them running "off-page", which is where the worst of the privacy invasion takes place."
Because Chrome/Chromium browsers treat service workers as part of the
cookie permissions regime, if you disable first-party cookies you also effectively disable service workers. So if you set up a selective
first-party cookie arrangement as I described in the privacy guide, you can very heavily limit the number of sites that can drop service workers onto
your device. Only the sites you grant permission to use first-party cookies will be able to run service workers.
If you completely clear your Cookies and other site data in Chrome or Chromium's Clear browsing data dialogue (from the Settings menu), all
service workers and their assets will be deleted as part of the process. However, doing this will log you out of any sites you're logged into. If
you want to be sure that all data from dark storage is gone, also delete
the Cached images and files, which appears in the same dialogue. Solely deleting Cached images and files will not log you out of sites.
You can further minimise service worker installations in Chrome/Chromium by strictly limiting JavaScript permission to the pages that you must use, and which won't work without it. Unlike Firefox, Chrome natively lets you block
all JavaScript and then re-enable it selectively, per domain - same as the cookies.
To do this in Settings, go to Privacy and security > Site Settings > JavaScript. Change the Allowed setting to Blocked. You can then add any
domains you want to use JavaScript to the Allow list. Alternatively you can install the NoScript extension, taking note of the warning in my privacy
guide. The uBlock Origin extension will also let you block all JavaScript
and then allow it selectively. You'll have to go into uBlock's settings and tick the Disable JavaScript box though. Out of the box uBlock Origin allows JavaScript.
With cookie and JavaScript permissions granted sparingly in Chromium, you should only get a few service workers installed. And you can see, manage
and delete the installed service workers in the Settings. You could click
your way through the menus to find the relevant page, but it's easier just
to type chrome://settings/siteData into the URL bar and go straight there.
On the All cookies and site data page, you'll see a list of all the sites
that have put things onto your device.
As you look down the list, you'll notice that under each domain name
there's a documentation of what it's stored. It may just say "5 cookies",
or there may be additional categories of data such as local storage,
database storage and service workers.
If a domain shows a service worker, you can just delete the service worker
by hitting the X to the right of the individual list item, and leave the
other items untouched. In privacy terms, it may also be worth deleting the database storage and local storage. Normally, sites will not log you out
when you delete the database and local storage, but you might lose some
site preference settings. The aforementioned Tutanota is one of the
exceptions that will log you out when you delete the local storage. That's because it puts its login cookie in the local storage rather than storing
it as an actual cookie.
Deleting the service worker(s) in Chrome's site data settings will not stop
the site from installing a new service worker next time you visit. But...
There is a way you can block specific, unwanted service workers from re-installing in Chrome. You can use the logger in uBlock Origin to set a blocking rule targeted precisely at the inaugurating service worker script. Naturally, you need to know the name of the inaugurating service worker
script before you can find it in the logger. You can find it like this...
Go to the site whose service worker you want to zap.
Open More tools > Developer tools from the main menu in Chrome or Chromium.
Hit the Application tab.
Now click on Service Workers in the left hand menu.
This will show you a JavaScript file name listed as the Source.
Now you just look for that file name in the uBlock Origin logger, and block
it as per the instructions in this tutorial. Close the site and delete the service worker from Chrome's settings as previously explained. It is now blocked and will not re-appear unless the provider changes the name of the source script.
All's well that ends well, but what a massive amount of hassle to prevent website owners from deciding what you should have on YOUR computer or
device.
contains an easy-to-understand explanation, and specific steps for
forbidding service workers in Firefox and minimizing them in Chrome.
I'm not sure it's easy to understand, but this is his summary.
"Service workers are basically app downloads that take place entirely at
the provider's whim and under their control. Not only do we not know what
the app does - we don't even know we're downloading it. Meanwhile,
lawmakers think they saved online privacy with cookie banners. We need some privacy lawmakers who understand technology."
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)