Incognito shares the session, so if you have Facebook and shady sites open in incognito at the same time, you've reintroduced this attack vector.

If you want real isolation, user browser profiles.

Yes loading more than one shady sites in private mode allows them to share data. Only do one shady site at a time then close down.

But it's certainly good advice to check no other windows have been opened.

> Running facebook in a separate container is also an essential safety mechanism.

Yes!. And that container is in a Ffx instance, accessed as a remote app (here now but diff container).

... or just not running Faecesbook at all.

> ... or just not running Faecesbook at all.

At one time I agreed and had even deleted my genuine FB acct. But had to create another one briefly in 2021 to find a rental - where I live now.

I still have my ancient fake FB acct for Marketplace, etc but it's walled off.