Cookies and Chrome

Discussion in 'other software & services' started by Daveski17, Nov 22, 2014.

  1. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,271
    Location:
    Lloegyr
    Well, I'm not familiar with CCleaner and knowing my luck I would delete all of my cookies by accident lol. Interestingly, I suspected an extension, so disabled 'Clearly' and surfed for quite a while in Chrome. After an SAS scan it was clean. I then re-enabled Clearly and surfed a bit more to see if it would contract a DoubleClick cookie quickly. But so far I haven't found any tracking cookies. Curiouser and curiouser eh? :confused:
     
  2. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    Yeah it was. But after i entered manually [*.]doubleclick.net - block in exceptions it not able to set. Either way it would be blocked by uMatrix.
     
  3. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    862
    Location:
    Canada
    Were chromium-behind-the-scene, chrome-scheme and chrome-extension-scheme scopes whitelisted? These scopes come with matrix filtering turned off by default (so as to not interfere), and if one of these set cookies, they won't be deleted by uMatrix.

    I am using Chromium and I don't see doubleclick.net, but it could very well be specific to Chrome.
     
  4. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    No those are white listed so maybe that's it.

    Does uMatrix actually block the cookie from setting? I thought it isolated it so that it couldn't communicate with the mother ship so to speak. I've seen it work and work way more effectively than Edit This Cookie who says they block the cookie but actually seems to do something similar.

    I'm sure that the cookie was useless since its not allowed by uMatrix and not allow would result in isolation from what I have seen.
     
  5. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    Dave I finally have this down to a science. Clear all your cookies. Install the privacyChoice extension here:

    https://chrome.google.com/webstore/detail/keep-more-opt-outs/eoibfeagdaaoimfpfalgbmmegagdconp

    You can disable it as soon as you see the cookies show up.

    Install the free version of CCleaner.

    Run the analyze function and see the 300 opt out cookies.

    Move them to the protected side.

    You now do not need to disable third party cookies. It is so cumbersome to do that. Add doubleclick.net to the manage exceptions section [*.]doubleclick.net block , add [*.]google-analytics.com block , add [*]atwola.com block

    At this point run your browser for a day or so and then run analyze from CCleaner again. You will see all the cookies that have been loaded to that point. Move the ones you want to keep to the right. I doubt you'll see many third party cookies in there but whatever ones you want to really block add them to the exception list as the others were. Atwola was really the only one other than the two Google cookies that I felt the need to block. CCleaner is easier as a management tool than SAS. The opt out cookies are all still at one so they aren't being over written or having another slightly different one installed as far as I can tell - I've checked the actual file.

    If Google wanted to add a function for this they could just allow from the inspecting section of cookies a delete and block option so it could be done one time and done. The opt out cookies are just the only way to batch them all.
     
  6. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,271
    Location:
    Lloegyr
    Thanks for that. I will give it some consideration. :)
     
  7. Pilou42

    Pilou42 Registered Member

    Joined:
    Oct 4, 2014
    Posts:
    66
    It does not explain how the cookie appears.
    I think when you install Google Chrome, it comes with doubleclick cookie, but if you delete it, there's no reason it comes again (if you enable "block third party cookies" option or if you use an extension which handles web requests).

    Google is surely a privacy stealer, but don't accuse them of all abuses. I think cookies management works well. Of course you can do better with some extensions (µMatrix for example), but I don't think there's a cookie "hack" favoring Google.
     
  8. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    It doesn't come with it.

    Regardless of how it gets on there - and it got on my system with third party cookies blocked (which is a pain to deal with) so at the start I just manually enter it into cookie manage exception as blocked and it does not get on then. Google-Analytics.com cookies came on the same way so I also added that as a blocked exception.

    Google's built in cookie manager and API do not allow easy management of cookies so you have to jump through hoops to get it the way you want. None of the cookie managers or even uMatrix can block cookies it seems they just isolate them so they cannot communicate with whatever had set them.

    I just believe they are being seen as 1st party cookies by Chrome at some point with something I have either installed or a website I visit. Considering browser development costs etc I have no problem with that but I found a way around it.
     
    Last edited: Nov 28, 2014
  9. Pilou42

    Pilou42 Registered Member

    Joined:
    Oct 4, 2014
    Posts:
    66
    Well. I have "keep cookies until browser exit". "Block 3rd party cookies" is NOT enable. I have µMatrix. And I don't have doubleclick cookies or google-analytics (in Chrome cookies list).
    I guess they are not present because of µMatrix either by preventing third-party requests,either by hosts filterset. Notice that Behind-the-scene are not white-list, in case an extension would request google-analytics for example.

    So I'm surprised you get these cookies that easily since your settings seems more "secured" than me.
     
  10. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    I stopped using uMatrix but I did have it when doubleclick.net appeared. Like I said it must be from either a Google extension that I use (a few) or some google site I use (many). Blocking it doesn't kill any functionality.

    Using uMatrix I just couldn't get flash to run easily on sites for news and such. I tried going back to HTTPSB and wanted to set that up as requestpolicy, Gorhill has a recipe that can be downloaded but for whatever reason I could get it to the point where one click should have moved it to HTTPSB and nothing would happen. I was pulling my hair out so I went back to Ghostery, ublock, cross domain request filter and AVG linkscanner. Maybe not quite as safe but my system is pretty hardened at the system level imo so easier web browsing becomes more important.
     
  11. Pilou42

    Pilou42 Registered Member

    Joined:
    Oct 4, 2014
    Posts:
    66
    Forget HTTPSB. It had some limits, that's why it is recommended to replace it by µMatrix. For your Flash problem, hard to diagnostic, it could be Chrome ClickToPlay or it had to do with "plugin" or "XHR" or "other" columns in µMatrix. I have 0 problem with it.

    The thing is, you think your security is ok by using a lot of tools, but I'm not sure you understand them, and in security/privacy, you'd rather have 1 tool you understand that 5 tools you don't really understand.
    For example, Ghostery and µBlock have the same behavior. I'd better use µBlock, than Ghostery or worst, µBlock+Ghostery. AVG linkscanner, I don't know, but I would not be surprised it slows down your navigation. Tools from AV are often the cause od a lot of problems. I recently read Avast uninstalled NoScript on Firefox. Nice move. For "Cross Domain Request Filter", I remember I've tried it: No WebRequest APi, (so) not reliable, and seems abandoned.

    I think you did not understand the power of µMatrix. I use µMatrix to improve security+privacy and speed up webpage loading. µBlock allows me to improve some pages, but it is nothing compared to µMatrix.
    If you really wants to improve your security/privacy, or if you want to handle that "doubleclick cookie", I advise you to master µMatrix.
    For now, I'm unable to reproduce OP problem. I don't have this infamous cookie. :)
     
  12. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    Without the recipes available I was floundering to get videos to work on News sites such as ABC and ESPN.

    Once that type of thing is available through a repository like they have for Stylish I can go back to it. Believe me I have gone back and forth on that and HTTPSB dozens of times knowing they are much better than something I put together with different extensions.

    I haven't had a doubleclick.net set since I added a cookie block in chrome for it. Gorhil mentioned I may have picked it up through a Google extension I use or through the chrome pages some how.

    Yeah cross domain request filter hasn't been updated since 2012 but it still does block cross site scripting. As a matter of fact I had dumped that but it allows me free unlimited access to some news sites that limit use to x number of stories so I'was just looking for it to put on again but on demand. It also has a boatload of cross scripts ID'd as unknown or some such thing and there are some other odd things when you block some things something new will just pop up. Its just good for blocking some of the news things.
     
  13. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I keep thinking this thread says "Cookies and Cream"
     
  14. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    I went back to uMatrix and was able to set it up from scratch to default blocking all cookies even first party cookies so I have to enable them on each site. I still can't get ABC News videos to function though.
     
  15. Pilou42

    Pilou42 Registered Member

    Joined:
    Oct 4, 2014
    Posts:
    66
    Videos from abcnews.go.com don't work for me either. But it is NOT linked to µMatrix or µBlock (disable for test) nor clickToPlay (no clicktoplay for this site). But it works with Firefox. I suppose this is a *$%£*% site to avoid. I don't even want to spend time understanding the cause.

    For cookies, you chose a difficult way (a lot of sites will force you to use cookies unfortunately) but it is not wrong since even gorhill himself said he used that.
     
  16. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    When I disable uMatrix matrix filtering the videos work. I also tried killing the hosts files. I did a page inspection and abcnews.go.com is the pertinent script and that's 100% enabled.

    But your post previously convinced me to give this another shot. I can live without ABC News.
     
  17. Pilou42

    Pilou42 Registered Member

    Joined:
    Oct 4, 2014
    Posts:
    66
    Wow ! It seems there's a problem on my side. I tried creating a new profile, "just to be sure". And it works.
    With my current profile, it works if I disable pepper flash (and then I use NPAPI Flash). But with the new profile, it works with PPAPI.
    So it's somewhere in my profile, surely some cached file cached. Will be hard to find. Even a "delete flash settings" change nothing. :/
    Surely a Chrome bug, but it's off-topic.
     
  18. Pilou42

    Pilou42 Registered Member

    Joined:
    Oct 4, 2014
    Posts:
    66
    Gotcha. I deleted the "Pepper Data" directory in my profile, and it worked again.
    For abcnews.go.com videos to work, you have to whitelist players.edgesuit.net "other" column and adm.fwmrm.net "other" column (without this filter, you can't pause videos).
    Yet another great stuff with µMatrix (dat extension !). Before, it was hard to use a hosts file, since hard to see which filter was guilty. Now, with the hosts filterset integrated in µMatrix, you can see which filter is guilty and create a whitelist consequently (the ideal would be to report it to filterset maintainer).
     
  19. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    Wow, nice find. ​
     
  20. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,271
    Location:
    Lloegyr
    Don't you just love alliteration?
     
  21. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    Well as uMatrix blocks cookies it is pertinent.
     
  22. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,271
    Location:
    Lloegyr
    Yeah, it doesn't alliterate though. The assonant vowel rhyme in 'blocks' & 'cookies' maybe ... at a stretch. ;)
     
  23. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    I've done numerous supercookie tests and here is the switches I use on Chromium -disk-cache-size=0 --disable-localstorage --disable-databases --disable-session-storage I haven't noticed much difference besides most supercookie test failing besides the lso flash cookies being set. The global flash settings don't always stick but you can try to stop flash cookies. Give it a shot.
     
  24. @apathy,

    I liked the idea of zero length caches, so I checked my Group Policy settings, the explanation of addressing a zero length cache seems to set it to the default size, see picture. So now I am confused, do you have any background info on this?

    Untitled.png
     
  25. Pilou42

    Pilou42 Registered Member

    Joined:
    Oct 4, 2014
    Posts:
    66
    Give a shot at what ? I don't understand what you were trying to test/prove ?

    What is a "supercookie test" ? Why using these flags ? Why not using a incognito window instead ?

    Sorry for these questions, but I did not understand anything in your post in fact. :/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.