Opera Cookie-Manager Function

Hi everyone

I've read some different threads regarding cookies, e.g.

http://www.wilderssecurity.com/showthread.php?t=5772
and
http://www.wilderssecurity.com/showthread.php?t=3196;start=0
and
http://www.wilderssecurity.com/showthread.php?t=5326;start=15

Not wanting to start any war on cookie-management tools nor browsers, I'd like to describe the cookie-management function of the Opera browser and ask other members if they believe I should increase that protection by using a third-party manager...

If so, which one specifically and, foremost, why (i.e. 'because this and/or that important function is missing, etc.').

I was impressed by what I read in the other threads as far as IE6 cookies-management is concerned, and I'd like your advices.

Mozilla/Firebird/Beonex/Phoenix (any Netscape users around here ?!) users, please feel free to join in and comment 'cause I also know that these four browsers cookie-management functions command much respect from you.

Thanks, Crockett

The first screenshot shows the cookies settings set-up one can reach through the Preferences menu in Opera.

 

Second screenshot showing the access to the cookie manager through the 'Delete Private Data' option...

 

Once opened, the manager displays something like this...

 

Cookies alerts in opera are shown as follows...

 

Should one wanna change one's mind later about the authorizations given to any specific server/domain, it then can easily be done, as is shown below...

Rgds, Crockett

 

It looks good.

Currently cookie management in Firebird 0.61 (I dont have 0.7 on this computer to check e.g no white listing) is a bit retarded, though there are proposals to improve it.

Mozilla 1.5's is VERY complicated.

First you have to choose from the following

a)Disenable cookie
b)Enable Cookie
c)Enable cookie only from originating site
d)Enable cookie based on privacy settings

Then you have the following indepedent tickboxes.

1)Ask me before storing cookies.
2)Limit maximum life of cookie to days.

Confused me a lot, until i did some tests.

Choosing between b or c meant choosing between allowing or disallowing third party cookies on the first filter. If you select 1), this is the second line of filter.

Choosing d) means no cookies at all that's the clearest.

In addition if you choose 1, it would create a popup notification. So choosing 1+b meant the notification would trigger for all cookies (of course assmuing the not in black/white list). 1+a would do the same but not for third party cookies.

Picking 2 (whether with 1 or not), would alter the cookie's maximum lifespan if it exceeded this amt. For example google's famous 2038 cookie can be accepted but will always be converted to current session if you accept it (via notification or not)

But what about D? that's where it really get's confusing!

If you select "enable cookie based on privacy settings" it supports the p3p standard. Which that means is what happens depends on the privacy policy of the site.
There are 4 levels of privacy policy (let';s call them a,b,c,d) , and 2 types of cookies , First party and third party (call them first and third), this means in total there are 8 combinations of cookies and privacy policies

There are 4 possible actions for each combination of cookie/privacy policy. They are accept, reject, flag, session.

What they do.

Accept is obvious
Reject is obvious
Session just accepts and converts it into a session cookie if it isnt yet.
Flag - Confusingly enough this isnt the same as "ask me before storing cookies". What it does is at the bottom a cookie icon will flash and you can click on it which tells you that it was accepted (no option) and allows you to jump to your cookie manager to remove if you dont want it.

How does the above intereact with ticking off "ask me before storing"? Good question, I couldnt figure it out. In fact, I think it's broken. Even if I selected "Reject" for all combinations of cookie/privacy policy I cant get it to reject google's cookie. It just "flags" it.

 

Hi JayK

Thanks for the description...

Man - I may be wrong about that, but that's not what I would call simple management...

Did you finally manage to make it work the way you'd like or did you give up? I thought perhaps actually using these features might be less complicated than just describing the process, but it doesn't sound like it when reading your post...

How about IE6 ?! Is it easy to configure ? 'More complete', 'less complete' or 'as complete' as Opera's features displayed above ?

Anyone having some screenshots about IE6's cookie-management ?!

Anyone about FireBird 0.7 ?!

Rgds, Crockett

 

My own needs are pretty simple really, I don't accept third party cookies at all (they have no business ever putting them in), and even first party cookies are converted to session before accepting.

I don't want permant cookies at all, if I really want to save a password, I will do it via the password manager.

If I'm in a ultra paranoid, i turn on "ask me before storing" too, though that gets old fast/

So in Mozilla 1.5 that means checking

"Enable cookie only from originating site" and
"Limit maximum life to session only"

The P3P standard support (dealing with cookies according to stated privacy polices) is a nice idea, but it seems broken. But from what I have observed it's not very useful currently anyway if it's working since lots of sites dont have privacy policies anyway.


About IE 6

IE 6, basically allows you to prompt,accept,block cookies. You can set seperate options for third party cookies and first party (what Opera turns normal cookies i guess). The display is very similar to the opera screenshot though the options are side by side and not one above another.

E.g you can set

First party Third party
Prompt Block


Then Below that there is a checkbox to "always accept session cookies". I think (havent tested), that checking this will over-ride the options above and will always accept session cookies.

The prompt option allows you to accept/reject cookies and to add to whitelist/blacklist.

So here, for my purposes, it's slightly weaker, since you can't convert first party cookies to session . so if you do decide to allow any first party cookies they last as long as the webmaster sets it.

I like it though, because the presenation is clear, clearer then in Mozilla 1.5. Still,If it added a 4th option, convert to session and accept, I would be very pleased.


Firebird 0.7

Just played with it some. It's streamlined

Enable cookies.
Enable cookies from originating party only
Enable Session only cookies
But ask me before storing.

There's a exception button, which allows you to manage the white/black list. You can directly enter urls to whitelist and blacklist. No big deal, but this isnt in Mozilla 1.5 or in the older FB builds! In those, you can only remove. To add you have to go to the site in question. (There is a work-around that lets you to import cookie lists, but that's too roundabout)

 

Well you of course know one of the main reasons for splitting the mozilla suite for seperate browsers, composer etc, was a result of bloat?

Well clearly the cookie manager is one example, where there are some many options, it's unclear (to me at least) what they all do even after reading the help file.

Perhaps I have a overcomplicated mind, but when i look at the various options in cookie management, it is never clear to me which option has priority.

If we are talking about the ultimate cookie manager, I would sugguest a rule based filter for cookies !

It would be really geeky. You could set rules to deal with cookies based on properties such as

1) Nature of cookie (third party or not)
2) Life span of cookie.
3) privacy policy
4) Regexp check of server and path. e.g you dont want something that has *adverts.
5) White or blacklisted.

Actions would include

1) Accept
2) Reject
3) Prompt [ pop up ]
4) cookie notification icon which you can click on otherwise it accepts or rejects depending on the setting.
5) Convert to session or whatever lifespan

Then you could create this complicated set of rules like those available in some powerful email filters.

Mine would look pretty simple.

If whitelisted, Accept , then stop processing
If blacklisted, Reject, then stop processing
If third party cookie, Reject, stop processing
If first party cookie, convert to session.
For all - Prompt
End

This way there would be no confusion at all how it would work.

For more sophiscation you might add rules to test if the cookie is ad-based etc.

Now I've seen some guy sugguesting using bayesian filtering to filter cookies! Now that's overkill.

The ultimate cookiemanager would also have excellent gui for viewing stored cookies and viewing permissions, A search function is a must, espically for permissions, where you can have superlong blacklists.

I'm satisified with the current popup notifications which list all the info. The ability to change the lifespan of the cookie to session before accepting/rejecting might be nice though.



But seriously, do we really need all that?

Cookies are not all so bad anyway.

Less complete it seems, though I havent played with Opera a lot, except on my Sister's computer. Still it's more then sufficent for 99% of people I expect.

Thought about it, but I'm too lazy to go sign up for one of those free accounts and I don't really like the idea of exposing my real domain here.


Rgds, Crockett

 

Hello JayK

Many thanks for your interesting and balanced thoughts...

Rgds,
Crockett

 

The main setting page. It gets confusing if you click on "enable cookies based on privacy settings", see next post

 

Here's the P3P setting page. As explained above "Flag", doesn't create a popup notification.

"Flag: Lists the cookie's status as "flagged" in the status column of the Cookie Manager's Stored Cookies tab and display the cookie notification icon."

 

Whitelist/blacklist. Notice, you can remove them only , you can't manuually edit or add to them.

 

One click to remove or add to black list and remove it.

 

IE 6 advanced options

 

IE 6 whitelist/blacklist manager. You can manually add to the black/white list.

However . there is no way to see what cookies are stored ,though you can of course clear the cookies.

 

IE notification.

 

Oh right Mozilla 1.5's cookie manager.

 

Hi Jayk

Great work !... I'm the one who asked for screenshots, now I've got a handful of it

As much as I like Opera, I just don't know anymore which built-in cookie manager is best... I'll have to read the whole thread again and try to make up my mind from an objective point of vue...

Hope other members will jump in and give their opinions.

See you later anyway...

Rgds, Crockett

 

FB's cookie management is almost exactly the same, but with slighly less options eg no P3P support.

Firebird 0.7 (and IE 6) does have one advanatage over Mozilla 1.5 As you can see below for Firebird you can manually add sites into the white and blacklist., something not in the Mozilla 1.5 build (see earlier screenshot of Mozilla's whitelist/blacklist)....