Third-party cookies (questions)

Discussion in 'privacy general' started by Jim Verard, Nov 1, 2007.

Thread Status:
Not open for further replies.
  1. Jim Verard

    Jim Verard Registered Member

    Joined:
    Jun 5, 2007
    Posts:
    205
    Third-party cookies are a threat to privacy, no matter if they are season or persistent cookies and are deleted after the browser is closed, because after you leave a specific website, another one different can read the same cookie and identify you.

    Let's say Google used a cookie for one of their services - Blogger (or even Orkut). There's another cookie which leads to Google.com himself. If I leave Orkut/Blogger without erasing myself the season/persistent cookie, each time I came into a different website which is using any of Google services, Google might be identifying myself, even if I am using a browser like XeroBank. Is that right?

    I am asking you this because XB has a extension called PrefBar which allows me to place a button called "Clear Cookies" and always I am pushing that button after I left each website. It has become a habit for me.

    And let's say some company owns different websites, different boards like Wilders Security and we don't know that. Is it possible for them, by only reading a cookie created on a different domain, knowing that I am Jim Verard from Wilders?

    People are usually affraid of being traced by the same website, but what about them tracing the others?

    Possible host-services which are quite different (using a lot of different names and domains) but in the end are always the same company?

    Anyway, I can't find any option here on Firefox to block third-party cookies. Perhaps this option was removed? Where is it? I remember it was possible to accept only cookies related to that specific domain. Not now.

    Some useful information from Wikipedia about third-party cookies:

     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    For your Firefox question: the option to block third-party cookies is no longer available in the UI, but you can set it. Go to about:config > Network.cookie.cookieBehavior > change the value to "1".
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
  4. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    Good tip. Thanks
     
  5. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    It is this, and other bad privacy/security decisions by MoFo, that keep me using 1.5. I think what 2.0 has done to privacy is awful. I might as well use IE. In fact, IE6 is better now for privacy than is Fx. Very sad.
     
  6. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Hello Jim,

    Don't you use CookieSafe?
    The FF extension, works like NoScript but with cookies. What's wrong with it?
     
  7. Jim Verard

    Jim Verard Registered Member

    Joined:
    Jun 5, 2007
    Posts:
    205
    How's that possible if Internet Explorer doesn't allow you to erase all temporary internet files? You have to use CCleaner always to erase all the garbage Microsoft left behind on your computer. That kind of thing doesn't happen with Firefox. At least he erase everything after is closed. And all cookie configurations are easier than IE. I can't figure out until today how to deal with them while using IE. :gack:

    I agree with you about the decision of remove this option, it was a very bad idea. On the other hand, Firefox have an option to use Google resources for each website visited, to check if it's a fraud. So much for privacy, uh? :rolleyes:

    I was about to make the download, and then I read this:

    https://addons.mozilla.org/en-US/firefox/addon/2497
    https://addons.mozilla.org/en-US/firefox/reviews/display/2497

    The last thing I need here is something who might jeopardize my privacy, and hide anything I need to be sure that is destroyed.
     
  8. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    That,s a very bad decision. I wonder why they did it?
     
  10. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Why does it jeopardize privacy? Because it stores cookies in its own folder or ? (i really didnt understand, sorry if i'm flashing my dumbness here :D )
    Is it final yet, and in the addons site? TIA
     
  11. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Heres one explanation I found (not official though):
    Also heres the bug page: Bug 349680 – "Allow sites to set cookies for the original site only" missing from cookie preferences

    Final yes but not on the addons site. Needs more reviews or something.
     
  12. GrailVanGogh

    GrailVanGogh Registered Member

    Joined:
    May 2, 2007
    Posts:
    97
    Location:
    US

    What are those other issues Mele? A thread was created at BBR for voicing concerns and complaining about Fx v2 but you chose not to post anything.

    How hard is it for you to go in and change one number in about:config to block 3rd party cookies or to use an extension like CS lite or Cookie Safe which works fine?

    You have Proxo so you should have no concerns about cookies in any browser and if your really truly concerned about security and privacy why not use sandboxie?
     
Loading...
Thread Status:
Not open for further replies.