LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

google's tracking cookies

google's tracking cookies

Posted May 9, 2008 13:16 UTC (Fri) by wingo (subscriber, #26929)
Parent article: Rietveld: another code review aid 

Neat project.

However the bit about requiring a Google login is pernicious. Because the google cookie is
(AFAIK) used both for applications and for ads, and the ads are everywhere on the internet, if
you login to use reitveld you're exposing yourself to being tracked by Google all across the
internet.

You're not only exposing yourself to Google, of course; since the NSA monitors all internet
traffic into and out of the US, you're exposing yourself to the US government as well. I'd be
surprised if they didn't have explicit code to track google cookies.

This does have implications, what with the patriot act, the green scare
(http://www.baltimorechronicle.com/2008/042808Lendman.shtml), the redefinition of terrorism,
indefinite detention, etc: it's easy to build a case against someone these days. Centralized
tracking, as implemented by google, is centralized power.

So I think that it's especially important that free software avoid ties to centralized power
like this.

(Log in to post comments)

google's tracking cookies

Posted May 16, 2008 3:56 UTC (Fri) by Duncan (guest, #6647) [Link] 

That's one good reason to use privoxy or the like, to turn all cookies 
into session-only by default, if your browser doesn't have a similar 
feature or the controls aren't fine enough to do that in general but turn 
it off, allowing saved cookies, for some sites.  Konqueror has the option 
but it's set globally, and kills existing cookies one might want to keep, 
for a few sites, so I don't use it, but use privoxy instead.  One 
remaining problem is that privoxy, unlike the proxomitron I formerly used 
on MS which used the SSLeay libs to intercept secure connections if set to 
do so as well, simply bypasses secure connections, so be aware that any 
secure connection can still set saved cookies even if you have privoxy set 
to session-only cookies.  Still, that would allow one to use Google 
services with secure logins if desired (I'm still suspicious and haven't 
needed to, so don't), while using privoxy to block standard ad use of the 
same cookies.

I believe I was reading about a Firefox cookie switcher extension as well.  
It let you switch cookie profiles, so you can browse with Google (for 
example) cookies disabled most of the time, but switch profiles, enabling 
a saved cookie, them when needed.  As I said I don't tend to use Google 
login services so I've not needed something like this and passed it up, 
preferring cookiesafe's per-site approach.  I'm not sure how they'd work 
together nor do I remember what the name of the cookie profile switcher 
extension was, but I do remember seeing it.

That said, the general problem you refer to, that of huge conglomerates 
such as google expanding into more and more areas and gaining more and 
more power over our lives and privacy, and the greedy noses of the US and 
other governments on top of that, still exist, regardless of the measures 
individual users may take.

Duncan

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds