LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mozilla, Google and privacy

Mozilla, Google and privacy

Posted Aug 15, 2009 3:17 UTC (Sat) by foom (subscriber, #14868)
In reply to: Mozilla, Google and privacy by dlang
Parent article: Ubuntu removes "multisearch"

> that other server can set a cookie that it will get the next time it is accessed

In Safari it can't. From the preferences...

Accept Cookies:
[ ] Always
[ ] Never
[X] Only from sites I visit
    Block cookies from third parties and advertisers.

(Log in to post comments)

Mozilla, Google and privacy

Posted Aug 15, 2009 3:21 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]

interesting to know that this is an option.

I assume that this isn't the default (that it defaults to yes)

any idea how many sites get broken by this option?

Mozilla, Google and privacy

Posted Aug 15, 2009 3:36 UTC (Sat) by foom (subscriber, #14868) [Link]

It is the default. I don't know if any sites get broken by it, but I certainly haven't noticed any. Not that I would have even thought to try changing that option if I did run across a broken site, so who knows.

Quite a few are broken by me disabling Flash's data storage, though.

Mozilla, Google and privacy

Posted Aug 15, 2009 19:30 UTC (Sat) by njs (guest, #40338) [Link]

Firefox also has this option (though AFAICT not on by default): uncheck Edit > Preferences > Privacy > Accept third party cookies.

Mozilla, Google and privacy

Posted Aug 15, 2009 20:01 UTC (Sat) by Tobu (subscriber, #24111) [Link]

Yeah, but it is ineffective.

I have this option in Chromium and Firefox. All it does is check that the cookie setter (RFC 2965, the dom, maybe equivalents in html5 dom storageĀ…) requests a domain compatible with the current domain.

Content included from another domain works around it, and here both Firefox and Chromium have a myriad of cookies from adservers (these aren't leftovers, they get removed at the end of a session through another firefox setting).

The problem is that the effective way to prevent this (namespace cookies with the referer domain in addition to the cookie domain) hasn't been implemented, and these settings are just a distraction. I haven't tried Safari, but at least for the browsers I use, exposing them as "block third party/tracker/adserver cookies" is misleading. Maybe there is a reason fixing this is not that simple, but I suspect the reason is a big conflict of interest.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds