SEARCH

Enter your search query in the box above ^, or use the forum search tool.

You are not logged in.

#1 2013-08-02 11:55:07

johnraff
nullglob
From: Nagoya, Japan
Registered: 2009-01-07
Posts: 4,148
Website

Best cookie policy for web rodents?

I've set "ask me every time" for the Keep Until.. setting for cookies on Iceweasel, so when I hit a new website I have to choose block/accept/just for this session. My usual choice is "just for this session" except for sites I expect to have an ongoing relationship with, so every time I shut down the browser the cookies are deleted. (right?)

That seems to me like a reasonable policy, but I was just wondering - is there any point in choosing to block cookies from some evil site, instead of just keeping them for the current session only?

Are there some aspects to cookie policy I've overlooked?


John
--------------------
( a boring Japan blog , Japan Links, idle twitterings  and GitStuff )
#! forum moderator    BunsenLabs

Offline

Help fund CrunchBang, donate to the project!

#2 2013-08-02 17:06:11

fatmac
#! Die Hard
Registered: 2012-11-14
Posts: 1,948

Re: Best cookie policy for web rodents?

As far as I am aware, cookies can't do any harm, they just let a site know you've been there before.
(Personally, I never worry about them.)


Linux since 1999
Currently:  AntiX, & Crunchbang.
A good general beginners book for Linux :- http://rute.2038bug.com/index.html.gz
A good Debian read :- http://debian-handbook.info/get/now/

Offline

#3 2013-08-02 22:37:00

CBizgreat!
#! Die Hard
Registered: 2011-07-27
Posts: 1,865

Re: Best cookie policy for web rodents?

Adds 2 babble cents, + btw hiya's John hope things are going well.

Always set mine to delete on close though that's just a preference. Would be annoying to have a web browser ask everytime. Not sure what you're going for with this ... privacy ? If that's the case might look into super/flash cookies n etc. The application bleachbit is supposed to get rid of them. To be honest am not a web cookies or web tracking guru either.

Though if the goal is privacy and you aren't addressing super cookies might be something overlooked. Myself also tend to disable allowing websites to set third party cookies, again that's just a preference. Lastly ... might visit mozillaville and see if there's a plugin that catches your fancy. One of the kewl things about using a mozilla based browser, it's like the wordpress of web browsers ... there's probably a plugin for everything. Not sure ... but don't see why it'd be different for managing website cookies.


Vll! smile

Last edited by CBizgreat! (2013-08-02 23:03:33)


Some common cbiz abbreviations. This will save me time and yet @ same time tell folks what the babble is supposed to mean.

Vll ! = ( Viva la gnu/Linux !)    Vl#!! = ( Viva la #! !)    Last but not least, UD ... OD ! = ( Use Debian ... or die !) tongue

Offline

#4 2013-08-03 02:11:42

shengchieh
#! Die Hard
Registered: 2009-01-07
Posts: 617

Re: Best cookie policy for web rodents?

Flash creates super-cookies.  I do

rm -r .macromedia

every few months.  There is a way to remove flash super-cookies w/o affecting your flash settings - I don't have in my head -
but I just remove everything since I have no flash setting.

Out of curiousity, are there other supper cookies beside flash?

Anyway to answer the OP, browser cookies is my least concern.  I would worry about super cookies.  If you are paranoid, use tor or
tails.

Sheng-Chieh

Offline

#5 2013-08-03 03:51:08

kiiroitori
#! CrunchBanger
From: Tokyo, Japan
Registered: 2010-12-07
Posts: 229

Re: Best cookie policy for web rodents?

Hi johnraff,

I asked myself the same question a couple of days ago, when I installed an addon called "self-destructing cookies". Unfortunately I can't answer you, but I thought I'd mention the addon which I think is quite nice.


I love #! more than my own kids. I told them and they sympathized.

Offline

#6 2013-08-03 04:22:25

johnraff
nullglob
From: Nagoya, Japan
Registered: 2009-01-07
Posts: 4,148
Website

Re: Best cookie policy for web rodents?

Hi Seabiscuit and Yellowbird smile

CBizgreat! wrote:

Always set mine to delete on close though that's just a preference. Would be annoying to have a web browser ask everytime.

"Ask every time" means every time a new domain wants to set a cookie. So yes it's a bit annoying at first, but, if you check the "always use this preference with cookies from this domain" box, once your browser has built up a list, the window only pops up when you visit somewhere unusual. My usual choice is just to keep the cookie for that session, so it's the same preferance as you.

@everyone thanks for your input. I'll have to look into supercookies and "self-destructers".

My main question is - is there ever a reason to choose "Block" for a cookie instead of "Keep for this session only"? Is there any harm a cookie can do just by being around for an hour or two?


John
--------------------
( a boring Japan blog , Japan Links, idle twitterings  and GitStuff )
#! forum moderator    BunsenLabs

Offline

#7 2013-08-03 05:38:48

crunchbangr
Member
Registered: 2013-05-23
Posts: 19

Re: Best cookie policy for web rodents?

I'm not a cookie expert as well, but generally follow the recommendations found here.

Offline

#8 2013-08-03 14:26:26

tlinsley
#! Member
From: Austin, TX
Registered: 2012-04-10
Posts: 68

Re: Best cookie policy for web rodents?

johnraff wrote:

My main question is - is there ever a reason to choose "Block" for a cookie instead of "Keep for this session only"? Is there any harm a cookie can do just by being around for an hour or two?

Depends on your definition of "harm".  AFAIK regular cookies can only track you by recording information, which is read by the site that wrote the cookie and possibly by other sites.  Super cookies (AFAIK) do much the same as regular cookies, but are not cleaned up as easily (but who knows, maybe they also have super powers tongue ).

I don't worry too much about it.  I just run the Ghostery extension and tell it to block everything (which includes both regular and super cookies amongst other things).  Just don't opt into GhostRank.  Word is that it is not as anonymous as we might think.

As with most other things, YMMV....

Offline

#9 2013-08-03 16:06:15

CBizgreat!
#! Die Hard
Registered: 2011-07-27
Posts: 1,865

Re: Best cookie policy for web rodents?

To try to answer your main question John .. My opinion would be "not that I'm aware of." Though like most things techie consider it a complex question with no easy or definitive answer. Things keep changing-morphing-etc. Mentioned flash cookies and super cookies, there's cr@p like web bugs and a ton of other considerations too. Many I'm completely ignorant of. Plus the third party cookies mentioned above ...

If you allow a website to set third party cookies, it means exactly that. They are setting cookies for other/outside parties ... Who that other party may be is anyones guess. Short answer imo the pursuit for "online privacy" is mostly an exercise in futility for the vast majority of netizens. There's governments, major Corporations etc etc etc that are interested in tracking folks internet usage and they have some serious advantages in terms of both resources and talent.

ie: A persons ISP can probably easily track every databit to-from their pc for one thing and a gazillion other things I'm not even going to try ( or even qualified) to get into. Am certain there are net tracking/monitoring guru's out there that sit around and laugh @ the vain efforts the majority of netizens use chasing after "online privacy." Personally have long since considered the internet a public highway and wanting "privacy" on a public highway isn't very practical.

You can tint the windows of your vehicle. Doesn't change that handy dandy license plate plastered on it nor make it very difficult for anyone w 4 braincells to track a persons movements, shrugs. Ahhhh I give up on this too much typing and as mentioned not an authority on the subject anyway. wink


Vll! smile


Some common cbiz abbreviations. This will save me time and yet @ same time tell folks what the babble is supposed to mean.

Vll ! = ( Viva la gnu/Linux !)    Vl#!! = ( Viva la #! !)    Last but not least, UD ... OD ! = ( Use Debian ... or die !) tongue

Offline

#10 2013-08-03 22:48:57

otak
#! Member
Registered: 2013-01-01
Posts: 51

Re: Best cookie policy for web rodents?

I like to delete all cookies and history when I close Iceweasel so that each session is fresh as far as the search engines are concerned.  When I search for a new thing I want that thing to be the only search criterion used.  I don't want the search engines thinking they know what I usually like or I'll be in my own bubble.

  Just another strand in the weave,

Offline

#11 2013-08-04 14:23:30

iann
#! Die Hard
Registered: 2010-09-10
Posts: 720

Re: Best cookie policy for web rodents?

I don't allow any cookies except for sites that I have already chosen to trust.  Such as crunchbang.org smile  This is done by adding an exception.  I use Cookie Controller addon to do this, because it is a simple one-click operation.  It also shows on the button whether the current site is allowed to set cookies or not, as well as what cookies are already set.

There are some sites that I will come across that I don't wish to set an exception for, but perhaps don't quite work properly without cookies.  Cookie Controller has another button which lets me switch instantly to allowing cookies just for the session.  If I forget, this will be switched back to blocking everything when I restart.  I'm not so paranoid that having a tracking cookie on my machine for an hour or two will kill me, but for the most part there is no benefit to allowing them.  The majority of tracking cookies (but certainly not all, such as Google's) are third party cookies, which are still blocked.

There are a number of tracking and data storage technologies in use that people tend to forget about, but are potentially at least as "dangerous" as cookies.  In Iceweasel, DOM Storage is subject to pretty much the same cookie blocking rules as cookies so not a big problem.  Flash cookies are not, they are only really controlled by Adobe itself, by addons devoted to the task, or simply by wiping them from your hard drive outside Iceweasel.  There are also a number of other tracking technologies (eg. CSS styles) that really fall into the exploit class and tend to get fixed fairly regularly, so keep up to date.

If you really are paranoid about your privacy and safety on the internet, you really should be browsing with javascript off.  This won't stop cookies, but it will stop many of the things that really are dangerous.  NoScript would be the first thing to look at, and it protects you from a lot more than javascript, although there are simpler things.  Browsing with javascript off can be a bit of a pain because so many sites don't work properly or fully without it, but if you knew what a website can do you'd be scared stupid and never turn javascript on again lol

Offline

#12 2013-08-04 16:25:51

CBizgreat!
#! Die Hard
Registered: 2011-07-27
Posts: 1,865

Re: Best cookie policy for web rodents?

More babble to add ... for the sake of babbling. Ya guys know how I luv my babble. lol

Agree w the person above ( well agree with points made by many of the people above.) Anyway agree w using Noscript and have for quite awhile touted it's kewlness. Does block flash and javascript ... sometimes you'll run into a site that refuses to work w/o javascript but not all that often. In which case I just temporary allow the site if I want to view it. Personally think the best thing about Noscript is the system resources savings it seems to provide by blocking a metric shizzleton of scripts + flash elements.

Supposedly adobe flashplayer is installed on like 98% of pc's ! They have their own settings control webpage. One way to get to it ( how I've always done it.) Visit a site like youtube, select a vid ... pause the sucker and right click inside the video's view area. Select "Global settings" and it'll take a person to adobe's control page.  Then on the lefthand side there's a list of different controls, listed under "Settings Manager". Click on one of those to bring up that control panel. Sucker will appear to the right, beside the list.

That's the actual control panel, not an image of it. It'll tell you so underneath it. ie: ...

Note: The Settings Manager that you see above is not an image; it is the actual Settings Manager. Click the tabs to see different panels, and click the options in the panels to change your Adobe Flash Player settings.

Went ahead and visited the Global settings myself, it's been awhile. In the Global Storage Settings tab/control panel decided to set how much data a website can store to 0 ... It's 100KB's default. Which is like 25 times the size of a normal web cookie.

Will find out if it causes any issues. Remember doing that one time and briefly fullscreen viewing in youtube quit working until switching it back. Isn't happening this time around though. Anyway only saying am not advising anyone do the same. Imagine many banking-etc websites might balk if LSO's aka: flash cookies are disabled. 

Nother edit: Probably plenty of plugins or other ways to manage flashplayer. Couple people above mention plugins they like-use. Doesn't have to be an all or nuttin. Setting it thataway is just something I dorking with for awhile, shrugs.

Summin else that occurred for folks using newer versions of Mozilla based browsers. In the browser controls go to Edit, then Preferences ... click on Security tab and you see the check boxes for "Block reported attack sites" and "block reported web forgeries". I tend to uncheck those ... Why ? Cause not real worried about it w gnu/nix + mozilla goodness. Why bringing it up though the dang browser checks a server maintained by Google Inc before going to a site, to see if it's blacklisted. If it is you get that annoying security screen ... This site has been a very bad boy-girl screen. tongue

Point am making ... also don't want FF checking in and sending google Inc any information about which websites I'm going to. See there they confirm Google Inc is the maintainer-provider of the blacklist used. If you look under this ...

What information is sent to Mozilla or its partners when Phishing and Malware Protection are enabled?

There are two times when Firefox will communicate with Mozilla’s partners while using Phishing and Malware Protection. The first is during the regular updates to the lists of reporting phishing and malware sites. No information about you or the sites you visit is communicated during list updates. The second is in the event that you encounter a reported phishing or malware site. Before blocking the site, Firefox will request a double-check to ensure that the reported site has not been removed from the list since your last update. In both cases, existing cookies you have from google.com, our list provider, may also be sent.

The Mozilla Privacy Policy expressly forbids the collection of this data by Mozilla or its partners for any purpose other than improvement of the Phishing and Malware Protection feature. The Google Privacy Policy explains how Google handles user cookies.

So says existing cookies from google.com can also be sent along. Not saying this is a big deal anyway. Mentioned why I elect not to enable these features + mainly opting to avoid any extra http requests. When I wanna go to xyz.com, want the browser to go there as quickly as poss. Not add an extra step, asking some google server whether the sites on some blacklist.

Just saying in that process above ... Google may be getting yet more tracking information about x-enduser. It's said no information about you is sent call me cynical. Wouldn't they have to send the URL of the site you're wanting to go to, to see if it's on the blacklist, the IP of the requestor + google cookies and what else ? big_smile

Mostly see all this as harmless or more headaches then it's worth trying to keep up with. Mentioned also see if as pointless cause Govt's + Google + whodahellknows-who-all. Have access and resources that are mind numbing, thus should have some of the best in the business working on it. Jmo ... but successfully defending against something likely requires a person be as good or preferably better than the opposition.

Think it's likely Google inc has net tracking guru's on the payroll that have forgotten more about the subject, than I'll ever bother learning. tongue Though just cuz you're outnumbered n gunned doesn't mean someone should just drop their pants and make it as easy as poss for people to steamroll them. When somebody is talking about online privacy and evading tracking. Guessing just about the time they plug one hole, 3 more have popped up + the 300 other holes they had no idea were/are there anyway. Agree w the person above who said "another strand", they don't call it a web/net for nuttin surely. wink

Ok now shutting it ... this constitutes excessive babbling, even for me ... VLL!

Anal edit dammit !!! Arghhhh !

Also not that am saying there's nothing ( no hope ) for this chit. Only time imo, that makes sense is if someone is actively engaging in nefarious activities using the internet. In which case am not even going there. That person ( hopefully a good person) need to do their own frickin research/homework and get ducks in a row. Average personal computer ... no reason not to do whatcha can if you so desire either. I'm not up to any nefariousness so don't care overmuch if they peek over ma shoulder. As always ... as ever ... "they" can kiss my <censored>.

Last edited by CBizgreat! (2013-08-04 17:43:29)


Some common cbiz abbreviations. This will save me time and yet @ same time tell folks what the babble is supposed to mean.

Vll ! = ( Viva la gnu/Linux !)    Vl#!! = ( Viva la #! !)    Last but not least, UD ... OD ! = ( Use Debian ... or die !) tongue

Offline

Board footer

Powered by FluxBB

Copyright © 2012 CrunchBang Linux.
Proudly powered by Debian. Hosted by Linode.
Debian is a registered trademark of Software in the Public Interest, Inc.
Server: acrobat

Debian Logo