[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] 12.7 percent of the domains I visit are intercepted by CloudFlare

On 4/23/2016 8:15 AM, Rob van der Hoeven wrote:

Today I got an idea of how to measure "The CloudFlare problem". It turns
out that every time you visit a website that's behind CloudFlare a
cookie is set with the name __cfduid

If you use Firefox these cookies end up in a SQLite database which can
be queried with the SQLite Manager add-on. My total number of cookies is
2523 (I disable third-party cookies by default). CloudFlare cookies:
321. So 321/2523 *100 = 12.7% of the domains I have visited are
monitored by CloudFlare. Quite shocking I think.

Are you saying using TBB, cloudflare sets cookies withOUT either
checking "accept cookies from sites;"
or entering an exception for their domain in TBB's cookie exceptions;
or when in Options > Privacy - "Accept 3rd party cookies" = Never?

If I don't set "accept cookies" & select "never allow 3rd party cookies", and don't enter a domain in cookie exceptions, I don't get cookies. (seems the "Exceptions" Privacy option should be called "Permissions," same as the profile file containing them - "permissions.sqlite." They didn't consult me on the UI.

You don't have a cookie manager addon installed, do you? Maybe changing TBB default behavior.

Even if I check TBB - "Accept cookies from sites", on restarting TBB, it unchecks that box (by design).

For TBB (Firefox) - Tools > Options > Privacy - what I don't understand is why TBB allows "Accept 3rd party cookies" to be reset to "Always," when you check "Accept cookies?" Then it also *unchecks* / *over rides* the Torbutton Privacy & Security Settings - "Restrict 3rd party cookies & other tracking data" - and then definitely allows 3rd party cookies.

It probably shouldn't. Doesn't this allows tracking _during_ the session? True, 1st & 3rd party cookies & exceptions are deleted on restarting TBB.

If users check allow cookies in TBB - Firefox Options, TBB probably should prevent 3rd party cookies from automatically resetting from "Never" to "Always." Especially when Torbutton's Privacy setting is checked to restrict 3rd party cookies. Seems the only way Torbutton settings should be allowed to change is from Torbutton UI.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to