[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] 12.7 percent of the domains I visit are intercepted by CloudFlare
On 4/23/2016 8:15 AM, Rob van der Hoeven wrote:
Hi,
Today I got an idea of how to measure "The CloudFlare problem". It turns
out that every time you visit a website that's behind CloudFlare a
cookie is set with the name __cfduid
If you use Firefox these cookies end up in a SQLite database which can
be queried with the SQLite Manager add-on. My total number of cookies is
2523 (I disable third-party cookies by default). CloudFlare cookies:
321. So 321/2523 *100 = 12.7% of the domains I have visited are
monitored by CloudFlare. Quite shocking I think.
Rob.
https://hoevenstein.nl
Are you saying using TBB, cloudflare sets cookies withOUT either
checking "accept cookies from sites;"
or entering an exception for their domain in TBB's cookie exceptions;
or when in Options > Privacy - "Accept 3rd party cookies" = Never?
If I don't set "accept cookies" & select "never allow 3rd party
cookies", and don't enter a domain in cookie exceptions, I don't get
cookies.
(seems the "Exceptions" Privacy option should be called "Permissions,"
same as the profile file containing them - "permissions.sqlite." They
didn't consult me on the UI.
You don't have a cookie manager addon installed, do you? Maybe changing
TBB default behavior.
Even if I check TBB - "Accept cookies from sites", on restarting TBB, it
unchecks that box (by design).
For TBB (Firefox) - Tools > Options > Privacy - what I don't understand
is why TBB allows "Accept 3rd party cookies" to be reset to "Always,"
when you check "Accept cookies?"
Then it also *unchecks* / *over rides* the Torbutton Privacy & Security
Settings - "Restrict 3rd party cookies & other tracking data" - and then
definitely allows 3rd party cookies.
It probably shouldn't. Doesn't this allows tracking _during_ the
session? True, 1st & 3rd party cookies & exceptions are deleted on
restarting TBB.
If users check allow cookies in TBB - Firefox Options, TBB probably
should prevent 3rd party cookies from automatically resetting from
"Never" to "Always."
Especially when Torbutton's Privacy setting is checked to restrict 3rd
party cookies.
Seems the only way Torbutton settings should be allowed to change is
from Torbutton UI.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk