[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] What is "cookie protections"?



On 1/8/2016 3:17 PM, Yury Bulka wrote:
I've disabled the "Don't
record browsing history or website data" check box in the Privacy and
Security Settings dialog.
There's only one potential danger I see here - cookies.
In Windows TBB, there's a selection "Use custom settings for history."
The "Remember my browsing & download history" are handled separately from "Accept cookies" (separate check box).

At shut down, TBB deletes all site preferences (Exceptions) & cookies, regardless if those are unchecked in "Clear history when Tor browser closes" settings. So that no data is saved across sessions. If you want to selectively delete cookies mid session, you'd have to do it manually - (or use various cookie mgr or cache & cookie mgr addons, which isn't recommended by Tor Project). Unless just using TBB for the added safety, not maximum anonymity - then using (certain) addons probably isn't a super bad thing.

I'm not sure (now days) the possibility of some sites sharing data from SESSION cookies. In the old days, 1st party cookies couldn't be read / used by other sites. Unless maybe if 2 sites were owned by same people.

In Firefox & TBB, if check "accept cookies," the "accept 3rd party cookies" is automatically checked. But, TorButton has checked by default, "Restrict 3rd party cookies & other tracking data," so it probably ? overrides 3rd party cookies being enabled in the TBB Options > Privacy screen. Then I'm not sure why TBB automatically check the 3rd party cookie box, if "Accept Cookies" under Privacy tab is checked, if the TorButton is set to prevent 3rd party cookies. It's confusing (I don't think it should).

Short of using addons to save cookie exceptions or cookies between sessions, one could store cookie exceptions in a separate permissions.sqlite file - in another location. If paranoid, encrypt it - then decrypt it & copy to the TBB profile before launching TBB.


This is why I'd like to understand what is the "Cookie protections"
dialog about.
  In Windows TBB, I don't see settings called "Cookie Protections."


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk