[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #27824 [Applications/Tor Browser]: TorBrowser or NoScript 10 prevents cookies even if cookie exceptions are present
#27824: TorBrowser or NoScript 10 prevents cookies even if cookie exceptions are
present
--------------------------------------------+--------------------------
Reporter: joebt | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: Tor Browser, NoScript, cookies | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------------+--------------------------
Comment (by Thorin):
Replying to [comment:2 cypherpunks]:
> Users shouldn't be forced to allow cookies globally, just to login one
site
Cookies are not the problem. All persistent local data of any kind
(cookies, localStorage, sessionStorage, SSL Session IDs, site permissions,
etc) is cleared when you close Tor Browser or get a new Identity. Note:
appCache, indexedDB and serviceWorkers(cache) are not enabled in Tor
Browser.
> Even if session cookies are allowed, third party cookies shouldn't be
enabled by default
There's a *little* thing called First Party Isolation (FPI), read up on
it.
Don't play with your ~~food~~ settings. Be like all the other Tor Browser
users and use the defaults. Also, sites are less likely to break.
It is true that FPI doesn't protect against a repeat visit to a first
party, but the visits are already linked via other means (IP, SSL Session
IDs to name a couple)
Learn some OpSec and use the New Identity button
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27824#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs