[tor-bugs] #32330 [Applications/Tor Browser]: Think about providing a UI for global cookie settings
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 31 05:50:04 UTC 2019
#32330: Think about providing a UI for global cookie settings
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-9.0-issues, ux-team | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by cypherpunks):
In TBB 9.0, the default network.cookie.cookieBehavior value = 1 (only
cookies from originating server). I don't want or need 1st or 3rd party
cookies set from every site visited, sometimes for 10 seconds - doing
research. Very rarely do I need cookies when surfing or looking for
specific data - if not logging in.
If I DO need cookies for a few sites with data not found elsewhere (very
rare), I do not want to change prefs in about:config, then change it back.
Before I do that, I'd use a cookie manager extension or just not use TBB,
except in rare cases.
I don't want to wait to close TBB or access Mozilla's inaccurate cookie
manager to delete cookies and other stored data. I could get a new TBB
identity but that affects all open sites, not just one that "needed"
cookies.
Some talk of "protecting" average users, by making it harder to change
cookie prefs. While FAR more dangerous scripts - from unknown sites are
enabled globally in NoScript to improve user experience. "''That is
illogical''."
1) Why after the internet's track record, does anyone think that hackers,
sites, corporations, world governments won't find a way to circumvent or
spoof "originating server," or haven't already?
Owners of several sites or cooperating site owners can easily share cross
site cookie data.
An astounding number of things regarding internet privacy, data collection
and tracking individuals that "experts" said couldn't or wouldn't happen
or were too expensive, too time consuming or (any reason here) - did and
still are happening. People act like Edward Snowden's released data and
court rulings on unconstitutional government activities never existed.
2) Why would anyone believe that governments or LEAs can't or won't force,
bribe or coerce sites / corporations to retain and hand over data from
cookies? Or that they can't and won't use cookies as another tracking
tool? Because of some GDPR or similar policy? If all sites can set
cookies and they're rarely cleared by average users, it becomes a much
bigger prize for anyone.
If world governments are blatantly violating **national constitutions** on
illegal spying and mass data collection on law abiding citizens (it's been
proven) and ignore court rulings that many activities are
unconstitutional, then governments or anyone else won't blink twice at
violating any cookie or privacy policies.
What - governments, corporations aren't **smart enough** or don't **have
the resources** to bypass anything as secure as a "first party isolate"
browser rule or the like? It won't take a government to bypass something
like that.
Terms or concepts like "won't," "couldn't," "not possible" simply no
longer apply to elected governments or law enforcement, much less to
violent or repressive regimes.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32330#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list