[tor-talk] What is "cookie protections"?
Joe Btfsplk
joebtfsplk at gmx.com
Sun Jan 10 23:30:49 UTC 2016
On 1/8/2016 3:17 PM, Yury Bulka wrote:
> I've disabled the "Don't
> record browsing history or website data" check box in the Privacy and
> Security Settings dialog.
> There's only one potential danger I see here - cookies.
In Windows TBB, there's a selection "Use custom settings for history."
The "Remember my browsing & download history" are handled separately
from "Accept cookies" (separate check box).
At shut down, TBB deletes all site preferences (Exceptions) & cookies,
regardless if those are unchecked in "Clear history when Tor browser
closes" settings. So that no data is saved across sessions. If you
want to selectively delete cookies mid session, you'd have to do it
manually - (or use various cookie mgr or cache & cookie mgr addons,
which isn't recommended by Tor Project). Unless just using TBB for the
added safety, not maximum anonymity - then using (certain) addons
probably isn't a super bad thing.
I'm not sure (now days) the possibility of some sites sharing data from
SESSION cookies. In the old days, 1st party cookies couldn't be read /
used by other sites. Unless maybe if 2 sites were owned by same people.
In Firefox & TBB, if check "accept cookies," the "accept 3rd party
cookies" is automatically checked.
But, TorButton has checked by default, "Restrict 3rd party cookies &
other tracking data," so it probably ? overrides 3rd party cookies being
enabled in the TBB Options > Privacy screen.
Then I'm not sure why TBB automatically check the 3rd party cookie box,
if "Accept Cookies" under Privacy tab is checked, if the TorButton is
set to prevent 3rd party cookies. It's confusing (I don't think it
should).
Short of using addons to save cookie exceptions or cookies between
sessions, one could store cookie exceptions in a separate
permissions.sqlite file - in another location. If paranoid, encrypt it
- then decrypt it & copy to the TBB profile before launching TBB.
> This is why I'd like to understand what is the "Cookie protections"
> dialog about.
In Windows TBB, I don't see settings called "Cookie Protections."
More information about the tor-talk
mailing list