Re: security in firefox4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2011-05-19 at 17:50 +0900, Misha Shnurapet wrote:
> * blocked third-party cookies while online (may prevent advertisement
> networks from carrying information between sites)

I don't think it quite does what people hope.  Well, not any more.

Third party cookies are cookies that don't belong to the content being
loaded.  Most tracking cookies are associated with graphics, rather than
the page, but either can be used for tracking you.  And as far as those
graphics are concerned, ownership of their cookies is *NOT* the page
you're looking at, but the content going into the page.

e.g. As a theoretical example, you might load www.example.com, its page
includes images from doubleclick.com, and these images have cookies.  If
those images include cookies for doubleclick.com, they're not
third-party, so they're not blocked.  But if those images included
cookies to some other domain, such as google.com, then they would be
third party (or vice versa - images from google, with cookies for
doubleclick).  So, if you want to block doubleclick.com cookies, for
instance, you need to directly blacklist them.

This has been my experience, at least.

I think most people's ideas about third-party cookies, and apparently
the browser authors, would be along these lines:

You'd browse www.example.com, it'd include pages and graphics from
itself, but the tracking cookies would be for someone like
doubleclick.com (this *is* a third party).

Going back to my first example, simply blocking doubleclick.com cookies
wouldn't be enough to stop them tracking you.  The mere loading of their
graphics has counted you, and put your IP into their database to track
for the rest of your browsing session.  You need to stop loading their
graphics, in the first place.

-- 
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.



-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux