Hacker News new | ask | show | jobs
by thezilch 5736 days ago
Title here and there are a bit misleading. My hope is Lauren has simply missed the cookie icon, in his location bar.

Running 7.0.536.2 (dev), in the cookie settings, I can set Chrome to "Block sites from setting any data." Now, upon browsing to a site attempting to set, in the URL (location) bar is a cookie with an "X" overlaid -- similar in style to the padlock with an "X" when an HTTPS URI is using an unsigned SSL cert. Clicking on the cookie presents me with the list of "cookies and other site data." Each can be selected and "Allowed" or "Allowed for session only."

The claim that one needs to allow "willy-nilly" or only having the option of "manually entering cookie exceptions into tables," these are just hand-waving. I'm not sure what more is needed; I certainly don't want popups for every cookie without my taking action.
1 comments
ck2 5736 days ago
What about third party cookie control which is important?

I barely use chrome but I know firefox has a toggle for this.

link
thezilch 5736 days ago
While I'm not familiar with which Firefox controls you are referencing, the following is a shot of the cookie+"X" and the impending modal for selecting 0..n cookies and site data to be allowed indefinitely or for this session alone:

http://i.imgur.com/va1xW.png

link
ck2 5736 days ago
Firefox (3.6.11) default without plugin modification:

http://i.imgur.com/TUgZU.png

"accept third-party cookies" (which no web developer should ever rely on)

and also available via an extension (but should be built in)

http://i.imgur.com/dZxFG.png

(hmm, why is imgur setting a 9-month long tracking cookie)

link
Tichy 5736 days ago
Key thing is really to disallow third party cookies, as that (among other things) is what is being used to track you by all the advertisers, spammers, Facebookers and so on out there.
link
T-hawk 5736 days ago
Problem with that is the surprisingly large number of legitimate sites that break without third-party cookies. Things like when verizon.com has an element from verizononline.com, which sets a login cookie that verizononline.com expects to read. "Shun brokenly-coded sites" is not an option for something as vital as paying my phone bill.

I'd love an option to accept third-party cookies but delete them on browser exit, while retaining legitimate first-party cookies as usual. Does any of the major browsers have that?

link
ck2 5736 days ago
An alternative to third party cookies for login sites is to do a fast forward redirect through the main site for the login and then back again to the destination.

If done properly the user will barely notice or care and it's certainly less invasive than forcing 3rd party cookies to be used.

link
flipbrad 5736 days ago
what will the response to this be? Could the site host set a cookie that then (from the server) is read and the content reported directly to the advertiser?
link
DennisP 5736 days ago
Sure. But a third-party cookie does more than track your activities on the site that gave it to you. If you get a DoubleClick cookie, then DoubleClick will be able to track you on every site that runs DoubleClick ads. Ie., they'll be able to tell that the same computer is hitting all these sites. This lets them target ads to you based on your whole history across all DoubleClick-serving sites, and to market your profile to their customers.
link
Tichy 5736 days ago
Certainly - I have been waiting for that kind of thing for a long time. Probably it already exists. However, it would be considerably more difficult to integrate into existing web sites.
link
stanleydrew 5736 days ago
There is a toggle to block all third party cookies by default in Chrome.
link