Zombie Cookies Just Won't Die 189
GMGruman wrote in to say "Microsoft embarrassed itself last week when it got caught using 'zombie cookies' — a form of tracking cookies that users can't delete, as they come back to life after you've 'killed' them. Microsoft says it'll stop the 'aberrant' practice. But Woody Leonhard says you ain't seen nothing yet. It turns out HTML5 offers a technical mechanism to give zombie cookies a new lease on life — and the Web browsers' private-browsing features can't stop them."
"Caught with hand in the cookie jar" joke here (Score:5, Funny)
Microsoft says it'll stop the abhorrent practice
Fixed that for them.
Actually, an even more accurate quote might be:
Microsoft "says" it'll stop the abhorrent practice
Re: (Score:2)
Re:"Caught with hand in the cookie jar" joke here (Score:4, Insightful)
That's the whole point: GP is arguing that this sort of practice is in fact quite normal, and that Microsoft will probably not stop just because of the bad press.
Re: (Score:3)
I think you meant they will "stop" the practice. And by stop, they really mean continue without remorse.
Re: (Score:2)
Calling "placing cookies" abhorrent seems a bit over the top, no? Call me crazy, but I believe in perspective, and I would reserve "abhorrent" for such things as "mugging an old woman" or "racism".
Re: (Score:2)
Calling "placing cookies" abhorrent seems a bit over the top, no?
But these are SUPER-cookies.
Re: (Score:2)
As someone who believes in perspective, you should agree that context is very important. According to Google abhorrent is defined as "Inspiring disgust and loathing" so as far as privacy practices go, it's entirely valid to say it's abhorrent.
Keeps the "Re-install Windows" fix alive (Score:4, Insightful)
Re: (Score:2)
Some 9 years ago when I was working for an ISP telephone help desk, our strategy for not working dial-up was basically as follows:
1) reboot computer. Customer usually tried that already.
2) Delete and recreate dial-up connection. Fixed 70-80% of the cases.
3) remove and re-install related network components. Fixed again some 80% of the remaining cases.
4) tell them that the solution lies in re-installing Windows but that we're not allowed to advice that (first-line help desk) nor that we provide support for t
Re: (Score:3)
More pocket money (and supposedly obsolete PCs) for me!
Nuke-and-pave is fast, which is all that matters.
Fixing Windows installations is like picking shit out of toilet paper. Just because you can doesn't mean you should, and you aren't likely to remove the entire "problem".
Re: (Score:2)
*nix fix (Score:2, Insightful)
This is why it's nice to be able to rm -rf ~/.mozilla and rm -rf ~/.macromedia as a last-ditch effort.
Re: (Score:3)
Re: (Score:2)
Re:*nix fix (Score:4, Insightful)
Nuke the cookie servers then.
I just wonder what would happen if the cookie info returned was just some random garbage. Time to make a plugin to Firefox to handle that.
Re: (Score:2)
Just wait until they are storing browser cookies in your laptop's battery firmware...
Re: (Score:2)
Re: (Score:3)
Next up, the MBR cookie-- survives repartitioning and OS reinstall. Now with more cookie!
Re: (Score:3)
This is why it's nice to be able to rm -rf ~/.mozilla and rm -rf ~/.macromedia as a last-ditch effort.
Rather than nuking it, why not just restore it to a previous, known good state...
rm -rf ~/.mozilla && rm -rf ~/.macromedia && cp ~/.mozillaGoodCopyWithBookmarksAndStuff ~/.mozilla -R
Re: (Score:2)
I just link ~/.macromedia and ~/.adobe to /tmp, which is mounted in a ramdisk on my machine. I reboot it fairly often enough that I feel reasonably safe from persistent tracking.
For ~/.mozilla, I have cookies saved only until reboot except for sites like /. which I use to save logins. Also, extremely judicious use of NoScript. Not sure if it's good enough, but I don't know of anything more that can be done that isn't too heavy-handed.
Re: (Score:2)
easy to defeat on *NIX. set ownership of ~/.adobe and/or ~/.macromedia with permission 000. presto, no flash crap stored on your computer, unless you're stupid enough to browse the web as root.
also, Samy Kamkar's "super cookie" is easy to avoid/defeat with firefox. click on the icon to the left of the URL, click "more info" then go to permissions. on "set cookies", uncheck "use default", then block. do the same for "offline storage".
leave the site (close the tab to be sure), then clean everything from the l
Re: (Score:2)
There are several forms of 'meta cookie' which can be used to uniquely identify you, and which have nothing to do with either Flash or standard browser cookies. For example, check out Panopticlick [eff.org]. There are also older attacks such as history sniffing [niallkennedy.com] (defeated in modern browsers, but still available in the majority of active browsers). Plus there's permanently cached files (a JS file with an expiry set unreachably far in the future, with a server which responds that the file is always fresh, while the c
Just Set Up VMWare (Score:2)
Re: (Score:2)
Why do advertisers on the web need to know who they are advertising to? They put ads on billboards and on television and only get a very coarse idea of who is seeing them.
Re: (Score:2)
I'm all for that; get rid of the adverts and charge me some small fee. I'll bet that gets rid of most of the trolls anyway.
It will also get rid of most of the users as they move to free sites or just stop wasting time on the Internet in the first place.
Stop blaming the Sites (Score:4, Insightful)
And start blaming your browser. If you enable "Private Browsing", and anything lives beyond that session, it can be nothing other than a browser bug.
Re:Stop blaming the Sites (Score:4, Informative)
Flash is an external process and thus bypasses browser settings. It even works cross-browser: A "Flash cookie" (LSO) can e.g. be set in Firefox and then read in Opera.
For HTML5 features however, I have to agree with you.
Re:Stop blaming the Sites (Score:4, Insightful)
Flash is an external process and thus bypasses browser settings
So disable it during private browsing. Better to have real security with some limited functionality than a false sense of security.
Re: (Score:2)
Flash is an external process and thus bypasses browser settings.
Flash is an external process and thus bypasses browser settings
So disable it during private browsing. Better to have real security with some limited functionality than a false sense of security.
Some limited functionality? Do you realize how many surprise-birthday-planning sites require Flash?
Re: (Score:2)
Some limited functionality? Do you realize how many surprise-birthday-planning sites require Flash?
That is why people that know what they are doing get their content for surprise birthday planning via "trusted" private trackers not flash infected websites.
Re: (Score:3)
I'm willing to outlaw birthdays if that's what it takes to eliminate this problem!
Re: (Score:2)
So disable it during private browsing. Better to have real security with some limited functionality than a false sense of security.
Or how about run Flash in a temporary VM which can be immediately destroyed on exit? If there is a way to have security and functionality I'd prefer that.
Re: (Score:2)
Can't Mozilla "just" sandbox Flash?
Or have it run in a chroot jail or so?
Just thinking. To keep those pieces of thoroughly misbehaving but necessary evil in line.
Re: (Score:2)
FlashBlock is your friend.
Unfortunately, it won't cover things in Internet Explorer (duh) or things that you actually DO want to view that use Flash.
I don't care about Microsoft doing it. If YouTube (read: Google) does it with blatant intent to steal every bit of information they can...... Oh wait, nothing will happen.
People are too addicted to the things they want and can complain until their blood vessels burst, but they'll continue to use said service.
I'm sort of wasting logical time posting this. I s
Re: (Score:2)
Flashblock doesn't work that way, what you need is noscript. The creators of Flashblock specifically state in their FAQ that they don't block LSOs, flash cookies or swf trackers.
Re: (Score:2)
Thanks for the info; I'll take care of that right now. I stand corrected!
Re: (Score:2)
So the browser shouldn't load the flash plugin, problem fucking solved. Next.
Yes, it can simply refuse to load flash until a version that plays nicely is made, its not hard, in fact, its really fucking easy actually.
Re: (Score:2)
Disabling flash for everyone on your machine is easy. Arguing with someone who uses the same PC AND/OR re-enabling it for some emergency when time is important, is hard.
And you'd be surprised how many places require it. Streetview requires it, Yahoo mail has some hidden attachment functionality, and Youtube's HTML5 video fails, and sucks when it actually FINDS any video that is available in that format... iPhones load all flash-lacking youtube videos OK, but full-size PC implementations are utterly unusable
Re: (Score:3)
Private browsing isn't so private.. http://panopticlick.eff.org/ [eff.org]
You can be pretty thoroughly tracked as an individual without cookies at all..
A question (Score:4, Insightful)
Is there any good reason why one would want to use HTML5 at all? I mean, as a user? So far it all seems to be negative - a load of giving away user control and sovereignty over your own system, packaged as "Wow, cool new feature".
Re: (Score:3)
a load of giving away user control and sovereignty over your own system, packaged as "Wow, cool new feature".
When Slashdot ran the article about the JavaScript + HTML5 music player, that was my first impression. I remember back when scripts reading local files was regarded as a security hole in the browser, not a "cool new feature."
Cool new feature vs. security hole (Score:2)
I remember back when scripts reading local files was regarded as a security hole in the browser, not a "cool new feature."
When the user explicitly consents to use of a specific local file or folder, it's a "cool new feature". When the user does not consent, it's a "security hole". Think of it as like a file upload control in an HTML form, but it works even when a web application is running offline from cache.
Re: (Score:2)
As for what I was referring to, it wasn't using an offline cache for its web application. The media player had a file input form element (what you called a 'file upload control') that
Re: (Score:2)
before the term "Web Applications" was coined
Is there a date for that? eBay has always been a web application even before JavaScript postbacks were popular.
Back then you couldn't touch the file input contents until it was posted back to the server since it was considered a security risk.
The perceptions and uses of the web have changed so much over the past few years that I forget why they considered it such. But nowadays people rely on less jarring transitions between online use and offline use, especially on laptops and tablets, and JITs have made JavaScript at least speed-competitive with Java if not C++.
The media player had a file input form element [...] that read the file contents off your drive when you selected one from the file dialog. No posting back to the server or submitting the form was required, just simply picking a file.
And the key point is that the user explicitly consented to the use of the c
Re: (Score:3)
Is there any good reason why one would want to use HTML5 at all? I mean, as a user?
For one thing, the video, audio, and canvas elements mean not having to deal with Adobe's (historically?) inefficient and security-defective software. For another, CACHE MANIFEST and localStorage allow using a subset of a web application offline for a short period, such as on your laptop while riding the bus, while ceding less control over your system than you would if you were to install a native application.
Use cases unhandled by <a> elements alone (Score:2)
At least for the video and audio, both Flash and HTML5 are functionally inferior to just <a>'s to files.
I see three advantages of Flash or HTML5 to providing links that an end user must play manually. How would you solve these use cases with just <a>'s?
Re:Use cases unhandled by elements alone (Score:2)
I'll put on my user hat for a sec, so it will sound harsh, but Joe User doesn't care:
How would you solve these use cases with just <a>'s?
a) A web site can verify that the user agent has presented the entirety of one video before offering the link to another video.
Joe User: Not our problem. 10 years ago websites gave me all videos at and I could play and replay at my leisure. What's different now? [yeah, I know, bandwidth abuse, but still Joe User sees no benefit from the business implementation side of things and just clicking on the next link 100 times is still easier than paying a single dollar. Isn't that how Joe User leeches specific porn online?]
b) The advantage to the user is that the user can watch a message from a sponsor instead of providing payment details and paying for each view.
Joe User: I heard that the int
Re: (Score:2)
What's different now?
A decade ago, ISP-provided web hosting and banner-supported web hosting came with 0.005 GB of space. A decade ago, we were in the dot-com crash. A decade ago, broadband was an experimental, expensive technology, and there weren't enough viewers of bootleg online videos to have a noticeable effect of the use upon the potential market for or value of the copyrighted work [copyright.gov]. The entertainment industry was still fighting things like Napster and WinMX, which were used more often for single songs rather than albums
Re:A question (Score:5, Insightful)
Is there any good reason why one would want to use HTML5 at all? I mean, as a user?
That's a very fair question, but it's a slightly loaded one. As a user, there is little benefit to any particular web technology, whether it's HTML, CSS, JavaScript, Flash or anything else. As a user, what you care about is results. However, those results depend on what developers can build, typically within a certain amount of time and budget.
If you have new technologies that allow developers to do new things, and those things benefit the user, then the user wins. However, if you have new technologies that allow developers to do old things in newer, easier, faster ways, and those things benefit the user, then the user also wins, particularly if it becomes viable for developers to make something useful in a cost-effective way when they could have done it before but didn't because it was too expensive in some respect.
And from that point of view, HTML5 tools like canvas and media tags are a big step up for some jobs over using something like Flash or Java applets.
That said, I strongly agree that browsers shouldn't be ceding any sovereignty over their users' systems to remote code by default.
And that said, the most devious tracking mechanism I have yet encountered didn't rely on any sort of cookie/local storage technology. It was essentially based on how various web-related protocols handle caching, it's hard to defeat without getting rid of caching, and you really don't want to get rid of caching. It is possible for browsers to avoid falling into the trap, and now that the attack vector has been identified I expect they'll do something about it.
Then again, as you read this your browser is probably advertising an almost unique fingerprint that could track you anywhere on the Web without storing anything on your machine at all, every time it sends request headers, and despite this being a well-known problem for quite some time, the browser developers haven't done much about it yet. Until they do, fighting against tricky little local storage vectors is hitting the 1% problem, not the 99% problem...
Re: (Score:3)
Double plus on your last paragraph -- browser headers are really really unique at this point: http://panopticlick.eff.org/ [eff.org]
Using cookies is just simpler for advertisers, but banning those on the client without enforcing some "do not track" at the supplier end won't solve the problem. They'll just move to browser headers..
Re: (Score:2)
As opposed to now, where the user doesn't have control over Flash? Sure Adobe's FINALLY added the ability to clear Flash cookies - after how many years of every browser supporting it?
If you're a geek, HTML5 lets you have fine control over everything - if you don't want to run Javas
Re: (Score:2)
Really? A plugin can't just go around watching the flash directory and wipe out files as they are created?
Its not really that hard. Its a hack, but its entirely doable.
I swear to god, people have no creatativity when it comes to solving problems on computers these days.
Re: (Score:2)
Better privacy does that, but anything that does this is going to be limited in scope. It gets really tricky to figure out which ones to allow during a session. Wiping them out when you close the browser does nothing for short term tracking while you serf, but it does limit the long term spying.
Better than nothing, but not good enough.
Re: (Score:2)
I have BetterPrivacy configured to delete all flash cookies that haven't changed in the last 20 minutes. The only time I had a problem with it was in an online training app that used Flash and stored its progress in a flash cookie. I added an exclusion for it and had no further problems.
Re: (Score:2)
Freudian slip?
Re: (Score:2)
I agree.
I disable images in all of my browsers, and open them up in my image viewer of choice, like any sane person would prefer to do.
I also occasionally use a Python script to fetch webpages for me, pull out the body text and save it so that I can read it in my text editor of choice. Like any sane person would prefer to do.
Re: (Score:2)
And just to clarify, that second one wasn't to address you point, but your manner of making it. Just because someone doesn't have the same preference as you, does not make them insane.
No problem (Score:5, Informative)
The "standard" Firefox plugins already take care of it.
No DOM storage without JavaScript, no Flash cookies without Flash -> NoScript
Most tracking cookies come from ad networks -> AdBlock Plus
Most tracking cookies come from third party domains -> RequestPolicy.
And if you get one anyway, you can also get rid of it -> BetterPrivacy.
Re:No problem (Score:4, Interesting)
Add in PasswordMaker to that list and you've pretty much summed up why I can never leave Firefox, no matter how batshit-loco the design team gets. :(
Re: (Score:2)
Konqueror + KDE wallet are missing "only" NoScript.
But the KDE combo has Kget, what, now that the Firefox is so braindead at downloading things, is quite usefull.
Re: (Score:2)
Does KDE Wallet generate passwords programatically, without the user getting involved (other than asking it to. PasswordMaker is nice like that. Right-click->"Populate this field" and done).
Might be worth looking into, though I spend more time working on Windows lately...
Re: (Score:2)
Huh? (Score:3)
OK so the article cites localStorage as a problem, but Chrome at least treats it the same as cookies when clearing private data, and in incognito it shouldn't persist localStorage data across sessions (not sure about other browsers).
It also mentions that MS was sticking a JS file in the browser cache to recreate a cookie. This doesn't make sense since any file removed from the cache is just redownloaded, unless a custom version of the JS file is crafted for every client and is set to create a specific cookie value (but this isn't clarified in the article). But it sounds more like ETags are used, having nothing to do with the JS file being cached or not. I'm not sure how ETags work but I can't imagine they would be effective in incognito mode either since cache is never kept (and the article infers this is necessary).
Did I miss anything?
ZOMBIE BROWSERS (Score:2)
I am sorry, but just talking about cookies doesn't go far enough to describe what is happening here. It is about zombie browsers, that are just building in more and more functionality to turn your computer into a device that is not controlled by you, but is controlled by various special interests.
On the other hand you, as a user, are clearly not the customer of a browser developer company. The customers seem to be the advertisers, CAs, anybody that wants to control what you are doing. You, as a user, are
Re:ZOMBIE BROWSERS (Score:4, Interesting)
I am sorry, but just talking about cookies doesn't go far enough to describe what is happening here. It is about zombie browsers, that are just building in more and more functionality to turn your computer into a device that is not controlled by you, but is controlled by various special interests.
From tablets to cell phones, tell me something I don't know. A lack of control down into the lower levels of these types of devices has been lacking for some time now.
There needs to be a way for the user to control what is happening on his machine, otherwise it's not a general purpose computer, but some proprietary gadget that you have there...
Uhhh, yeah..which is exactly their intent with this design. In much the same way that human voice interaction is dying, so is the "personal" computer. What the hell do you need "flexibility" for when every device will be reduced to a pseudo-tablet in the near future, with everything moving to the "cloud"? Allow the functionality, introduce multiple attack vectors and nightmares for support. Lock it down, and you piss off the user community who gets pissed off every time they get a virus or malware infection. Of course, they got infected because they want flexibility.
Since we already know why you should draw a line, the question is where do you draw the line.
Re: (Score:3)
You're 100% correct.
enableHumor();
Let me ask the question that creates a loopback to itself over and over (especially in the USA): "Where do I $BUY$ the browser that doesn't allow any of this and enables me to view an ad-free Internetzzz?"
"Wait, you meant that only YOUR ads wouldn't show? But your advertisement said your browser blocked advertisement if I bought it! Weird wording sold your product, you crafty people, you. Okay, so how do I get a version that really blocks all ads? Oh, an add-on. Weird
why I use Linux (Score:2)
Microsoft disgust me. After decades of this sort of deceitful behaviour, it is evidently still too much to expect Microsoft to actually do the 'right thing' in the first place.
Even without any sort of ethics, they're also too stupid to actually learn their lesson that all these scams that Microsoft repeatedly perpetrate on their own customers always eventually get discovered and backfire with far more loss of face and therefore sales than presumably they gain from doing the thing in the first place.
Speking of abhorrent... (Score:5, Insightful)
Segment 758: discount sites including Groupon and eBay Daily Deals Segment 876: sites about coffee, including Dunkin' Donuts, Folgers, and Starbucks Segments 984-989: home improvement sites including Home Depot and Grainger Segment 2701: pages about the Ford Fiesta Several interest segments are highly sensitive:
Segment 760: pages about getting pregnant and fertility, including at the Mayo Clinic Segment 2640: pages about menopause, including at the NIH and the University of Maryland Segment 2014: pages about repairing bad credit, including at the FTC Segment 2265: pages about debt relief, including at the FTC and the IRS"
Please folks - If you're going to bring this to our attention, how about leaving your obvious biases aside and tell the whole story so we can be truly informed? That we we can all be aware of just how widespread an issue this is instead of just another "Microsoft is Evil" piece.
Re: (Score:2)
Re: (Score:2)
Please folks - If you're going to bring this to our attention, how about leaving your obvious biases aside and tell the whole story so we can be truly informed?
Indirect quote (*snort*):
*temper tantrum* :)
"Because there's no ca$h in that!!!! I want money and I'm gonna say what I want to get that from you, you person who is easily deceived by want, you. My daddy taught me that!"
private-browsing features can't stop them (Score:2)
Can't you setup browsers to prompt to create local storage?
"zombie cookies" means Flash cookies (Score:5, Interesting)
The article does a major disservice to everyone (and I wish we could mod it down) by making up the term "zombie cookies." This new bullshit term hides what's going on and makes us all a little bit stupider. All I have to do to answer your question, is tell you what the article is really about. Instead of making up a bullshit term to confuse you, I'll use a descriptive term.
Ready?
Flash Cookies. The article is about websites caught using Flash cookies instead of browser cookies.
See, asshole-who-wrote-the-article, that wasn't hard. Flash cookies. Now instead of misleading people into thinking their browsers have a problem with cookies and other local storage, people see that the real problem they have with their browsers is plugins, which allows them to run native code that totally bypasses all the browsers' policies.
Flash cookies. Watch all the questions disappear .. but oops .. all the traffic to the fucking article disappears too, since people don't have to click through, read the first article that makes the weird reference to zombies, then click through to another article that explains WTF "zombie cookies" are about.
Slashdot should not have linked to this piece of shit.
Re: (Score:2)
Flash Cookies. The article is about websites caught using Flash cookies instead of browser cookies.
See, asshole-who-wrote-the-article, that wasn't hard. Flash cookies.
Soooooo, can't you just delete the Flash cookie directory? That seems like it'd nuke 'em pretty good...
Re: (Score:2)
Was the article that shit? Have I really been duped? Twice?
Re:"zombie cookies" means Flash cookies (Score:5, Insightful)
It actually wasn't about flash cookies.
It was about using browser cache as storage medium by doing some neat tricks on the server to get the browser to keep a javascript file in cache, which inturn functions as a cookie when used by various pages that reference it.
Page requests cookie.js, the server then serves cookie.js with a cache expiry of a hundred years into the future, and says it hasn't changed in a hundred years either.
Your browser caches it and then doesn't request a new copy for a 100years, why should it, it was told the file isn't going to change.
The data in the file now serves as a unique ID which can be used to associate your browsing habits.
THAT IS A ZOMBIE COOKIE. It has nothing to do with flash. This isn't new, a friend of mine and I discovered this years ago by accident due to a bug in a web app we were working on.
Re: (Score:2)
Why not just clear the cache every one in a while then?
Re: (Score:2)
I set my cache to /tmp/mozilla-cache, so it automatically gets deleted every time I reboot. Same for Flash crap.
Re: (Score:2)
For Flash, I set my ~/.macromedia directory to /dev/null
Re: (Score:2)
Can we mod this down, please? It's completely wrong, The Microsoft thing has nothing to do with Flash cookies.
Extreme measures? (Score:3)
A lot of commenters here seem to be taking what I would consider as extreme measures in order to avoid these cookies. Running your browser in a VM which resets each time you close it? Installing numerous addons (I see someone listed 4 you need to install to cover yourself)? Does anyone else not think that perhaps instead of avoiding the issue, it should be tackled head on?
What I mean is - if this is such a serious issue, why are we standing by just letting it happen when we could be petitioning the various standards committees, plugin developers and browser manufacturers to do something about it? The so-called zombie cookie (or Supercookie) exists because we let it exist. It's clearly an exploit in the way various technologies work together and it should be treated as such, i.e. patched until it can't be done any more.
Furthermore, any company that uses this tactic should be taken to court since it's a clear and deliberate violation of privacy. I.e. if I decide to delete a cookie, I'm making it explicitly clear that I want it gone - I'm opting OUT, so keep it that way.
Re: (Score:2)
why are we standing by
Self interest explains this. If cookies cease to `work' for the purposes of the ad networks then they'll make sites cease to work for those of us that thwart them. They're footing the bill for a lot of the `Internet', including the site you're reading now, so they call the shots. Since cookies still work for their purposes I get what I want with little bother, while everyone else has their every click correlated to their profile.
I don't want some grand solution that puts everyone at parity with me, becau
Re: (Score:2)
And not every web site is run by a law abiding or standards compliant entity (company or individual). Or an entity within our legal jurisdiction. I mean, look at the problems we had getting people to adopt the evil bit [wikipedia.org] standard.
Problems with HTML5 (Score:3)
People thought that you could get rid of a lot of annoyances by increasing HTML5's capabilities to become more on par with Flash. Flash could be ditched. However, all it really means is that all the nuisances that were made in Flash (animated and noisy ads, commercials, persistent cookies, etc.) will now be made in HTML.
Flash wasn't really the problem... it was just one of the vectors FOR the problem. Now, HTML5+Javascript will take Flash's place in the eyes of marketers and spammers everywhere.
Re: (Score:2)
This has absolutely 0 to do with HTML5 and works in any browser since (and including) Netscape Navigator.
It does not however get around private browsing (at least not by itself, current flash implementations would allow it to do so however)
Diff? (Score:2)
Don't know about HTML5, but... (Score:2)
I just change the permissions on my cookies file to read only.
Fake Cookies (Score:2)
Greasemonkey can do it (Score:2)
Re: (Score:2)
if major browsers were forced to add this feature, the tiny background randomizing auto browser baking cookies at incomprehensible rates... I wonder what the demographics would be understood as by trendspotters... would anyone notice?
Re: (Score:2)
Re: (Score:2)
Then it would at least stay dead for three days.
Re: (Score:3)
If they'd just called it a "Jesus Cookie" no one would be complaining.
Then it would at least stay dead for three days.
And bugger off permanently after another 40 days or thereabouts.
Re: (Score:2)
Well, maybe so, but the idiots that clicked his link and got infected by his trojan will keep filling your firewall log.
Re: (Score:2)
No functional difference there.
Re: (Score:2)
And when everybody freaks about LocalStorage and the browsers hamstring or disable it, the trackers will just fall back to using the HTML5 ping attribute which is near perfect for tracking people without cookies. It's one of the many reasons why HTML5 is broken and flawed, but nobody seems to care when there's video, audio, and canvas elements. The only inarguably good thing about HTML5 is the forms improvements.
Re: (Score:2)
HTML 5 local storage worries the hell out of me. It's nothing new though because Microsoft has had an almost identical "userdata persistence" feature since forever. Try this link in IE browser http://samples.msdn.microsoft.com/workshop/samples/author/persistence/userData_1.htm [microsoft.com]
Yet another reason to avoid IE, even in its newer (differently-evil) incarnations.
Re: (Score:2)
HTML 5 local storage worries the hell out of me.
Me, too. Safari has an "Advanced Preference" for "Database Storage" to allow "none before asking". I always say "no". But so far only Twitter's website wants to store data on my machine.
Chrome and Firefox don't seem to have a similar preference. I see reference to cache but not local storage or database storage which I think are the relevant terms, here.
To manage localStorage in Firefox 6 (Score:3)
Re: (Score:2)
Re: (Score:2)
What I find completely wrong is that all these features are being added and almost NONE are being balanced by a nice control GUI. They just throw the storage into a random place, like the below commenter's persistence tab being under Advanced \ Networks in FF (3.6.10 here worked as well as his 6.x build, BTW)
Browsers do not have a standard set of things to block; blink tags were the first warning that very few users even in open-source browsers would probably benefit from a very fine-grained advanced sectio