What does Google actually know?

rjo__rjo__ Posts: 2,080
edited 2017-08-30 - 04:53:32 in General Discussion
I am using Windows 10. Normally I go to very few sites: Parallax, Youtube, Breitbart, etc. And I never download anything except when I know it is a fairly secure site... but I broke my own rule and downloaded a video... I had to learn how to do this, because there was no option listed on the page...the recommended method involved tossing my cookies.

Now YouTube treats me like a complete stranger... all of my usual "recommended just for you... because you are special" stuff is gone... and won't come back.

I don't think these guys are as smart as they are made out to be.

I want my cookies back!!!!

Comments

  • Ron CzapalaRon Czapala Posts: 2,418
    edited 2017-08-30 - 13:34:19
    I use the Cookies App for Chrome to manage cookies. I have Chrome set up to accept cookies ONLY from specific domains.

    https://www.hotcleaner.com/cookies.html

    If I need to temporarily allow all cookies, I use the Cookies App to delete unwanted cookies after I reset and adjust the restrictions.
  • Ron,
    I think you've misunderstood how cosy RJO was feeling with the ever present personalised tracking. He wants it all back but doesn't know how.

    I personally prefer the results to reflect an unbiased collection of what I've asked for rather than a preselected list of promotional material. As such I just blanket block all scripting. Oh, and the cookies have always been auto-deleted by the browser upon closing so they've never been an issue.
  • PS: Cookies were only ever meant to maintain a single session at a time. It's no wonder they have problems beyond that.
  • You don't need to worry about cookies. Just open a private/incognito window. It won't have any previous cooking info, and won't leave any, once you close the window.
  • evanh wrote: »
    PS: Cookies were only ever meant to maintain a single session at a time.

    Not so sure about this. Since at least Netscape 2.0 they've recorded to a cookies file. They were specifically designed to determine if a user had previously visited the site, and that assumes cross-session operability.

    Today, the localStorage HTML5 object is the current fav, and those record to a file (sessonStorage will hold only for the session).
  • HTTP is a stateless protocol. Open connection, make request, get response, close connection. Done. As such it's impossible to maintain a log-in session over many such requests.

    I'm pretty sure cookies were primarily devised to solve that problem.

    Of course cookies hang around so they can then also be used to determine if you have visited before. Even before you log in to a new session.

    And cookies were readable from Javascript so any other page you visit could contain JS that reads your cookies and forwards them to whoever.

    All in all HTTP was designed to be as insecure as possible. Luckily we can tighten things up a lot now a days but it takes care and attention.
  • TorTor Posts: 1,999
    edited 2017-08-30 - 18:37:03
    As Heater says.
    Cookies can be annoying though. For example when I click on a link in a forum to see a picture of some gadget or something that somebody were discussing. Unless I remember to open that link in incognito mode (ref. Gordon's post) I'll immediately get email spam from Amazon about similar items they're selling. Because somewhere there is a cookie stored for Amazon because I buy Kindle books now and then.

    (I actually have 'delete cookies when browser is closed' enabled, but I *never* close my browser. Would lose all my tabs then. So if I *must* restart, I kill the browser and start in recovery mode. So all cookies always stay.)
  • GordonMcCombGordonMcComb Posts: 3,366
    edited 2017-08-30 - 22:04:23
    Most modern browsers provide a Do Not Track option for cookies, and both Google and Amazon will respect that. Only cookies not used for tracking (includes ads and anything personally identifying) are used.

    If you're on a site that contains iframes or other content from another site, you can turn off accepting Third Party Cookies. This setting allows for same-domain cookies, but rejects cookies from domain B when you're on domain A. This setting doesn't require the cooperation of the domains.

    If you're truly getting email spam from Amazon, there's a setting where you can turn those off. I don't get anything from Amazon other than notices about my purchases.
  • What I always wonder is:

    Why is it that all the settings that everyone wants set one way (mostly disable whatever it is) are always set the opposite way by default?

    This applies to browser settings, Windows 10 settings, and so on.

    It also applies to HTTP(S) itself. There is a bunch of headers that a security aware server has to set in it's responses to tell the browser not to do dangerous things. Not to mention other defensive measures a secure web app has to take.



  • Heater. wrote: »
    Why is it that all the settings that everyone wants set one way (mostly disable whatever it is) are always set the opposite way by default?

    $$$ MONEY $$$

    The default settings provide greater ease at targeting ads and services. How will Google and Microsoft make their billions if they can't lob advertising at you?

    They also say they allow all the crap to make a better user experience. They think allowing (and not providing a switch to disallow) cross-domain JavaScript is a good thing for users. Google isn't about to adopt this protection; their Analytics code depends on it.

    "Oh yes, please, Mr. Google. Add that cross-domain script tag to the DOM, just like any good malware writer would do. Thank you sir, may I have another?"

  • If you use Firefox, try Ghostery. Makes surfing the web actually enjoyable.
  • If you use Firefox, try Ghostery. Makes surfing the web actually enjoyable.

    +1
  • Big Brother.... little sister...... medium size nephew?
  • To all you haters, if you don't like how the available browsers work, make your own. Don't have the time/energy to do that? Okay, then pay someone else to develop one. Don't want to pay money for something you believe you should get for free? As the saying goes, "nothing in this world is free." If you will not spend your own time, energy, and/or money, then expect to pay in some other way. The development of every "free" browser cost someone considerable time, energy, and/or money, and it is perfectly reasonable that those people would want to recuperate those costs (and possibly even profit). "Free as in beer" does not mean you are entitled to tell the brewer to change their product. Go brew your own beer, or find another brewer. Either way, expect to pay.
  • I swear to GOD... for information and entertainment... you just can't beat Parallax forums.

    You learn things here... you can't find anywhere else.

    Thanks






  • First off, no one is hating anything. Heater makes a good point -- some of the features common in browsers pose a threat to users. Users have a right to know what those threats are, and what options are available to mitigate them.

    ANYONE is free to tell the brewer how to make better beer. The brewer is under no obligation to take up that advice. This is how the market, even freeware software, works.

    There is a long historic precedence for this. It took users to call out Netscape for not disclosing cookies, or that email addresses could be silently harvested just with simple JavaScript. We all enjoy better transparency now, but it can take everyday users to pressure software makers to step up to the plate. Publishers of free software are not immune to free criticism.
  • GordonMcCombGordonMcComb Posts: 3,366
    edited 2017-09-01 - 16:52:27
    I'll add that all of the browser makers take security seriously. What often differs is their default choices for settings, based on their business model, as well as the individual opinions of the developers.

    Lest anyone think something like Chrome is full of security holes, the opposite is true. Example: Chrome defaults to some very restrictive cross-domain checks, especially related to HTML5 content. Chrome treats local content uniquely, for instance, kicking up a CORS error when writing to and reading from the HTML5 canvas (so-called tainting). Firefox allows you to run this type of local disk content as if it were from a server, and doesn't raise an error. This *could* be a problem if users are duped into downloading and opening a local file that contains malicious code. The extent of this specific exploit is open to conclusion, with Chrome following one model, and Firefox another. Certainly Firefox employs other forms of CORS restrictions, and their model as a whole may mitigate any issues.

    Which approach is best? That's a matter of opinion, and this is where discourse and criticism from users come into play. As long as the software developers keep an open mind, the debate always leads to better software.
  • First off, no one is hating anything.

    In which case, my post didn't apply. :D

  • Seairth,
    To all you haters, if you don't like how the available browsers work, make your own. Don't have the time/energy to do that? Okay, then pay someone else to develop one.
    I say old chap, "haters" is a bit strong.

    Clearly we as individuals are not going to be able to create a modern day web browser. Not many of us are wealthy enough to even contemplate hiring people to do it for us. A web browser is not some niche program one might need.

    The web is now an essential part of life. Like food. Not many of us are farmers or are able to grow our own food. It's big business now. But I think you might agree that we have a right to demand that those who provide food do a good job of providing good health stuff and not cheating us.

    Gordon is right. Chrome actually does a good job of securing things. To a large extent we are not Google's customers but rather the likes of the banks, Amazon, ebay, etc. For them they make things water tight.

  • Hey, I am also facing this problem for a few days. But when I checked m phone and then I see that my chrome incognito mode is on. I forget to turn it off. So must remember that you have turned off incognito mode after the work. This may produce some problems so just remember to turn it off.
Sign In or Register to comment.