Comments on: The Lack of Browser Security http://etbe.coker.com.au/2009/08/18/lack-of-browser-security/ Linux, politics, and other interesting things Thu, 09 Feb 2012 01:09:24 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Jeronimo Zucco http://etbe.coker.com.au/2009/08/18/lack-of-browser-security/comment-page-1/#comment-20455 Jeronimo Zucco Fri, 21 Aug 2009 12:42:01 +0000 http://etbe.coker.com.au/?p=1328#comment-20455 You can use NoScript firefox plugin - http://noscript.net - all google's cookies are in the scripts. You can use NoScript firefox plugin – http://noscript.net – all google’s cookies are in the scripts.

]]> By: Simon http://etbe.coker.com.au/2009/08/18/lack-of-browser-security/comment-page-1/#comment-20409 Simon Tue, 18 Aug 2009 21:42:35 +0000 http://etbe.coker.com.au/?p=1328#comment-20409 I've noted Arora has the option "accept cookies only from sites you've navigated to" (with configurable exceptions). Quite how this is defined and implemented I'm not sure, but it did intrigue me and at first glance seems a plausible restriction to bring into the mix. But I think ultimately it is like the spam problem. Some cookies are useful to you, some are useful only to the marketers, some in between, unlike spam it is often hard to tell the difference. I got miffed at some of the tracking I saw early on, with sites like preferences.com, and have tried various approaches to cookies. For a long time I had the browser ask me with the first cookie from each domain, but this gets tedious. Then I tried deleting cookies on exiting browser, but this is also tedious because so many sites use cookies to store authentication tokens (and you have to login too much as it is). I'm trying the "privacy is dead get over it" approach now, Iceweasel using NoScript to keep JS and Flash well behaved. I’ve noted Arora has the option “accept cookies only from sites you’ve navigated to” (with configurable exceptions). Quite how this is defined and implemented I’m not sure, but it did intrigue me and at first glance seems a plausible restriction to bring into the mix.

But I think ultimately it is like the spam problem. Some cookies are useful to you, some are useful only to the marketers, some in between, unlike spam it is often hard to tell the difference.

I got miffed at some of the tracking I saw early on, with sites like preferences.com, and have tried various approaches to cookies.

For a long time I had the browser ask me with the first cookie from each domain, but this gets tedious. Then I tried deleting cookies on exiting browser, but this is also tedious because so many sites use cookies to store authentication tokens (and you have to login too much as it is).

I’m trying the “privacy is dead get over it” approach now, Iceweasel using NoScript to keep JS and Flash well behaved.

]]>