2 Thoughts on “The Cookie Monster ( a privacy hole )

  1. While I certainly can appreciate your desire to reduce all this tracking I don’t see that completely disabling cookies as the solution.

    However, I’m wondering if there’s a way extensions could be created that when enabled would look for special cookie names in the response and when found make sure they’re added to the collection with the httponly property preventing them from being read by javascript.

    Perhaps there’s other ways too to simply prevent this code from sending that information?

  2. jdavid on January 26, 2011 at 2:54 pm said:

    @Rob_mills You are right, some browsers do allow the rejection of only 3rd party cookies, or rather if your content is loaded from a domain that is not the root of the document, then it rejects sending cookies along. This would be the case for tracking cookies, but I am not sure it’s the case for facebook or openid. the fact that our government sees this data as fair game, and secondly that they are querying this data without the user’s knowledge is unacceptable to me.

    right now Mozilla and Google are join in on the band wagon and opting for a do not track header to be sent from the browser, which they plan to respect.

Post Navigation