Hi,
While surfing the web randomly I find many websites asking permission to store cookies. I just leave the notification alone meaning I don't click on the "OK" button.

But some distro forums too ask me if I want to store their cookies.

So I am curious.

Q1) Should I accept cookies ?

Q2) Are there any risks ?

It depends. What I usually do is browse websites I don't trust in incognito mode and accept all cookies. Some news sites force you to accept cookies in order to see social media content or videos. In my normal browser session I accept the basic or necessary cookies and decline the marketing, performance and statistics cookies. I'm not sure how the website reacts to just ignoring their cookie wall. Perhaps they assume you agree and store all cookies including the marketing stuff. Disabling tracking in your browser is also a good option to activate.
Here's some more info: https://blog.sucuri.net/2019/08/inte...od-or-bad.html

Now that's an awesome idea. Thanks. I will do the same from now.

Sure does.
I try to load every web page bare-bones first: only first party HTML & CSS & images.
Only if I can't use the page I allow more.
Sounds troublesome, but the addon can remember my choices so I only have to do it the first time.

Cookies are only one of the many tools the modern web employs to suck your data.

You're welcome!

I agree. What addon do you use for that?

uMatrix.

1 members found this post helpful.

Heh... I recommend uMatrix, as well. It's basically like an old-school software firewall (for Windows), but only for your browser. Raymond Hill writes good stuff.

1 members found this post helpful.

You know, they don't need cookies. There's hundred and more ways to track you besides cookies. It's such an outdated way of doing things anyway. No unconditional risks in accepting them though.

1 members found this post helpful.

I just went to the preferences window of the Tor browser and found out that Tor browsers by default deletes all cookies on closing of the browser. I don't use Tor browser for all my browsing but its good to know that its security hardened by default.

1 members found this post helpful.

Yup. I don't even load images.
What I was thinking. You can be browser and OS fingerprinted no matter what your user agent is, GPS located, web sites keep super cookies, https keeps the original header in the packet, that can be read.

Deleting cookies doesn't do much, other than get rid of your login credentials for a web page. So that the next person sitting down can't use your netflix account.

Clear all of your cookies, clear the cache on your web browser, shut your machine down, reboot it. Then browse a few web pages without logging in to anything. Then go to google and see what they know about you. That will shock you a little. They have your IP associated with you. And depending on what browser that you use, it talks to google, amazon, facebook whether you agree or not.

They will even track you if you use a browser like dillo or w3m, even if you don't have a facebook account.

Go ahead and do a little testing for fun.

The notices that sites use cookies are the result of the GDPR. Cookies have been around for a long long time, but, because of the GDPR, sites that use cookies and wish to be accessible to folks in the EU are required to notify visitors that they use cookies.

The great majority cookies are harmless. They do things such as allow the website to remember that you are logged in.

The most inimical cookies are tracking cookies, which track where you go beyond the website you are visiting. Some tracking cookies remain active even after you have left or logged out of the particular website that dropped them (these are called "persistent" cookies), sometimes after you have closed your browser. Facebook, in particular, is notorious for that type of tracking, but it's hardly alone in these days of surveillance capitalism.

I run noscript on Firefox, which is my primary browser. When I visit a website that I trust (such as LQ), I will mark that site as trusted in noscript. If it's one that I consider generally trustworthy (say, a major newspaper website, such as ajc.com or azcentral.com), I will click to temporarily trust it.

If it's one I do not trust, such as the Zuckerborg, I will browse it in private or incognito mode, ensuring that any cookies it drops will not persist past my visit to the site.

Just my two cents.

Oh yes, one should definitely do that.

I disagree. These are just session cookies, but they can do much more, can contain much more information.
Cookies can be read across sites so they get a whole set of info from you visiting other sites etc.

For some time I do not much think about cookies. If it is an option I disable them.
But cookies are created with JavaScript, so NoScript helps me with that, too, especially when a site owner is completely unaware of what the “developers” used to have someone “generate” while they were payed to “develop” it, by themselves.

My default is to block everything, I enable individual entries if need be (seldomly is).
Here is France Culture; I always feel nostalgic when I see doubleclick.net... reminds me of the junkbuster years :

Attached Thumbnails

 

The two might often be connected, but technically this is not true, not as a generalisation anyhow.
I know plenty situations where cookies are created without javascript. PHP usually does that I think.

This is the Tor Browser, this image is not representative of anything.
But even so, I hope you are not allowing all those set to Default.

Is France Culture "öffentlich-rechtlich"? What a horrible amount of trackers.
To compare, this is what I'm seeing on wdr.de:

Attached Thumbnails

 

Astonish me and tell me how a PHP-generated web-page creates cookies. At this moment, I know nothing about it and really need to learn this.

When the web-page creates cookies, it is already loaded in a browser. I cannot see what else but JavaScript would be able to do anything “dynamic” at this moment. PHP will most certainly create the JavaScript which is shipped along with the generated HTML, as do any other Web-Application frameworks, like jsp, faces, rails, sinatra... etc.

It is NoScript 11.0.33.
See my posting : Completely.
I already wrote about that problem here on LQ. What I did :

• Contacted the Radio France « Moderator » 5 times on the topic (« We do not know what you are talking about / Nobody ever complained »)
• Wrote to the French agency for Net-security (Like Datenschutzbehörde) (« We are incompetent to advise you ». I Swear !!)
• Wrote to the French ministry of Communications & Culture (« We are incompetent to give you a response ». That was somehow expected.)

It is the same for BR2 (or br.de in general). Things got worse when you wanted to actually *listen* to their broadcasts on franceculture.fr, but they changed that in the meantime : You could quite simple not listen to anything, if you did not allow some connections completely unrelated to podcasts or streaming.

I only hope that they know what they are doing.