Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
While surfing the web randomly I find many websites asking permission to store cookies. I just leave the notification alone meaning I don't click on the "OK" button.
But some distro forums too ask me if I want to store their cookies.
It depends. What I usually do is browse websites I don't trust in incognito mode and accept all cookies. Some news sites force you to accept cookies in order to see social media content or videos. In my normal browser session I accept the basic or necessary cookies and decline the marketing, performance and statistics cookies. I'm not sure how the website reacts to just ignoring their cookie wall. Perhaps they assume you agree and store all cookies including the marketing stuff. Disabling tracking in your browser is also a good option to activate.
Here's some more info: https://blog.sucuri.net/2019/08/inte...od-or-bad.html
Sure does.
I try to load every web page bare-bones first: only first party HTML & CSS & images.
Only if I can't use the page I allow more.
Sounds troublesome, but the addon can remember my choices so I only have to do it the first time.
Cookies are only one of the many tools the modern web employs to suck your data.
Now that's an awesome idea. Thanks. I will do the same from now.
You're welcome!
Quote:
Originally Posted by ondoho
Sure does.
I try to load every web page bare-bones first: only first party HTML & CSS & images.
Only if I can't use the page I allow more.
Sounds troublesome, but the addon can remember my choices so I only have to do it the first time.
Cookies are only one of the many tools the modern web employs to suck your data.
Heh... I recommend uMatrix, as well. It's basically like an old-school software firewall (for Windows), but only for your browser. Raymond Hill writes good stuff.
Distribution: debian, lfs, whatever else i need in qemu
Posts: 268
Rep:
You know, they don't need cookies. There's hundred and more ways to track you besides cookies. It's such an outdated way of doing things anyway. No unconditional risks in accepting them though.
I just went to the preferences window of the Tor browser and found out that Tor browsers by default deletes all cookies on closing of the browser. I don't use Tor browser for all my browsing but its good to know that its security hardened by default.
I try to load every web page bare-bones first: only first party HTML & CSS & images.
Only if I can't use the page I allow more.
Yup. I don't even load images.
Quote:
You know, they don't need cookies. There's hundred and more ways to track you besides cookies. It's such an outdated way of doing things anyway.
What I was thinking. You can be browser and OS fingerprinted no matter what your user agent is, GPS located, web sites keep super cookies, https keeps the original header in the packet, that can be read.
Deleting cookies doesn't do much, other than get rid of your login credentials for a web page. So that the next person sitting down can't use your netflix account.
Clear all of your cookies, clear the cache on your web browser, shut your machine down, reboot it. Then browse a few web pages without logging in to anything. Then go to google and see what they know about you. That will shock you a little. They have your IP associated with you. And depending on what browser that you use, it talks to google, amazon, facebook whether you agree or not.
They will even track you if you use a browser like dillo or w3m, even if you don't have a facebook account.
The notices that sites use cookies are the result of the GDPR. Cookies have been around for a long long time, but, because of the GDPR, sites that use cookies and wish to be accessible to folks in the EU are required to notify visitors that they use cookies.
The great majority cookies are harmless. They do things such as allow the website to remember that you are logged in.
The most inimical cookies are tracking cookies, which track where you go beyond the website you are visiting. Some tracking cookies remain active even after you have left or logged out of the particular website that dropped them (these are called "persistent" cookies), sometimes after you have closed your browser. Facebook, in particular, is notorious for that type of tracking, but it's hardly alone in these days of surveillance capitalism.
I run noscript on Firefox, which is my primary browser. When I visit a website that I trust (such as LQ), I will mark that site as trusted in noscript. If it's one that I consider generally trustworthy (say, a major newspaper website, such as ajc.com or azcentral.com), I will click to temporarily trust it.
If it's one I do not trust, such as the Zuckerborg, I will browse it in private or incognito mode, ensuring that any cookies it drops will not persist past my visit to the site.
Just my two cents.
Last edited by frankbell; 07-10-2020 at 10:11 PM.
Reason: grammar
I just went to the preferences window (...) by default deletes all cookies on closing of the browser.
Oh yes, one should definitely do that.
Quote:
Originally Posted by teckk
Deleting cookies doesn't do much, other than get rid of your login credentials for a web page. So that the next person sitting down can't use your netflix account.
I disagree. These are just session cookies, but they can do much more, can contain much more information.
Cookies can be read across sites so they get a whole set of info from you visiting other sites etc.
For some time I do not much think about cookies. If it is an option I disable them.
But cookies are created with JavaScript, so NoScript helps me with that, too, especially when a site owner is completely unaware of what the “developers” used to have someone “generate” while they were payed to “develop” it, by themselves.
My default is to block everything, I enable individual entries if need be (seldomly is).
Here is France Culture; I always feel nostalgic when I see doubleclick.net... reminds me of the junkbuster years :
Last edited by Michael Uplawski; 07-11-2020 at 05:34 AM.
Reason: Confusion shifted.
The two might often be connected, but technically this is not true, not as a generalisation anyhow.
I know plenty situations where cookies are created without javascript. PHP usually does that I think.
Quote:
Originally Posted by Michael Uplawski
Here is France Culture;
This is the Tor Browser, this image is not representative of anything.
But even so, I hope you are not allowing all those set to Default.
Is France Culture "öffentlich-rechtlich"? What a horrible amount of trackers.
To compare, this is what I'm seeing on wdr.de:
Astonish me and tell me how a PHP-generated web-page creates cookies. At this moment, I know nothing about it and really need to learn this.
When the web-page creates cookies, it is already loaded in a browser. I cannot see what else but JavaScript would be able to do anything “dynamic” at this moment. PHP will most certainly create the JavaScript which is shipped along with the generated HTML, as do any other Web-Application frameworks, like jsp, faces, rails, sinatra... etc.
Quote:
This is the Tor Browser, this image is not representative of anything.
It is NoScript 11.0.33.
Quote:
But even so, I hope you are not allowing all those set to Default.
See my posting :
Quote:
Originally Posted by Michael Uplawski
My default is to block everything, I enable individual entries if need be (seldomly is).
Quote:
Is France Culture "öffentlich-rechtlich"?
Completely.
I already wrote about that problem here on LQ. What I did :
Contacted the Radio France « Moderator » 5 times on the topic (« We do not know what you are talking about / Nobody ever complained »)
Wrote to the French agency for Net-security (Like Datenschutzbehörde) (« We are incompetent to advise you ». I Swear !!)
Wrote to the French ministry of Communications & Culture (« We are incompetent to give you a response ». That was somehow expected.)
Quote:
To compare, this is what I'm seeing on wdr.de:
It is the same for BR2 (or br.de in general). Things got worse when you wanted to actually *listen* to their broadcasts on franceculture.fr, but they changed that in the meantime : You could quite simple not listen to anything, if you did not allow some connections completely unrelated to podcasts or streaming.
I only hope that they know what they are doing.
Last edited by Michael Uplawski; 07-11-2020 at 05:39 AM.
Reason: cosmetics.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.